[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Mon Nov 14 20:10:35 GMT 2022 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
0b9ac79d by security tracker role at 2022-11-14T20:10:25+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,673 @@
+CVE-2023-21518
+	RESERVED
+CVE-2023-21517
+	RESERVED
+CVE-2023-21516
+	RESERVED
+CVE-2023-21515
+	RESERVED
+CVE-2023-21514
+	RESERVED
+CVE-2023-21513
+	RESERVED
+CVE-2023-21512
+	RESERVED
+CVE-2023-21511
+	RESERVED
+CVE-2023-21510
+	RESERVED
+CVE-2023-21509
+	RESERVED
+CVE-2023-21508
+	RESERVED
+CVE-2023-21507
+	RESERVED
+CVE-2023-21506
+	RESERVED
+CVE-2023-21505
+	RESERVED
+CVE-2023-21504
+	RESERVED
+CVE-2023-21503
+	RESERVED
+CVE-2023-21502
+	RESERVED
+CVE-2023-21501
+	RESERVED
+CVE-2023-21500
+	RESERVED
+CVE-2023-21499
+	RESERVED
+CVE-2023-21498
+	RESERVED
+CVE-2023-21497
+	RESERVED
+CVE-2023-21496
+	RESERVED
+CVE-2023-21495
+	RESERVED
+CVE-2023-21494
+	RESERVED
+CVE-2023-21493
+	RESERVED
+CVE-2023-21492
+	RESERVED
+CVE-2023-21491
+	RESERVED
+CVE-2023-21490
+	RESERVED
+CVE-2023-21489
+	RESERVED
+CVE-2023-21488
+	RESERVED
+CVE-2023-21487
+	RESERVED
+CVE-2023-21486
+	RESERVED
+CVE-2023-21485
+	RESERVED
+CVE-2023-21484
+	RESERVED
+CVE-2023-21483
+	RESERVED
+CVE-2023-21482
+	RESERVED
+CVE-2023-21481
+	RESERVED
+CVE-2023-21480
+	RESERVED
+CVE-2023-21479
+	RESERVED
+CVE-2023-21478
+	RESERVED
+CVE-2023-21477
+	RESERVED
+CVE-2023-21476
+	RESERVED
+CVE-2023-21475
+	RESERVED
+CVE-2023-21474
+	RESERVED
+CVE-2023-21473
+	RESERVED
+CVE-2023-21472
+	RESERVED
+CVE-2023-21471
+	RESERVED
+CVE-2023-21470
+	RESERVED
+CVE-2023-21469
+	RESERVED
+CVE-2023-21468
+	RESERVED
+CVE-2023-21467
+	RESERVED
+CVE-2023-21466
+	RESERVED
+CVE-2023-21465
+	RESERVED
+CVE-2023-21464
+	RESERVED
+CVE-2023-21463
+	RESERVED
+CVE-2023-21462
+	RESERVED
+CVE-2023-21461
+	RESERVED
+CVE-2023-21460
+	RESERVED
+CVE-2023-21459
+	RESERVED
+CVE-2023-21458
+	RESERVED
+CVE-2023-21457
+	RESERVED
+CVE-2023-21456
+	RESERVED
+CVE-2023-21455
+	RESERVED
+CVE-2023-21454
+	RESERVED
+CVE-2023-21453
+	RESERVED
+CVE-2023-21452
+	RESERVED
+CVE-2023-21451
+	RESERVED
+CVE-2023-21450
+	RESERVED
+CVE-2023-21449
+	RESERVED
+CVE-2023-21448
+	RESERVED
+CVE-2023-21447
+	RESERVED
+CVE-2023-21446
+	RESERVED
+CVE-2023-21445
+	RESERVED
+CVE-2023-21444
+	RESERVED
+CVE-2023-21443
+	RESERVED
+CVE-2023-21442
+	RESERVED
+CVE-2023-21441
+	RESERVED
+CVE-2023-21440
+	RESERVED
+CVE-2023-21439
+	RESERVED
+CVE-2023-21438
+	RESERVED
+CVE-2023-21437
+	RESERVED
+CVE-2023-21436
+	RESERVED
+CVE-2023-21435
+	RESERVED
+CVE-2023-21434
+	RESERVED
+CVE-2023-21433
+	RESERVED
+CVE-2023-21432
+	RESERVED
+CVE-2023-21431
+	RESERVED
+CVE-2023-21430
+	RESERVED
+CVE-2023-21429
+	RESERVED
+CVE-2023-21428
+	RESERVED
+CVE-2023-21427
+	RESERVED
+CVE-2023-21426
+	RESERVED
+CVE-2023-21425
+	RESERVED
+CVE-2023-21424
+	RESERVED
+CVE-2023-21423
+	RESERVED
+CVE-2023-21422
+	RESERVED
+CVE-2023-21421
+	RESERVED
+CVE-2023-21420
+	RESERVED
+CVE-2023-21419
+	RESERVED
+CVE-2022-45421
+	RESERVED
+CVE-2022-45420
+	RESERVED
+CVE-2022-45419
+	RESERVED
+CVE-2022-45418
+	RESERVED
+CVE-2022-45417
+	RESERVED
+CVE-2022-45416
+	RESERVED
+CVE-2022-45415
+	RESERVED
+CVE-2022-45414
+	RESERVED
+CVE-2022-45413
+	RESERVED
+CVE-2022-45412
+	RESERVED
+CVE-2022-45411
+	RESERVED
+CVE-2022-45410
+	RESERVED
+CVE-2022-45409
+	RESERVED
+CVE-2022-45408
+	RESERVED
+CVE-2022-45407
+	RESERVED
+CVE-2022-45406
+	RESERVED
+CVE-2022-45405
+	RESERVED
+CVE-2022-45404
+	RESERVED
+CVE-2022-45403
+	RESERVED
+CVE-2022-45402
+	RESERVED
+CVE-2022-45401
+	RESERVED
+CVE-2022-45400
+	RESERVED
+CVE-2022-45399
+	RESERVED
+CVE-2022-45398
+	RESERVED
+CVE-2022-45397
+	RESERVED
+CVE-2022-45396
+	RESERVED
+CVE-2022-45395
+	RESERVED
+CVE-2022-45394
+	RESERVED
+CVE-2022-45393
+	RESERVED
+CVE-2022-45392
+	RESERVED
+CVE-2022-45391
+	RESERVED
+CVE-2022-45390
+	RESERVED
+CVE-2022-45389
+	RESERVED
+CVE-2022-45388
+	RESERVED
+CVE-2022-45387
+	RESERVED
+CVE-2022-45386
+	RESERVED
+CVE-2022-45385
+	RESERVED
+CVE-2022-45384
+	RESERVED
+CVE-2022-45383
+	RESERVED
+CVE-2022-45382
+	RESERVED
+CVE-2022-45381
+	RESERVED
+CVE-2022-45380
+	RESERVED
+CVE-2022-45379
+	RESERVED
+CVE-2022-45378 (** UNSUPPORTED WHEN ASSIGNED ** In the default configuration of Apache ...)
+	TODO: check
+CVE-2022-45377
+	RESERVED
+CVE-2022-45376
+	RESERVED
+CVE-2022-45375
+	RESERVED
+CVE-2022-45374
+	RESERVED
+CVE-2022-45373
+	RESERVED
+CVE-2022-45372
+	RESERVED
+CVE-2022-45371
+	RESERVED
+CVE-2022-45370
+	RESERVED
+CVE-2022-45369
+	RESERVED
+CVE-2022-45368
+	RESERVED
+CVE-2022-45367
+	RESERVED
+CVE-2022-45366
+	RESERVED
+CVE-2022-45365
+	RESERVED
+CVE-2022-45364
+	RESERVED
+CVE-2022-45363
+	RESERVED
+CVE-2022-45362
+	RESERVED
+CVE-2022-45361
+	RESERVED
+CVE-2022-45360
+	RESERVED
+CVE-2022-45359
+	RESERVED
+CVE-2022-45358
+	RESERVED
+CVE-2022-45357
+	RESERVED
+CVE-2022-45356
+	RESERVED
+CVE-2022-45355
+	RESERVED
+CVE-2022-45354
+	RESERVED
+CVE-2022-45353
+	RESERVED
+CVE-2022-45352
+	RESERVED
+CVE-2022-45351
+	RESERVED
+CVE-2022-45350
+	RESERVED
+CVE-2022-45349
+	RESERVED
+CVE-2022-45348
+	RESERVED
+CVE-2022-45347
+	RESERVED
+CVE-2022-45344
+	RESERVED
+CVE-2022-45343
+	RESERVED
+CVE-2022-45342
+	RESERVED
+CVE-2022-45341
+	RESERVED
+CVE-2022-45340
+	RESERVED
+CVE-2022-45339
+	RESERVED
+CVE-2022-45338
+	RESERVED
+CVE-2022-45337
+	RESERVED
+CVE-2022-45336
+	RESERVED
+CVE-2022-45335
+	RESERVED
+CVE-2022-45334
+	RESERVED
+CVE-2022-45333
+	RESERVED
+CVE-2022-45332
+	RESERVED
+CVE-2022-45331
+	RESERVED
+CVE-2022-45330
+	RESERVED
+CVE-2022-45329
+	RESERVED
+CVE-2022-45328
+	RESERVED
+CVE-2022-45327
+	RESERVED
+CVE-2022-45326
+	RESERVED
+CVE-2022-45325
+	RESERVED
+CVE-2022-45324
+	RESERVED
+CVE-2022-45323
+	RESERVED
+CVE-2022-45322
+	RESERVED
+CVE-2022-45321
+	RESERVED
+CVE-2022-45320
+	RESERVED
+CVE-2022-45319
+	RESERVED
+CVE-2022-45318
+	RESERVED
+CVE-2022-45317
+	RESERVED
+CVE-2022-45316
+	RESERVED
+CVE-2022-45315
+	RESERVED
+CVE-2022-45314
+	RESERVED
+CVE-2022-45313
+	RESERVED
+CVE-2022-45312
+	RESERVED
+CVE-2022-45311
+	RESERVED
+CVE-2022-45310
+	RESERVED
+CVE-2022-45309
+	RESERVED
+CVE-2022-45308
+	RESERVED
+CVE-2022-45307
+	RESERVED
+CVE-2022-45306
+	RESERVED
+CVE-2022-45305
+	RESERVED
+CVE-2022-45304
+	RESERVED
+CVE-2022-45303
+	RESERVED
+CVE-2022-45302
+	RESERVED
+CVE-2022-45301
+	RESERVED
+CVE-2022-45300
+	RESERVED
+CVE-2022-45299
+	RESERVED
+CVE-2022-45298
+	RESERVED
+CVE-2022-45297
+	RESERVED
+CVE-2022-45296
+	RESERVED
+CVE-2022-45295
+	RESERVED
+CVE-2022-45294
+	RESERVED
+CVE-2022-45293
+	RESERVED
+CVE-2022-45292
+	RESERVED
+CVE-2022-45291
+	RESERVED
+CVE-2022-45290
+	RESERVED
+CVE-2022-45289
+	RESERVED
+CVE-2022-45288
+	RESERVED
+CVE-2022-45287
+	RESERVED
+CVE-2022-45286
+	RESERVED
+CVE-2022-45285
+	RESERVED
+CVE-2022-45284
+	RESERVED
+CVE-2022-45283
+	RESERVED
+CVE-2022-45282
+	RESERVED
+CVE-2022-45281
+	RESERVED
+CVE-2022-45280
+	RESERVED
+CVE-2022-45279
+	RESERVED
+CVE-2022-45278
+	RESERVED
+CVE-2022-45277
+	RESERVED
+CVE-2022-45276
+	RESERVED
+CVE-2022-45275
+	RESERVED
+CVE-2022-45274
+	RESERVED
+CVE-2022-45273
+	RESERVED
+CVE-2022-45272
+	RESERVED
+CVE-2022-45271
+	RESERVED
+CVE-2022-45270
+	RESERVED
+CVE-2022-45269
+	RESERVED
+CVE-2022-45268
+	RESERVED
+CVE-2022-45267
+	RESERVED
+CVE-2022-45266
+	RESERVED
+CVE-2022-45265
+	RESERVED
+CVE-2022-45264
+	RESERVED
+CVE-2022-45263
+	RESERVED
+CVE-2022-45262
+	RESERVED
+CVE-2022-45261
+	RESERVED
+CVE-2022-45260
+	RESERVED
+CVE-2022-45259
+	RESERVED
+CVE-2022-45258
+	RESERVED
+CVE-2022-45257
+	RESERVED
+CVE-2022-45256
+	RESERVED
+CVE-2022-45255
+	RESERVED
+CVE-2022-45254
+	RESERVED
+CVE-2022-45253
+	RESERVED
+CVE-2022-45252
+	RESERVED
+CVE-2022-45251
+	RESERVED
+CVE-2022-45250
+	RESERVED
+CVE-2022-45249
+	RESERVED
+CVE-2022-45248
+	RESERVED
+CVE-2022-45247
+	RESERVED
+CVE-2022-45246
+	RESERVED
+CVE-2022-45245
+	RESERVED
+CVE-2022-45244
+	RESERVED
+CVE-2022-45243
+	RESERVED
+CVE-2022-45242
+	RESERVED
+CVE-2022-45241
+	RESERVED
+CVE-2022-45240
+	RESERVED
+CVE-2022-45239
+	RESERVED
+CVE-2022-45238
+	RESERVED
+CVE-2022-45237
+	RESERVED
+CVE-2022-45236
+	RESERVED
+CVE-2022-45235
+	RESERVED
+CVE-2022-45234
+	RESERVED
+CVE-2022-45233
+	RESERVED
+CVE-2022-45232
+	RESERVED
+CVE-2022-45231
+	RESERVED
+CVE-2022-45230
+	RESERVED
+CVE-2022-45229
+	RESERVED
+CVE-2022-45228
+	RESERVED
+CVE-2022-45227
+	RESERVED
+CVE-2022-45226
+	RESERVED
+CVE-2022-45225
+	RESERVED
+CVE-2022-45224
+	RESERVED
+CVE-2022-45223
+	RESERVED
+CVE-2022-45222
+	RESERVED
+CVE-2022-45221
+	RESERVED
+CVE-2022-45220
+	RESERVED
+CVE-2022-45219
+	RESERVED
+CVE-2022-45218
+	RESERVED
+CVE-2022-45217
+	RESERVED
+CVE-2022-45216
+	RESERVED
+CVE-2022-45215
+	RESERVED
+CVE-2022-45214
+	RESERVED
+CVE-2022-45213
+	RESERVED
+CVE-2022-45212
+	RESERVED
+CVE-2022-45211
+	RESERVED
+CVE-2022-45210
+	RESERVED
+CVE-2022-45209
+	RESERVED
+CVE-2022-45208
+	RESERVED
+CVE-2022-45207
+	RESERVED
+CVE-2022-45206
+	RESERVED
+CVE-2022-45205
+	RESERVED
+CVE-2022-45204
+	RESERVED
+CVE-2022-45203
+	RESERVED
+CVE-2022-45202
+	RESERVED
+CVE-2022-45201
+	RESERVED
+CVE-2022-45200
+	RESERVED
+CVE-2022-3993 (Authentication Bypass by Primary Weakness in GitHub repository kareadi ...)
+	TODO: check
+CVE-2022-3992 (A vulnerability classified as problematic was found in SourceCodester  ...)
+	TODO: check
+CVE-2022-3991
+	RESERVED
+CVE-2022-3990
+	RESERVED
+CVE-2022-3989
+	RESERVED
+CVE-2022-3988 (A vulnerability was found in Frappe. It has been rated as problematic. ...)
+	TODO: check
+CVE-2022-3987
+	RESERVED
+CVE-2022-3986
+	RESERVED
+CVE-2022-3985
+	RESERVED
+CVE-2022-3984
+	RESERVED
+CVE-2022-3983
+	RESERVED
+CVE-2022-3982
+	RESERVED
+CVE-2022-3981
+	RESERVED
+CVE-2022-3980
+	RESERVED
+CVE-2022-37406
+	RESERVED
 CVE-2022-45199 (Pillow before 9.3.0 allows denial of service via SAMPLESPERPIXEL. ...)
 	- pillow <unfixed>
 	[bullseye] - pillow <not-affected> (Vulnerable code not present, introduced in 9.2.0)
@@ -83,8 +753,8 @@ CVE-2022-45186
 	RESERVED
 CVE-2022-45185
 	RESERVED
-CVE-2022-45184
-	RESERVED
+CVE-2022-45184 (The Web Server in Ironman Software PowerShell Universal v3.x and v2.x  ...)
+	TODO: check
 CVE-2022-45183 (Escalation of privileges in the Web Server in Ironman Software PowerSh ...)
 	NOT-FOR-US: Ironman
 CVE-2022-45182 (Pi-Star_DV_Dash (for Pi-Star DV) before 5aa194d mishandles the module  ...)
@@ -245,8 +915,8 @@ CVE-2022-45138
 	RESERVED
 CVE-2022-45137
 	RESERVED
-CVE-2022-45136
-	RESERVED
+CVE-2022-45136 (** UNSUPPORTED WHEN ASSIGNED ** Apache Jena SDB 3.17.0 and earlier is  ...)
+	TODO: check
 CVE-2022-45135
 	RESERVED
 CVE-2022-43668
@@ -6613,12 +7283,12 @@ CVE-2022-43696
 	RESERVED
 CVE-2022-43695
 	RESERVED
-CVE-2022-43694
-	RESERVED
-CVE-2022-43693
-	RESERVED
-CVE-2022-43692
-	RESERVED
+CVE-2022-43694 (Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9 ...)
+	TODO: check
+CVE-2022-43693 (Concrete CMS is vulnerable to CSRF due to the lack of "State" paramete ...)
+	TODO: check
+CVE-2022-43692 (Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9 ...)
+	TODO: check
 CVE-2022-43691
 	RESERVED
 CVE-2022-43690
@@ -7302,10 +7972,10 @@ CVE-2022-3633 (A vulnerability classified as problematic has been found in Linux
 	[bullseye] - linux 5.10.140-1
 	[buster] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/8c21c54a53ab21842f5050fa090f26b03c0313d6 (6.0-rc1)
-CVE-2022-3632
-	RESERVED
-CVE-2022-3631
-	RESERVED
+CVE-2022-3632 (The OAuth Client by DigitialPixies WordPress plugin through 1.1.0 does ...)
+	TODO: check
+CVE-2022-3631 (The OAuth Client by DigitialPixies WordPress plugin through 1.1.0 does ...)
+	TODO: check
 CVE-2022-3630 (A vulnerability was found in Linux Kernel. It has been rated as proble ...)
 	- linux 5.19.6-1
 	[bullseye] - linux <not-affected> (Vulnerable code not present)
@@ -7552,8 +8222,8 @@ CVE-2022-3580 (A vulnerability, which was classified as problematic, has been fo
 	NOT-FOR-US: SourceCodester Cashier Queuing System
 CVE-2022-3579 (A vulnerability classified as critical was found in SourceCodester Cas ...)
 	NOT-FOR-US: SourceCodester Cashier Queuing System
-CVE-2022-3578
-	RESERVED
+CVE-2022-3578 (The ProfileGrid WordPress plugin before 5.1.1 does not sanitise and es ...)
+	TODO: check
 CVE-2022-3577 (An out-of-bounds memory write flaw was found in the Linux kernel&#8217 ...)
 	- linux 5.18.5-1
 	[bullseye] - linux 5.10.127-1
@@ -7603,8 +8273,8 @@ CVE-2022-41642
 	RESERVED
 CVE-2022-3575 (Frauscher Sensortechnik GmbH FDS102 for FAdC R2 and FAdCi R2 v2.8.0 to ...)
 	NOT-FOR-US: Frauscher Sensortechnik
-CVE-2022-3574
-	RESERVED
+CVE-2022-3574 (The WPForms Pro WordPress plugin before 1.7.7 does not validate its fo ...)
+	TODO: check
 CVE-2022-3573
 	RESERVED
 CVE-2022-3572
@@ -7692,8 +8362,8 @@ CVE-2022-43344
 	RESERVED
 CVE-2022-43343 (N-Prolog v1.91 was discovered to contain a global buffer overflow vuln ...)
 	NOT-FOR-US: N-Prolog
-CVE-2022-43342
-	RESERVED
+CVE-2022-43342 (A stored cross-site scripting (XSS) vulnerability in the Add function  ...)
+	TODO: check
 CVE-2022-43341
 	RESERVED
 CVE-2022-43340 (A Cross-Site Request Forgery (CSRF) in dzzoffice 2.02.1_SC_UTF8 allows ...)
@@ -7800,8 +8470,8 @@ CVE-2022-43290 (Canteen Management System v1.0 was discovered to contain a SQL i
 	NOT-FOR-US: Canteen Management System
 CVE-2022-43289
 	RESERVED
-CVE-2022-43288
-	RESERVED
+CVE-2022-43288 (Rukovoditel v3.2.1 was discovered to contain a SQL injection vulnerabi ...)
+	TODO: check
 CVE-2022-43287
 	RESERVED
 CVE-2022-43286 (Nginx NJS v0.7.2 was discovered to contain a heap-use-after-free bug c ...)
@@ -8547,10 +9217,10 @@ CVE-2022-3541 (A vulnerability classified as critical has been found in Linux Ke
 	NOTE: https://git.kernel.org/linus/12aece8b01507a2d357a1861f470e83621fbb6f2 (6.1-rc1)
 CVE-2022-3540 (An issue has been discovered in hunter2 affecting all versions before  ...)
 	NOT-FOR-US: hunter2
-CVE-2022-3539
-	RESERVED
-CVE-2022-3538
-	RESERVED
+CVE-2022-3539 (The Testimonials WordPress plugin before 2.7, super-testimonial-pro Wo ...)
+	TODO: check
+CVE-2022-3538 (The Webmaster Tools Verification WordPress plugin through 1.2 does not ...)
+	TODO: check
 CVE-2022-3537 (The Role Based Pricing for WooCommerce WordPress plugin before 1.6.2 d ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-3536 (The Role Based Pricing for WooCommerce WordPress plugin before 1.6.3 d ...)
@@ -8921,8 +9591,8 @@ CVE-2022-3486 (An open redirect vulnerability in GitLab EE/CE affecting all vers
 	- gitlab <unfixed>
 CVE-2022-3485
 	RESERVED
-CVE-2022-3484
-	RESERVED
+CVE-2022-3484 (The WPB Show Core WordPress plugin through TODO does not sanitise and  ...)
+	TODO: check
 CVE-2022-3483 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
 	- gitlab <unfixed>
 CVE-2022-3482
@@ -8990,8 +9660,8 @@ CVE-2022-42890 (A vulnerability in Batik of Apache XML Graphics allows an attack
 	NOTE: https://www.openwall.com/lists/oss-security/2022/10/25/3
 	NOTE: https://issues.apache.org/jira/browse/BATIK-1345
 	NOTE: http://svn.apache.org/viewvc?view=revision&revision=1904549
-CVE-2022-3477
-	RESERVED
+CVE-2022-3477 (The tagDiv Composer WordPress plugin before 3.5, required by the Newsp ...)
+	TODO: check
 CVE-2022-3476
 	RESERVED
 CVE-2022-3475
@@ -9006,8 +9676,8 @@ CVE-2022-3471 (A vulnerability was found in SourceCodester Human Resource Manage
 	NOT-FOR-US: SourceCodester
 CVE-2022-3470 (A vulnerability was found in SourceCodester Human Resource Management  ...)
 	NOT-FOR-US: SourceCodester
-CVE-2022-3469
-	RESERVED
+CVE-2022-3469 (The WP Attachments WordPress plugin before 5.0.5 does not sanitize and ...)
+	TODO: check
 CVE-2022-3468
 	RESERVED
 CVE-2022-3467 (A vulnerability classified as critical was found in Jiusi OA. Affected ...)
@@ -10049,8 +10719,8 @@ CVE-2022-3417
 	RESERVED
 CVE-2022-3416
 	RESERVED
-CVE-2022-3415
-	RESERVED
+CVE-2022-3415 (The Chat Bubble WordPress plugin before 2.3 does not sanitise and esca ...)
+	TODO: check
 CVE-2022-3414 (A vulnerability was found in SourceCodester Web-Based Student Clearanc ...)
 	NOT-FOR-US: SourceCodester Web-Based Student Clearance System
 CVE-2022-3413 (Incorrect authorization during display of Audit Events in GitLab EE af ...)
@@ -15765,8 +16435,7 @@ CVE-2022-40135
 	RESERVED
 CVE-2022-40134
 	RESERVED
-CVE-2022-40127
-	RESERVED
+CVE-2022-40127 (A vulnerability in Example Dags of Apache Airflow allows an attacker w ...)
 	- airflow <itp> (bug #819700)
 CVE-2022-38972 (Cross-site scripting vulnerability in Movable Type plugin A-Form versi ...)
 	NOT-FOR-US: Movable Type plugin
@@ -19390,8 +20059,8 @@ CVE-2022-38707
 	RESERVED
 CVE-2022-38706
 	RESERVED
-CVE-2022-38705
-	RESERVED
+CVE-2022-38705 (IBM CICS TX 11.1 Standard and Advanced could allow a remote attacker t ...)
+	TODO: check
 CVE-2022-38458
 	RESERVED
 CVE-2022-38394 (Use of hard-coded credentials for the telnet server of CentreCOM AR260 ...)
@@ -23500,8 +24169,8 @@ CVE-2022-37292 (Tenda AX12 V22.03.01.21_CN is vulnerable to Buffer Overflow. Thi
 	NOT-FOR-US: Tenda
 CVE-2022-37291
 	RESERVED
-CVE-2022-37290
-	RESERVED
+CVE-2022-37290 (GNOME Nautilus 42.2 allows a NULL pointer dereference and get_basename ...)
+	TODO: check
 CVE-2022-37289
 	RESERVED
 CVE-2022-37288
@@ -26444,10 +27113,10 @@ CVE-2022-2451
 	RESERVED
 CVE-2022-36126 (An issue was discovered in Inductive Automation Ignition before 7.9.20 ...)
 	NOT-FOR-US: Inductive Automation Ignition
-CVE-2022-2450
-	RESERVED
-CVE-2022-2449
-	RESERVED
+CVE-2022-2450 (The reSmush.it : the only free Image Optimizer & compress plugin W ...)
+	TODO: check
+CVE-2022-2449 (The reSmush.it : the only free Image Optimizer & compress plugin W ...)
+	TODO: check
 CVE-2022-2448 (The reSmush.it WordPress plugin before 0.4.6 does not sanitise and esc ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-2447 (A flaw was found in Keystone. There is a time lag (up to one hour in a ...)
@@ -27437,8 +28106,8 @@ CVE-2022-35721 (IBM Jazz for Service Management 1.1.3 is vulnerable to stored cr
 	NOT-FOR-US: IBM
 CVE-2022-35720
 	RESERVED
-CVE-2022-35719
-	RESERVED
+CVE-2022-35719 (IBM MQ Internet Pass-Thru 2.1, 9.2 LTS and 9.2 CD stores potentially s ...)
+	TODO: check
 CVE-2022-35718
 	RESERVED
 CVE-2022-35717 ("IBM InfoSphere Information Server 11.7 could allow a locally authenti ...)
@@ -31404,8 +32073,8 @@ CVE-2022-34331 (After performing a sequence of Power FW950, FW1010 maintenance o
 	NOT-FOR-US: IBM
 CVE-2022-34330
 	RESERVED
-CVE-2022-34329
-	RESERVED
+CVE-2022-34329 (IBM CICS TX 11.7 could allow an attacker to obtain sensitive informati ...)
+	TODO: check
 CVE-2022-34328 (PMB 7.3.10 allows reflected XSS via the id parameter in an lvl=author_ ...)
 	NOT-FOR-US: PMB
 CVE-2022-32284 (Use of insufficiently random values vulnerability exists in Vnet/IP co ...)
@@ -31444,22 +32113,22 @@ CVE-2022-34321
 	RESERVED
 CVE-2022-34320
 	RESERVED
-CVE-2022-34319
-	RESERVED
-CVE-2022-34318
-	RESERVED
+CVE-2022-34319 (IBM CICS TX 11.7 uses weaker than expected cryptographic algorithms th ...)
+	TODO: check
+CVE-2022-34318 (IBM CICS TX 11.1 could allow a remote attacker to hijack the clicking  ...)
+	TODO: check
 CVE-2022-34317
 	RESERVED
-CVE-2022-34316
-	RESERVED
-CVE-2022-34315
-	RESERVED
-CVE-2022-34314
-	RESERVED
-CVE-2022-34313
-	RESERVED
-CVE-2022-34312
-	RESERVED
+CVE-2022-34316 (IBM CICS TX 11.1 does not neutralize or incorrectly neutralizes web sc ...)
+	TODO: check
+CVE-2022-34315 (IBM CICS TX 11.1 is vulnerable to cross-site scripting. This vulnerabi ...)
+	TODO: check
+CVE-2022-34314 (IBM CICS TX 11.1 could disclose sensitive information to a local user  ...)
+	TODO: check
+CVE-2022-34313 (IBM CICS TX 11.1 does not set the secure attribute on authorization to ...)
+	TODO: check
+CVE-2022-34312 (IBM CICS TX 11.1 allows web pages to be stored locally which can be re ...)
+	TODO: check
 CVE-2022-34311
 	RESERVED
 CVE-2022-34310
@@ -49703,8 +50372,7 @@ CVE-2022-27950 (In drivers/hid/hid-elo.c in the Linux kernel before 5.16.11, a m
 	[stretch] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/817b8b9c5396d2b2d92311b46719aad5d3339dbe (5.17-rc5)
 	NOTE: https://www.openwall.com/lists/oss-security/2022/03/13/1
-CVE-2022-27949
-	RESERVED
+CVE-2022-27949 (A vulnerability in UI of Apache Airflow allows an attacker to view unm ...)
 	- airflow <itp> (bug #819700)
 CVE-2022-27948 (** DISPUTED ** Certain Tesla vehicles through 2022-03-26 allow attacke ...)
 	NOT-FOR-US: Tesla
@@ -58325,10 +58993,10 @@ CVE-2022-24940
 	RESERVED
 CVE-2022-24939
 	RESERVED
-CVE-2022-24938
-	RESERVED
-CVE-2022-24937
-	RESERVED
+CVE-2022-24938 (A malformed packet causes a stack overflow in the Ember ZNet stack. Th ...)
+	TODO: check
+CVE-2022-24937 (Improper Restriction of Operations within the Bounds of a Memory Buffe ...)
+	TODO: check
 CVE-2022-24936 (Out-of-Bounds error in GBL parser in Silicon Labs Gecko Bootloader ver ...)
 	NOT-FOR-US: Silicon Labs Gecko Bootloader
 CVE-2022-24935 (Lexmark products through 2022-02-10 have Incorrect Access Control. ...)
@@ -62712,8 +63380,8 @@ CVE-2022-0326 (NULL Pointer Dereference in Homebrew mruby prior to 3.2. ...)
 	NOTE: Fixed by: https://github.com/mruby/mruby/commit/b611c43a5de061ec21b343967e1b64c45c373d7e
 CVE-2022-0325
 	RESERVED
-CVE-2022-0324
-	RESERVED
+CVE-2022-0324 (There is a vulnerability in DHCPv6 packet parsing code that could be e ...)
+	TODO: check
 CVE-2021-46402
 	RESERVED
 CVE-2022-23792
@@ -66653,8 +67321,8 @@ CVE-2022-0139 (Use After Free in GitHub repository radareorg/radare2 prior to 5.
 	NOTE: https://github.com/radareorg/radare2/commit/37897226a1a31f982bfefdc4aeefc2e50355c73c (5.6.0)
 CVE-2022-0138 (MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior ...)
 	NOT-FOR-US: Airspan Networks
-CVE-2022-0137
-	RESERVED
+CVE-2022-0137 (A heap buffer overflow in image_set_mask function of HTMLDOC before 1. ...)
+	TODO: check
 CVE-2022-0136 (A vulnerability was discovered in GitLab versions 10.5 to 14.5.4, 14.6 ...)
 	- gitlab <unfixed>
 CVE-2022-0135 (An out-of-bounds write issue was found in the VirGL virtual OpenGL ren ...)
@@ -83934,7 +84602,7 @@ CVE-2021-42102 (An uncontrolled search path element vulnerabilities in Trend Mic
 CVE-2021-42101 (An uncontrolled search path element vulnerabilities in Trend Micro Ape ...)
 	NOT-FOR-US: Trend Micro
 CVE-2021-3872 (vim is vulnerable to Heap-based Buffer Overflow ...)
-	{DLA-2947-1}
+	{DLA-3182-1 DLA-2947-1}
 	- vim 2:8.2.3565-1
 	[bullseye] - vim <no-dsa> (Minor issue)
 	NOTE: https://huntr.dev/bounties/c958013b-1c09-4939-92ca-92f50aa169e8
@@ -88743,8 +89411,8 @@ CVE-2021-40274
 	RESERVED
 CVE-2021-40273
 	RESERVED
-CVE-2021-40272
-	RESERVED
+CVE-2021-40272 (OP5 Monitor 8.3.1, 8.3.2, and OP5 8.3.3 are vulnerable to Cross Site S ...)
+	TODO: check
 CVE-2021-40271
 	RESERVED
 CVE-2021-40270



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0b9ac79d870251cc4ddf3a6b5f73136e4e6a56e9

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0b9ac79d870251cc4ddf3a6b5f73136e4e6a56e9
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221114/6dcd2576/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list