[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Dec 13 08:10:26 GMT 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
378796ff by security tracker role at 2022-12-13T08:10:16+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,383 @@
+CVE-2022-47371
+ RESERVED
+CVE-2022-47370
+ RESERVED
+CVE-2022-47369
+ RESERVED
+CVE-2022-47368
+ RESERVED
+CVE-2022-47367
+ RESERVED
+CVE-2022-47366
+ RESERVED
+CVE-2022-47365
+ RESERVED
+CVE-2022-47364
+ RESERVED
+CVE-2022-47363
+ RESERVED
+CVE-2022-47362
+ RESERVED
+CVE-2022-47361
+ RESERVED
+CVE-2022-47360
+ RESERVED
+CVE-2022-47359
+ RESERVED
+CVE-2022-47358
+ RESERVED
+CVE-2022-47357
+ RESERVED
+CVE-2022-47356
+ RESERVED
+CVE-2022-47355
+ RESERVED
+CVE-2022-47354
+ RESERVED
+CVE-2022-47353
+ RESERVED
+CVE-2022-47352
+ RESERVED
+CVE-2022-47351
+ RESERVED
+CVE-2022-47350
+ RESERVED
+CVE-2022-47349
+ RESERVED
+CVE-2022-47348
+ RESERVED
+CVE-2022-47347
+ RESERVED
+CVE-2022-47346
+ RESERVED
+CVE-2022-47345
+ RESERVED
+CVE-2022-47344
+ RESERVED
+CVE-2022-47343
+ RESERVED
+CVE-2022-47342
+ RESERVED
+CVE-2022-47341
+ RESERVED
+CVE-2022-47340
+ RESERVED
+CVE-2022-47339
+ RESERVED
+CVE-2022-47338
+ RESERVED
+CVE-2022-47337
+ RESERVED
+CVE-2022-47336
+ RESERVED
+CVE-2022-47335
+ RESERVED
+CVE-2022-47334
+ RESERVED
+CVE-2022-47333
+ RESERVED
+CVE-2022-47332
+ RESERVED
+CVE-2022-47331
+ RESERVED
+CVE-2022-47330
+ RESERVED
+CVE-2022-47329
+ RESERVED
+CVE-2022-47328
+ RESERVED
+CVE-2022-47327
+ RESERVED
+CVE-2022-47326
+ RESERVED
+CVE-2022-47325
+ RESERVED
+CVE-2022-47324
+ RESERVED
+CVE-2022-47323
+ RESERVED
+CVE-2022-47322
+ RESERVED
+CVE-2022-47310
+ RESERVED
+CVE-2022-47309
+ RESERVED
+CVE-2022-47308
+ RESERVED
+CVE-2022-47307
+ RESERVED
+CVE-2022-47306
+ RESERVED
+CVE-2022-47305
+ RESERVED
+CVE-2022-47304
+ RESERVED
+CVE-2022-47303
+ RESERVED
+CVE-2022-47302
+ RESERVED
+CVE-2022-47301
+ RESERVED
+CVE-2022-47300
+ RESERVED
+CVE-2022-47299
+ RESERVED
+CVE-2022-47298
+ RESERVED
+CVE-2022-47297
+ RESERVED
+CVE-2022-47296
+ RESERVED
+CVE-2022-47295
+ RESERVED
+CVE-2022-47294
+ RESERVED
+CVE-2022-47293
+ RESERVED
+CVE-2022-47292
+ RESERVED
+CVE-2022-47291
+ RESERVED
+CVE-2022-47290
+ RESERVED
+CVE-2022-47289
+ RESERVED
+CVE-2022-47288
+ RESERVED
+CVE-2022-47287
+ RESERVED
+CVE-2022-47286
+ RESERVED
+CVE-2022-47285
+ RESERVED
+CVE-2022-47284
+ RESERVED
+CVE-2022-47283
+ RESERVED
+CVE-2022-47282
+ RESERVED
+CVE-2022-47281
+ RESERVED
+CVE-2022-47280
+ RESERVED
+CVE-2022-47279
+ RESERVED
+CVE-2022-47278
+ RESERVED
+CVE-2022-47277
+ RESERVED
+CVE-2022-47276
+ RESERVED
+CVE-2022-47275
+ RESERVED
+CVE-2022-47274
+ RESERVED
+CVE-2022-47273
+ RESERVED
+CVE-2022-47272
+ RESERVED
+CVE-2022-47271
+ RESERVED
+CVE-2022-47270
+ RESERVED
+CVE-2022-47269
+ RESERVED
+CVE-2022-47268
+ RESERVED
+CVE-2022-47267
+ RESERVED
+CVE-2022-47266
+ RESERVED
+CVE-2022-47265
+ RESERVED
+CVE-2022-47264
+ RESERVED
+CVE-2022-47263
+ RESERVED
+CVE-2022-47262
+ RESERVED
+CVE-2022-47261
+ RESERVED
+CVE-2022-47260
+ RESERVED
+CVE-2022-47259
+ RESERVED
+CVE-2022-47258
+ RESERVED
+CVE-2022-47257
+ RESERVED
+CVE-2022-47256
+ RESERVED
+CVE-2022-47255
+ RESERVED
+CVE-2022-47254
+ RESERVED
+CVE-2022-47253
+ RESERVED
+CVE-2022-47252
+ RESERVED
+CVE-2022-47251
+ RESERVED
+CVE-2022-47250
+ RESERVED
+CVE-2022-47249
+ RESERVED
+CVE-2022-47248
+ RESERVED
+CVE-2022-47247
+ RESERVED
+CVE-2022-47246
+ RESERVED
+CVE-2022-47245
+ RESERVED
+CVE-2022-47244
+ RESERVED
+CVE-2022-47243
+ RESERVED
+CVE-2022-47242
+ RESERVED
+CVE-2022-47241
+ RESERVED
+CVE-2022-47240
+ RESERVED
+CVE-2022-47239
+ RESERVED
+CVE-2022-47238
+ RESERVED
+CVE-2022-47237
+ RESERVED
+CVE-2022-47236
+ RESERVED
+CVE-2022-47235
+ RESERVED
+CVE-2022-47234
+ RESERVED
+CVE-2022-47233
+ RESERVED
+CVE-2022-47232
+ RESERVED
+CVE-2022-47231
+ RESERVED
+CVE-2022-47230
+ RESERVED
+CVE-2022-47229
+ RESERVED
+CVE-2022-47228
+ RESERVED
+CVE-2022-47227
+ RESERVED
+CVE-2022-47226
+ RESERVED
+CVE-2022-47225
+ RESERVED
+CVE-2022-47224
+ RESERVED
+CVE-2022-47223
+ RESERVED
+CVE-2022-47222
+ RESERVED
+CVE-2022-47221
+ RESERVED
+CVE-2022-47220
+ RESERVED
+CVE-2022-47219
+ RESERVED
+CVE-2022-47218
+ RESERVED
+CVE-2022-47217
+ RESERVED
+CVE-2022-47216
+ RESERVED
+CVE-2022-47215
+ RESERVED
+CVE-2022-47214
+ RESERVED
+CVE-2022-47213
+ RESERVED
+CVE-2022-47212
+ RESERVED
+CVE-2022-47211
+ RESERVED
+CVE-2022-47210
+ RESERVED
+CVE-2022-47209
+ RESERVED
+CVE-2022-47208
+ RESERVED
+CVE-2022-47207
+ RESERVED
+CVE-2022-47206
+ RESERVED
+CVE-2022-47205
+ RESERVED
+CVE-2022-47204
+ RESERVED
+CVE-2022-47203
+ RESERVED
+CVE-2022-47202
+ RESERVED
+CVE-2022-47201
+ RESERVED
+CVE-2022-47200
+ RESERVED
+CVE-2022-47199
+ RESERVED
+CVE-2022-47198
+ RESERVED
+CVE-2022-47197
+ RESERVED
+CVE-2022-47196
+ RESERVED
+CVE-2022-47195
+ RESERVED
+CVE-2022-47194
+ RESERVED
+CVE-2022-46736
+ RESERVED
+CVE-2022-46729
+ RESERVED
+CVE-2022-46655
+ RESERVED
+CVE-2022-46296
+ RESERVED
+CVE-2022-45125
+ RESERVED
+CVE-2022-44454
+ RESERVED
+CVE-2022-44450
+ RESERVED
+CVE-2022-4441
+ RESERVED
+CVE-2022-4440
+ RESERVED
+CVE-2022-4439
+ RESERVED
+CVE-2022-4438
+ RESERVED
+CVE-2022-4437
+ RESERVED
+CVE-2022-4436
+ RESERVED
+CVE-2022-4435
+ RESERVED
+CVE-2022-4434
+ RESERVED
+CVE-2022-4433
+ RESERVED
+CVE-2022-4432
+ RESERVED
+CVE-2022-4431
+ RESERVED
+CVE-2022-4430
+ RESERVED
+CVE-2022-43669
+ RESERVED
+CVE-2022-43493
+ RESERVED
+CVE-2022-41834
+ RESERVED
+CVE-2020-36611
+ RESERVED
CVE-2023-0011
RESERVED
CVE-2022-47193
@@ -661,14 +1041,14 @@ CVE-2022-4397 (A vulnerability was found in morontt zend-blog-number-2. It has b
TODO: check
CVE-2022-4396 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in RDFlib py ...)
TODO: check
-CVE-2022-46906
- RESERVED
-CVE-2022-46905
- RESERVED
-CVE-2022-46904
- RESERVED
-CVE-2022-46903
- RESERVED
+CVE-2022-46906 (Insufficient processing of user input in WebSoft HCM 2021.2.3.327 allo ...)
+ TODO: check
+CVE-2022-46905 (Insufficient processing of user input in WebSoft HCM 2021.2.3.327 allo ...)
+ TODO: check
+CVE-2022-46904 (Insufficient processing of user input in WebSoft HCM 2021.2.3.327 allo ...)
+ TODO: check
+CVE-2022-46903 (Insufficient processing of user input in WebSoft HCM 2021.2.3.327 allo ...)
+ TODO: check
CVE-2022-46902
RESERVED
CVE-2022-46901
@@ -2996,8 +3376,8 @@ CVE-2022-46162 (discourse-bbcode is the official BBCode plugin for Discourse. Pr
NOT-FOR-US: BBCode plugin for Discourse
CVE-2022-46161 (pdfmake is an open source client/server side PDF printing in pure Java ...)
TODO: check
-CVE-2022-46160
- RESERVED
+CVE-2022-46160 (Tuleap is an Open Source Suite to improve management of software devel ...)
+ TODO: check
CVE-2022-46159 (Discourse is an open-source discussion platform. In version 2.8.13 and ...)
NOT-FOR-US: Discourse
CVE-2022-46158 (PrestaShop is an open-source e-commerce solution. Versions prior to 1. ...)
@@ -5552,8 +5932,8 @@ CVE-2022-45277
RESERVED
CVE-2022-45276 (An issue in the /index/user/user_edit.html component of YJCMS v1.0.9 a ...)
NOT-FOR-US: YJCMS
-CVE-2022-45275
- RESERVED
+CVE-2022-45275 (An arbitrary file upload vulnerability in /queuing/admin/ajax.php?acti ...)
+ TODO: check
CVE-2022-45274
RESERVED
CVE-2022-45273
@@ -5564,8 +5944,8 @@ CVE-2022-45271
RESERVED
CVE-2022-45270
RESERVED
-CVE-2022-45269
- RESERVED
+CVE-2022-45269 (A directory traversal vulnerability in the component SCS.Web.Server.SP ...)
+ TODO: check
CVE-2022-45268
RESERVED
CVE-2022-45267
@@ -6007,7 +6387,7 @@ CVE-2022-43668 (Typora versions prior to 1.4.4 fails to properly neutralize Java
CVE-2022-3932
RESERVED
CVE-2022-3931
- RESERVED
+ REJECTED
NOT-FOR-US: Rook
CVE-2022-3930 (The Directorist WordPress plugin before 7.4.2.2 suffers from an IDOR v ...)
NOT-FOR-US: WordPress plugin
@@ -15303,8 +15683,8 @@ CVE-2022-42718 (Incorrect default permissions in the installation folder for NI
TODO: check
CVE-2022-42717 (An issue was discovered in Hashicorp Packer before 2.3.1. The recommen ...)
NOT-FOR-US: Hashicorp Packer
-CVE-2022-42716
- RESERVED
+CVE-2022-42716 (An issue was discovered in the Arm Mali GPU Kernel Driver. There is a ...)
+ TODO: check
CVE-2022-42715 (A reflected XSS vulnerability exists in REDCap before 12.04.18 in the ...)
NOT-FOR-US: REDCap
CVE-2022-42714
@@ -17293,8 +17673,8 @@ CVE-2022-41916 (Heimdal is an implementation of ASN.1/DER, PKIX, and Kerberos. V
- heimdal 7.8.git20221115.a6cf945+dfsg-1 (bug #1024187)
NOTE: https://github.com/heimdal/heimdal/security/advisories/GHSA-mgqr-gvh6-23cx
NOTE: https://github.com/heimdal/heimdal/commit/eb87af0c2d189c25294c7daf483a47b03af80c2c (heimdal-7.7.1)
-CVE-2022-41915
- RESERVED
+CVE-2022-41915 (Netty project is an event-driven asynchronous network application fram ...)
+ TODO: check
CVE-2022-41914 (Zulip is an open-source team collaboration tool. For organizations wit ...)
NOT-FOR-US: Zulip
CVE-2022-41913 (Discourse-calendar is a plugin for the Discourse messaging platform wh ...)
@@ -19071,36 +19451,36 @@ CVE-2022-41277
RESERVED
CVE-2022-41276
RESERVED
-CVE-2022-41275
- RESERVED
-CVE-2022-41274
- RESERVED
-CVE-2022-41273
- RESERVED
-CVE-2022-41272
- RESERVED
-CVE-2022-41271
- RESERVED
+CVE-2022-41275 (In SAP Solution Manager (Enterprise Search) - versions 740, and 750, a ...)
+ TODO: check
+CVE-2022-41274 (SAP Disclosure Management - version 10.1, allows an authenticated atta ...)
+ TODO: check
+CVE-2022-41273 (Due to improper input sanitization in SAP Sourcing and SAP Contract Li ...)
+ TODO: check
+CVE-2022-41272 (An unauthenticated attacker over the network can attach to an open int ...)
+ TODO: check
+CVE-2022-41271 (An unauthenticated user can attach to an open interface exposed throug ...)
+ TODO: check
CVE-2022-41270
RESERVED
CVE-2022-41269
RESERVED
-CVE-2022-41268
- RESERVED
-CVE-2022-41267
- RESERVED
-CVE-2022-41266
- RESERVED
+CVE-2022-41268 (In some SAP standard roles in SAP Business Planning and Consolidation ...)
+ TODO: check
+CVE-2022-41267 (SAP Business Objects Platform - versions 420, and 430, allows an attac ...)
+ TODO: check
+CVE-2022-41266 (Due to a lack of proper input validation, SAP Commerce Webservices 2.0 ...)
+ TODO: check
CVE-2022-41265
RESERVED
-CVE-2022-41264
- RESERVED
-CVE-2022-41263
- RESERVED
-CVE-2022-41262
- RESERVED
-CVE-2022-41261
- RESERVED
+CVE-2022-41264 (Due to the unrestricted scope of the RFC function module, SAP BASIS - ...)
+ TODO: check
+CVE-2022-41263 (Due to a missing authentication check, SAP Business Objects Business I ...)
+ TODO: check
+CVE-2022-41262 (Due to insufficient input validation, SAP NetWeaver AS Java (HTTP Prov ...)
+ TODO: check
+CVE-2022-41261 (SAP Solution Manager (Diagnostic Agent) - version 7.20, allows an auth ...)
+ TODO: check
CVE-2022-41260 (SAP Financial Consolidation - version 1010, does not sufficiently enco ...)
NOT-FOR-US: SAP
CVE-2022-41259 (SAP SQL Anywhere - version 17.0, allows an authenticated attacker to p ...)
@@ -59127,7 +59507,7 @@ CVE-2022-0927
CVE-2022-0926 (File upload filter bypass leading to stored XSS in GitHub repository m ...)
NOT-FOR-US: microweber
CVE-2022-0925
- RESERVED
+ REJECTED
CVE-2022-26883
RESERVED
CVE-2022-26882
@@ -69776,8 +70156,8 @@ CVE-2022-23507
RESERVED
CVE-2022-23506
RESERVED
-CVE-2022-23505
- RESERVED
+CVE-2022-23505 (Passport-wsfed-saml2 is a ws-federation protocol and SAML2 tokens auth ...)
+ TODO: check
CVE-2022-23504
RESERVED
CVE-2022-23503
@@ -69849,8 +70229,8 @@ CVE-2022-23475 (daloRADIUS is an open source RADIUS web management application.
TODO: check
CVE-2022-23474
RESERVED
-CVE-2022-23473
- RESERVED
+CVE-2022-23473 (Tuleap is an Open Source Suite to improve management of software devel ...)
+ TODO: check
CVE-2022-23472 (Passeo is an open source python password generator. Versions prior to ...)
TODO: check
CVE-2022-23471 (containerd is an open source container runtime. A bug was found in con ...)
@@ -90804,8 +91184,8 @@ CVE-2021-41945 (Encode OSS httpx < 0.23.0 is affected by improper input valid
NOTE: https://sources.debian.org/src/httpx/0.22.0-2/httpx/_models.py/?hl=537#L537
CVE-2021-41944
RESERVED
-CVE-2021-41943
- RESERVED
+CVE-2021-41943 (Logrhythm Web Console 7.4.9 allows for HTML tag injection through Cont ...)
+ TODO: check
CVE-2021-41942 (The Magic CMS MSVOD v10 video system has a SQL injection vulnerability ...)
NOT-FOR-US: Magic CMS
CVE-2021-41941
@@ -147640,6 +148020,7 @@ CVE-2020-35512 (A use-after-free flaw was found in D-Bus Development branch <
NOTE: https://gitlab.freedesktop.org/dbus/dbus/-/commit/f3b2574f0c9faa32a59efec905921f7ef4438a60 (dbus-1.12.20)
NOTE: https://gitlab.freedesktop.org/dbus/dbus/-/commit/dc94fe3d31adf72259adc31f343537151a6c0bdd (dbus-1.10.32)
CVE-2020-35511 (A global buffer overflow was discovered in pngcheck function in pngche ...)
+ {DSA-5300-1}
- pngcheck 3.0.2-2 (bug #1021278)
NOTE: http://www.libpng.org/pub/png/apps/pngcheck.html
NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1202662#c2
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/378796ffeabfa5449b4198d1c5f3978e17c48e27
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/378796ffeabfa5449b4198d1c5f3978e17c48e27
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221213/b4d5a586/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list