[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Sun Dec 25 08:10:23 GMT 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
673cdbbc by security tracker role at 2022-12-25T08:10:12+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,21 @@
+CVE-2022-47952
+ RESERVED
+CVE-2022-47951
+ RESERVED
+CVE-2022-47950
+ RESERVED
+CVE-2022-47949 (The Nintendo NetworkBuffer class, as used in Animal Crossing: New Hori ...)
+ TODO: check
+CVE-2022-47948
+ RESERVED
+CVE-2022-47947
+ RESERVED
+CVE-2022-4734 (Exposure of Sensitive Information to an Unauthorized Actor in GitHub r ...)
+ TODO: check
+CVE-2022-4733 (Cross-site Scripting (XSS) - Stored in GitHub repository openemr/opene ...)
+ TODO: check
+CVE-2022-4732 (Unrestricted Upload of File with Dangerous Type in GitHub repository m ...)
+ TODO: check
CVE-2022-4731
RESERVED
CVE-2022-4730 (A vulnerability was found in Graphite Web. It has been classified as p ...)
@@ -10,7 +28,7 @@ CVE-2022-4727 (A vulnerability, which was classified as problematic, was found i
TODO: check
CVE-2022-4726 (A vulnerability classified as critical was found in SourceCodester San ...)
TODO: check
-CVE-2022-4725 (A vulnerability was found in AWS SDK 2.59.1. It has been rated as crit ...)
+CVE-2022-4725 (A vulnerability was found in AWS SDK 2.59.0. It has been rated as crit ...)
TODO: check
CVE-2021-4277
RESERVED
@@ -161,12 +179,12 @@ CVE-2022-47938 (An issue was discovered in ksmbd in the Linux kernel before 5.19
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/824d4f64c20093275f72fc8101394d75ff6a249e (6.0-rc1)
NOTE: https://www.zerodayinitiative.com/advisories/ZDI-CAN-17818/
-CVE-2022-47934
- RESERVED
-CVE-2022-47933
- RESERVED
-CVE-2022-47932
- RESERVED
+CVE-2022-47934 (Brave Browser before 1.43.88 allowed a remote attacker to cause a deni ...)
+ TODO: check
+CVE-2022-47933 (Brave Browser before 1.42.51 allowed a remote attacker to cause a deni ...)
+ TODO: check
+CVE-2022-47932 (Brave Browser before 1.43.34 allowed a remote attacker to cause a deni ...)
+ TODO: check
CVE-2022-47931 (IO FinNet tss-lib before 2.0.0 allows a collision of hash values. ...)
TODO: check
CVE-2022-47930
@@ -278,7 +296,7 @@ CVE-2022-4649
RESERVED
CVE-2020-36625 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in destiny.g ...)
TODO: check
-CVE-2020-36624 (A vulnerability was found in ahorner text-helpers 1.1.0/1.1.1. It has ...)
+CVE-2020-36624 (A vulnerability was found in ahorner text-helpers up to 1.0.x. It has ...)
TODO: check
CVE-2022-47925
RESERVED
@@ -294,7 +312,7 @@ CVE-2022-4645
RESERVED
CVE-2022-4644 (Open Redirect in GitHub repository ikus060/rdiffweb prior to 2.5.4. ...)
- rdiffweb <itp> (bug #969974)
-CVE-2022-4643 (A vulnerability was found in docconv up to 1.3.4. It has been declared ...)
+CVE-2022-4643 (A vulnerability was found in docconv up to 1.2.0. It has been declared ...)
NOT-FOR-US: docconv
CVE-2022-4642 (A vulnerability was found in tatoeba2. It has been classified as probl ...)
NOT-FOR-US: Tatoeba
@@ -308,7 +326,7 @@ CVE-2022-4639 (A vulnerability, which was classified as critical, has been found
NOTE: https://github.com/yrutschle/sslh/commit/b19f8a6046b080e4c2e28354a58556bb26040c6f
CVE-2022-4638 (A vulnerability classified as problematic was found in collective.cont ...)
NOT-FOR-US: collective.contact.widget
-CVE-2022-4637 (A vulnerability classified as problematic has been found in ep3-bs 1.8 ...)
+CVE-2022-4637 (A vulnerability classified as problematic has been found in ep3-bs up ...)
NOT-FOR-US: ep3-bs
CVE-2022-4636
RESERVED
@@ -362,9 +380,9 @@ CVE-2022-46658
RESERVED
CVE-2022-4634
RESERVED
-CVE-2022-4633 (A vulnerability was found in Auto Upload Images 3.3.1 and classified a ...)
+CVE-2022-4633 (A vulnerability was found in Auto Upload Images up to 3.3.0 and classi ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-4632 (A vulnerability has been found in Auto Upload Images 3.3.1 and classif ...)
+CVE-2022-4632 (A vulnerability has been found in Auto Upload Images up to 3.3.0 and c ...)
NOT-FOR-US: WordPress plugin
CVE-2022-4631 (A vulnerability, which was classified as problematic, was found in WP- ...)
NOT-FOR-US: WordPress plugin
@@ -440,7 +458,7 @@ CVE-2020-36622 (A vulnerability was found in sah-comp bienlein and classified as
NOT-FOR-US: sah-comp bienlein
CVE-2020-36621 (A vulnerability, which was classified as problematic, has been found i ...)
NOT-FOR-US: chedabob whatismyudid
-CVE-2020-36620 (A vulnerability was found in Brondahl EnumStringValues 4.0.1. It has b ...)
+CVE-2020-36620 (A vulnerability was found in Brondahl EnumStringValues up to 4.0.0. It ...)
NOT-FOR-US: Brondahl EnumStringValues
CVE-2023-22381
RESERVED
@@ -1298,7 +1316,7 @@ CVE-2021-4261 (A vulnerability classified as critical has been found in pacman-c
NOT-FOR-US: pacman-canvas
CVE-2021-4260 (A vulnerability was found in oils-js. It has been declared as critical ...)
NOT-FOR-US: oils-js
-CVE-2021-4259 (A vulnerability was found in phpRedisAdmin up to 1.17.3. It has been c ...)
+CVE-2021-4259 (A vulnerability was found in phpRedisAdmin up to 1.16.1. It has been c ...)
NOT-FOR-US: phpRedisAdmin
CVE-2021-4258 (** DISPUTED ** A vulnerability was found in whohas. It has been rated ...)
- whohas <unfixed> (unimportant)
@@ -2448,7 +2466,7 @@ CVE-2022-4562
RESERVED
CVE-2022-4561 (A vulnerability classified as problematic has been found in SemanticDr ...)
NOT-FOR-US: SemanticDrilldown MediaWiki extension
-CVE-2022-4560 (A vulnerability was found in Joget up to 7.0.32. It has been rated as ...)
+CVE-2022-4560 (A vulnerability was found in Joget up to 7.0.31. It has been rated as ...)
NOT-FOR-US: Joget
CVE-2022-4559 (A vulnerability was found in INEX IPX-Manager up to 6.2.0. It has been ...)
NOT-FOR-US: INEX IPX-Manager
@@ -2529,7 +2547,7 @@ CVE-2022-4529
RESERVED
CVE-2022-4528
RESERVED
-CVE-2022-4527 (A vulnerability was found in collective.task up to 3.0.9. It has been ...)
+CVE-2022-4527 (A vulnerability was found in collective.task up to 3.0.8. It has been ...)
NOT-FOR-US: collective.task
CVE-2022-4526 (A vulnerability was found in django-photologue up to 3.15.1 and classi ...)
NOT-FOR-US: django-photologue
@@ -7333,22 +7351,22 @@ CVE-2022-4139
NOTE: https://git.kernel.org/linus/04aa64375f48a5d430b5550d9271f8428883e550
CVE-2022-45897
RESERVED
-CVE-2022-45896
- RESERVED
-CVE-2022-45895
- RESERVED
-CVE-2022-45894
- RESERVED
-CVE-2022-45893
- RESERVED
-CVE-2022-45892
- RESERVED
-CVE-2022-45891
- RESERVED
-CVE-2022-45890
- RESERVED
-CVE-2022-45889
- RESERVED
+CVE-2022-45896 (Planet eStream before 6.72.10.07 allows unauthenticated upload of arbi ...)
+ TODO: check
+CVE-2022-45895 (Planet eStream before 6.72.10.07 discloses sensitive information, rela ...)
+ TODO: check
+CVE-2022-45894 (GetFile.aspx in Planet eStream before 6.72.10.07 allows ..\ directory ...)
+ TODO: check
+CVE-2022-45893 (Planet eStream before 6.72.10.07 allows a low-privileged user to gain ...)
+ TODO: check
+CVE-2022-45892 (In Planet eStream before 6.72.10.07, multiple Stored Cross-Site Script ...)
+ TODO: check
+CVE-2022-45891 (Planet eStream before 6.72.10.07 allows attackers to call restricted f ...)
+ TODO: check
+CVE-2022-45890 (In Planet eStream before 6.72.10.07, a Reflected Cross-Site Scripting ...)
+ TODO: check
+CVE-2022-45889 (Planet eStream before 6.72.10.07 allows a remote attacker (who is a pu ...)
+ TODO: check
CVE-2022-45888 (An issue was discovered in the Linux kernel through 6.0.9. drivers/cha ...)
- linux <unfixed>
[bullseye] - linux <not-affected> (Vulnerable code introduced later)
@@ -9495,8 +9513,7 @@ CVE-2022-3964 (A vulnerability classified as problematic has been found in ffmpe
[bullseye] - ffmpeg <postponed> (Wait until it lands in 4.1.x)
[buster] - ffmpeg <postponed> (Wait until it lands in 4.1.x)
NOTE: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/92f9b28ed84a77138105475beba16c146bdaf984
-CVE-2022-45197 [missing certificate hostname validation]
- RESERVED
+CVE-2022-45197 (Slixmpp before 1.8.3 lacks SSL Certificate hostname validation in XMLS ...)
- slixmpp 1.8.3-1
[bullseye] - slixmpp <no-dsa> (Minor issue)
[buster] - slixmpp <no-dsa> (Minor issue)
@@ -11967,8 +11984,7 @@ CVE-2022-44641 (In Linaro Automated Validation Architecture (LAVA) before 2022.1
- lava <unfixed> (bug #1024429)
NOTE: https://lists.lavasoftware.org/archives/list/lava-announce@lists.lavasoftware.org/thread/WHXGQMIZAPW3GCQEXYHC32N2ZAAAIYCY/
NOTE: https://git.lavasoftware.org/lava/lava/-/commit/1bee0f8957741582c2bed800974f31439c6f3ff5 (2022.11)
-CVE-2022-44640 [Invalid free in ASN.1 codec]
- RESERVED
+CVE-2022-44640 (Heimdal before 7.7.1 allows remote attackers to execute arbitrary code ...)
{DSA-5287-1 DLA-3206-1}
- heimdal 7.8.git20221115.a6cf945+dfsg-1 (bug #1024187)
- samba 2:4.17.4+dfsg-1
@@ -12799,10 +12815,10 @@ CVE-2022-44383
RESERVED
CVE-2022-44382
RESERVED
-CVE-2022-44381
- RESERVED
-CVE-2022-44380
- RESERVED
+CVE-2022-44381 (Snipe-IT through 6.0.14 allows attackers to check whether a user accou ...)
+ TODO: check
+CVE-2022-44380 (Snipe-IT before 6.0.14 is vulnerable to Cross Site Scripting (XSS) for ...)
+ TODO: check
CVE-2022-44379 (Automotive Shop Management System v1.0 is vulnerable to SQL Injection ...)
NOT-FOR-US: Automotive Shop Management System
CVE-2022-44378 (Automotive Shop Management System v1.0 is vulnerable to SQL via /asms/ ...)
@@ -13540,18 +13556,18 @@ CVE-2022-44019 (In Total.js 4 before 0e5ace7, /api/common/ping can achieve remot
NOT-FOR-US: Total.js CMS
CVE-2022-44018
RESERVED
-CVE-2022-44017
- RESERVED
-CVE-2022-44016
- RESERVED
-CVE-2022-44015
- RESERVED
-CVE-2022-44014
- RESERVED
-CVE-2022-44013
- RESERVED
-CVE-2022-44012
- RESERVED
+CVE-2022-44017 (An issue was discovered in Simmeth Lieferantenmanager before 5.6. Due ...)
+ TODO: check
+CVE-2022-44016 (An issue was discovered in Simmeth Lieferantenmanager before 5.6. An a ...)
+ TODO: check
+CVE-2022-44015 (An issue was discovered in Simmeth Lieferantenmanager before 5.6. An a ...)
+ TODO: check
+CVE-2022-44014 (An issue was discovered in Simmeth Lieferantenmanager before 5.6. In t ...)
+ TODO: check
+CVE-2022-44013 (An issue was discovered in Simmeth Lieferantenmanager before 5.6. An a ...)
+ TODO: check
+CVE-2022-44012 (An issue was discovered in /DS/LM_API/api/SelectionService/InsertQuery ...)
+ TODO: check
CVE-2022-44011
RESERVED
CVE-2022-44010
@@ -18218,8 +18234,8 @@ CVE-2022-42955 (The PassWork extension 5.0.9 for Chrome and other browsers allow
NOT-FOR-US: PassWork extension for Chrome
CVE-2022-42954 (Keyfactor EJBCA before 7.10.0 allows XSS. ...)
NOT-FOR-US: Keyfactor EJBCA
-CVE-2022-42953
- RESERVED
+CVE-2022-42953 (Certain ZKTeco products (ZEM500-510-560-760, ZEM600-800, ZEM720, ZMM) ...)
+ TODO: check
CVE-2022-42952
RESERVED
CVE-2022-42951
@@ -18496,8 +18512,7 @@ CVE-2022-42900 (Bentley MicroStation and MicroStation-based applications may be
NOT-FOR-US: Bentley
CVE-2022-42899 (Bentley MicroStation and MicroStation-based applications may be affect ...)
NOT-FOR-US: Bentley
-CVE-2022-42898 [krb5_pac_parse() buffer parsing vulnerability]
- RESERVED
+CVE-2022-42898 (PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x befo ...)
{DSA-5287-1 DSA-5286-1 DLA-3213-1 DLA-3206-1}
- heimdal 7.8.git20221115.a6cf945+dfsg-1 (bug #1024187)
- krb5 1.20.1-1 (bug #1024267)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/673cdbbcb966dac0701e21fc1f6ea43d6d5fbe66
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/673cdbbcb966dac0701e21fc1f6ea43d6d5fbe66
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221225/53b9959b/attachment.htm>
More information about the debian-security-tracker-commits
mailing list