[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Dec 9 20:10:35 GMT 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
a037c557 by security tracker role at 2022-12-09T20:10:24+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,4 +1,145 @@
+CVE-2022-46892
+ RESERVED
+CVE-2022-46891
+ RESERVED
+CVE-2022-46890
+ RESERVED
+CVE-2022-46889
+ RESERVED
+CVE-2022-46888
+ RESERVED
+CVE-2022-46887
+ RESERVED
+CVE-2022-46886
+ RESERVED
+CVE-2022-46885
+ RESERVED
+CVE-2022-46884
+ RESERVED
+CVE-2022-46883
+ RESERVED
+CVE-2022-46882
+ RESERVED
+CVE-2022-46881
+ RESERVED
+CVE-2022-46880
+ RESERVED
+CVE-2022-46879
+ RESERVED
+CVE-2022-46878
+ RESERVED
+CVE-2022-46877
+ RESERVED
+CVE-2022-46876
+ RESERVED
+CVE-2022-46875
+ RESERVED
+CVE-2022-46874
+ RESERVED
+CVE-2022-46873
+ RESERVED
+CVE-2022-46872
+ RESERVED
+CVE-2022-46871
+ RESERVED
+CVE-2022-46870
+ RESERVED
+CVE-2022-46869
+ RESERVED
+CVE-2022-46868
+ RESERVED
+CVE-2022-46867
+ RESERVED
+CVE-2022-46866
+ RESERVED
+CVE-2022-46865
+ RESERVED
+CVE-2022-46864
+ RESERVED
+CVE-2022-46863
+ RESERVED
+CVE-2022-46862
+ RESERVED
+CVE-2022-46861
+ RESERVED
+CVE-2022-46860
+ RESERVED
+CVE-2022-46859
+ RESERVED
+CVE-2022-46858
+ RESERVED
+CVE-2022-46857
+ RESERVED
+CVE-2022-46856
+ RESERVED
+CVE-2022-46855
+ RESERVED
+CVE-2022-46854
+ RESERVED
+CVE-2022-46853
+ RESERVED
+CVE-2022-46852
+ RESERVED
+CVE-2022-46851
+ RESERVED
+CVE-2022-46850
+ RESERVED
+CVE-2022-46849
+ RESERVED
+CVE-2022-46848
+ RESERVED
+CVE-2022-46847
+ RESERVED
+CVE-2022-46846
+ RESERVED
+CVE-2022-46845
+ RESERVED
+CVE-2022-46844
+ RESERVED
+CVE-2022-46843
+ RESERVED
+CVE-2022-46842
+ RESERVED
+CVE-2022-46841
+ RESERVED
+CVE-2022-46840
+ RESERVED
+CVE-2022-46839
+ RESERVED
+CVE-2022-46838
+ RESERVED
+CVE-2022-4391
+ RESERVED
+CVE-2022-4390
+ RESERVED
+CVE-2022-4389
+ RESERVED
+CVE-2022-4388
+ RESERVED
+CVE-2022-4387
+ RESERVED
+CVE-2022-4386
+ RESERVED
+CVE-2022-4385
+ RESERVED
+CVE-2022-4384
+ RESERVED
+CVE-2022-4383
+ RESERVED
+CVE-2022-4382
+ RESERVED
+CVE-2022-4381
+ RESERVED
+CVE-2022-4380
+ RESERVED
+CVE-2022-4379
+ RESERVED
+CVE-2022-4377 (A vulnerability was found in S-CMS 5.0 Build 20220328. It has been dec ...)
+ TODO: check
+CVE-2022-4376
+ RESERVED
CVE-2022-4378
+ RESERVED
- linux 6.0.12-1
NOTE: https://www.openwall.com/lists/oss-security/2022/12/09/1
NOTE: https://git.kernel.org/linus/bce9332220bd677d83b19d21502776ad555a0e73
@@ -11,8 +152,8 @@ CVE-2022-46833
RESERVED
CVE-2022-46832
RESERVED
-CVE-2022-4375
- RESERVED
+CVE-2022-4375 (A vulnerability was found in Mingsoft MCMS up to 5.2.9. It has been cl ...)
+ TODO: check
CVE-2022-4374
RESERVED
CVE-2022-4373
@@ -259,8 +400,8 @@ CVE-2022-4338
RESERVED
CVE-2022-4337
RESERVED
-CVE-2022-4336
- RESERVED
+CVE-2022-4336 (In BAOTA linux panel there exists a stored xss vulnerability attackers ...)
+ TODO: check
CVE-2022-4335
RESERVED
CVE-2022-4334
@@ -1292,8 +1433,8 @@ CVE-2022-4266
RESERVED
CVE-2022-4265
RESERVED
-CVE-2022-4264
- RESERVED
+CVE-2022-4264 (Incorrect Privilege Assignment in M-Files Web (Classic) in M-Files bef ...)
+ TODO: check
CVE-2022-4263
RESERVED
CVE-2022-XXXX [node-d3-color redos]
@@ -2133,6 +2274,7 @@ CVE-2022-46171
CVE-2022-46170
RESERVED
CVE-2022-46169 (Cacti is an open source platform which provides a robust and extensibl ...)
+ {DSA-5298-1}
- cacti 1.2.22+ds1-3 (bug #1025648)
NOTE: Fixed by: https://github.com/Cacti/cacti/commit/7f0e16312dd5ce20f93744ef8b9c3b0f1ece2216
NOTE: Fixup for 1.2.x with PHP < 7.0: https://github.com/Cacti/cacti/commit/a8d59e8fa5f0054aa9c6981b1cbe30ef0e2a0ec9
@@ -2215,8 +2357,7 @@ CVE-2022-43464 (Hidden functionality vulnerability in UDR-JA1604/UDR-JA1608/UDR-
NOT-FOR-US: UDR-JA1604/UDR-JA1608/UDR-JA1616 firmware
CVE-2022-4171
RESERVED
-CVE-2022-4170
- RESERVED
+CVE-2022-4170 (The rxvt-unicode package is vulnerable to a remote code execution, in ...)
- rxvt-unicode <unfixed> (bug #1025489)
[bullseye] - rxvt-unicode <not-affected> (Vulnerable code introduced later)
[buster] - rxvt-unicode <not-affected> (Vulnerable code introduced later)
@@ -4677,8 +4818,8 @@ CVE-2022-45292
RESERVED
CVE-2022-45291
RESERVED
-CVE-2022-45290
- RESERVED
+CVE-2022-45290 (Kbase Doc v1.0 was discovered to contain an arbitrary file deletion vu ...)
+ TODO: check
CVE-2022-45289
RESERVED
CVE-2022-45288
@@ -5911,8 +6052,8 @@ CVE-2022-44840
RESERVED
CVE-2022-44839
RESERVED
-CVE-2022-44838
- RESERVED
+CVE-2022-44838 (Automotive Shop Management System v1.0 was discovered to contain a SQL ...)
+ TODO: check
CVE-2022-44837
RESERVED
CVE-2022-44836
@@ -8592,8 +8733,8 @@ CVE-2022-44215
RESERVED
CVE-2022-44214
RESERVED
-CVE-2022-44213
- RESERVED
+CVE-2022-44213 (ZKTeco Xiamen Information Technology ZKBio ECO ADMS <=3.1-164 is vu ...)
+ TODO: check
CVE-2022-44212 (In GL.iNet Goodcloud 1.0, insecure design allows remote attacker to ac ...)
NOT-FOR-US: GL.iNet Goodcloud
CVE-2022-44211 (In GL.iNet Goodcloud 1.1 Incorrect access control allows a remote atta ...)
@@ -10929,8 +11070,8 @@ CVE-2022-3725 (Crash in the OPUS protocol dissector in Wireshark 3.6.0 to 3.6.8
[buster] - wireshark <not-affected> (Vulnerable code not present)
NOTE: https://www.wireshark.org/security/wnpa-sec-2022-07.html
NOTE: https://gitlab.com/wireshark/wireshark/-/issues/18378
-CVE-2022-3724
- RESERVED
+CVE-2022-3724 (Crash in the USB HID protocol dissector in Wireshark 3.6.0 to 3.6.8 al ...)
+ TODO: check
CVE-2022-3723 (Type confusion in V8 in Google Chrome prior to 107.0.5304.87 allowed a ...)
{DSA-5263-1}
- chromium 107.0.5304.87-1
@@ -18157,8 +18298,8 @@ CVE-2022-41301 (A maliciously crafted PKT file when consumed through Subassembly
NOT-FOR-US: Autodesk
CVE-2022-41300
RESERVED
-CVE-2022-41299
- RESERVED
+CVE-2022-41299 (IBM Cloud Transformation Advisor 2.0.1 through 3.3.1 is vulnerable to ...)
+ TODO: check
CVE-2022-41298
RESERVED
CVE-2022-41297 (IBM Db2U 3.5, 4.0, and 4.5 is vulnerable to cross-site request forgery ...)
@@ -18259,8 +18400,8 @@ CVE-2022-3261
RESERVED
CVE-2022-3260 (The response header has not enabled X-FRAME-OPTIONS, Which helps preve ...)
TODO: check
-CVE-2022-3259
- RESERVED
+CVE-2022-3259 (Openshift 4.9 does not use HTTP Strict Transport Security (HSTS) which ...)
+ TODO: check
CVE-2022-3258 (Incorrect Permission Assignment for Critical Resource vulnerability in ...)
NOT-FOR-US: HYPR Workforce Access
CVE-2022-3257 (Mattermost version 7.1.x and earlier fails to sufficiently process a s ...)
@@ -26582,8 +26723,8 @@ CVE-2022-2754 (The Ketchup Restaurant Reservations WordPress plugin through 1.0.
NOT-FOR-US: WordPress plugin
CVE-2022-2753 (The Ketchup Restaurant Reservations WordPress plugin through 1.0.0 doe ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-2752
- RESERVED
+CVE-2022-2752 (A vulnerability in the web server of Secomea GateManager allows a loca ...)
+ TODO: check
CVE-2022-2751 (A vulnerability was found in SourceCodester Company Website CMS and cl ...)
NOT-FOR-US: SourceCodester Company Website CMS
CVE-2022-2750 (A vulnerability, which was classified as critical, was found in Source ...)
@@ -49457,10 +49598,10 @@ CVE-2022-29841
RESERVED
CVE-2022-29840
RESERVED
-CVE-2022-29839
- RESERVED
-CVE-2022-29838
- RESERVED
+CVE-2022-29839 (Insufficiently Protected Credentials vulnerability in the remote backu ...)
+ TODO: check
+CVE-2022-29838 (Improper Authentication vulnerability in the encrypted volumes and aut ...)
+ TODO: check
CVE-2022-29837 (A path traversal vulnerability was addressed in Western Digital My Clo ...)
NOT-FOR-US: Western Digital
CVE-2022-29836 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
@@ -61648,7 +61789,7 @@ CVE-2022-21238 (A cross-site scripting (xss) vulnerability exists in the info.js
CVE-2022-21209 (The affected product is vulnerable to an out-of-bounds read while proc ...)
NOT-FOR-US: FATEK Automation
CVE-2022-0730 (Under certain ldap conditions, Cacti authentication can be bypassed wi ...)
- {DLA-2965-1}
+ {DSA-5298-1 DLA-2965-1}
- cacti 1.2.20+ds1-1 (bug #1008693)
[buster] - cacti <no-dsa> (Minor issue)
NOTE: https://github.com/Cacti/cacti/issues/4562
@@ -61730,10 +61871,10 @@ CVE-2022-25632
RESERVED
CVE-2022-25631
RESERVED
-CVE-2022-25630
- RESERVED
-CVE-2022-25629
- RESERVED
+CVE-2022-25630 (An authenticated user can embed malicious content with XSS into the ad ...)
+ TODO: check
+CVE-2022-25629 (An authenticated user who has the privilege to add/edit annotations on ...)
+ TODO: check
CVE-2022-25628
RESERVED
CVE-2022-25627
@@ -68930,8 +69071,8 @@ CVE-2022-23495 (go-merkledag implements the 'DAGService' interface and adds two
TODO: check
CVE-2022-23494 (tinymce is an open source rich text editor. A cross-site scripting (XS ...)
TODO: check
-CVE-2022-23493
- RESERVED
+CVE-2022-23493 (xrdp is an open source project which provides a graphical login to rem ...)
+ TODO: check
CVE-2022-23492 (go-libp2p is the offical libp2p implementation in the Go programming l ...)
TODO: check
CVE-2022-23491 (Certifi is a curated collection of Root Certificates for validating th ...)
@@ -68948,22 +69089,22 @@ CVE-2022-23486 (libp2p-rust is the official rust language Implementation of the
TODO: check
CVE-2022-23485
RESERVED
-CVE-2022-23484
- RESERVED
-CVE-2022-23483
- RESERVED
-CVE-2022-23482
- RESERVED
-CVE-2022-23481
- RESERVED
-CVE-2022-23480
- RESERVED
-CVE-2022-23479
- RESERVED
-CVE-2022-23478
- RESERVED
-CVE-2022-23477
- RESERVED
+CVE-2022-23484 (xrdp is an open source project which provides a graphical login to rem ...)
+ TODO: check
+CVE-2022-23483 (xrdp is an open source project which provides a graphical login to rem ...)
+ TODO: check
+CVE-2022-23482 (xrdp is an open source project which provides a graphical login to rem ...)
+ TODO: check
+CVE-2022-23481 (xrdp is an open source project which provides a graphical login to rem ...)
+ TODO: check
+CVE-2022-23480 (xrdp is an open source project which provides a graphical login to rem ...)
+ TODO: check
+CVE-2022-23479 (xrdp is an open source project which provides a graphical login to rem ...)
+ TODO: check
+CVE-2022-23478 (xrdp is an open source project which provides a graphical login to rem ...)
+ TODO: check
+CVE-2022-23477 (xrdp is an open source project which provides a graphical login to rem ...)
+ TODO: check
CVE-2022-23476 (Nokogiri is an open source XML and HTML library for the Ruby programmi ...)
TODO: check
CVE-2022-23475 (daloRADIUS is an open source RADIUS web management application. daloRa ...)
@@ -68983,8 +69124,8 @@ CVE-2022-23470 (Galaxy is an open-source platform for data analysis. An arbitrar
TODO: check
CVE-2022-23469 (Traefik is an open source HTTP reverse proxy and load balancer. Versio ...)
TODO: check
-CVE-2022-23468
- RESERVED
+CVE-2022-23468 (xrdp is an open source project which provides a graphical login to rem ...)
+ TODO: check
CVE-2022-23467 (OpenRazer is an open source driver and user-space daemon to control Ra ...)
TODO: check
CVE-2022-23466 (teler is an real-time intrusion detection and threat alert dashboard. ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a037c557eff7d43e3c7604f8752dc550e0035477
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a037c557eff7d43e3c7604f8752dc550e0035477
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221209/0f1c2ef5/attachment.htm>
More information about the debian-security-tracker-commits
mailing list