[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Nov 30 08:10:26 GMT 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
c2db1c65 by security tracker role at 2022-11-30T08:10:16+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,51 @@
+CVE-2022-46344
+ RESERVED
+CVE-2022-46343
+ RESERVED
+CVE-2022-46342
+ RESERVED
+CVE-2022-46341
+ RESERVED
+CVE-2022-46340
+ RESERVED
+CVE-2022-46339
+ RESERVED
+CVE-2022-4224
+ RESERVED
+CVE-2022-4223
+ RESERVED
+CVE-2022-4222 (A vulnerability was found in SourceCodester Canteen Management System. ...)
+ TODO: check
+CVE-2022-4221
+ RESERVED
+CVE-2022-4220
+ RESERVED
+CVE-2022-4219
+ RESERVED
+CVE-2022-4218
+ RESERVED
+CVE-2022-4217
+ RESERVED
+CVE-2022-4216
+ RESERVED
+CVE-2022-4215
+ RESERVED
+CVE-2022-4214
+ RESERVED
+CVE-2022-4213
+ RESERVED
+CVE-2022-4212
+ RESERVED
+CVE-2022-4211
+ RESERVED
+CVE-2022-4210
+ RESERVED
+CVE-2022-4209
+ RESERVED
+CVE-2022-4208
+ RESERVED
+CVE-2022-41985
+ RESERVED
CVE-2022-46337
RESERVED
CVE-2022-46336
@@ -65,7 +113,7 @@ CVE-2022-4202 (A vulnerability, which was classified as problematic, was found i
TODO: check details
CVE-2021-46856
RESERVED
-CVE-2022-46338 [g810 insecure device permissions]
+CVE-2022-46338 (g810-led 0.4.2, a LED configuration tool for Logitech Gx10 keyboards, ...)
- g810-led 0.4.2-3 (bug #1024998)
[bullseye] - g810-led <no-dsa> (Minor issue)
CVE-2022-46309
@@ -158,54 +206,54 @@ CVE-2022-4197
RESERVED
CVE-2022-4196
RESERVED
-CVE-2022-4195
- RESERVED
-CVE-2022-4194
- RESERVED
-CVE-2022-4193
- RESERVED
-CVE-2022-4192
- RESERVED
-CVE-2022-4191
- RESERVED
-CVE-2022-4190
- RESERVED
-CVE-2022-4189
- RESERVED
-CVE-2022-4188
- RESERVED
-CVE-2022-4187
- RESERVED
-CVE-2022-4186
- RESERVED
-CVE-2022-4185
- RESERVED
-CVE-2022-4184
- RESERVED
-CVE-2022-4183
- RESERVED
-CVE-2022-4182
- RESERVED
-CVE-2022-4181
- RESERVED
-CVE-2022-4180
- RESERVED
+CVE-2022-4195 (Insufficient policy enforcement in Safe Browsing in Google Chrome prio ...)
+ TODO: check
+CVE-2022-4194 (Use after free in Accessibility in Google Chrome prior to 108.0.5359.7 ...)
+ TODO: check
+CVE-2022-4193 (Insufficient policy enforcement in File System API in Google Chrome pr ...)
+ TODO: check
+CVE-2022-4192 (Use after free in Live Caption in Google Chrome prior to 108.0.5359.71 ...)
+ TODO: check
+CVE-2022-4191 (Use after free in Sign-In in Google Chrome prior to 108.0.5359.71 allo ...)
+ TODO: check
+CVE-2022-4190 (Insufficient data validation in Directory in Google Chrome prior to 10 ...)
+ TODO: check
+CVE-2022-4189 (Insufficient policy enforcement in DevTools in Google Chrome prior to ...)
+ TODO: check
+CVE-2022-4188 (Insufficient validation of untrusted input in CORS in Google Chrome on ...)
+ TODO: check
+CVE-2022-4187 (Insufficient policy enforcement in DevTools in Google Chrome on Window ...)
+ TODO: check
+CVE-2022-4186 (Insufficient validation of untrusted input in Downloads in Google Chro ...)
+ TODO: check
+CVE-2022-4185 (Inappropriate implementation in Navigation in Google Chrome on iOS pri ...)
+ TODO: check
+CVE-2022-4184 (Insufficient policy enforcement in Autofill in Google Chrome prior to ...)
+ TODO: check
+CVE-2022-4183 (Insufficient policy enforcement in Popup Blocker in Google Chrome prio ...)
+ TODO: check
+CVE-2022-4182 (Inappropriate implementation in Fenced Frames in Google Chrome prior t ...)
+ TODO: check
+CVE-2022-4181 (Use after free in Forms in Google Chrome prior to 108.0.5359.71 allowe ...)
+ TODO: check
+CVE-2022-4180 (Use after free in Mojo in Google Chrome prior to 108.0.5359.71 allowed ...)
+ TODO: check
CVE-2022-41795
RESERVED
CVE-2022-41793
RESERVED
-CVE-2022-4179
- RESERVED
-CVE-2022-4178
- RESERVED
-CVE-2022-4177
- RESERVED
-CVE-2022-4176
- RESERVED
-CVE-2022-4175
- RESERVED
-CVE-2022-4174
- RESERVED
+CVE-2022-4179 (Use after free in Audio in Google Chrome prior to 108.0.5359.71 allowe ...)
+ TODO: check
+CVE-2022-4178 (Use after free in Mojo in Google Chrome prior to 108.0.5359.71 allowed ...)
+ TODO: check
+CVE-2022-4177 (Use after free in Extensions in Google Chrome prior to 108.0.5359.71 a ...)
+ TODO: check
+CVE-2022-4176 (Out of bounds write in Lacros Graphics in Google Chrome on Chrome OS a ...)
+ TODO: check
+CVE-2022-4175 (Use after free in Camera Capture in Google Chrome prior to 108.0.5359. ...)
+ TODO: check
+CVE-2022-4174 (Type confusion in V8 in Google Chrome prior to 108.0.5359.71 allowed a ...)
+ TODO: check
CVE-2022-4173
RESERVED
CVE-2022-4172 (An integer overflow and buffer overflow issues were found in the ACPI ...)
@@ -440,8 +488,8 @@ CVE-2022-46157
RESERVED
CVE-2022-46156
RESERVED
-CVE-2022-46155
- RESERVED
+CVE-2022-46155 (Airtable.js is the JavaScript client for Airtable. Prior to version 0. ...)
+ TODO: check
CVE-2022-46154
RESERVED
CVE-2022-46153
@@ -1113,8 +1161,7 @@ CVE-2022-45871
RESERVED
CVE-2022-45870
RESERVED
-CVE-2022-45869 [KVM: x86/mmu: Fix race condition in direct_page_fault]
- RESERVED
+CVE-2022-45869 (A race condition in the x86 KVM subsystem in the Linux kernel through ...)
- linux <unfixed>
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
@@ -2223,26 +2270,26 @@ CVE-2022-45448
RESERVED
CVE-2022-45447
RESERVED
-CVE-2022-4036
- RESERVED
-CVE-2022-4035
- RESERVED
-CVE-2022-4034
- RESERVED
-CVE-2022-4033
- RESERVED
-CVE-2022-4032
- RESERVED
-CVE-2022-4031
- RESERVED
-CVE-2022-4030
- RESERVED
-CVE-2022-4029
- RESERVED
-CVE-2022-4028
- RESERVED
-CVE-2022-4027
- RESERVED
+CVE-2022-4036 (The Appointment Hour Booking plugin for WordPress is vulnerable to CAP ...)
+ TODO: check
+CVE-2022-4035 (The Appointment Hour Booking plugin for WordPress is vulnerable to iFr ...)
+ TODO: check
+CVE-2022-4034 (The Appointment Hour Booking Plugin for WordPress is vulnerable to CSV ...)
+ TODO: check
+CVE-2022-4033 (The Quiz and Survey Master plugin for WordPress is vulnerable to input ...)
+ TODO: check
+CVE-2022-4032 (The Quiz and Survey Master plugin for WordPress is vulnerable to iFram ...)
+ TODO: check
+CVE-2022-4031 (The Simple:Press plugin for WordPress is vulnerable to arbitrary file ...)
+ TODO: check
+CVE-2022-4030 (The Simple:Press plugin for WordPress is vulnerable to Path Traversal ...)
+ TODO: check
+CVE-2022-4029 (The Simple:Press plugin for WordPress is vulnerable to Reflected Cross ...)
+ TODO: check
+CVE-2022-4028 (The Simple:Press plugin for WordPress is vulnerable to Stored Cross-Si ...)
+ TODO: check
+CVE-2022-4027 (The Simple:Press plugin for WordPress is vulnerable to Stored Cross-Si ...)
+ TODO: check
CVE-2022-4026
RESERVED
CVE-2022-4025
@@ -2364,8 +2411,8 @@ CVE-2022-45113
RESERVED
CVE-2022-43660
RESERVED
-CVE-2022-3995
- RESERVED
+CVE-2022-3995 (The TeraWallet plugin for WordPress is vulnerable to Insecure Direct O ...)
+ TODO: check
CVE-2022-3994
RESERVED
CVE-2023-21518
@@ -2836,8 +2883,8 @@ CVE-2022-45339
RESERVED
CVE-2022-45338
RESERVED
-CVE-2022-45337
- RESERVED
+CVE-2022-45337 (Tenda TX9 Pro v22.03.02.10 was discovered to contain a stack overflow ...)
+ TODO: check
CVE-2022-45336
RESERVED
CVE-2022-45335
@@ -2846,16 +2893,16 @@ CVE-2022-45334
RESERVED
CVE-2022-45333
RESERVED
-CVE-2022-45332
- RESERVED
+CVE-2022-45332 (LibreDWG v0.12.4.4643 was discovered to contain a heap buffer overflow ...)
+ TODO: check
CVE-2022-45331 (AeroCMS v0.0.1 was discovered to contain a SQL Injection vulnerability ...)
NOT-FOR-US: AeroCMS
CVE-2022-45330 (AeroCMS v0.0.1 was discovered to contain a SQL Injection vulnerability ...)
NOT-FOR-US: AeroCMS
CVE-2022-45329 (AeroCMS v0.0.1 was discovered to contain a SQL Injection vulnerability ...)
NOT-FOR-US: AeroCMS
-CVE-2022-45328
- RESERVED
+CVE-2022-45328 (Church Management System v1.0 was discovered to contain a SQL injectio ...)
+ TODO: check
CVE-2022-45327
RESERVED
CVE-2022-45326
@@ -3116,8 +3163,8 @@ CVE-2022-3993 (Authentication Bypass by Primary Weakness in GitHub repository ka
NOT-FOR-US: Kavita
CVE-2022-3992 (A vulnerability classified as problematic was found in SourceCodester ...)
NOT-FOR-US: SourceCodester Sanitization Management System
-CVE-2022-3991
- RESERVED
+CVE-2022-3991 (The Photospace Gallery plugin for WordPress is vulnerable to Stored Cr ...)
+ TODO: check
CVE-2022-3990
RESERVED
CVE-2022-3989
@@ -3667,12 +3714,12 @@ CVE-2022-45046
RESERVED
CVE-2022-3899
RESERVED
-CVE-2022-3898
- RESERVED
-CVE-2022-3897
- RESERVED
-CVE-2022-3896
- RESERVED
+CVE-2022-3898 (The WP Affiliate Platform plugin for WordPress is vulnerable to Cross- ...)
+ TODO: check
+CVE-2022-3897 (The WP Affiliate Platform plugin for WordPress is vulnerable to Stored ...)
+ TODO: check
+CVE-2022-3896 (The WP Affiliate Platform plugin for WordPress is vulnerable to Reflec ...)
+ TODO: check
CVE-2022-3895 (Some UI elements of the Common User Interface Component are not proper ...)
NOT-FOR-US: BlueSpice
CVE-2022-3894
@@ -6699,8 +6746,8 @@ CVE-2022-44281
RESERVED
CVE-2022-44280 (Automotive Shop Management System v1.0 is vulnerable to Delete any fil ...)
NOT-FOR-US: Automotive Shop Management System
-CVE-2022-44279
- RESERVED
+CVE-2022-44279 (Garage Management System v1.0 is vulnerable to Cross Site Scripting (X ...)
+ TODO: check
CVE-2022-44278 (Sanitization Management System v1.0 is vulnerable to SQL Injection via ...)
NOT-FOR-US: Sanitization Management System
CVE-2022-44277
@@ -7063,10 +7110,10 @@ CVE-2022-44099
RESERVED
CVE-2022-44098
RESERVED
-CVE-2022-44097
- RESERVED
-CVE-2022-44096
- RESERVED
+CVE-2022-44097 (Book Store Management System v1.0 was discovered to contain hardcoded ...)
+ TODO: check
+CVE-2022-44096 (Sanitization Management System v1.0 was discovered to contain hardcode ...)
+ TODO: check
CVE-2022-44095
RESERVED
CVE-2022-44094
@@ -7313,8 +7360,8 @@ CVE-2022-43983 (Browsershot version 3.57.2 allows an external attacker to remote
NOT-FOR-US: Browsershot
CVE-2022-3752
RESERVED
-CVE-2022-3751
- RESERVED
+CVE-2022-3751 (SQL Injection in GitHub repository owncast/owncast prior to 0.0.13. ...)
+ TODO: check
CVE-2022-43982 (In Apache Airflow versions prior to 2.4.2, the "Trigger DAG with confi ...)
- airflow <itp> (bug #819700)
CVE-2022-43981
@@ -7331,8 +7378,8 @@ CVE-2022-3749
RESERVED
CVE-2022-3748
RESERVED
-CVE-2022-3747
- RESERVED
+CVE-2022-3747 (The Becustom plugin for WordPress is vulnerable to Cross-Site Request ...)
+ TODO: check
CVE-2022-3746
RESERVED
CVE-2022-3745
@@ -14322,10 +14369,10 @@ CVE-2022-3386 (Advantech R-SeeNet Versions 2.4.17 and prior are vulnerable to a
NOT-FOR-US: Advantech R-SeeNet
CVE-2022-3385 (Advantech R-SeeNet Versions 2.4.17 and prior are vulnerable to a stack ...)
NOT-FOR-US: Advantech R-SeeNet
-CVE-2022-3384
- RESERVED
-CVE-2022-3383
- RESERVED
+CVE-2022-3384 (The Ultimate Member plugin for WordPress is vulnerable to Remote Code ...)
+ TODO: check
+CVE-2022-3383 (The Ultimate Member plugin for WordPress is vulnerable to Remote Code ...)
+ TODO: check
CVE-2022-3382 (HIWIN Robot System Software version 3.3.21.9869 does not properly addr ...)
NOT-FOR-US: HIWIN Robot System Software
CVE-2022-41983 (On specific hardware platforms, on BIG-IP versions 16.1.x before 16.1. ...)
@@ -14863,8 +14910,8 @@ CVE-2022-38355
RESERVED
CVE-2022-38142 (Delta Electronics InfraSuite Device Master versions 00.00.01a and prio ...)
NOT-FOR-US: Delta Electronics
-CVE-2022-3361
- RESERVED
+CVE-2022-3361 (The Ultimate Member plugin for WordPress is vulnerable to directory tr ...)
+ TODO: check
CVE-2022-3360 (The LearnPress WordPress plugin before 4.1.7.2 unserialises user input ...)
NOT-FOR-US: WordPress plugin
CVE-2022-3359
@@ -15824,10 +15871,10 @@ CVE-2022-41415 (Acer Altos W2000h-W570h F4 R01.03.0018 was discovered to contain
NOT-FOR-US: Acer
CVE-2022-41414 (An insecure default in the component auth.login.prompt.enabled of Life ...)
NOT-FOR-US: Liferay
-CVE-2022-41413
- RESERVED
-CVE-2022-41412
- RESERVED
+CVE-2022-41413 (perfSONAR v4.x <= v4.4.5 was discovered to contain a Cross-Site Req ...)
+ TODO: check
+CVE-2022-41412 (An issue in the graphData.cgi component of perfSONAR v4.4.5 and prior ...)
+ TODO: check
CVE-2022-41411
RESERVED
CVE-2022-41410
@@ -18623,8 +18670,8 @@ CVE-2022-40267
RESERVED
CVE-2022-40266 (Improper Input Validation vulnerability in Mitsubishi Electric GOT2000 ...)
NOT-FOR-US: Mitsubishi
-CVE-2022-40265
- RESERVED
+CVE-2022-40265 (Improper Input Validation vulnerability in Mitsubishi Electric Corpora ...)
+ TODO: check
CVE-2022-40264
RESERVED
CVE-2022-40263 (BD Totalys MultiProcessor, versions 1.70 and earlier, contain hardcode ...)
@@ -27607,16 +27654,16 @@ CVE-2022-36966 (Users with Node Management rights were able to view and edit all
NOT-FOR-US: SolarWinds
CVE-2022-36965 (Insufficient sanitization of inputs in QoE application input field cou ...)
NOT-FOR-US: Solarwinds
-CVE-2022-36964
- RESERVED
+CVE-2022-36964 (SolarWinds Platform was susceptible to the Deserialization of Untruste ...)
+ TODO: check
CVE-2022-36963
RESERVED
-CVE-2022-36962
- RESERVED
+CVE-2022-36962 (SolarWinds Platform was susceptible to Command Injection. This vulnera ...)
+ TODO: check
CVE-2022-36961 (A vulnerable component of Orion Platform was vulnerable to SQL Injecti ...)
NOT-FOR-US: Solarwinds
-CVE-2022-36960
- RESERVED
+CVE-2022-36960 (SolarWinds Platform was susceptible to Improper Input Validation. This ...)
+ TODO: check
CVE-2022-36959
RESERVED
CVE-2022-36958 (SolarWinds Platform was susceptible to the Deserialization of Untruste ...)
@@ -113721,8 +113768,8 @@ CVE-2021-31695
RESERVED
CVE-2021-31694
RESERVED
-CVE-2021-31693
- RESERVED
+CVE-2021-31693 (VMware Tools for Windows (12.x.y prior to 12.1.5, 11.x.y and 10.x.y) c ...)
+ TODO: check
CVE-2021-31692
RESERVED
CVE-2021-31691
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c2db1c6565ac621abfe6cb2f590c03d8b1a3d552
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c2db1c6565ac621abfe6cb2f590c03d8b1a3d552
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221130/c5cede6c/attachment.htm>
More information about the debian-security-tracker-commits
mailing list