[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Mon Nov 7 20:10:37 GMT 2022



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
3f6df6b0 by security tracker role at 2022-11-07T20:10:25+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,29 @@
+CVE-2022-45044
+	RESERVED
+CVE-2022-3883
+	RESERVED
+CVE-2022-3882
+	RESERVED
+CVE-2022-3881
+	RESERVED
+CVE-2022-3880
+	RESERVED
+CVE-2022-3879
+	RESERVED
+CVE-2022-3878 (A vulnerability classified as critical has been found in Maxon ERP. Th ...)
+	TODO: check
+CVE-2022-3877
+	RESERVED
+CVE-2022-3876
+	RESERVED
+CVE-2022-3875
+	RESERVED
+CVE-2022-3874
+	RESERVED
+CVE-2022-3873 (Cross-site Scripting (XSS) - DOM in GitHub repository jgraph/drawio pr ...)
+	TODO: check
+CVE-2022-3872
+	RESERVED
 CVE-2022-45043
 	RESERVED
 CVE-2022-45042
@@ -614,14 +640,14 @@ CVE-2022-44751
 	RESERVED
 CVE-2022-44750
 	RESERVED
-CVE-2022-44747
-	RESERVED
-CVE-2022-44746
-	RESERVED
-CVE-2022-44745
-	RESERVED
-CVE-2022-44744
-	RESERVED
+CVE-2022-44747 (Local privilege escalation due to improper soft link handling. The fol ...)
+	TODO: check
+CVE-2022-44746 (Sensitive information disclosure due to insecure folder permissions. T ...)
+	TODO: check
+CVE-2022-44745 (Sensitive information leak through log files. The following products a ...)
+	TODO: check
+CVE-2022-44744 (Local privilege escalation due to DLL hijacking vulnerability. The fol ...)
+	TODO: check
 CVE-2022-44743
 	RESERVED
 CVE-2022-44742
@@ -642,10 +668,10 @@ CVE-2022-44735
 	RESERVED
 CVE-2022-44734
 	RESERVED
-CVE-2022-44733
-	RESERVED
-CVE-2022-44732
-	RESERVED
+CVE-2022-44733 (Local privilege escalation due to insecure folder permissions. The fol ...)
+	TODO: check
+CVE-2022-44732 (Local privilege escalation due to insecure folder permissions. The fol ...)
+	TODO: check
 CVE-2022-3867
 	RESERVED
 CVE-2022-3866
@@ -1912,6 +1938,7 @@ CVE-2022-44640
 CVE-2022-44639
 	RESERVED
 CVE-2022-44638 (In libpixman in Pixman before 0.42.2, there is an out-of-bounds write  ...)
+	{DLA-3179-1}
 	- pixman 0.40.0-1.1 (bug #1023427)
 	NOTE: https://gitlab.freedesktop.org/pixman/pixman/-/commit/a1f88e842e0216a5b4df1ab023caebe33c101395 (pixman-0.42.2)
 	NOTE: https://gitlab.freedesktop.org/pixman/pixman/-/issues/63
@@ -2241,7 +2268,8 @@ CVE-2022-3810 (A vulnerability was found in Axiomatic Bento4. It has been classi
 	NOT-FOR-US: Bento4
 CVE-2022-3809 (A vulnerability was found in Axiomatic Bento4 and classified as proble ...)
 	NOT-FOR-US: Bento4
-CVE-2022-3808 (A vulnerability classified as problematic has been found in WebFactory ...)
+CVE-2022-3808
+	REJECTED
 	NOT-FOR-US: WebFactory Under Construction Plugin
 CVE-2022-3807 (A vulnerability was found in Axiomatic Bento4. It has been rated as pr ...)
 	NOT-FOR-US: Bento4
@@ -2553,7 +2581,8 @@ CVE-2022-3774 (A vulnerability was found in SourceCodester Train Scheduler App 1
 	NOT-FOR-US: SourceCodester Train Scheduler App
 CVE-2022-3773
 	REJECTED
-CVE-2022-3772 (A vulnerability, which was classified as problematic, was found in eas ...)
+CVE-2022-3772
+	REJECTED
 	NOT-FOR-US: easyii CMS
 CVE-2022-3771 (A vulnerability, which was classified as critical, has been found in e ...)
 	NOT-FOR-US: easyii CMS
@@ -3376,20 +3405,20 @@ CVE-2022-44056
 	RESERVED
 CVE-2022-44055
 	RESERVED
-CVE-2022-44054
-	RESERVED
-CVE-2022-44053
-	RESERVED
-CVE-2022-44052
-	RESERVED
-CVE-2022-44051
-	RESERVED
-CVE-2022-44050
-	RESERVED
-CVE-2022-44049
-	RESERVED
-CVE-2022-44048
-	RESERVED
+CVE-2022-44054 (The d8s-xml for python, as distributed on PyPI, included a potential c ...)
+	TODO: check
+CVE-2022-44053 (The d8s-networking for python, as distributed on PyPI, included a pote ...)
+	TODO: check
+CVE-2022-44052 (The d8s-dates for python, as distributed on PyPI, included a potential ...)
+	TODO: check
+CVE-2022-44051 (The d8s-stats for python, as distributed on PyPI, included a potential ...)
+	TODO: check
+CVE-2022-44050 (The d8s-networking for python, as distributed on PyPI, included a pote ...)
+	TODO: check
+CVE-2022-44049 (The d8s-python for python, as distributed on PyPI, included a potentia ...)
+	TODO: check
+CVE-2022-44048 (The d8s-urls for python, as distributed on PyPI, included a potential  ...)
+	TODO: check
 CVE-2022-44047
 	RESERVED
 CVE-2022-44046
@@ -7072,12 +7101,12 @@ CVE-2022-43354 (Sanitization Management System v1.0 was discovered to contain a
 	NOT-FOR-US: Sanitization Management System
 CVE-2022-43353 (Sanitization Management System v1.0 was discovered to contain a SQL in ...)
 	NOT-FOR-US: Sanitization Management System
-CVE-2022-43352
-	RESERVED
-CVE-2022-43351
-	RESERVED
-CVE-2022-43350
-	RESERVED
+CVE-2022-43352 (Sanitization Management System v1.0 was discovered to contain a SQL in ...)
+	TODO: check
+CVE-2022-43351 (Sanitization Management System v1.0 was discovered to contain an arbit ...)
+	TODO: check
+CVE-2022-43350 (Sanitization Management System v1.0 was discovered to contain a SQL in ...)
+	TODO: check
 CVE-2022-43349
 	RESERVED
 CVE-2022-43348
@@ -7138,12 +7167,12 @@ CVE-2022-43321
 	RESERVED
 CVE-2022-43320
 	RESERVED
-CVE-2022-43319
-	RESERVED
-CVE-2022-43318
-	RESERVED
-CVE-2022-43317
-	RESERVED
+CVE-2022-43319 (An information disclosure vulnerability in the component vcs/downloadF ...)
+	TODO: check
+CVE-2022-43318 (Human Resource Management System v1.0 was discovered to contain a SQL  ...)
+	TODO: check
+CVE-2022-43317 (A cross-site scripting (XSS) vulnerability in /hrm/index.php?msg of Hu ...)
+	TODO: check
 CVE-2022-43316
 	RESERVED
 CVE-2022-43315
@@ -7164,14 +7193,14 @@ CVE-2022-43308
 	RESERVED
 CVE-2022-43307
 	RESERVED
-CVE-2022-43306
-	RESERVED
-CVE-2022-43305
-	RESERVED
-CVE-2022-43304
-	RESERVED
-CVE-2022-43303
-	RESERVED
+CVE-2022-43306 (The d8s-timer for python, as distributed on PyPI, included a potential ...)
+	TODO: check
+CVE-2022-43305 (The d8s-python for python, as distributed on PyPI, included a potentia ...)
+	TODO: check
+CVE-2022-43304 (The d8s-timer for python, as distributed on PyPI, included a potential ...)
+	TODO: check
+CVE-2022-43303 (The d8s-strings for python, as distributed on PyPI, included a potenti ...)
+	TODO: check
 CVE-2022-43302
 	RESERVED
 CVE-2022-43301
@@ -7853,8 +7882,8 @@ CVE-2022-42992 (Multiple stored cross-site scripting (XSS) vulnerabilities in Tr
 	NOT-FOR-US: Train Scheduler App
 CVE-2022-42991 (A stored cross-site scripting (XSS) vulnerability in Simple Online Pub ...)
 	NOT-FOR-US: Simple Online Public Access Catalog
-CVE-2022-42990
-	RESERVED
+CVE-2022-42990 (Food Ordering Management System v1.0 was discovered to contain a SQL i ...)
+	TODO: check
 CVE-2022-42989
 	RESERVED
 CVE-2022-42988
@@ -7890,8 +7919,8 @@ CVE-2022-3559 (A vulnerability was found in Exim and classified as problematic.
 	[bullseye] - exim4 <no-dsa> (Minor issue)
 	[buster] - exim4 <no-dsa> (Minor issue)
 	NOTE: https://git.exim.org/exim.git/commit/4e9ed49f8f12eb331b29bd5b6dc3693c520fddc2
-CVE-2022-3558
-	RESERVED
+CVE-2022-3558 (The Import and export users and customers WordPress plugin before 1.20 ...)
+	TODO: check
 CVE-2022-3557
 	RESERVED
 CVE-2022-3556
@@ -7950,10 +7979,10 @@ CVE-2022-3539
 	RESERVED
 CVE-2022-3538
 	RESERVED
-CVE-2022-3537
-	RESERVED
-CVE-2022-3536
-	RESERVED
+CVE-2022-3537 (The Role Based Pricing for WooCommerce WordPress plugin before 1.6.2 d ...)
+	TODO: check
+CVE-2022-3536 (The Role Based Pricing for WooCommerce WordPress plugin before 1.6.3 d ...)
+	TODO: check
 CVE-2022-42986
 	RESERVED
 CVE-2022-42985
@@ -8071,10 +8100,10 @@ CVE-2022-42958
 	RESERVED
 CVE-2022-42957
 	RESERVED
-CVE-2022-42956
-	RESERVED
-CVE-2022-42955
-	RESERVED
+CVE-2022-42956 (The PassWork extension 5.0.9 for Chrome and other browsers allows an a ...)
+	TODO: check
+CVE-2022-42955 (The PassWork extension 5.0.9 for Chrome and other browsers allows an a ...)
+	TODO: check
 CVE-2022-42954
 	RESERVED
 CVE-2022-42953
@@ -8177,8 +8206,7 @@ CVE-2022-42922
 	RESERVED
 CVE-2022-42921
 	RESERVED
-CVE-2022-42920
-	RESERVED
+CVE-2022-42920 (Apache Commons BCEL has a number of APIs that would normally only allo ...)
 	- bcel 6.5.0-2
 	[bullseye] - bcel 6.5.0-1+deb11u1
 	[buster] - bcel 6.2-1+deb10u1
@@ -8294,8 +8322,8 @@ CVE-2022-3496 (A vulnerability was found in SourceCodester Human Resource Manage
 	NOT-FOR-US: SourceCodester
 CVE-2022-3495 (A vulnerability has been found in SourceCodester Simple Online Public  ...)
 	NOT-FOR-US: SourceCodester
-CVE-2022-3494
-	RESERVED
+CVE-2022-3494 (The Complianz WordPress plugin before 6.3.4, and Complianz Premium Wor ...)
+	TODO: check
 CVE-2022-3493 (A vulnerability, which was classified as problematic, has been found i ...)
 	NOT-FOR-US: SourceCodester Human Resource Management System
 CVE-2022-3492 (A vulnerability classified as critical was found in SourceCodester Hum ...)
@@ -8304,8 +8332,8 @@ CVE-2022-3491
 	RESERVED
 CVE-2022-3490
 	RESERVED
-CVE-2022-3489
-	RESERVED
+CVE-2022-3489 (The WP Hide WordPress plugin through 0.0.2 does not have authorisation ...)
+	TODO: check
 CVE-2022-3488
 	RESERVED
 CVE-2022-3487
@@ -8322,8 +8350,8 @@ CVE-2022-3483
 	- gitlab <unfixed>
 CVE-2022-3482
 	RESERVED
-CVE-2022-3481
-	RESERVED
+CVE-2022-3481 (The WooCommerce Dropshipping WordPress plugin before 4.4 does not prop ...)
+	TODO: check
 CVE-2022-3480
 	RESERVED
 CVE-2022-3479 (A vulnerability found in nss. By this security vulnerability, nss clie ...)
@@ -8414,10 +8442,10 @@ CVE-2022-3465 (A vulnerability classified as critical was found in Mediabridge M
 	NOT-FOR-US: Mediabridge Medialink
 CVE-2022-3464 (A vulnerability classified as problematic has been found in puppyCMS u ...)
 	NOT-FOR-US: puppyCMS
-CVE-2022-3463
-	RESERVED
-CVE-2022-3462
-	RESERVED
+CVE-2022-3463 (The Contact Form Plugin WordPress plugin before 4.3.13 does not valida ...)
+	TODO: check
+CVE-2022-3462 (The Highlight Focus WordPress plugin through 1.1 does not sanitise and ...)
+	TODO: check
 CVE-2022-42889 (Apache Commons Text performs variable interpolation, allowing properti ...)
 	- commons-text 1.10.0-1 (bug #1021787)
 	NOTE: https://www.openwall.com/lists/oss-security/2022/10/13/4
@@ -8755,8 +8783,8 @@ CVE-2022-42736
 	RESERVED
 CVE-2022-41797 (Improper authorization in handler for custom URL scheme vulnerability  ...)
 	NOT-FOR-US: Lemon8 App
-CVE-2022-3451
-	RESERVED
+CVE-2022-3451 (The Product Stock Manager WordPress plugin before 1.0.5 does not have  ...)
+	TODO: check
 CVE-2022-3450
 	RESERVED
 	{DSA-5253-1}
@@ -9441,8 +9469,8 @@ CVE-2022-41789
 	RESERVED
 CVE-2022-41611
 	RESERVED
-CVE-2022-3418
-	RESERVED
+CVE-2022-3418 (The Import any XML or CSV File to WordPress plugin before 3.6.9 is not ...)
+	TODO: check
 CVE-2022-3417
 	RESERVED
 CVE-2022-3416
@@ -18567,6 +18595,7 @@ CVE-2022-2998 (Use after free in Browser Creation in Google Chrome prior to 104.
 CVE-2022-2997 (Session Fixation in GitHub repository snipe/snipe-it prior to 6.0.10. ...)
 	- snipe-it <itp> (bug #1005172)
 CVE-2022-2996 (A flaw was found in the python-scciclient when making an HTTPS connect ...)
+	{DLA-3180-1}
 	- python-scciclient 0.12.3-2 (bug #1018213)
 	[bullseye] - python-scciclient <no-dsa> (Minor issue)
 	NOTE: https://opendev.org/x/python-scciclient/commit/274dca0344b65b4ac113d3271d21c17e970a636c (0.12)
@@ -20563,10 +20592,10 @@ CVE-2022-38166
 	RESERVED
 CVE-2022-38165
 	RESERVED
-CVE-2022-38164
-	RESERVED
-CVE-2022-38163
-	RESERVED
+CVE-2022-38164 (WithSecure through 2022-08-10 allows attackers to cause a denial of se ...)
+	TODO: check
+CVE-2022-38163 (WithSecure through 2022-08-10 allows attackers to cause a denial of se ...)
+	TODO: check
 CVE-2022-38162 (Reflected cross-site scripting (XSS) vulnerabilities in WithSecure thr ...)
 	NOT-FOR-US: WithSecure
 CVE-2022-38161 (The Gumstix Overo SBC on the VSKS board through 2022-08-09, as used on ...)
@@ -21267,11 +21296,9 @@ CVE-2022-37868
 	RESERVED
 CVE-2022-37867
 	RESERVED
-CVE-2022-37866
-	RESERVED
+CVE-2022-37866 (When Apache Ivy downloads artifacts from a repository it stores them i ...)
 	NOT-FOR-US: Apache Ivy
-CVE-2022-37865
-	RESERVED
+CVE-2022-37865 (With Apache Ivy 2.4.0 an optional packaging attribute has been introdu ...)
 	NOT-FOR-US: Apache Ivy
 CVE-2022-37864 (A vulnerability has been identified in Solid Edge (All Versions < S ...)
 	NOT-FOR-US: Solid Edge
@@ -21295,8 +21322,8 @@ CVE-2022-2713 (Insufficient Session Expiration in GitHub repository cockpit-hq/c
 	NOT-FOR-US: Cockpit-HQ/Cockpit
 CVE-2022-2712
 	RESERVED
-CVE-2022-2711
-	RESERVED
+CVE-2022-2711 (The Import any XML or CSV File to WordPress plugin before 3.6.9 is not ...)
+	TODO: check
 CVE-2022-2710 (The Scroll To Top WordPress plugin before 1.4.1 does not escape some o ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-2709 (The Float to Top Button WordPress plugin through 2.3.6 does not escape ...)
@@ -26983,8 +27010,8 @@ CVE-2022-2389 (The Abandoned Cart Recovery for WooCommerce, Follow Up Emails, Ne
 	NOT-FOR-US: WordPress plugin
 CVE-2022-2388 (The WP Coder WordPress plugin before 2.5.3 does not have CSRF check in ...)
 	NOT-FOR-US: WordPress plugin
-CVE-2022-2387
-	RESERVED
+CVE-2022-2387 (The Easy Digital Downloads WordPress plugin before 3.0 does not have C ...)
+	TODO: check
 CVE-2022-2386 (The Crowdsignal Dashboard WordPress plugin before 3.0.8 does not sanit ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-35648 (Nautilus treadmills T616 S/N 100672PRO21140001 through 100672PRO211719 ...)
@@ -30715,8 +30742,8 @@ CVE-2022-2190 (The Gallery Plugin for WordPress plugin before 1.8.4.7 does not e
 	NOT-FOR-US: WordPress plugin
 CVE-2022-2189 (The WP Video Lightbox WordPress plugin before 1.9.5 does not escape th ...)
 	NOT-FOR-US: WordPress plugin
-CVE-2022-2188
-	RESERVED
+CVE-2022-2188 (Privilege escalation vulnerability in DXL Broker for Windows prior to  ...)
+	TODO: check
 CVE-2022-2187 (The Contact Form 7 Captcha WordPress plugin before 0.1.2 does not esca ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-2186 (The Simple Post Notes WordPress plugin before 1.7.6 does not sanitise  ...)
@@ -83059,8 +83086,8 @@ CVE-2021-42207
 	RESERVED
 CVE-2021-42206
 	RESERVED
-CVE-2021-42205
-	RESERVED
+CVE-2021-42205 (ELAN Miniport touchpad Windows driver before 24.21.51.2, as used in PC ...)
+	TODO: check
 CVE-2021-42204 (An issue was discovered in swftools through 20201222. A heap-buffer-ov ...)
 	- swftools <removed>
 	[stretch] - swftools <no-dsa> (Minor issue)
@@ -130964,6 +130991,7 @@ CVE-2021-23240 (selinux_edit_copy_tfiles in sudoedit in Sudo before 1.9.5 allows
 	NOTE: https://www.sudo.ws/alerts/sudoedit_selinux.html
 	NOTE: Neutralised by kernel hardening (fs.protected_symlinks = 1)
 CVE-2021-23239 (The sudoedit personality of Sudo before 1.9.5 may allow a local unpriv ...)
+	{DLA-3181-1}
 	- sudo 1.9.5-1
 	[stretch] - sudo <no-dsa> (Minor issue)
 	NOTE: https://www.openwall.com/lists/oss-security/2021/01/11/2
@@ -187683,8 +187711,8 @@ CVE-2020-12511 (Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below
 	NOT-FOR-US: Pepperl+Fuchs Comtrol IO-Link Master
 CVE-2020-12510 (The default installation path of the TwinCAT XAR 3.1 software in all v ...)
 	NOT-FOR-US: Beckhoff
-CVE-2020-12509
-	RESERVED
+CVE-2020-12509 (In s::can moni::tools in versions below 4.2 an unauthenticated attacke ...)
+	TODO: check
 CVE-2020-12508
 	RESERVED
 CVE-2020-12507



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3f6df6b04a63542ce25b59ae30ebb4d0273b4813

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3f6df6b04a63542ce25b59ae30ebb4d0273b4813
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221107/a1846ece/attachment-0001.htm>


More information about the debian-security-tracker-commits mailing list