[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Mon Dec 5 08:11:22 GMT 2022 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
d4361077 by security tracker role at 2022-12-05T08:10:24+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,7 @@
+CVE-2022-46421
+	RESERVED
+CVE-2022-4281
+	RESERVED
 CVE-2022-46288
 	RESERVED
 CVE-2022-46287
@@ -83,7 +87,7 @@ CVE-2022-4280 (A vulnerability, which was classified as problematic, has been fo
 	NOT-FOR-US: Dot Tech Smart Campus System
 CVE-2022-4279 (A vulnerability classified as problematic has been found in SourceCode ...)
 	NOT-FOR-US: SourceCodester Human Resource Management System
-CVE-2022-4278 (A vulnerability was found in SourceCodester Book Store Management Syst ...)
+CVE-2022-4278 (A vulnerability was found in SourceCodester Human Resource Management  ...)
 	NOT-FOR-US: SourceCodester Book Store Management System
 CVE-2022-4277 (A vulnerability was found in Shaoxing Background Management System. It ...)
 	NOT-FOR-US: Shaoxing Background Management System
@@ -261,6 +265,7 @@ CVE-2023-21575
 CVE-2023-21574
 	RESERVED
 CVE-2022-4262 (Type confusion in V8 in Google Chrome prior to 108.0.5359.94 allowed a ...)
+	{DSA-5295-1}
 	- chromium 108.0.5359.94-1
 	[buster] - chromium <end-of-life> (see DSA 5046)
 CVE-2023-21573
@@ -10456,30 +10461,30 @@ CVE-2022-43509
 	RESERVED
 CVE-2022-43508
 	RESERVED
-CVE-2022-43504
-	RESERVED
-CVE-2022-43500
-	RESERVED
-CVE-2022-43497
-	RESERVED
-CVE-2022-43487
-	RESERVED
-CVE-2022-43484
-	RESERVED
-CVE-2022-43470
-	RESERVED
-CVE-2022-43442
-	RESERVED
+CVE-2022-43504 (Improper authentication vulnerability in WordPress versions prior to 6 ...)
+	TODO: check
+CVE-2022-43500 (Cross-site scripting vulnerability in WordPress versions prior to 6.0. ...)
+	TODO: check
+CVE-2022-43497 (Cross-site scripting vulnerability in WordPress versions prior to 6.0. ...)
+	TODO: check
+CVE-2022-43487 (Cross-site scripting vulnerability in Salon booking system versions pr ...)
+	TODO: check
+CVE-2022-43484 (TERASOLUNA Global Framework 1.0.0 (Public review version) and TERASOLU ...)
+	TODO: check
+CVE-2022-43470 (Cross-site request forgery (CSRF) vulnerability in +F FS040U software  ...)
+	TODO: check
+CVE-2022-43442 (Plaintext storage of a password vulnerability exists in +F FS040U soft ...)
+	TODO: check
 CVE-2022-42486
 	RESERVED
 CVE-2022-41994
 	RESERVED
-CVE-2022-41830
-	RESERVED
-CVE-2022-41807
-	RESERVED
-CVE-2022-41798
-	RESERVED
+CVE-2022-41830 (Stored cross-site scripting vulnerability in Kyocera Document Solution ...)
+	TODO: check
+CVE-2022-41807 (Missing authorization vulnerability exists in Kyocera Document Solutio ...)
+	TODO: check
+CVE-2022-41798 (Session information easily guessable vulnerability exists in Kyocera D ...)
+	TODO: check
 CVE-2022-3680
 	RESERVED
 CVE-2022-3679
@@ -10875,8 +10880,8 @@ CVE-2022-43514
 	RESERVED
 CVE-2022-43513
 	RESERVED
-CVE-2022-43499
-	RESERVED
+CVE-2022-43499 (Stored cross-site scripting vulnerability in SHIRASAGI versions prior  ...)
+	TODO: check
 CVE-2022-43492 (Auth. (subscriber+) Insecure Direct Object References (IDOR) vulnerabi ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-43491 (Cross-Site Request Forgery (CSRF) vulnerability in Advanced Dynamic Pr ...)
@@ -10891,8 +10896,8 @@ CVE-2022-43481 (Cross-Site Request Forgery (CSRF) vulnerability in Advanced Coup
 	NOT-FOR-US: WordPress plugin
 CVE-2022-43480
 	RESERVED
-CVE-2022-43479
-	RESERVED
+CVE-2022-43479 (Open redirect vulnerability in SHIRASAGI v1.14.4 to v1.15.0 allows a r ...)
+	TODO: check
 CVE-2022-43476
 	RESERVED
 CVE-2022-43472
@@ -11005,8 +11010,8 @@ CVE-2022-41619
 	RESERVED
 CVE-2022-41554
 	RESERVED
-CVE-2022-40968
-	RESERVED
+CVE-2022-40968 (Reflected Cross-Site Scripting (XSS) vulnerability in 2kb Amazon Affil ...)
+	TODO: check
 CVE-2022-40963 (Multiple Auth. (author+) Stored Cross-Site Scripting (XSS) vulnerabili ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-40698 (Auth. (subscriber+) Cross-Site Scripting (XSS) vulnerability in Quiz A ...)
@@ -11377,12 +11382,12 @@ CVE-2022-43380
 	RESERVED
 CVE-2022-43379
 	RESERVED
-CVE-2022-42496
-	RESERVED
-CVE-2022-41777
-	RESERVED
-CVE-2022-41642
-	RESERVED
+CVE-2022-42496 (OS command injection vulnerability in Nako3edit, editor component of n ...)
+	TODO: check
+CVE-2022-41777 (Improper check or handling of exceptional conditions vulnerability in  ...)
+	TODO: check
+CVE-2022-41642 (OS command injection vulnerability in Nadesiko3 (PC Version) v3.3.61 a ...)
+	TODO: check
 CVE-2022-3575 (Frauscher Sensortechnik GmbH FDS102 for FAdC R2 and FAdCi R2 v2.8.0 to ...)
 	NOT-FOR-US: Frauscher Sensortechnik
 CVE-2022-3574 (The WPForms Pro WordPress plugin before 1.7.7 does not validate its fo ...)
@@ -16104,8 +16109,8 @@ CVE-2022-36418
 	RESERVED
 CVE-2022-36399
 	RESERVED
-CVE-2022-35730
-	RESERVED
+CVE-2022-35730 (Cross-Site Request Forgery (CSRF) vulnerability in Oceanwp sticky head ...)
+	TODO: check
 CVE-2022-34840
 	RESERVED
 CVE-2022-3347
@@ -68844,6 +68849,7 @@ CVE-2022-0237 (Rapid7 Insight Agent versions 3.1.2.38 and earlier suffer from a
 CVE-2022-0236 (The WP Import Export WordPress plugin (both free and premium versions) ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-0235 (node-fetch is vulnerable to Exposure of Sensitive Information to an Un ...)
+	{DLA-3222-1}
 	- node-fetch 2.6.1-7
 	[bullseye] - node-fetch 2.6.1-5+deb11u1
 	NOTE: https://huntr.dev/bounties/d26ab655-38d6-48b3-be15-f9ad6b6ae6f7/
@@ -135268,6 +135274,7 @@ CVE-2021-23520 (The package juce-framework/juce before 6.1.5 are vulnerable to A
 CVE-2021-23519
 	RESERVED
 CVE-2021-23518 (The package cached-path-relative before 1.1.0 are vulnerable to Protot ...)
+	{DLA-3221-1}
 	- node-cached-path-relative 1.1.0+~1.0.0-1 (bug #1004338)
 	[bullseye] - node-cached-path-relative 1.0.2-1+deb11u1
 	NOTE: https://github.com/ashaffer/cached-path-relative/commit/40c73bf70c58add5aec7d11e4f36b93d144bb760
@@ -291876,6 +291883,7 @@ CVE-2018-16474 (A stored xss in tianma-static module versions <=1.0.4 allows
 CVE-2018-16473 (A path traversal in takeapeek module versions <=0.2.2 allows an att ...)
 	NOT-FOR-US: takeapeek
 CVE-2018-16472 (A prototype pollution attack in cached-path-relative versions <=1.0 ...)
+	{DLA-3221-1}
 	- node-cached-path-relative 1.0.2-1
 	NOTE: https://hackerone.com/reports/390847
 	NOTE: https://github.com/ashaffer/cached-path-relative/issues/3



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d436107725d31992fd0d97a6534c3b98d17cd4b5

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d436107725d31992fd0d97a6534c3b98d17cd4b5
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221205/1511d61e/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list