[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Nov 17 08:10:26 GMT 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
72c11036 by security tracker role at 2022-11-17T08:10:16+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,21 @@
+CVE-2022-4045
+ RESERVED
+CVE-2022-4044
+ RESERVED
+CVE-2022-4043
+ RESERVED
+CVE-2022-4042
+ RESERVED
+CVE-2022-4041
+ RESERVED
+CVE-2022-4040
+ RESERVED
+CVE-2022-4039
+ RESERVED
+CVE-2022-4038
+ RESERVED
+CVE-2022-4037
+ RESERVED
CVE-2022-45459
RESERVED
CVE-2022-45458
@@ -5020,26 +5038,26 @@ CVE-2022-44010
RESERVED
CVE-2022-44009
RESERVED
-CVE-2022-44008
- RESERVED
-CVE-2022-44007
- RESERVED
-CVE-2022-44006
- RESERVED
-CVE-2022-44005
- RESERVED
-CVE-2022-44004
- RESERVED
-CVE-2022-44003
- RESERVED
-CVE-2022-44002
- RESERVED
+CVE-2022-44008 (An issue was discovered in BACKCLICK Professional 5.9.63. Due to impro ...)
+ TODO: check
+CVE-2022-44007 (An issue was discovered in BACKCLICK Professional 5.9.63. Due to an un ...)
+ TODO: check
+CVE-2022-44006 (An issue was discovered in BACKCLICK Professional 5.9.63. Due to impro ...)
+ TODO: check
+CVE-2022-44005 (An issue was discovered in BACKCLICK Professional 5.9.63. Due to the u ...)
+ TODO: check
+CVE-2022-44004 (An issue was discovered in BACKCLICK Professional 5.9.63. Due to insec ...)
+ TODO: check
+CVE-2022-44003 (An issue was discovered in BACKCLICK Professional 5.9.63. Due to insuf ...)
+ TODO: check
+CVE-2022-44002 (An issue was discovered in BACKCLICK Professional 5.9.63. Due to insuf ...)
+ TODO: check
CVE-2022-44001
RESERVED
-CVE-2022-44000
- RESERVED
-CVE-2022-43999
- RESERVED
+CVE-2022-44000 (An issue was discovered in BACKCLICK Professional 5.9.63. Due to an ex ...)
+ TODO: check
+CVE-2022-43999 (An issue was discovered in BACKCLICK Professional 5.9.63. Due to expos ...)
+ TODO: check
CVE-2022-43998
RESERVED
CVE-2022-3757 (A vulnerability was found in Exiv2. It has been declared as critical. ...)
@@ -7329,10 +7347,10 @@ CVE-2022-43784
RESERVED
CVE-2022-43783
RESERVED
-CVE-2022-43782
- RESERVED
-CVE-2022-43781
- RESERVED
+CVE-2022-43782 (Affected versions of Atlassian Crowd allow an attacker to authenticate ...)
+ TODO: check
+CVE-2022-43781 (There is a command injection vulnerability using environment variables ...)
+ TODO: check
CVE-2022-43780 (Certain HP ENVY, OfficeJet, and DeskJet printers may be vulnerable to ...)
NOT-FOR-US: HP
CVE-2022-43779
@@ -9090,8 +9108,8 @@ CVE-2022-43137
RESERVED
CVE-2022-43136
RESERVED
-CVE-2022-43135
- RESERVED
+CVE-2022-43135 (Online Diagnostic Lab Management System v1.0 was discovered to contain ...)
+ TODO: check
CVE-2022-43134
RESERVED
CVE-2022-43133
@@ -9508,14 +9526,14 @@ CVE-2022-3536 (The Role Based Pricing for WooCommerce WordPress plugin before 1.
NOT-FOR-US: WordPress plugin
CVE-2022-42986
RESERVED
-CVE-2022-42985
- RESERVED
+CVE-2022-42985 (The ScratchLogin extension through 1.1 for MediaWiki does not escape v ...)
+ TODO: check
CVE-2022-42984 (WoWonder Social Network Platform 4.1.4 was discovered to contain a SQL ...)
NOT-FOR-US: WoWonder Social Network Platform
CVE-2022-42983 (anji-plus AJ-Report 0.9.8.6 allows remote attackers to bypass login au ...)
NOT-FOR-US: anji-plus AJ-Report
-CVE-2022-42982
- RESERVED
+CVE-2022-42982 (BKG Professional NtripCaster 2.0.39 allows querying information over t ...)
+ TODO: check
CVE-2022-42981
RESERVED
CVE-2022-42980 (go-admin (aka GO Admin) 2.0.12 uses the string go-admin as a productio ...)
@@ -9621,8 +9639,8 @@ CVE-2022-42962
CVE-2022-42961 (An issue was discovered in wolfSSL before 5.5.0. A fault injection att ...)
- wolfssl 5.5.3-1 (bug #1023574)
NOTE: https://github.com/wolfSSL/wolfssl/releases/tag/v5.5.0-stable
-CVE-2022-42960
- RESERVED
+CVE-2022-42960 (EqualWeb Accessibility Widget 2.0.0, 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.1.1 ...)
+ TODO: check
CVE-2022-42959
RESERVED
CVE-2022-42958
@@ -9633,8 +9651,8 @@ CVE-2022-42956 (The PassWork extension 5.0.9 for Chrome and other browsers allow
NOT-FOR-US: PassWork extension for Chrome
CVE-2022-42955 (The PassWork extension 5.0.9 for Chrome and other browsers allows an a ...)
NOT-FOR-US: PassWork extension for Chrome
-CVE-2022-42954
- RESERVED
+CVE-2022-42954 (Keyfactor EJBCA before 7.10.0 allows XSS. ...)
+ TODO: check
CVE-2022-42953
RESERVED
CVE-2022-42952
@@ -11554,10 +11572,10 @@ CVE-2022-42248
RESERVED
CVE-2022-42247 (pfSense v2.5.2 was discovered to contain a cross-site scripting (XSS) ...)
NOT-FOR-US: pfSense
-CVE-2022-42246
- RESERVED
-CVE-2022-42245
- RESERVED
+CVE-2022-42246 (Doufox 0.0.4 contains a CSRF vulnerability that can add system adminis ...)
+ TODO: check
+CVE-2022-42245 (Dreamer CMS 4.0.01 is vulnerable to SQL Injection. ...)
+ TODO: check
CVE-2022-42244
RESERVED
CVE-2022-42243 (Simple Cold Storage Management System v1.0 is vulnerable to SQL inject ...)
@@ -11672,8 +11690,8 @@ CVE-2022-42189 (Emlog Pro 1.6.0 plugins upload suffers from a remote code execut
NOT-FOR-US: Emlog Pro
CVE-2022-42188 (In Lavalite 9.0.0, the XSRF-TOKEN cookie is vulnerable to path travers ...)
NOT-FOR-US: Lavalite CMS
-CVE-2022-42187
- RESERVED
+CVE-2022-42187 (Hustoj 22.09.22 has a XSS Vulnerability in /admin/problem_judge.php. ...)
+ TODO: check
CVE-2022-42186
RESERVED
CVE-2022-42185
@@ -12243,8 +12261,8 @@ CVE-2022-41916 (Heimdal is an implementation of ASN.1/DER, PKIX, and Kerberos. V
NOTE: https://github.com/heimdal/heimdal/commit/eb87af0c2d189c25294c7daf483a47b03af80c2c (heimdal-7.7.1)
CVE-2022-41915
RESERVED
-CVE-2022-41914
- RESERVED
+CVE-2022-41914 (Zulip is an open-source team collaboration tool. For organizations wit ...)
+ TODO: check
CVE-2022-41913 (Discourse-calendar is a plugin for the Discourse messaging platform wh ...)
NOT-FOR-US: Discourse plugin
CVE-2022-41912
@@ -12321,8 +12339,8 @@ CVE-2022-41879 (Parse Server is an open source backend that can be deployed to a
NOT-FOR-US: Node parse-server
CVE-2022-41878 (Parse Server is an open source backend that can be deployed to any inf ...)
NOT-FOR-US: Node parse-server
-CVE-2022-41877
- RESERVED
+CVE-2022-41877 (FreeRDP is a free remote desktop protocol library and clients. Affecte ...)
+ TODO: check
CVE-2022-41876 (ezplatform-graphql is a GraphQL server implementation for Ibexa DXP an ...)
NOT-FOR-US: ezplatform-graphql
CVE-2022-41875
@@ -14879,8 +14897,8 @@ CVE-2022-40883
RESERVED
CVE-2022-40882
RESERVED
-CVE-2022-40881
- RESERVED
+CVE-2022-40881 (SolarView Compact 6.00 was discovered to contain a command injection v ...)
+ TODO: check
CVE-2022-40880
RESERVED
CVE-2022-40879 (kkFileView v4.1.0 is vulnerable to Cross Site Scripting (XSS) via the ...)
@@ -15152,8 +15170,8 @@ CVE-2022-40754 (In Apache Airflow 2.3.0 through 2.3.4, there was an open redirec
- airflow <itp> (bug #819700)
CVE-2022-40753 (IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scr ...)
NOT-FOR-US: IBM
-CVE-2022-40752
- RESERVED
+CVE-2022-40752 (IBM InfoSphere DataStage 11.7 is vulnerable to a command injection vul ...)
+ TODO: check
CVE-2022-40751
RESERVED
CVE-2022-40750 (IBM WebSphere Application Server 8.5, and 9.0 is vulnerable to cross-s ...)
@@ -17413,8 +17431,8 @@ CVE-2022-39835 (An issue was discovered in Gajim through 1.4.7. The vulnerabilit
[bullseye] - gajim <no-dsa> (Minor issue)
[buster] - gajim <no-dsa> (Minor issue, intrusive to backport)
NOTE: https://dev.gajim.org/gajim/gajim/-/commit/af02c6bd53fad4e0065951597bd7ec801c002067 (1.5.0)
-CVE-2022-39834
- RESERVED
+CVE-2022-39834 (A stored XSS vulnerability was discovered in adminweb/ra/viewendentity ...)
+ TODO: check
CVE-2022-39833
RESERVED
CVE-2022-39832 (An issue was discovered in PSPP 1.6.2. There is a heap-based buffer ov ...)
@@ -18390,8 +18408,8 @@ CVE-2022-39385 (Discourse is the an open source discussion platform. In some rar
NOT-FOR-US: Discourse
CVE-2022-39384 (OpenZeppelin Contracts is a library for secure smart contract developm ...)
NOT-FOR-US: OpenZeppelin
-CVE-2022-39383
- RESERVED
+CVE-2022-39383 (KubeVela is an open source application delivery platform. Users using ...)
+ TODO: check
CVE-2022-39382 (Keystone is a headless CMS for Node.js — built with GraphQL and ...)
NOT-FOR-US: Keystone CMS
CVE-2022-39381 (Muhammara is a node module with c/cpp bindings to modify PDF with js f ...)
@@ -18486,8 +18504,8 @@ CVE-2022-39348 (Twisted is an event-based framework for internet applications. S
NOTE: https://github.com/twisted/twisted/security/advisories/GHSA-vg46-2rrj-3647
NOTE: Introduced by: https://github.com/twisted/twisted/commit/f49041bb67792506d85aeda9cf6157e92f8048f4
NOTE: Fixed by: https://github.com/twisted/twisted/commit/f2f5e81c03f14e253e85fe457e646130780db40b (twisted-22.10.0rc1)
-CVE-2022-39347
- RESERVED
+CVE-2022-39347 (FreeRDP is a free remote desktop protocol library and clients. Affecte ...)
+ TODO: check
CVE-2022-39346
RESERVED
CVE-2022-39345 (Gin-vue-admin is a backstage management system based on vue and gin, w ...)
@@ -18545,16 +18563,16 @@ CVE-2022-39322 (@keystone-6/core is a core package for Keystone 6, a content man
NOT-FOR-US: Keystone CMS
CVE-2022-39321 (GitHub Actions Runner is the application that runs a job from a GitHub ...)
NOT-FOR-US: GitHub Actions Runner
-CVE-2022-39320
- RESERVED
-CVE-2022-39319
- RESERVED
-CVE-2022-39318
- RESERVED
-CVE-2022-39317
- RESERVED
-CVE-2022-39316
- RESERVED
+CVE-2022-39320 (FreeRDP is a free remote desktop protocol library and clients. Affecte ...)
+ TODO: check
+CVE-2022-39319 (FreeRDP is a free remote desktop protocol library and clients. Affecte ...)
+ TODO: check
+CVE-2022-39318 (FreeRDP is a free remote desktop protocol library and clients. Affecte ...)
+ TODO: check
+CVE-2022-39317 (FreeRDP is a free remote desktop protocol library and clients. Affecte ...)
+ TODO: check
+CVE-2022-39316 (FreeRDP is a free remote desktop protocol library and clients. In affe ...)
+ TODO: check
CVE-2022-39315 (Kirby is a Content Management System. Prior to versions 3.5.8.2, 3.6.6 ...)
NOT-FOR-US: Kirby CMS
CVE-2022-39314 (Kirby is a flat-file CMS. In versions prior to 3.5.8.2, 3.6.6.2, 3.7.5 ...)
@@ -26487,8 +26505,8 @@ CVE-2022-36434
RESERVED
CVE-2022-36433
RESERVED
-CVE-2022-36432
- RESERVED
+CVE-2022-36432 (The Preview functionality in the Amasty Blog Pro 2.10.3 plugin for Mag ...)
+ TODO: check
CVE-2022-36431
RESERVED
CVE-2022-36430
@@ -51133,7 +51151,7 @@ CVE-2022-27814 (SWHKD 1.1.5 allows arbitrary file-existence tests via the -c opt
NOT-FOR-US: SWHKD
CVE-2022-27813
RESERVED
-CVE-2022-27812 (Flooding SNS firewall 3.7.0 to 3.7.26 with udp or icmp randomizing the ...)
+CVE-2022-27812 (Flooding SNS firewall versions 3.7.0 to 3.7.29, 3.11.0 to 3.11.17, 4.2 ...)
NOT-FOR-US: Flooding SNS firewall
CVE-2022-27811 (GNOME OCRFeeder before 0.8.4 allows OS command injection via shell met ...)
- ocrfeeder <unfixed> (bug #1008320)
@@ -93270,8 +93288,8 @@ CVE-2021-38821
RESERVED
CVE-2021-38820
RESERVED
-CVE-2021-38819
- RESERVED
+CVE-2021-38819 (A SQL injection vulnerability exits on the Simple Image Gallery System ...)
+ TODO: check
CVE-2021-38818
RESERVED
CVE-2021-38817
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/72c110364d9f451fbe68dad05b0b1e9fe034fd79
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/72c110364d9f451fbe68dad05b0b1e9fe034fd79
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221117/d4b68d1e/attachment.htm>
More information about the debian-security-tracker-commits
mailing list