[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Nov 30 20:10:35 GMT 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
add796c4 by security tracker role at 2022-11-30T20:10:23+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,65 @@
+CVE-2022-46359
+ RESERVED
+CVE-2022-46358
+ RESERVED
+CVE-2022-46357
+ RESERVED
+CVE-2022-46356
+ RESERVED
+CVE-2022-46355
+ RESERVED
+CVE-2022-46354
+ RESERVED
+CVE-2022-46353
+ RESERVED
+CVE-2022-46352
+ RESERVED
+CVE-2022-46351
+ RESERVED
+CVE-2022-46350
+ RESERVED
+CVE-2022-46349
+ RESERVED
+CVE-2022-46348
+ RESERVED
+CVE-2022-46347
+ RESERVED
+CVE-2022-46346
+ RESERVED
+CVE-2022-46345
+ RESERVED
+CVE-2022-4239
+ RESERVED
+CVE-2022-4238
+ RESERVED
+CVE-2022-4237
+ RESERVED
+CVE-2022-4236
+ RESERVED
+CVE-2022-4235
+ RESERVED
+CVE-2022-4234 (A vulnerability was found in SourceCodester Canteen Management System. ...)
+ TODO: check
+CVE-2022-4233 (A vulnerability has been found in SourceCodester Event Registration Sy ...)
+ TODO: check
+CVE-2022-4232 (A vulnerability, which was classified as critical, was found in Source ...)
+ TODO: check
+CVE-2022-4231 (A vulnerability, which was classified as problematic, has been found i ...)
+ TODO: check
+CVE-2022-4230
+ RESERVED
+CVE-2022-4229 (A vulnerability classified as critical was found in SourceCodester Boo ...)
+ TODO: check
+CVE-2022-4228 (A vulnerability classified as problematic has been found in SourceCode ...)
+ TODO: check
+CVE-2022-4227
+ RESERVED
+CVE-2022-4226
+ RESERVED
+CVE-2022-4225
+ RESERVED
+CVE-2021-4242 (A vulnerability was found in Sapido BR270n, BRC76n, GR297 and RB1732 a ...)
+ TODO: check
CVE-2022-46344
RESERVED
CVE-2022-46343
@@ -522,8 +584,8 @@ CVE-2022-46151
RESERVED
CVE-2022-46150 (Discourse is an open-source discussion platform. Prior to version 2.8. ...)
NOT-FOR-US: Discourse
-CVE-2022-46149
- RESERVED
+CVE-2022-46149 (Cap'n Proto is a data interchange format and remote procedure call (RP ...)
+ TODO: check
CVE-2022-46148 (Discourse is an open-source messaging platform. In versions 2.8.10 and ...)
NOT-FOR-US: Discourse
CVE-2022-46147 (Drag and Drop XBlock v2 implements a drag-and-drop style problem, wher ...)
@@ -1266,8 +1328,8 @@ CVE-2022-45844
RESERVED
CVE-2022-45843
RESERVED
-CVE-2022-45842
- RESERVED
+CVE-2022-45842 (Unauth. Race Condition vulnerability in WP ULike Plugin <= 4.6.4 on ...)
+ TODO: check
CVE-2022-45841
RESERVED
CVE-2022-45840
@@ -4557,8 +4619,8 @@ CVE-2022-3861 (The Betheme theme for WordPress is vulnerable to PHP Object Injec
NOT-FOR-US: Betheme theme for WordPress
CVE-2022-3860
RESERVED
-CVE-2022-3859
- RESERVED
+CVE-2022-3859 (An uncontrolled search path vulnerability exists in Trellix Agent (TA) ...)
+ TODO: check
CVE-2022-3858
RESERVED
CVE-2022-3857 [Null pointer dereference leads to segmentation fault]
@@ -6737,12 +6799,12 @@ CVE-2022-44298
RESERVED
CVE-2022-44297
RESERVED
-CVE-2022-44296
- RESERVED
-CVE-2022-44295
- RESERVED
-CVE-2022-44294
- RESERVED
+CVE-2022-44296 (Sanitization Management System v1.0 is vulnerable to SQL Injection via ...)
+ TODO: check
+CVE-2022-44295 (Sanitization Management System v1.0 is vulnerable to SQL Injection via ...)
+ TODO: check
+CVE-2022-44294 (Sanitization Management System v1.0 is vulnerable to SQL Injection via ...)
+ TODO: check
CVE-2022-44293
RESERVED
CVE-2022-44292
@@ -7027,8 +7089,8 @@ CVE-2022-44153
RESERVED
CVE-2022-44152
RESERVED
-CVE-2022-44151
- RESERVED
+CVE-2022-44151 (Simple Inventory Management System v1.0 is vulnerable to SQL Injection ...)
+ TODO: check
CVE-2022-44150
RESERVED
CVE-2022-44149
@@ -7057,8 +7119,8 @@ CVE-2022-44138
RESERVED
CVE-2022-44137
RESERVED
-CVE-2022-44136
- RESERVED
+CVE-2022-44136 (Zenario CMS 9.3.57186 is vulnerable to Remote Code Excution (RCE). ...)
+ TODO: check
CVE-2022-44135
RESERVED
CVE-2022-44134
@@ -22302,12 +22364,12 @@ CVE-2022-38805
RESERVED
CVE-2022-38804
RESERVED
-CVE-2022-38803
- RESERVED
-CVE-2022-38802
- RESERVED
-CVE-2022-38801
- RESERVED
+CVE-2022-38803 (Zkteco BioTime < 8.5.3 Build:20200816.447 is vulnerable to Incorrec ...)
+ TODO: check
+CVE-2022-38802 (Zkteco BioTime < 8.5.3 Build:20200816.447 is vulnerable to Incorrec ...)
+ TODO: check
+CVE-2022-38801 (In Zkteco BioTime < 8.5.3 Build:20200816.447, an employee can hijac ...)
+ TODO: check
CVE-2022-38800
RESERVED
CVE-2022-38799
@@ -25094,8 +25156,8 @@ CVE-2022-37934
RESERVED
CVE-2022-37933
RESERVED
-CVE-2022-37932
- RESERVED
+CVE-2022-37932 (A potential security vulnerability has been identified in Hewlett Pack ...)
+ TODO: check
CVE-2022-37931 (A vulnerability in NetBatch-Plus software allows unauthorized access t ...)
NOT-FOR-US: HPE
CVE-2022-37930 (A security vulnerability has been identified in HPE Nimble Storage Hyb ...)
@@ -33309,8 +33371,8 @@ CVE-2022-29489 (Cross-Site Request Forgery (CSRF) vulnerability in Sucuri Securi
NOT-FOR-US: WordPress plugin
CVE-2022-27235 (Multiple Broken Access Control vulnerabilities in Social Share Buttons ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-26366
- RESERVED
+CVE-2022-26366 (Cross-Site Request Forgery (CSRF) in AdRotate Banner Manager Plugin &l ...)
+ TODO: check
CVE-2022-25952 (Cross-Site Request Forgery (CSRF) vulnerability in Keywordrush Content ...)
NOT-FOR-US: WordPress plugin
CVE-2022-2276 (The WP Edit Menu WordPress plugin before 1.5.0 does not have authorisa ...)
@@ -41559,8 +41621,8 @@ CVE-2022-1913 (The Add Post URL WordPress plugin through 2.1.0 does not have CSR
NOT-FOR-US: WordPress plugin
CVE-2022-1912 (The Button Widget Smartsoft plugin for WordPress is vulnerable to Cros ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-1911
- RESERVED
+CVE-2022-1911 (Error in parser function in M-Files Server versions before 22.6.11534. ...)
+ TODO: check
CVE-2022-1910 (The Shortcodes and extra features for Phlox WordPress plugin before 2. ...)
NOT-FOR-US: WordPress plugin
CVE-2022-1909 (Cross-site Scripting (XSS) - Stored in GitHub repository causefx/organ ...)
@@ -46070,8 +46132,8 @@ CVE-2022-1608 (The OnePress Social Locker WordPress plugin through 5.6.2 does no
NOT-FOR-US: WordPress plugin
CVE-2022-1607
RESERVED
-CVE-2022-1606
- RESERVED
+CVE-2022-1606 (Incorrect privilege assignment in M-Files Server versions before 22.3. ...)
+ TODO: check
CVE-2022-1605 (The Email Users WordPress plugin through 4.8.8 does not have CSRF chec ...)
NOT-FOR-US: WordPress plugin
CVE-2022-1604 (The MailerLite WordPress plugin before 1.5.4 does not sanitise and esc ...)
@@ -58945,8 +59007,8 @@ CVE-2022-24912 (The package github.com/runatlantis/atlantis/server/controllers/e
NOT-FOR-US: github.com/runatlantis/atlantis
CVE-2022-24909
RESERVED
-CVE-2022-24441
- RESERVED
+CVE-2022-24441 (The package snyk before 1.1064.0 are vulnerable to Code Injection when ...)
+ TODO: check
CVE-2022-24440 (The package cocoapods-downloader before 1.6.0, from 1.6.2 and before 1 ...)
NOT-FOR-US: cocoapods-downloader
CVE-2022-24439
@@ -59006,8 +59068,8 @@ CVE-2022-23812 (This affects the package node-ipc from 10.1.1 and before 10.1.3.
NOT-FOR-US: Node ipc
CVE-2022-23811
RESERVED
-CVE-2022-22984
- RESERVED
+CVE-2022-22984 (The package snyk before 1.1064.0; the package snyk-mvn-plugin before 2 ...)
+ TODO: check
CVE-2022-22143 (The package convict before 6.2.2 are vulnerable to Prototype Pollution ...)
NOT-FOR-US: Node convict
CVE-2022-22138 (All versions of package fast-string-search are vulnerable to Denial of ...)
@@ -66276,8 +66338,8 @@ CVE-2022-23748 (mDNSResponder.exe is vulnerable to DLL Sideloading attack. Execu
NOT-FOR-US: Zoom
CVE-2022-23747 (In Sony Xperia series 1, 5, and Pro, an out of bound memory access can ...)
NOT-FOR-US: Sony
-CVE-2022-23746
- RESERVED
+CVE-2022-23746 (The IPsec VPN blade has a dedicated portal for downloading and connect ...)
+ TODO: check
CVE-2022-23745 (A potential memory corruption issue was found in Capsule Workspace And ...)
NOT-FOR-US: Checkpoint Harmony Capsule Workspace
CVE-2022-23744 (Check Point Endpoint before version E86.50 failed to protect against s ...)
@@ -113702,8 +113764,8 @@ CVE-2021-31742
RESERVED
CVE-2021-31741
RESERVED
-CVE-2021-31740
- RESERVED
+CVE-2021-31740 (SEPPMail's web frontend, user input is not embedded correctly in the w ...)
+ TODO: check
CVE-2021-31739 (The SEPPmail solution is vulnerable to a Cross-Site Scripting vulnerab ...)
NOT-FOR-US: SEPPmail
CVE-2021-31738 (Adiscon LogAnalyzer 4.1.10 and 4.1.11 allow login.php XSS. ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/add796c4df9aee90292c8ac82cbc9df2a24d0db4
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/add796c4df9aee90292c8ac82cbc9df2a24d0db4
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221130/dbe8b909/attachment.htm>
More information about the debian-security-tracker-commits
mailing list