[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Nov 25 20:10:38 GMT 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
ed0ed8a7 by security tracker role at 2022-11-25T20:10:29+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,17 @@
+CVE-2022-45898
+ RESERVED
+CVE-2022-4144
+ RESERVED
+CVE-2022-4143
+ RESERVED
+CVE-2022-4142
+ RESERVED
+CVE-2022-4141 (The target's backtrace indicates that libc has detected a heap error o ...)
+ TODO: check
+CVE-2022-4140
+ RESERVED
+CVE-2022-4139
+ RESERVED
CVE-2022-45897
RESERVED
CVE-2022-45896
@@ -326,7 +340,7 @@ CVE-2022-4113
RESERVED
CVE-2022-4112
RESERVED
-CVE-2022-4111 (What happens if a bot net starts uploading 100MB files from 100 machin ...)
+CVE-2022-4111 (Unrestricted file size limit can lead to DoS in tooljet/tooljet <1. ...)
NOT-FOR-US: ToolJet
CVE-2022-4110
RESERVED
@@ -968,8 +982,8 @@ CVE-2022-4092
RESERVED
CVE-2022-44608
RESERVED
-CVE-2022-4091
- RESERVED
+CVE-2022-4091 (A vulnerability was found in SourceCodester Canteen Management System. ...)
+ TODO: check
CVE-2022-4090 (A vulnerability was found in rickxy Stock Management System and classi ...)
NOT-FOR-US: rickxy Stock Management System
CVE-2022-4089 (A vulnerability was found in rickxy Stock Management System. It has be ...)
@@ -1046,10 +1060,10 @@ CVE-2022-45478
RESERVED
CVE-2022-45477
RESERVED
-CVE-2022-45476
- RESERVED
-CVE-2022-45475
- RESERVED
+CVE-2022-45476 (Tiny File Manager version 2.4.8 allows an unauthenticated remote attac ...)
+ TODO: check
+CVE-2022-45475 (Tiny File Manager version 2.4.8 allows an unauthenticated remote attac ...)
+ TODO: check
CVE-2022-4063
RESERVED
CVE-2022-4062
@@ -2014,8 +2028,8 @@ CVE-2022-45220
RESERVED
CVE-2022-45219
RESERVED
-CVE-2022-45218
- RESERVED
+CVE-2022-45218 (Human Resource Management System v1.0.0 was discovered to contain a cr ...)
+ TODO: check
CVE-2022-45217
RESERVED
CVE-2022-45216
@@ -2030,18 +2044,18 @@ CVE-2022-45212
RESERVED
CVE-2022-45211
RESERVED
-CVE-2022-45210
- RESERVED
+CVE-2022-45210 (Jeecg-boot v3.4.3 was discovered to contain a SQL injection vulnerabil ...)
+ TODO: check
CVE-2022-45209
RESERVED
-CVE-2022-45208
- RESERVED
-CVE-2022-45207
- RESERVED
-CVE-2022-45206
- RESERVED
-CVE-2022-45205
- RESERVED
+CVE-2022-45208 (Jeecg-boot v3.4.3 was discovered to contain a SQL injection vulnerabil ...)
+ TODO: check
+CVE-2022-45207 (Jeecg-boot v3.4.3 was discovered to contain a SQL injection vulnerabil ...)
+ TODO: check
+CVE-2022-45206 (Jeecg-boot v3.4.3 was discovered to contain a SQL injection vulnerabil ...)
+ TODO: check
+CVE-2022-45205 (Jeecg-boot v3.4.3 was discovered to contain a SQL injection vulnerabil ...)
+ TODO: check
CVE-2022-45204
RESERVED
CVE-2022-45203
@@ -2239,8 +2253,7 @@ CVE-2022-45154
RESERVED
CVE-2022-45153
RESERVED
-CVE-2022-45152
- RESERVED
+CVE-2022-45152 (A blind Server-Side Request Forgery (SSRF) vulnerability was found in ...)
- moodle <removed>
CVE-2022-45151 (The stored-XSS vulnerability was discovered in Moodle which exists due ...)
- moodle <removed>
@@ -2683,16 +2696,16 @@ CVE-2022-45042
RESERVED
CVE-2022-45041
RESERVED
-CVE-2022-45040
- RESERVED
-CVE-2022-45039
- RESERVED
-CVE-2022-45038
- RESERVED
-CVE-2022-45037
- RESERVED
-CVE-2022-45036
- RESERVED
+CVE-2022-45040 (A cross-site scripting (XSS) vulnerability in /admin/pages/sections_sa ...)
+ TODO: check
+CVE-2022-45039 (An arbitrary file upload vulnerability in the Server Settings module o ...)
+ TODO: check
+CVE-2022-45038 (A cross-site scripting (XSS) vulnerability in /admin/settings/save.php ...)
+ TODO: check
+CVE-2022-45037 (A cross-site scripting (XSS) vulnerability in /admin/users/index.php o ...)
+ TODO: check
+CVE-2022-45036 (A cross-site scripting (XSS) vulnerability in the Search Settings modu ...)
+ TODO: check
CVE-2022-45035
RESERVED
CVE-2022-45034
@@ -3043,12 +3056,12 @@ CVE-2022-44862
RESERVED
CVE-2022-44861
RESERVED
-CVE-2022-44860
- RESERVED
-CVE-2022-44859
- RESERVED
-CVE-2022-44858
- RESERVED
+CVE-2022-44860 (Automotive Shop Management System v1.0 was discovered to contain a SQL ...)
+ TODO: check
+CVE-2022-44859 (Automotive Shop Management System v1.0 was discovered to contain a SQL ...)
+ TODO: check
+CVE-2022-44858 (Automotive Shop Management System v1.0 was discovered to contain a SQL ...)
+ TODO: check
CVE-2022-44857
RESERVED
CVE-2022-44856
@@ -5367,8 +5380,8 @@ CVE-2022-44413 (Automotive Shop Management System v1.0 is vulnerable to SQL Inje
NOT-FOR-US: Automotive Shop Management System
CVE-2022-44412
RESERVED
-CVE-2022-44411
- RESERVED
+CVE-2022-44411 (Web Based Quiz System v1.0 transmits user passwords in plaintext durin ...)
+ TODO: check
CVE-2022-44410
RESERVED
CVE-2022-44409
@@ -6239,10 +6252,10 @@ CVE-2022-43986
RESERVED
CVE-2022-43985 (In Apache Airflow versions prior to 2.4.2, there was an open redirect ...)
- airflow <itp> (bug #819700)
-CVE-2022-43984
- RESERVED
-CVE-2022-43983
- RESERVED
+CVE-2022-43984 (Browsershot version 3.57.3 allows an external attacker to remotely obt ...)
+ TODO: check
+CVE-2022-43983 (Browsershot version 3.57.2 allows an external attacker to remotely obt ...)
+ TODO: check
CVE-2022-3752
RESERVED
CVE-2022-3751
@@ -13315,16 +13328,16 @@ CVE-2022-41960
RESERVED
CVE-2022-41959
RESERVED
-CVE-2022-41958
- RESERVED
+CVE-2022-41958 (super-xray is a web vulnerability scanning tool. Versions prior to 0.7 ...)
+ TODO: check
CVE-2022-41957
RESERVED
CVE-2022-41956
RESERVED
CVE-2022-41955
RESERVED
-CVE-2022-41954
- RESERVED
+CVE-2022-41954 (MPXJ is an open source library to read and write project plans from a ...)
+ TODO: check
CVE-2022-41953
RESERVED
CVE-2022-41952 (Synapse before 1.52.0 with URL preview functionality enabled will atte ...)
@@ -13386,8 +13399,8 @@ CVE-2022-41928 (XWiki Platform vulnerable to Improper Neutralization of Directiv
NOT-FOR-US: XWiki
CVE-2022-41927 (XWiki Platform is vulnerable to Cross-Site Request Forgery (CSRF) that ...)
NOT-FOR-US: XWiki
-CVE-2022-41926
- RESERVED
+CVE-2022-41926 (Nextcould talk android is the android OS implementation of the nextclo ...)
+ TODO: check
CVE-2022-41925 (A vulnerability identified in the Tailscale client allows a malicious ...)
TODO: check
CVE-2022-41924 (A vulnerability identified in the Tailscale Windows client allows a ma ...)
@@ -13975,8 +13988,8 @@ CVE-2022-41714 (fastest-json-copy version 1.0.1 allows an external attacker to e
NOT-FOR-US: fastest-json-copy Nodejs module
CVE-2022-41713 (deep-object-diff version 1.1.0 allows an external attacker to edit or ...)
NOT-FOR-US: deep-object-diff Nodejs module
-CVE-2022-41712
- RESERVED
+CVE-2022-41712 (Frappe version 14.10.0 allows an external attacker to remotely obtain ...)
+ TODO: check
CVE-2022-41711 (Badaso version 2.6.0 allows an unauthenticated remote attacker to exec ...)
NOT-FOR-US: Badaso
CVE-2022-41710 (Markdownify version 1.4.1 allows an external attacker to remotely obta ...)
@@ -13987,10 +14000,10 @@ CVE-2022-41708 (Relatedcode's Messenger version 7bcd20b allows an authenticated
NOT-FOR-US: Relatedcode's Messenger
CVE-2022-41707 (Relatedcode's Messenger version 7bcd20b allows an authenticated extern ...)
NOT-FOR-US: Relatedcode's Messenger
-CVE-2022-41706
- RESERVED
-CVE-2022-41705
- RESERVED
+CVE-2022-41706 (Browsershot version 3.57.2 allows an external attacker to remotely obt ...)
+ TODO: check
+CVE-2022-41705 (Badaso version 2.6.3 allows an unauthenticated remote attacker to exec ...)
+ TODO: check
CVE-2022-41704 (A vulnerability in Batik of Apache XML Graphics allows an attacker to ...)
{DSA-5264-1 DLA-3169-1}
- batik 1.16+dfsg-1
@@ -15421,12 +15434,12 @@ CVE-2022-41160
RESERVED
CVE-2022-41159
RESERVED
-CVE-2022-41158
- RESERVED
-CVE-2022-41157
- RESERVED
-CVE-2022-41156
- RESERVED
+CVE-2022-41158 (Remote code execution vulnerability can be achieved by using cookie va ...)
+ TODO: check
+CVE-2022-41157 (A specific file on the sERP server if Kyungrinara(ERP solution) has a ...)
+ TODO: check
+CVE-2022-41156 (Remote code execution vulnerability due to insufficient verification o ...)
+ TODO: check
CVE-2022-41153
RESERVED
CVE-2022-41152
@@ -17813,19 +17826,23 @@ CVE-2022-40158
REJECTED
CVE-2022-40157
REJECTED
-CVE-2022-40156 (Those using Xstream to seralize XML data may be vulnerable to Denial o ...)
+CVE-2022-40156
+ REJECTED
- libxstream-java <undetermined>
NOTE: https://github.com/x-stream/xstream/issues/304
-CVE-2022-40155 (Those using Xstream to serialise XML data may be vulnerable to Denial ...)
+CVE-2022-40155
+ REJECTED
- libxstream-java <undetermined>
NOTE: https://github.com/x-stream/xstream/issues/304
-CVE-2022-40154 (Those using Xstream to serialise XML data may be vulnerable to Denial ...)
+CVE-2022-40154
+ REJECTED
- libxstream-java <undetermined>
NOTE: https://github.com/x-stream/xstream/issues/304
-CVE-2022-40153 (Those using Xstream to seralize XML data may be vulnerable to Denial o ...)
+CVE-2022-40153
+ REJECTED
- libxstream-java <undetermined>
NOTE: https://github.com/x-stream/xstream/issues/304
-CVE-2022-40152 (Those using Xstream to seralize XML data may be vulnerable to Denial o ...)
+CVE-2022-40152 (Those using Woodstox to parse XML data may be vulnerable to Denial of ...)
- libxstream-java <undetermined>
NOTE: https://github.com/x-stream/xstream/issues/304
CVE-2022-40151 (Those using Xstream to seralize XML data may be vulnerable to Denial o ...)
@@ -19668,8 +19685,8 @@ CVE-2022-39347 (FreeRDP is a free remote desktop protocol library and clients. A
[buster] - freerdp2 <no-dsa> (Minor issue)
NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-c5xq-8v35-pffg
NOTE: https://github.com/FreeRDP/FreeRDP/commit/027424c2c6c0991cb9c22f9511478229c9b17e5d
-CVE-2022-39346
- RESERVED
+CVE-2022-39346 (Nextcloud server is an open source personal cloud server. Affected ver ...)
+ TODO: check
CVE-2022-39345 (Gin-vue-admin is a backstage management system based on vue and gin, w ...)
NOT-FOR-US: Gin-vue-admin
CVE-2022-39344 (Azure RTOS USBX is a USB host, device, and on-the-go (OTG) embedded st ...)
@@ -19682,18 +19699,18 @@ CVE-2022-39341 (OpenFGA is an authorization/permission engine. Versions prior to
NOT-FOR-US: OpenFGA
CVE-2022-39340 (OpenFGA is an authorization/permission engine. Prior to version 0.2.4, ...)
NOT-FOR-US: OpenFGA
-CVE-2022-39339
- RESERVED
-CVE-2022-39338
- RESERVED
+CVE-2022-39339 (user_oidc is an OpenID Connect user backend for Nextcloud. In versions ...)
+ TODO: check
+CVE-2022-39338 (user_oidc is an OpenID Connect user backend for Nextcloud. Versions pr ...)
+ TODO: check
CVE-2022-39337
RESERVED
CVE-2022-39336
RESERVED
CVE-2022-39335
RESERVED
-CVE-2022-39334
- RESERVED
+CVE-2022-39334 (Nextcloud desktop is the desktop sync client for Nextcloud. Versions p ...)
+ TODO: check
CVE-2022-39333
RESERVED
CVE-2022-39332
@@ -21137,8 +21154,8 @@ CVE-2022-38815
RESERVED
CVE-2022-38814 (A stored cross-site scripting (XSS) vulnerability in the auth_settings ...)
NOT-FOR-US: FiberHome
-CVE-2022-38813
- RESERVED
+CVE-2022-38813 (PHPGurukul Blood Donor Management System 1.0 does not properly restric ...)
+ TODO: check
CVE-2022-38812 (AeroCMS 0.1.1 is vulnerable to SQL Injection via the author parameter. ...)
NOT-FOR-US: AeroCMS
CVE-2022-38811
@@ -21232,6 +21249,7 @@ CVE-2021-46836 (Implementation of the WLAN module interfaces has the information
CVE-2022-3019 (The forgot password token basically just makes us capable of taking ov ...)
NOT-FOR-US: ToolJet
CVE-2022-39028 (telnetd in GNU Inetutils through 2.3, MIT krb5-appl through 1.0.3, and ...)
+ {DLA-3205-1}
- inetutils 2:2.3-5
[bullseye] - inetutils 2:2.0-1+deb11u1
NOTE: https://lists.gnu.org/archive/html/bug-inetutils/2022-08/msg00002.html
@@ -21348,8 +21366,8 @@ CVE-2022-38769 (The mobile application in Transtek Mojodat FAM (Fixed Asset Mana
NOT-FOR-US: Transtek
CVE-2022-38768 (The mobile application in Transtek Mojodat FAM (Fixed Asset Management ...)
NOT-FOR-US: Transtek
-CVE-2022-38767
- RESERVED
+CVE-2022-38767 (An issue was discovered in Wind River VxWorks 6.9 and 7, that allows a ...)
+ TODO: check
CVE-2022-38766
RESERVED
CVE-2022-38765
@@ -22719,8 +22737,8 @@ CVE-2022-38379
RESERVED
CVE-2022-38378
RESERVED
-CVE-2022-38377
- RESERVED
+CVE-2022-38377 (An improper access control vulnerability [CWE-284] in FortiManager 7.2 ...)
+ TODO: check
CVE-2022-38376
RESERVED
CVE-2022-38375
@@ -23397,8 +23415,8 @@ CVE-2022-38168 (Broken Access Control in User Authentication in Avaya Scopia Pat
NOT-FOR-US: Avaya Scopia Pathfinder
CVE-2022-38167 (The Nintex Workflow plugin 5.2.2.30 for SharePoint allows XSS. ...)
NOT-FOR-US: Nintex Workflow plugin for SharePoint
-CVE-2022-38166
- RESERVED
+CVE-2022-38166 (In F‑Secure Endpoint Protection for Windows and macOS before cha ...)
+ TODO: check
CVE-2022-38165 (Arbitrary file write in F-Secure Policy Manager through 2022-08-10 all ...)
NOT-FOR-US: WithSecure
CVE-2022-38164 (WithSecure through 2022-08-10 allows attackers to cause a denial of se ...)
@@ -24427,10 +24445,10 @@ CVE-2022-37723
RESERVED
CVE-2022-37722
RESERVED
-CVE-2022-37721
- RESERVED
-CVE-2022-37720
- RESERVED
+CVE-2022-37721 (PyroCMS 3.9 is vulnerable to a stored Cross Site Scripting (XSS_ when ...)
+ TODO: check
+CVE-2022-37720 (Orchardproject Orchard CMS 1.10.3 is vulnerable to Cross Site Scriptin ...)
+ TODO: check
CVE-2022-37719
RESERVED
CVE-2022-37718
@@ -49661,7 +49679,7 @@ CVE-2022-1273 (The Import WP WordPress plugin before 2.4.6 does not validate the
CVE-2022-1272
RESERVED
CVE-2022-1270 (In GraphicsMagick, a heap buffer overflow was found when parsing MIFF. ...)
- {DLA-3200-1}
+ {DSA-5288-1 DLA-3200-1}
- graphicsmagick 1.4+really1.3.38-1
NOTE: https://sourceforge.net/p/graphicsmagick/bugs/664/
NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/94f4bcf448ad
@@ -59112,8 +59130,8 @@ CVE-2022-25373 (Zoho ManageEngine SupportCenter Plus before 11020 allows Stored
NOT-FOR-US: Zoho ManageEngine
CVE-2022-25372 (Pritunl Client through 1.2.3019.52 on Windows allows local privilege e ...)
NOT-FOR-US: Pritunl Client
-CVE-2022-0698
- RESERVED
+CVE-2022-0698 (Microweber version 1.3.1 allows an unauthenticated user to perform an ...)
+ TODO: check
CVE-2022-0697 (Open Redirect in GitHub repository archivy/archivy prior to 1.7.0. ...)
NOT-FOR-US: Archivy
CVE-2022-0696 (NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.442 ...)
@@ -67472,8 +67490,8 @@ CVE-2022-23046 (PhpIPAM v1.4.4 allows an authenticated admin user to inject SQL
- phpipam <itp> (bug #731713)
CVE-2022-23045 (PhpIPAM v1.4.4 allows an authenticated admin user to inject persistent ...)
- phpipam <itp> (bug #731713)
-CVE-2022-23044
- RESERVED
+CVE-2022-23044 (Tiny File Manager version 2.4.8 allows an unauthenticated remote attac ...)
+ TODO: check
CVE-2022-23043 (Zenario CMS 9.2 allows an authenticated admin user to bypass the file ...)
NOT-FOR-US: Zenario CMS
CVE-2022-23042 (Linux PV device frontends vulnerable to attacks by backends T[his CNA ...)
@@ -90561,6 +90579,7 @@ CVE-2021-40438 (A crafted request uri-path can cause mod_proxy to forward the re
NOTE: Regression fix #1: https://github.com/apache/httpd/commit/6e768a811c59ca6a0769b72681aaef381823339f (2.4.x)
NOTE: Regression fix #2: https://github.com/apache/httpd/commit/81a8b0133b46c4cf7dfc4b5476ad46eb34aa0a5c (2.4.x)
CVE-2021-40491 (The ftp client in GNU Inetutils before 2.2 does not validate addresses ...)
+ {DLA-3205-1}
- inetutils 2:2.2-1 (bug #993476)
[bullseye] - inetutils 2:2.0-1+deb11u1
[stretch] - inetutils <no-dsa> (Minor issue)
@@ -285062,6 +285081,7 @@ CVE-2019-0055 (A vulnerability in the SIP ALG packet processing service of Junip
CVE-2019-0054 (An Improper Certificate Validation weakness in the SRX Series Applicat ...)
NOT-FOR-US: Juniper
CVE-2019-0053 (Insufficient validation of environment variables in the telnet client ...)
+ {DLA-3205-1}
- socks4-server <removed> (low)
[buster] - socks4-server <ignored> (Minor issue)
[stretch] - socks4-server <ignored> (Minor issue)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ed0ed8a7de7b67f9d3c0cfcd0e946587d229615b
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ed0ed8a7de7b67f9d3c0cfcd0e946587d229615b
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221125/b87ab971/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list