[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Oct 28 21:10:34 BST 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
b9975146 by security tracker role at 2022-10-28T20:10:25+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,41 @@
+CVE-2022-43982
+ RESERVED
+CVE-2022-43981
+ RESERVED
+CVE-2022-43980
+ RESERVED
+CVE-2022-43979
+ RESERVED
+CVE-2022-43978
+ RESERVED
+CVE-2022-3750
+ RESERVED
+CVE-2022-3749
+ RESERVED
+CVE-2022-3748
+ RESERVED
+CVE-2022-3747
+ RESERVED
+CVE-2022-3746
+ RESERVED
+CVE-2022-3745
+ RESERVED
+CVE-2022-3744
+ RESERVED
+CVE-2022-3743
+ RESERVED
+CVE-2022-3742
+ RESERVED
+CVE-2022-3741 (Impact varies for each individual vulnerability in the application. Fo ...)
+ TODO: check
+CVE-2022-3740
+ RESERVED
+CVE-2022-3739
+ RESERVED
+CVE-2022-3738
+ RESERVED
+CVE-2022-3737
+ RESERVED
CVE-2023-20851
RESERVED
CVE-2023-20850
@@ -538,20 +576,20 @@ CVE-2022-43959
RESERVED
CVE-2022-3736
RESERVED
-CVE-2022-3735
- RESERVED
-CVE-2022-3734
- RESERVED
-CVE-2022-3733
- RESERVED
-CVE-2022-3732
- RESERVED
-CVE-2022-3731
- RESERVED
-CVE-2022-3730
- RESERVED
-CVE-2022-3729
- RESERVED
+CVE-2022-3735 (A vulnerability was found in seccome Ehoney. It has been rated as crit ...)
+ TODO: check
+CVE-2022-3734 (A vulnerability was found in Redis. It has been declared as critical. ...)
+ TODO: check
+CVE-2022-3733 (A vulnerability was found in SourceCodester Web-Based Student Clearanc ...)
+ TODO: check
+CVE-2022-3732 (A vulnerability was found in seccome Ehoney and classified as critical ...)
+ TODO: check
+CVE-2022-3731 (A vulnerability has been found in seccome Ehoney and classified as cri ...)
+ TODO: check
+CVE-2022-3730 (A vulnerability, which was classified as critical, was found in seccom ...)
+ TODO: check
+CVE-2022-3729 (A vulnerability, which was classified as critical, has been found in s ...)
+ TODO: check
CVE-2022-3728
RESERVED
CVE-2023-20601
@@ -1880,8 +1918,8 @@ CVE-2022-3710
RESERVED
CVE-2022-3709
RESERVED
-CVE-2022-3708
- RESERVED
+CVE-2022-3708 (The Web Stories plugin for WordPress is vulnerable to Server-Side Requ ...)
+ TODO: check
CVE-2022-3707
RESERVED
CVE-2022-3706
@@ -2249,8 +2287,7 @@ CVE-2022-3699
RESERVED
CVE-2022-3698
RESERVED
-CVE-2022-3697 [improper handling of tower_callback parameter in amazon.aws collection]
- RESERVED
+CVE-2022-3697 (A flaw was found in Ansible in the amazon.aws collection when using th ...)
- ansible <unfixed>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2137664
NOTE: https://github.com/ansible-collections/amazon.aws/pull/1199
@@ -3617,10 +3654,10 @@ CVE-2022-43278
RESERVED
CVE-2022-43277
RESERVED
-CVE-2022-43276
- RESERVED
-CVE-2022-43275
- RESERVED
+CVE-2022-43276 (Canteen Management System v1.0 was discovered to contain a SQL injecti ...)
+ TODO: check
+CVE-2022-43275 (Canteen Management System v1.0 was discovered to contain an arbitrary ...)
+ TODO: check
CVE-2022-43274
RESERVED
CVE-2022-43273
@@ -3703,18 +3740,18 @@ CVE-2022-43235
RESERVED
CVE-2022-43234
RESERVED
-CVE-2022-43233
- RESERVED
-CVE-2022-43232
- RESERVED
-CVE-2022-43231
- RESERVED
-CVE-2022-43230
- RESERVED
-CVE-2022-43229
- RESERVED
-CVE-2022-43228
- RESERVED
+CVE-2022-43233 (Canteen Management System v1.0 was discovered to contain a SQL injecti ...)
+ TODO: check
+CVE-2022-43232 (Canteen Management System v1.0 was discovered to contain a SQL injecti ...)
+ TODO: check
+CVE-2022-43231 (Canteen Management System v1.0 was discovered to contain an arbitrary ...)
+ TODO: check
+CVE-2022-43230 (Simple Cold Storage Management System v1.0 was discovered to contain a ...)
+ TODO: check
+CVE-2022-43229 (Simple Cold Storage Management System v1.0 was discovered to contain a ...)
+ TODO: check
+CVE-2022-43228 (Barangay Management System v1.0 was discovered to contain a SQL inject ...)
+ TODO: check
CVE-2022-43227
RESERVED
CVE-2022-43226
@@ -3829,20 +3866,20 @@ CVE-2022-43172
RESERVED
CVE-2022-43171
RESERVED
-CVE-2022-43170
- RESERVED
-CVE-2022-43169
- RESERVED
-CVE-2022-43168
- RESERVED
-CVE-2022-43167
- RESERVED
-CVE-2022-43166
- RESERVED
-CVE-2022-43165
- RESERVED
-CVE-2022-43164
- RESERVED
+CVE-2022-43170 (A stored cross-site scripting (XSS) vulnerability in the Dashboard Con ...)
+ TODO: check
+CVE-2022-43169 (A stored cross-site scripting (XSS) vulnerability in the Users Access ...)
+ TODO: check
+CVE-2022-43168 (Rukovoditel v3.2.1 was discovered to contain a SQL injection vulnerabi ...)
+ TODO: check
+CVE-2022-43167 (A stored cross-site scripting (XSS) vulnerability in the Users Alerts ...)
+ TODO: check
+CVE-2022-43166 (A stored cross-site scripting (XSS) vulnerability in the Global Entiti ...)
+ TODO: check
+CVE-2022-43165 (A stored cross-site scripting (XSS) vulnerability in the Global Variab ...)
+ TODO: check
+CVE-2022-43164 (A stored cross-site scripting (XSS) vulnerability in the Global Lists ...)
+ TODO: check
CVE-2022-43163
RESERVED
CVE-2022-43162
@@ -4558,8 +4595,8 @@ CVE-2022-3514
RESERVED
CVE-2022-3513
RESERVED
-CVE-2022-3512
- RESERVED
+CVE-2022-3512 (Using warp-cli command "add-trusted-ssid", a user was able to disconne ...)
+ TODO: check
CVE-2022-3511
RESERVED
CVE-2022-3510
@@ -6195,12 +6232,12 @@ CVE-2022-3404
RESERVED
CVE-2022-3403
RESERVED
-CVE-2022-3402
- RESERVED
-CVE-2022-3401
- RESERVED
-CVE-2022-3400
- RESERVED
+CVE-2022-3402 (The Log HTTP Requests plugin for WordPress is vulnerable to Stored Cro ...)
+ TODO: check
+CVE-2022-3401 (The Bricks theme for WordPress is vulnerable to remote code execution ...)
+ TODO: check
+CVE-2022-3400 (The Bricks theme for WordPress is vulnerable to authorization bypass d ...)
+ TODO: check
CVE-2022-3399
RESERVED
CVE-2022-3398 (OMRON CX-Programmer 9.78 and prior is vulnerable to an Out-of-Bounds W ...)
@@ -7228,12 +7265,12 @@ CVE-2022-41653
RESERVED
CVE-2022-41651 (The affected product DIAEnergie (versions prior to v1.9.01.002) is vul ...)
TODO: check
-CVE-2022-41648
- RESERVED
+CVE-2022-41648 (The HEIDENHAIN Controller TNC 640, version 340590 07 SP5, running HERO ...)
+ TODO: check
CVE-2022-41644
RESERVED
-CVE-2022-41636
- RESERVED
+CVE-2022-41636 (Communication traffic involving "Ethernet Q Commands" service of Haas ...)
+ TODO: check
CVE-2022-41629
RESERVED
CVE-2022-41627 (The physical IoT device of the AliveCor's KardiaMobile, a smartphone-b ...)
@@ -7749,8 +7786,8 @@ CVE-2022-3339 (A reflected cross-site scripting (XSS) vulnerability in ePO prior
NOT-FOR-US: Trellix ePolicy Orchestrator
CVE-2022-3338 (An External XML entity (XXE) vulnerability in ePO prior to 5.10 Update ...)
NOT-FOR-US: Trellix ePolicy Orchestrator
-CVE-2022-3337
- RESERVED
+CVE-2022-3337 (It was possible for a user to delete a VPN profile from WARP mobile cl ...)
+ TODO: check
CVE-2022-3336
RESERVED
CVE-2022-3335 (The Kadence WooCommerce Email Designer WordPress plugin before 1.5.7 u ...)
@@ -7846,12 +7883,12 @@ CVE-2022-41556 (A resource leak in gw_backend.c in lighttpd 1.4.56 through 1.4.6
NOTE: Fixed by: https://github.com/lighttpd/lighttpd1.4/commit/b18de6f9264f914f7bf493abd3b6059343548e50 (lighttpd-1.4.67)
CVE-2022-40690 (Cross-site scripting vulnerability in BookStack versions prior to v22. ...)
NOT-FOR-US: BookStack
-CVE-2022-3322
- RESERVED
-CVE-2022-3321
- RESERVED
-CVE-2022-3320
- RESERVED
+CVE-2022-3322 (Lock Warp switch is a feature of Zero Trust platform which, when enabl ...)
+ TODO: check
+CVE-2022-3321 (It was possible to bypass Lock WARP switch feature https://developers. ...)
+ TODO: check
+CVE-2022-3320 (It was possible to bypass policies configured for Zero Trust Secure We ...)
+ TODO: check
CVE-2022-3319
RESERVED
CVE-2022-3318
@@ -9820,8 +9857,8 @@ CVE-2022-3230
RESERVED
CVE-2022-3229
RESERVED
-CVE-2022-3228
- RESERVED
+CVE-2022-3228 (Using custom code, an attacker can write into name or description fiel ...)
+ TODO: check
CVE-2022-40742
RESERVED
CVE-2022-40741
@@ -13042,10 +13079,10 @@ CVE-2022-39369
RESERVED
CVE-2022-39368
RESERVED
-CVE-2022-39367
- RESERVED
-CVE-2022-39366
- RESERVED
+CVE-2022-39367 (QTIWorks is a software suite for standards-based assessment delivery. ...)
+ TODO: check
+CVE-2022-39366 (DataHub is an open-source metadata platform. Prior to version 0.8.45, ...)
+ TODO: check
CVE-2022-39365 (Pimcore is an open source data and experience management platform. Pri ...)
TODO: check
CVE-2022-39364 (Nextcloud Server is the file server software for Nextcloud, a self-hos ...)
@@ -14627,8 +14664,7 @@ CVE-2022-38789 (An issue was discovered in Airties Smart Wi-Fi before 2020-08-04
NOT-FOR-US: Airties Smart Wi-Fi
CVE-2022-38788 (An issue was discovered in Nokia FastMile 5G Receiver 5G14-B 1.2104.00 ...)
NOT-FOR-US: Nokia
-CVE-2022-3018
- RESERVED
+CVE-2022-3018 (An information disclosure vulnerability in GitLab CE/EE affecting all ...)
- gitlab <unfixed>
CVE-2022-3017 (Cross-Site Request Forgery (CSRF) in GitHub repository froxlor/froxlor ...)
- froxlor <itp> (bug #581792)
@@ -15913,8 +15949,7 @@ CVE-2022-2884 (A vulnerability in GitLab CE/EE affecting all versions from 11.3.
NOTE: https://about.gitlab.com/releases/2022/08/22/critical-security-release-gitlab-15-3-1-released/
CVE-2022-2883
RESERVED
-CVE-2022-2882
- RESERVED
+CVE-2022-2882 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
- gitlab <unfixed>
CVE-2022-2881 (The underlying bug might cause read past end of the buffer and either ...)
- bind9 1:9.18.7-1
@@ -16020,8 +16055,8 @@ CVE-2022-2865 (A cross-site scripting issue has been discovered in GitLab CE/EE
[experimental] - gitlab 15.2.3+ds1-1
- gitlab <unfixed>
NOTE: https://about.gitlab.com/releases/2022/08/30/critical-security-release-gitlab-15-3-2-released/
-CVE-2022-2864
- RESERVED
+CVE-2022-2864 (The demon image annotation plugin for WordPress is vulnerable to Cross ...)
+ TODO: check
CVE-2022-2863 (The Migration, Backup, Staging WordPress plugin before 0.9.76 does not ...)
NOT-FOR-US: WordPress plugin
CVE-2022-2862 (Use After Free in GitHub repository vim/vim prior to 9.0.0221. ...)
@@ -18508,12 +18543,12 @@ CVE-2022-37428 (PowerDNS Recursor up to and including 4.5.9, 4.6.2 and 4.7.1, wh
NOTE: https://downloads.powerdns.com/patches/2022-02/
CVE-2022-37427
RESERVED
-CVE-2022-37426
- RESERVED
-CVE-2022-37425
- RESERVED
-CVE-2022-37424
- RESERVED
+CVE-2022-37426 (Unrestricted Upload of File with Dangerous Type vulnerability in OpenN ...)
+ TODO: check
+CVE-2022-37425 (Improper Neutralization of Special Elements used in a Command ('Comman ...)
+ TODO: check
+CVE-2022-37424 (Files or Directories Accessible to External Parties vulnerability in O ...)
+ TODO: check
CVE-2022-37423 (Neo4j APOC (Awesome Procedures on Cypher) before 4.3.0.7 and 4.x befor ...)
NOT-FOR-US: Neo4j APOC (Awesome Procedures on Cypher)
CVE-2022-37422 (Payara through 5.2022.2 allows directory traversal without authenticat ...)
@@ -21525,10 +21560,10 @@ CVE-2022-2476 (A null pointer dereference bug was found in wavpack-5.4.0 The res
[buster] - wavpack <no-dsa> (Minor issue)
NOTE: https://github.com/dbry/WavPack/issues/121
NOTE: https://github.com/dbry/WavPack/commit/25b4a2725d8568212e7cf89ca05ca29d128af7ac (5.5.0)
-CVE-2022-2475
- RESERVED
-CVE-2022-2474
- RESERVED
+CVE-2022-2475 (Haas Controller version 100.20.000.1110 has insufficient granularity o ...)
+ TODO: check
+CVE-2022-2474 (Authentication is currently unsupported in Haas Controller version 100 ...)
+ TODO: check
CVE-2022-2473 (The WP-UserOnline plugin for WordPress is vulnerable to Stored Cross-S ...)
NOT-FOR-US: WP-UserOnline plugin for WordPress
CVE-2022-2472 (Improper Initialization vulnerability in the local server component of ...)
@@ -48248,8 +48283,8 @@ CVE-2022-26886
RESERVED
CVE-2022-26885
RESERVED
-CVE-2022-26884
- RESERVED
+CVE-2022-26884 (Users can read any files by log server, Apache DolphinScheduler users ...)
+ TODO: check
CVE-2022-0934 (A single-byte, non-arbitrary write/use-after-free flaw was found in dn ...)
- dnsmasq <unfixed> (bug #1014715)
[bullseye] - dnsmasq <no-dsa> (Minor issue)
@@ -87932,26 +87967,26 @@ CVE-2021-38739
RESERVED
CVE-2021-38738
RESERVED
-CVE-2021-38737
- RESERVED
-CVE-2021-38736
- RESERVED
+CVE-2021-38737 (SEMCMS v 1.1 is vulnerable to SQL Injection via Ant_Pro.php. ...)
+ TODO: check
+CVE-2021-38736 (SEMCMS Shop V 1.1 is vulnerable to SQL Injection via Ant_Global.php. ...)
+ TODO: check
CVE-2021-38735
RESERVED
-CVE-2021-38734
- RESERVED
-CVE-2021-38733
- RESERVED
-CVE-2021-38732
- RESERVED
-CVE-2021-38731
- RESERVED
-CVE-2021-38730
- RESERVED
-CVE-2021-38729
- RESERVED
-CVE-2021-38728
- RESERVED
+CVE-2021-38734 (SEMCMS SHOP v 1.1 is vulnerable to SQL Injection via Ant_Menu.php. ...)
+ TODO: check
+CVE-2021-38733 (SEMCMS SHOP v 1.1 is vulnerable to SQL Injection via Ant_BlogCat.php. ...)
+ TODO: check
+CVE-2021-38732 (SEMCMS SHOP v 1.1 is vulnerable to SQL via Ant_Message.php. ...)
+ TODO: check
+CVE-2021-38731 (SEMCMS SHOP v 1.1 is vulnerable to SQL Injection via Ant_Zekou.php. ...)
+ TODO: check
+CVE-2021-38730 (SEMCMS SHOP v 1.1 is vulnerable to SQL Injection via Ant_Info.php. ...)
+ TODO: check
+CVE-2021-38729 (SEMCMS SHOP v 1.1 is vulnerable to SQL Injection via Ant_Plist.php. ...)
+ TODO: check
+CVE-2021-38728 (SEMCMS SHOP v 1.1 is vulnerable to Cross Site Scripting (XSS) via Ant_ ...)
+ TODO: check
CVE-2021-38727 (FUEL CMS 1.5.0 allows SQL Injection via parameter 'col' in /fuel/index ...)
NOT-FOR-US: FUEL CMS
CVE-2021-38726
@@ -89280,8 +89315,8 @@ CVE-2021-38219
RESERVED
CVE-2021-38218
RESERVED
-CVE-2021-38217
- RESERVED
+CVE-2021-38217 (SEMCMS v 1.2 is vulnerable to SQL Injection via SEMCMS_User.php. ...)
+ TODO: check
CVE-2021-38216
RESERVED
CVE-2021-38215
@@ -90614,10 +90649,10 @@ CVE-2021-37784
RESERVED
CVE-2021-37783
RESERVED
-CVE-2021-37782
- RESERVED
-CVE-2021-37781
- RESERVED
+CVE-2021-37782 (Employee Record Management System v 1.2 is vulnerable to SQL Injection ...)
+ TODO: check
+CVE-2021-37781 (Employee Record Management System v 1.2 is vulnerable to Cross Site Sc ...)
+ TODO: check
CVE-2021-37780
RESERVED
CVE-2021-37779
@@ -92713,8 +92748,8 @@ CVE-2021-36900
RESERVED
CVE-2021-36899 (Authenticated (admin+) Reflected Cross-Site Scripting (XSS) vulnerabil ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-36898
- RESERVED
+CVE-2021-36898 (Auth. SQL Injection (SQLi) vulnerability in Quiz And Survey Master plu ...)
+ TODO: check
CVE-2021-36897
RESERVED
CVE-2021-36896 (Authenticated (author or higher user role) Stored Cross-Site Scripting ...)
@@ -92781,10 +92816,10 @@ CVE-2021-36866 (Authenticated (author or higher role) Stored Cross-Site Scriptin
NOT-FOR-US: WordPress plugin
CVE-2021-36865 (Insecure direct object references (IDOR) vulnerability in ExpressTech ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-36864
- RESERVED
-CVE-2021-36863
- RESERVED
+CVE-2021-36864 (Auth. (editor+) Reflected Cross-Site Scripting (XSS) vulnerability in ...)
+ TODO: check
+CVE-2021-36863 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
+ TODO: check
CVE-2021-36862
RESERVED
CVE-2021-36861 (Cross-Site Request Forgery (CSRF) vulnerability in Rich Reviews by Sta ...)
@@ -92793,8 +92828,8 @@ CVE-2021-36860
RESERVED
CVE-2021-36859
RESERVED
-CVE-2021-36858
- RESERVED
+CVE-2021-36858 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Them ...)
+ TODO: check
CVE-2021-36857 (Authenticated (editor+) Stored Cross-Site Scripting (XSS) vulnerabilit ...)
NOT-FOR-US: WordPress plugin
CVE-2021-36856
@@ -96457,10 +96492,10 @@ CVE-2021-35390
RESERVED
CVE-2021-35389
RESERVED
-CVE-2021-35388
- RESERVED
-CVE-2021-35387
- RESERVED
+CVE-2021-35388 (Hospital Management System v 4.0 is vulnerable to Cross Site Scripting ...)
+ TODO: check
+CVE-2021-35387 (Hospital Management System v 4.0 is vulnerable to SQL Injection via fi ...)
+ TODO: check
CVE-2021-35386
RESERVED
CVE-2021-35385
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b997514620e010809a6e90950c891eb2c60b7d85
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b997514620e010809a6e90950c891eb2c60b7d85
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221028/2b40e863/attachment.htm>
More information about the debian-security-tracker-commits
mailing list