[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed Dec 21 20:10:30 GMT 2022 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
8986feae by security tracker role at 2022-12-21T20:10:20+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,129 @@
+CVE-2023-22388
+	RESERVED
+CVE-2023-22387
+	RESERVED
+CVE-2023-22386
+	RESERVED
+CVE-2023-22385
+	RESERVED
+CVE-2023-22384
+	RESERVED
+CVE-2023-22383
+	RESERVED
+CVE-2023-22382
+	RESERVED
+CVE-2022-47917
+	RESERVED
+CVE-2022-47912
+	RESERVED
+CVE-2022-47911
+	RESERVED
+CVE-2022-47896
+	RESERVED
+CVE-2022-47895
+	RESERVED
+CVE-2022-47894
+	RESERVED
+CVE-2022-47893
+	RESERVED
+CVE-2022-47892
+	RESERVED
+CVE-2022-47891
+	RESERVED
+CVE-2022-47395
+	RESERVED
+CVE-2022-47320
+	RESERVED
+CVE-2022-47311
+	RESERVED
+CVE-2022-46738
+	RESERVED
+CVE-2022-46733
+	RESERVED
+CVE-2022-46658
+	RESERVED
+CVE-2022-4634
+	RESERVED
+CVE-2022-4633 (A vulnerability was found in Auto Upload Images 3.3.1 and classified a ...)
+	TODO: check
+CVE-2022-4632 (A vulnerability has been found in Auto Upload Images 3.3.1 and classif ...)
+	TODO: check
+CVE-2022-4631 (A vulnerability, which was classified as problematic, was found in WP- ...)
+	TODO: check
+CVE-2022-46300
+	RESERVED
+CVE-2022-4630 (Sensitive Cookie Without 'HttpOnly' Flag in GitHub repository lirantal ...)
+	TODO: check
+CVE-2022-4629
+	RESERVED
+CVE-2022-46286
+	RESERVED
+CVE-2022-4628
+	RESERVED
+CVE-2022-4627
+	RESERVED
+CVE-2022-4626
+	RESERVED
+CVE-2022-4625
+	RESERVED
+CVE-2022-4624
+	RESERVED
+CVE-2022-4623
+	RESERVED
+CVE-2022-45876
+	RESERVED
+CVE-2022-45468
+	RESERVED
+CVE-2022-45444
+	RESERVED
+CVE-2022-45127
+	RESERVED
+CVE-2022-45121
+	RESERVED
+CVE-2022-43512
+	RESERVED
+CVE-2022-43483
+	RESERVED
+CVE-2022-43455
+	RESERVED
+CVE-2022-41989
+	RESERVED
+CVE-2022-41696
+	RESERVED
+CVE-2022-40633
+	RESERVED
+CVE-2021-4274 (A vulnerability, which was classified as problematic, has been found i ...)
+	TODO: check
+CVE-2021-4273 (A vulnerability classified as problematic was found in studygolang. Th ...)
+	TODO: check
+CVE-2021-4272 (A vulnerability classified as problematic has been found in studygolan ...)
+	TODO: check
+CVE-2021-4271 (A vulnerability was found in panicsteve w2wiki. It has been rated as p ...)
+	TODO: check
+CVE-2021-4270 (A vulnerability was found in Imprint CMS. It has been classified as pr ...)
+	TODO: check
+CVE-2021-4269 (A vulnerability has been found in SimpleRisk and classified as problem ...)
+	TODO: check
+CVE-2021-4268 (A vulnerability, which was classified as problematic, was found in php ...)
+	TODO: check
+CVE-2021-4267 (A vulnerability classified as problematic was found in tad_discuss. Af ...)
+	TODO: check
+CVE-2021-4266 (A vulnerability classified as problematic has been found in Webdetails ...)
+	TODO: check
+CVE-2021-4265 (A vulnerability was found in siwapp-ror. It has been rated as problema ...)
+	TODO: check
+CVE-2021-4264 (A vulnerability was found in LinkedIn dustjs 3.0.0 and classified as p ...)
+	TODO: check
+CVE-2021-4263 (A vulnerability, which was classified as problematic, has been found i ...)
+	TODO: check
+CVE-2020-36623 (A vulnerability was found in Pengu. It has been declared as problemati ...)
+	TODO: check
+CVE-2020-36622 (A vulnerability was found in sah-comp bienlein and classified as probl ...)
+	TODO: check
+CVE-2020-36621 (A vulnerability, which was classified as problematic, has been found i ...)
+	TODO: check
+CVE-2020-36620 (A vulnerability was found in Brondahl EnumStringValues 4.0.1. It has b ...)
+	TODO: check
 CVE-2023-22381
 	RESERVED
 CVE-2023-22380
@@ -634,8 +760,8 @@ CVE-2022-47583
 	RESERVED
 CVE-2022-47582
 	RESERVED
-CVE-2022-47581
-	RESERVED
+CVE-2022-47581 (Isode M-Vault 16.0v0 through 17.x before 17.0v24 can crash upon an LDA ...)
+	TODO: check
 CVE-2022-47580
 	RESERVED
 CVE-2022-4622
@@ -2573,8 +2699,8 @@ CVE-2022-47377 (Password recovery vulnerability in SICK SIM2000ST Partnumber 208
 	NOT-FOR-US: SICK SIM2000ST Partnumber 2086502
 CVE-2022-47376
 	RESERVED
-CVE-2022-46330
-	RESERVED
+CVE-2022-46330 (Squirrel.Windows is both a toolset and a library that provides install ...)
+	TODO: check
 CVE-2022-4475
 	RESERVED
 CVE-2022-4474
@@ -2611,8 +2737,8 @@ CVE-2022-4459
 	RESERVED
 CVE-2022-4458
 	RESERVED
-CVE-2022-43543
-	RESERVED
+CVE-2022-43543 (KDDI +Message App, NTT DOCOMO +Message App, and SoftBank +Message App  ...)
+	TODO: check
 CVE-2023-21723
 	RESERVED
 CVE-2023-21722
@@ -4592,8 +4718,8 @@ CVE-2022-45112
 	RESERVED
 CVE-2022-44607
 	RESERVED
-CVE-2022-44449
-	RESERVED
+CVE-2022-44449 (Stored cross-site scripting vulnerability in Zenphoto versions prior t ...)
+	TODO: check
 CVE-2022-43502
 	RESERVED
 CVE-2022-43498
@@ -4651,8 +4777,8 @@ CVE-2022-46665
 	RESERVED
 CVE-2022-46664 (A vulnerability has been identified in Mendix Workflow Commons (All ve ...)
 	NOT-FOR-US: Siemens
-CVE-2022-46662
-	RESERVED
+CVE-2022-46662 (Roxio Creator LJB starts another program with an unquoted file path. S ...)
+	TODO: check
 CVE-2022-4310
 	RESERVED
 CVE-2022-4309
@@ -4705,8 +4831,8 @@ CVE-2022-46298
 	RESERVED
 CVE-2022-46283
 	RESERVED
-CVE-2022-46282
-	RESERVED
+CVE-2022-46282 (Use after free vulnerability in CX-Drive V3.00 and earlier allows a lo ...)
+	TODO: check
 CVE-2022-45469
 	RESERVED
 CVE-2022-43666
@@ -6448,10 +6574,10 @@ CVE-2022-46098
 	RESERVED
 CVE-2022-46097
 	RESERVED
-CVE-2022-46096
-	RESERVED
-CVE-2022-46095
-	RESERVED
+CVE-2022-46096 (A Cross site scripting (XSS) vulnerability in Sourcecodester Online Co ...)
+	TODO: check
+CVE-2022-46095 (Sourcecodester Covid-19 Directory on Vaccination System 1.0 was discov ...)
+	TODO: check
 CVE-2022-46094
 	RESERVED
 CVE-2022-46093
@@ -23359,8 +23485,8 @@ CVE-2022-40843 (The Tenda AC1200 V-W15Ev2 V15.11.0.10(1576) router is vulnerable
 	NOT-FOR-US: Tenda
 CVE-2022-40842 (ndk design NdkAdvancedCustomizationFields 3.5.0 is vulnerable to Serve ...)
 	NOT-FOR-US: NdkAdvancedCustomizationFields
-CVE-2022-40841
-	RESERVED
+CVE-2022-40841 (A cross-site scripting (XSS) vulnerability in NdkAdvancedCustomization ...)
+	TODO: check
 CVE-2022-40840 (ndk design NdkAdvancedCustomizationFields 3.5.0 is vulnerable to Cross ...)
 	NOT-FOR-US: NdkAdvancedCustomizationFields
 CVE-2022-40839 (A SQL injection vulnerability in the height and width parameter in Ndk ...)
@@ -25083,8 +25209,8 @@ CVE-2022-40146 (Server-Side Request Forgery (SSRF) vulnerability in Batik of Apa
 	NOTE: https://issues.apache.org/jira/browse/BATIK-1335
 	NOTE: http://svn.apache.org/viewvc?view=revision&revision=1903910
 	NOTE: https://www.zerodayinitiative.com/blog/2022/10/28/vulnerabilities-in-apache-batik-default-security-controls-ssrf-and-rce-through-remote-class-loading
-CVE-2022-40145
-	RESERVED
+CVE-2022-40145 (This vulnerable is about a potential code injection when an attacker h ...)
+	TODO: check
 CVE-2022-3155
 	RESERVED
 	- thunderbird <not-affected> (Only affects MacOS)
@@ -28573,8 +28699,8 @@ CVE-2022-3013 (A vulnerability classified as critical has been found in SourceCo
 	NOT-FOR-US: SourceCodester Simple Task Managing System
 CVE-2022-3012 (A vulnerability was found in oretnom23 Fast Food Ordering System. It h ...)
 	NOT-FOR-US: oretnom23 Fast Food Ordering System
-CVE-2022-38065
-	RESERVED
+CVE-2022-38065 (A privilege escalation vulnerability exists in the oslo.privsep functi ...)
+	TODO: check
 CVE-2022-3011
 	RESERVED
 CVE-2022-38785
@@ -30787,8 +30913,7 @@ CVE-2022-38087
 	RESERVED
 CVE-2022-38076
 	RESERVED
-CVE-2022-38060
-	RESERVED
+CVE-2022-38060 (A privilege escalation vulnerability exists in the sudo functionality  ...)
 	- kolla <itp> (bug #804128)
 	NOTE: https://bugs.launchpad.net/kolla/+bug/1985784
 CVE-2022-38056
@@ -35721,10 +35846,10 @@ CVE-2022-36224 (XunRuiCMS V4.5.6 is vulnerable to Cross Site Request Forgery (CS
 	NOT-FOR-US: XunRuiCMS
 CVE-2022-36223 (In Emby Server 4.6.7.0, the playlist name field is vulnerable to XSS s ...)
 	NOT-FOR-US: Emby Server
-CVE-2022-36222
-	RESERVED
-CVE-2022-36221
-	RESERVED
+CVE-2022-36222 (Nokia Fastmile 3tg00118abad52 devices shipped by Optus are shipped wit ...)
+	TODO: check
+CVE-2022-36221 (Nokia Fastmile 3tg00118abad52 is affected by an authenticated path tra ...)
+	TODO: check
 CVE-2022-36220 (Kiosk breakout (without quit password) in Safe Exam Browser (Windows)  ...)
 	NOT-FOR-US: Safe Exam Browser
 CVE-2022-36219



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8986feae3571bad6c6bd642a522155c7fba82b6c

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8986feae3571bad6c6bd642a522155c7fba82b6c
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221221/0b34aa41/attachment.htm>

More information about the debian-security-tracker-commits mailing list