[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Dec 1 20:10:37 GMT 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
0541db70 by security tracker role at 2022-12-01T20:10:26+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,135 @@
+CVE-2023-21573
+ RESERVED
+CVE-2023-21572
+ RESERVED
+CVE-2023-21571
+ RESERVED
+CVE-2023-21570
+ RESERVED
+CVE-2023-21569
+ RESERVED
+CVE-2023-21568
+ RESERVED
+CVE-2023-21567
+ RESERVED
+CVE-2023-21566
+ RESERVED
+CVE-2023-21565
+ RESERVED
+CVE-2023-21564
+ RESERVED
+CVE-2023-21563
+ RESERVED
+CVE-2023-21562
+ RESERVED
+CVE-2023-21561
+ RESERVED
+CVE-2023-21560
+ RESERVED
+CVE-2023-21559
+ RESERVED
+CVE-2023-21558
+ RESERVED
+CVE-2023-21557
+ RESERVED
+CVE-2023-21556
+ RESERVED
+CVE-2023-21555
+ RESERVED
+CVE-2023-21554
+ RESERVED
+CVE-2023-21553
+ RESERVED
+CVE-2023-21552
+ RESERVED
+CVE-2023-21551
+ RESERVED
+CVE-2023-21550
+ RESERVED
+CVE-2023-21549
+ RESERVED
+CVE-2023-21548
+ RESERVED
+CVE-2023-21547
+ RESERVED
+CVE-2023-21546
+ RESERVED
+CVE-2023-21545
+ RESERVED
+CVE-2023-21544
+ RESERVED
+CVE-2023-21543
+ RESERVED
+CVE-2023-21542
+ RESERVED
+CVE-2023-21541
+ RESERVED
+CVE-2023-21540
+ RESERVED
+CVE-2023-21539
+ RESERVED
+CVE-2023-21538
+ RESERVED
+CVE-2023-21537
+ RESERVED
+CVE-2023-21536
+ RESERVED
+CVE-2023-21535
+ RESERVED
+CVE-2023-21534
+ RESERVED
+CVE-2023-21533
+ RESERVED
+CVE-2023-21532
+ RESERVED
+CVE-2023-21531
+ RESERVED
+CVE-2023-21530
+ RESERVED
+CVE-2023-21529
+ RESERVED
+CVE-2023-21528
+ RESERVED
+CVE-2023-21527
+ RESERVED
+CVE-2023-21526
+ RESERVED
+CVE-2023-21525
+ RESERVED
+CVE-2023-21524
+ RESERVED
+CVE-2022-4261
+ RESERVED
+CVE-2022-4260
+ RESERVED
+CVE-2022-4259
+ RESERVED
+CVE-2022-4258
+ RESERVED
+CVE-2022-4257 (A vulnerability was found in C-DATA Web Management System. It has been ...)
+ TODO: check
+CVE-2022-4256
+ RESERVED
+CVE-2022-4255
+ RESERVED
+CVE-2022-4254
+ RESERVED
+CVE-2022-4253 (A vulnerability was found in SourceCodester Canteen Management System. ...)
+ TODO: check
+CVE-2022-4252 (A vulnerability was found in SourceCodester Canteen Management System. ...)
+ TODO: check
+CVE-2022-4251 (A vulnerability was found in Movie Ticket Booking System and classifie ...)
+ TODO: check
+CVE-2022-4250 (A vulnerability has been found in Movie Ticket Booking System and clas ...)
+ TODO: check
+CVE-2022-4249 (A vulnerability, which was classified as problematic, was found in Mov ...)
+ TODO: check
+CVE-2022-4248 (A vulnerability, which was classified as critical, has been found in M ...)
+ TODO: check
+CVE-2022-4247 (A vulnerability classified as critical was found in Movie Ticket Booki ...)
+ TODO: check
+CVE-2022-4246 (A vulnerability classified as problematic has been found in Kakao PotP ...)
+ TODO: check
CVE-2022-46361
RESERVED
CVE-2022-43485
@@ -94,8 +226,8 @@ CVE-2022-4223
RESERVED
CVE-2022-4222 (A vulnerability was found in SourceCodester Canteen Management System. ...)
NOT-FOR-US: SourceCodester Canteen Management System
-CVE-2022-4221
- RESERVED
+CVE-2022-4221 (Improper Neutralization of Special Elements used in an OS Command ('OS ...)
+ TODO: check
CVE-2022-4220
RESERVED
CVE-2022-4219
@@ -1481,8 +1613,8 @@ CVE-2021-46854 (mod_radius in ProFTPD before 1.3.7c allows memory disclosure to
NOTE: https://github.com/proftpd/proftpd/pull/1285
NOTE: Fixed by: https://github.com/proftpd/proftpd/commit/10a227b4d50e0a2cd2faf87926f58d865da44e43 (v1.3.8rc2)
NOTE: Fixed by: https://github.com/proftpd/proftpd/commit/e7c0b6e78a81fa97ec41ea6332e5e11b864089b8 (v1.3.7c)
-CVE-2022-45797
- RESERVED
+CVE-2022-45797 (An arbitrary file deletion vulnerability in the Damage Cleanup Engine ...)
+ TODO: check
CVE-2022-45796
RESERVED
CVE-2022-45795
@@ -3821,8 +3953,8 @@ CVE-2022-45052
RESERVED
CVE-2022-45051
RESERVED
-CVE-2022-45050
- RESERVED
+CVE-2022-45050 (A reflected XSS vulnerability has been found in Axiell Iguana CMS, all ...)
+ TODO: check
CVE-2022-45049
RESERVED
CVE-2022-45048
@@ -6144,7 +6276,8 @@ CVE-2022-44579
RESERVED
CVE-2022-44578
RESERVED
-CVE-2022-44577 (This CVE ID has been rejected or withdrawn by its CVE Numbering Author ...)
+CVE-2022-44577
+ REJECTED
NOT-FOR-US: WordPress plugin
CVE-2022-44576 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Agen ...)
NOT-FOR-US: WordPress plugin
@@ -9391,16 +9524,16 @@ CVE-2022-43934
RESERVED
CVE-2022-43933
RESERVED
-CVE-2022-3713
- RESERVED
+CVE-2022-3713 (A code injection vulnerability allows adjacent attackers to execute co ...)
+ TODO: check
CVE-2022-3712
RESERVED
-CVE-2022-3711
- RESERVED
-CVE-2022-3710
- RESERVED
-CVE-2022-3709
- RESERVED
+CVE-2022-3711 (A post-auth read-only SQL injection vulnerability allows users to read ...)
+ TODO: check
+CVE-2022-3710 (A post-auth read-only SQL injection vulnerability allows API clients t ...)
+ TODO: check
+CVE-2022-3709 (A stored XSS vulnerability allows admin to super-admin privilege escal ...)
+ TODO: check
CVE-2022-3708 (The Web Stories plugin for WordPress is vulnerable to Server-Side Requ ...)
NOT-FOR-US: Web Stories plugin for WordPress
CVE-2022-3707
@@ -9472,10 +9605,10 @@ CVE-2022-43903
RESERVED
CVE-2022-43902
RESERVED
-CVE-2022-43901
- RESERVED
-CVE-2022-43900
- RESERVED
+CVE-2022-43901 (IBM WebSphere Automation for IBM Cloud Pak for Watson AIOps 1.4.3 coul ...)
+ TODO: check
+CVE-2022-43900 (IBM WebSphere Automation for IBM Cloud Pak for Watson AIOps 1.4.2 coul ...)
+ TODO: check
CVE-2022-43899
RESERVED
CVE-2022-43898
@@ -9779,8 +9912,8 @@ CVE-2022-3697 (A flaw was found in Ansible in the amazon.aws collection when usi
- ansible 7.0.0+dfsg-1
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2137664
NOTE: https://github.com/ansible-collections/amazon.aws/pull/1199
-CVE-2022-3696
- RESERVED
+CVE-2022-3696 (A post-auth code injection vulnerability allows admins to execute code ...)
+ TODO: check
CVE-2022-3695
RESERVED
CVE-2022-3694
@@ -15608,6 +15741,7 @@ CVE-2022-38099 (Improper input validation in BIOS firmware for some Intel(R) NUC
NOT-FOR-US: Intel
CVE-2022-3328
RESERVED
+ {DSA-5292-1}
- snapd 2.57.6-1
NOTE: https://github.com/snapcore/snapd/commit/6226cdc57052f4b7057d92f2e549aa169e35cd2d (2.57.6)
NOTE: https://github.com/snapcore/snapd/commit/21ebc51f00b8a1417888faa2e83a372fd29d0f5e (2.57.6)
@@ -16303,8 +16437,8 @@ CVE-2022-3272 (Improper Handling of Length Parameter Inconsistency in GitHub rep
- rdiffweb <itp> (bug #969974)
CVE-2022-3271
RESERVED
-CVE-2022-3270
- RESERVED
+CVE-2022-3270 (In multiple products by Festo a remote unauthenticated attacker could ...)
+ TODO: check
CVE-2022-3269 (Session Fixation in GitHub repository ikus060/rdiffweb prior to 2.4.7. ...)
- rdiffweb <itp> (bug #969974)
CVE-2022-3268 (Weak Password Requirements in GitHub repository ikus060/minarca prior ...)
@@ -16374,8 +16508,8 @@ CVE-2022-41299
RESERVED
CVE-2022-41298
RESERVED
-CVE-2022-41297
- RESERVED
+CVE-2022-41297 (IBM Db2U 3.5, 4.0, and 4.5 is vulnerable to cross-site request forgery ...)
+ TODO: check
CVE-2022-41296
RESERVED
CVE-2022-41295
@@ -17632,8 +17766,8 @@ CVE-2022-40739 (Ragic report generation page has insufficient filtering for spec
NOT-FOR-US: Ragic
CVE-2022-3227
RESERVED
-CVE-2022-3226
- RESERVED
+CVE-2022-3226 (An OS command injection vulnerability allows admins to execute code vi ...)
+ TODO: check
CVE-2022-3225 (Improper Access Control in GitHub repository budibase/budibase prior t ...)
NOT-FOR-US: budibase
CVE-2022-3224 (Misinterpretation of Input in GitHub repository ionicabizau/parse-url ...)
@@ -22863,8 +22997,8 @@ CVE-2022-2971 (MZ Automation's libIEC61850 (versions 1.4 and prior; version 1.5
NOT-FOR-US: libIEC61850
CVE-2022-2970 (MZ Automation's libIEC61850 (versions 1.4 and prior; version 1.5 prior ...)
NOT-FOR-US: libIEC61850
-CVE-2022-2969
- RESERVED
+CVE-2022-2969 (Delta Industrial Automation DIALink versions prior to v1.5.0.0 Beta 4 ...)
+ TODO: check
CVE-2022-2968
RESERVED
CVE-2022-2967
@@ -27656,10 +27790,10 @@ CVE-2022-37019
RESERVED
CVE-2022-37018 (A potential vulnerability has been identified in the system BIOS for c ...)
NOT-FOR-US: HPE
-CVE-2022-37017
- RESERVED
-CVE-2022-37016
- RESERVED
+CVE-2022-37017 (Symantec Endpoint Protection (Windows) agent, prior to 14.3 RU6/14.3 R ...)
+ TODO: check
+CVE-2022-37016 (Symantec Endpoint Protection (Windows) agent may be susceptible to a P ...)
+ TODO: check
CVE-2022-37015 (Symantec Endpoint Detection and Response (SEDR) Appliance, prior to 4. ...)
NOT-FOR-US: Symantec Endpoint Detection and Response (SEDR) Appliance
CVE-2022-37014
@@ -45495,8 +45629,8 @@ CVE-2022-1663 (The Stop Spam Comments WordPress plugin through 0.2.1.2 does not
NOT-FOR-US: WordPress plugin
CVE-2022-30529 (File upload vulnerability in asith-eranga ISIC tour booking through ve ...)
NOT-FOR-US: asith-eranga ISIC tour booking
-CVE-2022-30528
- RESERVED
+CVE-2022-30528 (SQL Injection vulnerability in asith-eranga ISIC tour booking through ...)
+ TODO: check
CVE-2022-30527
RESERVED
CVE-2022-1662 (In convert2rhel, there's an ansible playbook named ansible/run-convert ...)
@@ -47531,8 +47665,8 @@ CVE-2022-29839
RESERVED
CVE-2022-29838
RESERVED
-CVE-2022-29837
- RESERVED
+CVE-2022-29837 (A path traversal vulnerability was addressed in Western Digital My Clo ...)
+ TODO: check
CVE-2022-29836 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
NOT-FOR-US: Western Digital
CVE-2022-29835 (WD Discovery software executable files were signed with an unsafe SHA- ...)
@@ -47760,8 +47894,8 @@ CVE-2022-1473 (The OPENSSL_LH_flush() function, which empties a hash table, cont
NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=64c85430f95200b6b51fe9475bd5203f7c19daf1 (openssl-3.0.3)
CVE-2022-1472 (The Better Find and Replace WordPress plugin before 1.3.6 does not pro ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-1471
- RESERVED
+CVE-2022-1471 (SnakeYaml's Constructor() class does not restrict types which can be i ...)
+ TODO: check
CVE-2022-1470 (The Ultimate WooCommerce CSV Importer WordPress plugin through 2.0 doe ...)
NOT-FOR-US: WordPress plugin
CVE-2022-1469 (The FiboSearch WordPress plugin before 1.17.0 does not sanitise and es ...)
@@ -51226,8 +51360,8 @@ CVE-2022-28609
RESERVED
CVE-2022-28608
RESERVED
-CVE-2022-28607
- RESERVED
+CVE-2022-28607 (An issue was discovered in asith-eranga ISIC tour booking through vers ...)
+ TODO: check
CVE-2022-28606 (An arbitrary file upload vulnerability exists in Wenzhou Huoyin Inform ...)
NOT-FOR-US: BossCMS
CVE-2022-28605 (Hardcoded admin token in SoundBar apps in Linkplay SDK 1.00 allows rem ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0541db70be8a7b04bf0656527737e2d435f45d9f
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0541db70be8a7b04bf0656527737e2d435f45d9f
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221201/9a604d73/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list