[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Nov 18 20:10:33 GMT 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
845c4f2a by security tracker role at 2022-11-18T20:10:24+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,25 @@
+CVE-2022-45474 (drachtio-server 0.8.18 has a request-handler.cpp event_cb use-after-fr ...)
+ TODO: check
+CVE-2022-45473 (In drachtio-server 0.8.18, /var/log/drachtio has mode 0777 and drachti ...)
+ TODO: check
+CVE-2022-45472
+ RESERVED
+CVE-2022-45471 (In JetBrains Hub before 2022.3.15181 Throttling was missed when sendin ...)
+ TODO: check
+CVE-2022-45470
+ RESERVED
+CVE-2022-44456
+ RESERVED
+CVE-2022-4061
+ RESERVED
+CVE-2022-4060
+ RESERVED
+CVE-2022-4059
+ RESERVED
+CVE-2022-4058
+ RESERVED
+CVE-2022-4057
+ RESERVED
CVE-2023-21523
RESERVED
CVE-2023-21522
@@ -2036,8 +2058,8 @@ CVE-2022-44822
RESERVED
CVE-2022-44821
RESERVED
-CVE-2022-44820
- RESERVED
+CVE-2022-44820 (Automotive Shop Management System v1.0 is vulnerable to SQL Injection ...)
+ TODO: check
CVE-2022-44819
RESERVED
CVE-2022-44818
@@ -4266,12 +4288,12 @@ CVE-2022-44417
RESERVED
CVE-2022-44416
RESERVED
-CVE-2022-44415
- RESERVED
-CVE-2022-44414
- RESERVED
-CVE-2022-44413
- RESERVED
+CVE-2022-44415 (Automotive Shop Management System v1.0 is vulnerable to SQL Injection ...)
+ TODO: check
+CVE-2022-44414 (Automotive Shop Management System v1.0 is vulnerable to SQL Injection ...)
+ TODO: check
+CVE-2022-44413 (Automotive Shop Management System v1.0 is vulnerable to SQL Injection ...)
+ TODO: check
CVE-2022-44412
RESERVED
CVE-2022-44411
@@ -4338,10 +4360,10 @@ CVE-2022-44381
RESERVED
CVE-2022-44380
RESERVED
-CVE-2022-44379
- RESERVED
-CVE-2022-44378
- RESERVED
+CVE-2022-44379 (Automotive Shop Management System v1.0 is vulnerable to SQL Injection ...)
+ TODO: check
+CVE-2022-44378 (Automotive Shop Management System v1.0 is vulnerable to SQL via /asms/ ...)
+ TODO: check
CVE-2022-44377
RESERVED
CVE-2022-44376
@@ -4688,8 +4710,8 @@ CVE-2022-44206
RESERVED
CVE-2022-44205
RESERVED
-CVE-2022-44204
- RESERVED
+CVE-2022-44204 (D-Link DIR3060 DIR3060A1_FW111B04.bin is vulnerable to Buffer Overflow ...)
+ TODO: check
CVE-2022-44203
RESERVED
CVE-2022-44202
@@ -8133,8 +8155,8 @@ CVE-2022-43490
RESERVED
CVE-2022-43488 (Cross-Site Request Forgery (CSRF) vulnerability in Advanced Dynamic Pr ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-43482
- RESERVED
+CVE-2022-43482 (Missing Authorization vulnerability in Appointment Booking Calendar pl ...)
+ TODO: check
CVE-2022-43481 (Cross-Site Request Forgery (CSRF) vulnerability in Advanced Coupons fo ...)
NOT-FOR-US: WordPress plugin
CVE-2022-43480
@@ -8149,8 +8171,8 @@ CVE-2022-43471
RESERVED
CVE-2022-43469
RESERVED
-CVE-2022-43463
- RESERVED
+CVE-2022-43463 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Cust ...)
+ TODO: check
CVE-2022-43462
RESERVED
CVE-2022-43461
@@ -8199,8 +8221,8 @@ CVE-2022-42479
RESERVED
CVE-2022-42462
RESERVED
-CVE-2022-42461
- RESERVED
+CVE-2022-42461 (Broken Access Control vulnerability in miniOrange's Google Authenticat ...)
+ TODO: check
CVE-2022-42460 (Broken Access Control vulnerability leading to Stored Cross-Site Scrip ...)
NOT-FOR-US: WordPress plugin
CVE-2022-42459
@@ -8219,14 +8241,14 @@ CVE-2022-41980 (Auth. (admin+) Cross-Site Scripting (XSS) vulnerability in Mante
NOT-FOR-US: WordPress plugin
CVE-2022-41978 (Auth. (subscriber+) Arbitrary Options Update vulnerability in Zoho CRM ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-41840
- RESERVED
+CVE-2022-41840 (Unauth. Directory Traversal vulnerability in Welcart eCommerce plugin ...)
+ TODO: check
CVE-2022-41839
RESERVED
CVE-2022-41831
RESERVED
-CVE-2022-41805
- RESERVED
+CVE-2022-41805 (Cross-Site Request Forgery (CSRF) vulnerability in Booster for WooComm ...)
+ TODO: check
CVE-2022-41791 (Auth. (subscriber+) CSV Injection vulnerability in ProfileGrid plugin ...)
NOT-FOR-US: WordPress plugin
CVE-2022-41790
@@ -8237,18 +8259,18 @@ CVE-2022-41786
RESERVED
CVE-2022-41785
RESERVED
-CVE-2022-41781
- RESERVED
+CVE-2022-41781 (Broken Access Control vulnerability in Permalink Manager Lite plugin & ...)
+ TODO: check
CVE-2022-41698
RESERVED
CVE-2022-41695
RESERVED
-CVE-2022-41692
- RESERVED
+CVE-2022-41692 (Missing Authorization vulnerability in Appointment Hour Booking plugin ...)
+ TODO: check
CVE-2022-41685
RESERVED
-CVE-2022-41652
- RESERVED
+CVE-2022-41652 (Bypass vulnerability in Quiz And Survey Master plugin <= 7.3.10 on ...)
+ TODO: check
CVE-2022-41619
RESERVED
CVE-2022-41554
@@ -8263,10 +8285,10 @@ CVE-2022-40695
RESERVED
CVE-2022-40692
RESERVED
-CVE-2022-40687
- RESERVED
-CVE-2022-40686
- RESERVED
+CVE-2022-40687 (Cross-Site Request Forgery (CSRF) vulnerability in Creative Mail plugi ...)
+ TODO: check
+CVE-2022-40686 (Cross-Site Request Forgery (CSRF) vulnerability in Creative Mail plugi ...)
+ TODO: check
CVE-2022-38971
RESERVED
CVE-2022-38716
@@ -8275,8 +8297,8 @@ CVE-2022-38702
RESERVED
CVE-2022-38356
RESERVED
-CVE-2022-38075
- RESERVED
+CVE-2022-38075 (Cross-Site Request Forgery (CSRF) vulnerability leading to Stored Cros ...)
+ TODO: check
CVE-2022-3648
RESERVED
CVE-2022-3647 (A vulnerability, which was classified as problematic, was found in Red ...)
@@ -11581,7 +11603,7 @@ CVE-2022-42254
RESERVED
CVE-2022-42253
RESERVED
-CVE-2022-42252 (If Apache Tomcat 8.5.0 to 8.5.52, 9.0.0-M1 to 9.0.67, 10.0.0-M1 to 10. ...)
+CVE-2022-42252 (If Apache Tomcat 8.5.0 to 8.5.82, 9.0.0-M1 to 9.0.67, 10.0.0-M1 to 10. ...)
- tomcat9 9.0.68-1
[bullseye] - tomcat9 <postponed> (Minor issue, fix along in future update)
[buster] - tomcat9 <no-dsa> (Minor issue, occurs when system is explicitly configured in an insecure way)
@@ -15426,8 +15448,8 @@ CVE-2022-40193 (Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability
NOT-FOR-US: WordPress plugin
CVE-2022-40131 (Cross-Site Request Forgery (CSRF) vulnerability in a3rev Software Page ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-38974
- RESERVED
+CVE-2022-38974 (Broken Access Control vulnerability in WPML Multilingual CMS premium p ...)
+ TODO: check
CVE-2022-38468
RESERVED
CVE-2022-38461 (Broken Access Control vulnerability in WPML Multilingual CMS premium p ...)
@@ -32968,7 +32990,7 @@ CVE-2022-2156 (Use after free in Core in Google Chrome prior to 103.0.5060.53 al
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2022-2155
RESERVED
-CVE-2022-2154 (An attacker with physical access can exploit this vulnerability to exe ...)
+CVE-2022-2154 (Duplicate to Intel's CVE-2022-34345. It is also identified by Intel as ...)
NOT-FOR-US: Intel
CVE-2022-2153 (A flaw was found in the Linux kernel’s KVM when attempting to se ...)
{DSA-5173-1 DLA-3173-1 DLA-3131-1 DLA-3065-1}
@@ -62413,10 +62435,10 @@ CVE-2022-24040 (A vulnerability has been identified in Desigo DXR2 (All versions
NOT-FOR-US: Siemens
CVE-2022-24039 (A vulnerability has been identified in Desigo PXC4 (All versions < ...)
NOT-FOR-US: Siemens
-CVE-2022-24038
- RESERVED
-CVE-2022-24037
- RESERVED
+CVE-2022-24038 (Karmasis informatics solutions Infraskope Security Event Manager produ ...)
+ TODO: check
+CVE-2022-24037 (Karmasis informatics solutions Infraskope Security Event Manager produ ...)
+ TODO: check
CVE-2022-24036 (Karmasis informatics solutions Infraskope Security Event Manager produ ...)
NOT-FOR-US: Karmasis
CVE-2022-23921 (Exploitation of this vulnerability may result in local privilege escal ...)
@@ -68491,8 +68513,8 @@ CVE-2022-22490 (IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 could
NOT-FOR-US: IBM
CVE-2022-22489 (IBM MQ 8.0, (9.0, 9.1, 9.2 LTS), and (9.1 and 9.2 CD) are vulnerable t ...)
NOT-FOR-US: IBM
-CVE-2022-22488
- RESERVED
+CVE-2022-22488 (IBM OpenBMC OP910 and OP940 could allow a privileged user to cause a d ...)
+ TODO: check
CVE-2022-22487 (An IBM Spectrum Protect storage agent could allow a remote attacker to ...)
NOT-FOR-US: IBM
CVE-2022-22486
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/845c4f2ad49fe7ed0ec828c55379713195d829b3
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/845c4f2ad49fe7ed0ec828c55379713195d829b3
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221118/a5a1fd07/attachment.htm>
More information about the debian-security-tracker-commits
mailing list