[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Nov 23 20:12:24 GMT 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
1c138355 by security tracker role at 2022-11-23T20:10:28+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,149 @@
+CVE-2022-45865
+ RESERVED
+CVE-2022-45864
+ RESERVED
+CVE-2022-45863
+ RESERVED
+CVE-2022-45862
+ RESERVED
+CVE-2022-45861
+ RESERVED
+CVE-2022-45860
+ RESERVED
+CVE-2022-45859
+ RESERVED
+CVE-2022-45858
+ RESERVED
+CVE-2022-45857
+ RESERVED
+CVE-2022-45856
+ RESERVED
+CVE-2022-45855
+ RESERVED
+CVE-2022-45854
+ RESERVED
+CVE-2022-45853
+ RESERVED
+CVE-2022-45852
+ RESERVED
+CVE-2022-45851
+ RESERVED
+CVE-2022-45850
+ RESERVED
+CVE-2022-45849
+ RESERVED
+CVE-2022-45848
+ RESERVED
+CVE-2022-45847
+ RESERVED
+CVE-2022-45846
+ RESERVED
+CVE-2022-45845
+ RESERVED
+CVE-2022-45844
+ RESERVED
+CVE-2022-45843
+ RESERVED
+CVE-2022-45842
+ RESERVED
+CVE-2022-45841
+ RESERVED
+CVE-2022-45840
+ RESERVED
+CVE-2022-45839
+ RESERVED
+CVE-2022-45838
+ RESERVED
+CVE-2022-45837
+ RESERVED
+CVE-2022-45836
+ RESERVED
+CVE-2022-45835
+ RESERVED
+CVE-2022-45834
+ RESERVED
+CVE-2022-45833
+ RESERVED
+CVE-2022-45832
+ RESERVED
+CVE-2022-45831
+ RESERVED
+CVE-2022-45830
+ RESERVED
+CVE-2022-45829
+ RESERVED
+CVE-2022-45828
+ RESERVED
+CVE-2022-45827
+ RESERVED
+CVE-2022-45826
+ RESERVED
+CVE-2022-45825
+ RESERVED
+CVE-2022-45824
+ RESERVED
+CVE-2022-45823
+ RESERVED
+CVE-2022-45822
+ RESERVED
+CVE-2022-45821
+ RESERVED
+CVE-2022-45820
+ RESERVED
+CVE-2022-45819
+ RESERVED
+CVE-2022-45818
+ RESERVED
+CVE-2022-45817
+ RESERVED
+CVE-2022-45816
+ RESERVED
+CVE-2022-45815
+ RESERVED
+CVE-2022-45814
+ RESERVED
+CVE-2022-45813
+ RESERVED
+CVE-2022-45812
+ RESERVED
+CVE-2022-45811
+ RESERVED
+CVE-2022-45810
+ RESERVED
+CVE-2022-45809
+ RESERVED
+CVE-2022-45808
+ RESERVED
+CVE-2022-45807
+ RESERVED
+CVE-2022-45806
+ RESERVED
+CVE-2022-45805
+ RESERVED
+CVE-2022-45804
+ RESERVED
+CVE-2022-45803
+ RESERVED
+CVE-2022-45802
+ RESERVED
+CVE-2022-45801
+ RESERVED
+CVE-2022-4131
+ RESERVED
+CVE-2022-4130
+ RESERVED
+CVE-2022-4129
+ RESERVED
+CVE-2022-4128
+ RESERVED
+CVE-2022-4127
+ RESERVED
+CVE-2022-4126
+ RESERVED
+CVE-2022-4125
+ RESERVED
+CVE-2022-4124
+ RESERVED
CVE-2022-45800
RESERVED
CVE-2022-45799
@@ -848,8 +994,8 @@ CVE-2022-4055 (When xdg-mail is configured to use thunderbird for mailto URLs, i
NOTE: https://gitlab.freedesktop.org/xdg/xdg-utils/-/issues/205#note_1494267
CVE-2022-4054
RESERVED
-CVE-2022-45462
- RESERVED
+CVE-2022-45462 (Alarm instance management has command injection when there is a specif ...)
+ TODO: check
CVE-2022-45461 (The Java Admin Console in Veritas NetBackup through 10.1 and related V ...)
NOT-FOR-US: Veritas NetBackup
CVE-2022-45460
@@ -1987,14 +2133,11 @@ CVE-2022-45153
CVE-2022-45152
RESERVED
- moodle <removed>
-CVE-2022-45151
- RESERVED
+CVE-2022-45151 (The stored-XSS vulnerability was discovered in Moodle which exists due ...)
- moodle <removed>
-CVE-2022-45150
- RESERVED
+CVE-2022-45150 (A reflected cross-site scripting vulnerability was discovered in Moodl ...)
- moodle <removed>
-CVE-2022-45149
- RESERVED
+CVE-2022-45149 (A vulnerability was found in Moodle which exists due to insufficient v ...)
- moodle <removed>
CVE-2022-45148
RESERVED
@@ -5371,12 +5514,12 @@ CVE-2022-44282
RESERVED
CVE-2022-44281
RESERVED
-CVE-2022-44280
- RESERVED
+CVE-2022-44280 (Automotive Shop Management System v1.0 is vulnerable to Delete any fil ...)
+ TODO: check
CVE-2022-44279
RESERVED
-CVE-2022-44278
- RESERVED
+CVE-2022-44278 (Sanitization Management System v1.0 is vulnerable to SQL Injection via ...)
+ TODO: check
CVE-2022-44277
RESERVED
CVE-2022-44276
@@ -5411,30 +5554,30 @@ CVE-2022-44262
RESERVED
CVE-2022-44261
RESERVED
-CVE-2022-44260
- RESERVED
-CVE-2022-44259
- RESERVED
-CVE-2022-44258
- RESERVED
-CVE-2022-44257
- RESERVED
-CVE-2022-44256
- RESERVED
-CVE-2022-44255
- RESERVED
-CVE-2022-44254
- RESERVED
-CVE-2022-44253
- RESERVED
-CVE-2022-44252
- RESERVED
-CVE-2022-44251
- RESERVED
-CVE-2022-44250
- RESERVED
-CVE-2022-44249
- RESERVED
+CVE-2022-44260 (TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a post-authentication b ...)
+ TODO: check
+CVE-2022-44259 (TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a post-authentication b ...)
+ TODO: check
+CVE-2022-44258 (TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a post-authentication b ...)
+ TODO: check
+CVE-2022-44257 (TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a post-authentication b ...)
+ TODO: check
+CVE-2022-44256 (TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a post-authentication b ...)
+ TODO: check
+CVE-2022-44255 (TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a pre-authentication bu ...)
+ TODO: check
+CVE-2022-44254 (TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a post-authentication b ...)
+ TODO: check
+CVE-2022-44253 (TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a post-authentication b ...)
+ TODO: check
+CVE-2022-44252 (TOTOLINK NR1800X V9.1.0u.6279_B20210910 contains a command injection v ...)
+ TODO: check
+CVE-2022-44251 (TOTOLINK NR1800X V9.1.0u.6279_B20210910 contains a command injection v ...)
+ TODO: check
+CVE-2022-44250 (TOTOLINK NR1800X V9.1.0u.6279_B20210910 contains a command injection v ...)
+ TODO: check
+CVE-2022-44249 (TOTOLINK NR1800X V9.1.0u.6279_B20210910 contains a command injection v ...)
+ TODO: check
CVE-2022-44248
RESERVED
CVE-2022-44247
@@ -5653,8 +5796,8 @@ CVE-2022-44141
RESERVED
CVE-2022-44140
RESERVED
-CVE-2022-44139
- RESERVED
+CVE-2022-44139 (Apartment Visitor Management System v1.0 is vulnerable to SQL Injectio ...)
+ TODO: check
CVE-2022-44138
RESERVED
CVE-2022-44137
@@ -8589,7 +8732,8 @@ CVE-2022-3662 (A vulnerability was found in Axiomatic Bento4. It has been declar
NOT-FOR-US: Bento4
CVE-2021-46850 (myVesta Control Panel before 0.9.8-26-43 and Vesta Control Panel befor ...)
NOT-FOR-US: myVesta Control Panel
-CVE-2021-46849 (pikepdf before 2.10.0 allows an XXE attack against PDF XMP metadata pa ...)
+CVE-2021-46849
+ REJECTED
- pikepdf 3.2.0+dfsg-1
[bullseye] - pikepdf <no-dsa> (Minor issue)
[buster] - pikepdf <no-dsa> (Minor issue)
@@ -10833,12 +10977,10 @@ CVE-2022-42906 (powerline-gitstatus (aka Powerline Gitstatus) before 1.3.2 allow
[buster] - powerline-gitstatus <ignored> (Minor issue and solution require the user to reconfigure)
NOTE: https://github.com/jaspernbrouwer/powerline-gitstatus/issues/45
NOTE: https://github.com/jaspernbrouwer/powerline-gitstatus/pull/46
-CVE-2022-42896 [Bluetooth: L2CAP: Fix accepting connection request for invalid SPSM]
- RESERVED
+CVE-2022-42896 (There are use-after-free vulnerabilities in the Linux kernel's net/blu ...)
- linux 6.0.7-1
NOTE: https://git.kernel.org/linus/711f8c3fb3db61897080468586b970c87c61d9e4
-CVE-2022-42895 [Bluetooth: L2CAP: Fix attempting to access uninitialized memory]
- RESERVED
+CVE-2022-42895 (There is an infoleak vulnerability in the Linux kernel's net/bluetooth ...)
- linux 6.0.7-1
NOTE: https://git.kernel.org/linus/b1a2cd50c0357f243b7435a732b4e62ba3157a2e
CVE-2022-42894 (A vulnerability has been identified in syngo Dynamics (All versions &l ...)
@@ -13123,22 +13265,22 @@ CVE-2022-41931
RESERVED
CVE-2022-41930
RESERVED
-CVE-2022-41929
- RESERVED
-CVE-2022-41928
- RESERVED
-CVE-2022-41927
- RESERVED
+CVE-2022-41929 (org.xwiki.platform:xwiki-platform-oldcore is missing authorization in ...)
+ TODO: check
+CVE-2022-41928 (XWiki Platform vulnerable to Improper Neutralization of Directives in ...)
+ TODO: check
+CVE-2022-41927 (XWiki Platform is vulnerable to Cross-Site Request Forgery (CSRF) that ...)
+ TODO: check
CVE-2022-41926
RESERVED
-CVE-2022-41925
- RESERVED
-CVE-2022-41924
- RESERVED
-CVE-2022-41923
- RESERVED
-CVE-2022-41922
- RESERVED
+CVE-2022-41925 (A vulnerability identified in the Tailscale client allows a malicious ...)
+ TODO: check
+CVE-2022-41924 (A vulnerability identified in the Tailscale Windows client allows a ma ...)
+ TODO: check
+CVE-2022-41923 (Grails Spring Security Core plugin is vulnerable to privilege escalati ...)
+ TODO: check
+CVE-2022-41922 (`yiisoft/yii` before version 1.1.27 are vulnerable to Remote Code Exec ...)
+ TODO: check
CVE-2022-41921
RESERVED
CVE-2022-41920 (Lancet is a general utility library for the go programming language. A ...)
@@ -13242,8 +13384,8 @@ CVE-2022-41877 (FreeRDP is a free remote desktop protocol library and clients. A
NOTE: https://github.com/FreeRDP/FreeRDP/commit/6655841cf2a00b764f855040aecb8803cfc5eaba
CVE-2022-41876 (ezplatform-graphql is a GraphQL server implementation for Ibexa DXP an ...)
NOT-FOR-US: ezplatform-graphql
-CVE-2022-41875
- RESERVED
+CVE-2022-41875 (A remote code execution (RCE) vulnerability in Optica allows unauthent ...)
+ TODO: check
CVE-2022-41874 (Tauri is a framework for building binaries for all major desktop platf ...)
NOT-FOR-US: Tauri
CVE-2022-41873 (Contiki-NG is an open-source, cross-platform operating system for Next ...)
@@ -16012,10 +16154,10 @@ CVE-2022-40774 (An issue was discovered in Bento4 through 1.6.0-639. There is a
NOT-FOR-US: Bento4
CVE-2022-40773 (Zoho ManageEngine ServiceDesk Plus MSP before 10609 and SupportCenter ...)
NOT-FOR-US: Zoho ManageEngine
-CVE-2022-40772
- RESERVED
-CVE-2022-40771
- RESERVED
+CVE-2022-40772 (Zoho ManageEngine ServiceDesk Plus versions 13010 and prior are vulner ...)
+ TODO: check
+CVE-2022-40771 (Zoho ManageEngine ServiceDesk Plus versions 13010 and prior are vulner ...)
+ TODO: check
CVE-2022-40770 (Zoho ManageEngine ServiceDesk Plus versions 13010 and prior are vulner ...)
NOT-FOR-US: Zoho ManageEngine
CVE-2022-40769 (profanity through 1.60 has only four billion possible RNG initializati ...)
@@ -17190,8 +17332,7 @@ CVE-2022-40306 (The login form /Login in ECi Printanista Hub (formerly FMAudit P
NOT-FOR-US: ECi Printanista Hub
CVE-2022-40305 (A Server-Side Request Forgery issue in Canto Cumulus through 11.1.3 al ...)
NOT-FOR-US: Canto Cumulus
-CVE-2022-40304 [dict corruption caused by entity reference cycles]
- RESERVED
+CVE-2022-40304 (An issue was discovered in libxml2 before 2.10.3. Certain invalid XML ...)
{DSA-5271-1 DLA-3172-1}
- libxml2 2.9.14+dfsg-1.1 (bug #1022225)
NOTE: Fixed by: https://gitlab.gnome.org/GNOME/libxml2/-/commit/1b41ec4e9433b05bb0376be4725804c54ef1d80b (v2.10.3)
@@ -18326,8 +18467,8 @@ CVE-2022-39835 (An issue was discovered in Gajim through 1.4.7. The vulnerabilit
NOTE: https://dev.gajim.org/gajim/gajim/-/commit/af02c6bd53fad4e0065951597bd7ec801c002067 (1.5.0)
CVE-2022-39834 (A stored XSS vulnerability was discovered in adminweb/ra/viewendentity ...)
NOT-FOR-US: PrimeKey EJBCA
-CVE-2022-39833
- RESERVED
+CVE-2022-39833 (FileCloud Versions 20.2 and later allows remote attackers to potential ...)
+ TODO: check
CVE-2022-39832 (An issue was discovered in PSPP 1.6.2. There is a heap-based buffer ov ...)
- pspp <unfixed> (bug #1019598)
[bullseye] - pspp <no-dsa> (Minor issue)
@@ -22773,7 +22914,7 @@ CVE-2022-38268 (School Activity Updates with SMS Notification v1.0 was discovere
NOT-FOR-US: School Activity Updates with SMS Notification
CVE-2022-38267 (School Activity Updates with SMS Notification v1.0 was discovered to c ...)
NOT-FOR-US: School Activity Updates with SMS Notification
-CVE-2022-38266 (An issue in the Leptonica linked library (v1.79.0) in Tesseract v5.0.0 ...)
+CVE-2022-38266 (An issue in the Leptonica linked library (v1.79.0) allows attackers to ...)
- leptonlib 1.82.0-1
[bullseye] - leptonlib <no-dsa> (Minor issue)
[buster] - leptonlib <postponed> (Minor issue, SIGFPE in CLI tools)
@@ -23277,12 +23418,12 @@ CVE-2022-38150 (In Varnish Cache 7.0.0, 7.0.1, 7.0.2, and 7.1.0, it is possible
NOTE: Introduced by: https://github.com/varnishcache/varnish-cache/commit/f4dffe593b04a33f07423db3f9dc69eb428b2e85 (varnish-7.0.0)
NOTE: Fixed by: https://github.com/varnishcache/varnish-cache/commit/c5fd097e5cce8b461c6443af02b3448baef2491d (master)
NOTE: Fixed by: https://github.com/varnishcache/varnish-cache/commit/19544fdc6649bd294f25314d9f609b4979b1fe48 (varnish-7.1.1)
-CVE-2022-38115
- RESERVED
-CVE-2022-38114
- RESERVED
-CVE-2022-38113
- RESERVED
+CVE-2022-38115 (Insecure method vulnerability in which allowed HTTP methods are disclo ...)
+ TODO: check
+CVE-2022-38114 (This vulnerability occurs when a web server fails to correctly process ...)
+ TODO: check
+CVE-2022-38113 (This vulnerability discloses build and services versions in the server ...)
+ TODO: check
CVE-2022-38112
RESERVED
CVE-2022-38111
@@ -28465,8 +28606,8 @@ CVE-2022-36113 (Cargo is a package manager for the rust programming language. Af
CVE-2022-36112 (GLPI stands for Gestionnaire Libre de Parc Informatique and is a Free ...)
- glpi <removed> (unimportant)
NOTE: Only supported behind an authenticated HTTP zone
-CVE-2022-36111
- RESERVED
+CVE-2022-36111 (immudb is a database with built-in cryptographic proof and verificatio ...)
+ TODO: check
CVE-2022-36110 (Netmaker makes networks with WireGuard. Prior to version 0.15.1, Impro ...)
NOT-FOR-US: Netmaker
CVE-2022-36109 (Moby is an open-source project created by Docker to enable software co ...)
@@ -29921,8 +30062,8 @@ CVE-2022-35503
RESERVED
CVE-2022-35502
RESERVED
-CVE-2022-35501
- RESERVED
+CVE-2022-35501 (Stored Cross-site Scripting in Amasty Blog Pro 2.10.4 and 2.10.4 creat ...)
+ TODO: check
CVE-2022-35500 (Amasty Blog 2.10.3 is vulnerable to Cross Site Scripting (XSS) via lea ...)
TODO: check
CVE-2022-35499
@@ -64866,8 +65007,8 @@ CVE-2022-23742 (Check Point Endpoint Security Client for Windows versions earlie
NOT-FOR-US: Check Point Enterprise Endpoint
CVE-2022-23741
RESERVED
-CVE-2022-23740
- RESERVED
+CVE-2022-23740 (CRITICAL: An improper neutralization of argument delimiters in a comma ...)
+ TODO: check
CVE-2022-23739
RESERVED
CVE-2022-23738 (An improper cache key vulnerability was identified in GitHub Enterpris ...)
@@ -80720,8 +80861,8 @@ CVE-2021-43260
RESERVED
CVE-2021-43259
RESERVED
-CVE-2021-43258
- RESERVED
+CVE-2021-43258 (CartView.php in ChurchInfo 1.3.0 allows attackers to achieve remote co ...)
+ TODO: check
CVE-2021-43257 (Lack of Neutralization of Formula Elements in the CSV API of MantisBT ...)
- mantis <removed>
CVE-2021-3923
@@ -103178,8 +103319,8 @@ CVE-2021-35286
RESERVED
CVE-2021-35285
RESERVED
-CVE-2021-35284
- RESERVED
+CVE-2021-35284 (SQL Injection vulnerability in function get_user in login_manager.php ...)
+ TODO: check
CVE-2021-35283 (SQL Injection vulnerability in product_admin.php in atoms183 CMS 1.0, ...)
NOT-FOR-US: atoms183 CMS
CVE-2021-35282
@@ -103270,8 +103411,8 @@ CVE-2021-35248 (It has been reported that any Orion user, e.g. guest accounts ca
NOT-FOR-US: SolarWinds
CVE-2021-35247 (Serv-U web login screen to LDAP authentication was allowing characters ...)
NOT-FOR-US: SolarWinds
-CVE-2021-35246
- RESERVED
+CVE-2021-35246 (The application fails to prevent users from connecting to it over unen ...)
+ TODO: check
CVE-2021-35245 (When a user has admin rights in Serv-U Console, the user can move, cre ...)
NOT-FOR-US: SolarWinds
CVE-2021-35244 (The "Log alert to a file" action within action management enables any ...)
@@ -544047,10 +544188,10 @@ CVE-2009-1145
RESERVED
CVE-2009-1144 (Untrusted search path vulnerability in the Gentoo package of Xpdf befo ...)
- xpdf <not-affected> (Gentoo specific vulnerability in building xpdf)
-CVE-2009-1143
- RESERVED
-CVE-2009-1142
- RESERVED
+CVE-2009-1143 (An issue was discovered in open-vm-tools 2009.03.18-154848. Local user ...)
+ TODO: check
+CVE-2009-1142 (An issue was discovered in open-vm-tools 2009.03.18-154848. Local user ...)
+ TODO: check
CVE-2009-1141 (Microsoft Internet Explorer 6 for Windows XP SP2 and SP3 and Server 20 ...)
NOT-FOR-US: Microsoft
CVE-2009-1140 (Microsoft Internet Explorer 5.01 SP4; 6 SP1; 6 and 7 for Windows XP SP ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1c138355769469d5e1360f2e49d815a3bc6410f4
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1c138355769469d5e1360f2e49d815a3bc6410f4
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221123/f1dc9788/attachment.htm>
More information about the debian-security-tracker-commits
mailing list