[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Dec 20 08:12:09 GMT 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
05550ed6 by security tracker role at 2022-12-20T08:10:47+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,11 @@
+CVE-2022-47579
+ RESERVED
+CVE-2022-47578
+ RESERVED
+CVE-2022-47577
+ RESERVED
+CVE-2022-4616
+ RESERVED
CVE-2023-22275
RESERVED
CVE-2023-22274
@@ -152,8 +160,8 @@ CVE-2022-47553
RESERVED
CVE-2022-47552
RESERVED
-CVE-2022-47551
- RESERVED
+CVE-2022-47551 (Apiman 1.5.7 through 2.2.3.Final has insufficient checks for read perm ...)
+ TODO: check
CVE-2022-47550
RESERVED
CVE-2022-47549 (An unprotected memory-access operation in optee_os in TrustedFirmware ...)
@@ -172,10 +180,10 @@ CVE-2022-47543
RESERVED
CVE-2022-47542
RESERVED
-CVE-2022-4615
- RESERVED
-CVE-2022-4614
- RESERVED
+CVE-2022-4615 (Cross-site Scripting (XSS) - Reflected in GitHub repository openemr/op ...)
+ TODO: check
+CVE-2022-4614 (Cross-site Scripting (XSS) - Stored in GitHub repository alagrede/znot ...)
+ TODO: check
CVE-2022-4613 (A vulnerability was found in Click Studios Passwordstate and Passwords ...)
NOT-FOR-US: Click Studios Passwordstate and Passwordstate Browser Extension Chrome
CVE-2022-4612 (A vulnerability has been found in Click Studios Passwordstate and Pass ...)
@@ -4559,16 +4567,16 @@ CVE-2022-46405 (Mastodon through 4.0.2 allows attackers to cause a denial of ser
- mastodon <itp> (bug #859741)
CVE-2022-46404 (A command injection vulnerability has been identified in Atos Unify Op ...)
NOT-FOR-US: Atos Unify OpenScape
-CVE-2022-46403
- RESERVED
-CVE-2022-46402
- RESERVED
-CVE-2022-46401
- RESERVED
-CVE-2022-46400
- RESERVED
-CVE-2022-46399
- RESERVED
+CVE-2022-46403 (The Microchip RN4870 module firmware 1.43 (and the Microchip PIC Light ...)
+ TODO: check
+CVE-2022-46402 (The Microchip RN4870 module firmware 1.43 (and the Microchip PIC Light ...)
+ TODO: check
+CVE-2022-46401 (The Microchip RN4870 module firmware 1.43 (and the Microchip PIC Light ...)
+ TODO: check
+CVE-2022-46400 (The Microchip RN4870 module firmware 1.43 (and the Microchip PIC Light ...)
+ TODO: check
+CVE-2022-46399 (The Microchip RN4870 module firmware 1.43 (and the Microchip PIC Light ...)
+ TODO: check
CVE-2022-46398
RESERVED
CVE-2022-46397
@@ -8926,8 +8934,8 @@ CVE-2022-45043 (Tenda AX12 V22.03.01.16_cn is vulnerable to command injection vi
NOT-FOR-US: Tenda
CVE-2022-45042
RESERVED
-CVE-2022-45041
- RESERVED
+CVE-2022-45041 (SQL Injection exits in xinhu < 2.5.0 ...)
+ TODO: check
CVE-2022-45040 (A cross-site scripting (XSS) vulnerability in /admin/pages/sections_sa ...)
NOT-FOR-US: WBCE CMS
CVE-2022-45039 (An arbitrary file upload vulnerability in the Server Settings module o ...)
@@ -9128,8 +9136,8 @@ CVE-2022-44942 (Casdoor before v1.126.1 was discovered to contain an arbitrary f
NOT-FOR-US: Casdoor
CVE-2022-44941
RESERVED
-CVE-2022-44940
- RESERVED
+CVE-2022-44940 (Patchelf v0.9 was discovered to contain an out-of-bounds read via the ...)
+ TODO: check
CVE-2022-44939
RESERVED
CVE-2022-44938 (Weak reset token generation in SeedDMS v6.0.20 and v5.1.7 allows attac ...)
@@ -9533,8 +9541,8 @@ CVE-2022-44758
RESERVED
CVE-2022-44757
RESERVED
-CVE-2022-44756
- RESERVED
+CVE-2022-44756 (Insights for Vulnerability Remediation (IVR) is vulnerable to improper ...)
+ TODO: check
CVE-2022-44755 (IBM Notes is susceptible to a stack based buffer overflow vulnerabilit ...)
NOT-FOR-US: IBM
CVE-2022-44754 (IBM Domino is susceptible to a stack based buffer overflow vulnerabili ...)
@@ -11412,8 +11420,8 @@ CVE-2022-44490
RESERVED
CVE-2022-44489
RESERVED
-CVE-2022-44488
- RESERVED
+CVE-2022-44488 (Adobe Experience Manager version 6.5.14 (and earlier) is affected by a ...)
+ TODO: check
CVE-2022-44487
RESERVED
CVE-2022-44486
@@ -11440,30 +11448,30 @@ CVE-2022-44476
RESERVED
CVE-2022-44475
RESERVED
-CVE-2022-44474
- RESERVED
+CVE-2022-44474 (Adobe Experience Manager version 6.5.14 (and earlier) is affected by a ...)
+ TODO: check
CVE-2022-44473 (Adobe Experience Manager version 6.5.14 (and earlier) is affected by a ...)
NOT-FOR-US: Adobe
CVE-2022-44472
RESERVED
-CVE-2022-44471
- RESERVED
-CVE-2022-44470
- RESERVED
+CVE-2022-44471 (Adobe Experience Manager version 6.5.14 (and earlier) is affected by a ...)
+ TODO: check
+CVE-2022-44470 (Adobe Experience Manager version 6.5.14 (and earlier) is affected by a ...)
+ TODO: check
CVE-2022-44469 (Adobe Experience Manager version 6.5.14 (and earlier) is affected by a ...)
NOT-FOR-US: Adobe
CVE-2022-44468 (Adobe Experience Manager version 6.5.14 (and earlier) is affected by a ...)
NOT-FOR-US: Adobe
-CVE-2022-44467
- RESERVED
-CVE-2022-44466
- RESERVED
-CVE-2022-44465
- RESERVED
+CVE-2022-44467 (Adobe Experience Manager version 6.5.14 (and earlier) is affected by a ...)
+ TODO: check
+CVE-2022-44466 (Adobe Experience Manager version 6.5.14 (and earlier) is affected by a ...)
+ TODO: check
+CVE-2022-44465 (Adobe Experience Manager version 6.5.14 (and earlier) is affected by a ...)
+ TODO: check
CVE-2022-44464
RESERVED
-CVE-2022-44463
- RESERVED
+CVE-2022-44463 (Adobe Experience Manager version 6.5.14 (and earlier) is affected by a ...)
+ TODO: check
CVE-2022-44462 (Adobe Experience Manager version 6.5.14 (and earlier) is affected by a ...)
NOT-FOR-US: Adobe
CVE-2022-44461
@@ -11502,8 +11510,7 @@ CVE-2022-3777
RESERVED
CVE-2022-3776 (The Restaurant Menu – Food Ordering System – Table Reserva ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-3775
- RESERVED
+CVE-2022-3775 (When rendering certain unicode sequences, grub2's font code doesn't pr ...)
{DSA-5280-1 DLA-3190-2 DLA-3190-1}
- grub2 2.06-5
NOTE: https://lists.gnu.org/archive/html/grub-devel/2022-11/msg00059.html
@@ -12224,10 +12231,10 @@ CVE-2022-44111
RESERVED
CVE-2022-44110
RESERVED
-CVE-2022-44109
- RESERVED
-CVE-2022-44108
- RESERVED
+CVE-2022-44109 (pdftojson commit 94204bb was discovered to contain a stack overflow vi ...)
+ TODO: check
+CVE-2022-44108 (pdftojson commit 94204bb was discovered to contain a stack overflow vi ...)
+ TODO: check
CVE-2022-44107
RESERVED
CVE-2022-44106
@@ -12503,8 +12510,8 @@ CVE-2022-43984 (Browsershot version 3.57.3 allows an external attacker to remote
NOT-FOR-US: Browsershot
CVE-2022-43983 (Browsershot version 3.57.2 allows an external attacker to remotely obt ...)
NOT-FOR-US: Browsershot
-CVE-2022-3752
- RESERVED
+CVE-2022-3752 (An unauthorized user could use a specially crafted sequence of Etherne ...)
+ TODO: check
CVE-2022-3751 (SQL Injection in GitHub repository owncast/owncast prior to 0.0.13. ...)
TODO: check
CVE-2022-43982 (In Apache Airflow versions prior to 2.4.2, the "Trigger DAG with confi ...)
@@ -14528,16 +14535,16 @@ CVE-2022-43889
RESERVED
CVE-2022-43888
RESERVED
-CVE-2022-43887
- RESERVED
+CVE-2022-43887 (IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 could be vulnerable to ...)
+ TODO: check
CVE-2022-43886
RESERVED
CVE-2022-43885
RESERVED
CVE-2022-43884
RESERVED
-CVE-2022-43883
- RESERVED
+CVE-2022-43883 (IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 could be vulnerable to ...)
+ TODO: check
CVE-2022-43882
RESERVED
CVE-2022-43881
@@ -18520,8 +18527,8 @@ CVE-2022-42456
RESERVED
CVE-2022-42455
RESERVED
-CVE-2022-42454
- RESERVED
+CVE-2022-42454 (Insights for Vulnerability Remediation (IVR) is vulnerable to man-in-t ...)
+ TODO: check
CVE-2022-42453 (There are insufficient warnings when a Fixlet is imported by a user. T ...)
TODO: check
CVE-2022-42452
@@ -18696,14 +18703,14 @@ CVE-2022-42367 (Adobe Experience Manager version 6.5.14 (and earlier) is affecte
NOT-FOR-US: Adobe
CVE-2022-42366 (Adobe Experience Manager version 6.5.14 (and earlier) is affected by a ...)
NOT-FOR-US: Adobe
-CVE-2022-42365
- RESERVED
-CVE-2022-42364
- RESERVED
+CVE-2022-42365 (Adobe Experience Manager version 6.5.14 (and earlier) is affected by a ...)
+ TODO: check
+CVE-2022-42364 (Adobe Experience Manager version 6.5.14 (and earlier) is affected by a ...)
+ TODO: check
CVE-2022-42363
RESERVED
-CVE-2022-42362
- RESERVED
+CVE-2022-42362 (Adobe Experience Manager version 6.5.14 (and earlier) is affected by a ...)
+ TODO: check
CVE-2022-42361
RESERVED
CVE-2022-42360 (Adobe Experience Manager version 6.5.14 (and earlier) is affected by a ...)
@@ -18712,32 +18719,32 @@ CVE-2022-42359
RESERVED
CVE-2022-42358
RESERVED
-CVE-2022-42357
- RESERVED
-CVE-2022-42356
- RESERVED
+CVE-2022-42357 (Adobe Experience Manager version 6.5.14 (and earlier) is affected by a ...)
+ TODO: check
+CVE-2022-42356 (Adobe Experience Manager version 6.5.14 (and earlier) is affected by a ...)
+ TODO: check
CVE-2022-42355
RESERVED
-CVE-2022-42354
- RESERVED
+CVE-2022-42354 (Adobe Experience Manager version 6.5.14 (and earlier) is affected by a ...)
+ TODO: check
CVE-2022-42353
RESERVED
-CVE-2022-42352
- RESERVED
+CVE-2022-42352 (Adobe Experience Manager version 6.5.14 (and earlier) is affected by a ...)
+ TODO: check
CVE-2022-42351 (Adobe Experience Manager version 6.5.14 (and earlier) is affected by a ...)
NOT-FOR-US: Adobe
-CVE-2022-42350
- RESERVED
-CVE-2022-42349
- RESERVED
-CVE-2022-42348
- RESERVED
+CVE-2022-42350 (Adobe Experience Manager version 6.5.14 (and earlier) is affected by a ...)
+ TODO: check
+CVE-2022-42349 (Adobe Experience Manager version 6.5.14 (and earlier) is affected by a ...)
+ TODO: check
+CVE-2022-42348 (Adobe Experience Manager version 6.5.14 (and earlier) is affected by a ...)
+ TODO: check
CVE-2022-42347
RESERVED
-CVE-2022-42346
- RESERVED
-CVE-2022-42345
- RESERVED
+CVE-2022-42346 (Adobe Experience Manager version 6.5.14 (and earlier) is affected by a ...)
+ TODO: check
+CVE-2022-42345 (Adobe Experience Manager version 6.5.14 (and earlier) is affected by a ...)
+ TODO: check
CVE-2022-42344 (Adobe Commerce versions 2.4.3-p2 (and earlier), 2.3.7-p3 (and earlier) ...)
NOT-FOR-US: Adobe
CVE-2022-42343 (Adobe Campaign version 7.3.1 (and earlier) and 8.3.9 (and earlier) are ...)
@@ -21239,8 +21246,8 @@ CVE-2022-41420 (nasm v2.16 was discovered to contain a stack overflow in the Ndi
NOTE: Negligible security impact
CVE-2022-41419 (Bento4 v1.6.0-639 was discovered to contain a memory leak via the AP4_ ...)
NOT-FOR-US: Bento4
-CVE-2022-41418
- RESERVED
+CVE-2022-41418 (An issue in the component BlogEngine/BlogEngine.NET/AppCode/Api/Upload ...)
+ TODO: check
CVE-2022-41417
RESERVED
CVE-2022-41416 (Online Tours & Travels Management System v1.0 was discovered to co ...)
@@ -23280,8 +23287,8 @@ CVE-2022-40609
RESERVED
CVE-2022-40608 (IBM Spectrum Protect Plus 10.1.6 through 10.1.11 Microsoft File System ...)
NOT-FOR-US: IBM
-CVE-2022-40607
- RESERVED
+CVE-2022-40607 (IBM Spectrum Scale 5.1 could allow users with permissions to create po ...)
+ TODO: check
CVE-2022-3192
RESERVED
CVE-2022-3191 (Insertion of Sensitive Information into Log File vulnerability in Hita ...)
@@ -23679,8 +23686,8 @@ CVE-2022-40436
RESERVED
CVE-2022-40435 (Employee Performance Evaluation System v1.0 was discovered to contain ...)
TODO: check
-CVE-2022-40434
- RESERVED
+CVE-2022-40434 (Softr v2.0 was discovered to be vulnerable to HTML injection via the N ...)
+ TODO: check
CVE-2022-40433
RESERVED
CVE-2022-40432 (The d8s-strings for python, as distributed on PyPI, included a potenti ...)
@@ -26761,8 +26768,8 @@ CVE-2022-39162
RESERVED
CVE-2022-39161
RESERVED
-CVE-2022-39160
- RESERVED
+CVE-2022-39160 (IBM Cognos Analytics 11.2.1, 11.2.0, and 11.1.7 is vulnerable to cross ...)
+ TODO: check
CVE-2022-3093
RESERVED
CVE-2022-3092 (GE CIMPICITY versions 2022 and prior is vulnerable to an out-of-bounds ...)
@@ -28149,8 +28156,8 @@ CVE-2022-38710 ("IBM Robotic Process Automation 21.0.1 and 21.0.2 could disclose
NOT-FOR-US: IBM
CVE-2022-38709 (IBM Robotic Process Automation 21.0.1, 21.0.2, and 21.0.3 for Cloud Pa ...)
NOT-FOR-US: IBM
-CVE-2022-38708
- RESERVED
+CVE-2022-38708 (IBM Cognos Analytics 11.1.7 11.2.0, and 11.2.1 could be vulnerable to ...)
+ TODO: check
CVE-2022-38707
RESERVED
CVE-2022-38706
@@ -36315,12 +36322,12 @@ CVE-2022-35697 (Adobe Experience Manager Core Components version 2.20.6 (and ear
NOT-FOR-US: Adobe
CVE-2022-35696 (Adobe Experience Manager version 6.5.14 (and earlier) is affected by a ...)
NOT-FOR-US: Adobe
-CVE-2022-35695
- RESERVED
+CVE-2022-35695 (Adobe Experience Manager version 6.5.14 (and earlier) is affected by a ...)
+ TODO: check
CVE-2022-35694 (Adobe Experience Manager version 6.5.14 (and earlier) is affected by a ...)
NOT-FOR-US: Adobe
-CVE-2022-35693
- RESERVED
+CVE-2022-35693 (Adobe Experience Manager version 6.5.14 (and earlier) is affected by a ...)
+ TODO: check
CVE-2022-35692 (Adobe Commerce versions 2.4.3-p2 (and earlier), 2.3.7-p3 (and earlier) ...)
NOT-FOR-US: Adobe
CVE-2022-35691 (Adobe Acrobat Reader versions 22.002.20212 (and earlier) and 20.005.30 ...)
@@ -50393,8 +50400,8 @@ CVE-2022-30681 (Adobe Experience Manager versions 6.5.13.0 (and earlier) is affe
NOT-FOR-US: Adobe
CVE-2022-30680 (Adobe Experience Manager versions 6.5.13.0 (and earlier) is affected b ...)
NOT-FOR-US: Adobe
-CVE-2022-30679
- RESERVED
+CVE-2022-30679 (Adobe Experience Manager version 6.5.14 (and earlier) is affected by a ...)
+ TODO: check
CVE-2022-30678 (Adobe Experience Manager versions 6.5.13.0 (and earlier) is affected b ...)
NOT-FOR-US: Adobe
CVE-2022-30677 (Adobe Experience Manager versions 6.5.13.0 (and earlier) is affected b ...)
@@ -72352,8 +72359,8 @@ CVE-2022-23545
RESERVED
CVE-2022-23544
RESERVED
-CVE-2022-23543
- RESERVED
+CVE-2022-23543 (Silverware Games is a social network where people can play games onlin ...)
+ TODO: check
CVE-2022-23542
RESERVED
CVE-2022-23541
@@ -72366,8 +72373,8 @@ CVE-2022-23538
RESERVED
CVE-2022-23537
RESERVED
-CVE-2022-23536
- RESERVED
+CVE-2022-23536 (Cortex provides multi-tenant, long term storage for Prometheus. A loca ...)
+ TODO: check
CVE-2022-23535
RESERVED
CVE-2022-23534
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/05550ed67792fcbc6f21adb75c850174a5ab7c51
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/05550ed67792fcbc6f21adb75c850174a5ab7c51
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221220/bc1386d4/attachment.htm>
More information about the debian-security-tracker-commits
mailing list