[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Dec 22 08:10:25 GMT 2022 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
397a68ea by security tracker role at 2022-12-22T08:10:15+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,37 @@
+CVE-2022-47925
+	RESERVED
+CVE-2022-47924
+	RESERVED
+CVE-2022-4648
+	RESERVED
+CVE-2022-4647 (Cross-site Scripting (XSS) - Stored in GitHub repository microweber/mi ...)
+	TODO: check
+CVE-2022-4646 (Cross-Site Request Forgery (CSRF) in GitHub repository ikus060/rdiffwe ...)
+	TODO: check
+CVE-2022-4645
+	RESERVED
+CVE-2022-4644 (Open Redirect in GitHub repository ikus060/rdiffweb prior to 2.5.4. ...)
+	TODO: check
+CVE-2022-4643 (A vulnerability was found in docconv up to 1.3.4. It has been declared ...)
+	TODO: check
+CVE-2022-4642 (A vulnerability was found in tatoeba2. It has been classified as probl ...)
+	TODO: check
+CVE-2022-4641 (A vulnerability was found in pig-vector and classified as problematic. ...)
+	TODO: check
+CVE-2022-4640 (A vulnerability has been found in Mingsoft MCMS 5.2.9 and classified a ...)
+	TODO: check
+CVE-2022-4639 (A vulnerability, which was classified as critical, has been found in s ...)
+	TODO: check
+CVE-2022-4638 (A vulnerability classified as problematic was found in collective.cont ...)
+	TODO: check
+CVE-2022-4637 (A vulnerability classified as problematic has been found in ep3-bs 1.8 ...)
+	TODO: check
+CVE-2022-4636
+	RESERVED
+CVE-2022-4635
+	RESERVED
+CVE-2021-4275 (A vulnerability, which was classified as problematic, was found in kat ...)
+	TODO: check
 CVE-2023-22388
 	RESERVED
 CVE-2023-22387
@@ -5899,8 +5933,8 @@ CVE-2022-46336
 	RESERVED
 CVE-2022-46335
 	RESERVED
-CVE-2022-46334
-	RESERVED
+CVE-2022-46334 (Proofpoint Enterprise Protection (PPS/PoD) contains a vulnerability wh ...)
+	TODO: check
 CVE-2022-46333 (The admin user interface in Proofpoint Enterprise Protection (PPS/PoD) ...)
 	NOT-FOR-US: Proofpoint
 CVE-2022-46332 (The Admin Smart Search feature in Proofpoint Enterprise Protection (PP ...)
@@ -17068,8 +17102,8 @@ CVE-2022-43272 (DCMTK v3.6.7 was discovered to contain a memory leak via the T_A
 	[bullseye] - dcmtk <no-dsa> (Minor issue)
 	NOTE: https://github.com/songxpu/bug_report/tree/master/DCMTK/memory_leak_in_3.6.7
 	NOTE: Fixed by: https://github.com/DCMTK/dcmtk/commit/c34f4e46e672ad21accf04da0dc085e43be6f5e1
-CVE-2022-43271
-	RESERVED
+CVE-2022-43271 (Inhabit Systems Pty Ltd Move CRM version 4, build 260 was discovered t ...)
+	TODO: check
 CVE-2022-43270
 	RESERVED
 CVE-2022-43269
@@ -18041,6 +18075,7 @@ CVE-2022-3517 (A vulnerability was found in the minimatch package. This flaw all
 CVE-2022-3516 (Cross-site Scripting (XSS) - Stored in GitHub repository librenms/libr ...)
 	NOT-FOR-US: LibreNMS
 CVE-2022-47629 (Libksba before 1.6.3 is prone to an integer overflow vulnerability in  ...)
+	{DSA-5305-1}
 	- libksba 1.6.3-1
 	NOTE: https://dev.gnupg.org/T6284
 	NOTE: Fixed by: https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libksba.git;a=commit;h=f61a5ea4e0f6a80fd4b28ef0174bee77793cf070 (libksba-1.6.3)
@@ -24148,20 +24183,20 @@ CVE-2022-3190 (Infinite loop in the F5 Ethernet Trailer protocol dissector in Wi
 	[buster] - wireshark <postponed> (Minor issue)
 	NOTE: https://gitlab.com/wireshark/wireshark/-/issues/18307
 	NOTE: https://www.wireshark.org/security/wnpa-sec-2022-06.html
-CVE-2022-3189
-	RESERVED
-CVE-2022-3188
-	RESERVED
-CVE-2022-3187
-	RESERVED
-CVE-2022-3186
-	RESERVED
-CVE-2022-3185
-	RESERVED
-CVE-2022-3184
-	RESERVED
-CVE-2022-3183
-	RESERVED
+CVE-2022-3189 (Dataprobe iBoot-PDU FW versions prior to 1.42.06162022 contain a vulne ...)
+	TODO: check
+CVE-2022-3188 (Dataprobe iBoot-PDU FW versions prior to 1.42.06162022 contain a vulne ...)
+	TODO: check
+CVE-2022-3187 (Dataprobe iBoot-PDU FW versions prior to 1.42.06162022 contain a vulne ...)
+	TODO: check
+CVE-2022-3186 (Dataprobe iBoot-PDU FW versions prior to 1.42.06162022 contain a vulne ...)
+	TODO: check
+CVE-2022-3185 (Dataprobe iBoot-PDU FW versions prior to 1.42.06162022 contain a vulne ...)
+	TODO: check
+CVE-2022-3184 (Dataprobe iBoot-PDU FW versions prior to 1.42.06162022 contain a vulne ...)
+	TODO: check
+CVE-2022-3183 (Dataprobe iBoot-PDU FW versions prior to 1.42.06162022 contain a vulne ...)
+	TODO: check
 CVE-2022-3182 (Improper Access Control vulnerability in the Duo SMS two-factor of Dev ...)
 	NOT-FOR-US: Devolutions Remote Desktop Manager
 CVE-2022-40606 (MITRE CALDERA before 4.1.0 allows XSS in the Operations tab and/or Deb ...)
@@ -65112,8 +65147,8 @@ CVE-2022-25951
 	RESERVED
 CVE-2022-25950
 	RESERVED
-CVE-2022-25948
-	RESERVED
+CVE-2022-25948 (The package liquidjs before 10.0.0 are vulnerable to Information Expos ...)
+	TODO: check
 CVE-2022-25947
 	RESERVED
 CVE-2022-25945
@@ -73198,8 +73233,8 @@ CVE-2022-23553
 	RESERVED
 CVE-2022-23552
 	RESERVED
-CVE-2022-23551
-	RESERVED
+CVE-2022-23551 (aad-pod-identity assigns Azure Active Directory identities to Kubernet ...)
+	TODO: check
 CVE-2022-23550
 	RESERVED
 CVE-2022-23549
@@ -73242,8 +73277,8 @@ CVE-2022-23531 (GuardDog is a CLI tool to identify malicious PyPI packages. Vers
 	TODO: check
 CVE-2022-23530 (GuardDog is a CLI tool to identify malicious PyPI packages. Versions p ...)
 	TODO: check
-CVE-2022-23529
-	RESERVED
+CVE-2022-23529 (node-jsonwebtoken is a JsonWebToken implementation for node.js. For ve ...)
+	TODO: check
 CVE-2022-23528
 	RESERVED
 CVE-2022-23527 (mod_auth_openidc is an OpenID Certified™ authentication and auth ...)
@@ -87423,8 +87458,8 @@ CVE-2021-43659 (In halo 1.4.14, the function point of uploading the avatar, any
 	NOT-FOR-US: Halo
 CVE-2021-43658
 	RESERVED
-CVE-2021-43657
-	RESERVED
+CVE-2021-43657 (A Stored Cross-site scripting (XSS) vulnerability via MAster.php in So ...)
+	TODO: check
 CVE-2021-43656
 	RESERVED
 CVE-2021-43655
@@ -107852,8 +107887,8 @@ CVE-2021-36633
 	RESERVED
 CVE-2021-36632
 	RESERVED
-CVE-2021-36631
-	RESERVED
+CVE-2021-36631 (Untrusted search path vulnerability in Baidunetdisk Version 7.4.3 and  ...)
+	TODO: check
 CVE-2021-36630
 	RESERVED
 CVE-2021-36629



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/397a68ea52b84b045a271c8a6b837b8c6e9d7246

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/397a68ea52b84b045a271c8a6b837b8c6e9d7246
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221222/2a236c92/attachment.htm>

More information about the debian-security-tracker-commits mailing list