[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Nov 29 08:10:34 GMT 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
79b3ae11 by security tracker role at 2022-11-29T08:10:24+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,149 @@
+CVE-2022-46309
+ RESERVED
+CVE-2022-46308
+ RESERVED
+CVE-2022-46307
+ RESERVED
+CVE-2022-46306
+ RESERVED
+CVE-2022-46305
+ RESERVED
+CVE-2022-46304
+ RESERVED
+CVE-2022-46295
+ RESERVED
+CVE-2022-46294
+ RESERVED
+CVE-2022-46293
+ RESERVED
+CVE-2022-46292
+ RESERVED
+CVE-2022-46291
+ RESERVED
+CVE-2022-46290
+ RESERVED
+CVE-2022-46289
+ RESERVED
+CVE-2022-46280
+ RESERVED
+CVE-2022-46278
+ RESERVED
+CVE-2022-46277
+ RESERVED
+CVE-2022-46276
+ RESERVED
+CVE-2022-46275
+ RESERVED
+CVE-2022-46274
+ RESERVED
+CVE-2022-46273
+ RESERVED
+CVE-2022-46272
+ RESERVED
+CVE-2022-46271
+ RESERVED
+CVE-2022-46270
+ RESERVED
+CVE-2022-46269
+ RESERVED
+CVE-2022-46268
+ RESERVED
+CVE-2022-46267
+ RESERVED
+CVE-2022-46266
+ RESERVED
+CVE-2022-45445
+ RESERVED
+CVE-2022-45346
+ RESERVED
+CVE-2022-45119
+ RESERVED
+CVE-2022-44615
+ RESERVED
+CVE-2022-44453
+ RESERVED
+CVE-2022-44451
+ RESERVED
+CVE-2022-43664
+ RESERVED
+CVE-2022-43663
+ RESERVED
+CVE-2022-43503
+ RESERVED
+CVE-2022-43467
+ RESERVED
+CVE-2022-42885
+ RESERVED
+CVE-2022-42489
+ RESERVED
+CVE-2022-4201
+ RESERVED
+CVE-2022-4200
+ RESERVED
+CVE-2022-4199
+ RESERVED
+CVE-2022-4198
+ RESERVED
+CVE-2022-4197
+ RESERVED
+CVE-2022-4196
+ RESERVED
+CVE-2022-4195
+ RESERVED
+CVE-2022-4194
+ RESERVED
+CVE-2022-4193
+ RESERVED
+CVE-2022-4192
+ RESERVED
+CVE-2022-4191
+ RESERVED
+CVE-2022-4190
+ RESERVED
+CVE-2022-4189
+ RESERVED
+CVE-2022-4188
+ RESERVED
+CVE-2022-4187
+ RESERVED
+CVE-2022-4186
+ RESERVED
+CVE-2022-4185
+ RESERVED
+CVE-2022-4184
+ RESERVED
+CVE-2022-4183
+ RESERVED
+CVE-2022-4182
+ RESERVED
+CVE-2022-4181
+ RESERVED
+CVE-2022-4180
+ RESERVED
+CVE-2022-41795
+ RESERVED
+CVE-2022-41793
+ RESERVED
+CVE-2022-4179
+ RESERVED
+CVE-2022-4178
+ RESERVED
+CVE-2022-4177
+ RESERVED
+CVE-2022-4176
+ RESERVED
+CVE-2022-4175
+ RESERVED
+CVE-2022-4174
+ RESERVED
+CVE-2022-4173
+ RESERVED
+CVE-2022-4172
+ RESERVED
+CVE-2022-40973
+ RESERVED
+CVE-2022-37331
+ RESERVED
CVE-2022-46265
RESERVED
CVE-2022-46264
@@ -234,8 +380,8 @@ CVE-2022-46149
RESERVED
CVE-2022-46148
RESERVED
-CVE-2022-46147
- RESERVED
+CVE-2022-46147 (Drag and Drop XBlock v2 implements a drag-and-drop style problem, wher ...)
+ TODO: check
CVE-2022-46146
RESERVED
CVE-2022-46145
@@ -746,8 +892,8 @@ CVE-2022-45923
RESERVED
CVE-2022-45922
RESERVED
-CVE-2022-45921
- RESERVED
+CVE-2022-45921 (FusionAuth before 1.41.3 allows a file outside of the application root ...)
+ TODO: check
CVE-2022-45920
RESERVED
CVE-2022-45919 (An issue was discovered in the Linux kernel through 6.0.10. In drivers ...)
@@ -1055,18 +1201,15 @@ CVE-2022-4131
RESERVED
CVE-2022-4130
RESERVED
-CVE-2022-4129
- RESERVED
+CVE-2022-4129 (A flaw was found in the Linux kernel's Layer 2 Tunneling Protocol (L2T ...)
- linux <unfixed>
NOTE: https://lore.kernel.org/all/20221114191619.124659-1-jakub@cloudflare.com/t
-CVE-2022-4128
- RESERVED
+CVE-2022-4128 (A NULL pointer dereference issue was discovered in the Linux kernel in ...)
- linux 5.18.14-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/5c835bb142d4013c2ab24bff5ae9f6709a39cbcf (5.19-rc7)
-CVE-2022-4127
- RESERVED
+CVE-2022-4127 (A NULL pointer dereference issue was discovered in the Linux kernel in ...)
- linux <not-affected> (Vulnerable code only in 5.19-rcX versions)
NOTE: https://git.kernel.org/linus/d785a773bed966a75ca1f11d108ae1897189975b (5.19-rc6)
CVE-2022-4126
@@ -2073,8 +2216,8 @@ CVE-2021-4241 (A vulnerability, which was classified as problematic, was found i
NOT-FOR-US: phpservermon
CVE-2021-4240 (A vulnerability, which was classified as problematic, was found in php ...)
NOT-FOR-US: phpservermon
-CVE-2022-45442
- RESERVED
+CVE-2022-45442 (Sinatra is a domain-specific language for creating web applications in ...)
+ TODO: check
CVE-2022-45441
RESERVED
CVE-2022-45440
@@ -2622,8 +2765,8 @@ CVE-2022-45331 (AeroCMS v0.0.1 was discovered to contain a SQL Injection vulnera
NOT-FOR-US: AeroCMS
CVE-2022-45330 (AeroCMS v0.0.1 was discovered to contain a SQL Injection vulnerability ...)
NOT-FOR-US: AeroCMS
-CVE-2022-45329
- RESERVED
+CVE-2022-45329 (AeroCMS v0.0.1 was discovered to contain a SQL Injection vulnerability ...)
+ TODO: check
CVE-2022-45328
RESERVED
CVE-2022-45327
@@ -2666,20 +2809,20 @@ CVE-2022-45309
RESERVED
CVE-2022-45308
RESERVED
-CVE-2022-45307
- RESERVED
-CVE-2022-45306
- RESERVED
-CVE-2022-45305
- RESERVED
-CVE-2022-45304
- RESERVED
+CVE-2022-45307 (Insecure permissions in Chocolatey PHP package v8.1.12 and below grant ...)
+ TODO: check
+CVE-2022-45306 (Insecure permissions in Chocolatey Azure-Pipelines-Agent package v2.21 ...)
+ TODO: check
+CVE-2022-45305 (Insecure permissions in Chocolatey Python3 package v3.11.0 and below g ...)
+ TODO: check
+CVE-2022-45304 (Insecure permissions in Chocolatey Cmder package v1.3.20 and below gra ...)
+ TODO: check
CVE-2022-45303
RESERVED
CVE-2022-45302
RESERVED
-CVE-2022-45301
- RESERVED
+CVE-2022-45301 (Insecure permissions in Chocolatey Ruby package v3.1.2.1 and below gra ...)
+ TODO: check
CVE-2022-45300
RESERVED
CVE-2022-45299
@@ -2832,14 +2975,14 @@ CVE-2022-45226
RESERVED
CVE-2022-45225 (Book Store Management System v1.0 was discovered to contain a cross-si ...)
NOT-FOR-US: Book Store Management System
-CVE-2022-45224
- RESERVED
-CVE-2022-45223
- RESERVED
+CVE-2022-45224 (Web-Based Student Clearance System v1.0 was discovered to contain a cr ...)
+ TODO: check
+CVE-2022-45223 (Web-Based Student Clearance System v1.0 was discovered to contain a cr ...)
+ TODO: check
CVE-2022-45222
RESERVED
-CVE-2022-45221
- RESERVED
+CVE-2022-45221 (Web-Based Student Clearance System v1.0 was discovered to contain a cr ...)
+ TODO: check
CVE-2022-45220
RESERVED
CVE-2022-45219
@@ -2852,8 +2995,8 @@ CVE-2022-45216
RESERVED
CVE-2022-45215
RESERVED
-CVE-2022-45214
- RESERVED
+CVE-2022-45214 (A cross-site scripting (XSS) vulnerability in Sanitization Management ...)
+ TODO: check
CVE-2022-45213
RESERVED
CVE-2022-45212
@@ -2872,12 +3015,12 @@ CVE-2022-45206 (Jeecg-boot v3.4.3 was discovered to contain a SQL injection vuln
NOT-FOR-US: Jeecg-boot
CVE-2022-45205 (Jeecg-boot v3.4.3 was discovered to contain a SQL injection vulnerabil ...)
NOT-FOR-US: Jeecg-boot
-CVE-2022-45204
- RESERVED
+CVE-2022-45204 (GPAC v2.1-DEV-rev428-gcb8ae46c8-master was discovered to contain a mem ...)
+ TODO: check
CVE-2022-45203
RESERVED
-CVE-2022-45202
- RESERVED
+CVE-2022-45202 (GPAC v2.1-DEV-rev428-gcb8ae46c8-master was discovered to contain a sta ...)
+ TODO: check
CVE-2022-45201
RESERVED
CVE-2022-45200
@@ -3724,8 +3867,8 @@ CVE-2022-44939
RESERVED
CVE-2022-44938
RESERVED
-CVE-2022-44937
- RESERVED
+CVE-2022-44937 (Bosscms v2.0.0 was discovered to contain a Cross-Site Request Forgery ...)
+ TODO: check
CVE-2022-44936
RESERVED
CVE-2022-44935
@@ -6949,10 +7092,10 @@ CVE-2022-44040
RESERVED
CVE-2022-44039
RESERVED
-CVE-2022-44038
- RESERVED
-CVE-2022-44037
- RESERVED
+CVE-2022-44038 (Russound XSourcePlayer 777D v06.08.03 was discovered to contain a remo ...)
+ TODO: check
+CVE-2022-44037 (An access control issue in APsystems ENERGY COMMUNICATION UNIT (ECU-C) ...)
+ TODO: check
CVE-2022-44036
RESERVED
CVE-2022-44035
@@ -10667,8 +10810,8 @@ CVE-2022-43328 (Canteen Management System v1.0 was discovered to contain a SQL i
NOT-FOR-US: Canteen Management System
CVE-2022-43327
RESERVED
-CVE-2022-43326
- RESERVED
+CVE-2022-43326 (An Insecure Direct Object Reference (IDOR) vulnerability in the passwo ...)
+ TODO: check
CVE-2022-43325
RESERVED
CVE-2022-43324
@@ -13827,8 +13970,8 @@ CVE-2022-42111 (A Cross-site scripting (XSS) vulnerability in the Sharing module
NOT-FOR-US: Liferay
CVE-2022-42110 (A Cross-site scripting (XSS) vulnerability in the Announcements module ...)
NOT-FOR-US: Liferay
-CVE-2022-42109
- RESERVED
+CVE-2022-42109 (Online-shopping-system-advanced 1.0 was discovered to contain a SQL in ...)
+ TODO: check
CVE-2022-42108
RESERVED
CVE-2022-42107
@@ -13845,10 +13988,10 @@ CVE-2022-42102
RESERVED
CVE-2022-42101
RESERVED
-CVE-2022-42100
- RESERVED
-CVE-2022-42099
- RESERVED
+CVE-2022-42100 (KLiK SocialMediaWebsite Version 1.0.1 has XSS vulnerabilities that all ...)
+ TODO: check
+CVE-2022-42099 (KLiK SocialMediaWebsite Version 1.0.1 has XSS vulnerabilities that all ...)
+ TODO: check
CVE-2022-42098 (KLiK SocialMediaWebsite version v1.0.1 is vulnerable to SQL Injection ...)
NOT-FOR-US: KLiK SocialMediaWebsite
CVE-2022-42097 (Backdrop CMS version 1.23.0 was discovered to contain a stored cross-s ...)
@@ -14140,8 +14283,8 @@ CVE-2022-41967
RESERVED
CVE-2022-41966
RESERVED
-CVE-2022-41965
- RESERVED
+CVE-2022-41965 (Opencast is a free, open-source platform to support the management of ...)
+ TODO: check
CVE-2022-41964
RESERVED
CVE-2022-41963
@@ -14890,10 +15033,10 @@ CVE-2022-3348 (Just like in the previous report, an attacker could steal the acc
NOT-FOR-US: ToolJet
CVE-2021-46841
RESERVED
-CVE-2022-41676
- RESERVED
-CVE-2022-41675
- RESERVED
+CVE-2022-41676 (Raiden MAILD Mail Server website mail field has insufficient filtering ...)
+ TODO: check
+CVE-2022-41675 (A remote attacker with general user privilege can inject malicious cod ...)
+ TODO: check
CVE-2022-41674 (An issue was discovered in the Linux kernel before 5.19.16. Attackers ...)
{DSA-5257-1 DLA-3173-1}
- linux 6.0.2-1
@@ -15157,8 +15300,8 @@ CVE-2021-46839 (The HW_KEYMASTER module has a vulnerability of missing bounds ch
NOT-FOR-US: Huawei
CVE-2020-36605 (Incorrect Default Permissions vulnerability in Hitachi Infrastructure ...)
NOT-FOR-US: Hitachi
-CVE-2022-41568
- RESERVED
+CVE-2022-41568 (LINE client for iOS before 12.17.0 might be crashed by sharing an inva ...)
+ TODO: check
CVE-2022-41567
RESERVED
CVE-2022-41566
@@ -17060,8 +17203,8 @@ CVE-2022-40801
RESERVED
CVE-2022-40800
RESERVED
-CVE-2022-40799
- RESERVED
+CVE-2022-40799 (Data Integrity Failure in 'Backup Config' in D-Link DNR-322L <= 2.6 ...)
+ TODO: check
CVE-2022-40798 (OcoMon 4.0RC1 is vulnerable to Incorrect Access Control. Through a req ...)
NOT-FOR-US: OcoMon
CVE-2022-40797 (Roxy Fileman 1.4.6 allows Remote Code Execution via a .phar upload, be ...)
@@ -18517,8 +18660,8 @@ CVE-2022-38460 (Authenticated (contributor+) Stored Cross-Site Scripting (XSS) v
NOT-FOR-US: WordPress plugin
CVE-2022-38144 (Cross-Site Request Forgery (CSRF) vulnerability in gVectors Team wpFor ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-38140
- RESERVED
+CVE-2022-38140 (Auth. (contributor+) Arbitrary File Upload in SEO Plugin by Squirrly S ...)
+ TODO: check
CVE-2022-38139 (Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in RD Stati ...)
NOT-FOR-US: WordPress plugin
CVE-2022-38137 (Cross-Site Request Forgery (CSRF) vulnerability in Analytify plugin &l ...)
@@ -21049,8 +21192,8 @@ CVE-2022-3090 (Red Lion Controls Crimson 3.0 versions 707.000 and prior, Crimson
NOT-FOR-US: Red Lion Controls Crimson
CVE-2022-3089
RESERVED
-CVE-2022-3088
- RESERVED
+CVE-2022-3088 (UC-8100A-ME-T System Image: Versions v1.0 to v1.6, UC-2100 System Imag ...)
+ TODO: check
CVE-2022-3087
RESERVED
CVE-2022-3086
@@ -22214,8 +22357,8 @@ CVE-2022-38755 (A vulnerability has been identified in Micro Focus Filr in versi
NOT-FOR-US: Micro Focus
CVE-2022-38754
RESERVED
-CVE-2022-38753
- RESERVED
+CVE-2022-38753 (This update resolves a multi-factor authentication bypass attack ...)
+ TODO: check
CVE-2022-2999
RESERVED
CVE-2022-2998 (Use after free in Browser Creation in Google Chrome prior to 104.0.511 ...)
@@ -29455,10 +29598,10 @@ CVE-2022-36139 (SWFMill commit 53d7690 was discovered to contain a heap-buffer o
NOTE: https://github.com/djcsdy/swfmill/issues/56
CVE-2022-36138
RESERVED
-CVE-2022-36137
- RESERVED
-CVE-2022-36136
- RESERVED
+CVE-2022-36137 (ChurchCRM Version 4.4.5 has XSS vulnerabilities that allow attackers t ...)
+ TODO: check
+CVE-2022-36136 (ChurchCRM Version 4.4.5 has XSS vulnerabilities that allow attackers t ...)
+ TODO: check
CVE-2022-36135
RESERVED
CVE-2022-36134
@@ -32953,8 +33096,8 @@ CVE-2022-34837 (Storing Passwords in a Recoverable Format vulnerability in ABB Z
NOT-FOR-US: ABB Zenon
CVE-2022-34836 (Relative Path Traversal vulnerability in ABB Zenon 8.20 allows the use ...)
NOT-FOR-US: ABB Zenon
-CVE-2022-34654
- RESERVED
+CVE-2022-34654 (Cross-Site Request Forgery (CSRF) in Virgial Berveling's Manage Notifi ...)
+ TODO: check
CVE-2022-34650 (Multiple Authenticated (contributor or higher user role) Stored Cross- ...)
NOT-FOR-US: WordPress plugin
CVE-2022-34487 (Unauthenticated Arbitrary Option Update vulnerability in biplob018's S ...)
@@ -37962,10 +38105,10 @@ CVE-2022-32969 (MetaMask before 10.11.3 might allow an attacker to access a user
NOT-FOR-US: MetaTask
CVE-2022-32968
RESERVED
-CVE-2022-32967
- RESERVED
-CVE-2022-32966
- RESERVED
+CVE-2022-32967 (RTL8111EP-CG/RTL8111FP-CG DASH function has hard-coded password. An un ...)
+ TODO: check
+CVE-2022-32966 (RTL8168FP-CG Dash remote management function has missing authorization ...)
+ TODO: check
CVE-2022-32965 (OMICARD EDM has a hard-coded machine key. An unauthenticated remote at ...)
NOT-FOR-US: OMICARD EDM
CVE-2022-32964 (OMICARD EDM’s API function has insufficient validation for user ...)
@@ -63934,14 +64077,14 @@ CVE-2022-24191 (In HTMLDOC 1.9.14, an infinite loop in the gif_read_lzw function
NOTE: https://github.com/michaelrsweet/htmldoc/commit/fb0334a51300988e9b83b9870d4063e86002b077 (v1.9.15)
NOTE: https://github.com/michaelrsweet/htmldoc/issues/470
NOTE: Hang in CLI tool, no security impact
-CVE-2022-24190
- RESERVED
-CVE-2022-24189
- RESERVED
-CVE-2022-24188
- RESERVED
-CVE-2022-24187
- RESERVED
+CVE-2022-24190 (The /device/acceptBind end-point for Ourphoto App version 1.4.1 does n ...)
+ TODO: check
+CVE-2022-24189 (The user_token authorization header on the Ourphoto App version 1.4.1 ...)
+ TODO: check
+CVE-2022-24188 (The /device/signin end-point for the Ourphoto App version 1.4.1 disclo ...)
+ TODO: check
+CVE-2022-24187 (The user_id and device_id on the Ourphoto App version 1.4.1 /device/* ...)
+ TODO: check
CVE-2022-24186
RESERVED
CVE-2022-24185
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/79b3ae110968e0b65c1cc9aa43c743492f120941
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/79b3ae110968e0b65c1cc9aa43c743492f120941
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221129/cc30be1f/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list