[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Nov 23 08:10:29 GMT 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
f568f619 by security tracker role at 2022-11-23T08:10:18+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,15 @@
+CVE-2022-45800
+ RESERVED
+CVE-2022-45799
+ RESERVED
+CVE-2022-45798
+ RESERVED
+CVE-2022-4123
+ RESERVED
+CVE-2022-4122
+ RESERVED
+CVE-2021-46854 (mod_radius in ProFTPD before 1.3.7c allows memory disclosure to RADIUS ...)
+ TODO: check
CVE-2022-45797
RESERVED
CVE-2022-45796
@@ -555,10 +567,10 @@ CVE-2022-45538
RESERVED
CVE-2022-45537
RESERVED
-CVE-2022-45536
- RESERVED
-CVE-2022-45535
- RESERVED
+CVE-2022-45536 (AeroCMS v0.0.1 was discovered to contain a SQL Injection vulnerability ...)
+ TODO: check
+CVE-2022-45535 (AeroCMS v0.0.1 was discovered to contain a SQL Injection vulnerability ...)
+ TODO: check
CVE-2022-45534
RESERVED
CVE-2022-45533
@@ -569,8 +581,8 @@ CVE-2022-45531
RESERVED
CVE-2022-45530
RESERVED
-CVE-2022-45529
- RESERVED
+CVE-2022-45529 (AeroCMS v0.0.1 was discovered to contain a SQL Injection vulnerability ...)
+ TODO: check
CVE-2022-45528
RESERVED
CVE-2022-45527
@@ -785,8 +797,8 @@ CVE-2022-45474 (drachtio-server 0.8.18 has a request-handler.cpp event_cb use-af
NOT-FOR-US: drachtio-server
CVE-2022-45473 (In drachtio-server 0.8.18, /var/log/drachtio has mode 0777 and drachti ...)
NOT-FOR-US: drachtio-server
-CVE-2022-45472
- RESERVED
+CVE-2022-45472 (CAE LearningSpace Enterprise (with Intuity License) image 267r patch 6 ...)
+ TODO: check
CVE-2022-45471 (In JetBrains Hub before 2022.3.15181 Throttling was missed when sendin ...)
NOT-FOR-US: JetBrains Hub
CVE-2022-45470 (** UNSUPPORTED WHEN ASSIGNED ** missing input validation in Apache Ham ...)
@@ -852,10 +864,10 @@ CVE-2022-4047
RESERVED
CVE-2022-4046
RESERVED
-CVE-2022-4045
- RESERVED
-CVE-2022-4044
- RESERVED
+CVE-2022-4045 (A denial-of-service vulnerability in the Mattermost allows an authenti ...)
+ TODO: check
+CVE-2022-4044 (A denial-of-service vulnerability in Mattermost allows an authenticate ...)
+ TODO: check
CVE-2022-4043
RESERVED
CVE-2022-4042
@@ -930,8 +942,8 @@ CVE-2022-4021 (The Permalink Manager Lite plugin for WordPress is vulnerable to
NOT-FOR-US: Permalink Manager Lite plugin for WordPress
CVE-2022-4020
RESERVED
-CVE-2022-4019
- RESERVED
+CVE-2022-4019 (A denial-of-service vulnerability in the Mattermost Playbooks plugin a ...)
+ TODO: check
CVE-2022-4018 (Missing Authentication for Critical Function in GitHub repository ikus ...)
- rdiffweb <itp> (bug #969974)
CVE-2022-4017
@@ -1515,10 +1527,10 @@ CVE-2022-45333
RESERVED
CVE-2022-45332
RESERVED
-CVE-2022-45331
- RESERVED
-CVE-2022-45330
- RESERVED
+CVE-2022-45331 (AeroCMS v0.0.1 was discovered to contain a SQL Injection vulnerability ...)
+ TODO: check
+CVE-2022-45330 (AeroCMS v0.0.1 was discovered to contain a SQL Injection vulnerability ...)
+ TODO: check
CVE-2022-45329
RESERVED
CVE-2022-45328
@@ -8301,8 +8313,8 @@ CVE-2022-43753 (A Improper Limitation of a Pathname to a Restricted Directory ('
NOT-FOR-US: Uyuni
CVE-2022-43752 (** UNSUPPORTED WHEN ASSIGNED ** Oracle Solaris version 10 1/13, when u ...)
NOT-FOR-US: Oracle Solaris
-CVE-2022-43751
- RESERVED
+CVE-2022-43751 (McAfee Total Protection prior to version 16.0.49 contains an uncontrol ...)
+ TODO: check
CVE-2022-43750 (drivers/usb/mon/mon_bin.c in usbmon in the Linux kernel before 5.19.15 ...)
{DLA-3173-1}
- linux 6.0.2-1
@@ -9637,9 +9649,9 @@ CVE-2022-43287
RESERVED
CVE-2022-43286 (Nginx NJS v0.7.2 was discovered to contain a heap-use-after-free bug c ...)
NOT-FOR-US: njs
-CVE-2022-43285 (Nginx NJS v0.7.4 was discovered to contain a segmentation violation in ...)
+CVE-2022-43285 (** DISPUTED ** Nginx NJS v0.7.4 was discovered to contain a segmentati ...)
NOT-FOR-US: njs
-CVE-2022-43284 (Nginx NJS v0.7.2 to v0.7.4 was discovered to contain a segmentation vi ...)
+CVE-2022-43284 (** DISPUTED ** Nginx NJS v0.7.2 to v0.7.4 was discovered to contain a ...)
NOT-FOR-US: njs
CVE-2022-43283 (wasm2c v1.0.29 was discovered to contain an abort in CWriter::Write. ...)
- wabt <unfixed> (unimportant)
@@ -9811,8 +9823,8 @@ CVE-2022-43215 (Billing System Project v1.0 was discovered to contain a SQL inje
NOT-FOR-US: Billing System Project
CVE-2022-43214 (Billing System Project v1.0 was discovered to contain a SQL injection ...)
NOT-FOR-US: Billing System Project
-CVE-2022-43213
- RESERVED
+CVE-2022-43213 (Billing System Project v1.0 was discovered to contain a SQL injection ...)
+ TODO: check
CVE-2022-43212 (Billing System Project v1.0 was discovered to contain a SQL injection ...)
NOT-FOR-US: Billing System Project
CVE-2022-43211
@@ -12742,8 +12754,8 @@ CVE-2022-42097 (Backdrop CMS version 1.23.0 was discovered to contain a stored c
- backdrop <itp> (bug #914257)
CVE-2022-42096 (Backdrop CMS version 1.23.0 was discovered to contain a stored cross-s ...)
- backdrop <itp> (bug #914257)
-CVE-2022-42095
- RESERVED
+CVE-2022-42095 (Backdrop CMS version 1.23.0 was discovered to contain a stored cross-s ...)
+ TODO: check
CVE-2022-42094 (Backdrop CMS version 1.23.0 was discovered to contain a stored cross-s ...)
- backdrop <itp> (bug #914257)
CVE-2022-42093
@@ -13123,8 +13135,8 @@ CVE-2022-41921
RESERVED
CVE-2022-41920 (Lancet is a general utility library for the go programming language. A ...)
NOT-FOR-US: Lancet
-CVE-2022-41919
- RESERVED
+CVE-2022-41919 (Fastify is a web framework with minimal overhead and plugin architectu ...)
+ TODO: check
CVE-2022-41918 (OpenSearch is a community-driven, open source fork of Elasticsearch an ...)
NOT-FOR-US: OpenSearch
CVE-2022-41917 (OpenSearch is a community-driven, open source fork of Elasticsearch an ...)
@@ -13618,12 +13630,12 @@ CVE-2022-37409
CVE-2022-41743 (NGINX Plus before versions R27 P1 and R26 P1 have a vulnerability in t ...)
NOT-FOR-US: NGINX Plus
CVE-2022-41742 (NGINX Open Source before versions 1.23.2 and 1.22.1, NGINX Open Source ...)
- {DSA-5281-1}
+ {DSA-5281-1 DLA-3203-1}
- nginx 1.22.1-1
NOTE: https://github.com/nginx/nginx/commit/6b022a5556af22b6e18532e547a6ae46b0d8c6ea (release-1.22.1)
NOTE: Only affects the nginx-extras binary package
CVE-2022-41741 (NGINX Open Source before versions 1.23.2 and 1.22.1, NGINX Open Source ...)
- {DSA-5281-1}
+ {DSA-5281-1 DLA-3203-1}
- nginx 1.22.1-1
NOTE: https://github.com/nginx/nginx/commit/6b022a5556af22b6e18532e547a6ae46b0d8c6ea (release-1.22.1)
NOTE: Only affects the nginx-extras binary package
@@ -14402,8 +14414,8 @@ CVE-2022-41448
RESERVED
CVE-2022-41447
RESERVED
-CVE-2022-41446
- RESERVED
+CVE-2022-41446 (An access control issue in /Admin/dashboard.php of Record Management S ...)
+ TODO: check
CVE-2022-41445 (A cross-site scripting (XSS) vulnerability in Record Management System ...)
TODO: check
CVE-2022-41444
@@ -15796,8 +15808,8 @@ CVE-2022-40872 (An SQL injection vulnerability issue was discovered in Sourcecod
NOT-FOR-US: Sourcecodester Simple E-Learning System
CVE-2022-40871 (Dolibarr ERP & CRM <=15.0.3 is vulnerable to Eval injection. By ...)
- dolibarr <removed>
-CVE-2022-40870
- RESERVED
+CVE-2022-40870 (The Web Client of Parallels Remote Application Server v18.0 is vulnera ...)
+ TODO: check
CVE-2022-40869 (Tenda AC15 and AC18 routers V15.03.05.19 contain stack overflow vulner ...)
NOT-FOR-US: Tenda
CVE-2022-40868 (Tenda W20E router V15.11.0.6 (US_W20EV4.0br_V15.11.0.6(1068_1546_841)_ ...)
@@ -15996,8 +16008,8 @@ CVE-2022-40772
RESERVED
CVE-2022-40771
RESERVED
-CVE-2022-40770
- RESERVED
+CVE-2022-40770 (Zoho ManageEngine ServiceDesk Plus versions 13010 and prior are vulner ...)
+ TODO: check
CVE-2022-40769 (profanity through 1.60 has only four billion possible RNG initializati ...)
NOT-FOR-US: profanity (not same as src:profanity)
CVE-2022-40768 (drivers/scsi/stex.c in the Linux kernel through 5.19.9 allows local us ...)
@@ -17176,8 +17188,7 @@ CVE-2022-40304 [dict corruption caused by entity reference cycles]
- libxml2 2.9.14+dfsg-1.1 (bug #1022225)
NOTE: Fixed by: https://gitlab.gnome.org/GNOME/libxml2/-/commit/1b41ec4e9433b05bb0376be4725804c54ef1d80b (v2.10.3)
NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=2335
-CVE-2022-40303 [integer overflows with XML_PARSE_HUGE]
- RESERVED
+CVE-2022-40303 (An issue was discovered in libxml2 before 2.10.3. When parsing a multi ...)
{DSA-5271-1 DLA-3172-1}
- libxml2 2.9.14+dfsg-1.1 (bug #1022224)
NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/issues/381
@@ -19254,8 +19265,8 @@ CVE-2022-39399 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise E
[bullseye] - openjdk-17 <postponed> (Minor issue, fix along with next CPU)
CVE-2022-39398 (tasklists is a tasklists plugin for GLPI (Kanban). Versions prior to 2 ...)
NOT-FOR-US: GLPI plugin
-CVE-2022-39397
- RESERVED
+CVE-2022-39397 (aliyun-oss-client is a rust client for Alibaba Cloud OSS. Users of thi ...)
+ TODO: check
CVE-2022-39396 (Parse Server is an open source backend that can be deployed to any inf ...)
NOT-FOR-US: Node parse-server
CVE-2022-39395 (Vela is a Pipeline Automation (CI/CD) framework built on Linux contain ...)
@@ -19799,8 +19810,8 @@ CVE-2022-39201 (Grafana is an open source observability and data visualization p
- grafana <removed>
CVE-2022-39200 (Dendrite is a Matrix homeserver written in Go. In affected versions ev ...)
NOT-FOR-US: Dendrite
-CVE-2022-39199
- RESERVED
+CVE-2022-39199 (immudb is a database with built-in cryptographic proof and verificatio ...)
+ TODO: check
CVE-2022-39198 (A deserialization vulnerability existed in dubbo hessian-lite 3.2.12 a ...)
NOT-FOR-US: Apache Dubbo
CVE-2022-3099 (Use After Free in GitHub repository vim/vim prior to 9.0.0360. ...)
@@ -21245,8 +21256,8 @@ CVE-2022-38726
RESERVED
CVE-2022-38725
RESERVED
-CVE-2022-38724
- RESERVED
+CVE-2022-38724 (Silverstripe silverstripe/framework through 4.11.0, silverstripe/asset ...)
+ TODO: check
CVE-2022-38723
RESERVED
CVE-2022-38722
@@ -23023,8 +23034,8 @@ CVE-2022-2793 (Emerson Electric's Proficy Machine Edition Version 9.00 and prior
NOT-FOR-US: Emerson
CVE-2022-2792 (Emerson Electric's Proficy Machine Edition Version 9.00 and prior is v ...)
NOT-FOR-US: Emerson
-CVE-2022-2791
- RESERVED
+CVE-2022-2791 (Emerson Electric's Proficy Machine Edition Version 9.00 and prior is v ...)
+ TODO: check
CVE-2022-2790 (Emerson Electric's Proficy Machine Edition Version 9.00 and prior is v ...)
NOT-FOR-US: Emerson
CVE-2022-2789 (Emerson Electric's Proficy Machine Edition Version 9.00 and prior is v ...)
@@ -23149,12 +23160,12 @@ CVE-2022-38149 (HashiCorp Consul Template up to 0.27.2, 0.28.2, and 0.29.1 may e
NOT-FOR-US: Consul Template
CVE-2022-38148 (Silverstripe silverstripe/framework through 4.11 allows SQL Injection. ...)
NOT-FOR-US: SilverStripe CMS
-CVE-2022-38147
- RESERVED
+CVE-2022-38147 (Silverstripe silverstripe/framework through 4.11 allows XSS (issue 3 o ...)
+ TODO: check
CVE-2022-38146 (Silverstripe silverstripe/framework through 4.11 allows XSS (issue 2 o ...)
NOT-FOR-US: SilverStripe CMS
-CVE-2022-38145
- RESERVED
+CVE-2022-38145 (Silverstripe silverstripe/framework through 4.11 allows XSS (issue 1 o ...)
+ TODO: check
CVE-2022-38133 (In JetBrains TeamCity before 2022.04.3 the private SSH key could be wr ...)
NOT-FOR-US: JetBrains TeamCity
CVE-2022-38132 (Command injection vulnerability in Linksys MR8300 router while Registr ...)
@@ -24024,12 +24035,12 @@ CVE-2022-37776
RESERVED
CVE-2022-37775 (Genesys PureConnect Interaction Web Tools Chat Service (up to at least ...)
NOT-FOR-US: Genesys PureConnect Interaction Web Tools Chat Service
-CVE-2022-37774
- RESERVED
-CVE-2022-37773
- RESERVED
-CVE-2022-37772
- RESERVED
+CVE-2022-37774 (There is a broken access control vulnerability in the Maarch RM 2.8.3 ...)
+ TODO: check
+CVE-2022-37773 (An authenticated SQL Injection vulnerability in the statistics page (/ ...)
+ TODO: check
+CVE-2022-37772 (Maarch RM 2.8.3 solution contains an improper restriction of excessive ...)
+ TODO: check
CVE-2022-37771 (IObit Malware Fighter v9.2 for Microsoft Windows lacks tamper protecti ...)
NOT-FOR-US: IObit Malware Fighter
CVE-2022-37770 (libjpeg commit 281daa9 was discovered to contain a segmentation fault ...)
@@ -24875,10 +24886,10 @@ CVE-2022-37434 (zlib through 1.2.12 has a heap-based buffer over-read or buffer
NOTE: https://github.com/madler/zlib/commit/1eb7682f845ac9e9bf9ae35bbfb3bad5dacbd91d
CVE-2022-37431 (** DISPUTED ** A Reflected Cross-site scripting (XSS) issue was discov ...)
NOT-FOR-US: dotCMS
-CVE-2022-37430
- RESERVED
-CVE-2022-37429
- RESERVED
+CVE-2022-37430 (Silverstripe silverstripe/framework through 4.11 allows XSS vulnerabil ...)
+ TODO: check
+CVE-2022-37429 (Silverstripe silverstripe/framework through 4.11 allows XSS (issue 1 o ...)
+ TODO: check
CVE-2022-37428 (PowerDNS Recursor up to and including 4.5.9, 4.6.2 and 4.7.1, when pro ...)
- pdns-recursor 4.7.2-1
[bullseye] - pdns-recursor <no-dsa> (Minor issue)
@@ -24897,8 +24908,8 @@ CVE-2022-37423 (Neo4j APOC (Awesome Procedures on Cypher) before 4.3.0.7 and 4.x
NOT-FOR-US: Neo4j APOC (Awesome Procedures on Cypher)
CVE-2022-37422 (Payara through 5.2022.2 allows directory traversal without authenticat ...)
NOT-FOR-US: Payara
-CVE-2022-37421
- RESERVED
+CVE-2022-37421 (Silverstripe silverstripe/cms through 4.11.0 allows XSS. ...)
+ TODO: check
CVE-2022-37420
RESERVED
CVE-2022-37419
@@ -27699,8 +27710,8 @@ CVE-2022-36342
RESERVED
CVE-2022-36338 (An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5. ...)
NOT-FOR-US: Insyde
-CVE-2022-36337
- RESERVED
+CVE-2022-36337 (An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5. ...)
+ TODO: check
CVE-2022-36336 (A link following vulnerability in the scanning function of Trend Micro ...)
NOT-FOR-US: Trend Micro
CVE-2022-36297
@@ -29901,8 +29912,8 @@ CVE-2022-35502
RESERVED
CVE-2022-35501
RESERVED
-CVE-2022-35500
- RESERVED
+CVE-2022-35500 (Amasty Blog 2.10.3 is vulnerable to Cross Site Scripting (XSS) via lea ...)
+ TODO: check
CVE-2022-35499
RESERVED
CVE-2022-35498
@@ -31932,8 +31943,8 @@ CVE-2022-34832
RESERVED
CVE-2022-34831 (An issue was discovered in Keyfactor PrimeKey EJBCA before 7.9.0, rela ...)
NOT-FOR-US: Keyfactor
-CVE-2022-34830
- RESERVED
+CVE-2022-34830 (An Arm product family through 2022-06-29 has a TOCTOU Race Condition t ...)
+ TODO: check
CVE-2022-34829 (Zoho ManageEngine ADSelfService Plus before 6203 allows a denial of se ...)
NOT-FOR-US: Zoho ManageEngine
CVE-2022-34828
@@ -79810,8 +79821,8 @@ CVE-2021-43559 (A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3
- moodle <removed>
CVE-2021-43558 (A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, ...)
- moodle <removed>
-CVE-2021-3942
- RESERVED
+CVE-2021-3942 (Certain HP Print products and Digital Sending products may be vulnerab ...)
+ TODO: check
CVE-2021-43557 (The uri-block plugin in Apache APISIX before 2.10.2 uses $request_uri ...)
NOT-FOR-US: Apache Apisix
CVE-2021-3941 (In ImfChromaticities.cpp routine RGBtoXYZ(), there are some division o ...)
@@ -102709,6 +102720,7 @@ CVE-2021-35476
CVE-2021-35475 (SAS Environment Manager 2.5 allows XSS through the Name field when cre ...)
NOT-FOR-US: SAS Environment Manager
CVE-2021-3618 (ALPACA is an application layer protocol content confusion attack, expl ...)
+ {DLA-3203-1}
- nginx 1.20.2-2 (bug #991328)
[bullseye] - nginx 1.18.0-6.1+deb11u2
[stretch] - nginx <no-dsa> (Minor issue)
@@ -164419,28 +164431,28 @@ CVE-2020-23595
RESERVED
CVE-2020-23594
RESERVED
-CVE-2020-23593
- RESERVED
-CVE-2020-23592
- RESERVED
-CVE-2020-23591
- RESERVED
-CVE-2020-23590
- RESERVED
-CVE-2020-23589
- RESERVED
-CVE-2020-23588
- RESERVED
-CVE-2020-23587
- RESERVED
-CVE-2020-23586
- RESERVED
-CVE-2020-23585
- RESERVED
-CVE-2020-23584
- RESERVED
-CVE-2020-23583
- RESERVED
+CVE-2020-23593 (A vulnerability in OPTILINK OP-XT71000N Hardware Version: V2.2, Firmwa ...)
+ TODO: check
+CVE-2020-23592 (A vulnerability in OPTILINK OP-XT71000N Hardware Version: V2.2 , Firmw ...)
+ TODO: check
+CVE-2020-23591 (A vulnerability in OPTILINK OP-XT71000N Hardware Version: V2.2 , Firmw ...)
+ TODO: check
+CVE-2020-23590 (A vulnerability in Optilink OP-XT71000N Hardware version: V2.2 , Firmw ...)
+ TODO: check
+CVE-2020-23589 (A vulnerability in OPTILINK OP-XT71000N Hardware Version: V2.2 , Firmw ...)
+ TODO: check
+CVE-2020-23588 (A vulnerability in OPTILINK OP-XT71000N Hardware Version: V2.2 , Firmw ...)
+ TODO: check
+CVE-2020-23587 (A vulnerability found in the OPTILINK OP-XT71000N Hardware Version: V2 ...)
+ TODO: check
+CVE-2020-23586 (A vulnerability found in OPTILINK OP-XT71000N Hardware Version: V2.2 , ...)
+ TODO: check
+CVE-2020-23585 (A remote attacker can conduct a cross-site request forgery (CSRF) atta ...)
+ TODO: check
+CVE-2020-23584 (Unauthenticated remote code execution in OPTILINK OP-XT71000N, Hardwar ...)
+ TODO: check
+CVE-2020-23583 (OPTILINK OP-XT71000N V2.2 is vulnerable to Remote Code Execution. The ...)
+ TODO: check
CVE-2020-23582 (A vulnerability in the "/admin/wlmultipleap.asp" of optilink OP-XT7100 ...)
TODO: check
CVE-2020-23581
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f568f619f90fa13f90e650ccc2e80954035cae65
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f568f619f90fa13f90e650ccc2e80954035cae65
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221123/84a6a61f/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list