[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri Dec 16 08:10:25 GMT 2022 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
3ca91f86 by security tracker role at 2022-12-16T08:10:14+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,63 @@
+CVE-2023-0016
+	RESERVED
+CVE-2023-0015
+	RESERVED
+CVE-2023-0014
+	RESERVED
+CVE-2023-0013
+	RESERVED
+CVE-2023-0012
+	RESERVED
+CVE-2022-4542
+	RESERVED
+CVE-2022-4541
+	RESERVED
+CVE-2022-4540
+	RESERVED
+CVE-2022-4539
+	RESERVED
+CVE-2022-4538
+	RESERVED
+CVE-2022-4537
+	RESERVED
+CVE-2022-4536
+	RESERVED
+CVE-2022-4535
+	RESERVED
+CVE-2022-4534
+	RESERVED
+CVE-2022-4533
+	RESERVED
+CVE-2022-4532
+	RESERVED
+CVE-2022-4531
+	RESERVED
+CVE-2022-4530
+	RESERVED
+CVE-2022-4529
+	RESERVED
+CVE-2022-4528
+	RESERVED
+CVE-2022-4527 (A vulnerability was found in collective.task up to 3.0.9. It has been  ...)
+	TODO: check
+CVE-2022-4526 (A vulnerability was found in django-photologue up to 3.15.1 and classi ...)
+	TODO: check
+CVE-2022-4525 (A vulnerability has been found in National Sleep Research Resource sle ...)
+	TODO: check
+CVE-2022-4524 (A vulnerability, which was classified as problematic, was found in Roo ...)
+	TODO: check
+CVE-2022-4523 (A vulnerability, which was classified as problematic, has been found i ...)
+	TODO: check
+CVE-2022-4522 (A vulnerability classified as problematic was found in CalendarXP up t ...)
+	TODO: check
+CVE-2022-4521 (A vulnerability classified as problematic has been found in WSO2 carbo ...)
+	TODO: check
+CVE-2022-4520 (A vulnerability was found in WSO2 carbon-registry up to 4.8.11. It has ...)
+	TODO: check
+CVE-2022-4519 (The WP User plugin for WordPress is vulnerable to Stored Cross-Site Sc ...)
+	TODO: check
+CVE-2022-4518
+	RESERVED
 CVE-2022-47512
 	RESERVED
 CVE-2022-47511
@@ -137,14 +197,14 @@ CVE-2022-4516
 	NOT-FOR-US: OpenShift
 CVE-2022-4515
 	RESERVED
-CVE-2022-4514
-	RESERVED
-CVE-2022-4513
-	RESERVED
+CVE-2022-4514 (A vulnerability, which was classified as problematic, was found in Ope ...)
+	TODO: check
+CVE-2022-4513 (A vulnerability, which was classified as problematic, has been found i ...)
+	TODO: check
 CVE-2022-4512
 	RESERVED
-CVE-2022-4511
-	RESERVED
+CVE-2022-4511 (A vulnerability has been found in RainyGao DocSys and classified as cr ...)
+	TODO: check
 CVE-2022-4510
 	RESERVED
 CVE-2022-4509
@@ -153,8 +213,8 @@ CVE-2022-43494
 	RESERVED
 CVE-2022-38469
 	RESERVED
-CVE-2021-4245
-	RESERVED
+CVE-2021-4245 (A vulnerability classified as problematic has been found in chbrown rf ...)
+	TODO: check
 CVE-2022-47449
 	RESERVED
 CVE-2022-47448
@@ -2608,14 +2668,14 @@ CVE-2022-46636
 	RESERVED
 CVE-2022-46635
 	RESERVED
-CVE-2022-46634
-	RESERVED
+CVE-2022-46634 (TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a com ...)
+	TODO: check
 CVE-2022-46633
 	RESERVED
 CVE-2022-46632
 	RESERVED
-CVE-2022-46631
-	RESERVED
+CVE-2022-46631 (TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a com ...)
+	TODO: check
 CVE-2022-46630
 	RESERVED
 CVE-2022-46629
@@ -3135,10 +3195,10 @@ CVE-2022-46395
 	RESERVED
 CVE-2022-46394
 	RESERVED
-CVE-2022-46393
-	RESERVED
-CVE-2022-46392
-	RESERVED
+CVE-2022-46393 (An issue was discovered in Mbed TLS before 2.28.2 and 3.x before 3.3.0 ...)
+	TODO: check
+CVE-2022-46392 (An issue was discovered in Mbed TLS before 2.28.2 and 3.x before 3.3.0 ...)
+	TODO: check
 CVE-2022-46391 (AWStats 7.x through 7.8 allows XSS in the hostinfo plugin due to print ...)
 	{DLA-3225-1}
 	- awstats 7.8-3 (bug #1025410)
@@ -4565,8 +4625,8 @@ CVE-2022-45971
 	RESERVED
 CVE-2022-45970 (Alist v3.5.1 is vulnerable to Cross Site Scripting (XSS) via the bulle ...)
 	NOT-FOR-US: Alist
-CVE-2022-45969
-	RESERVED
+CVE-2022-45969 (Alist v3.4.0 is vulnerable to Directory Traversal, ...)
+	TODO: check
 CVE-2022-45968 (Alist v3.4.0 is vulnerable to File Upload. A user with only file uploa ...)
 	NOT-FOR-US: Alist
 CVE-2022-45967
@@ -6540,8 +6600,8 @@ CVE-2022-45340
 	RESERVED
 CVE-2022-45339
 	RESERVED
-CVE-2022-45338
-	RESERVED
+CVE-2022-45338 (An arbitrary file upload vulnerability in the profile picture upload f ...)
+	TODO: check
 CVE-2022-45337 (Tenda TX9 Pro v22.03.02.10 was discovered to contain a stack overflow  ...)
 	NOT-FOR-US: Tenda
 CVE-2022-45336
@@ -18315,8 +18375,8 @@ CVE-2022-41962
 	RESERVED
 CVE-2022-41961
 	RESERVED
-CVE-2022-41960
-	RESERVED
+CVE-2022-41960 (BigBlueButton is an open source web conferencing system. Versions prio ...)
+	TODO: check
 CVE-2022-41959
 	RESERVED
 CVE-2022-41958 (super-xray is a web vulnerability scanning tool. Versions prior to 0.7 ...)
@@ -23230,8 +23290,8 @@ CVE-2022-40006
 	RESERVED
 CVE-2022-40005
 	RESERVED
-CVE-2022-40004
-	RESERVED
+CVE-2022-40004 (Cross Site Scripting (XSS) vulnerability in Things Board 3.4.1 allows  ...)
+	TODO: check
 CVE-2022-40003
 	RESERVED
 CVE-2022-40002 (Cross Site Scripting (XSS) vulnerability in FeehiCMS-2.1.1 allows remo ...)
@@ -26831,8 +26891,8 @@ CVE-2022-38664 (Jenkins Job Configuration History Plugin 1165.v8cc9fd1f4597 and
 	NOT-FOR-US: Jenkins Job Configuration History Plugin
 CVE-2022-38663 (Jenkins Git Plugin 4.11.4 and earlier does not properly mask (i.e., re ...)
 	NOT-FOR-US: Jenkins Git Plugin
-CVE-2022-38662
-	RESERVED
+CVE-2022-38662 (In HCL Digital Experience, URLs can be constructed to redirect users t ...)
+	TODO: check
 CVE-2022-38661 (HCL Workload Automation could allow a local user to overwrite key syst ...)
 	NOT-FOR-US: HCL
 CVE-2022-38660 (HCL XPages applications are susceptible to a Cross Site Request Forger ...)
@@ -26849,8 +26909,8 @@ CVE-2022-38655
 	RESERVED
 CVE-2022-38654 (HCL Domino is susceptible to an information disclosure vulnerability.  ...)
 	NOT-FOR-US: HCL
-CVE-2022-38653
-	RESERVED
+CVE-2022-38653 (In HCL Digital Experience, customized XSS payload can be constructed s ...)
+	TODO: check
 CVE-2022-38652 (** UNSUPPORTED WHEN ASSIGNED ** A remote insecure deserialization vuln ...)
 	NOT-FOR-US: VMware
 CVE-2022-38651 (** UNSUPPORTED WHEN ASSIGNED ** A security filter misconfiguration exi ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3ca91f8628387d046c6a6b099b16d958ed58d39c

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3ca91f8628387d046c6a6b099b16d958ed58d39c
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221216/171978ce/attachment.htm>

More information about the debian-security-tracker-commits mailing list