[Git][security-tracker-team/security-tracker][master] NFU
Henri Salo pushed to branch master at Debian Security Tracker / security-tracker Commits: 7b901fee by Henri Salo at 2022-12-03T08:12:15+02:00 NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -912,7 +912,7 @@ CVE-2022-46146 (Prometheus Exporter Toolkit is a utility package to build export NOTE: https://github.com/prometheus/exporter-toolkit/security/advisories/GHSA-7rg2-cxvp-9p7p NOTE: https://github.com/prometheus/exporter-toolkit/commit/5b1eab34484ddd353986bce736cd119d863e4ff5 (v0.8.2) CVE-2022-46145 (authentik is an open-source identity provider. Versions prior to 2022. ...) - TODO: check + NOT-FOR-US: authentik CVE-2022-46144 RESERVED CVE-2022-46143 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7b901fee2939a3109bbbe7576d559bf546ee9f6d -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7b901fee2939a3109bbbe7576d559bf546ee9f6d You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reserve DLA-3218-1 for libpgjava
Utkarsh Gupta pushed to branch master at Debian Security Tracker / security-tracker Commits: 46b5fa25 by Utkarsh Gupta at 2022-12-03T04:31:16+05:30 Reserve DLA-3218-1 for libpgjava - - - - - 2 changed files: - data/DLA/list - data/dla-needed.txt Changes: = data/DLA/list = @@ -1,3 +1,6 @@ +[03 Dec 2022] DLA-3218-1 libpgjava - security update + {CVE-2022-41946} + [buster] - libpgjava 42.2.5-2+deb10u3 [03 Dec 2022] DLA-3217-1 g810-led - security update {CVE-2022-46338} [buster] - g810-led 0.3.3-2+deb10u1 = data/dla-needed.txt = @@ -111,12 +111,6 @@ libde265 NOTE: 20221107: Most vulnerabilities unfixed upstream, but a handful are fixed, and v1.0.9 (2022-10) is a security release (Beuc/front-desk) NOTE: 20221107: No prior DSA/DLA/ELA afaics (Beuc/front-desk) -- -libpgjava - NOTE: 20221128: Programming language: Java. - NOTE: 20221128: VCS: https://salsa.debian.org/lts-team/packages/libpgjava.git - NOTE: 20221128: Please check, whether CVE-2022-41946 affects modern systems (gladk). - NOTE: 20221128: If not - please mark it as (gladk). --- libreoffice NOTE: 20221012: Programming language: C++. -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/46b5fa250947f217c76a49672eb1ba1b87dc1af5 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/46b5fa250947f217c76a49672eb1ba1b87dc1af5 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reserve DLA-3217-1 for g810-led
Utkarsh Gupta pushed to branch master at Debian Security Tracker / security-tracker Commits: 249814c5 by Utkarsh Gupta at 2022-12-03T04:30:17+05:30 Reserve DLA-3217-1 for g810-led - - - - - 2 changed files: - data/DLA/list - data/dla-needed.txt Changes: = data/DLA/list = @@ -1,3 +1,6 @@ +[03 Dec 2022] DLA-3217-1 g810-led - security update + {CVE-2022-46338} + [buster] - g810-led 0.3.3-2+deb10u1 [03 Dec 2022] DLA-3216-1 vlc - security update {CVE-2022-41325} [buster] - vlc 3.0.17.4-0+deb10u2 = data/dla-needed.txt = @@ -47,12 +47,6 @@ firmware-nonfree (Markus Koschany) fwupd (Stefano Rivera) NOTE: 20221003: Programming language: C++. -- -g810-led - NOTE: 20221130: Programming language: C++. - NOTE: 20221130: VCS: https://salsa.debian.org/lts-team/packages/g810-led.git - NOTE: 20221130: The issue in the udev-rules, not in the package itself (gladk). - NOTE: 20221130: https://gitlab.com/qemu-project/qemu/-/issues/1268 (gladk). --- git NOTE: 20221031: Programming language: C. NOTE: 20221031: VCS: https://salsa.debian.org/lts-team/packages/git.git View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/249814c5930122b412487c540419aee886402f8d -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/249814c5930122b412487c540419aee886402f8d You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reserve DLA-3216-1 for vlc
Utkarsh Gupta pushed to branch master at Debian Security Tracker / security-tracker Commits: d595ef5e by Utkarsh Gupta at 2022-12-03T04:29:27+05:30 Reserve DLA-3216-1 for vlc - - - - - 2 changed files: - data/DLA/list - data/dla-needed.txt Changes: = data/DLA/list = @@ -1,3 +1,6 @@ +[03 Dec 2022] DLA-3216-1 vlc - security update + {CVE-2022-41325} + [buster] - vlc 3.0.17.4-0+deb10u2 [02 Dec 2022] DLA-3215-1 snapd - security update {CVE-2022-3328} [buster] - snapd 2.37.4-1+deb10u2 = data/dla-needed.txt = @@ -340,12 +340,6 @@ trafficserver virglrenderer (Thorsten Alteholz) NOTE: 20221009: Programming language: C. -- -vlc - NOTE: 20221201: Programming language: C. - NOTE: 20221201: VCS: https://salsa.debian.org/lts-team/packages/vlc.git - NOTE: 20221201: Please try to find a real patch for CVE-2022-41325 (gladk). - NOTE: 20221201: Backporting of a new version would be not the best idea. (gladk). --- xdg-utils NOTE: 20221120: Programming language: C. NOTE: 20221120: no real fix yet View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d595ef5ed52d38fe9f3d243f74b5ac0052d0bdab -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d595ef5ed52d38fe9f3d243f74b5ac0052d0bdab You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2022-3520/vim
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 970fae5b by Salvatore Bonaccorso at 2022-12-02T21:23:37+01:00 Add CVE-2022-3520/vim - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -12311,7 +12311,9 @@ CVE-2022-42964 (An exponential ReDoS (Regular Expression Denial of Service) can NOTE: https://research.jfrog.com/vulnerabilities/pymatgen-redos-xray-257184/ NOTE: Doesn't seem to be reported upstream so far CVE-2022-3520 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0 ...) - TODO: check + - vim 2:9.0.0813-1 + NOTE: https://huntr.dev/bounties/c1db3b70-f4fe-481f-8a24-0b1449c94246 + NOTE: https://github.com/vim/vim/commit/36343ae0fb7247e060abfd35fb8e4337b33abb4b (v9.0.0765) CVE-2022-3519 (A vulnerability classified as problematic was found in SourceCodester ...) NOT-FOR-US: SourceCodester Sanitization Management System CVE-2022-3518 (A vulnerability classified as problematic has been found in SourceCode ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/970fae5b02272670d706434159a37f9c5e013332 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/970fae5b02272670d706434159a37f9c5e013332 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2022-3591/vim
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: d32814c0 by Salvatore Bonaccorso at 2022-12-02T21:22:14+01:00 Add CVE-2022-3591/vim - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -11168,7 +11168,9 @@ CVE-2022-43397 (A vulnerability has been identified in Parasolid V34.0 (All vers CVE-2022-43396 RESERVED CVE-2022-3591 (Use After Free in GitHub repository vim/vim prior to 9.0.0789. ...) - TODO: check + - vim 2:9.0.0813-1 + NOTE: https://huntr.dev/bounties/a5a998c2-4b07-47a7-91be-dbc1886b3921 + NOTE: https://github.com/vim/vim/commit/8f3c3c6cd044e3b5bf08dbfa3b3f04bb3f711bad (v9.0.0789) CVE-2022-3590 RESERVED CVE-2022-3589 (An API Endpoint used by Miele's "AppWash" MobileApp in all versions wa ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d32814c0595cea62e89dc196d238c23d48bb72a2 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d32814c0595cea62e89dc196d238c23d48bb72a2 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: cf6ef250 by Salvatore Bonaccorso at 2022-12-02T21:20:28+01:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -29,9 +29,9 @@ CVE-2022-46364 CVE-2022-46363 RESERVED CVE-2022-4271 (Cross-site Scripting (XSS) - Reflected in GitHub repository osticket/o ...) - TODO: check + NOT-FOR-US: osTicket CVE-2022-4270 (Incorrect privilege assignment issue in M-Files Web in M-Files Web ver ...) - TODO: check + NOT-FOR-US: M-Files Web CVE-2022-4269 RESERVED CVE-2022-4268 @@ -876,7 +876,7 @@ CVE-2022-46161 CVE-2022-46160 RESERVED CVE-2022-46159 (Discourse is an open-source discussion platform. In version 2.8.13 and ...) - TODO: check + NOT-FOR-US: Discourse CVE-2022-46158 RESERVED CVE-2022-46157 @@ -3539,7 +3539,7 @@ CVE-2022-45217 CVE-2022-45216 RESERVED CVE-2022-45215 (A cross-site scripting (XSS) vulnerability in Book Store Management Sy ...) - TODO: check + NOT-FOR-US: Book Store Management System CVE-2022-45214 (A cross-site scripting (XSS) vulnerability in Sanitization Management ...) NOT-FOR-US: Sanitization Management System CVE-2022-45213 @@ -7031,13 +7031,13 @@ CVE-2022-44350 CVE-2022-44349 RESERVED CVE-2022-44348 (Sanitization Management System v1.0 is vulnerable to SQL Injection via ...) - TODO: check + NOT-FOR-US: Sanitization Management System CVE-2022-44347 (Sanitization Management System v1.0 is vulnerable to SQL Injection via ...) - TODO: check + NOT-FOR-US: Sanitization Management System CVE-2022-44346 RESERVED CVE-2022-44345 (Sanitization Management System v1.0 is vulnerable to SQL Injection via ...) - TODO: check + NOT-FOR-US: Sanitization Management System CVE-2022-44344 RESERVED CVE-2022-44343 @@ -7173,7 +7173,7 @@ CVE-2022-44279 (Garage Management System v1.0 is vulnerable to Cross Site Script CVE-2022-44278 (Sanitization Management System v1.0 is vulnerable to SQL Injection via ...) NOT-FOR-US: Sanitization Management System CVE-2022-44277 (Sanitization Management System v1.0 is vulnerable to SQL Injection via ...) - TODO: check + NOT-FOR-US: Sanitization Management System CVE-2022-44276 RESERVED CVE-2022-44275 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cf6ef250fbea101c87286dd4774714cb93de107a -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cf6ef250fbea101c87286dd4774714cb93de107a You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 5eb4473c by Salvatore Bonaccorso at 2022-12-02T21:12:18+01:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -2060,73 +2060,73 @@ CVE-2022-45676 CVE-2022-45675 RESERVED CVE-2022-45674 (Tenda AC6V1.0 V15.03.05.19 is vulnerable to Cross Site Request Forgery ...) - TODO: check + NOT-FOR-US: Tenda CVE-2022-45673 (Tenda AC6V1.0 V15.03.05.19 is vulnerable to Cross Site Request Forgery ...) - TODO: check + NOT-FOR-US: Tenda CVE-2022-45672 (Tenda i22 V1.0.0.3(4687) was discovered to contain a buffer overflow v ...) - TODO: check + NOT-FOR-US: Tenda CVE-2022-45671 (Tenda i22 V1.0.0.3(4687) was discovered to contain a buffer overflow v ...) - TODO: check + NOT-FOR-US: Tenda CVE-2022-45670 (Tenda i22 V1.0.0.3(4687) was discovered to contain a buffer overflow v ...) - TODO: check + NOT-FOR-US: Tenda CVE-2022-45669 (Tenda i22 V1.0.0.3(4687) was discovered to contain a buffer overflow v ...) - TODO: check + NOT-FOR-US: Tenda CVE-2022-45668 (Tenda i22 V1.0.0.3(4687) is vulnerable to Cross Site Request Forgery ( ...) - TODO: check + NOT-FOR-US: Tenda CVE-2022-45667 (Tenda i22 V1.0.0.3(4687) is vulnerable to Cross Site Request Forgery ( ...) - TODO: check + NOT-FOR-US: Tenda CVE-2022-45666 RESERVED CVE-2022-45665 RESERVED CVE-2022-45664 (Tenda i22 V1.0.0.3(4687) was discovered to contain a buffer overflow v ...) - TODO: check + NOT-FOR-US: Tenda CVE-2022-45663 (Tenda i22 V1.0.0.3(4687) was discovered to contain a buffer overflow v ...) - TODO: check + NOT-FOR-US: Tenda CVE-2022-45662 RESERVED CVE-2022-45661 (Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow ...) - TODO: check + NOT-FOR-US: Tenda CVE-2022-45660 (Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow ...) - TODO: check + NOT-FOR-US: Tenda CVE-2022-45659 (Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow ...) - TODO: check + NOT-FOR-US: Tenda CVE-2022-45658 (Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow ...) - TODO: check + NOT-FOR-US: Tenda CVE-2022-45657 (Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow ...) - TODO: check + NOT-FOR-US: Tenda CVE-2022-45656 (Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow ...) - TODO: check + NOT-FOR-US: Tenda CVE-2022-45655 (Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow ...) - TODO: check + NOT-FOR-US: Tenda CVE-2022-45654 (Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow ...) - TODO: check + NOT-FOR-US: Tenda CVE-2022-45653 (Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow ...) - TODO: check + NOT-FOR-US: Tenda CVE-2022-45652 (Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow ...) - TODO: check + NOT-FOR-US: Tenda CVE-2022-45651 (Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow ...) - TODO: check + NOT-FOR-US: Tenda CVE-2022-45650 (Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow ...) - TODO: check + NOT-FOR-US: Tenda CVE-2022-45649 (Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow ...) - TODO: check + NOT-FOR-US: Tenda CVE-2022-45648 (Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow ...) - TODO: check + NOT-FOR-US: Tenda CVE-2022-45647 (Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow ...) - TODO: check + NOT-FOR-US: Tenda CVE-2022-45646 (Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow ...) - TODO: check + NOT-FOR-US: Tenda CVE-2022-45645 (Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow ...) - TODO: check + NOT-FOR-US: Tenda CVE-2022-45644 (Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow ...) - TODO: check + NOT-FOR-US: Tenda CVE-2022-45643 (Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow ...) - TODO: check + NOT-FOR-US: Tenda CVE-2022-45642 RESERVED CVE-2022-45641 (Tenda AC6V1.0 V15.03.05.19 is vulnerable to Buffer Overflow via formSe ...) - TODO: check + NOT-FOR-US: Tenda CVE-2022-45640 (Tenda Tenda AC6V1.0 V15.03.05.19 is affected by buffer overflow. Cause ...) NOT-FOR-US: Tenda CVE-2022-45639 @@ -6993,17 +6993,17 @@ CVE-2022-44369 CVE-2022-44368 RESERVED CVE-2022-44367 (Tenda i21 V1.0.0.14(4656) is
[Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2022-37769/libjpeg
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: c7a976bc by Salvatore Bonaccorso at 2022-12-02T21:10:47+01:00 Add Debian bug reference for CVE-2022-37769/libjpeg - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -26055,7 +26055,7 @@ CVE-2022-37770 (libjpeg commit 281daa9 was discovered to contain a segmentation NOTE: https://github.com/thorfdbg/libjpeg/commit/281daa9ccee18742b83a77cd29bd2726b69b7977 NOTE: Crash in CLI tool, no security impact CVE-2022-37769 (libjpeg commit 281daa9 was discovered to contain a segmentation fault ...) - - libjpeg + - libjpeg (bug #1025339) [bullseye] - libjpeg (Minor issue) NOTE: https://github.com/thorfdbg/libjpeg/issues/78 NOTE: https://github.com/thorfdbg/libjpeg/commit/281daa9ccee18742b83a77cd29bd2726b69b7977 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c7a976bcb5010aa3d71c79f69c7c50e54bfd7c1c -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c7a976bcb5010aa3d71c79f69c7c50e54bfd7c1c You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 70c29c14 by security tracker role at 2022-12-02T20:10:35+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,51 @@ +CVE-2022-46378 + RESERVED +CVE-2022-46377 + RESERVED +CVE-2022-46376 + RESERVED +CVE-2022-46375 + RESERVED +CVE-2022-46374 + RESERVED +CVE-2022-46373 + RESERVED +CVE-2022-46372 + RESERVED +CVE-2022-46371 + RESERVED +CVE-2022-46370 + RESERVED +CVE-2022-46369 + RESERVED +CVE-2022-46368 + RESERVED +CVE-2022-46367 + RESERVED +CVE-2022-46365 + RESERVED +CVE-2022-46364 + RESERVED +CVE-2022-46363 + RESERVED +CVE-2022-4271 (Cross-site Scripting (XSS) - Reflected in GitHub repository osticket/o ...) + TODO: check +CVE-2022-4270 (Incorrect privilege assignment issue in M-Files Web in M-Files Web ver ...) + TODO: check +CVE-2022-4269 + RESERVED +CVE-2022-4268 + RESERVED +CVE-2022-4267 + RESERVED +CVE-2022-4266 + RESERVED +CVE-2022-4265 + RESERVED +CVE-2022-4264 + RESERVED +CVE-2022-4263 + RESERVED CVE-2022- [node-d3-color redos] - node-d3-color 1.2.8-5 [bullseye] - node-d3-color (Minor issue) @@ -238,7 +286,7 @@ CVE-2022-4247 (A vulnerability classified as critical was found in Movie Ticket NOT-FOR-US: Movie Ticket Booking System CVE-2022-4246 (A vulnerability classified as problematic has been found in Kakao PotP ...) NOT-FOR-US: Kakao PotPlayer -CVE-2022-46366 +CVE-2022-46366 (** UNSUPPORTED WHEN ASSIGNED ** Apache Tapestry 3.x allows deserializa ...) NOT-FOR-US: Apache Tapestry CVE-2022-46361 RESERVED @@ -811,8 +859,8 @@ CVE-2022-46169 RESERVED CVE-2022-46168 RESERVED -CVE-2022-46167 - RESERVED +CVE-2022-46167 (Capsule is a multi-tenancy and policy-based framework for Kubernetes. ...) + TODO: check CVE-2022-46166 RESERVED CVE-2022-46165 @@ -827,8 +875,8 @@ CVE-2022-46161 RESERVED CVE-2022-46160 RESERVED -CVE-2022-46159 - RESERVED +CVE-2022-46159 (Discourse is an open-source discussion platform. In version 2.8.13 and ...) + TODO: check CVE-2022-46158 RESERVED CVE-2022-46157 @@ -863,8 +911,8 @@ CVE-2022-46146 (Prometheus Exporter Toolkit is a utility package to build export NOTE: https://www.openwall.com/lists/oss-security/2022/11/29/1 NOTE: https://github.com/prometheus/exporter-toolkit/security/advisories/GHSA-7rg2-cxvp-9p7p NOTE: https://github.com/prometheus/exporter-toolkit/commit/5b1eab34484ddd353986bce736cd119d863e4ff5 (v0.8.2) -CVE-2022-46145 - RESERVED +CVE-2022-46145 (authentik is an open-source identity provider. Versions prior to 2022. ...) + TODO: check CVE-2022-46144 RESERVED CVE-2022-46143 @@ -2011,74 +2059,74 @@ CVE-2022-45676 RESERVED CVE-2022-45675 RESERVED -CVE-2022-45674 - RESERVED -CVE-2022-45673 - RESERVED -CVE-2022-45672 - RESERVED -CVE-2022-45671 - RESERVED -CVE-2022-45670 - RESERVED -CVE-2022-45669 - RESERVED -CVE-2022-45668 - RESERVED -CVE-2022-45667 - RESERVED +CVE-2022-45674 (Tenda AC6V1.0 V15.03.05.19 is vulnerable to Cross Site Request Forgery ...) + TODO: check +CVE-2022-45673 (Tenda AC6V1.0 V15.03.05.19 is vulnerable to Cross Site Request Forgery ...) + TODO: check +CVE-2022-45672 (Tenda i22 V1.0.0.3(4687) was discovered to contain a buffer overflow v ...) + TODO: check +CVE-2022-45671 (Tenda i22 V1.0.0.3(4687) was discovered to contain a buffer overflow v ...) + TODO: check +CVE-2022-45670 (Tenda i22 V1.0.0.3(4687) was discovered to contain a buffer overflow v ...) + TODO: check +CVE-2022-45669 (Tenda i22 V1.0.0.3(4687) was discovered to contain a buffer overflow v ...) + TODO: check +CVE-2022-45668 (Tenda i22 V1.0.0.3(4687) is vulnerable to Cross Site Request Forgery ( ...) + TODO: check +CVE-2022-45667 (Tenda i22 V1.0.0.3(4687) is vulnerable to Cross Site Request Forgery ( ...) + TODO: check CVE-2022-45666 RESERVED CVE-2022-45665 RESERVED -CVE-2022-45664 - RESERVED -CVE-2022-45663 - RESERVED +CVE-2022-45664 (Tenda i22 V1.0.0.3(4687) was discovered to contain a buffer overflow v ...) + TODO: check +CVE-2022-45663 (Tenda i22 V1.0.0.3(4687) was discovered to contain a buffer overflow v ...) + TODO: check CVE-2022-45662 RESERVED -CVE-2022-45661 - RESERVED -CVE-2022-45660 - RESERVED -CVE-2022-45659 - RESERVED -CVE-2022-45658 - RESERVED -CVE-2022-45657 - RESERVED -CVE-2022-45656 - RESERVED -CVE-2022-45655 - RESERVED -CVE-2022-45654 - RESERVED -CVE-2022-45653 - RESERVED -CVE-2022-45652 -
[Git][security-tracker-team/security-tracker][master] nextcloud-desktop no-dsa
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 42b3b9fd by Moritz Muehlenhoff at 2022-12-02T20:59:15+01:00 nextcloud-desktop no-dsa - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -21355,21 +21355,25 @@ CVE-2022-39335 RESERVED CVE-2022-39334 (Nextcloud desktop is the desktop sync client for Nextcloud. Versions p ...) - nextcloud-desktop 3.6.1-1 + [bullseye] - nextcloud-desktop (Minor issue) NOTE: https://github.com/nextcloud/security-advisories/security/advisories/GHSA-82xx-98xv-4jxv NOTE: https://github.com/nextcloud/desktop/issues/4927 NOTE: https://github.com/nextcloud/desktop/pull/5022 CVE-2022-39333 (Nexcloud desktop is the Desktop sync client for Nextcloud. An attacker ...) - nextcloud-desktop 3.6.1-1 + [bullseye] - nextcloud-desktop (Minor issue) NOTE: https://github.com/nextcloud/security-advisories/security/advisories/GHSA-92p9-x79h-2mj8 NOTE: https://github.com/nextcloud/desktop/pull/4972 NOTE: https://hackerone.com/reports/1711847 CVE-2022-39332 (Nexcloud desktop is the Desktop sync client for Nextcloud. An attacker ...) - nextcloud-desktop 3.6.1-1 + [bullseye] - nextcloud-desktop (Minor issue) NOTE: https://github.com/nextcloud/security-advisories/security/advisories/GHSA-q9f6-4r6r-h74p NOTE: https://github.com/nextcloud/desktop/pull/4972 NOTE: https://hackerone.com/reports/1668028 CVE-2022-39331 (Nexcloud desktop is the Desktop sync client for Nextcloud. An attacker ...) - nextcloud-desktop 3.6.1-1 + [bullseye] - nextcloud-desktop (Minor issue) NOTE: https://github.com/nextcloud/security-advisories/security/advisories/GHSA-c3xh-q694-6rc5 NOTE: https://github.com/nextcloud/desktop/pull/4944 NOTE: https://hackerone.com/reports/1668028 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/42b3b9fdcefc31ece880b0846ec0bee98a3b8024 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/42b3b9fdcefc31ece880b0846ec0bee98a3b8024 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2022-3715/bash
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 74dd01d3 by Salvatore Bonaccorso at 2022-12-02T20:53:09+01:00 Track fixed version for CVE-2022-3715/bash Issue introduced in bash-5.1 and fixed with bash-5.2 (but still present in 5.2~rc2). - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -9611,7 +9611,7 @@ CVE-2022-3716 (A vulnerability classified as problematic was found in SourceCode NOT-FOR-US: SourceCodester Online Medicine Ordering System CVE-2022-3715 [a heap-buffer-overflow in valid_parameter_transform] RESERVED - - bash + - bash 5.2-1 [bullseye] - bash (Minor issue) [buster] - bash (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2126720 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/74dd01d3ae165e0bd819e36583a10c1ab47dfeed -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/74dd01d3ae165e0bd819e36583a10c1ab47dfeed You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2022-21821/nvidia-cuda-toolkit via unstable
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: ac86dc36 by Salvatore Bonaccorso at 2022-12-02T20:34:33+01:00 Track fixed version for CVE-2022-21821/nvidia-cuda-toolkit via unstable - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -76808,7 +76808,7 @@ CVE-2022-21822 (NVIDIA FLARE contains a vulnerability in the admin interface, wh NOT-FOR-US: NVIDIA CVE-2022-21821 (NVIDIA CUDA Toolkit SDK contains an integer overflow vulnerability in ...) [experimental] - nvidia-cuda-toolkit 11.6.2-1 - - nvidia-cuda-toolkit (bug #1008695) + - nvidia-cuda-toolkit 11.6.2-2 (bug #1008695) [bullseye] - nvidia-cuda-toolkit (Non-free not supported) [buster] - nvidia-cuda-toolkit (Non-free not supported) NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/5334 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ac86dc365e5a6f3219ecb36aac9a067edcfa0496 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ac86dc365e5a6f3219ecb36aac9a067edcfa0496 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2022-46366 as NFU
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 2e4e9aa2 by Salvatore Bonaccorso at 2022-12-02T20:19:30+01:00 Add CVE-2022-46366 as NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -238,6 +238,8 @@ CVE-2022-4247 (A vulnerability classified as critical was found in Movie Ticket NOT-FOR-US: Movie Ticket Booking System CVE-2022-4246 (A vulnerability classified as problematic has been found in Kakao PotP ...) NOT-FOR-US: Kakao PotPlayer +CVE-2022-46366 + NOT-FOR-US: Apache Tapestry CVE-2022-46361 RESERVED CVE-2022-43485 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2e4e9aa22fc2fdf431a3a0bea1b058ead3a8758a -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2e4e9aa22fc2fdf431a3a0bea1b058ead3a8758a You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add additional references for node-d3-color issue
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 11a3cbde by Salvatore Bonaccorso at 2022-12-02T17:46:53+01:00 Add additional references for node-d3-color issue - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -2,6 +2,8 @@ CVE-2022- [node-d3-color redos] - node-d3-color 1.2.8-5 [bullseye] - node-d3-color (Minor issue) NOTE: https://github.com/advisories/GHSA-36jr-mh4h-2g58 + NOTE: https://github.com/d3/d3-color/issues/97 + NOTE: https://github.com/d3/d3-color/pull/100 CVE-2023-21623 RESERVED CVE-2023-21622 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/11a3cbde09a2a551d90489489d609eb24a1de76e -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/11a3cbde09a2a551d90489489d609eb24a1de76e You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] new d3-color issue
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: c71d607c by Moritz Muehlenhoff at 2022-12-02T15:15:54+01:00 new d3-color issue - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,7 @@ +CVE-2022- [node-d3-color redos] + - node-d3-color 1.2.8-5 + [bullseye] - node-d3-color (Minor issue) + NOTE: https://github.com/advisories/GHSA-36jr-mh4h-2g58 CVE-2023-21623 RESERVED CVE-2023-21622 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c71d607c89bbd296d9a58b28db477aa26ea15d73 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c71d607c89bbd296d9a58b28db477aa26ea15d73 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] bullseye triage
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: bc795767 by Moritz Muehlenhoff at 2022-12-02T15:14:36+01:00 bullseye triage - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -3505,16 +3505,15 @@ CVE-2022-45206 (Jeecg-boot v3.4.3 was discovered to contain a SQL injection vuln CVE-2022-45205 (Jeecg-boot v3.4.3 was discovered to contain a SQL injection vulnerabil ...) NOT-FOR-US: Jeecg-boot CVE-2022-45204 (GPAC v2.1-DEV-rev428-gcb8ae46c8-master was discovered to contain a mem ...) - - gpac - [buster] - gpac (EOL in buster LTS) + - gpac (Vulnerable code not present in any version in the archive) NOTE: https://github.com/gpac/gpac/issues/2307 NOTE: Introduced by: https://github.com/gpac/gpac/commit/74e53280dad7b29f85386c6a1286fb92643465da NOTE: Fixed by: https://github.com/gpac/gpac/commit/f045be5809808d64ebf8ce5ab628fa55786bea4f - TODO: double check, but introducing commit is the fix for CVE-2022-45202 CVE-2022-45203 RESERVED CVE-2022-45202 (GPAC v2.1-DEV-rev428-gcb8ae46c8-master was discovered to contain a sta ...) - gpac + [bullseye] - gpac (Minor issue) [buster] - gpac (EOL in buster LTS) NOTE: https://github.com/gpac/gpac/issues/2296 NOTE: https://github.com/gpac/gpac/issues/2296#issuecomment-1303112783 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bc7957675e39777a56317d5322e533584051dcf5 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bc7957675e39777a56317d5322e533584051dcf5 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reserve DLA-3215-1 for snapd
Utkarsh Gupta pushed to branch master at Debian Security Tracker / security-tracker Commits: 023bfa7d by Utkarsh Gupta at 2022-12-02T19:16:43+05:30 Reserve DLA-3215-1 for snapd - - - - - 1 changed file: - data/DLA/list Changes: = data/DLA/list = @@ -1,3 +1,6 @@ +[02 Dec 2022] DLA-3215-1 snapd - security update + {CVE-2022-3328} + [buster] - snapd 2.37.4-1+deb10u2 [30 Nov 2022] DLA-3214-1 libraw - security update {CVE-2020-15503} [buster] - libraw 0.19.2-2+deb10u2 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/023bfa7df8eda5d405a1323949f4ab1da5469843 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/023bfa7df8eda5d405a1323949f4ab1da5469843 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Move RUSTSEC-2022-0068 entry for rust-capnp to CVE-2022-46149
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 384c30ea by Salvatore Bonaccorso at 2022-12-02T13:14:47+01:00 Move RUSTSEC-2022-0068 entry for rust-capnp to CVE-2022-46149 As RUSTSEC-2022-0068 now mentions that the same CVE as used for src:capnproto . - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,7 +1,3 @@ -CVE-2022- [rust capnp: out-of-bounds read possible when setting list-of-pointers] - - rust-capnp - NOTE: https://github.com/capnproto/capnproto/blob/master/security-advisories/2022-11-30-0-pointer-list-bounds.md - NOTE: https://rustsec.org/advisories/RUSTSEC-2022-0068.html CVE-2023-21623 RESERVED CVE-2023-21622 @@ -845,8 +841,11 @@ CVE-2022-46150 (Discourse is an open-source discussion platform. Prior to versio NOT-FOR-US: Discourse CVE-2022-46149 (Cap'n Proto is a data interchange format and remote procedure call (RP ...) - capnproto + - rust-capnp NOTE: https://github.com/capnproto/capnproto/security/advisories/GHSA-qqff-4vw4-f6hx NOTE: https://github.com/capnproto/capnproto/commit/25d34c67863fd960af34fc4f82a7ca3362ee74b9 + NOTE: https://github.com/capnproto/capnproto/blob/master/security-advisories/2022-11-30-0-pointer-list-bounds.md + NOTE: https://rustsec.org/advisories/RUSTSEC-2022-0068.html CVE-2022-46148 (Discourse is an open-source messaging platform. In versions 2.8.10 and ...) NOT-FOR-US: Discourse CVE-2022-46147 (Drag and Drop XBlock v2 implements a drag-and-drop style problem, wher ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/384c30ea59d5911aee4492fcc5f456cfd8c6a501 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/384c30ea59d5911aee4492fcc5f456cfd8c6a501 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFU
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 34d7eefd by Moritz Muehlenhoff at 2022-12-02T12:10:03+01:00 NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -3768,7 +3768,7 @@ CVE-2022-3943 (A vulnerability was found in ForU CMS. It has been classified as CVE-2022-3942 (A vulnerability was found in SourceCodester Sanitization Management Sy ...) NOT-FOR-US: SourceCodester Sanitization Management System CVE-2022-45146 (An issue was discovered in the FIPS Java API of Bouncy Castle BC-FJA b ...) - TODO: check + NOT-FOR-US: FIPS provider for Bouncycastle, not part of the Debian package for Bouncycastle CVE-2022-45145 RESERVED CVE-2022-45144 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/34d7eefd4f42013c9d05a517eeaa0e3a21387e23 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/34d7eefd4f42013c9d05a517eeaa0e3a21387e23 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] new rust-capnp issue
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 882125c8 by Moritz Muehlenhoff at 2022-12-02T11:43:06+01:00 new rust-capnp issue - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,7 @@ +CVE-2022- [rust capnp: out-of-bounds read possible when setting list-of-pointers] + - rust-capnp + NOTE: https://github.com/capnproto/capnproto/blob/master/security-advisories/2022-11-30-0-pointer-list-bounds.md + NOTE: https://rustsec.org/advisories/RUSTSEC-2022-0068.html CVE-2023-21623 RESERVED CVE-2023-21622 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/882125c86e15d20a2ef639ceda35f96a8b67ff05 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/882125c86e15d20a2ef639ceda35f96a8b67ff05 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] bullseye triage
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 46508902 by Moritz Muehlenhoff at 2022-12-02T11:41:02+01:00 bullseye triage - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -19266,6 +19266,7 @@ CVE-2022-3168 [experimental] - android-platform-tools 33.0.3-1~exp1 - android-platform-tools - android-platform-system-core + [bullseye] - android-platform-system-core (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2022/10/25/5 CVE-2019-25076 (The TSS (Tuple Space Search) algorithm in Open vSwitch 2.x through 2.1 ...) - openvswitch (bug #1021740) @@ -23110,6 +23111,7 @@ CVE-2022-2991 (A heap-based buffer overflow was found in the Linux kernel's Ligh NOTE: CONFIG_NVM not enabled in Debian CVE-2022-2990 (An incorrect handling of the supplementary groups in the Buildah conta ...) - golang-github-containers-buildah 1.28.0+ds1-2 + [bullseye] - golang-github-containers-buildah (Minor issue) NOTE: https://www.benthamsgaze.org/2022/08/22/vulnerability-in-linux-containers-investigation-and-mitigation/ NOTE: https://github.com/containers/buildah/pull/4200 NOTE: https://github.com/containers/buildah/commit/9934b17365083ce966b44c5ce3c7e052f516e255 (v1.28.0) @@ -54601,6 +54603,7 @@ CVE-2022-27652 (A flaw was found in cri-o, where containers were incorrectly sta CVE-2022-27651 (A flaw was found in buildah where containers were incorrectly started ...) [experimental] - golang-github-containers-buildah 1.27.0+ds1-2 - golang-github-containers-buildah 1.28.0+ds1-2 (bug #1009882) + [bullseye] - golang-github-containers-buildah (Minor issue) NOTE: https://github.com/containers/buildah/commit/e7e55c988c05dd74005184ceb64f097a0cfe645b (v1.25.1) NOTE: https://github.com/containers/buildah/security/advisories/GHSA-c3g4-w6cv-6v7h CVE-2022-27650 (A flaw was found in crun where containers were incorrectly started wit ...) @@ -86744,6 +86747,7 @@ CVE-2022-20128 [experimental] - android-platform-tools 33.0.3-1~exp1 - android-platform-tools - android-platform-system-core + [bullseye] - android-platform-system-core (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2022/10/25/5 CVE-2022-20127 (In ce_t4t_data_cback of ce_t4t.cc, there is a possible out of bounds w ...) NOT-FOR-US: Android View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4650890261b3ab4aebfd56d3ad49b2d564ec226c -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4650890261b3ab4aebfd56d3ad49b2d564ec226c You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 43df9bef by Salvatore Bonaccorso at 2022-12-02T11:33:33+01:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -4379,11 +4379,11 @@ CVE-2022-44932 CVE-2022-44931 RESERVED CVE-2022-44930 (D-Link DHP-W310AV 3.10EU was discovered to contain a command injection ...) - TODO: check + NOT-FOR-US: D-Link CVE-2022-44929 (An access control issue in D-Link DVG-G5402SP GE_1.03 allows unauthent ...) - TODO: check + NOT-FOR-US: D-Link CVE-2022-44928 (D-Link DVG-G5402SP GE_1.03 was discovered to contain a command injecti ...) - TODO: check + NOT-FOR-US: D-Link CVE-2022-44927 RESERVED CVE-2022-44926 @@ -7245,9 +7245,9 @@ CVE-2022-44214 CVE-2022-44213 RESERVED CVE-2022-44212 (In GL.iNet Goodcloud 1.0, insecure design allows remote attacker to ac ...) - TODO: check + NOT-FOR-US: GL.iNet Goodcloud CVE-2022-44211 (In GL.iNet Goodcloud 1.1 Incorrect access control allows a remote atta ...) - TODO: check + NOT-FOR-US: GL.iNet Goodcloud CVE-2022-44210 RESERVED CVE-2022-44209 @@ -11299,7 +11299,7 @@ CVE-2022-43335 CVE-2022-43334 RESERVED CVE-2022-4 (Telenia Software s.r.l TVox before v22.0.17 was discovered to contain ...) - TODO: check + NOT-FOR-US: Telenia Software s.r.l TVox CVE-2022-43332 (A cross-site scripting (XSS) vulnerability in Wondercms v3.3.4 allows ...) NOT-FOR-US: Wondercms CVE-2022-43331 (Canteen Management System v1.0 was discovered to contain a SQL injecti ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/43df9befeb5c4552ce021bf90d5804dbd99e477a -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/43df9befeb5c4552ce021bf90d5804dbd99e477a You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] dla: drop libarchive
Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker Commits: 680465e8 by Sylvain Beucler at 2022-12-02T10:30:17+01:00 dla: drop libarchive Last DLA was uploaded only last week, theres only one minor CVE, and bullseye wont fix it now A future FD will add it back when there are new CVEs, or a bullseye fix that will show up in lts-cve-triage.py - - - - - 2 changed files: - data/CVE/list - data/dla-needed.txt Changes: = data/CVE/list = @@ -30065,6 +30065,7 @@ CVE-2022-36228 CVE-2022-36227 (In libarchive 3.6.1, the software does not check for an error after ca ...) - libarchive (bug #1024669) [bullseye] - libarchive (Minor issue) + [buster] - libarchive (Minor issue, clean crash, follow bullseye updates) NOTE: https://github.com/libarchive/libarchive/issues/1754 NOTE: https://github.com/libarchive/libarchive/pull/1759 NOTE: Fixed by: https://github.com/libarchive/libarchive/commit/bff38efe8c110469c5080d387bec62a6ca15b1a5 = data/dla-needed.txt = @@ -108,10 +108,6 @@ lava libapreq2 NOTE: 20221031: Programming language: C. -- -libarchive - NOTE: 20221128: Programming language: C. - NOTE: 20221128: VCS: https://salsa.debian.org/lts-team/packages/libarchive.git --- libcommons-jxpath-java NOTE: 20221027: Programming language: Java. NOTE: 20221027: Maintainer notes: Wait for the outcome of upstream discussion. See CVE-2022-41852 for pull requests. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/680465e84cef049390d402f516625e9874a4af95 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/680465e84cef049390d402f516625e9874a4af95 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] dla: drop vim
Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker Commits: 52ac9b58 by Sylvain Beucler at 2022-12-02T10:23:02+01:00 dla: drop vim if we need to wait for new CVEs to appear, then theres no need to keep it in dla-needed.txt, a future FD will take care of adding it back - - - - - 2 changed files: - data/CVE/list - data/dla-needed.txt Changes: = data/CVE/list = @@ -1428,6 +1428,7 @@ CVE-2022-4142 CVE-2022-4141 (Heap based buffer overflow in vim/vim 9.0.0946 and below by allowing a ...) - vim [bullseye] - vim (Minor issue) + [buster] - vim (Minor issue) NOTE: https://huntr.dev/bounties/20ece512-c600-45ac-8a84-d0931e05541f NOTE: https://github.com/vim/vim/commit/cc762a48d42b579fb7bdec2c614636b830342dd5 (v9.0.0947) CVE-2022-4140 = data/dla-needed.txt = @@ -341,11 +341,6 @@ trafficserver NOTE: 20221114: https://people.debian.org/~abhijith/upload/trf/ (abhijith) NOTE: 20221114: Asked upstream regarding CVE-2022-31779 (abhijith) -- -vim - NOTE: 20221128: Programming language: C. - NOTE: 20221128: VCS: https://salsa.debian.org/lts-team/packages/vim.git - NOTE: 20221128: Please wait till at least several CVEs appear before upload (gladk). --- virglrenderer (Thorsten Alteholz) NOTE: 20221009: Programming language: C. -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/52ac9b58b0ae36eb6bd8031ff882110bdf68ad6e -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/52ac9b58b0ae36eb6bd8031ff882110bdf68ad6e You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] more mariadb spu updates
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: e7cb5b9f by Moritz Muehlenhoff at 2022-12-02T10:20:17+01:00 more mariadb spu updates - - - - - 2 changed files: - data/CVE/list - data/next-point-update.txt Changes: = data/CVE/list = @@ -22913,6 +22913,7 @@ CVE-2022-38791 (In MariaDB before 10.9.2, compress_write in extra/mariabackup/ds {DLA-3114-1} - mariadb-10.6 1:10.6.9-1 - mariadb-10.5 + [bullseye] - mariadb-10.5 (Will be fixed via spu) - mariadb-10.3 NOTE: https://jira.mariadb.org/browse/MDEV-28719 NOTE: MariaDB fixed in 10.3.36, 10.5.17, 10.6.9 @@ -55054,6 +55055,7 @@ CVE-2022-27458 (MariaDB Server v10.6.3 and below was discovered to contain an us CVE-2022-27457 (MariaDB Server v10.6.3 and below was discovered to contain an use-afte ...) - mariadb-10.6 1:10.6.8-1 - mariadb-10.5 + [bullseye] - mariadb-10.5 (Will be fixed via spu) - mariadb-10.3 (Only affects MariaDB 10.4 onwards) - mariadb-10.1 (Only affects MariaDB 10.4 onwards) NOTE: https://jira.mariadb.org/browse/MDEV-28098 @@ -55318,6 +55320,7 @@ CVE-2022-27383 (MariaDB Server v10.6 and below was discovered to contain an use- {DLA-3114-1} - mariadb-10.6 1:10.6.8-1 - mariadb-10.5 + [bullseye] - mariadb-10.5 (Will be fixed via spu) - mariadb-10.3 - mariadb-10.1 NOTE: https://jira.mariadb.org/browse/MDEV-26323 = data/next-point-update.txt = @@ -158,3 +158,5 @@ CVE-2022-32087 [bullseye] - mariadb-10.5 1:10.5.18-0+deb11u1 CVE-2022-32088 [bullseye] - mariadb-10.5 1:10.5.18-0+deb11u1 +CVE-2022-38791 + [bullseye] - mariadb-10.5 1:10.5.18-0+deb11u1 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e7cb5b9f8ab949f25d7c7b88c72f117c8cc46d18 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e7cb5b9f8ab949f25d7c7b88c72f117c8cc46d18 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] mariadb spu
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 8ccc01a3 by Moritz Mühlenhoff at 2022-12-02T09:56:15+01:00 mariadb spu - - - - - 2 changed files: - data/CVE/list - data/next-point-update.txt Changes: = data/CVE/list = @@ -41311,6 +41311,7 @@ CVE-2022-32091 (MariaDB v10.7 was discovered to contain an use-after-poison in i {DLA-3114-1} - mariadb-10.6 1:10.6.9-1 - mariadb-10.5 + [bullseye] - mariadb-10.5 (Will be fixed via spu) - mariadb-10.3 NOTE: https://jira.mariadb.org/browse/MDEV-26431 CVE-2022-32090 @@ -41318,12 +41319,14 @@ CVE-2022-32090 CVE-2022-32089 (MariaDB v10.5 to v10.7 was discovered to contain a segmentation fault ...) - mariadb-10.6 1:10.6.9-1 - mariadb-10.5 + [bullseye] - mariadb-10.5 (Will be fixed via spu) - mariadb-10.3 (Only affects MariaDB 10.4 onwards) NOTE: https://jira.mariadb.org/browse/MDEV-26410 CVE-2022-32088 (MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault ...) {DLA-3114-1} - mariadb-10.6 1:10.6.8-1 - mariadb-10.5 + [bullseye] - mariadb-10.5 (Will be fixed via spu) - mariadb-10.3 NOTE: https://jira.mariadb.org/browse/MDEV-26419 NOTE: Fixed in: 10.2.44, 10.3.35, 10.4.25, 10.5.16, 10.6.8, 10.7.4 @@ -41331,12 +41334,14 @@ CVE-2022-32087 (MariaDB v10.2 to v10.7 was discovered to contain a segmentation {DLA-3114-1} - mariadb-10.6 1:10.6.8-1 - mariadb-10.5 + [bullseye] - mariadb-10.5 (Will be fixed via spu) - mariadb-10.3 NOTE: https://jira.mariadb.org/browse/MDEV-26437 NOTE: Fixed in: 10.3.35, 10.4.25, 10.5.16, 10.6.8, 10.7.4 CVE-2022-32086 (MariaDB v10.4 to v10.8 was discovered to contain a segmentation fault ...) - mariadb-10.6 1:10.6.8-1 - mariadb-10.5 + [bullseye] - mariadb-10.5 (Will be fixed via spu) - mariadb-10.3 (Only affects MariaDB 10.4 onwards) NOTE: https://jira.mariadb.org/browse/MDEV-26412 NOTE: Fixed in: 10.4.25, 10.5.16, 10.6.8, 10.7.4, 10.8.3 @@ -41344,6 +41349,7 @@ CVE-2022-32085 (MariaDB v10.2 to v10.7 was discovered to contain a segmentation {DLA-3114-1} - mariadb-10.6 1:10.6.8-1 - mariadb-10.5 + [bullseye] - mariadb-10.5 (Will be fixed via spu) - mariadb-10.3 NOTE: https://jira.mariadb.org/browse/MDEV-26407 NOTE: Fixed in: 10.3.35, 10.4.25, 10.5.16, 10.6.8, 10.7.4 @@ -41351,23 +41357,27 @@ CVE-2022-32084 (MariaDB v10.2 to v10.7 was discovered to contain a segmentation {DLA-3114-1} - mariadb-10.6 1:10.6.9-1 - mariadb-10.5 + [bullseye] - mariadb-10.5 (Will be fixed via spu) - mariadb-10.3 NOTE: https://jira.mariadb.org/browse/MDEV-26427 CVE-2022-32083 (MariaDB v10.2 to v10.6.1 was discovered to contain a segmentation faul ...) {DLA-3114-1} - mariadb-10.6 1:10.6.8-1 - mariadb-10.5 + [bullseye] - mariadb-10.5 (Will be fixed via spu) - mariadb-10.3 NOTE: https://jira.mariadb.org/browse/MDEV-26047 NOTE: Fixed in: 10.2.44, 10.3.35, 10.4.25, 10.5.16, 10.6.8, 10.7.4, 10.8.3 CVE-2022-32082 (MariaDB v10.5 to v10.7 was discovered to contain an assertion failure ...) - mariadb-10.6 1:10.6.9-1 - mariadb-10.5 + [bullseye] - mariadb-10.5 (Will be fixed via spu) - mariadb-10.3 (Only affects MariaDB 10.5 onwards) NOTE: https://jira.mariadb.org/browse/MDEV-26433 CVE-2022-32081 (MariaDB v10.4 to v10.7 was discovered to contain an use-after-poison i ...) - mariadb-10.6 1:10.6.9-1 - mariadb-10.5 + [bullseye] - mariadb-10.5 (Will be fixed via spu) - mariadb-10.3 (Only affects MariaDB 10.4 onwards) NOTE: https://jira.mariadb.org/browse/MDEV-26420 CVE-2022-32080 @@ -55037,6 +55047,7 @@ CVE-2022-27458 (MariaDB Server v10.6.3 and below was discovered to contain an us {DLA-3114-1} - mariadb-10.6 1:10.6.8-1 - mariadb-10.5 + [bullseye] - mariadb-10.5 (Will be fixed via spu) - mariadb-10.3 - mariadb-10.1 NOTE: https://jira.mariadb.org/browse/MDEV-28099 @@ -55050,12 +55061,14 @@ CVE-2022-27456 (MariaDB Server v10.6.3 and below was discovered to contain an us {DLA-3114-1} - mariadb-10.6 1:10.6.8-1 - mariadb-10.5 + [bullseye] - mariadb-10.5 (Will be fixed via spu) - mariadb-10.3 - mariadb-10.1 NOTE: https://jira.mariadb.org/browse/MDEV-28093 CVE-2022-27455 (MariaDB Server v10.6.3 and below was discovered to contain an use-afte ...) - mariadb-10.6 1:10.6.8-1 - mariadb-10.5 + [bullseye] - mariadb-10.5 (Will be fixed via spu) - mariadb-10.3 (Only affects MariaDB 10.4 onwards)
[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 4fbe7725 by Moritz Muehlenhoff at 2022-12-02T09:38:04+01:00 NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -231,7 +231,7 @@ CVE-2022-4248 (A vulnerability, which was classified as critical, has been found CVE-2022-4247 (A vulnerability classified as critical was found in Movie Ticket Booki ...) NOT-FOR-US: Movie Ticket Booking System CVE-2022-4246 (A vulnerability classified as problematic has been found in Kakao PotP ...) - TODO: check + NOT-FOR-US: Kakao PotPlayer CVE-2022-46361 RESERVED CVE-2022-43485 @@ -309,7 +309,7 @@ CVE-2022-4226 CVE-2022-4225 RESERVED CVE-2021-4242 (A vulnerability was found in Sapido BR270n, BRC76n, GR297 and RB1732 a ...) - TODO: check + NOT-FOR-US: Sapido CVE-2022-46344 RESERVED CVE-2022-46343 @@ -826,15 +826,15 @@ CVE-2022-46158 CVE-2022-46157 RESERVED CVE-2022-46156 (The Synthetic Monitoring Agent for Grafana's Synthetic Monitoring appl ...) - TODO: check + NOT-FOR-US: Grafana Synthetic Monitoring CVE-2022-46155 (Airtable.js is the JavaScript client for Airtable. Prior to version 0. ...) - TODO: check + NOT-FOR-US: Airtable.js CVE-2022-46154 RESERVED CVE-2022-46153 RESERVED CVE-2022-46152 (OP-TEE Trusted OS is the secure side implementation of OP-TEE project, ...) - TODO: check + NOT-FOR-US: OP-TEE CVE-2022-46151 RESERVED CVE-2022-46150 (Discourse is an open-source discussion platform. Prior to version 2.8. ...) @@ -846,7 +846,7 @@ CVE-2022-46149 (Cap'n Proto is a data interchange format and remote procedure ca CVE-2022-46148 (Discourse is an open-source messaging platform. In versions 2.8.10 and ...) NOT-FOR-US: Discourse CVE-2022-46147 (Drag and Drop XBlock v2 implements a drag-and-drop style problem, wher ...) - TODO: check + NOT-FOR-US: Drag and Drop XBlock CVE-2022-46146 (Prometheus Exporter Toolkit is a utility package to build exporters. P ...) - golang-github-prometheus-exporter-toolkit 0.8.2-1 (bug #1025127) NOTE: https://www.openwall.com/lists/oss-security/2022/11/29/1 @@ -875,7 +875,7 @@ CVE-2022-4171 CVE-2022-4170 RESERVED CVE-2022-4169 (The Theme and plugin translation for Polylang is vulnerable to authori ...) - TODO: check + NOT-FOR-US: Polylang CVE-2022-4168 RESERVED CVE-2022-4167 @@ -1361,7 +1361,7 @@ CVE-2022-45923 CVE-2022-45922 RESERVED CVE-2022-45921 (FusionAuth before 1.41.3 allows a file outside of the application root ...) - TODO: check + NOT-FOR-US: FusionAuth CVE-2022-45920 RESERVED CVE-2022-45919 (An issue was discovered in the Linux kernel through 6.0.10. In drivers ...) @@ -2224,7 +2224,7 @@ CVE-2022-45564 CVE-2022-45563 RESERVED CVE-2022-45562 (Insecure permissions in Telos Alliance Omnia MPX Node v1.0.0 to v1.4.9 ...) - TODO: check + NOT-FOR-US: Telos Alliance Omnia MPX Node CVE-2022-45561 RESERVED CVE-2022-45560 @@ -2384,7 +2384,7 @@ CVE-2022-45484 CVE-2022-4105 (A stored XSS in a kiwi Test Plan can run malicious javascript which co ...) NOT-FOR-US: kiwi Test Plan CVE-2022-4104 (A loop with an unreachable exit condition can be triggered by passing ...) - TODO: check + NOT-FOR-US: Tenable CVE-2022-4103 RESERVED CVE-2022-4102 @@ -2650,7 +2650,7 @@ CVE-2022-4022 (The SVG Support plugin for WordPress defaults to insecure setting CVE-2022-4021 (The Permalink Manager Lite plugin for WordPress is vulnerable to Cross ...) NOT-FOR-US: Permalink Manager Lite plugin for WordPress CVE-2022-4020 (Vulnerability in the HQSwSmiDxe DXE driver on some consumer Acer Noteb ...) - TODO: check + NOT-FOR-US: Acer CVE-2022-4019 (A denial-of-service vulnerability in the Mattermost Playbooks plugin a ...) NOT-FOR-US: Mattermost plugin CVE-2022-4018 (Missing Authentication for Critical Function in GitHub repository ikus ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4fbe77256bd5f39d02930a300b1fc2e234f8fd83 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4fbe77256bd5f39d02930a300b1fc2e234f8fd83 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 46276672 by security tracker role at 2022-12-02T08:10:28+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,105 @@ +CVE-2023-21623 + RESERVED +CVE-2023-21622 + RESERVED +CVE-2023-21621 + RESERVED +CVE-2023-21620 + RESERVED +CVE-2023-21619 + RESERVED +CVE-2023-21618 + RESERVED +CVE-2023-21617 + RESERVED +CVE-2023-21616 + RESERVED +CVE-2023-21615 + RESERVED +CVE-2023-21614 + RESERVED +CVE-2023-21613 + RESERVED +CVE-2023-21612 + RESERVED +CVE-2023-21611 + RESERVED +CVE-2023-21610 + RESERVED +CVE-2023-21609 + RESERVED +CVE-2023-21608 + RESERVED +CVE-2023-21607 + RESERVED +CVE-2023-21606 + RESERVED +CVE-2023-21605 + RESERVED +CVE-2023-21604 + RESERVED +CVE-2023-21603 + RESERVED +CVE-2023-21602 + RESERVED +CVE-2023-21601 + RESERVED +CVE-2023-21600 + RESERVED +CVE-2023-21599 + RESERVED +CVE-2023-21598 + RESERVED +CVE-2023-21597 + RESERVED +CVE-2023-21596 + RESERVED +CVE-2023-21595 + RESERVED +CVE-2023-21594 + RESERVED +CVE-2023-21593 + RESERVED +CVE-2023-21592 + RESERVED +CVE-2023-21591 + RESERVED +CVE-2023-21590 + RESERVED +CVE-2023-21589 + RESERVED +CVE-2023-21588 + RESERVED +CVE-2023-21587 + RESERVED +CVE-2023-21586 + RESERVED +CVE-2023-21585 + RESERVED +CVE-2023-21584 + RESERVED +CVE-2023-21583 + RESERVED +CVE-2023-21582 + RESERVED +CVE-2023-21581 + RESERVED +CVE-2023-21580 + RESERVED +CVE-2023-21579 + RESERVED +CVE-2023-21578 + RESERVED +CVE-2023-21577 + RESERVED +CVE-2023-21576 + RESERVED +CVE-2023-21575 + RESERVED +CVE-2023-21574 + RESERVED +CVE-2022-4262 + RESERVED CVE-2023-21573 RESERVED CVE-2023-21572 @@ -2121,8 +2223,8 @@ CVE-2022-45564 RESERVED CVE-2022-45563 RESERVED -CVE-2022-45562 - RESERVED +CVE-2022-45562 (Insecure permissions in Telos Alliance Omnia MPX Node v1.0.0 to v1.4.9 ...) + TODO: check CVE-2022-45561 RESERVED CVE-2022-45560 @@ -4275,12 +4377,12 @@ CVE-2022-44932 RESERVED CVE-2022-44931 RESERVED -CVE-2022-44930 - RESERVED -CVE-2022-44929 - RESERVED -CVE-2022-44928 - RESERVED +CVE-2022-44930 (D-Link DHP-W310AV 3.10EU was discovered to contain a command injection ...) + TODO: check +CVE-2022-44929 (An access control issue in D-Link DVG-G5402SP GE_1.03 allows unauthent ...) + TODO: check +CVE-2022-44928 (D-Link DVG-G5402SP GE_1.03 was discovered to contain a command injecti ...) + TODO: check CVE-2022-44927 RESERVED CVE-2022-44926 @@ -7141,10 +7243,10 @@ CVE-2022-44214 RESERVED CVE-2022-44213 RESERVED -CVE-2022-44212 - RESERVED -CVE-2022-44211 - RESERVED +CVE-2022-44212 (In GL.iNet Goodcloud 1.0, insecure design allows remote attacker to ac ...) + TODO: check +CVE-2022-44211 (In GL.iNet Goodcloud 1.1 Incorrect access control allows a remote atta ...) + TODO: check CVE-2022-44210 RESERVED CVE-2022-44209 @@ -11195,8 +11297,8 @@ CVE-2022-43335 RESERVED CVE-2022-43334 RESERVED -CVE-2022-4 - RESERVED +CVE-2022-4 (Telenia Software s.r.l TVox before v22.0.17 was discovered to contain ...) + TODO: check CVE-2022-43332 (A cross-site scripting (XSS) vulnerability in Wondercms v3.3.4 allows ...) NOT-FOR-US: Wondercms CVE-2022-43331 (Canteen Management System v1.0 was discovered to contain a SQL injecti ...) @@ -11211,8 +11313,8 @@ CVE-2022-43327 RESERVED CVE-2022-43326 (An Insecure Direct Object Reference (IDOR) vulnerability in the passwo ...) NOT-FOR-US: Telos Alliance Omnia MPX Node -CVE-2022-43325 - RESERVED +CVE-2022-43325 (An unauthenticated command injection vulnerability in the product lice ...) + TODO: check CVE-2022-43324 RESERVED CVE-2022-43323 (EyouCMS V1.5.9-UTF8-SP1 was discovered to contain a Cross-Site Request ...) @@ -12968,8 +13070,8 @@ CVE-2022-42719 (A use-after-free in the mac80211 stack when parsing a multi-BSSI NOTE: https://www.openwall.com/lists/oss-security/2022/10/13/2 NOTE: https://lore.kernel.org/netdev/20221013100522.46346-1-johan...@sipsolutions.net/T/#u NOTE: https://github.com/PurpleVsGreen/beacown -CVE-2022-42718 - RESERVED +CVE-2022-42718 (Incorrect default permissions in the installation folder for NI LabVIE ...) + TODO: check CVE-2022-42717 (An issue was discovered in Hashicorp Packer before 2.3.1. The recommen ...) NOT-FOR-US: Hashicorp Packer CVE-2022-42716 @@ -14037,8 +14139,8 @@ CVE-2022-42264 -