[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Mon Dec 12 20:10:30 GMT 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
74ae6640 by security tracker role at 2022-12-12T20:10:19+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,605 @@
+CVE-2023-0011
+ RESERVED
+CVE-2022-47193
+ RESERVED
+CVE-2022-47192
+ RESERVED
+CVE-2022-47191
+ RESERVED
+CVE-2022-47190
+ RESERVED
+CVE-2022-47189
+ RESERVED
+CVE-2022-47188
+ RESERVED
+CVE-2022-47187
+ RESERVED
+CVE-2022-47186
+ RESERVED
+CVE-2022-47185
+ RESERVED
+CVE-2022-47184
+ RESERVED
+CVE-2022-47183
+ RESERVED
+CVE-2022-47182
+ RESERVED
+CVE-2022-47181
+ RESERVED
+CVE-2022-47180
+ RESERVED
+CVE-2022-47179
+ RESERVED
+CVE-2022-47178
+ RESERVED
+CVE-2022-47177
+ RESERVED
+CVE-2022-47176
+ RESERVED
+CVE-2022-47175
+ RESERVED
+CVE-2022-47174
+ RESERVED
+CVE-2022-47173
+ RESERVED
+CVE-2022-47172
+ RESERVED
+CVE-2022-47171
+ RESERVED
+CVE-2022-47170
+ RESERVED
+CVE-2022-47169
+ RESERVED
+CVE-2022-47168
+ RESERVED
+CVE-2022-47167
+ RESERVED
+CVE-2022-47166
+ RESERVED
+CVE-2022-47165
+ RESERVED
+CVE-2022-47164
+ RESERVED
+CVE-2022-47163
+ RESERVED
+CVE-2022-47162
+ RESERVED
+CVE-2022-47161
+ RESERVED
+CVE-2022-47160
+ RESERVED
+CVE-2022-47159
+ RESERVED
+CVE-2022-47158
+ RESERVED
+CVE-2022-47157
+ RESERVED
+CVE-2022-47156
+ RESERVED
+CVE-2022-47155
+ RESERVED
+CVE-2022-47154
+ RESERVED
+CVE-2022-47153
+ RESERVED
+CVE-2022-47152
+ RESERVED
+CVE-2022-47151
+ RESERVED
+CVE-2022-47150
+ RESERVED
+CVE-2022-47149
+ RESERVED
+CVE-2022-47148
+ RESERVED
+CVE-2022-47147
+ RESERVED
+CVE-2022-47146
+ RESERVED
+CVE-2022-47145
+ RESERVED
+CVE-2022-47144
+ RESERVED
+CVE-2022-47143
+ RESERVED
+CVE-2022-47142
+ RESERVED
+CVE-2022-47141
+ RESERVED
+CVE-2022-47140
+ RESERVED
+CVE-2022-47139
+ RESERVED
+CVE-2022-47138
+ RESERVED
+CVE-2022-47137
+ RESERVED
+CVE-2022-47136
+ RESERVED
+CVE-2022-47135
+ RESERVED
+CVE-2022-47134
+ RESERVED
+CVE-2022-47133
+ RESERVED
+CVE-2022-47132
+ RESERVED
+CVE-2022-47131
+ RESERVED
+CVE-2022-47130
+ RESERVED
+CVE-2022-47129
+ RESERVED
+CVE-2022-47128
+ RESERVED
+CVE-2022-47127
+ RESERVED
+CVE-2022-47126
+ RESERVED
+CVE-2022-47125
+ RESERVED
+CVE-2022-47124
+ RESERVED
+CVE-2022-47123
+ RESERVED
+CVE-2022-47122
+ RESERVED
+CVE-2022-47121
+ RESERVED
+CVE-2022-47120
+ RESERVED
+CVE-2022-47119
+ RESERVED
+CVE-2022-47118
+ RESERVED
+CVE-2022-47117
+ RESERVED
+CVE-2022-47116
+ RESERVED
+CVE-2022-47115
+ RESERVED
+CVE-2022-47114
+ RESERVED
+CVE-2022-47113
+ RESERVED
+CVE-2022-47112
+ RESERVED
+CVE-2022-47111
+ RESERVED
+CVE-2022-47110
+ RESERVED
+CVE-2022-47109
+ RESERVED
+CVE-2022-47108
+ RESERVED
+CVE-2022-47107
+ RESERVED
+CVE-2022-47106
+ RESERVED
+CVE-2022-47105
+ RESERVED
+CVE-2022-47104
+ RESERVED
+CVE-2022-47103
+ RESERVED
+CVE-2022-47102
+ RESERVED
+CVE-2022-47101
+ RESERVED
+CVE-2022-47100
+ RESERVED
+CVE-2022-47099
+ RESERVED
+CVE-2022-47098
+ RESERVED
+CVE-2022-47097
+ RESERVED
+CVE-2022-47096
+ RESERVED
+CVE-2022-47095
+ RESERVED
+CVE-2022-47094
+ RESERVED
+CVE-2022-47093
+ RESERVED
+CVE-2022-47092
+ RESERVED
+CVE-2022-47091
+ RESERVED
+CVE-2022-47090
+ RESERVED
+CVE-2022-47089
+ RESERVED
+CVE-2022-47088
+ RESERVED
+CVE-2022-47087
+ RESERVED
+CVE-2022-47086
+ RESERVED
+CVE-2022-47085
+ RESERVED
+CVE-2022-47084
+ RESERVED
+CVE-2022-47083
+ RESERVED
+CVE-2022-47082
+ RESERVED
+CVE-2022-47081
+ RESERVED
+CVE-2022-47080
+ RESERVED
+CVE-2022-47079
+ RESERVED
+CVE-2022-47078
+ RESERVED
+CVE-2022-47077
+ RESERVED
+CVE-2022-47076
+ RESERVED
+CVE-2022-47075
+ RESERVED
+CVE-2022-47074
+ RESERVED
+CVE-2022-47073
+ RESERVED
+CVE-2022-47072
+ RESERVED
+CVE-2022-47071
+ RESERVED
+CVE-2022-47070
+ RESERVED
+CVE-2022-47069
+ RESERVED
+CVE-2022-47068
+ RESERVED
+CVE-2022-47067
+ RESERVED
+CVE-2022-47066
+ RESERVED
+CVE-2022-47065
+ RESERVED
+CVE-2022-47064
+ RESERVED
+CVE-2022-47063
+ RESERVED
+CVE-2022-47062
+ RESERVED
+CVE-2022-47061
+ RESERVED
+CVE-2022-47060
+ RESERVED
+CVE-2022-47059
+ RESERVED
+CVE-2022-47058
+ RESERVED
+CVE-2022-47057
+ RESERVED
+CVE-2022-47056
+ RESERVED
+CVE-2022-47055
+ RESERVED
+CVE-2022-47054
+ RESERVED
+CVE-2022-47053
+ RESERVED
+CVE-2022-47052
+ RESERVED
+CVE-2022-47051
+ RESERVED
+CVE-2022-47050
+ RESERVED
+CVE-2022-47049
+ RESERVED
+CVE-2022-47048
+ RESERVED
+CVE-2022-47047
+ RESERVED
+CVE-2022-47046
+ RESERVED
+CVE-2022-47045
+ RESERVED
+CVE-2022-47044
+ RESERVED
+CVE-2022-47043
+ RESERVED
+CVE-2022-47042
+ RESERVED
+CVE-2022-47041
+ RESERVED
+CVE-2022-47040
+ RESERVED
+CVE-2022-47039
+ RESERVED
+CVE-2022-47038
+ RESERVED
+CVE-2022-47037
+ RESERVED
+CVE-2022-47036
+ RESERVED
+CVE-2022-47035
+ RESERVED
+CVE-2022-47034
+ RESERVED
+CVE-2022-47033
+ RESERVED
+CVE-2022-47032
+ RESERVED
+CVE-2022-47031
+ RESERVED
+CVE-2022-47030
+ RESERVED
+CVE-2022-47029
+ RESERVED
+CVE-2022-47028
+ RESERVED
+CVE-2022-47027
+ RESERVED
+CVE-2022-47026
+ RESERVED
+CVE-2022-47025
+ RESERVED
+CVE-2022-47024
+ RESERVED
+CVE-2022-47023
+ RESERVED
+CVE-2022-47022
+ RESERVED
+CVE-2022-47021
+ RESERVED
+CVE-2022-47020
+ RESERVED
+CVE-2022-47019
+ RESERVED
+CVE-2022-47018
+ RESERVED
+CVE-2022-47017
+ RESERVED
+CVE-2022-47016
+ RESERVED
+CVE-2022-47015
+ RESERVED
+CVE-2022-47014
+ RESERVED
+CVE-2022-47013
+ RESERVED
+CVE-2022-47012
+ RESERVED
+CVE-2022-47011
+ RESERVED
+CVE-2022-47010
+ RESERVED
+CVE-2022-47009
+ RESERVED
+CVE-2022-47008
+ RESERVED
+CVE-2022-47007
+ RESERVED
+CVE-2022-47006
+ RESERVED
+CVE-2022-47005
+ RESERVED
+CVE-2022-47004
+ RESERVED
+CVE-2022-47003
+ RESERVED
+CVE-2022-47002
+ RESERVED
+CVE-2022-47001
+ RESERVED
+CVE-2022-47000
+ RESERVED
+CVE-2022-46999
+ RESERVED
+CVE-2022-46998
+ RESERVED
+CVE-2022-46997
+ RESERVED
+CVE-2022-46996
+ RESERVED
+CVE-2022-46995
+ RESERVED
+CVE-2022-46994
+ RESERVED
+CVE-2022-46993
+ RESERVED
+CVE-2022-46992
+ RESERVED
+CVE-2022-46991
+ RESERVED
+CVE-2022-46990
+ RESERVED
+CVE-2022-46989
+ RESERVED
+CVE-2022-46988
+ RESERVED
+CVE-2022-46987
+ RESERVED
+CVE-2022-46986
+ RESERVED
+CVE-2022-46985
+ RESERVED
+CVE-2022-46984
+ RESERVED
+CVE-2022-46983
+ RESERVED
+CVE-2022-46982
+ RESERVED
+CVE-2022-46981
+ RESERVED
+CVE-2022-46980
+ RESERVED
+CVE-2022-46979
+ RESERVED
+CVE-2022-46978
+ RESERVED
+CVE-2022-46977
+ RESERVED
+CVE-2022-46976
+ RESERVED
+CVE-2022-46975
+ RESERVED
+CVE-2022-46974
+ RESERVED
+CVE-2022-46973
+ RESERVED
+CVE-2022-46972
+ RESERVED
+CVE-2022-46971
+ RESERVED
+CVE-2022-46970
+ RESERVED
+CVE-2022-46969
+ RESERVED
+CVE-2022-46968
+ RESERVED
+CVE-2022-46967
+ RESERVED
+CVE-2022-46966
+ RESERVED
+CVE-2022-46965
+ RESERVED
+CVE-2022-46964
+ RESERVED
+CVE-2022-46963
+ RESERVED
+CVE-2022-46962
+ RESERVED
+CVE-2022-46961
+ RESERVED
+CVE-2022-46960
+ RESERVED
+CVE-2022-46959
+ RESERVED
+CVE-2022-46958
+ RESERVED
+CVE-2022-46957
+ RESERVED
+CVE-2022-46956
+ RESERVED
+CVE-2022-46955
+ RESERVED
+CVE-2022-46954
+ RESERVED
+CVE-2022-46953
+ RESERVED
+CVE-2022-46952
+ RESERVED
+CVE-2022-46951
+ RESERVED
+CVE-2022-46950
+ RESERVED
+CVE-2022-46949
+ RESERVED
+CVE-2022-46948
+ RESERVED
+CVE-2022-46947
+ RESERVED
+CVE-2022-46946
+ RESERVED
+CVE-2022-46945
+ RESERVED
+CVE-2022-46944
+ RESERVED
+CVE-2022-46943
+ RESERVED
+CVE-2022-46942
+ RESERVED
+CVE-2022-46941
+ RESERVED
+CVE-2022-46940
+ RESERVED
+CVE-2022-46939
+ RESERVED
+CVE-2022-46938
+ RESERVED
+CVE-2022-46937
+ RESERVED
+CVE-2022-46936
+ RESERVED
+CVE-2022-46935
+ RESERVED
+CVE-2022-46934
+ RESERVED
+CVE-2022-46933
+ RESERVED
+CVE-2022-46932
+ RESERVED
+CVE-2022-46931
+ RESERVED
+CVE-2022-46930
+ RESERVED
+CVE-2022-46929
+ RESERVED
+CVE-2022-46928
+ RESERVED
+CVE-2022-46927
+ RESERVED
+CVE-2022-46926
+ RESERVED
+CVE-2022-46925
+ RESERVED
+CVE-2022-46924
+ RESERVED
+CVE-2022-46923
+ RESERVED
+CVE-2022-46922
+ RESERVED
+CVE-2022-46921
+ RESERVED
+CVE-2022-46920
+ RESERVED
+CVE-2022-46919
+ RESERVED
+CVE-2022-46918
+ RESERVED
+CVE-2022-46917
+ RESERVED
+CVE-2022-46916
+ RESERVED
+CVE-2022-46915
+ RESERVED
+CVE-2022-46914
+ RESERVED
+CVE-2022-46913
+ RESERVED
+CVE-2022-46912
+ RESERVED
+CVE-2022-46911
+ RESERVED
+CVE-2022-46910
+ RESERVED
+CVE-2022-46909
+ RESERVED
+CVE-2022-4429
+ RESERVED
+CVE-2022-4428
+ RESERVED
+CVE-2022-4427
+ RESERVED
+CVE-2022-4426
+ RESERVED
+CVE-2022-4425
+ RESERVED
+CVE-2022-4424
+ RESERVED
+CVE-2022-4423
+ RESERVED
+CVE-2022-4422
+ RESERVED
+CVE-2022-4421 (A vulnerability was found in rAthena FluxCP. It has been classified as ...)
+ TODO: check
+CVE-2022-4420
+ RESERVED
+CVE-2022-4419
+ RESERVED
+CVE-2022-4418
+ RESERVED
+CVE-2022-4417
+ RESERVED
+CVE-2021-4244 (A vulnerability classified as problematic has been found in yikes-inc- ...)
+ TODO: check
+CVE-2021-4243 (A vulnerability was found in claviska jquery-minicolors up to 2.3.5. I ...)
+ TODO: check
CVE-2022-XXXX [The BPv6, OpenFlow, and Kafka protocol dissectors could go into an infinite loops]
- wireshark 4.0.2-1
[bullseye] - wireshark <no-dsa> (Minor issue)
@@ -8,8 +610,8 @@ CVE-2022-XXXX [The Kafka dissector could consume excessive amounts of memory]
NOTE: https://www.wireshark.org/security/wnpa-sec-2022-10.html
CVE-2022-46908 (SQLite through 3.40.0, when relying on --safe for execution of an untr ...)
TODO: check
-CVE-2022-4416
- RESERVED
+CVE-2022-4416 (A vulnerability was found in RainyGao DocSys. It has been declared as ...)
+ TODO: check
CVE-2022-4415
RESERVED
CVE-2022-4414 (Cross-site Scripting (XSS) - DOM in GitHub repository nuxt/framework p ...)
@@ -793,10 +1395,10 @@ CVE-2022-4314 (Improper Privilege Management in GitHub repository ikus060/rdiffw
- rdiffweb <itp> (bug #969974)
CVE-2022-4313
RESERVED
-CVE-2022-4312
- RESERVED
-CVE-2022-4311
- RESERVED
+CVE-2022-4312 (A cleartext storage of sensitive information vulnerability exists in P ...)
+ TODO: check
+CVE-2022-4311 (An insertion of sensitive information into log file vulnerability exis ...)
+ TODO: check
CVE-2022-42879
RESERVED
CVE-2022-42700
@@ -2037,8 +2639,8 @@ CVE-2022-45445
RESERVED
CVE-2022-45346
RESERVED
-CVE-2022-45119
- RESERVED
+CVE-2022-45119 (This CVE is not valid. ...)
+ TODO: check
CVE-2022-44615
RESERVED
CVE-2022-44453
@@ -2049,8 +2651,8 @@ CVE-2022-43664
RESERVED
CVE-2022-43663
RESERVED
-CVE-2022-43503
- RESERVED
+CVE-2022-43503 (This CVE is not valid. ...)
+ TODO: check
CVE-2022-43467
RESERVED
CVE-2022-42885
@@ -2789,10 +3391,10 @@ CVE-2022-45999
RESERVED
CVE-2022-45998
RESERVED
-CVE-2022-45997
- RESERVED
-CVE-2022-45996
- RESERVED
+CVE-2022-45997 (Tenda W20E V16.01.0.6(3392) is vulnerable to Buffer Overflow. ...)
+ TODO: check
+CVE-2022-45996 (Tenda W20E V16.01.0.6(3392) is vulnerable to Command injection via cmd ...)
+ TODO: check
CVE-2022-45995
RESERVED
CVE-2022-45994
@@ -2823,14 +3425,14 @@ CVE-2022-45982
RESERVED
CVE-2022-45981
RESERVED
-CVE-2022-45980
- RESERVED
-CVE-2022-45979
- RESERVED
+CVE-2022-45980 (Tenda AX12 V22.03.01.21_CN was discovered to contain a Cross-Site Requ ...)
+ TODO: check
+CVE-2022-45979 (Tenda AX12 v22.03.01.21_CN was discovered to contain a stack overflow ...)
+ TODO: check
CVE-2022-45978
RESERVED
-CVE-2022-45977
- RESERVED
+CVE-2022-45977 (Tenda AX12 V22.03.01.21_CN was found to have a command injection vulne ...)
+ TODO: check
CVE-2022-45976
RESERVED
CVE-2022-45975
@@ -2843,12 +3445,12 @@ CVE-2022-45972
RESERVED
CVE-2022-45971
RESERVED
-CVE-2022-45970
- RESERVED
+CVE-2022-45970 (Alist v3.5.1 is vulnerable to Cross Site Scripting (XSS) via the bulle ...)
+ TODO: check
CVE-2022-45969
RESERVED
-CVE-2022-45968
- RESERVED
+CVE-2022-45968 (Alist v3.4.0 is vulnerable to File Upload. A user with only file uploa ...)
+ TODO: check
CVE-2022-45967
RESERVED
CVE-2022-45966
@@ -2869,10 +3471,10 @@ CVE-2022-45959
RESERVED
CVE-2022-45958
RESERVED
-CVE-2022-45957
- RESERVED
-CVE-2022-45956
- RESERVED
+CVE-2022-45957 (ZTE ZXHN-H108NS router with firmware version H108NSV1.0.7u_ZRD_GR2_A68 ...)
+ TODO: check
+CVE-2022-45956 (Boa Web Server versions 0.94.13 through 0.94.14 fail to validate the c ...)
+ TODO: check
CVE-2022-45955
RESERVED
CVE-2022-45954
@@ -3981,8 +4583,8 @@ CVE-2022-4099
RESERVED
CVE-2022-4098
RESERVED
-CVE-2022-4097
- RESERVED
+CVE-2022-4097 (The All-In-One Security (AIOS) WordPress plugin before 5.0.8 is suscep ...)
+ TODO: check
CVE-2022-4096 (Server-Side Request Forgery (SSRF) in GitHub repository appsmithorg/ap ...)
NOT-FOR-US: appsmith
CVE-2022-4095
@@ -4241,8 +4843,8 @@ CVE-2022-4018 (Missing Authentication for Critical Function in GitHub repository
- rdiffweb <itp> (bug #969974)
CVE-2022-4017
RESERVED
-CVE-2022-4016
- RESERVED
+CVE-2022-4016 (The Booster for WooCommerce WordPress plugin before 5.6.7, Booster Plu ...)
+ TODO: check
CVE-2022-4015 (A vulnerability, which was classified as critical, was found in Sports ...)
NOT-FOR-US: Sports Club Management System
CVE-2022-4014 (A vulnerability, which was classified as problematic, has been found i ...)
@@ -4257,8 +4859,8 @@ CVE-2022-43468 (External initialization of trusted variables or data stores vuln
NOT-FOR-US: WordPress plugin
CVE-2022-41783 (tdpServer of TP-Link RE300 V1 improperly processes its input, which ma ...)
NOT-FOR-US: TP-Link
-CVE-2022-4010
- RESERVED
+CVE-2022-4010 (The Image Hover Effects WordPress plugin through 5.3 does not sanitise ...)
+ TODO: check
CVE-2022-4009
RESERVED
CVE-2022-4008
@@ -4267,10 +4869,10 @@ CVE-2022-4007
RESERVED
CVE-2022-4006 (A vulnerability, which was classified as problematic, has been found i ...)
NOT-FOR-US: WBCE CMS
-CVE-2022-4005
- RESERVED
-CVE-2022-4004
- RESERVED
+CVE-2022-4005 (The Donation Button WordPress plugin through 4.0.0 does not sanitize a ...)
+ TODO: check
+CVE-2022-4004 (The Donation Button WordPress plugin through 4.0.0 does not properly c ...)
+ TODO: check
CVE-2021-4241 (A vulnerability, which was classified as problematic, was found in php ...)
NOT-FOR-US: phpservermon
CVE-2021-4240 (A vulnerability, which was classified as problematic, was found in php ...)
@@ -4298,10 +4900,10 @@ CVE-2022-4002
RESERVED
CVE-2022-4001
RESERVED
-CVE-2022-4000
- RESERVED
-CVE-2022-3999
- RESERVED
+CVE-2022-4000 (The WooCommerce Shipping WordPress plugin through 1.2.11 does not sani ...)
+ TODO: check
+CVE-2022-3999 (The WooCommerce Shipping WordPress plugin through 1.2.11 does not have ...)
+ TODO: check
CVE-2022-3998 (A vulnerability, which was classified as critical, was found in Monika ...)
NOT-FOR-US: MonikaBrzica scm
CVE-2022-3997 (A vulnerability, which was classified as critical, has been found in M ...)
@@ -5115,8 +5717,8 @@ CVE-2022-3991 (The Photospace Gallery plugin for WordPress is vulnerable to Stor
NOT-FOR-US: Photospace Gallery plugin for WordPress
CVE-2022-3990
RESERVED
-CVE-2022-3989
- RESERVED
+CVE-2022-3989 (The Motors WordPress plugin before 1.4.4 does not properly validate up ...)
+ TODO: check
CVE-2022-3988 (A vulnerability was found in Frappe. It has been rated as problematic. ...)
NOT-FOR-US: Frappe Framework
CVE-2022-3987
@@ -5129,10 +5731,10 @@ CVE-2022-3984
RESERVED
CVE-2022-3983
RESERVED
-CVE-2022-3982
- RESERVED
-CVE-2022-3981
- RESERVED
+CVE-2022-3982 (The Booking calendar, Appointment Booking System WordPress plugin befo ...)
+ TODO: check
+CVE-2022-3981 (The Icegram Express WordPress plugin before 5.5.1 does not properly sa ...)
+ TODO: check
CVE-2022-3980 (An XML External Entity (XEE) vulnerability allows server-side request ...)
NOT-FOR-US: Sophos
CVE-2022-37406 (Cross-site scripting vulnerability in Aficio SP 4210N firmware version ...)
@@ -5341,8 +5943,8 @@ CVE-2022-3948 (A vulnerability classified as critical was found in eolinker goku
NOT-FOR-US: eolinker goku_lite
CVE-2022-3947 (A vulnerability classified as critical has been found in eolinker goku ...)
NOT-FOR-US: eolinker goku_lite
-CVE-2022-3946
- RESERVED
+CVE-2022-3946 (The Welcart e-Commerce WordPress plugin before 2.8.4 does not have aut ...)
+ TODO: check
CVE-2022-3945 (Improper Restriction of Excessive Authentication Attempts in GitHub re ...)
NOT-FOR-US: Kavita
CVE-2022-3944 (A vulnerability was found in jerryhanjj ERP. It has been declared as c ...)
@@ -5371,12 +5973,12 @@ CVE-2022-3937
RESERVED
CVE-2022-3936
RESERVED
-CVE-2022-3935
- RESERVED
-CVE-2022-3934
- RESERVED
-CVE-2022-3933
- RESERVED
+CVE-2022-3935 (The Welcart e-Commerce WordPress plugin before 2.8.4 does not sanitise ...)
+ TODO: check
+CVE-2022-3934 (The Flat PM WordPress plugin through 2.661 does not sanitize and escap ...)
+ TODO: check
+CVE-2022-3933 (The Essential Real Estate WordPress plugin before 3.9.6 does not sanit ...)
+ TODO: check
CVE-2022-45143
RESERVED
CVE-2022-45142
@@ -5404,8 +6006,8 @@ CVE-2022-3932
CVE-2022-3931
RESERVED
NOT-FOR-US: Rook
-CVE-2022-3930
- RESERVED
+CVE-2022-3930 (The Directorist WordPress plugin before 7.4.2.2 suffers from an IDOR v ...)
+ TODO: check
CVE-2022-3929
RESERVED
CVE-2022-3928
@@ -5414,8 +6016,8 @@ CVE-2022-3927
RESERVED
CVE-2022-3926 (The WP OAuth Server (OAuth Authentication) WordPress plugin before 3.4 ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-3925
- RESERVED
+CVE-2022-3925 (The buddybadges WordPress plugin through 1.0.0 does not sanitise and e ...)
+ TODO: check
CVE-2022-3924
RESERVED
CVE-2022-3923
@@ -5456,8 +6058,8 @@ CVE-2022-41808
RESERVED
CVE-2022-41659
RESERVED
-CVE-2022-3921
- RESERVED
+CVE-2022-3921 (The Listingo WordPress theme before 3.2.7 does not validate files to b ...)
+ TODO: check
CVE-2022-3920 (HashiCorp Consul and Consul Enterprise 1.13.0 up to 1.13.3 do not filt ...)
- consul <undetermined>
NOTE: https://discuss.hashicorp.com/t/hcsec-2022-28-consul-cluster-peering-leaks-imported-nodes-services-information/46946
@@ -5552,8 +6154,8 @@ CVE-2022-45065
RESERVED
CVE-2022-45064
RESERVED
-CVE-2022-3919
- RESERVED
+CVE-2022-3919 (The Jetpack CRM WordPress plugin before 5.4.3 does not sanitise and es ...)
+ TODO: check
CVE-2022-3918
RESERVED
CVE-2022-3917
@@ -5561,14 +6163,14 @@ CVE-2022-3917
CVE-2022-3916
RESERVED
NOT-FOR-US: Keycloak
-CVE-2022-3915
- RESERVED
+CVE-2022-3915 (The Dokan WordPress plugin before 3.7.6 does not properly sanitise and ...)
+ TODO: check
CVE-2022-3914
RESERVED
CVE-2022-3913
RESERVED
-CVE-2022-3912
- RESERVED
+CVE-2022-3912 (The User Registration WordPress plugin before 2.2.4.1 does not properl ...)
+ TODO: check
CVE-2022-3911
RESERVED
CVE-2022-3910 (Use After Free vulnerability in Linux Kernel allows Privilege Escalati ...)
@@ -5620,12 +6222,12 @@ CVE-2022-45059 (An issue was discovered in Varnish Cache 7.x before 7.1.2 and 7.
[buster] - varnish <not-affected> (Vulnerable code not present, only affects Varnish 7)
NOTE: https://varnish-cache.org/security/VSV00010.html
NOTE: https://github.com/varnishcache/varnish-cache/commit/fcf5722af75fdbf58dd425dd68d0beaa49bab4f4
-CVE-2022-3908
- RESERVED
+CVE-2022-3908 (The Helloprint WordPress plugin before 1.4.7 does not sanitise and esc ...)
+ TODO: check
CVE-2022-3907 (The Clerk WordPress plugin before 4.0.0 is affected by time-based atta ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-3906
- RESERVED
+CVE-2022-3906 (The Easy Form Builder WordPress plugin before 3.4.0 does not sanitise ...)
+ TODO: check
CVE-2022-3905
RESERVED
CVE-2022-3904
@@ -5638,8 +6240,8 @@ CVE-2022-3902
- gitlab <unfixed>
CVE-2022-3901
RESERVED
-CVE-2022-3900
- RESERVED
+CVE-2022-3900 (The Cooked Pro WordPress plugin before 1.7.5.7 does not properly valid ...)
+ TODO: check
CVE-2022-45058
RESERVED
CVE-2022-45057
@@ -5714,16 +6316,16 @@ CVE-2022-3884
RESERVED
CVE-2022-45044
RESERVED
-CVE-2022-3883
- RESERVED
-CVE-2022-3882
- RESERVED
-CVE-2022-3881
- RESERVED
-CVE-2022-3880
- RESERVED
-CVE-2022-3879
- RESERVED
+CVE-2022-3883 (The Block Bad Bots and Stop Bad Bots Crawlers and Spiders and Anti Spa ...)
+ TODO: check
+CVE-2022-3882 (The Memory Usage, Memory Limit, PHP and Server Memory Health Check and ...)
+ TODO: check
+CVE-2022-3881 (The WP Tools Increase Maximum Limits, Repair, Server PHP Info, Javascr ...)
+ TODO: check
+CVE-2022-3880 (The Disable Json API, Login Lockdown, XMLRPC, Pingback, Stop User Enum ...)
+ TODO: check
+CVE-2022-3879 (The Car Dealer (Dealership) and Vehicle sales WordPress Plugin WordPre ...)
+ TODO: check
CVE-2022-3878 (A vulnerability classified as critical has been found in Maxon ERP. Th ...)
NOT-FOR-US: Maxon ERP
CVE-2022-3877
@@ -5743,8 +6345,8 @@ CVE-2022-3872 (An off-by-one read/write issue was found in the SDHCI device of Q
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2140567
NOTE: patch proposal 1: https://lists.nongnu.org/archive/html/qemu-devel/2022-11/msg01068.html
NOTE: patch proposal 2: https://lists.nongnu.org/archive/html/qemu-devel/2022-11/msg01161.html
-CVE-2022-45043
- RESERVED
+CVE-2022-45043 (Tenda AX12 V22.03.01.16_cn is vulnerable to command injection via gofo ...)
+ TODO: check
CVE-2022-45042
RESERVED
CVE-2022-45041
@@ -6480,8 +7082,8 @@ CVE-2022-44716
RESERVED
CVE-2022-44715
RESERVED
-CVE-2022-3862
- RESERVED
+CVE-2022-3862 (The Livemesh Addons for Elementor WordPress plugin before 7.2.4 does n ...)
+ TODO: check
CVE-2022-3861 (The Betheme theme for WordPress is vulnerable to PHP Object Injection ...)
NOT-FOR-US: Betheme theme for WordPress
CVE-2022-3860
@@ -7646,8 +8248,8 @@ CVE-2022-44645
RESERVED
CVE-2022-44644
RESERVED
-CVE-2022-3853
- RESERVED
+CVE-2022-3853 (Cross-site Scripting (XSS) is a client-side code injection attack. The ...)
+ TODO: check
CVE-2022-3852 (The VR Calendar plugin for WordPress is vulnerable to Cross-Site Reque ...)
NOT-FOR-US: VR Calendar plugin for WordPress
CVE-2022-3851
@@ -8967,7 +9569,7 @@ CVE-2022-44149
CVE-2022-44148
RESERVED
CVE-2022-44147
- RESERVED
+ REJECTED
CVE-2022-44146
RESERVED
CVE-2022-44145
@@ -12570,8 +13172,8 @@ CVE-2022-3611
RESERVED
CVE-2022-3610 (The Jeeng Push Notifications WordPress plugin before 2.0.4 does not sa ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-3609
- RESERVED
+CVE-2022-3609 (The GetYourGuide Ticketing WordPress plugin before 1.0.4 does not sani ...)
+ TODO: check
CVE-2022-3608 (Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpm ...)
NOT-FOR-US: phpmyfaq
CVE-2022-3607 (Failure to Sanitize Special Elements into a Different Plane (Special E ...)
@@ -12581,8 +13183,8 @@ CVE-2022-3606 (A vulnerability was found in Linux Kernel. It has been classified
[bullseye] - libbpf <no-dsa> (Minor issue)
NOTE: Introduced by: https://github.com/libbpf/libbpf/commit/a3abae5122f30b83baebd4e4dd8ba4578a87cd4b (v0.2)
NOTE: Fixed by: https://github.com/libbpf/libbpf/commit/3a3ef0c1d09e1894740db71cdcb7be0bfd713671
-CVE-2022-3605
- RESERVED
+CVE-2022-3605 (The WP CSV Exporter WordPress plugin before 1.3.7 does not properly es ...)
+ TODO: check
CVE-2022-3604
RESERVED
CVE-2022-3603 (The Export customers list csv for WooCommerce, WordPress users csv, ex ...)
@@ -14134,8 +14736,8 @@ CVE-2022-3487
RESERVED
CVE-2022-3486 (An open redirect vulnerability in GitLab EE/CE affecting all versions ...)
- gitlab <unfixed>
-CVE-2022-3485
- RESERVED
+CVE-2022-3485 (In IFM Moneo Appliance with version up to 1.9.3 an unauthenticated rem ...)
+ TODO: check
CVE-2022-3484 (The WPB Show Core WordPress plugin through TODO does not sanitise and ...)
NOT-FOR-US: WordPress plugin
CVE-2022-3483 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
@@ -16763,8 +17365,8 @@ CVE-2022-41882 (The Nextcloud Desktop Client is a tool to synchronize files from
NOTE: https://github.com/nextcloud/desktop/pull/5039
NOTE: https://github.com/nextcloud/server/pull/34559
TODO: check details, is owncloud-client similarly affected?
-CVE-2022-41881
- RESERVED
+CVE-2022-41881 (Netty project is an event-driven asynchronous network application fram ...)
+ TODO: check
CVE-2022-41880 (TensorFlow is an open source platform for machine learning. When the ` ...)
- tensorflow <itp> (bug #804612)
CVE-2022-41879 (Parse Server is an open source backend that can be deployed to any inf ...)
@@ -17074,8 +17676,8 @@ CVE-2022-3361 (The Ultimate Member plugin for WordPress is vulnerable to directo
NOT-FOR-US: Ultimate Member plugin for WordPress
CVE-2022-3360 (The LearnPress WordPress plugin before 4.1.7.2 unserialises user input ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-3359
- RESERVED
+CVE-2022-3359 (The Shortcodes and extra features for Phlox WordPress plugin through 2 ...)
+ TODO: check
CVE-2022-3358 (OpenSSL supports creating a custom cipher via the legacy EVP_CIPHER_me ...)
- openssl 3.0.7-1 (bug #1021620)
[bullseye] - openssl <not-affected> (Only affects 3.x)
@@ -18424,8 +19026,8 @@ CVE-2022-41298
RESERVED
CVE-2022-41297 (IBM Db2U 3.5, 4.0, and 4.5 is vulnerable to cross-site request forgery ...)
NOT-FOR-US: IBM
-CVE-2022-41296
- RESERVED
+CVE-2022-41296 (IBM Db2U 3.5, 4.0, and 4.5 is vulnerable to cross-site request forgery ...)
+ TODO: check
CVE-2022-41295
RESERVED
CVE-2022-41294 (IBM Robotic Process Automation 21.0.0, 21.0.1, 21.0.2, 21.0.3, and 21. ...)
@@ -41579,8 +42181,8 @@ CVE-2022-32539
RESERVED
CVE-2022-32538
RESERVED
-CVE-2022-32537
- RESERVED
+CVE-2022-32537 (A vulnerability exists which could allow an unauthorized user to learn ...)
+ TODO: check
CVE-2022-2024
RESERVED
CVE-2022-2023 (Incorrect Use of Privileged APIs in GitHub repository polonel/trudesk ...)
@@ -69159,8 +69761,8 @@ CVE-2022-23513
RESERVED
CVE-2022-23512
RESERVED
-CVE-2022-23511
- RESERVED
+CVE-2022-23511 (A privilege escalation issue exists within the Amazon CloudWatch Agent ...)
+ TODO: check
CVE-2022-23510 (cube-js is a headless business intelligence platform. In version 0.31. ...)
TODO: check
CVE-2022-23509
@@ -84833,8 +85435,8 @@ CVE-2022-20970
RESERVED
CVE-2022-20969 (A vulnerability in multiple management dashboard pages of Cisco Umbrel ...)
NOT-FOR-US: Cisco
-CVE-2022-20968
- RESERVED
+CVE-2022-20968 (A vulnerability in the Cisco Discovery Protocol processing feature of ...)
+ TODO: check
CVE-2022-20967
RESERVED
CVE-2022-20966
@@ -85414,18 +86016,18 @@ CVE-2022-20693 (A vulnerability in the web UI feature of Cisco IOS XE Software c
NOT-FOR-US: Cisco
CVE-2022-20692 (A vulnerability in the NETCONF over SSH feature of Cisco IOS XE Softwa ...)
NOT-FOR-US: Cisco
-CVE-2022-20691
- RESERVED
-CVE-2022-20690
- RESERVED
-CVE-2022-20689
- RESERVED
-CVE-2022-20688
- RESERVED
-CVE-2022-20687
- RESERVED
-CVE-2022-20686
- RESERVED
+CVE-2022-20691 (A vulnerability in the Cisco Discovery Protocol functionality of Cisco ...)
+ TODO: check
+CVE-2022-20690 (Multiple vulnerabilities in the Cisco Discovery Protocol functionality ...)
+ TODO: check
+CVE-2022-20689 (Multiple vulnerabilities in the Cisco Discovery Protocol functionality ...)
+ TODO: check
+CVE-2022-20688 (A vulnerability in the Cisco Discovery Protocol functionality of Cisco ...)
+ TODO: check
+CVE-2022-20687 (Multiple vulnerabilities in the Link Layer Discovery Protocol (LLDP) f ...)
+ TODO: check
+CVE-2022-20686 (Multiple vulnerabilities in the Link Layer Discovery Protocol (LLDP) f ...)
+ TODO: check
CVE-2022-20685
RESERVED
CVE-2022-20684 (A vulnerability in Simple Network Management Protocol (SNMP) trap gene ...)
@@ -97694,8 +98296,8 @@ CVE-2021-38999 (IBM MQ Appliance could allow a local attacker to obtain sensitiv
NOT-FOR-US: IBM
CVE-2021-38998
RESERVED
-CVE-2021-38997
- RESERVED
+CVE-2021-38997 (IBM API Connect V10.0.0.0 through V10.0.5.0, V10.0.1.0 through V10.0.1 ...)
+ TODO: check
CVE-2021-38996 (IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local ...)
NOT-FOR-US: IBM
CVE-2021-38995 (IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local ...)
@@ -101117,7 +101719,7 @@ CVE-2021-37713 (The npm package "tar" (aka node-tar) before versions 4.4.18, 5.0
- node-tar <not-affected> (Only affects node-tar on Windows)
NOTE: https://github.com/npm/node-tar/security/advisories/GHSA-5955-9wpr-37jh
CVE-2021-37712 (The npm package "tar" (aka node-tar) before versions 4.4.18, 5.0.10, a ...)
- {DSA-5008-1}
+ {DSA-5008-1 DLA-3237-1}
- node-tar 6.1.11+~cs11.3.10-1 (bug #993981)
[stretch] - node-tar <end-of-life> (Nodejs in stretch not covered by security support)
NOTE: https://github.com/npm/node-tar/security/advisories/GHSA-qq89-hq3f-393p
@@ -101150,7 +101752,7 @@ CVE-2021-37703 (Discourse is an open-source platform for community discussion. I
CVE-2021-37702 (Pimcore is an open source data & experience management platform. P ...)
NOT-FOR-US: Pimcore
CVE-2021-37701 (The npm package "tar" (aka node-tar) before versions 4.4.16, 5.0.8, an ...)
- {DSA-5008-1}
+ {DSA-5008-1 DLA-3237-1}
- node-tar 6.1.7+~cs11.3.10-1
[stretch] - node-tar <end-of-life> (Nodejs in stretch not covered by security support)
NOTE: https://github.com/npm/node-tar/security/advisories/GHSA-9r2w-394v-53qc
@@ -103421,7 +104023,7 @@ CVE-2021-36753 (sharkdp BAT before 0.18.2 executes less.exe from the current wor
NOT-FOR-US: sharkdp BAT
CVE-2021-36752
RESERVED
-CVE-2021-36751 (ENC DataVault 7.1.1W uses an inappropriate encryption algorithm, such ...)
+CVE-2021-36751 (ENC DataVault 7.2.3 and before, and OEM versions, use an encryption al ...)
NOT-FOR-US: ENC DataVault
CVE-2021-36750 (ENC DataVault before 7.2 and VaultAPI v67 mishandle key derivation, ma ...)
NOT-FOR-US: ENC
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/74ae664043e796fcac5fa488ed3472f2c65e5b9d
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/74ae664043e796fcac5fa488ed3472f2c65e5b9d
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221212/74d53197/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list