[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Mon Nov 7 20:10:37 GMT 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
3f6df6b0 by security tracker role at 2022-11-07T20:10:25+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,29 @@
+CVE-2022-45044
+ RESERVED
+CVE-2022-3883
+ RESERVED
+CVE-2022-3882
+ RESERVED
+CVE-2022-3881
+ RESERVED
+CVE-2022-3880
+ RESERVED
+CVE-2022-3879
+ RESERVED
+CVE-2022-3878 (A vulnerability classified as critical has been found in Maxon ERP. Th ...)
+ TODO: check
+CVE-2022-3877
+ RESERVED
+CVE-2022-3876
+ RESERVED
+CVE-2022-3875
+ RESERVED
+CVE-2022-3874
+ RESERVED
+CVE-2022-3873 (Cross-site Scripting (XSS) - DOM in GitHub repository jgraph/drawio pr ...)
+ TODO: check
+CVE-2022-3872
+ RESERVED
CVE-2022-45043
RESERVED
CVE-2022-45042
@@ -614,14 +640,14 @@ CVE-2022-44751
RESERVED
CVE-2022-44750
RESERVED
-CVE-2022-44747
- RESERVED
-CVE-2022-44746
- RESERVED
-CVE-2022-44745
- RESERVED
-CVE-2022-44744
- RESERVED
+CVE-2022-44747 (Local privilege escalation due to improper soft link handling. The fol ...)
+ TODO: check
+CVE-2022-44746 (Sensitive information disclosure due to insecure folder permissions. T ...)
+ TODO: check
+CVE-2022-44745 (Sensitive information leak through log files. The following products a ...)
+ TODO: check
+CVE-2022-44744 (Local privilege escalation due to DLL hijacking vulnerability. The fol ...)
+ TODO: check
CVE-2022-44743
RESERVED
CVE-2022-44742
@@ -642,10 +668,10 @@ CVE-2022-44735
RESERVED
CVE-2022-44734
RESERVED
-CVE-2022-44733
- RESERVED
-CVE-2022-44732
- RESERVED
+CVE-2022-44733 (Local privilege escalation due to insecure folder permissions. The fol ...)
+ TODO: check
+CVE-2022-44732 (Local privilege escalation due to insecure folder permissions. The fol ...)
+ TODO: check
CVE-2022-3867
RESERVED
CVE-2022-3866
@@ -1912,6 +1938,7 @@ CVE-2022-44640
CVE-2022-44639
RESERVED
CVE-2022-44638 (In libpixman in Pixman before 0.42.2, there is an out-of-bounds write ...)
+ {DLA-3179-1}
- pixman 0.40.0-1.1 (bug #1023427)
NOTE: https://gitlab.freedesktop.org/pixman/pixman/-/commit/a1f88e842e0216a5b4df1ab023caebe33c101395 (pixman-0.42.2)
NOTE: https://gitlab.freedesktop.org/pixman/pixman/-/issues/63
@@ -2241,7 +2268,8 @@ CVE-2022-3810 (A vulnerability was found in Axiomatic Bento4. It has been classi
NOT-FOR-US: Bento4
CVE-2022-3809 (A vulnerability was found in Axiomatic Bento4 and classified as proble ...)
NOT-FOR-US: Bento4
-CVE-2022-3808 (A vulnerability classified as problematic has been found in WebFactory ...)
+CVE-2022-3808
+ REJECTED
NOT-FOR-US: WebFactory Under Construction Plugin
CVE-2022-3807 (A vulnerability was found in Axiomatic Bento4. It has been rated as pr ...)
NOT-FOR-US: Bento4
@@ -2553,7 +2581,8 @@ CVE-2022-3774 (A vulnerability was found in SourceCodester Train Scheduler App 1
NOT-FOR-US: SourceCodester Train Scheduler App
CVE-2022-3773
REJECTED
-CVE-2022-3772 (A vulnerability, which was classified as problematic, was found in eas ...)
+CVE-2022-3772
+ REJECTED
NOT-FOR-US: easyii CMS
CVE-2022-3771 (A vulnerability, which was classified as critical, has been found in e ...)
NOT-FOR-US: easyii CMS
@@ -3376,20 +3405,20 @@ CVE-2022-44056
RESERVED
CVE-2022-44055
RESERVED
-CVE-2022-44054
- RESERVED
-CVE-2022-44053
- RESERVED
-CVE-2022-44052
- RESERVED
-CVE-2022-44051
- RESERVED
-CVE-2022-44050
- RESERVED
-CVE-2022-44049
- RESERVED
-CVE-2022-44048
- RESERVED
+CVE-2022-44054 (The d8s-xml for python, as distributed on PyPI, included a potential c ...)
+ TODO: check
+CVE-2022-44053 (The d8s-networking for python, as distributed on PyPI, included a pote ...)
+ TODO: check
+CVE-2022-44052 (The d8s-dates for python, as distributed on PyPI, included a potential ...)
+ TODO: check
+CVE-2022-44051 (The d8s-stats for python, as distributed on PyPI, included a potential ...)
+ TODO: check
+CVE-2022-44050 (The d8s-networking for python, as distributed on PyPI, included a pote ...)
+ TODO: check
+CVE-2022-44049 (The d8s-python for python, as distributed on PyPI, included a potentia ...)
+ TODO: check
+CVE-2022-44048 (The d8s-urls for python, as distributed on PyPI, included a potential ...)
+ TODO: check
CVE-2022-44047
RESERVED
CVE-2022-44046
@@ -7072,12 +7101,12 @@ CVE-2022-43354 (Sanitization Management System v1.0 was discovered to contain a
NOT-FOR-US: Sanitization Management System
CVE-2022-43353 (Sanitization Management System v1.0 was discovered to contain a SQL in ...)
NOT-FOR-US: Sanitization Management System
-CVE-2022-43352
- RESERVED
-CVE-2022-43351
- RESERVED
-CVE-2022-43350
- RESERVED
+CVE-2022-43352 (Sanitization Management System v1.0 was discovered to contain a SQL in ...)
+ TODO: check
+CVE-2022-43351 (Sanitization Management System v1.0 was discovered to contain an arbit ...)
+ TODO: check
+CVE-2022-43350 (Sanitization Management System v1.0 was discovered to contain a SQL in ...)
+ TODO: check
CVE-2022-43349
RESERVED
CVE-2022-43348
@@ -7138,12 +7167,12 @@ CVE-2022-43321
RESERVED
CVE-2022-43320
RESERVED
-CVE-2022-43319
- RESERVED
-CVE-2022-43318
- RESERVED
-CVE-2022-43317
- RESERVED
+CVE-2022-43319 (An information disclosure vulnerability in the component vcs/downloadF ...)
+ TODO: check
+CVE-2022-43318 (Human Resource Management System v1.0 was discovered to contain a SQL ...)
+ TODO: check
+CVE-2022-43317 (A cross-site scripting (XSS) vulnerability in /hrm/index.php?msg of Hu ...)
+ TODO: check
CVE-2022-43316
RESERVED
CVE-2022-43315
@@ -7164,14 +7193,14 @@ CVE-2022-43308
RESERVED
CVE-2022-43307
RESERVED
-CVE-2022-43306
- RESERVED
-CVE-2022-43305
- RESERVED
-CVE-2022-43304
- RESERVED
-CVE-2022-43303
- RESERVED
+CVE-2022-43306 (The d8s-timer for python, as distributed on PyPI, included a potential ...)
+ TODO: check
+CVE-2022-43305 (The d8s-python for python, as distributed on PyPI, included a potentia ...)
+ TODO: check
+CVE-2022-43304 (The d8s-timer for python, as distributed on PyPI, included a potential ...)
+ TODO: check
+CVE-2022-43303 (The d8s-strings for python, as distributed on PyPI, included a potenti ...)
+ TODO: check
CVE-2022-43302
RESERVED
CVE-2022-43301
@@ -7853,8 +7882,8 @@ CVE-2022-42992 (Multiple stored cross-site scripting (XSS) vulnerabilities in Tr
NOT-FOR-US: Train Scheduler App
CVE-2022-42991 (A stored cross-site scripting (XSS) vulnerability in Simple Online Pub ...)
NOT-FOR-US: Simple Online Public Access Catalog
-CVE-2022-42990
- RESERVED
+CVE-2022-42990 (Food Ordering Management System v1.0 was discovered to contain a SQL i ...)
+ TODO: check
CVE-2022-42989
RESERVED
CVE-2022-42988
@@ -7890,8 +7919,8 @@ CVE-2022-3559 (A vulnerability was found in Exim and classified as problematic.
[bullseye] - exim4 <no-dsa> (Minor issue)
[buster] - exim4 <no-dsa> (Minor issue)
NOTE: https://git.exim.org/exim.git/commit/4e9ed49f8f12eb331b29bd5b6dc3693c520fddc2
-CVE-2022-3558
- RESERVED
+CVE-2022-3558 (The Import and export users and customers WordPress plugin before 1.20 ...)
+ TODO: check
CVE-2022-3557
RESERVED
CVE-2022-3556
@@ -7950,10 +7979,10 @@ CVE-2022-3539
RESERVED
CVE-2022-3538
RESERVED
-CVE-2022-3537
- RESERVED
-CVE-2022-3536
- RESERVED
+CVE-2022-3537 (The Role Based Pricing for WooCommerce WordPress plugin before 1.6.2 d ...)
+ TODO: check
+CVE-2022-3536 (The Role Based Pricing for WooCommerce WordPress plugin before 1.6.3 d ...)
+ TODO: check
CVE-2022-42986
RESERVED
CVE-2022-42985
@@ -8071,10 +8100,10 @@ CVE-2022-42958
RESERVED
CVE-2022-42957
RESERVED
-CVE-2022-42956
- RESERVED
-CVE-2022-42955
- RESERVED
+CVE-2022-42956 (The PassWork extension 5.0.9 for Chrome and other browsers allows an a ...)
+ TODO: check
+CVE-2022-42955 (The PassWork extension 5.0.9 for Chrome and other browsers allows an a ...)
+ TODO: check
CVE-2022-42954
RESERVED
CVE-2022-42953
@@ -8177,8 +8206,7 @@ CVE-2022-42922
RESERVED
CVE-2022-42921
RESERVED
-CVE-2022-42920
- RESERVED
+CVE-2022-42920 (Apache Commons BCEL has a number of APIs that would normally only allo ...)
- bcel 6.5.0-2
[bullseye] - bcel 6.5.0-1+deb11u1
[buster] - bcel 6.2-1+deb10u1
@@ -8294,8 +8322,8 @@ CVE-2022-3496 (A vulnerability was found in SourceCodester Human Resource Manage
NOT-FOR-US: SourceCodester
CVE-2022-3495 (A vulnerability has been found in SourceCodester Simple Online Public ...)
NOT-FOR-US: SourceCodester
-CVE-2022-3494
- RESERVED
+CVE-2022-3494 (The Complianz WordPress plugin before 6.3.4, and Complianz Premium Wor ...)
+ TODO: check
CVE-2022-3493 (A vulnerability, which was classified as problematic, has been found i ...)
NOT-FOR-US: SourceCodester Human Resource Management System
CVE-2022-3492 (A vulnerability classified as critical was found in SourceCodester Hum ...)
@@ -8304,8 +8332,8 @@ CVE-2022-3491
RESERVED
CVE-2022-3490
RESERVED
-CVE-2022-3489
- RESERVED
+CVE-2022-3489 (The WP Hide WordPress plugin through 0.0.2 does not have authorisation ...)
+ TODO: check
CVE-2022-3488
RESERVED
CVE-2022-3487
@@ -8322,8 +8350,8 @@ CVE-2022-3483
- gitlab <unfixed>
CVE-2022-3482
RESERVED
-CVE-2022-3481
- RESERVED
+CVE-2022-3481 (The WooCommerce Dropshipping WordPress plugin before 4.4 does not prop ...)
+ TODO: check
CVE-2022-3480
RESERVED
CVE-2022-3479 (A vulnerability found in nss. By this security vulnerability, nss clie ...)
@@ -8414,10 +8442,10 @@ CVE-2022-3465 (A vulnerability classified as critical was found in Mediabridge M
NOT-FOR-US: Mediabridge Medialink
CVE-2022-3464 (A vulnerability classified as problematic has been found in puppyCMS u ...)
NOT-FOR-US: puppyCMS
-CVE-2022-3463
- RESERVED
-CVE-2022-3462
- RESERVED
+CVE-2022-3463 (The Contact Form Plugin WordPress plugin before 4.3.13 does not valida ...)
+ TODO: check
+CVE-2022-3462 (The Highlight Focus WordPress plugin through 1.1 does not sanitise and ...)
+ TODO: check
CVE-2022-42889 (Apache Commons Text performs variable interpolation, allowing properti ...)
- commons-text 1.10.0-1 (bug #1021787)
NOTE: https://www.openwall.com/lists/oss-security/2022/10/13/4
@@ -8755,8 +8783,8 @@ CVE-2022-42736
RESERVED
CVE-2022-41797 (Improper authorization in handler for custom URL scheme vulnerability ...)
NOT-FOR-US: Lemon8 App
-CVE-2022-3451
- RESERVED
+CVE-2022-3451 (The Product Stock Manager WordPress plugin before 1.0.5 does not have ...)
+ TODO: check
CVE-2022-3450
RESERVED
{DSA-5253-1}
@@ -9441,8 +9469,8 @@ CVE-2022-41789
RESERVED
CVE-2022-41611
RESERVED
-CVE-2022-3418
- RESERVED
+CVE-2022-3418 (The Import any XML or CSV File to WordPress plugin before 3.6.9 is not ...)
+ TODO: check
CVE-2022-3417
RESERVED
CVE-2022-3416
@@ -18567,6 +18595,7 @@ CVE-2022-2998 (Use after free in Browser Creation in Google Chrome prior to 104.
CVE-2022-2997 (Session Fixation in GitHub repository snipe/snipe-it prior to 6.0.10. ...)
- snipe-it <itp> (bug #1005172)
CVE-2022-2996 (A flaw was found in the python-scciclient when making an HTTPS connect ...)
+ {DLA-3180-1}
- python-scciclient 0.12.3-2 (bug #1018213)
[bullseye] - python-scciclient <no-dsa> (Minor issue)
NOTE: https://opendev.org/x/python-scciclient/commit/274dca0344b65b4ac113d3271d21c17e970a636c (0.12)
@@ -20563,10 +20592,10 @@ CVE-2022-38166
RESERVED
CVE-2022-38165
RESERVED
-CVE-2022-38164
- RESERVED
-CVE-2022-38163
- RESERVED
+CVE-2022-38164 (WithSecure through 2022-08-10 allows attackers to cause a denial of se ...)
+ TODO: check
+CVE-2022-38163 (WithSecure through 2022-08-10 allows attackers to cause a denial of se ...)
+ TODO: check
CVE-2022-38162 (Reflected cross-site scripting (XSS) vulnerabilities in WithSecure thr ...)
NOT-FOR-US: WithSecure
CVE-2022-38161 (The Gumstix Overo SBC on the VSKS board through 2022-08-09, as used on ...)
@@ -21267,11 +21296,9 @@ CVE-2022-37868
RESERVED
CVE-2022-37867
RESERVED
-CVE-2022-37866
- RESERVED
+CVE-2022-37866 (When Apache Ivy downloads artifacts from a repository it stores them i ...)
NOT-FOR-US: Apache Ivy
-CVE-2022-37865
- RESERVED
+CVE-2022-37865 (With Apache Ivy 2.4.0 an optional packaging attribute has been introdu ...)
NOT-FOR-US: Apache Ivy
CVE-2022-37864 (A vulnerability has been identified in Solid Edge (All Versions < S ...)
NOT-FOR-US: Solid Edge
@@ -21295,8 +21322,8 @@ CVE-2022-2713 (Insufficient Session Expiration in GitHub repository cockpit-hq/c
NOT-FOR-US: Cockpit-HQ/Cockpit
CVE-2022-2712
RESERVED
-CVE-2022-2711
- RESERVED
+CVE-2022-2711 (The Import any XML or CSV File to WordPress plugin before 3.6.9 is not ...)
+ TODO: check
CVE-2022-2710 (The Scroll To Top WordPress plugin before 1.4.1 does not escape some o ...)
NOT-FOR-US: WordPress plugin
CVE-2022-2709 (The Float to Top Button WordPress plugin through 2.3.6 does not escape ...)
@@ -26983,8 +27010,8 @@ CVE-2022-2389 (The Abandoned Cart Recovery for WooCommerce, Follow Up Emails, Ne
NOT-FOR-US: WordPress plugin
CVE-2022-2388 (The WP Coder WordPress plugin before 2.5.3 does not have CSRF check in ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-2387
- RESERVED
+CVE-2022-2387 (The Easy Digital Downloads WordPress plugin before 3.0 does not have C ...)
+ TODO: check
CVE-2022-2386 (The Crowdsignal Dashboard WordPress plugin before 3.0.8 does not sanit ...)
NOT-FOR-US: WordPress plugin
CVE-2022-35648 (Nautilus treadmills T616 S/N 100672PRO21140001 through 100672PRO211719 ...)
@@ -30715,8 +30742,8 @@ CVE-2022-2190 (The Gallery Plugin for WordPress plugin before 1.8.4.7 does not e
NOT-FOR-US: WordPress plugin
CVE-2022-2189 (The WP Video Lightbox WordPress plugin before 1.9.5 does not escape th ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-2188
- RESERVED
+CVE-2022-2188 (Privilege escalation vulnerability in DXL Broker for Windows prior to ...)
+ TODO: check
CVE-2022-2187 (The Contact Form 7 Captcha WordPress plugin before 0.1.2 does not esca ...)
NOT-FOR-US: WordPress plugin
CVE-2022-2186 (The Simple Post Notes WordPress plugin before 1.7.6 does not sanitise ...)
@@ -83059,8 +83086,8 @@ CVE-2021-42207
RESERVED
CVE-2021-42206
RESERVED
-CVE-2021-42205
- RESERVED
+CVE-2021-42205 (ELAN Miniport touchpad Windows driver before 24.21.51.2, as used in PC ...)
+ TODO: check
CVE-2021-42204 (An issue was discovered in swftools through 20201222. A heap-buffer-ov ...)
- swftools <removed>
[stretch] - swftools <no-dsa> (Minor issue)
@@ -130964,6 +130991,7 @@ CVE-2021-23240 (selinux_edit_copy_tfiles in sudoedit in Sudo before 1.9.5 allows
NOTE: https://www.sudo.ws/alerts/sudoedit_selinux.html
NOTE: Neutralised by kernel hardening (fs.protected_symlinks = 1)
CVE-2021-23239 (The sudoedit personality of Sudo before 1.9.5 may allow a local unpriv ...)
+ {DLA-3181-1}
- sudo 1.9.5-1
[stretch] - sudo <no-dsa> (Minor issue)
NOTE: https://www.openwall.com/lists/oss-security/2021/01/11/2
@@ -187683,8 +187711,8 @@ CVE-2020-12511 (Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below
NOT-FOR-US: Pepperl+Fuchs Comtrol IO-Link Master
CVE-2020-12510 (The default installation path of the TwinCAT XAR 3.1 software in all v ...)
NOT-FOR-US: Beckhoff
-CVE-2020-12509
- RESERVED
+CVE-2020-12509 (In s::can moni::tools in versions below 4.2 an unauthenticated attacke ...)
+ TODO: check
CVE-2020-12508
RESERVED
CVE-2020-12507
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3f6df6b04a63542ce25b59ae30ebb4d0273b4813
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3f6df6b04a63542ce25b59ae30ebb4d0273b4813
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221107/a1846ece/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list