[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Mon Nov 21 20:10:40 GMT 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
93cf03ab by security tracker role at 2022-11-21T20:10:30+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,617 @@
+CVE-2022-45781
+ RESERVED
+CVE-2022-45780
+ RESERVED
+CVE-2022-45779
+ RESERVED
+CVE-2022-45778
+ RESERVED
+CVE-2022-45777
+ RESERVED
+CVE-2022-45776
+ RESERVED
+CVE-2022-45775
+ RESERVED
+CVE-2022-45774
+ RESERVED
+CVE-2022-45773
+ RESERVED
+CVE-2022-45772
+ RESERVED
+CVE-2022-45771
+ RESERVED
+CVE-2022-45770
+ RESERVED
+CVE-2022-45769
+ RESERVED
+CVE-2022-45768
+ RESERVED
+CVE-2022-45767
+ RESERVED
+CVE-2022-45766
+ RESERVED
+CVE-2022-45765
+ RESERVED
+CVE-2022-45764
+ RESERVED
+CVE-2022-45763
+ RESERVED
+CVE-2022-45762
+ RESERVED
+CVE-2022-45761
+ RESERVED
+CVE-2022-45760
+ RESERVED
+CVE-2022-45759
+ RESERVED
+CVE-2022-45758
+ RESERVED
+CVE-2022-45757
+ RESERVED
+CVE-2022-45756
+ RESERVED
+CVE-2022-45755
+ RESERVED
+CVE-2022-45754
+ RESERVED
+CVE-2022-45753
+ RESERVED
+CVE-2022-45752
+ RESERVED
+CVE-2022-45751
+ RESERVED
+CVE-2022-45750
+ RESERVED
+CVE-2022-45749
+ RESERVED
+CVE-2022-45748
+ RESERVED
+CVE-2022-45747
+ RESERVED
+CVE-2022-45746
+ RESERVED
+CVE-2022-45745
+ RESERVED
+CVE-2022-45744
+ RESERVED
+CVE-2022-45743
+ RESERVED
+CVE-2022-45742
+ RESERVED
+CVE-2022-45741
+ RESERVED
+CVE-2022-45740
+ RESERVED
+CVE-2022-45739
+ RESERVED
+CVE-2022-45738
+ RESERVED
+CVE-2022-45737
+ RESERVED
+CVE-2022-45736
+ RESERVED
+CVE-2022-45735
+ RESERVED
+CVE-2022-45734
+ RESERVED
+CVE-2022-45733
+ RESERVED
+CVE-2022-45732
+ RESERVED
+CVE-2022-45731
+ RESERVED
+CVE-2022-45730
+ RESERVED
+CVE-2022-45729
+ RESERVED
+CVE-2022-45728
+ RESERVED
+CVE-2022-45727
+ RESERVED
+CVE-2022-45726
+ RESERVED
+CVE-2022-45725
+ RESERVED
+CVE-2022-45724
+ RESERVED
+CVE-2022-45723
+ RESERVED
+CVE-2022-45722
+ RESERVED
+CVE-2022-45721
+ RESERVED
+CVE-2022-45720
+ RESERVED
+CVE-2022-45719
+ RESERVED
+CVE-2022-45718
+ RESERVED
+CVE-2022-45717
+ RESERVED
+CVE-2022-45716
+ RESERVED
+CVE-2022-45715
+ RESERVED
+CVE-2022-45714
+ RESERVED
+CVE-2022-45713
+ RESERVED
+CVE-2022-45712
+ RESERVED
+CVE-2022-45711
+ RESERVED
+CVE-2022-45710
+ RESERVED
+CVE-2022-45709
+ RESERVED
+CVE-2022-45708
+ RESERVED
+CVE-2022-45707
+ RESERVED
+CVE-2022-45706
+ RESERVED
+CVE-2022-45705
+ RESERVED
+CVE-2022-45704
+ RESERVED
+CVE-2022-45703
+ RESERVED
+CVE-2022-45702
+ RESERVED
+CVE-2022-45701
+ RESERVED
+CVE-2022-45700
+ RESERVED
+CVE-2022-45699
+ RESERVED
+CVE-2022-45698
+ RESERVED
+CVE-2022-45697
+ RESERVED
+CVE-2022-45696
+ RESERVED
+CVE-2022-45695
+ RESERVED
+CVE-2022-45694
+ RESERVED
+CVE-2022-45693
+ RESERVED
+CVE-2022-45692
+ RESERVED
+CVE-2022-45691
+ RESERVED
+CVE-2022-45690
+ RESERVED
+CVE-2022-45689
+ RESERVED
+CVE-2022-45688
+ RESERVED
+CVE-2022-45687
+ RESERVED
+CVE-2022-45686
+ RESERVED
+CVE-2022-45685
+ RESERVED
+CVE-2022-45684
+ RESERVED
+CVE-2022-45683
+ RESERVED
+CVE-2022-45682
+ RESERVED
+CVE-2022-45681
+ RESERVED
+CVE-2022-45680
+ RESERVED
+CVE-2022-45679
+ RESERVED
+CVE-2022-45678
+ RESERVED
+CVE-2022-45677
+ RESERVED
+CVE-2022-45676
+ RESERVED
+CVE-2022-45675
+ RESERVED
+CVE-2022-45674
+ RESERVED
+CVE-2022-45673
+ RESERVED
+CVE-2022-45672
+ RESERVED
+CVE-2022-45671
+ RESERVED
+CVE-2022-45670
+ RESERVED
+CVE-2022-45669
+ RESERVED
+CVE-2022-45668
+ RESERVED
+CVE-2022-45667
+ RESERVED
+CVE-2022-45666
+ RESERVED
+CVE-2022-45665
+ RESERVED
+CVE-2022-45664
+ RESERVED
+CVE-2022-45663
+ RESERVED
+CVE-2022-45662
+ RESERVED
+CVE-2022-45661
+ RESERVED
+CVE-2022-45660
+ RESERVED
+CVE-2022-45659
+ RESERVED
+CVE-2022-45658
+ RESERVED
+CVE-2022-45657
+ RESERVED
+CVE-2022-45656
+ RESERVED
+CVE-2022-45655
+ RESERVED
+CVE-2022-45654
+ RESERVED
+CVE-2022-45653
+ RESERVED
+CVE-2022-45652
+ RESERVED
+CVE-2022-45651
+ RESERVED
+CVE-2022-45650
+ RESERVED
+CVE-2022-45649
+ RESERVED
+CVE-2022-45648
+ RESERVED
+CVE-2022-45647
+ RESERVED
+CVE-2022-45646
+ RESERVED
+CVE-2022-45645
+ RESERVED
+CVE-2022-45644
+ RESERVED
+CVE-2022-45643
+ RESERVED
+CVE-2022-45642
+ RESERVED
+CVE-2022-45641
+ RESERVED
+CVE-2022-45640
+ RESERVED
+CVE-2022-45639
+ RESERVED
+CVE-2022-45638
+ RESERVED
+CVE-2022-45637
+ RESERVED
+CVE-2022-45636
+ RESERVED
+CVE-2022-45635
+ RESERVED
+CVE-2022-45634
+ RESERVED
+CVE-2022-45633
+ RESERVED
+CVE-2022-45632
+ RESERVED
+CVE-2022-45631
+ RESERVED
+CVE-2022-45630
+ RESERVED
+CVE-2022-45629
+ RESERVED
+CVE-2022-45628
+ RESERVED
+CVE-2022-45627
+ RESERVED
+CVE-2022-45626
+ RESERVED
+CVE-2022-45625
+ RESERVED
+CVE-2022-45624
+ RESERVED
+CVE-2022-45623
+ RESERVED
+CVE-2022-45622
+ RESERVED
+CVE-2022-45621
+ RESERVED
+CVE-2022-45620
+ RESERVED
+CVE-2022-45619
+ RESERVED
+CVE-2022-45618
+ RESERVED
+CVE-2022-45617
+ RESERVED
+CVE-2022-45616
+ RESERVED
+CVE-2022-45615
+ RESERVED
+CVE-2022-45614
+ RESERVED
+CVE-2022-45613
+ RESERVED
+CVE-2022-45612
+ RESERVED
+CVE-2022-45611
+ RESERVED
+CVE-2022-45610
+ RESERVED
+CVE-2022-45609
+ RESERVED
+CVE-2022-45608
+ RESERVED
+CVE-2022-45607
+ RESERVED
+CVE-2022-45606
+ RESERVED
+CVE-2022-45605
+ RESERVED
+CVE-2022-45604
+ RESERVED
+CVE-2022-45603
+ RESERVED
+CVE-2022-45602
+ RESERVED
+CVE-2022-45601
+ RESERVED
+CVE-2022-45600
+ RESERVED
+CVE-2022-45599
+ RESERVED
+CVE-2022-45598
+ RESERVED
+CVE-2022-45597
+ RESERVED
+CVE-2022-45596
+ RESERVED
+CVE-2022-45595
+ RESERVED
+CVE-2022-45594
+ RESERVED
+CVE-2022-45593
+ RESERVED
+CVE-2022-45592
+ RESERVED
+CVE-2022-45591
+ RESERVED
+CVE-2022-45590
+ RESERVED
+CVE-2022-45589
+ RESERVED
+CVE-2022-45588
+ RESERVED
+CVE-2022-45587
+ RESERVED
+CVE-2022-45586
+ RESERVED
+CVE-2022-45585
+ RESERVED
+CVE-2022-45584
+ RESERVED
+CVE-2022-45583
+ RESERVED
+CVE-2022-45582
+ RESERVED
+CVE-2022-45581
+ RESERVED
+CVE-2022-45580
+ RESERVED
+CVE-2022-45579
+ RESERVED
+CVE-2022-45578
+ RESERVED
+CVE-2022-45577
+ RESERVED
+CVE-2022-45576
+ RESERVED
+CVE-2022-45575
+ RESERVED
+CVE-2022-45574
+ RESERVED
+CVE-2022-45573
+ RESERVED
+CVE-2022-45572
+ RESERVED
+CVE-2022-45571
+ RESERVED
+CVE-2022-45570
+ RESERVED
+CVE-2022-45569
+ RESERVED
+CVE-2022-45568
+ RESERVED
+CVE-2022-45567
+ RESERVED
+CVE-2022-45566
+ RESERVED
+CVE-2022-45565
+ RESERVED
+CVE-2022-45564
+ RESERVED
+CVE-2022-45563
+ RESERVED
+CVE-2022-45562
+ RESERVED
+CVE-2022-45561
+ RESERVED
+CVE-2022-45560
+ RESERVED
+CVE-2022-45559
+ RESERVED
+CVE-2022-45558
+ RESERVED
+CVE-2022-45557
+ RESERVED
+CVE-2022-45556
+ RESERVED
+CVE-2022-45555
+ RESERVED
+CVE-2022-45554
+ RESERVED
+CVE-2022-45553
+ RESERVED
+CVE-2022-45552
+ RESERVED
+CVE-2022-45551
+ RESERVED
+CVE-2022-45550
+ RESERVED
+CVE-2022-45549
+ RESERVED
+CVE-2022-45548
+ RESERVED
+CVE-2022-45547
+ RESERVED
+CVE-2022-45546
+ RESERVED
+CVE-2022-45545
+ RESERVED
+CVE-2022-45544
+ RESERVED
+CVE-2022-45543
+ RESERVED
+CVE-2022-45542
+ RESERVED
+CVE-2022-45541
+ RESERVED
+CVE-2022-45540
+ RESERVED
+CVE-2022-45539
+ RESERVED
+CVE-2022-45538
+ RESERVED
+CVE-2022-45537
+ RESERVED
+CVE-2022-45536
+ RESERVED
+CVE-2022-45535
+ RESERVED
+CVE-2022-45534
+ RESERVED
+CVE-2022-45533
+ RESERVED
+CVE-2022-45532
+ RESERVED
+CVE-2022-45531
+ RESERVED
+CVE-2022-45530
+ RESERVED
+CVE-2022-45529
+ RESERVED
+CVE-2022-45528
+ RESERVED
+CVE-2022-45527
+ RESERVED
+CVE-2022-45526
+ RESERVED
+CVE-2022-45525
+ RESERVED
+CVE-2022-45524
+ RESERVED
+CVE-2022-45523
+ RESERVED
+CVE-2022-45522
+ RESERVED
+CVE-2022-45521
+ RESERVED
+CVE-2022-45520
+ RESERVED
+CVE-2022-45519
+ RESERVED
+CVE-2022-45518
+ RESERVED
+CVE-2022-45517
+ RESERVED
+CVE-2022-45516
+ RESERVED
+CVE-2022-45515
+ RESERVED
+CVE-2022-45514
+ RESERVED
+CVE-2022-45513
+ RESERVED
+CVE-2022-45512
+ RESERVED
+CVE-2022-45511
+ RESERVED
+CVE-2022-45510
+ RESERVED
+CVE-2022-45509
+ RESERVED
+CVE-2022-45508
+ RESERVED
+CVE-2022-45507
+ RESERVED
+CVE-2022-45506
+ RESERVED
+CVE-2022-45505
+ RESERVED
+CVE-2022-45504
+ RESERVED
+CVE-2022-45503
+ RESERVED
+CVE-2022-45502
+ RESERVED
+CVE-2022-45501
+ RESERVED
+CVE-2022-45500
+ RESERVED
+CVE-2022-45499
+ RESERVED
+CVE-2022-45498
+ RESERVED
+CVE-2022-45497
+ RESERVED
+CVE-2022-45496
+ RESERVED
+CVE-2022-45495
+ RESERVED
+CVE-2022-45494
+ RESERVED
+CVE-2022-45493
+ RESERVED
+CVE-2022-45492
+ RESERVED
+CVE-2022-45491
+ RESERVED
+CVE-2022-45490
+ RESERVED
+CVE-2022-45489
+ RESERVED
+CVE-2022-45488
+ RESERVED
+CVE-2022-45487
+ RESERVED
+CVE-2022-45486
+ RESERVED
+CVE-2022-45485
+ RESERVED
+CVE-2022-45484
+ RESERVED
+CVE-2022-4105
+ RESERVED
+CVE-2022-4104
+ RESERVED
+CVE-2022-4103
+ RESERVED
+CVE-2022-4102
+ RESERVED
+CVE-2022-4101
+ RESERVED
+CVE-2022-4100
+ RESERVED
+CVE-2022-4099
+ RESERVED
+CVE-2022-4098
+ RESERVED
+CVE-2022-4097
+ RESERVED
CVE-2022-4096 (Server-Side Request Forgery (SSRF) in GitHub repository appsmithorg/ap ...)
NOT-FOR-US: appsmith
CVE-2022-4095
@@ -104,8 +718,7 @@ CVE-2022-45472
RESERVED
CVE-2022-45471 (In JetBrains Hub before 2022.3.15181 Throttling was missed when sendin ...)
NOT-FOR-US: JetBrains Hub
-CVE-2022-45470
- RESERVED
+CVE-2022-45470 (** UNSUPPORTED WHEN ASSIGNED ** missing input validation in Apache Ham ...)
NOT-FOR-US: Apache Hama
CVE-2022-44456
RESERVED
@@ -342,8 +955,8 @@ CVE-2022-45424
RESERVED
CVE-2022-45423
RESERVED
-CVE-2022-45422
- RESERVED
+CVE-2022-45422 (When LG SmartShare is installed, local privilege escalation is possibl ...)
+ TODO: check
CVE-2022-45122
RESERVED
CVE-2022-45113
@@ -1308,7 +1921,8 @@ CVE-2022-3955 (A vulnerability was found in tholum crm42. It has been rated as c
NOT-FOR-US: tholum crm42
CVE-2022-3954
RESERVED
-CVE-2022-3953 (A vulnerability was found in Exiv2. It has been classified as problema ...)
+CVE-2022-3953
+ REJECTED
- exiv2 <unfixed>
NOTE: https://github.com/Exiv2/exiv2/commit/771ead87321ae6e39e5c9f6f0855c58cde6648f1
NOTE: https://github.com/Exiv2/exiv2/pull/2394
@@ -1336,8 +1950,8 @@ CVE-2022-3943 (A vulnerability was found in ForU CMS. It has been classified as
NOT-FOR-US: ForU CMS
CVE-2022-3942 (A vulnerability was found in SourceCodester Sanitization Management Sy ...)
NOT-FOR-US: SourceCodester Sanitization Management System
-CVE-2022-45146
- RESERVED
+CVE-2022-45146 (An issue was discovered in the FIPS Java API of Bouncy Castle BC-FJA b ...)
+ TODO: check
CVE-2022-45145
RESERVED
CVE-2022-45144
@@ -1768,18 +2382,18 @@ CVE-2022-45019
RESERVED
CVE-2022-45018
RESERVED
-CVE-2022-45017
- RESERVED
-CVE-2022-45016
- RESERVED
-CVE-2022-45015
- RESERVED
-CVE-2022-45014
- RESERVED
-CVE-2022-45013
- RESERVED
-CVE-2022-45012
- RESERVED
+CVE-2022-45017 (A cross-site scripting (XSS) vulnerability in the Overview Page settin ...)
+ TODO: check
+CVE-2022-45016 (A cross-site scripting (XSS) vulnerability in the Search Settings modu ...)
+ TODO: check
+CVE-2022-45015 (A cross-site scripting (XSS) vulnerability in the Search Settings modu ...)
+ TODO: check
+CVE-2022-45014 (A cross-site scripting (XSS) vulnerability in the Search Settings modu ...)
+ TODO: check
+CVE-2022-45013 (A cross-site scripting (XSS) vulnerability in the Show Advanced Option ...)
+ TODO: check
+CVE-2022-45012 (A cross-site scripting (XSS) vulnerability in the Modify Page module o ...)
+ TODO: check
CVE-2022-45011
RESERVED
CVE-2022-45010
@@ -2142,8 +2756,8 @@ CVE-2022-44832
RESERVED
CVE-2022-44831
RESERVED
-CVE-2022-44830
- RESERVED
+CVE-2022-44830 (Sourcecodester Event Registration App v1.0 was discovered to contain m ...)
+ TODO: check
CVE-2022-44829
RESERVED
CVE-2022-44828
@@ -2450,8 +3064,8 @@ CVE-2022-44715
RESERVED
CVE-2022-3862
RESERVED
-CVE-2022-3861
- RESERVED
+CVE-2022-3861 (The Betheme theme for WordPress is vulnerable to PHP Object Injection ...)
+ TODO: check
CVE-2022-3860
RESERVED
CVE-2022-3859
@@ -3592,22 +4206,22 @@ CVE-2022-44656
RESERVED
CVE-2022-44655
RESERVED
-CVE-2022-44654
- RESERVED
-CVE-2022-44653
- RESERVED
-CVE-2022-44652
- RESERVED
-CVE-2022-44651
- RESERVED
-CVE-2022-44650
- RESERVED
-CVE-2022-44649
- RESERVED
-CVE-2022-44648
- RESERVED
-CVE-2022-44647
- RESERVED
+CVE-2022-44654 (Affected builds of Trend Micro Apex One and Apex One as a Service cont ...)
+ TODO: check
+CVE-2022-44653 (A security agent directory traversal vulnerability in Trend Micro Apex ...)
+ TODO: check
+CVE-2022-44652 (An improper handling of exceptional conditions vulnerability in Trend ...)
+ TODO: check
+CVE-2022-44651 (A Time-of-Check Time-Of-Use vulnerability in the Trend Micro Apex One ...)
+ TODO: check
+CVE-2022-44650 (A memory corruption vulnerability in the Unauthorized Change Preventio ...)
+ TODO: check
+CVE-2022-44649 (An out-of-bounds access vulnerability in the Unauthorized Change Preve ...)
+ TODO: check
+CVE-2022-44648 (An Out-of-bounds read vulnerability in Trend Micro Apex One and Apex O ...)
+ TODO: check
+CVE-2022-44647 (An Out-of-bounds read vulnerability in Trend Micro Apex One and Apex O ...)
+ TODO: check
CVE-2022-44646 (In JetBrains TeamCity version before 2022.10, no audit items were adde ...)
NOT-FOR-US: JetBrains TeamCity
CVE-2022-44645
@@ -4313,10 +4927,10 @@ CVE-2022-3765 (Cross-site Scripting (XSS) - Stored in GitHub repository thorsten
NOT-FOR-US: phpmyfaq
CVE-2022-3764
RESERVED
-CVE-2022-3763
- RESERVED
-CVE-2022-3762
- RESERVED
+CVE-2022-3763 (The Booster for WooCommerce WordPress plugin before 5.6.7, Booster Plu ...)
+ TODO: check
+CVE-2022-3762 (The Booster for WooCommerce WordPress plugin before 5.6.7, Booster Plu ...)
+ TODO: check
CVE-2022-3761
RESERVED
CVE-2023-20853
@@ -4859,48 +5473,48 @@ CVE-2022-44185
RESERVED
CVE-2022-44184
RESERVED
-CVE-2022-44183
- RESERVED
+CVE-2022-44183 (Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via function ...)
+ TODO: check
CVE-2022-44182
RESERVED
CVE-2022-44181
RESERVED
-CVE-2022-44180
- RESERVED
+CVE-2022-44180 (Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via function ...)
+ TODO: check
CVE-2022-44179
RESERVED
-CVE-2022-44178
- RESERVED
-CVE-2022-44177
- RESERVED
-CVE-2022-44176
- RESERVED
-CVE-2022-44175
- RESERVED
-CVE-2022-44174
- RESERVED
+CVE-2022-44178 (Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow. via function ...)
+ TODO: check
+CVE-2022-44177 (Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via function ...)
+ TODO: check
+CVE-2022-44176 (Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via function ...)
+ TODO: check
+CVE-2022-44175 (Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via function ...)
+ TODO: check
+CVE-2022-44174 (Tenda AC18 V15.03.05.05 is vulnerable to Buffer Overflow via function ...)
+ TODO: check
CVE-2022-44173
RESERVED
-CVE-2022-44172
- RESERVED
-CVE-2022-44171
- RESERVED
+CVE-2022-44172 (Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via function ...)
+ TODO: check
+CVE-2022-44171 (Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via function ...)
+ TODO: check
CVE-2022-44170
RESERVED
-CVE-2022-44169
- RESERVED
-CVE-2022-44168
- RESERVED
-CVE-2022-44167
- RESERVED
+CVE-2022-44169 (Tenda AC15 V15.03.05.18 is vulnerable to Buffer Overflow via function ...)
+ TODO: check
+CVE-2022-44168 (Tenda AC15 V15.03.05.18 is vulnerable to Buffer Overflow via function ...)
+ TODO: check
+CVE-2022-44167 (Tenda AC15 V15.03.05.18 is avulnerable to Buffer Overflow via function ...)
+ TODO: check
CVE-2022-44166
RESERVED
CVE-2022-44165
RESERVED
CVE-2022-44164
RESERVED
-CVE-2022-44163
- RESERVED
+CVE-2022-44163 (Tenda AC21 V16.03.08.15 is vulnerable to Buffer Overflow via function ...)
+ TODO: check
CVE-2022-44162
RESERVED
CVE-2022-44161
@@ -4909,12 +5523,12 @@ CVE-2022-44160
RESERVED
CVE-2022-44159
RESERVED
-CVE-2022-44158
- RESERVED
+CVE-2022-44158 (Tenda AC21 V16.03.08.15 is vulnerable to Buffer Overflow via function ...)
+ TODO: check
CVE-2022-44157
RESERVED
-CVE-2022-44156
- RESERVED
+CVE-2022-44156 (Tenda AC15 V15.03.05.19 is vulnerable to Buffer Overflow via function ...)
+ TODO: check
CVE-2022-44155
RESERVED
CVE-2022-44154
@@ -5237,24 +5851,27 @@ CVE-2022-43999 (An issue was discovered in BACKCLICK Professional 5.9.63. Due to
NOT-FOR-US: BACKCLICK Professional
CVE-2022-43998
RESERVED
-CVE-2022-3757 (A vulnerability was found in Exiv2. It has been declared as critical. ...)
+CVE-2022-3757
+ REJECTED
- exiv2 <not-affected> (Vulnerable code not present)
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=50901
NOTE: Issue introduced after: https://github.com/Exiv2/exiv2/commit/e4adf388aaaccccaf08fc0fc38419a5b0117b299
NOTE: Fixed by: https://github.com/Exiv2/exiv2/commit/d3651fdbd352cbaf259f89abf7557da343339378
-CVE-2022-3756 (A vulnerability was found in Exiv2. It has been classified as critical ...)
+CVE-2022-3756
+ REJECTED
{DLA-3186-1}
- exiv2 <unfixed>
NOTE: Fixed by: https://github.com/Exiv2/exiv2/commit/bf4f28b727bdedbd7c88179c30d360e54568a62e
-CVE-2022-3755 (A vulnerability was found in Exiv2 and classified as problematic. This ...)
+CVE-2022-3755
+ REJECTED
- exiv2 <not-affected> (Vulnerable code not present)
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=52382
NOTE: Issue introduced after: https://github.com/Exiv2/exiv2/commit/e4adf388aaaccccaf08fc0fc38419a5b0117b299
NOTE: Fixed by: https://github.com/Exiv2/exiv2/commit/6bb956ad808590ce2321b9ddf6772974da27c4ca
CVE-2022-3754 (Weak Password Requirements in GitHub repository thorsten/phpmyfaq prio ...)
NOT-FOR-US: phpmyfaq
-CVE-2022-3753
- RESERVED
+CVE-2022-3753 (The Evaluate WordPress plugin through 1.0 does not sanitize and escape ...)
+ TODO: check
CVE-2022-43997
RESERVED
CVE-2022-43996
@@ -5301,8 +5918,8 @@ CVE-2022-43979
RESERVED
CVE-2022-43978
RESERVED
-CVE-2022-3750
- RESERVED
+CVE-2022-3750 (The has a CSRF vulnerability that allows the deletion of a post withou ...)
+ TODO: check
CVE-2022-3749
RESERVED
CVE-2022-3748
@@ -7153,19 +7770,22 @@ CVE-2022-3722
RESERVED
CVE-2022-3721 (Code Injection in GitHub repository froxlor/froxlor prior to 0.10.39. ...)
- froxlor <itp> (bug #581792)
-CVE-2022-3720
- RESERVED
-CVE-2022-3719 (A vulnerability has been found in Exiv2 and classified as critical. Th ...)
+CVE-2022-3720 (The Event Monster WordPress plugin before 1.2.0 does not validate and ...)
+ TODO: check
+CVE-2022-3719
+ REJECTED
- exiv2 <not-affected> (Vulnerable code not present)
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=51707
NOTE: Introduced by: https://github.com/Exiv2/exiv2/commit/e4adf388aaaccccaf08fc0fc38419a5b0117b299
NOTE: Fixed by: https://github.com/Exiv2/exiv2/commit/a38e124076138e529774d5ec9890d0731058115a
-CVE-2022-3718 (A vulnerability, which was classified as problematic, was found in Exi ...)
+CVE-2022-3718
+ REJECTED
- exiv2 <not-affected> (Vulnerable code not present)
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=52053
NOTE: Issue introduced after: https://github.com/Exiv2/exiv2/commit/e4adf388aaaccccaf08fc0fc38419a5b0117b299
NOTE: Fixed by: https://github.com/Exiv2/exiv2/commit/459910c36a21369c09b75bcfa82f287c9da56abf
-CVE-2022-3717 (A vulnerability, which was classified as critical, has been found in E ...)
+CVE-2022-3717
+ REJECTED
- exiv2 <not-affected> (Vulnerable code not present)
NOTE: Introduced by: https://github.com/Exiv2/exiv2/commit/9a6ee59421fdfa0745a5f494a3dd19af78b03ce7
NOTE: Fixed by: https://github.com/Exiv2/exiv2/commit/a58e52ed702d3bc7b8bab7ec1d70a4849eebece3
@@ -7603,14 +8223,14 @@ CVE-2022-3693
RESERVED
CVE-2022-3692
RESERVED
-CVE-2022-3691
- RESERVED
-CVE-2022-3690
- RESERVED
+CVE-2022-3691 (The DeepL Pro API translation plugin WordPress plugin before 1.7.5 dis ...)
+ TODO: check
+CVE-2022-3690 (The Popup Maker WordPress plugin before 1.16.11 does not sanitise and ...)
+ TODO: check
CVE-2022-3689
RESERVED
-CVE-2022-3688
- RESERVED
+CVE-2022-3688 (The WPQA Builder WordPress plugin before 5.9 does not have CSRF check ...)
+ TODO: check
CVE-2022-43760
RESERVED
CVE-2022-43759
@@ -8453,8 +9073,8 @@ CVE-2022-3635 (A vulnerability, which was classified as critical, has been found
[bullseye] - linux 5.10.140-1
[buster] - linux 4.19.260-1
NOTE: https://git.kernel.org/linus/3f4093e2bf4673f218c0bf17d8362337c400e77b (6.0-rc1)
-CVE-2022-3634
- RESERVED
+CVE-2022-3634 (The Contact Form 7 Database Addon WordPress plugin before 1.2.6.5 does ...)
+ TODO: check
CVE-2022-3633 (A vulnerability classified as problematic has been found in Linux Kern ...)
{DLA-3173-1}
- linux 5.19.6-1
@@ -8519,8 +9139,8 @@ CVE-2022-3619 (A vulnerability has been found in Linux Kernel and classified as
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/7c9524d929648935bac2bbb4c20437df8f9c3f42
-CVE-2022-3618
- RESERVED
+CVE-2022-3618 (The Spacer WordPress plugin before 3.0.7 does not sanitize and escapes ...)
+ TODO: check
CVE-2022-3617
RESERVED
CVE-2022-3616 (Attackers can create long chains of CAs that would lead to OctoRPKI ex ...)
@@ -8564,8 +9184,8 @@ CVE-2022-3602 (A buffer overrun can be triggered in X.509 certificate verificati
NOTE: https://github.com/colmmacc/CVE-2022-3602
CVE-2022-3601
RESERVED
-CVE-2022-3600
- RESERVED
+CVE-2022-3600 (The Easy Digital Downloads WordPress plugin before 3.1.0.2 does not va ...)
+ TODO: check
CVE-2022-3599 (LibTIFF 4.4.0 has an out-of-bounds read in writeSingleSection in tools ...)
- tiff 4.4.0-5 (bug #1022555)
NOTE: https://gitlab.com/libtiff/libtiff/-/commit/e813112545942107551433d61afd16ac094ff246
@@ -8685,8 +9305,8 @@ CVE-2022-3591
RESERVED
CVE-2022-3590
RESERVED
-CVE-2022-3589
- RESERVED
+CVE-2022-3589 (An API Endpoint used by Miele's "AppWash" MobileApp in all versions wa ...)
+ TODO: check
CVE-2022-3588
RESERVED
CVE-2022-3587 (A vulnerability was found in SourceCodester Simple Cold Storage Manage ...)
@@ -9334,8 +9954,8 @@ CVE-2022-43119 (A cross-site scripting (XSS) vulnerability in Clansphere CMS v20
NOT-FOR-US: Clansphere CMS
CVE-2022-43118 (A cross-site scripting (XSS) vulnerability in flatCore-CMS v2.1.0 allo ...)
NOT-FOR-US: flatCore-CMS
-CVE-2022-43117
- RESERVED
+CVE-2022-43117 (Sourcecodester Password Storage Application in PHP/OOP and MySQL 1.0 w ...)
+ TODO: check
CVE-2022-43116
RESERVED
CVE-2022-43115
@@ -12295,8 +12915,8 @@ CVE-2022-38143
RESERVED
CVE-2022-36354
RESERVED
-CVE-2022-3388
- RESERVED
+CVE-2022-3388 (Improper Input Validation vulnerability in Hitachi Energy MicroSCADA P ...)
+ TODO: check
CVE-2022-3387 (Advantech R-SeeNet Versions 2.4.19 and prior are vulnerable to path tr ...)
NOT-FOR-US: Advantech R-SeeNet
CVE-2022-3386 (Advantech R-SeeNet Versions 2.4.17 and prior are vulnerable to a stack ...)
@@ -12596,7 +13216,8 @@ CVE-2022-41853 (Those using java.sql.Statement or java.sql.PreparedStatement in
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=50212#c7
NOTE: http://hsqldb.org/doc/2.0/guide/sqlroutines-chapt.html#src_jrt_access_control
NOTE: https://sourceforge.net/p/hsqldb/svn/6614/
-CVE-2022-41852 (** DISPUTED ** This record was originally reported by the oss-fuzz pro ...)
+CVE-2022-41852
+ REJECTED
- libcommons-jxpath-java <unfixed> (unimportant)
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47133
NOTE: https://github.com/apache/commons-jxpath/pull/25
@@ -13335,8 +13956,8 @@ CVE-2022-3338 (An External XML entity (XXE) vulnerability in ePO prior to 5.10 U
NOT-FOR-US: Trellix ePolicy Orchestrator
CVE-2022-3337 (It was possible for a user to delete a VPN profile from WARP mobile cl ...)
NOT-FOR-US: Cloudflare
-CVE-2022-3336
- RESERVED
+CVE-2022-3336 (The Event Monster WordPress plugin before 1.2.0 does not have CSRF che ...)
+ TODO: check
CVE-2022-3335 (The Kadence WooCommerce Email Designer WordPress plugin before 1.5.7 u ...)
NOT-FOR-US: WordPress plugin
CVE-2022-3334 (The Easy WP SMTP WordPress plugin before 1.5.0 unserialises the conten ...)
@@ -14758,8 +15379,8 @@ CVE-2022-41032 (NuGet Client Elevation of Privilege Vulnerability. ...)
NOTE: https://github.com/NuGet/NuGet.Client/commit/3c1bf9decc8a114c091a6164c42f524ae2bb1e21 (6.3.1.1)
CVE-2022-41031 (Microsoft Word Remote Code Execution Vulnerability. ...)
NOT-FOR-US: Microsoft
-CVE-2022-40129
- RESERVED
+CVE-2022-40129 (A use-after-free vulnerability exists in the JavaScript engine of Foxi ...)
+ TODO: check
CVE-2022-41030
RESERVED
CVE-2022-41029
@@ -15384,8 +16005,8 @@ CVE-2022-40748 (IBM InfoSphere Information Server 11.7 is vulnerable to cross-si
NOT-FOR-US: IBM
CVE-2022-40747 ("IBM InfoSphere Information Server 11.7 is vulnerable to an XML Extern ...)
NOT-FOR-US: IBM
-CVE-2022-40746
- RESERVED
+CVE-2022-40746 (IBM i Access Family 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.0 co ...)
+ TODO: check
CVE-2022-40745
RESERVED
CVE-2022-40744
@@ -15702,12 +16323,12 @@ CVE-2022-40634 (Improper Control of Dynamically-Managed Code Resources vulnerabi
NOT-FOR-US: Crafter Studio of Crafter CMS
CVE-2022-40631 (A vulnerability has been identified in SCALANCE X200-4P IRT (All versi ...)
NOT-FOR-US: Siemens
-CVE-2022-38097
- RESERVED
-CVE-2022-37332
- RESERVED
-CVE-2022-32774
- RESERVED
+CVE-2022-38097 (A use-after-free vulnerability exists in the JavaScript engine of Foxi ...)
+ TODO: check
+CVE-2022-37332 (A use-after-free vulnerability exists in the JavaScript engine of Foxi ...)
+ TODO: check
+CVE-2022-32774 (A use-after-free vulnerability exists in the JavaScript engine of Foxi ...)
+ TODO: check
CVE-2022-3209 (The soledad WordPress theme before 8.2.5 does not sanitise the {id,dat ...)
NOT-FOR-US: WordPress theme
CVE-2022-3208 (The Simple File List WordPress plugin before 4.4.12 does not implement ...)
@@ -16138,8 +16759,8 @@ CVE-2022-40472 (ZKTeco Xiamen Information Technology ZKBio Time 8.0.7 Build: 202
NOT-FOR-US: ZKTeco Xiamen Information Technology ZKBio Time
CVE-2022-40471 (Remote Code Execution in Clinic's Patient Management System v 1.0 allo ...)
NOT-FOR-US: Clinic's Patient Management System
-CVE-2022-40470
- RESERVED
+CVE-2022-40470 (Phpgurukul Blood Donor Management System 1.0 allows Cross Site Scripti ...)
+ TODO: check
CVE-2022-40469 (iKuai OS v3.6.7 was discovered to contain an authenticated remote code ...)
NOT-FOR-US: iKuai8
CVE-2022-40468 (Potential leak of left-over heap data if custom error page templates c ...)
@@ -16843,7 +17464,8 @@ CVE-2022-40163
RESERVED
CVE-2022-40162
RESERVED
-CVE-2022-40161 (** DISPUTED ** This record was originally reported by the oss-fuzz pro ...)
+CVE-2022-40161
+ REJECTED
- libcommons-jxpath-java <unfixed>
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47097
CVE-2022-40160 (** DISPUTED ** This record was originally reported by the oss-fuzz pro ...)
@@ -16852,10 +17474,12 @@ CVE-2022-40160 (** DISPUTED ** This record was originally reported by the oss-fu
CVE-2022-40159 (** DISPUTED ** This record was originally reported by the oss-fuzz pro ...)
- libcommons-jxpath-java <unfixed>
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47057
-CVE-2022-40158 (** DISPUTED ** This record was originally reported by the oss-fuzz pro ...)
+CVE-2022-40158
+ REJECTED
- libcommons-jxpath-java <unfixed>
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47058
-CVE-2022-40157 (** DISPUTED ** This record was originally reported by the oss-fuzz pro ...)
+CVE-2022-40157
+ REJECTED
- libcommons-jxpath-java <unfixed>
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47061
CVE-2022-40156 (Those using Xstream to seralize XML data may be vulnerable to Denial o ...)
@@ -19139,7 +19763,7 @@ CVE-2022-3099 (Use After Free in GitHub repository vim/vim prior to 9.0.0360. ..
NOTE: https://github.com/vim/vim/commit/35d21c6830fc2d68aca838424a0e786821c5891c (v9.0.0360)
CVE-2022-3098 (The Login Block IPs WordPress plugin through 1.0.0 does not have CSRF ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-3097 (The LBStopAttack WordPress plugin through 1.1.2 does not use nonces wh ...)
+CVE-2022-3097 (The LBstopattack WordPress plugin before 1.1.3 does not use nonces whe ...)
NOT-FOR-US: WordPress plugin
CVE-2022-3096 (The WP Total Hacks WordPress plugin through 4.7.2 does not prevent low ...)
NOT-FOR-US: WordPress plugin
@@ -20412,8 +21036,8 @@ CVE-2022-38757
RESERVED
CVE-2022-38756
RESERVED
-CVE-2022-38755
- RESERVED
+CVE-2022-38755 (A vulnerability has been identified in Micro Focus Filr in versions pr ...)
+ TODO: check
CVE-2022-38754
RESERVED
CVE-2022-38753
@@ -21921,7 +22545,7 @@ CVE-2022-38336
RESERVED
CVE-2022-38335 (Vtiger CRM v7.4.0 was discovered to contain a stored cross-site script ...)
NOT-FOR-US: Vtiger CRM
-CVE-2022-38334 (XPDF v4.04 was discovered to contain a stack overflow via the function ...)
+CVE-2022-38334 (XPDF v4.04 and earlier was discovered to contain a stack overflow via ...)
- xpdf <not-affected> (Debian uses poppler, which is not affected)
CVE-2022-38333 (Openwrt before v21.02.3 and Openwrt v22.03.0-rc6 were discovered to co ...)
NOT-FOR-US: OpenWrt
@@ -22439,7 +23063,7 @@ CVE-2022-38167 (The Nintex Workflow plugin 5.2.2.30 for SharePoint allows XSS. .
NOT-FOR-US: Nintex Workflow plugin for SharePoint
CVE-2022-38166
RESERVED
-CVE-2022-38165 (WithSecure through 2022-08-10 allows attackers to cause a denial of se ...)
+CVE-2022-38165 (Arbitrary file write in F-Secure Policy Manager through 2022-08-10 all ...)
NOT-FOR-US: WithSecure
CVE-2022-38164 (WithSecure through 2022-08-10 allows attackers to cause a denial of se ...)
NOT-FOR-US: WithSecure
@@ -22475,12 +23099,12 @@ CVE-2022-38151
RESERVED
CVE-2022-38149 (HashiCorp Consul Template up to 0.27.2, 0.28.2, and 0.29.1 may expose ...)
NOT-FOR-US: Consul Template
-CVE-2022-38148
- RESERVED
+CVE-2022-38148 (Silverstripe silverstripe/framework through 4.11 allows SQL Injection. ...)
+ TODO: check
CVE-2022-38147
RESERVED
-CVE-2022-38146
- RESERVED
+CVE-2022-38146 (Silverstripe silverstripe/framework through 4.11 allows XSS (issue 2 o ...)
+ TODO: check
CVE-2022-38145
RESERVED
CVE-2022-38133 (In JetBrains TeamCity before 2022.04.3 the private SSH key could be wr ...)
@@ -28241,8 +28865,8 @@ CVE-2022-35899 (There is an unquoted service path in ASUSTeK Aura Ready Game SDK
NOT-FOR-US: ASUSTeK
CVE-2022-35898
RESERVED
-CVE-2022-35897
- RESERVED
+CVE-2022-35897 (An stack buffer overflow vulnerability leads to arbitrary code executi ...)
+ TODO: check
CVE-2022-35896 (An issue SMM memory leak vulnerability in SMM driver (SMRAM was discov ...)
NOT-FOR-US: Insyde
CVE-2022-35895 (An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5. ...)
@@ -33161,7 +33785,8 @@ CVE-2022-2156 (Use after free in Core in Google Chrome prior to 103.0.5060.53 al
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2022-2155
RESERVED
-CVE-2022-2154 (Duplicate to Intel's CVE-2022-34345. It is also identified by Intel as ...)
+CVE-2022-2154
+ REJECTED
NOT-FOR-US: Intel
CVE-2022-2153 (A flaw was found in the Linux kernel’s KVM when attempting to se ...)
{DSA-5173-1 DLA-3173-1 DLA-3131-1 DLA-3065-1}
@@ -44170,14 +44795,14 @@ CVE-2022-1583 (The External Links in New Window / New Tab WordPress plugin befor
NOT-FOR-US: WordPress plugin
CVE-2022-1582 (The External Links in New Window / New Tab WordPress plugin before 1.4 ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-1581
- RESERVED
+CVE-2022-1581 (The WP-Polls WordPress plugin before 2.76.0 prioritizes getting a visi ...)
+ TODO: check
CVE-2022-1580 (The Site Offline Or Coming Soon Or Maintenance Mode WordPress plugin b ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-1579
- RESERVED
-CVE-2022-1578
- RESERVED
+CVE-2022-1579 (The function check_is_login_page() uses headers for the IP check, whic ...)
+ TODO: check
+CVE-2022-1578 (The My wpdb WordPress plugin before 2.5 is missing CSRF check when run ...)
+ TODO: check
CVE-2022-1577 (The Database Backup for WordPress plugin before 2.5.2 does not have CS ...)
NOT-FOR-US: WordPress plugin
CVE-2022-1576 (The WP Maintenance Mode & Coming Soon WordPress plugin before 2.4. ...)
@@ -47385,7 +48010,7 @@ CVE-2022-1334 (The WP YouTube Live WordPress plugin before 1.8.3 does not valida
NOT-FOR-US: WordPress plugin
CVE-2022-1333 (Mattermost Playbooks plugin v1.24.0 and earlier fails to properly chec ...)
NOT-FOR-US: Mattermost Playbooks plugin
-CVE-2015-20107 (In Python (aka CPython) through 3.10.4, the mailcap module does not ad ...)
+CVE-2015-20107 (In Python (aka CPython) up to 3.10.8, the mailcap module does not add ...)
- python3.10 3.10.6-1
- python3.9 <unfixed>
[bullseye] - python3.9 <no-dsa> (Minor issue)
@@ -61951,8 +62576,8 @@ CVE-2022-0423 (The 3D FlipBook WordPress plugin before 1.12.1 does not have auth
NOT-FOR-US: WordPress plugin
CVE-2022-0422 (The White Label CMS WordPress plugin before 2.2.9 does not sanitise an ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-0421
- RESERVED
+CVE-2022-0421 (The Five Star Restaurant Reservations WordPress plugin before 2.4.12 d ...)
+ TODO: check
CVE-2022-0420 (The RegistrationMagic WordPress plugin before 5.0.2.2 does not sanitis ...)
NOT-FOR-US: WordPress plugin
CVE-2022-24271
@@ -129625,8 +130250,8 @@ CVE-2021-24651 (The Poll Maker WordPress plugin before 3.4.2 allows unauthentica
NOT-FOR-US: WordPress plugin
CVE-2021-24650
RESERVED
-CVE-2021-24649
- RESERVED
+CVE-2021-24649 (The WP User Frontend WordPress plugin before 3.5.29 uses a user suppli ...)
+ TODO: check
CVE-2021-24648 (The RegistrationMagic WordPress plugin before 5.0.1.9 does not sanitis ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24647 (The Registration Forms – User profile, Content Restriction, Spam ...)
@@ -202995,7 +203620,8 @@ CVE-2019-20419 (Affected versions of Atlassian Jira Server and Data Center allow
NOT-FOR-US: Atlassian
CVE-2019-20418 (Affected versions of Atlassian Jira Server and Data Center allow remot ...)
NOT-FOR-US: Atlassian
-CVE-2019-20417 (NOTE: This candidate is a duplicate of CVE-2019-15011. All CVE users s ...)
+CVE-2019-20417
+ REJECTED
NOT-FOR-US: Atlassian
CVE-2019-20416 (Affected versions of Atlassian Jira Server and Data Center allow remot ...)
NOT-FOR-US: Atlassian
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/93cf03ab073cc41b30998b3b800d11906bd16b30
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/93cf03ab073cc41b30998b3b800d11906bd16b30
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221121/ae1774b4/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list