[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Dec 14 20:10:31 GMT 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
419c2e19 by security tracker role at 2022-12-14T20:10:20+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,73 @@
+CVE-2022-47405
+ RESERVED
+CVE-2022-47404
+ RESERVED
+CVE-2022-47403
+ RESERVED
+CVE-2022-47402
+ RESERVED
+CVE-2022-47401
+ RESERVED
+CVE-2022-47400
+ RESERVED
+CVE-2022-47399
+ RESERVED
+CVE-2022-47398
+ RESERVED
+CVE-2022-47397
+ RESERVED
+CVE-2022-47396
+ RESERVED
+CVE-2022-4500
+ RESERVED
+CVE-2022-4499
+ RESERVED
+CVE-2022-4498
+ RESERVED
+CVE-2022-4497
+ RESERVED
+CVE-2022-4496
+ RESERVED
+CVE-2022-4495 (A vulnerability, which was classified as problematic, has been found i ...)
+ TODO: check
+CVE-2022-4494 (A vulnerability, which was classified as critical, has been found in b ...)
+ TODO: check
+CVE-2022-4493 (A vulnerability classified as critical was found in scifio. Affected b ...)
+ TODO: check
+CVE-2022-4492
+ RESERVED
+CVE-2022-4491
+ RESERVED
+CVE-2022-4490
+ RESERVED
+CVE-2022-4489
+ RESERVED
+CVE-2022-4488
+ RESERVED
+CVE-2022-4487
+ RESERVED
+CVE-2022-4486
+ RESERVED
+CVE-2022-4485
+ RESERVED
+CVE-2022-4484
+ RESERVED
+CVE-2022-4483
+ RESERVED
+CVE-2022-4482
+ RESERVED
+CVE-2022-4481
+ RESERVED
+CVE-2022-4480
+ RESERVED
+CVE-2022-4479
+ RESERVED
+CVE-2022-4478
+ RESERVED
+CVE-2022-4477
+ RESERVED
+CVE-2022-4476
+ RESERVED
CVE-2023-21773
RESERVED
CVE-2023-21772
@@ -1097,10 +1167,10 @@ CVE-2022-46999
RESERVED
CVE-2022-46998
RESERVED
-CVE-2022-46997
- RESERVED
-CVE-2022-46996
- RESERVED
+CVE-2022-46997 (Passhunt commit 54eb987d30ead2b8ebbf1f0b880aa14249323867 was discovere ...)
+ TODO: check
+CVE-2022-46996 (vSphere_selfuse commit 2a9fe074a64f6a0dd8ac02f21e2f10d66cac5749 was di ...)
+ TODO: check
CVE-2022-46995
RESERVED
CVE-2022-46994
@@ -1429,18 +1499,21 @@ CVE-2022-46883
RESERVED
CVE-2022-46882
RESERVED
+ {DSA-5301-1}
- firefox-esr 102.6.0esr-1
- thunderbird 1:102.6.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-52/#CVE-2022-46882
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-53/#CVE-2022-46882
CVE-2022-46881
RESERVED
+ {DSA-5301-1}
- firefox-esr 102.6.0esr-1
- thunderbird 1:102.6.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-52/#CVE-2022-46881
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-53/#CVE-2022-46881
CVE-2022-46880
RESERVED
+ {DSA-5301-1}
- thunderbird 1:102.6.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-53/#CVE-2022-46880
CVE-2022-46879
@@ -1449,6 +1522,7 @@ CVE-2022-46879
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-51/#CVE-2022-46879
CVE-2022-46878
RESERVED
+ {DSA-5301-1}
- firefox 108.0-1
- firefox-esr 102.6.0esr-1
- thunderbird 1:102.6.0-1
@@ -1471,6 +1545,7 @@ CVE-2022-46875
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-53/#CVE-2022-46875
CVE-2022-46874
RESERVED
+ {DSA-5301-1}
- firefox 108.0-1
- firefox-esr 102.6.0esr-1
- thunderbird 1:102.6.0-1
@@ -1483,6 +1558,7 @@ CVE-2022-46873
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-51/#CVE-2022-46873
CVE-2022-46872
RESERVED
+ {DSA-5301-1}
- firefox 108.0-1
- firefox-esr 102.6.0esr-1
- thunderbird 1:102.6.0-1
@@ -2316,8 +2392,8 @@ CVE-2022-46611
RESERVED
CVE-2022-46610
RESERVED
-CVE-2022-46609
- RESERVED
+CVE-2022-46609 (Python3-RESTfulAPI commit d9907f14e9e25dcdb54f5b22252b0e9452e3970e and ...)
+ TODO: check
CVE-2022-46608
RESERVED
CVE-2022-46607
@@ -2648,8 +2724,8 @@ CVE-2022-46445
RESERVED
CVE-2022-46444
RESERVED
-CVE-2022-46443
- RESERVED
+CVE-2022-46443 (mesinkasir Bangresto 1.0 is vulnberable to SQL Injection via the itemq ...)
+ TODO: check
CVE-2022-46442
RESERVED
CVE-2022-46441
@@ -3574,10 +3650,10 @@ CVE-2022-46258
RESERVED
CVE-2022-46257
RESERVED
-CVE-2022-46256
- RESERVED
-CVE-2022-46255
- RESERVED
+CVE-2022-46256 (A path traversal vulnerability was identified in GitHub Enterprise Ser ...)
+ TODO: check
+CVE-2022-46255 (An improper limitation of a pathname to a restricted directory vulnera ...)
+ TODO: check
CVE-2022-46254
RESERVED
CVE-2022-46253
@@ -3909,28 +3985,28 @@ CVE-2022-46129
RESERVED
CVE-2022-46128
RESERVED
-CVE-2022-46127
- RESERVED
-CVE-2022-46126
- RESERVED
-CVE-2022-46125
- RESERVED
-CVE-2022-46124
- RESERVED
-CVE-2022-46123
- RESERVED
-CVE-2022-46122
- RESERVED
-CVE-2022-46121
- RESERVED
-CVE-2022-46120
- RESERVED
-CVE-2022-46119
- RESERVED
-CVE-2022-46118
- RESERVED
-CVE-2022-46117
- RESERVED
+CVE-2022-46127 (Helmet Store Showroom Site v1.0 is vulnerable to SQL Injection via /hs ...)
+ TODO: check
+CVE-2022-46126 (Helmet Store Showroom Site v1.0 is vulnerable to SQL Injection via /hs ...)
+ TODO: check
+CVE-2022-46125 (Helmet Store Showroom Site v1.0 is vulnerable to SQL Injection via /hs ...)
+ TODO: check
+CVE-2022-46124 (Helmet Store Showroom Site v1.0 is vulnerable to SQL Injection via /hs ...)
+ TODO: check
+CVE-2022-46123 (Helmet Store Showroom Site v1.0 is vulnerable to SQL Injection via /hs ...)
+ TODO: check
+CVE-2022-46122 (Helmet Store Showroom Site v1.0 is vulnerable to SQL Injection via /hs ...)
+ TODO: check
+CVE-2022-46121 (Helmet Store Showroom Site v1.0 is vulnerable to SQL Injection via /hs ...)
+ TODO: check
+CVE-2022-46120 (Helmet Store Showroom Site v1.0 is vulnerable to SQL Injection via /hs ...)
+ TODO: check
+CVE-2022-46119 (Helmet Store Showroom Site v1.0 is vulnerable to SQL Injection via /hs ...)
+ TODO: check
+CVE-2022-46118 (Helmet Store Showroom Site v1.0 is vulnerable to SQL Injection via /hs ...)
+ TODO: check
+CVE-2022-46117 (Helmet Store Showroom Site v1.0 is vulnerable to SQL Injection via /hs ...)
+ TODO: check
CVE-2022-46116
RESERVED
CVE-2022-46115
@@ -4015,14 +4091,14 @@ CVE-2022-46076
RESERVED
CVE-2022-46075
RESERVED
-CVE-2022-46074
- RESERVED
-CVE-2022-46073
- RESERVED
-CVE-2022-46072
- RESERVED
-CVE-2022-46071
- RESERVED
+CVE-2022-46074 (Helmet Store Showroom 1.0 is vulnerable to Cross Site Request Forgery ...)
+ TODO: check
+CVE-2022-46073 (Helmet Store Showroom 1.0 is vulnerable to Cross Site Scripting (XSS). ...)
+ TODO: check
+CVE-2022-46072 (Helmet Store Showroom v1.0 vulnerable to unauthenticated SQL Injection ...)
+ TODO: check
+CVE-2022-46071 (There is SQL Injection vulnerability at Helmet Store Showroom v1.0 Log ...)
+ TODO: check
CVE-2022-46070
RESERVED
CVE-2022-46069
@@ -7392,8 +7468,8 @@ CVE-2022-44912
RESERVED
CVE-2022-44911
RESERVED
-CVE-2022-44910
- RESERVED
+CVE-2022-44910 (Binbloom 2.0 was discovered to contain a heap buffer overflow via the ...)
+ TODO: check
CVE-2022-44909
RESERVED
CVE-2022-44908
@@ -7416,8 +7492,8 @@ CVE-2022-44900 (A directory traversal vulnerability in the SevenZipFile.extracta
TODO: check
CVE-2022-44899
RESERVED
-CVE-2022-44898
- RESERVED
+CVE-2022-44898 (The MsIo64.sys component in Asus Aura Sync through v1.07.79 does not p ...)
+ TODO: check
CVE-2022-44897
RESERVED
CVE-2022-44896
@@ -7548,8 +7624,8 @@ CVE-2022-44834
RESERVED
CVE-2022-44833
RESERVED
-CVE-2022-44832
- RESERVED
+CVE-2022-44832 (D-Link DIR-3040 device with firmware 120B03 was discovered to contain ...)
+ TODO: check
CVE-2022-44831
RESERVED
CVE-2022-44830 (Sourcecodester Event Registration App v1.0 was discovered to contain m ...)
@@ -14105,8 +14181,8 @@ CVE-2022-3591 (Use After Free in GitHub repository vim/vim prior to 9.0.0789. ..
NOTE: https://huntr.dev/bounties/a5a998c2-4b07-47a7-91be-dbc1886b3921
NOTE: https://github.com/vim/vim/commit/8f3c3c6cd044e3b5bf08dbfa3b3f04bb3f711bad (v9.0.0789)
NOTE: Crash in CLI tool, no security impact
-CVE-2022-3590
- RESERVED
+CVE-2022-3590 (WordPress is affected by an unauthenticated blind SSRF in the pingback ...)
+ TODO: check
CVE-2022-3589 (An API Endpoint used by Miele's "AppWash" MobileApp in all versions wa ...)
NOT-FOR-US: Miele's "AppWash" MobileApp
CVE-2022-3588
@@ -25139,8 +25215,8 @@ CVE-2022-3075 (Insufficient data validation in Mojo in Google Chrome prior to 10
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2022-3074 (The Slider Hero WordPress plugin before 8.4.4 does not escape the slid ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-3073
- RESERVED
+CVE-2022-3073 (Quanos "SCHEMA ST4" example web templates in version Bootstrap 2019 v2 ...)
+ TODO: check
CVE-2022-3072 (Cross-site Scripting (XSS) - Stored in GitHub repository francoisjacqu ...)
NOT-FOR-US: francoisjacquet/rosariosis
CVE-2006-20001
@@ -33117,7 +33193,7 @@ CVE-2022-36229
RESERVED
CVE-2022-36228
RESERVED
-CVE-2022-36227 (In libarchive 3.6.1, the software does not check for an error after ca ...)
+CVE-2022-36227 (In libarchive before 3.6.2, the software does not check for an error a ...)
- libarchive <unfixed> (bug #1024669)
[bullseye] - libarchive <no-dsa> (Minor issue)
[buster] - libarchive <postponed> (Minor issue, clean crash, follow bullseye updates)
@@ -38650,8 +38726,8 @@ CVE-2022-34273 (A vulnerability has been identified in PADS Standard/Plus Viewer
NOT-FOR-US: Siemens
CVE-2022-34272 (A vulnerability has been identified in PADS Standard/Plus Viewer (All ...)
NOT-FOR-US: Siemens
-CVE-2022-34271
- RESERVED
+CVE-2022-34271 (A vulnerability in import module of Apache Atlas allows an authenticat ...)
+ TODO: check
CVE-2022-2180 (The GREYD.SUITE WordPress theme does not properly validate uploaded cu ...)
NOT-FOR-US: WordPress theme
CVE-2022-2179 (The X-Frame-Options header in Rockwell Automation MicroLogix 1100/1400 ...)
@@ -45511,18 +45587,18 @@ CVE-2022-31707
RESERVED
CVE-2022-31706
RESERVED
-CVE-2022-31705
- RESERVED
+CVE-2022-31705 (VMware ESXi, Workstation, and Fusion contain a heap out-of-bounds writ ...)
+ TODO: check
CVE-2022-31704
RESERVED
-CVE-2022-31703
- RESERVED
-CVE-2022-31702
- RESERVED
-CVE-2022-31701
- RESERVED
-CVE-2022-31700
- RESERVED
+CVE-2022-31703 (vRealize Network Insight (vRNI) directory traversal vulnerability in v ...)
+ TODO: check
+CVE-2022-31702 (vRealize Network Insight (vRNI) contains a command injection vulnerabi ...)
+ TODO: check
+CVE-2022-31701 (VMware Workspace ONE Access and Identity Manager contain a broken auth ...)
+ TODO: check
+CVE-2022-31700 (VMware Workspace ONE Access and Identity Manager contain an authentica ...)
+ TODO: check
CVE-2022-31699 (VMware ESXi contains a heap-overflow vulnerability. A malicious local ...)
TODO: check
CVE-2022-31698 (The vCenter Server contains a denial-of-service vulnerability in the c ...)
@@ -46555,8 +46631,8 @@ CVE-2022-31360
RESERVED
CVE-2022-31359
RESERVED
-CVE-2022-31358
- RESERVED
+CVE-2022-31358 (A reflected cross-site scripting (XSS) vulnerability in Proxmox Virtua ...)
+ TODO: check
CVE-2022-31357 (Online Ordering System v2.3.2 was discovered to contain a SQL injectio ...)
NOT-FOR-US: Online Ordering System
CVE-2022-31356 (Online Ordering System v2.3.2 was discovered to contain a SQL injectio ...)
@@ -70030,8 +70106,8 @@ CVE-2022-23743 (Check Point ZoneAlarm before version 15.8.200.19118 allows a loc
NOT-FOR-US: Check Point ZoneAlarm
CVE-2022-23742 (Check Point Endpoint Security Client for Windows versions earlier than ...)
NOT-FOR-US: Check Point Enterprise Endpoint
-CVE-2022-23741
- RESERVED
+CVE-2022-23741 (An incorrect authorization vulnerability was identified in GitHub Ente ...)
+ TODO: check
CVE-2022-23740 (CRITICAL: An improper neutralization of argument delimiters in a comma ...)
TODO: check
CVE-2022-23739
@@ -70516,8 +70592,7 @@ CVE-2022-23529
RESERVED
CVE-2022-23528
RESERVED
-CVE-2022-23527
- RESERVED
+CVE-2022-23527 (mod_auth_openidc is an OpenID Certified™ authentication and auth ...)
- libapache2-mod-auth-openidc 2.4.12.2-1
[bullseye] - libapache2-mod-auth-openidc <no-dsa> (Minor issue)
NOTE: https://github.com/zmartzone/mod_auth_openidc/security/advisories/GHSA-q6f2-285m-gr53
@@ -70534,30 +70609,27 @@ CVE-2022-23522
RESERVED
CVE-2022-23521
RESERVED
-CVE-2022-23520
- RESERVED
-CVE-2022-23519
- RESERVED
-CVE-2022-23518
- RESERVED
-CVE-2022-23517
- RESERVED
-CVE-2022-23516
- RESERVED
+CVE-2022-23520 (rails-html-sanitizer is responsible for sanitizing HTML fragments in R ...)
+ TODO: check
+CVE-2022-23519 (rails-html-sanitizer is responsible for sanitizing HTML fragments in R ...)
+ TODO: check
+CVE-2022-23518 (rails-html-sanitizer is responsible for sanitizing HTML fragments in R ...)
+ TODO: check
+CVE-2022-23517 (rails-html-sanitizer is responsible for sanitizing HTML fragments in R ...)
+ TODO: check
+CVE-2022-23516 (Loofah is a general library for manipulating and transforming HTML/XML ...)
- ruby-loofah 2.19.1-1 (bug #1026083)
NOTE: https://github.com/flavorjones/loofah/security/advisories/GHSA-3x8r-x6xp-q4vm
-CVE-2022-23515
- RESERVED
+CVE-2022-23515 (Loofah is a general library for manipulating and transforming HTML/XML ...)
- ruby-loofah 2.19.1-1 (bug #1026083)
NOTE: https://github.com/flavorjones/loofah/security/advisories/GHSA-228g-948r-83gx
-CVE-2022-23514
- RESERVED
+CVE-2022-23514 (Loofah is a general library for manipulating and transforming HTML/XML ...)
- ruby-loofah 2.19.1-1 (bug #1026083)
NOTE: https://github.com/flavorjones/loofah/security/advisories/GHSA-486f-hjj9-9vhh
CVE-2022-23513
RESERVED
-CVE-2022-23512
- RESERVED
+CVE-2022-23512 (MeterSphere is a one-stop open source continuous testing platform. Ver ...)
+ TODO: check
CVE-2022-23511 (A privilege escalation issue exists within the Amazon CloudWatch Agent ...)
TODO: check
CVE-2022-23510 (cube-js is a headless business intelligence platform. In version 0.31. ...)
@@ -70572,16 +70644,16 @@ CVE-2022-23506
RESERVED
CVE-2022-23505 (Passport-wsfed-saml2 is a ws-federation protocol and SAML2 tokens auth ...)
TODO: check
-CVE-2022-23504
- RESERVED
-CVE-2022-23503
- RESERVED
-CVE-2022-23502
- RESERVED
-CVE-2022-23501
- RESERVED
-CVE-2022-23500
- RESERVED
+CVE-2022-23504 (TYPO3 is an open source PHP based web content management system. Versi ...)
+ TODO: check
+CVE-2022-23503 (TYPO3 is an open source PHP based web content management system. Versi ...)
+ TODO: check
+CVE-2022-23502 (TYPO3 is an open source PHP based web content management system. In ve ...)
+ TODO: check
+CVE-2022-23501 (TYPO3 is an open source PHP based web content management system. In ve ...)
+ TODO: check
+CVE-2022-23500 (TYPO3 is an open source PHP based web content management system. In ve ...)
+ TODO: check
CVE-2022-23499 (HTML sanitizer is written in PHP, aiming to provide XSS-safe markup ba ...)
TODO: check
CVE-2022-23498
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/419c2e19e07388319dd6494fb146141e9e87612b
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/419c2e19e07388319dd6494fb146141e9e87612b
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221214/7437cfe1/attachment.htm>
More information about the debian-security-tracker-commits
mailing list