[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Nov 22 08:10:24 GMT 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
1d0a5186 by security tracker role at 2022-11-22T08:10:12+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,29 @@
+CVE-2022-45785
+ RESERVED
+CVE-2022-45784
+ RESERVED
+CVE-2022-45783
+ RESERVED
+CVE-2022-45782
+ RESERVED
+CVE-2022-4114
+ RESERVED
+CVE-2022-4113
+ RESERVED
+CVE-2022-4112
+ RESERVED
+CVE-2022-4111 (What happens if a bot net starts uploading 100MB files from 100 machin ...)
+ TODO: check
+CVE-2022-4110
+ RESERVED
+CVE-2022-4109
+ RESERVED
+CVE-2022-4108
+ RESERVED
+CVE-2022-4107
+ RESERVED
+CVE-2022-4106
+ RESERVED
CVE-2022-45781
RESERVED
CVE-2022-45780
@@ -594,8 +620,8 @@ CVE-2022-45485
RESERVED
CVE-2022-45484
RESERVED
-CVE-2022-4105
- RESERVED
+CVE-2022-4105 (A stored XSS in a kiwi Test Plan can run malicious javascript which co ...)
+ TODO: check
CVE-2022-4104
RESERVED
CVE-2022-4103
@@ -2839,16 +2865,16 @@ CVE-2022-44790
RESERVED
CVE-2022-44789
RESERVED
-CVE-2022-44788
- RESERVED
-CVE-2022-44787
- RESERVED
-CVE-2022-44786
- RESERVED
-CVE-2022-44785
- RESERVED
-CVE-2022-44784
- RESERVED
+CVE-2022-44788 (An issue was discovered in Appalti & Contratti 9.12.2. It allows S ...)
+ TODO: check
+CVE-2022-44787 (An issue was discovered in Appalti & Contratti 9.12.2. The web app ...)
+ TODO: check
+CVE-2022-44786 (An issue was discovered in Appalti & Contratti 9.12.2. The target ...)
+ TODO: check
+CVE-2022-44785 (An issue was discovered in Appalti & Contratti 9.12.2. The target ...)
+ TODO: check
+CVE-2022-44784 (An issue was discovered in Appalti & Contratti 9.12.2. The target ...)
+ TODO: check
CVE-2022-44619
RESERVED
CVE-2022-44610
@@ -8323,12 +8349,12 @@ CVE-2022-43711
RESERVED
CVE-2022-43710
RESERVED
-CVE-2022-43709
- RESERVED
-CVE-2022-43708
- RESERVED
-CVE-2022-43707
- RESERVED
+CVE-2022-43709 (MyBB 1.8.31 has a SQL injection vulnerability in the Admin CP's Users ...)
+ TODO: check
+CVE-2022-43708 (MyBB 1.8.31 has a (issue 2 of 2) cross-site scripting (XSS) vulnerabil ...)
+ TODO: check
+CVE-2022-43707 (MyBB 1.8.31 has a Cross-site scripting (XSS) vulnerability in the visu ...)
+ TODO: check
CVE-2022-43706
RESERVED
CVE-2022-43705 [malicious OCSP responder could forge OCSP responses]
@@ -8383,8 +8409,8 @@ CVE-2022-43687 (Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0
NOT-FOR-US: Concrete CMS
CVE-2022-43686 (In Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 an ...)
NOT-FOR-US: Concrete CMS
-CVE-2022-43685
- RESERVED
+CVE-2022-43685 (CKAN through 2.9.6 account takeovers by unauthenticated users when an ...)
+ TODO: check
CVE-2022-43684
RESERVED
CVE-2022-43683
@@ -9728,10 +9754,10 @@ CVE-2022-43217
RESERVED
CVE-2022-43216
RESERVED
-CVE-2022-43215
- RESERVED
-CVE-2022-43214
- RESERVED
+CVE-2022-43215 (Billing System Project v1.0 was discovered to contain a SQL injection ...)
+ TODO: check
+CVE-2022-43214 (Billing System Project v1.0 was discovered to contain a SQL injection ...)
+ TODO: check
CVE-2022-43213
RESERVED
CVE-2022-43212
@@ -9875,8 +9901,8 @@ CVE-2022-43145
RESERVED
CVE-2022-43144 (A cross-site scripting (XSS) vulnerability in Canteen Management Syste ...)
NOT-FOR-US: Canteen Management System
-CVE-2022-43143
- RESERVED
+CVE-2022-43143 (A cross-site scripting (XSS) vulnerability in Beekeeper Studio v3.6.6 ...)
+ TODO: check
CVE-2022-43142 (A cross-site scripting (XSS) vulnerability in the add-fee.php componen ...)
NOT-FOR-US: Password Storage Application
CVE-2022-43141
@@ -12661,8 +12687,8 @@ CVE-2022-42098
RESERVED
CVE-2022-42097
RESERVED
-CVE-2022-42096
- RESERVED
+CVE-2022-42096 (Backdrop CMS version 1.23.0 was discovered to contain a stored cross-s ...)
+ TODO: check
CVE-2022-42095
RESERVED
CVE-2022-42094
@@ -12888,7 +12914,7 @@ CVE-2022-38143
RESERVED
CVE-2022-36354
RESERVED
-CVE-2022-3388 (Improper Input Validation vulnerability in Hitachi Energy MicroSCADA P ...)
+CVE-2022-3388 (An input validation vulnerability exists in the Monitor Pro interface ...)
NOT-FOR-US: MicroSCADA
CVE-2022-3387 (Advantech R-SeeNet Versions 2.4.19 and prior are vulnerable to path tr ...)
NOT-FOR-US: Advantech R-SeeNet
@@ -12988,8 +13014,8 @@ CVE-2022-41947
RESERVED
CVE-2022-41946
RESERVED
-CVE-2022-41945
- RESERVED
+CVE-2022-41945 (super-xray is a vulnerability scanner (xray) GUI launcher. In version ...)
+ TODO: check
CVE-2022-41944
RESERVED
CVE-2022-41943
@@ -12998,16 +13024,16 @@ CVE-2022-41942
RESERVED
CVE-2022-41941
RESERVED
-CVE-2022-41940
- RESERVED
+CVE-2022-41940 (Engine.IO is the implementation of transport-based cross-browser/cross ...)
+ TODO: check
CVE-2022-41939 (knative.dev/func is is a client library and CLI enabling the developme ...)
NOT-FOR-US: knative.dev/func
CVE-2022-41938 (Flarum is an open source discussion platform. Flarum's page title syst ...)
NOT-FOR-US: Flarum
-CVE-2022-41937
- RESERVED
-CVE-2022-41936
- RESERVED
+CVE-2022-41937 (XWiki Platform is a generic wiki platform offering runtime services fo ...)
+ TODO: check
+CVE-2022-41936 (XWiki Platform is a generic wiki platform offering runtime services fo ...)
+ TODO: check
CVE-2022-41935
RESERVED
CVE-2022-41934
@@ -14611,8 +14637,8 @@ CVE-2022-3283 (A potential DOS vulnerability was discovered in GitLab CE/EE affe
- gitlab <unfixed>
CVE-2022-3282 (The Drag and Drop Multiple File Upload WordPress plugin before 1.3.6.5 ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-41326
- RESERVED
+CVE-2022-41326 (The web conferencing component of Mitel MiCollab through 9.6.0.13 coul ...)
+ TODO: check
CVE-2022-41325
RESERVED
CVE-2022-41324
@@ -14832,8 +14858,8 @@ CVE-2022-41257
RESERVED
CVE-2022-41256
RESERVED
-CVE-2022-41223
- RESERVED
+CVE-2022-41223 (The Director database component of MiVoice Connect through 19.3 (22.22 ...)
+ TODO: check
CVE-2022-41221
RESERVED
CVE-2022-40224
@@ -15764,8 +15790,8 @@ CVE-2022-40844 (In Tenda (Shenzhen Tenda Technology Co., Ltd) AC1200 Router mode
NOT-FOR-US: Tenda
CVE-2022-40843 (The Tenda AC1200 V-W15Ev2 V15.11.0.10(1576) router is vulnerable to im ...)
NOT-FOR-US: Tenda
-CVE-2022-40842
- RESERVED
+CVE-2022-40842 (ndk design NdkAdvancedCustomizationFields 3.5.0 is vulnerable to Serve ...)
+ TODO: check
CVE-2022-40841
RESERVED
CVE-2022-40840 (ndk design NdkAdvancedCustomizationFields 3.5.0 is vulnerable to Cross ...)
@@ -15921,8 +15947,8 @@ CVE-2022-40767
RESERVED
CVE-2022-40766 (Modern Campus Omni CMS (formerly OU Campus) 10.2.4 allows login-page S ...)
NOT-FOR-US: Modern Campus Omni CMS (formerly OU Campus)
-CVE-2022-40765
- RESERVED
+CVE-2022-40765 (A vulnerability in the Edge Gateway component of Mitel MiVoice Connect ...)
+ TODO: check
CVE-2022-40764 (Snyk CLI before 1.996.0 allows arbitrary command execution, affecting ...)
NOT-FOR-US: Snyk CLI
CVE-2022-3236 (A code injection vulnerability in the User Portal and Webadmin allows ...)
@@ -16025,7 +16051,7 @@ CVE-2022-40737 (An issue was discovered in Bento4 through 1.6.0-639. A buffer ov
NOT-FOR-US: Bento4
CVE-2022-40736 (An issue was discovered in Bento4 1.6.0-639. There ie excessive memory ...)
NOT-FOR-US: Bento4
-CVE-2022-40735 (Using long exponents in the Diffie-Hellman Key Agreement Protocol allo ...)
+CVE-2022-40735 (The Diffie-Hellman Key Agreement Protocol allows use of long exponents ...)
TODO: check
CVE-2022-40734 (UniSharp laravel-filemanager (aka Laravel Filemanager) through 2.5.1 a ...)
NOT-FOR-US: Laravel Filemanager
@@ -16438,8 +16464,8 @@ CVE-2022-40604 (In Apache Airflow 2.3.0 through 2.3.4, part of a url was unneces
- airflow <itp> (bug #819700)
CVE-2022-40603
RESERVED
-CVE-2022-40602
- RESERVED
+CVE-2022-40602 (A flaw in the Zyxel LTE3301-M209 firmware verisons prior to V1.00(ABLG ...)
+ TODO: check
CVE-2022-40601
RESERVED
CVE-2022-40600
@@ -17136,7 +17162,7 @@ CVE-2022-40286
CVE-2022-40285
RESERVED
CVE-2022-40284 (A buffer overflow was discovered in NTFS-3G before 2022.10.3. Crafted ...)
- {DSA-5270-1}
+ {DSA-5270-1 DLA-3201-1}
- ntfs-3g 1:2022.10.3-1
NOTE: https://www.openwall.com/lists/oss-security/2022/10/31/2
NOTE: https://github.com/tuxera/ntfs-3g/commit/18bfc676119a1188e8135287b8327b0760ba44a1 (2022.10.3)
@@ -23574,8 +23600,8 @@ CVE-2022-37933
RESERVED
CVE-2022-37932
RESERVED
-CVE-2022-37931
- RESERVED
+CVE-2022-37931 (A vulnerability in NetBatch-Plus software allows unauthorized access t ...)
+ TODO: check
CVE-2022-37930 (A security vulnerability has been identified in HPE Nimble Storage Hyb ...)
NOT-FOR-US: HPE
CVE-2022-37929 (Improper Privilege Management vulnerability in Hewlett Packard Enterpr ...)
@@ -26020,8 +26046,8 @@ CVE-2022-37020
RESERVED
CVE-2022-37019
RESERVED
-CVE-2022-37018
- RESERVED
+CVE-2022-37018 (A potential vulnerability has been identified in the system BIOS for c ...)
+ TODO: check
CVE-2022-37017
RESERVED
CVE-2022-37016
@@ -28020,8 +28046,8 @@ CVE-2022-36229
RESERVED
CVE-2022-36228
RESERVED
-CVE-2022-36227
- RESERVED
+CVE-2022-36227 (In libarchive 3.6.1, the software does not check for an error after ca ...)
+ TODO: check
CVE-2022-36226 (SiteServerCMS 5.X has a Remote-download-Getshell-vulnerability via /Si ...)
NOT-FOR-US: SiteServerCMS
CVE-2022-36225 (EyouCMS V1.5.8-UTF8-SP1 is vulnerable to Cross Site Request Forgery (C ...)
@@ -28127,10 +28153,10 @@ CVE-2022-36182 (Hashicorp Boundary v0.8.0 is vulnerable to Clickjacking which al
NOT-FOR-US: HashiCorp Boundary
CVE-2022-36181
RESERVED
-CVE-2022-36180
- RESERVED
-CVE-2022-36179
- RESERVED
+CVE-2022-36180 (Fusiondirectory 1.3 is vulnerable to Cross Site Scripting (XSS) via /f ...)
+ TODO: check
+CVE-2022-36179 (Fusiondirectory 1.3 suffers from Improper Session Handling. ...)
+ TODO: check
CVE-2022-36178
RESERVED
CVE-2022-36177
@@ -30156,8 +30182,8 @@ CVE-2022-35409 (An issue was discovered in Mbed TLS before 2.28.1 and 3.x before
NOTE: https://github.com/Mbed-TLS/mbedtls/commit/719c723afc63930d3472a12c0edb654a7d08d6b9 (v2.28.1)
CVE-2022-35408 (An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5. ...)
NOT-FOR-US: Insyde
-CVE-2022-35407
- RESERVED
+CVE-2022-35407 (An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5. ...)
+ TODO: check
CVE-2022-35406 (A URL disclosure issue was discovered in Burp Suite before 2022.6. If ...)
- burpsuite <itp> (bug #832943)
CVE-2022-35405 (Zoho ManageEngine Password Manager Pro before 12101 and PAM360 before ...)
@@ -43847,8 +43873,8 @@ CVE-2022-1664 (Dpkg::Source::Archive in dpkg, the Debian package management syst
NOTE: https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=faa4c92debe45412bfcf8a44f26e827800bb24be (1.18.26)
CVE-2022-1663 (The Stop Spam Comments WordPress plugin through 0.2.1.2 does not prope ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-30529
- RESERVED
+CVE-2022-30529 (File upload vulnerability in asith-eranga ISIC tour booking through ve ...)
+ TODO: check
CVE-2022-30528
RESERVED
CVE-2022-30527
@@ -44685,10 +44711,10 @@ CVE-2022-1585 (The Project Source Code Download WordPress plugin through 1.0.0 d
NOT-FOR-US: WordPress plugin
CVE-2022-30259
RESERVED
-CVE-2022-30258
- RESERVED
-CVE-2022-30257
- RESERVED
+CVE-2022-30258 (An issue was discovered in Technitium DNS Server through 8.0.2 that al ...)
+ TODO: check
+CVE-2022-30257 (An issue was discovered in Technitium DNS Server through 8.0.2 that al ...)
+ TODO: check
CVE-2022-30256 (An issue was discovered in MaraDNS Deadwood through 3.5.0021 that allo ...)
- maradns <unfixed>
NOTE: https://maradns.samiam.org/security.html#CVE-2022-30256
@@ -52794,8 +52820,8 @@ CVE-2022-1040 (An authentication bypass vulnerability in the User Portal and Web
NOT-FOR-US: Sophos
CVE-2022-1039 (The weak password on the web user interface can be exploited via HTTP ...)
NOT-FOR-US: Red Lion
-CVE-2022-1038
- RESERVED
+CVE-2022-1038 (A potential security vulnerability has been identified in the HP Jumps ...)
+ TODO: check
CVE-2022-27492 (An integer underflow in WhatsApp could have caused remote code executi ...)
NOT-FOR-US: WhatsApp
CVE-2022-27491 (A improper verification of source of a communication channel in Fortin ...)
@@ -81752,8 +81778,8 @@ CVE-2021-3921 (firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF) ..
NOT-FOR-US: firefly-iii
CVE-2021-3920 (grav-plugin-admin is vulnerable to Improper Neutralization of Input Du ...)
NOT-FOR-US: Grav CMS
-CVE-2021-3919
- RESERVED
+CVE-2021-3919 (A potential security vulnerability has been identified in OMEN Gaming ...)
+ TODO: check
CVE-2021-43203 (In JetBrains Ktor before 1.6.4, nonce verification during the OAuth2 a ...)
NOT-FOR-US: JetBrains Ktor
CVE-2021-43202 (In JetBrains TeamCity before 2021.1.3, the X-Frame-Options header is m ...)
@@ -87344,8 +87370,8 @@ CVE-2021-41526
RESERVED
CVE-2021-41525 (An issue related to modification of otherwise restricted files through ...)
NOT-FOR-US: FlexNet
-CVE-2021-3821
- RESERVED
+CVE-2021-3821 (A potential security vulnerability has been identified for certain HP ...)
+ TODO: check
CVE-2021-3820 (inflect is vulnerable to Inefficient Regular Expression Complexity ...)
NOT-FOR-US: Nodejs inflect
NOTE: https://github.com/pksunkara/inflect
@@ -97934,8 +97960,8 @@ CVE-2021-3663 (firefly-iii is vulnerable to Improper Restriction of Excessive Au
NOT-FOR-US: firefly-iii
CVE-2021-3662 (Certain HP Enterprise LaserJet and PageWide MFPs may be vulnerable to ...)
NOT-FOR-US: HP
-CVE-2021-3661
- RESERVED
+CVE-2021-3661 (A potential security vulnerability has been identified in certain HP W ...)
+ TODO: check
CVE-2021-37403 (OX App Suite before 7.10.3-rev32 and 7.10.4 before 7.10.4-rev18 allows ...)
NOT-FOR-US: OX App Suite
CVE-2021-37402 (OX App Suite before 7.10.3-rev32 and 7.10.4 before 7.10.4-rev18 allows ...)
@@ -121270,8 +121296,8 @@ CVE-2021-3439
RESERVED
CVE-2021-3438 (A potential buffer overflow in the software drivers for certain HP Las ...)
NOT-FOR-US: HP LaserJet products and Samsung product printers
-CVE-2021-3437
- RESERVED
+CVE-2021-3437 (Potential security vulnerabilities have been identified in an OMEN Gam ...)
+ TODO: check
CVE-2021-3436 (BT: Possible to overwrite an existing bond during keys distribution ph ...)
NOT-FOR-US: Zephyr, different from src:zephyr
CVE-2021-28216 (BootPerformanceTable pointer is read from an NVRAM variable in PEI. Re ...)
@@ -164351,8 +164377,8 @@ CVE-2020-23584
RESERVED
CVE-2020-23583
RESERVED
-CVE-2020-23582
- RESERVED
+CVE-2020-23582 (A vulnerability in the "/admin/wlmultipleap.asp" of optilink OP-XT7100 ...)
+ TODO: check
CVE-2020-23581
RESERVED
CVE-2020-23580 (Remote Code Execution vulnerability in PbootCMS 2.0.8 in the message b ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1d0a51863960fe2233d156a9890ab19a699fc905
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1d0a51863960fe2233d156a9890ab19a699fc905
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221122/4971837c/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list