[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Mon Dec 19 20:10:24 GMT 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
f298d9f8 by security tracker role at 2022-12-19T20:10:14+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,209 @@
+CVE-2023-22275
+ RESERVED
+CVE-2023-22274
+ RESERVED
+CVE-2023-22273
+ RESERVED
+CVE-2023-22272
+ RESERVED
+CVE-2023-22271
+ RESERVED
+CVE-2023-22270
+ RESERVED
+CVE-2023-22269
+ RESERVED
+CVE-2023-22268
+ RESERVED
+CVE-2023-22267
+ RESERVED
+CVE-2023-22266
+ RESERVED
+CVE-2023-22265
+ RESERVED
+CVE-2023-22264
+ RESERVED
+CVE-2023-22263
+ RESERVED
+CVE-2023-22262
+ RESERVED
+CVE-2023-22261
+ RESERVED
+CVE-2023-22260
+ RESERVED
+CVE-2023-22259
+ RESERVED
+CVE-2023-22258
+ RESERVED
+CVE-2023-22257
+ RESERVED
+CVE-2023-22256
+ RESERVED
+CVE-2023-22255
+ RESERVED
+CVE-2023-22254
+ RESERVED
+CVE-2023-22253
+ RESERVED
+CVE-2023-22252
+ RESERVED
+CVE-2023-22251
+ RESERVED
+CVE-2023-22250
+ RESERVED
+CVE-2023-22249
+ RESERVED
+CVE-2023-22248
+ RESERVED
+CVE-2023-22247
+ RESERVED
+CVE-2023-22246
+ RESERVED
+CVE-2023-22245
+ RESERVED
+CVE-2023-22244
+ RESERVED
+CVE-2023-22243
+ RESERVED
+CVE-2023-22242
+ RESERVED
+CVE-2023-22241
+ RESERVED
+CVE-2023-22240
+ RESERVED
+CVE-2023-22239
+ RESERVED
+CVE-2023-22238
+ RESERVED
+CVE-2023-22237
+ RESERVED
+CVE-2023-22236
+ RESERVED
+CVE-2023-22235
+ RESERVED
+CVE-2023-22234
+ RESERVED
+CVE-2023-22233
+ RESERVED
+CVE-2023-22232
+ RESERVED
+CVE-2023-22231
+ RESERVED
+CVE-2023-22230
+ RESERVED
+CVE-2023-22229
+ RESERVED
+CVE-2023-22228
+ RESERVED
+CVE-2023-22227
+ RESERVED
+CVE-2023-22226
+ RESERVED
+CVE-2023-22225
+ RESERVED
+CVE-2023-22224
+ RESERVED
+CVE-2022-47576
+ RESERVED
+CVE-2022-47575
+ RESERVED
+CVE-2022-47574
+ RESERVED
+CVE-2022-47573
+ RESERVED
+CVE-2022-47572
+ RESERVED
+CVE-2022-47571
+ RESERVED
+CVE-2022-47570
+ RESERVED
+CVE-2022-47569
+ RESERVED
+CVE-2022-47568
+ RESERVED
+CVE-2022-47567
+ RESERVED
+CVE-2022-47566
+ RESERVED
+CVE-2022-47565
+ RESERVED
+CVE-2022-47564
+ RESERVED
+CVE-2022-47563
+ RESERVED
+CVE-2022-47562
+ RESERVED
+CVE-2022-47561
+ RESERVED
+CVE-2022-47560
+ RESERVED
+CVE-2022-47559
+ RESERVED
+CVE-2022-47558
+ RESERVED
+CVE-2022-47557
+ RESERVED
+CVE-2022-47556
+ RESERVED
+CVE-2022-47555
+ RESERVED
+CVE-2022-47554
+ RESERVED
+CVE-2022-47553
+ RESERVED
+CVE-2022-47552
+ RESERVED
+CVE-2022-47551
+ RESERVED
+CVE-2022-47550
+ RESERVED
+CVE-2022-47549 (An unprotected memory-access operation in optee_os in TrustedFirmware ...)
+ TODO: check
+CVE-2022-47548
+ RESERVED
+CVE-2022-47547 (GossipSub 1.1, as used for Ethereum 2.0, allows a peer to maintain a p ...)
+ TODO: check
+CVE-2022-47546
+ RESERVED
+CVE-2022-47545
+ RESERVED
+CVE-2022-47544
+ RESERVED
+CVE-2022-47543
+ RESERVED
+CVE-2022-47542
+ RESERVED
+CVE-2022-4615
+ RESERVED
+CVE-2022-4614
+ RESERVED
+CVE-2022-4613 (A vulnerability was found in Click Studios Passwordstate and Passwords ...)
+ TODO: check
+CVE-2022-4612 (A vulnerability has been found in Click Studios Passwordstate and Pass ...)
+ TODO: check
+CVE-2022-4611 (A vulnerability, which was classified as problematic, was found in Cli ...)
+ TODO: check
+CVE-2022-4610 (A vulnerability, which was classified as problematic, has been found i ...)
+ TODO: check
+CVE-2022-4609 (Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memo ...)
+ TODO: check
+CVE-2022-4608
+ RESERVED
+CVE-2021-4262 (A vulnerability classified as critical was found in laravel-jqgrid. Af ...)
+ TODO: check
+CVE-2021-4261 (A vulnerability classified as critical has been found in pacman-canvas ...)
+ TODO: check
+CVE-2021-4260 (A vulnerability was found in oils-js. It has been declared as critical ...)
+ TODO: check
+CVE-2021-4259 (A vulnerability was found in phpRedisAdmin up to 1.17.3. It has been c ...)
+ TODO: check
+CVE-2021-4258 (** DISPUTED ** A vulnerability was found in whohas. It has been rated ...)
+ TODO: check
+CVE-2020-36619 (A vulnerability was found in multimon-ng. It has been rated as critica ...)
+ TODO: check
+CVE-2020-36618 (A vulnerability classified as critical has been found in Furqan node-w ...)
+ TODO: check
+CVE-2016-20018 (Knex Knex.js through 2.3.0 has a limited SQL injection vulnerability t ...)
+ TODO: check
CVE-2022-47541
RESERVED
CVE-2022-47540
@@ -1225,8 +1431,8 @@ CVE-2022-4519 (The WP User plugin for WordPress is vulnerable to Stored Cross-Si
NOT-FOR-US: WP User plugin for WordPress
CVE-2022-4518
RESERVED
-CVE-2022-47512
- RESERVED
+CVE-2022-47512 (Sensitive information was stored in plain text in a file that is acces ...)
+ TODO: check
CVE-2022-47511
RESERVED
CVE-2022-47510
@@ -1249,8 +1455,8 @@ CVE-2022-47502
RESERVED
CVE-2022-47501
RESERVED
-CVE-2022-47500
- RESERVED
+CVE-2022-47500 (URL Redirection to Untrusted Site ('Open Redirect') vulnerability in A ...)
+ TODO: check
CVE-2022-47499
RESERVED
CVE-2022-47498
@@ -2842,8 +3048,8 @@ CVE-2022-4429
RESERVED
CVE-2022-4428
RESERVED
-CVE-2022-4427
- RESERVED
+CVE-2022-4427 (Improper Input Validation vulnerability in OTRS AG OTRS, OTRS AG ((OTR ...)
+ TODO: check
CVE-2022-4426
RESERVED
CVE-2022-4425
@@ -6237,10 +6443,10 @@ CVE-2022-4127 (A NULL pointer dereference issue was discovered in the Linux kern
NOTE: https://git.kernel.org/linus/d785a773bed966a75ca1f11d108ae1897189975b (5.19-rc6)
CVE-2022-4126
RESERVED
-CVE-2022-4125
- RESERVED
-CVE-2022-4124
- RESERVED
+CVE-2022-4125 (The Popup Manager WordPress plugin through 1.6.6 does not have authori ...)
+ TODO: check
+CVE-2022-4124 (The Popup Manager WordPress plugin through 1.6.6 does not have authori ...)
+ TODO: check
CVE-2022-45800
RESERVED
CVE-2022-45799
@@ -6319,20 +6525,20 @@ CVE-2022-4114
RESERVED
CVE-2022-4113
RESERVED
-CVE-2022-4112
- RESERVED
+CVE-2022-4112 (The Quizlord WordPress plugin through 2.0 does not sanitise and escape ...)
+ TODO: check
CVE-2022-4111 (Unrestricted file size limit can lead to DoS in tooljet/tooljet <1. ...)
NOT-FOR-US: ToolJet
CVE-2022-4110
RESERVED
CVE-2022-4109
RESERVED
-CVE-2022-4108
- RESERVED
-CVE-2022-4107
- RESERVED
-CVE-2022-4106
- RESERVED
+CVE-2022-4108 (The Wholesale Market for WooCommerce WordPress plugin before 1.0.8 doe ...)
+ TODO: check
+CVE-2022-4107 (The SMSA Shipping for WooCommerce WordPress plugin before 1.0.5 does n ...)
+ TODO: check
+CVE-2022-4106 (The Wholesale Market for WooCommerce WordPress plugin before 1.0.7 doe ...)
+ TODO: check
CVE-2022-45781
RESERVED
CVE-2022-45780
@@ -7047,8 +7253,8 @@ CVE-2022-45476 (Tiny File Manager version 2.4.8 executes the code of files uploa
NOT-FOR-US: Tiny File Manager
CVE-2022-45475 (Tiny File Manager version 2.4.8 allows an unauthenticated remote attac ...)
NOT-FOR-US: Tiny File Manager
-CVE-2022-4063
- RESERVED
+CVE-2022-4063 (The InPost Gallery WordPress plugin before 2.1.4.1 insecurely uses PHP ...)
+ TODO: check
CVE-2022-4062
RESERVED
CVE-2022-45474 (drachtio-server 0.8.18 has a request-handler.cpp event_cb use-after-fr ...)
@@ -7063,14 +7269,14 @@ CVE-2022-45470 (** UNSUPPORTED WHEN ASSIGNED ** missing input validation in Apac
NOT-FOR-US: Apache Hama
CVE-2022-44456 (CONPROSYS HMI System (CHS) Ver.3.4.4?and earlier allows a remote unaut ...)
TODO: check
-CVE-2022-4061
- RESERVED
+CVE-2022-4061 (The JobBoardWP WordPress plugin before 1.2.2 does not properly validat ...)
+ TODO: check
CVE-2022-4060
RESERVED
CVE-2022-4059
RESERVED
-CVE-2022-4058
- RESERVED
+CVE-2022-4058 (The Photo Gallery by 10Web WordPress plugin before 1.8.3 does not vali ...)
+ TODO: check
CVE-2022-4057
RESERVED
CVE-2023-21523
@@ -7113,8 +7319,8 @@ CVE-2022-4052 (A vulnerability was found in Student Attendance Management System
NOT-FOR-US: Student Attendance Management System
CVE-2022-4051 (A vulnerability has been found in Hostel Searching Project and classif ...)
NOT-FOR-US: Hostel Searching Project
-CVE-2022-4050
- RESERVED
+CVE-2022-4050 (The JoomSport WordPress plugin before 5.2.8 does not properly sanitise ...)
+ TODO: check
CVE-2022-4049
RESERVED
CVE-2022-4048
@@ -7191,8 +7397,8 @@ CVE-2022-4026
RESERVED
CVE-2022-4025
RESERVED
-CVE-2022-4024
- RESERVED
+CVE-2022-4024 (The Registration Forms WordPress plugin before 3.8.1.3 does not have a ...)
+ TODO: check
CVE-2022-4023
RESERVED
CVE-2022-4022 (The SVG Support plugin for WordPress defaults to insecure settings in ...)
@@ -8089,16 +8295,16 @@ CVE-2022-3989 (The Motors WordPress plugin before 1.4.4 does not properly valida
NOT-FOR-US: WordPress plugin
CVE-2022-3988 (A vulnerability was found in Frappe. It has been rated as problematic. ...)
NOT-FOR-US: Frappe Framework
-CVE-2022-3987
- RESERVED
-CVE-2022-3986
- RESERVED
-CVE-2022-3985
- RESERVED
-CVE-2022-3984
- RESERVED
-CVE-2022-3983
- RESERVED
+CVE-2022-3987 (The Responsive Lightbox2 WordPress plugin before 1.0.4 does not valida ...)
+ TODO: check
+CVE-2022-3986 (The WP Stripe Checkout WordPress plugin before 1.2.2.21 does not valid ...)
+ TODO: check
+CVE-2022-3985 (The Videojs HTML5 Player WordPress plugin before 1.1.9 does not valida ...)
+ TODO: check
+CVE-2022-3984 (The Flowplayer Video Player WordPress plugin before 1.0.5 does not val ...)
+ TODO: check
+CVE-2022-3983 (The Checkout for PayPal WordPress plugin before 1.0.14 does not valida ...)
+ TODO: check
CVE-2022-3982 (The Booking calendar, Appointment Booking System WordPress plugin befo ...)
NOT-FOR-US: WordPress plugin
CVE-2022-3981 (The Icegram Express WordPress plugin before 5.5.1 does not properly sa ...)
@@ -8237,8 +8443,8 @@ CVE-2022-45168
CVE-2022-3962
RESERVED
NOT-FOR-US: Kiali
-CVE-2022-3961
- RESERVED
+CVE-2022-3961 (The Directorist WordPress plugin before 7.4.4 does not prevent users w ...)
+ TODO: check
CVE-2022-3960
RESERVED
CVE-2022-45167
@@ -8337,8 +8543,8 @@ CVE-2022-3939 (A vulnerability, which was classified as critical, has been found
NOT-FOR-US: lanyulei ferry
CVE-2022-3938
RESERVED
-CVE-2022-3937
- RESERVED
+CVE-2022-3937 (The Easy Video Player WordPress plugin before 1.2.2.3 does not sanitiz ...)
+ TODO: check
CVE-2022-3936
RESERVED
CVE-2022-3935 (The Welcart e-Commerce WordPress plugin before 2.8.4 does not sanitise ...)
@@ -8635,7 +8841,7 @@ CVE-2022-45048
RESERVED
CVE-2022-45047 (Class org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyProvide ...)
NOT-FOR-US: Apache Mina SSHD
-CVE-2022-45046 (The camel-ldap component allows LDAP Injection when using the filter o ...)
+CVE-2022-45046 (DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candi ...)
NOT-FOR-US: Apache Camel
CVE-2022-3899
RESERVED
@@ -8697,12 +8903,12 @@ CVE-2022-3879 (The Car Dealer (Dealership) and Vehicle sales WordPress Plugin Wo
NOT-FOR-US: WordPress plugin
CVE-2022-3878 (A vulnerability classified as critical has been found in Maxon ERP. Th ...)
NOT-FOR-US: Maxon ERP
-CVE-2022-3877
- RESERVED
-CVE-2022-3876
- RESERVED
-CVE-2022-3875
- RESERVED
+CVE-2022-3877 (A vulnerability, which was classified as problematic, was found in Cli ...)
+ TODO: check
+CVE-2022-3876 (A vulnerability, which was classified as problematic, has been found i ...)
+ TODO: check
+CVE-2022-3875 (A vulnerability classified as critical was found in Click Studios Pass ...)
+ TODO: check
CVE-2022-3874
RESERVED
CVE-2022-3873 (Cross-site Scripting (XSS) - DOM in GitHub repository jgraph/drawio pr ...)
@@ -10746,8 +10952,8 @@ CVE-2022-3834 (The Google Forms WordPress plugin through 0.95 does not sanitise
NOT-FOR-US: WordPress plugin
CVE-2022-3833 (The Fancier Author Box by ThematoSoup WordPress plugin through 1.4 doe ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-3832
- RESERVED
+CVE-2022-3832 (The External Media WordPress plugin before 1.0.36 does not sanitise an ...)
+ TODO: check
CVE-2022-3831 (The reCAPTCHA WordPress plugin through 1.6 does not sanitise and escap ...)
NOT-FOR-US: WordPress plugin
CVE-2022-3830 (The WP Page Builder WordPress plugin through 1.2.8 does not sanitise a ...)
@@ -15974,8 +16180,8 @@ CVE-2022-43291 (Canteen Management System v1.0 was discovered to contain a SQL i
NOT-FOR-US: Canteen Management System
CVE-2022-43290 (Canteen Management System v1.0 was discovered to contain a SQL injecti ...)
NOT-FOR-US: Canteen Management System
-CVE-2022-43289
- RESERVED
+CVE-2022-43289 (Deark v.1.6.2 was discovered to contain a stack overflow via the do_pr ...)
+ TODO: check
CVE-2022-43288 (Rukovoditel v3.2.1 was discovered to contain a SQL injection vulnerabi ...)
NOT-FOR-US: Rukovoditel
CVE-2022-43287
@@ -16889,12 +17095,12 @@ CVE-2017-20149 (The Mikrotik RouterOS web server allows memory corruption in rel
NOT-FOR-US: Mikrotik
CVE-2022-42948
RESERVED
-CVE-2022-42947
- RESERVED
-CVE-2022-42946
- RESERVED
-CVE-2022-42945
- RESERVED
+CVE-2022-42947 (A maliciously crafted X_B file when parsed through Autodesk Maya 2023 ...)
+ TODO: check
+CVE-2022-42946 (Parsing a maliciously crafted X_B and PRT file can force Autodesk Maya ...)
+ TODO: check
+CVE-2022-42945 (DWG TrueViewTM 2023 version has a DLL Search Order Hijacking vulnerabi ...)
+ TODO: check
CVE-2022-42944 (A malicious crafted dwf or .pct file when consumed through DesignRevie ...)
NOT-FOR-US: Autodesk
CVE-2022-42943 (A malicious crafted dwf or .pct file when consumed through DesignRevie ...)
@@ -22645,8 +22851,8 @@ CVE-2022-40745
RESERVED
CVE-2022-40744
RESERVED
-CVE-2022-40743
- RESERVED
+CVE-2022-40743 (Improper Input Validation vulnerability for the xdebug plugin in Apach ...)
+ TODO: check
CVE-2022-3233 (Cross-Site Request Forgery (CSRF) in GitHub repository ikus060/rdiffwe ...)
- rdiffweb <itp> (bug #969974)
CVE-2022-3232 (Cross-Site Request Forgery (CSRF) in GitHub repository ikus060/rdiffwe ...)
@@ -23467,8 +23673,8 @@ CVE-2022-40437
RESERVED
CVE-2022-40436
RESERVED
-CVE-2022-40435
- RESERVED
+CVE-2022-40435 (Employee Performance Evaluation System v1.0 was discovered to contain ...)
+ TODO: check
CVE-2022-40434
RESERVED
CVE-2022-40433
@@ -24864,7 +25070,7 @@ CVE-2022-3121 (A vulnerability was found in SourceCodester Online Employee Leave
NOT-FOR-US: SourceCodester Online Employee Leave Management System
CVE-2022-39843 (123elf Lotus 1-2-3 before 1.0.0rc3 for Linux, and Lotus 1-2-3 R3 for U ...)
NOT-FOR-US: Lotus 1-2-3
-CVE-2022-39842 (An issue was discovered in the Linux kernel before 5.19. In pxa3xx_gcu ...)
+CVE-2022-39842 (** DISPUTED ** An issue was discovered in the Linux kernel before 5.19 ...)
{DSA-5257-1 DLA-3173-1 DLA-3131-1}
- linux 5.19.6-1 (unimportant)
NOTE: https://git.kernel.org/linus/a09d2d00af53b43c6f11e6ab3cb58443c2cac8a7 (5.19-rc4)
@@ -31736,8 +31942,8 @@ CVE-2022-37393 (Zimbra's sudo configuration permits the zimbra user to execute t
NOT-FOR-US: Zimbra
CVE-2022-2634 (An attacker may be able to execute malicious actions due to the lack o ...)
NOT-FOR-US: Digi ConnectPort X2D
-CVE-2022-37392
- RESERVED
+CVE-2022-37392 (Improper Check for Unusual or Exceptional Conditions vulnerability in ...)
+ TODO: check
CVE-2022-37391
RESERVED
CVE-2022-37390
@@ -44109,8 +44315,8 @@ CVE-2022-32751
RESERVED
CVE-2022-32750 (IBM DataPower Gateway 10.0.2.0 through 10.0.4.0, 10.0.1.0 through 10.0 ...)
NOT-FOR-US: IBM
-CVE-2022-32749
- RESERVED
+CVE-2022-32749 (Improper Check for Unusual or Exceptional Conditions vulnerability han ...)
+ TODO: check
CVE-2022-32748
RESERVED
CVE-2022-32747
@@ -47211,8 +47417,8 @@ CVE-2022-31685 (VMware Workspace ONE Assist prior to 22.10 contains an Authentic
NOT-FOR-US: VMware
CVE-2022-31684 (Reactor Netty HTTP Server, in versions 1.0.11 - 1.0.23, may log reques ...)
NOT-FOR-US: Reactor Netty, different from src:netty
-CVE-2022-31683
- RESERVED
+CVE-2022-31683 (Concourse (7.x.y prior to 7.8.3 and 6.x.y prior to 6.7.9) contains an ...)
+ TODO: check
CVE-2022-31682 (VMware Aria Operations contains an arbitrary file read vulnerability. ...)
NOT-FOR-US: VMware
CVE-2022-31681 (VMware ESXi contains a null-pointer deference vulnerability. A malicio ...)
@@ -57792,8 +57998,8 @@ CVE-2022-28175
RESERVED
CVE-2022-28174
RESERVED
-CVE-2022-28173
- RESERVED
+CVE-2022-28173 (The web server of some Hikvision wireless bridge products have an acce ...)
+ TODO: check
CVE-2022-28172 (The web module in some Hikvision Hybrid SAN/Cluster Storage products h ...)
NOT-FOR-US: Hikvision
CVE-2022-28171 (The web module in some Hikvision Hybrid SAN/Cluster Storage products h ...)
@@ -113942,8 +114148,8 @@ CVE-2021-33642
RESERVED
CVE-2021-33641
RESERVED
-CVE-2021-33640
- RESERVED
+CVE-2021-33640 (After tar_close(), libtar.c releases the memory pointed to by pointer ...)
+ TODO: check
CVE-2021-33639
RESERVED
CVE-2021-33638
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f298d9f8a801caef54dbc02de24c18a5c00ca254
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f298d9f8a801caef54dbc02de24c18a5c00ca254
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221219/848103a5/attachment.htm>
More information about the debian-security-tracker-commits
mailing list