[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Mon Nov 28 20:10:36 GMT 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
5172efbe by security tracker role at 2022-11-28T20:10:25+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,311 @@
+CVE-2022-46265
+ RESERVED
+CVE-2022-46264
+ RESERVED
+CVE-2022-46263
+ RESERVED
+CVE-2022-46262
+ RESERVED
+CVE-2022-46261
+ RESERVED
+CVE-2022-46260
+ RESERVED
+CVE-2022-46259
+ RESERVED
+CVE-2022-46258
+ RESERVED
+CVE-2022-46257
+ RESERVED
+CVE-2022-46256
+ RESERVED
+CVE-2022-46255
+ RESERVED
+CVE-2022-46254
+ RESERVED
+CVE-2022-46253
+ RESERVED
+CVE-2022-46252
+ RESERVED
+CVE-2022-46251
+ RESERVED
+CVE-2022-46250
+ RESERVED
+CVE-2022-46249
+ RESERVED
+CVE-2022-46248
+ RESERVED
+CVE-2022-46247
+ RESERVED
+CVE-2022-46246
+ RESERVED
+CVE-2022-46245
+ RESERVED
+CVE-2022-46244
+ RESERVED
+CVE-2022-46243
+ RESERVED
+CVE-2022-46242
+ RESERVED
+CVE-2022-46241
+ RESERVED
+CVE-2022-46240
+ RESERVED
+CVE-2022-46239
+ RESERVED
+CVE-2022-46238
+ RESERVED
+CVE-2022-46237
+ RESERVED
+CVE-2022-46236
+ RESERVED
+CVE-2022-46235
+ RESERVED
+CVE-2022-46234
+ RESERVED
+CVE-2022-46233
+ RESERVED
+CVE-2022-46232
+ RESERVED
+CVE-2022-46231
+ RESERVED
+CVE-2022-46230
+ RESERVED
+CVE-2022-46229
+ RESERVED
+CVE-2022-46228
+ RESERVED
+CVE-2022-46227
+ RESERVED
+CVE-2022-46226
+ RESERVED
+CVE-2022-46225
+ RESERVED
+CVE-2022-46224
+ RESERVED
+CVE-2022-46223
+ RESERVED
+CVE-2022-46222
+ RESERVED
+CVE-2022-46221
+ RESERVED
+CVE-2022-46220
+ RESERVED
+CVE-2022-46219
+ RESERVED
+CVE-2022-46218
+ RESERVED
+CVE-2022-46217
+ RESERVED
+CVE-2022-46216
+ RESERVED
+CVE-2022-46215
+ RESERVED
+CVE-2022-46214
+ RESERVED
+CVE-2022-46213
+ RESERVED
+CVE-2022-46212
+ RESERVED
+CVE-2022-46211
+ RESERVED
+CVE-2022-46210
+ RESERVED
+CVE-2022-46209
+ RESERVED
+CVE-2022-46208
+ RESERVED
+CVE-2022-46207
+ RESERVED
+CVE-2022-46206
+ RESERVED
+CVE-2022-46205
+ RESERVED
+CVE-2022-46204
+ RESERVED
+CVE-2022-46203
+ RESERVED
+CVE-2022-46202
+ RESERVED
+CVE-2022-46201
+ RESERVED
+CVE-2022-46200
+ RESERVED
+CVE-2022-46199
+ RESERVED
+CVE-2022-46198
+ RESERVED
+CVE-2022-46197
+ RESERVED
+CVE-2022-46196
+ RESERVED
+CVE-2022-46195
+ RESERVED
+CVE-2022-46194
+ RESERVED
+CVE-2022-46193
+ RESERVED
+CVE-2022-46192
+ RESERVED
+CVE-2022-46191
+ RESERVED
+CVE-2022-46190
+ RESERVED
+CVE-2022-46189
+ RESERVED
+CVE-2022-46188
+ RESERVED
+CVE-2022-46187
+ RESERVED
+CVE-2022-46186
+ RESERVED
+CVE-2022-46185
+ RESERVED
+CVE-2022-46184
+ RESERVED
+CVE-2022-46183
+ RESERVED
+CVE-2022-46182
+ RESERVED
+CVE-2022-46181
+ RESERVED
+CVE-2022-46180
+ RESERVED
+CVE-2022-46179
+ RESERVED
+CVE-2022-46178
+ RESERVED
+CVE-2022-46177
+ RESERVED
+CVE-2022-46176
+ RESERVED
+CVE-2022-46175
+ RESERVED
+CVE-2022-46174
+ RESERVED
+CVE-2022-46173
+ RESERVED
+CVE-2022-46172
+ RESERVED
+CVE-2022-46171
+ RESERVED
+CVE-2022-46170
+ RESERVED
+CVE-2022-46169
+ RESERVED
+CVE-2022-46168
+ RESERVED
+CVE-2022-46167
+ RESERVED
+CVE-2022-46166
+ RESERVED
+CVE-2022-46165
+ RESERVED
+CVE-2022-46164
+ RESERVED
+CVE-2022-46163
+ RESERVED
+CVE-2022-46162
+ RESERVED
+CVE-2022-46161
+ RESERVED
+CVE-2022-46160
+ RESERVED
+CVE-2022-46159
+ RESERVED
+CVE-2022-46158
+ RESERVED
+CVE-2022-46157
+ RESERVED
+CVE-2022-46156
+ RESERVED
+CVE-2022-46155
+ RESERVED
+CVE-2022-46154
+ RESERVED
+CVE-2022-46153
+ RESERVED
+CVE-2022-46152
+ RESERVED
+CVE-2022-46151
+ RESERVED
+CVE-2022-46150
+ RESERVED
+CVE-2022-46149
+ RESERVED
+CVE-2022-46148
+ RESERVED
+CVE-2022-46147
+ RESERVED
+CVE-2022-46146
+ RESERVED
+CVE-2022-46145
+ RESERVED
+CVE-2022-46144
+ RESERVED
+CVE-2022-46143
+ RESERVED
+CVE-2022-46142
+ RESERVED
+CVE-2022-46141
+ RESERVED
+CVE-2022-46140
+ RESERVED
+CVE-2022-44620
+ RESERVED
+CVE-2022-44606
+ RESERVED
+CVE-2022-43464
+ RESERVED
+CVE-2022-4171
+ RESERVED
+CVE-2022-4170
+ RESERVED
+CVE-2022-4169 (The Theme and plugin translation for Polylang is vulnerable to authori ...)
+ TODO: check
+CVE-2022-4168
+ RESERVED
+CVE-2022-4167
+ RESERVED
+CVE-2022-4166
+ RESERVED
+CVE-2022-4165
+ RESERVED
+CVE-2022-4164
+ RESERVED
+CVE-2022-4163
+ RESERVED
+CVE-2022-4162
+ RESERVED
+CVE-2022-4161
+ RESERVED
+CVE-2022-4160
+ RESERVED
+CVE-2022-4159
+ RESERVED
+CVE-2022-4158
+ RESERVED
+CVE-2022-4157
+ RESERVED
+CVE-2022-4156
+ RESERVED
+CVE-2022-4155
+ RESERVED
+CVE-2022-4154
+ RESERVED
+CVE-2022-4153
+ RESERVED
+CVE-2022-4152
+ RESERVED
+CVE-2022-4151
+ RESERVED
+CVE-2022-4150
+ RESERVED
+CVE-2022-4149
+ RESERVED
+CVE-2022-4148
+ RESERVED
+CVE-2022-4147
+ RESERVED
CVE-2022-46139
RESERVED
CVE-2022-46138
@@ -1452,8 +1760,8 @@ CVE-2022-45484
RESERVED
CVE-2022-4105 (A stored XSS in a kiwi Test Plan can run malicious javascript which co ...)
NOT-FOR-US: kiwi Test Plan
-CVE-2022-4104
- RESERVED
+CVE-2022-4104 (A loop with an unreachable exit condition can be triggered by passing ...)
+ TODO: check
CVE-2022-4103
RESERVED
CVE-2022-4102
@@ -1717,8 +2025,8 @@ CVE-2022-4022 (The SVG Support plugin for WordPress defaults to insecure setting
NOT-FOR-US: SVG Support plugin for WordPress
CVE-2022-4021 (The Permalink Manager Lite plugin for WordPress is vulnerable to Cross ...)
NOT-FOR-US: Permalink Manager Lite plugin for WordPress
-CVE-2022-4020
- RESERVED
+CVE-2022-4020 (Vulnerability in the HQSwSmiDxe DXE driver on some consumer Acer Noteb ...)
+ TODO: check
CVE-2022-4019 (A denial-of-service vulnerability in the Mattermost Playbooks plugin a ...)
NOT-FOR-US: Mattermost plugin
CVE-2022-4018 (Missing Authentication for Critical Function in GitHub repository ikus ...)
@@ -3709,6 +4017,7 @@ CVE-2022-44791
CVE-2022-44790
RESERVED
CVE-2022-44789 (A logical issue in O_getOwnPropertyDescriptor() in Artifex MuJS 1.0.0 ...)
+ {DSA-5291-1}
- mujs 1.3.2-1 (bug #1024769)
NOTE: https://github.com/alalng/CVE-2022-44789/blob/main/PublicReferenceURL.txt
NOTE: Fixed by: https://github.com/ccxvii/mujs/commit/edb50ad66f7601ca9a3544a0e9045e8a8c60561f (1.3.2)
@@ -3856,8 +4165,8 @@ CVE-2022-3867 (HashiCorp Nomad and Nomad Enterprise 1.4.0 up to 1.4.1 event stre
CVE-2022-3866 (HashiCorp Nomad and Nomad Enterprise 1.4.0 up to 1.4.1 workload identi ...)
- nomad <not-affected> (Only affects 1.4)
NOTE: https://discuss.hashicorp.com/t/hcsec-2022-25-nomad-s-workload-identity-token-can-list-non-sensitive-metadata-for-nomad-paths/46167
-CVE-2022-3865
- RESERVED
+CVE-2022-3865 (The WP User Merger WordPress plugin before 1.5.3 does not properly san ...)
+ TODO: check
CVE-2022-3864
RESERVED
CVE-2022-3863
@@ -5102,14 +5411,14 @@ CVE-2022-3852 (The VR Calendar plugin for WordPress is vulnerable to Cross-Site
NOT-FOR-US: VR Calendar plugin for WordPress
CVE-2022-3851
RESERVED
-CVE-2022-3850
- RESERVED
-CVE-2022-3849
- RESERVED
-CVE-2022-3848
- RESERVED
-CVE-2022-3847
- RESERVED
+CVE-2022-3850 (The Find and Replace All WordPress plugin before 1.3 does not have CSR ...)
+ TODO: check
+CVE-2022-3849 (The WP User Merger WordPress plugin before 1.5.3 does not properly san ...)
+ TODO: check
+CVE-2022-3848 (The WP User Merger WordPress plugin before 1.5.3 does not properly san ...)
+ TODO: check
+CVE-2022-3847 (The Showing URL in QR Code WordPress plugin through 0.0.1 does not hav ...)
+ TODO: check
CVE-2022-44643
RESERVED
CVE-2022-44642
@@ -5207,8 +5516,8 @@ CVE-2022-3841
NOT-FOR-US: Red Hat Advanced Cluster Management for Kubernetes (RHACM)
CVE-2022-3840
RESERVED
-CVE-2022-3839
- RESERVED
+CVE-2022-3839 (The Analytics for WP WordPress plugin through 1.5.1 does not sanitise ...)
+ TODO: check
CVE-2022-3838
RESERVED
CVE-2022-3837
@@ -5217,32 +5526,32 @@ CVE-2022-3836
RESERVED
CVE-2022-3835
RESERVED
-CVE-2022-3834
- RESERVED
-CVE-2022-3833
- RESERVED
+CVE-2022-3834 (The Google Forms WordPress plugin through 0.95 does not sanitise and e ...)
+ TODO: check
+CVE-2022-3833 (The Fancier Author Box by ThematoSoup WordPress plugin through 1.4 doe ...)
+ TODO: check
CVE-2022-3832
RESERVED
-CVE-2022-3831
- RESERVED
+CVE-2022-3831 (The reCAPTCHA WordPress plugin through 1.6 does not sanitise and escap ...)
+ TODO: check
CVE-2022-3830
RESERVED
CVE-2022-3829
RESERVED
-CVE-2022-3828
- RESERVED
+CVE-2022-3828 (The Video Thumbnails WordPress plugin through 2.12.3 does not sanitise ...)
+ TODO: check
CVE-2022-3827 (A vulnerability was found in centreon. It has been declared as critica ...)
- centreon-web <itp> (bug #913903)
CVE-2022-3826 (A vulnerability was found in Huaxia ERP. It has been classified as pro ...)
NOT-FOR-US: Huaxia ERP
CVE-2022-3825 (A vulnerability was found in Huaxia ERP 2.3 and classified as critical ...)
NOT-FOR-US: Huaxia ERP
-CVE-2022-3824
- RESERVED
-CVE-2022-3823
- RESERVED
-CVE-2022-3822
- RESERVED
+CVE-2022-3824 (The WP Admin UI Customize WordPress plugin before 1.5.13 does not sani ...)
+ TODO: check
+CVE-2022-3823 (The Beautiful Cookie Consent Banner WordPress plugin before 2.9.1 does ...)
+ TODO: check
+CVE-2022-3822 (The Donations via PayPal WordPress plugin before 1.9.9 does not saniti ...)
+ TODO: check
CVE-2022-3821 (An off-by-one Error issue was discovered in Systemd in format_timespan ...)
- systemd 251.3-1
[bullseye] - systemd <no-dsa> (Minor issue)
@@ -5783,10 +6092,10 @@ CVE-2022-3771 (A vulnerability, which was classified as critical, has been found
NOT-FOR-US: easyii CMS
CVE-2022-3770 (A vulnerability classified as critical was found in Yunjing CMS. This ...)
NOT-FOR-US: Yunjing CMS
-CVE-2022-3769
- RESERVED
-CVE-2022-3768
- RESERVED
+CVE-2022-3769 (The OWM Weather WordPress plugin before 5.6.9 does not properly saniti ...)
+ TODO: check
+CVE-2022-3768 (The WPSmartContracts WordPress plugin before 1.3.12 does not properly ...)
+ TODO: check
CVE-2022-3767
RESERVED
- gitlab <unfixed>
@@ -5906,12 +6215,12 @@ CVE-2022-44403 (Automotive Shop Management System v1.0 is vulnerable to SQL Inje
NOT-FOR-US: Automotive Shop Management System
CVE-2022-44402 (Automotive Shop Management System v1.0 is vulnerable to SQL Injection ...)
NOT-FOR-US: Automotive Shop Management System
-CVE-2022-44401
- RESERVED
-CVE-2022-44400
- RESERVED
-CVE-2022-44399
- RESERVED
+CVE-2022-44401 (Online Tours & Travels Management System v1.0 contains an arbitrar ...)
+ TODO: check
+CVE-2022-44400 (Purchase Order Management System v1.0 contains a file upload vulnerabi ...)
+ TODO: check
+CVE-2022-44399 (Poultry Farm Management System v1.0 contains a SQL injection vulnerabi ...)
+ TODO: check
CVE-2022-44398
RESERVED
CVE-2022-44397
@@ -6140,10 +6449,10 @@ CVE-2022-44286
RESERVED
CVE-2022-44285
RESERVED
-CVE-2022-44284
- RESERVED
-CVE-2022-44283
- RESERVED
+CVE-2022-44284 (Dinstar FXO Analog VoIP Gateway DAG2000-16O is vulnerable to Cross Sit ...)
+ TODO: check
+CVE-2022-44283 (AVS Audio Converter 10.3 is vulnerable to Buffer Overflow. ...)
+ TODO: check
CVE-2022-44282
RESERVED
CVE-2022-44281
@@ -9076,8 +9385,8 @@ CVE-2022-3691 (The DeepL Pro API translation plugin WordPress plugin before 1.7.
NOT-FOR-US: WordPress plugin
CVE-2022-3690 (The Popup Maker WordPress plugin before 1.16.11 does not sanitise and ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-3689
- RESERVED
+CVE-2022-3689 (The HTML Forms WordPress plugin before 1.3.25 does not properly proper ...)
+ TODO: check
CVE-2022-3688 (The WPQA Builder WordPress plugin before 5.9 does not have CSRF check ...)
NOT-FOR-US: WordPress plugin
CVE-2022-43760
@@ -9567,12 +9876,12 @@ CVE-2022-43592
RESERVED
CVE-2022-43591
RESERVED
-CVE-2022-43590
- RESERVED
-CVE-2022-43589
- RESERVED
-CVE-2022-43588
- RESERVED
+CVE-2022-43590 (A null pointer dereference vulnerability exists in the handle_ioctl_0x ...)
+ TODO: check
+CVE-2022-43589 (A null pointer dereference vulnerability exists in the handle_ioctl_83 ...)
+ TODO: check
+CVE-2022-43588 (A null pointer dereference vulnerability exists in the handle_ioctl_83 ...)
+ TODO: check
CVE-2022-43587
RESERVED
CVE-2022-43586
@@ -10002,8 +10311,8 @@ CVE-2022-3612
RESERVED
CVE-2022-3611
RESERVED
-CVE-2022-3610
- RESERVED
+CVE-2022-3610 (The Jeeng Push Notifications WordPress plugin before 2.0.4 does not sa ...)
+ TODO: check
CVE-2022-3609
RESERVED
CVE-2022-3608 (Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpm ...)
@@ -10019,8 +10328,8 @@ CVE-2022-3605
RESERVED
CVE-2022-3604
RESERVED
-CVE-2022-3603
- RESERVED
+CVE-2022-3603 (The Export customers list csv for WooCommerce, WordPress users csv, ex ...)
+ TODO: check
CVE-2022-3602 (A buffer overrun can be triggered in X.509 certificate verification, s ...)
- openssl 3.0.7-1
[bullseye] - openssl <not-affected> (Only affects 3.0)
@@ -10029,8 +10338,8 @@ CVE-2022-3602 (A buffer overrun can be triggered in X.509 certificate verificati
NOTE: https://www.openssl.org/blog/blog/2022/11/01/email-address-overflows/
NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=fe3b639dc19b325846f4f6801f2f4604f56e3de3 (openssl-3.0.7)
NOTE: https://github.com/colmmacc/CVE-2022-3602
-CVE-2022-3601
- RESERVED
+CVE-2022-3601 (The Image Hover Effects Css3 WordPress plugin through 4.5 does not san ...)
+ TODO: check
CVE-2022-3600 (The Easy Digital Downloads WordPress plugin before 3.1.0.2 does not va ...)
NOT-FOR-US: WordPress plugin
CVE-2022-3599 (LibTIFF 4.4.0 has an out-of-bounds read in writeSingleSection in tools ...)
@@ -11446,8 +11755,8 @@ CVE-2022-3513
RESERVED
CVE-2022-3512 (Using warp-cli command "add-trusted-ssid", a user was able to disconne ...)
NOT-FOR-US: Cloudflare
-CVE-2022-3511
- RESERVED
+CVE-2022-3511 (The Awesome Support WordPress plugin before 6.1.2 does not ensure that ...)
+ TODO: check
CVE-2022-3510 (A parsing issue similar to CVE-2022-3171, but with Message-Type Extens ...)
- protobuf <unfixed>
NOTE: https://github.com/protocolbuffers/protobuf/commit/db7c17803320525722f45c1d26fc08bc41d1bf48
@@ -11539,8 +11848,8 @@ CVE-2022-3492 (A vulnerability classified as critical was found in SourceCodeste
NOT-FOR-US: SourceCodester Human Resource Management System
CVE-2022-3491
RESERVED
-CVE-2022-3490
- RESERVED
+CVE-2022-3490 (The Checkout Field Editor (Checkout Manager) for WooCommerce WordPress ...)
+ TODO: check
CVE-2022-3489 (The WP Hide WordPress plugin through 0.0.2 does not have authorisation ...)
NOT-FOR-US: WordPress plugin
CVE-2022-3488
@@ -12744,8 +13053,8 @@ CVE-2022-42447
RESERVED
CVE-2022-42446
RESERVED
-CVE-2022-42445
- RESERVED
+CVE-2022-42445 (HCL Launch could allow a user with administrative privileges, includin ...)
+ TODO: check
CVE-2022-42444
RESERVED
CVE-2022-42443
@@ -13838,8 +14147,8 @@ CVE-2022-41959
RESERVED
CVE-2022-41958 (super-xray is a web vulnerability scanning tool. Versions prior to 0.7 ...)
NOT-FOR-US: super-xray
-CVE-2022-41957
- RESERVED
+CVE-2022-41957 (Muhammara is a node module with c/cpp bindings to modify PDF with Java ...)
+ TODO: check
CVE-2022-41956
RESERVED
CVE-2022-41955
@@ -13871,8 +14180,8 @@ CVE-2022-41946 (pgjdbc is an open source postgresql JDBC Driver. In affected ver
NOTE: https://github.com/pgjdbc/pgjdbc/commit/9008dc9aade6dbfe4efafcd6872ebc55f4699cf5 (REL42.5.1-rc1)
CVE-2022-41945 (super-xray is a vulnerability scanner (xray) GUI launcher. In version ...)
NOT-FOR-US: super-xray
-CVE-2022-41944
- RESERVED
+CVE-2022-41944 (Discourse is an open-source discussion platform. In stable versions pr ...)
+ TODO: check
CVE-2022-41943 (sourcegraph is a code intelligence platform. As a site admin it was po ...)
NOT-FOR-US: Sourcegraph
CVE-2022-41942 (Sourcegraph is a code intelligence platform. In versions prior to 4.1. ...)
@@ -13917,8 +14226,8 @@ CVE-2022-41923 (Grails Spring Security Core plugin is vulnerable to privilege es
NOT-FOR-US: Grails Spring Security Core plugin
CVE-2022-41922 (`yiisoft/yii` before version 1.1.27 are vulnerable to Remote Code Exec ...)
- yii <itp> (bug #597899)
-CVE-2022-41921
- RESERVED
+CVE-2022-41921 (Discourse is an open-source discussion platform. Prior to version 2.9. ...)
+ TODO: check
CVE-2022-41920 (Lancet is a general utility library for the go programming language. A ...)
NOT-FOR-US: Lancet
CVE-2022-41919 (Fastify is a web framework with minimal overhead and plugin architectu ...)
@@ -13938,8 +14247,8 @@ CVE-2022-41914 (Zulip is an open-source team collaboration tool. For organizatio
NOT-FOR-US: Zulip
CVE-2022-41913 (Discourse-calendar is a plugin for the Discourse messaging platform wh ...)
NOT-FOR-US: Discourse plugin
-CVE-2022-41912
- RESERVED
+CVE-2022-41912 (The crewjam/saml go library prior to version 0.4.9 is vulnerable to an ...)
+ TODO: check
CVE-2022-41911 (TensorFlow is an open source platform for machine learning. When print ...)
- tensorflow <itp> (bug #804612)
CVE-2022-41910
@@ -14442,8 +14751,8 @@ CVE-2022-41734
RESERVED
CVE-2022-41733
RESERVED
-CVE-2022-41732
- RESERVED
+CVE-2022-41732 (IBM Maximo Mobile 8.7 and 8.8 stores user credentials in plain clear t ...)
+ TODO: check
CVE-2022-41731
RESERVED
CVE-2022-41730
@@ -15290,6 +15599,7 @@ CVE-2022-41406 (An arbitrary file upload vulnerability in the /admin/admin_pic.p
CVE-2022-41405
RESERVED
CVE-2022-41404 (An issue in the fetch() method in the BasicProfile class of org.ini4j ...)
+ {DLA-3209-1}
- ini4j 0.5.4-1
NOTE: https://sourceforge.net/p/ini4j/bugs/56/
CVE-2022-41403 (OpenCart 3.x Newsletter Custom Popup was discovered to contain a SQL i ...)
@@ -20174,6 +20484,7 @@ CVE-2022-39350 (@dependencytrack/frontend is a Single Page Application (SPA) use
CVE-2022-39349 (The Tasks.org Android app is an open-source app for to-do lists and re ...)
NOT-FOR-US: Tasks.org Android app
CVE-2022-39348 (Twisted is an event-based framework for internet applications. Started ...)
+ {DLA-3212-1}
- twisted <unfixed> (bug #1023359)
[bullseye] - twisted <no-dsa> (Minor issue)
NOTE: https://github.com/twisted/twisted/security/advisories/GHSA-vg46-2rrj-3647
@@ -21442,8 +21753,8 @@ CVE-2022-38902 (A Cross-site scripting (XSS) vulnerability in the Blog module -
NOT-FOR-US: Liferay
CVE-2022-38901 (A Cross-site scripting (XSS) vulnerability in the Document and Media m ...)
NOT-FOR-US: Liferay
-CVE-2022-38900
- RESERVED
+CVE-2022-38900 (decode-uri-component 0.2.0 is vulnerable to Improper Input Validation ...)
+ TODO: check
CVE-2022-38899
RESERVED
CVE-2022-38898
@@ -22018,8 +22329,8 @@ CVE-2022-2985 (In music service, there is a missing permission check. This could
NOT-FOR-US: Unisoc
CVE-2022-2984 (In jpg driver, there is a possible out of bounds write due to a missin ...)
NOT-FOR-US: Unisoc
-CVE-2022-2983
- RESERVED
+CVE-2022-2983 (The Salat Times WordPress plugin before 3.2.2 does not sanitize and es ...)
+ TODO: check
CVE-2022-2982 (Use After Free in GitHub repository vim/vim prior to 9.0.0260. ...)
- vim 2:9.0.0626-1 (bug #1019590; unimportant)
[buster] - vim <not-affected> (quickfixtextfunc added in 8.2.0869)
@@ -26775,6 +27086,7 @@ CVE-2022-37034
CVE-2022-37033
RESERVED
CVE-2022-37032 (An out-of-bounds read in the BGP daemon of FRRouting FRR before 8.4 ma ...)
+ {DLA-3211-1}
- frr <unfixed> (bug #1021016)
NOTE: Fixed by: https://github.com/FRRouting/frr/commit/ff6db1027f8f36df657ff2e5ea167773752537ed
CVE-2022-37031
@@ -28986,8 +29298,8 @@ CVE-2022-36195
RESERVED
CVE-2022-36194 (Centreon 22.04.0 is vulnerable to Cross Site Scripting (XSS) from the ...)
- centreon-web <itp> (bug #913903)
-CVE-2022-36193
- RESERVED
+CVE-2022-36193 (SQL injection in School Management System 1.0 allows remote attackers ...)
+ TODO: check
CVE-2022-36192
RESERVED
CVE-2022-36191 (A heap-buffer-overflow had occurred in function gf_isom_dovi_config_ge ...)
@@ -31561,8 +31873,8 @@ CVE-2022-2313 (A DLL hijacking vulnerability in the MA Smart Installer for Windo
NOT-FOR-US: MA Smart Installer for Windows
CVE-2022-2312 (The Student Result or Employee Database WordPress plugin before 1.7.5 ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-2311
- RESERVED
+CVE-2022-2311 (The Find and Replace All WordPress plugin before 1.3 does not sanitize ...)
+ TODO: check
CVE-2022-2310 (An authentication bypass vulnerability in Skyhigh SWG in main releases ...)
NOT-FOR-US: Skyhigh SWG
CVE-2022-2309 (NULL Pointer Dereference allows attackers to cause a denial of service ...)
@@ -35126,6 +35438,7 @@ CVE-2022-33981 (drivers/block/floppy.c in the Linux kernel before 5.17.6 is vuln
NOTE: https://www.openwall.com/lists/oss-security/2022/04/28/1
NOTE: https://git.kernel.org/linus/233087ca063686964a53c829d547c7571e3f67bf (5.18-rc5)
CVE-2022-33980 (Apache Commons Configuration performs variable interpolation, allowing ...)
+ {DSA-5290-1}
- commons-configuration2 2.8.0-1 (bug #1014960)
[buster] - commons-configuration2 <not-affected> (Vulnerable code introduced later)
NOTE: https://www.openwall.com/lists/oss-security/2022/07/06/5
@@ -40514,8 +40827,8 @@ CVE-2022-31879 (Online Fire Reporting System 1.0 is vulnerable to SQL Injection
NOT-FOR-US: Online Fire Reporting System
CVE-2022-31878
RESERVED
-CVE-2022-31877
- RESERVED
+CVE-2022-31877 (An issue in the component MSI.TerminalServer.exe of MSI Center v1.0.41 ...)
+ TODO: check
CVE-2022-31876 (netgear wnap320 router WNAP320_V2.0.3_firmware is vulnerable to Incorr ...)
NOT-FOR-US: Netgear
CVE-2022-31875 (Trendnet IP-110wn camera fw_tv-ip110wn_v2(1.2.2.68) has an xss vulnera ...)
@@ -43323,11 +43636,13 @@ CVE-2022-30976 (GPAC 2.0.0 misuses a certain Unicode utf8_wcslen (renamed gf_utf
NOTE: https://github.com/gpac/gpac/commit/77510778516803b7f7402d7423c6d6bef50254c3
NOTE: to not open that issue.
CVE-2022-30975 (In Artifex MuJS through 1.2.0, jsP_dumpsyntax in jsdump.c has a NULL p ...)
+ {DSA-5291-1}
- mujs 1.2.0-3
NOTE: https://github.com/ccxvii/mujs/issues/161
NOTE: https://github.com/ccxvii/mujs/commit/910acc807c3c057e1c0726160808f3a9f37b40ec
NOTE: https://github.com/ccxvii/mujs/commit/f5b3c703e18725e380b83427004632e744f85a6f
CVE-2022-30974 (compile in regexp.c in Artifex MuJS through 1.2.0 results in stack con ...)
+ {DSA-5291-1}
- mujs 1.2.0-3
NOTE: https://github.com/ccxvii/mujs/issues/162
NOTE: https://github.com/ccxvii/mujs/commit/160ae29578054dc09fd91e5401ef040d52797e61
@@ -74777,8 +75092,8 @@ CVE-2021-45038 (An issue was discovered in MediaWiki before 1.35.5, 1.36.x befor
NOTE: https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/QEN3EK4JXAVJMJ5GF3GYOAKNJPEKFQYA/
CVE-2021-45037
RESERVED
-CVE-2021-45036
- RESERVED
+CVE-2021-45036 (Velneo vClient on its 28.1.3 version, could allow an attacker with kno ...)
+ TODO: check
CVE-2021-45035 (Velneo vClient on its 28.1.3 version, does not correctly check the cer ...)
NOT-FOR-US: Velneo vClient
CVE-2021-45034 (A vulnerability has been identified in CP-8000 MASTER MODULE WITH I/O ...)
@@ -91158,6 +91473,7 @@ CVE-2021-40405 (A denial of service vulnerability exists in the cgiserver.cgi Up
CVE-2021-40404 (An authentication bypass vulnerability exists in the cgiserver.cgi Log ...)
NOT-FOR-US: Reolink
CVE-2021-40403 (An information disclosure vulnerability exists in the pick-and-place r ...)
+ {DLA-3210-1}
- gerbv 2.9.2-1
[bullseye] - gerbv <no-dsa> (Minor issue)
NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1417
@@ -91169,6 +91485,7 @@ CVE-2021-40402 (An out-of-bounds read vulnerability exists in the RS-274X apertu
NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1416
NOTE: Crash in GUI tool, no security impact
CVE-2021-40401 (A use-after-free vulnerability exists in the RS-274X aperture definiti ...)
+ {DLA-3210-1}
- gerbv 2.9.2-1
NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1415
NOTE: Fixed by: https://github.com/gerbv/gerbv/commit/68ee18945bcf68ff964c42f12af79c5c0e2f4069 (v2.9.0-rc.1)
@@ -130304,8 +130621,8 @@ CVE-2021-25061 (The WP Booking System WordPress plugin before 2.0.15 was affecte
NOT-FOR-US: WordPress plugin
CVE-2021-25060 (The Five Star Business Profile and Schema WordPress plugin before 2.1. ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-25059
- RESERVED
+CVE-2021-25059 (The Download Plugin WordPress plugin before 2.0.0 does not properly va ...)
+ TODO: check
CVE-2021-25058 (The Buffer Button WordPress plugin through 1.0 was vulnerable to Authe ...)
NOT-FOR-US: WordPress plugin
CVE-2021-25057 (The Translation Exchange WordPress plugin through 1.0.14 was vulnerabl ...)
@@ -319929,7 +320246,7 @@ CVE-2018-5811 (An error within the "nikon_coolscan_load_raw()" function (interna
[jessie] - libraw <not-affected> (Vulnerable code not present)
NOTE: https://secuniaresearch.flexerasoftware.com/secunia_research/2018-10/
CVE-2018-5810 (An error within the "rollei_load_raw()" function (internal/dcraw_commo ...)
- {DLA-2903-1}
+ {DLA-2903-1 DLA-1734-1}
- libraw 0.18.11-1
[jessie] - libraw <no-dsa> (Minor issue)
NOTE: https://secuniaresearch.flexerasoftware.com/secunia_research/2018-10/
@@ -319946,7 +320263,7 @@ CVE-2018-5808 (An error within the "find_green()" function (internal/dcraw_commo
NOTE: https://secuniaresearch.flexerasoftware.com/secunia_research/2018-9/
NOTE: https://github.com/LibRaw/LibRaw/commit/fd6330292501983ac75fe4162275794b18445bd9
CVE-2018-5807 (An error within the "samsung_load_raw()" function (internal/dcraw_comm ...)
- {DLA-2903-1}
+ {DLA-2903-1 DLA-1734-1}
- libraw 0.18.11-1
[jessie] - libraw <no-dsa> (Minor issue)
NOTE: https://secuniaresearch.flexerasoftware.com/secunia_research/2018-10/
@@ -337152,7 +337469,6 @@ CVE-2017-16910 (An error within the "LibRaw::xtrans_interpolate()" function (int
NOTE: https://secuniaresearch.flexerasoftware.com/secunia_research/2017-19
NOTE: https://github.com/LibRaw/LibRaw/commit/2f59bac59dbcbf6bbcf01a9f3eed74307e96ca7e
CVE-2017-16909 (An error related to the "LibRaw::panasonic_load_raw()" function (dcraw ...)
- {DLA-2903-1}
- libraw 0.18.6-1
[wheezy] - libraw <no-dsa> (Minor issue)
NOTE: https://secuniaresearch.flexerasoftware.com/secunia_research/2017-19
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5172efbe7f45ba22e4209d0f399019569840677b
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5172efbe7f45ba22e4209d0f399019569840677b
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221128/7f7eea0b/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list