[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Dec 15 08:10:28 GMT 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
85bacd5f by security tracker role at 2022-12-15T08:10:18+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,107 @@
+CVE-2022-47449
+ RESERVED
+CVE-2022-47448
+ RESERVED
+CVE-2022-47447
+ RESERVED
+CVE-2022-47446
+ RESERVED
+CVE-2022-47445
+ RESERVED
+CVE-2022-47444
+ RESERVED
+CVE-2022-47443
+ RESERVED
+CVE-2022-47442
+ RESERVED
+CVE-2022-47441
+ RESERVED
+CVE-2022-47440
+ RESERVED
+CVE-2022-47439
+ RESERVED
+CVE-2022-47438
+ RESERVED
+CVE-2022-47437
+ RESERVED
+CVE-2022-47436
+ RESERVED
+CVE-2022-47435
+ RESERVED
+CVE-2022-47434
+ RESERVED
+CVE-2022-47433
+ RESERVED
+CVE-2022-47432
+ RESERVED
+CVE-2022-47431
+ RESERVED
+CVE-2022-47430
+ RESERVED
+CVE-2022-47429
+ RESERVED
+CVE-2022-47428
+ RESERVED
+CVE-2022-47427
+ RESERVED
+CVE-2022-47426
+ RESERVED
+CVE-2022-47425
+ RESERVED
+CVE-2022-47424
+ RESERVED
+CVE-2022-47423
+ RESERVED
+CVE-2022-47422
+ RESERVED
+CVE-2022-47421
+ RESERVED
+CVE-2022-47420
+ RESERVED
+CVE-2022-47419
+ RESERVED
+CVE-2022-47418
+ RESERVED
+CVE-2022-47417
+ RESERVED
+CVE-2022-47416
+ RESERVED
+CVE-2022-47415
+ RESERVED
+CVE-2022-47414
+ RESERVED
+CVE-2022-47413
+ RESERVED
+CVE-2022-47412
+ RESERVED
+CVE-2022-47411 (An issue was discovered in the fp_newsletter (aka Newsletter subscribe ...)
+ TODO: check
+CVE-2022-47410 (An issue was discovered in the fp_newsletter (aka Newsletter subscribe ...)
+ TODO: check
+CVE-2022-47409 (An issue was discovered in the fp_newsletter (aka Newsletter subscribe ...)
+ TODO: check
+CVE-2022-47408 (An issue was discovered in the fp_newsletter (aka Newsletter subscribe ...)
+ TODO: check
+CVE-2022-47407 (An issue was discovered in the fp_masterquiz (aka Master-Quiz) extensi ...)
+ TODO: check
+CVE-2022-47406 (An issue was discovered in the fe_change_pwd (aka Change password for ...)
+ TODO: check
+CVE-2022-4508
+ RESERVED
+CVE-2022-4507
+ RESERVED
+CVE-2022-4506 (Unrestricted Upload of File with Dangerous Type in GitHub repository o ...)
+ TODO: check
+CVE-2022-4505 (Improper Access Control in GitHub repository openemr/openemr prior to ...)
+ TODO: check
+CVE-2022-4504 (Improper Input Validation in GitHub repository openemr/openemr prior t ...)
+ TODO: check
+CVE-2022-4503 (Cross-site Scripting (XSS) - Generic in GitHub repository openemr/open ...)
+ TODO: check
+CVE-2022-4502 (Cross-site Scripting (XSS) - Reflected in GitHub repository openemr/op ...)
+ TODO: check
+CVE-2022-4501 (The Mega Addons plugin for WordPress is vulnerable to authorization by ...)
+ TODO: check
CVE-2022-47405
RESERVED
CVE-2022-47404
@@ -1402,8 +1506,8 @@ CVE-2022-4412
RESERVED
CVE-2022-4411
RESERVED
-CVE-2022-4410
- RESERVED
+CVE-2022-4410 (The Permalink Manager Lite plugin for WordPress is vulnerable to Store ...)
+ TODO: check
CVE-2022-4409 (Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub ...)
NOT-FOR-US: phpMyFAQ
CVE-2022-4408 (Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpm ...)
@@ -1888,8 +1992,8 @@ CVE-2022-4342
RESERVED
CVE-2022-4341 (A vulnerability has been found in csliuwy coder-chain_gdut and classif ...)
NOT-FOR-US: csliuwy coder-chain_gdut
-CVE-2022-46768
- RESERVED
+CVE-2022-46768 (Arbitrary file read vulnerability exists in Zabbix Web Service Report ...)
+ TODO: check
CVE-2022-46767
RESERVED
CVE-2022-46766
@@ -2811,8 +2915,7 @@ CVE-2022-4285
NOTE: binutils not covered by security support
CVE-2022-4284
RESERVED
-CVE-2022-4283 [xkb: reset the radio_groups pointer to NULL after freeing it]
- RESERVED
+CVE-2022-4283 (A vulnerability was found in X.Org. This security flaw occurs because ...)
- xorg-server 2:21.1.5-1 (bug #1026071)
- xwayland 2:22.1.6-1
NOTE: https://lists.x.org/archives/xorg-announce/2022-December/003302.html
@@ -3301,32 +3404,27 @@ CVE-2022-4225
RESERVED
CVE-2021-4242 (A vulnerability was found in Sapido BR270n, BRC76n, GR297 and RB1732 a ...)
NOT-FOR-US: Sapido
-CVE-2022-46344 [Xi: avoid integer truncation in length check of ProcXIChangeProperty]
- RESERVED
+CVE-2022-46344 (A vulnerability was found in X.Org. This security flaw occurs because ...)
- xorg-server 2:21.1.5-1 (bug #1026071)
- xwayland 2:22.1.6-1
NOTE: https://lists.x.org/archives/xorg-announce/2022-December/003302.html
NOTE: https://gitlab.freedesktop.org/xorg/xserver/commit/8f454b793e1f13c99872c15f0eed1d7f3b823fe8
-CVE-2022-46343 [Xext: free the screen saver resource when replacing it]
- RESERVED
+CVE-2022-46343 (A vulnerability was found in X.Org. This security flaw occurs because ...)
- xorg-server 2:21.1.5-1 (bug #1026071)
- xwayland 2:22.1.6-1
NOTE: https://lists.x.org/archives/xorg-announce/2022-December/003302.html
NOTE: https://gitlab.freedesktop.org/xorg/xserver/commit/842ca3ccef100ce010d1d8f5f6d6cc1915055900
-CVE-2022-46342 [Xext: free the XvRTVideoNotify when turning off from the same client]
- RESERVED
+CVE-2022-46342 (A vulnerability was found in X.Org. This security flaw occurs because ...)
- xorg-server 2:21.1.5-1 (bug #1026071)
- xwayland 2:22.1.6-1
NOTE: https://lists.x.org/archives/xorg-announce/2022-December/003302.html
NOTE: https://gitlab.freedesktop.org/xorg/xserver/commit/b79f32b57cc0c1186b2899bce7cf89f7b325161b
-CVE-2022-46341 [Xi: disallow passive grabs with a detail > 255]
- RESERVED
+CVE-2022-46341 (A vulnerability was found in X.Org. This security flaw occurs because ...)
- xorg-server 2:21.1.5-1 (bug #1026071)
- xwayland 2:22.1.6-1
NOTE: https://lists.x.org/archives/xorg-announce/2022-December/003302.html
NOTE: https://gitlab.freedesktop.org/xorg/xserver/commit/51eb63b0ee1509c6c6b8922b0e4aa037faa6f78b
-CVE-2022-46340 [Xtest: disallow GenericEvents in XTestSwapFakeInput]
- RESERVED
+CVE-2022-46340 (A vulnerability was found in X.Org. This security flaw occurs becuase ...)
- xorg-server 2:21.1.5-1 (bug #1026071)
- xwayland 2:22.1.6-1
NOTE: https://lists.x.org/archives/xorg-announce/2022-December/003302.html
@@ -7023,8 +7121,8 @@ CVE-2022-3919 (The Jetpack CRM WordPress plugin before 5.4.3 does not sanitise a
NOT-FOR-US: WordPress plugin
CVE-2022-3918
RESERVED
-CVE-2022-3917
- RESERVED
+CVE-2022-3917 (Improper access control of bootloader function was discovered in Motor ...)
+ TODO: check
CVE-2022-3916
RESERVED
NOT-FOR-US: Keycloak
@@ -7230,8 +7328,8 @@ CVE-2022-45035
RESERVED
CVE-2022-45034
RESERVED
-CVE-2022-45033
- RESERVED
+CVE-2022-45033 (A cross-site scripting (XSS) vulnerability in Expense Tracker 1.0 allo ...)
+ TODO: check
CVE-2022-45032
RESERVED
CVE-2022-45031
@@ -10256,10 +10354,10 @@ CVE-2022-44238
RESERVED
CVE-2022-44237
RESERVED
-CVE-2022-44236
- RESERVED
-CVE-2022-44235
- RESERVED
+CVE-2022-44236 (Beijing Zed-3 Technologies Co.,Ltd VoIP simpliclty ASG 8.5.0.17807 (20 ...)
+ TODO: check
+CVE-2022-44235 (Beijing Zed-3 Technologies Co.,Ltd VoIP simpliclty ASG 8.5.0.17807 (20 ...)
+ TODO: check
CVE-2022-44234
RESERVED
CVE-2022-44233
@@ -16724,8 +16822,8 @@ CVE-2022-3429
RESERVED
CVE-2022-3428
RESERVED
-CVE-2022-3427
- RESERVED
+CVE-2022-3427 (The Corner Ad plugin for WordPress is vulnerable to Cross-Site Request ...)
+ TODO: check
CVE-2022-3426 (The Advanced WP Columns WordPress plugin through 2.0.6 does not saniti ...)
NOT-FOR-US: WordPress plugin
CVE-2022-3425
@@ -23460,30 +23558,30 @@ CVE-2022-3117
RESERVED
CVE-2022-3116
RESERVED
-CVE-2022-3115
- RESERVED
-CVE-2022-3114
- RESERVED
-CVE-2022-3113
- RESERVED
-CVE-2022-3112
- RESERVED
-CVE-2022-3111
- RESERVED
-CVE-2022-3110
- RESERVED
+CVE-2022-3115 (An issue was discovered in the Linux kernel through 5.16-rc6. malidp_c ...)
+ TODO: check
+CVE-2022-3114 (An issue was discovered in the Linux kernel through 5.16-rc6. imx_regi ...)
+ TODO: check
+CVE-2022-3113 (An issue was discovered in the Linux kernel through 5.16-rc6. mtk_vcod ...)
+ TODO: check
+CVE-2022-3112 (An issue was discovered in the Linux kernel through 5.16-rc6. amvdec_s ...)
+ TODO: check
+CVE-2022-3111 (An issue was discovered in the Linux kernel through 5.16-rc6. free_cha ...)
+ TODO: check
+CVE-2022-3110 (An issue was discovered in the Linux kernel through 5.16-rc6. _rtw_ini ...)
+ TODO: check
CVE-2022-3109
RESERVED
-CVE-2022-3108
- RESERVED
-CVE-2022-3107
- RESERVED
-CVE-2022-3106
- RESERVED
-CVE-2022-3105
- RESERVED
-CVE-2022-3104
- RESERVED
+CVE-2022-3108 (An issue was discovered in the Linux kernel through 5.16-rc6. kfd_pars ...)
+ TODO: check
+CVE-2022-3107 (An issue was discovered in the Linux kernel through 5.16-rc6. netvsc_g ...)
+ TODO: check
+CVE-2022-3106 (An issue was discovered in the Linux kernel through 5.16-rc6. ef100_up ...)
+ TODO: check
+CVE-2022-3105 (An issue was discovered in the Linux kernel through 5.16-rc6. uapi_fin ...)
+ TODO: check
+CVE-2022-3104 (An issue was discovered in the Linux kernel through 5.16-rc6. lkdtm_AR ...)
+ TODO: check
CVE-2022-3103 (off-by-one in io_uring module. ...)
- linux <not-affected> (Vulnerable code not present, introduced and fixed in 6.0 cycle)
NOTE: https://git.kernel.org/linus/47abea041f897d64dbd5777f0cf7745148f85d75 (6.0-rc3)
@@ -26990,8 +27088,8 @@ CVE-2022-38490
RESERVED
CVE-2022-38489
RESERVED
-CVE-2022-38488
- RESERVED
+CVE-2022-38488 (logrocket-oauth2-example through 2020-05-27 allows SQL injection via t ...)
+ TODO: check
CVE-2022-38487
RESERVED
CVE-2022-38486
@@ -30461,8 +30559,7 @@ CVE-2022-37301 (A CWE-191: Integer Underflow (Wrap or Wraparound) vulnerability
NOT-FOR-US: Modicon
CVE-2022-37300 (A CWE-640: Weak Password Recovery Mechanism for Forgotten Password vul ...)
NOT-FOR-US: EcoStruxure Control Expert, EcoStruxure Process Expert, and Modicon Controllers M580 and M340
-CVE-2022-2601
- RESERVED
+CVE-2022-2601 (A buffer overflow was found in grub_font_construct_glyph(). A maliciou ...)
{DSA-5280-1 DLA-3190-2 DLA-3190-1}
- grub2 2.06-5
NOTE: https://lists.gnu.org/archive/html/grub-devel/2022-11/msg00059.html
@@ -32465,8 +32562,8 @@ CVE-2022-36440
RESERVED
CVE-2022-2537 (The WooCommerce PDF Invoices & Packing Slips WordPress plugin befo ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-2536
- RESERVED
+CVE-2022-2536 (The Transposh WordPress Translation plugin for WordPress is vulnerable ...)
+ TODO: check
CVE-2022-2535 (The SearchWP Live Ajax Search WordPress plugin before 1.6.2 does not e ...)
NOT-FOR-US: WordPress plugin
CVE-2022-2534 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
@@ -70605,12 +70702,12 @@ CVE-2022-23527 (mod_auth_openidc is an OpenID Certified™ authentication an
[bullseye] - libapache2-mod-auth-openidc <no-dsa> (Minor issue)
NOTE: https://github.com/zmartzone/mod_auth_openidc/security/advisories/GHSA-q6f2-285m-gr53
NOTE: https://github.com/zmartzone/mod_auth_openidc/commit/87119f44b9a88312dbc1f752d720bcd2371b94a8 (v2.4.12.2)
-CVE-2022-23526
- RESERVED
-CVE-2022-23525
- RESERVED
-CVE-2022-23524
- RESERVED
+CVE-2022-23526 (Helm is a tool for managing Charts, pre-configured Kubernetes resource ...)
+ TODO: check
+CVE-2022-23525 (Helm is a tool for managing Charts, pre-configured Kubernetes resource ...)
+ TODO: check
+CVE-2022-23524 (Helm is a tool for managing Charts, pre-configured Kubernetes resource ...)
+ TODO: check
CVE-2022-23523 (In versions prior to 0.8.1, the linux-loader crate uses the offsets an ...)
TODO: check
CVE-2022-23522
@@ -70652,8 +70749,8 @@ CVE-2022-23509
RESERVED
CVE-2022-23508
RESERVED
-CVE-2022-23507
- RESERVED
+CVE-2022-23507 (Tendermint is a high-performance blockchain consensus engine for Byzan ...)
+ TODO: check
CVE-2022-23506
RESERVED
CVE-2022-23505 (Passport-wsfed-saml2 is a ws-federation protocol and SAML2 tokens auth ...)
@@ -70727,8 +70824,8 @@ CVE-2022-23476 (Nokogiri is an open source XML and HTML library for the Ruby pro
TODO: check
CVE-2022-23475 (daloRADIUS is an open source RADIUS web management application. daloRa ...)
TODO: check
-CVE-2022-23474
- RESERVED
+CVE-2022-23474 (Editor.js is a block-style editor with clean JSON output. Versions pri ...)
+ TODO: check
CVE-2022-23473 (Tuleap is an Open Source Suite to improve management of software devel ...)
TODO: check
CVE-2022-23472 (Passeo is an open source python password generator. Versions prior to ...)
@@ -217896,8 +217993,8 @@ CVE-2020-4499 (IBM Security Access Manager 9.0.7 and IBM Security Verify Access
NOT-FOR-US: IBM
CVE-2020-4498 (IBM MQ Appliance 9.1 LTS and 9.1 CD could allow a local privileged use ...)
NOT-FOR-US: IBM
-CVE-2020-4497
- RESERVED
+CVE-2020-4497 (IBM Spectrum Protect Plus 10.1.0 through 10.1.12 discloses sensitive i ...)
+ TODO: check
CVE-2020-4496 (The IBM Spectrum Protect Plus 10.1.0.0 through 10.1.8.x server connect ...)
NOT-FOR-US: IBM
CVE-2020-4495 (IBM Jazz Foundation and IBM Engineering products could allow a remote ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/85bacd5f2a9cfd3f240d9f0c6311094bdfae618f
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/85bacd5f2a9cfd3f240d9f0c6311094bdfae618f
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221215/0dbc2cc6/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list