[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Mon Oct 31 20:10:26 GMT 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
12a48cc6 by security tracker role at 2022-10-31T20:10:17+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,209 @@
+CVE-2022-44531
+ RESERVED
+CVE-2022-44530
+ RESERVED
+CVE-2022-44529
+ RESERVED
+CVE-2022-44528
+ RESERVED
+CVE-2022-44527
+ RESERVED
+CVE-2022-44526
+ RESERVED
+CVE-2022-44525
+ RESERVED
+CVE-2022-44524
+ RESERVED
+CVE-2022-44523
+ RESERVED
+CVE-2022-44522
+ RESERVED
+CVE-2022-44521
+ RESERVED
+CVE-2022-44520
+ RESERVED
+CVE-2022-44519
+ RESERVED
+CVE-2022-44518
+ RESERVED
+CVE-2022-44517
+ RESERVED
+CVE-2022-44516
+ RESERVED
+CVE-2022-44515
+ RESERVED
+CVE-2022-44514
+ RESERVED
+CVE-2022-44513
+ RESERVED
+CVE-2022-44512
+ RESERVED
+CVE-2022-44511
+ RESERVED
+CVE-2022-44510
+ RESERVED
+CVE-2022-44509
+ RESERVED
+CVE-2022-44508
+ RESERVED
+CVE-2022-44507
+ RESERVED
+CVE-2022-44506
+ RESERVED
+CVE-2022-44505
+ RESERVED
+CVE-2022-44504
+ RESERVED
+CVE-2022-44503
+ RESERVED
+CVE-2022-44502
+ RESERVED
+CVE-2022-44501
+ RESERVED
+CVE-2022-44500
+ RESERVED
+CVE-2022-44499
+ RESERVED
+CVE-2022-44498
+ RESERVED
+CVE-2022-44497
+ RESERVED
+CVE-2022-44496
+ RESERVED
+CVE-2022-44495
+ RESERVED
+CVE-2022-44494
+ RESERVED
+CVE-2022-44493
+ RESERVED
+CVE-2022-44492
+ RESERVED
+CVE-2022-44491
+ RESERVED
+CVE-2022-44490
+ RESERVED
+CVE-2022-44489
+ RESERVED
+CVE-2022-44488
+ RESERVED
+CVE-2022-44487
+ RESERVED
+CVE-2022-44486
+ RESERVED
+CVE-2022-44485
+ RESERVED
+CVE-2022-44484
+ RESERVED
+CVE-2022-44483
+ RESERVED
+CVE-2022-44482
+ RESERVED
+CVE-2022-44481
+ RESERVED
+CVE-2022-44480
+ RESERVED
+CVE-2022-44479
+ RESERVED
+CVE-2022-44478
+ RESERVED
+CVE-2022-44477
+ RESERVED
+CVE-2022-44476
+ RESERVED
+CVE-2022-44475
+ RESERVED
+CVE-2022-44474
+ RESERVED
+CVE-2022-44473
+ RESERVED
+CVE-2022-44472
+ RESERVED
+CVE-2022-44471
+ RESERVED
+CVE-2022-44470
+ RESERVED
+CVE-2022-44469
+ RESERVED
+CVE-2022-44468
+ RESERVED
+CVE-2022-44467
+ RESERVED
+CVE-2022-44466
+ RESERVED
+CVE-2022-44465
+ RESERVED
+CVE-2022-44464
+ RESERVED
+CVE-2022-44463
+ RESERVED
+CVE-2022-44462
+ RESERVED
+CVE-2022-44461
+ RESERVED
+CVE-2022-44460
+ RESERVED
+CVE-2022-44459
+ RESERVED
+CVE-2022-44458
+ RESERVED
+CVE-2022-44457
+ RESERVED
+CVE-2022-43506
+ RESERVED
+CVE-2022-43495
+ RESERVED
+CVE-2022-43457
+ RESERVED
+CVE-2022-43452
+ RESERVED
+CVE-2022-43451
+ RESERVED
+CVE-2022-43449
+ RESERVED
+CVE-2022-43447
+ RESERVED
+CVE-2022-41775
+ RESERVED
+CVE-2022-3780
+ RESERVED
+CVE-2022-3779
+ RESERVED
+CVE-2022-3778
+ RESERVED
+CVE-2022-3777
+ RESERVED
+CVE-2022-3776
+ RESERVED
+CVE-2022-3775
+ RESERVED
+CVE-2022-3774 (A vulnerability was found in SourceCodester Train Scheduler App 1.0 an ...)
+ TODO: check
+CVE-2022-3773 (A vulnerability has been found in EmbedPress Plugin and classified as ...)
+ TODO: check
+CVE-2022-3772 (A vulnerability, which was classified as problematic, was found in eas ...)
+ TODO: check
+CVE-2022-3771 (A vulnerability, which was classified as critical, has been found in e ...)
+ TODO: check
+CVE-2022-3770 (A vulnerability classified as critical was found in Yunjing CMS. This ...)
+ TODO: check
+CVE-2022-3769
+ RESERVED
+CVE-2022-3768
+ RESERVED
+CVE-2022-3767
+ RESERVED
+CVE-2022-3766 (Cross-site Scripting (XSS) - Reflected in GitHub repository thorsten/p ...)
+ TODO: check
+CVE-2022-3765 (Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpm ...)
+ TODO: check
+CVE-2022-3764
+ RESERVED
+CVE-2022-3763
+ RESERVED
+CVE-2022-3762
+ RESERVED
+CVE-2022-3761
+ RESERVED
CVE-2023-20853
RESERVED
CVE-2023-20852
@@ -742,12 +948,12 @@ CVE-2022-44083
RESERVED
CVE-2022-44082
RESERVED
-CVE-2022-44081
- RESERVED
+CVE-2022-44081 (Lodepng v20220717 was discovered to contain a segmentation fault via t ...)
+ TODO: check
CVE-2022-44080
RESERVED
-CVE-2022-44079
- RESERVED
+CVE-2022-44079 (pycdc commit 44a730f3a889503014fec94ae6e62d8401cb75e5 was discovered t ...)
+ TODO: check
CVE-2022-44078
RESERVED
CVE-2022-44077
@@ -4891,16 +5097,16 @@ CVE-2022-43154
RESERVED
CVE-2022-43153
RESERVED
-CVE-2022-43152
- RESERVED
-CVE-2022-43151
- RESERVED
+CVE-2022-43152 (tsMuxer v2.6.16 was discovered to contain a heap overflow via the func ...)
+ TODO: check
+CVE-2022-43151 (timg v1.4.4 was discovered to contain a memory leak via the function t ...)
+ TODO: check
CVE-2022-43150
RESERVED
CVE-2022-43149
RESERVED
-CVE-2022-43148
- RESERVED
+CVE-2022-43148 (rtf2html v0.2.0 was discovered to contain a heap overflow in the compo ...)
+ TODO: check
CVE-2022-43147
RESERVED
CVE-2022-43146
@@ -6151,10 +6357,10 @@ CVE-2022-3443
RESERVED
CVE-2022-3442 (A vulnerability was found in Crealogix EBICS 7.0. It has been rated as ...)
NOT-FOR-US: Crealogix EBICS
-CVE-2022-3441
- RESERVED
-CVE-2022-3440
- RESERVED
+CVE-2022-3441 (The Rock Convert WordPress plugin before 2.11.0 does not sanitise and ...)
+ TODO: check
+CVE-2022-3440 (The Rock Convert WordPress plugin before 2.11.0 does not sanitise and ...)
+ TODO: check
CVE-2022-3439 (Allocation of Resources Without Limits or Throttling in GitHub reposit ...)
- rdiffweb <itp> (bug #969974)
CVE-2022-3438 (Open Redirect in GitHub repository ikus060/rdiffweb prior to 2.5.0a4. ...)
@@ -6759,10 +6965,10 @@ CVE-2022-3422 (Account Takeover :: when see the info i can see the hash pass i c
NOT-FOR-US: ToolJet
CVE-2022-3421 (An attacker can pre-create the `/Applications/Google\ Drive.app/Conten ...)
NOT-FOR-US: Drive for Desktop MacOS
-CVE-2022-3420
- RESERVED
-CVE-2022-3419
- RESERVED
+CVE-2022-3420 (The Official Integration for Billingo WordPress plugin before 3.4.0 do ...)
+ TODO: check
+CVE-2022-3419 (The Automatic User Roles Switcher WordPress plugin before 1.1.2 does n ...)
+ TODO: check
CVE-2022-42468 (Apache Flume versions 1.4.0 through 1.10.1 are vulnerable to a remote ...)
NOT-FOR-US: Apache Flume
CVE-2022-42467 (When running in prototype mode, the h2 webconsole module (accessible f ...)
@@ -6805,8 +7011,8 @@ CVE-2022-3410
RESERVED
CVE-2022-3409 (A vulnerability in bmcweb of OpenBMC Project allows user to cause deni ...)
NOT-FOR-US: OpenBMC
-CVE-2022-3408
- RESERVED
+CVE-2022-3408 (The WP Word Count WordPress plugin through 3.2.3 does not sanitise and ...)
+ TODO: check
CVE-2022-3407
RESERVED
CVE-2022-42457 (Generex CS141 through 2.10 allows remote command execution by administ ...)
@@ -8114,8 +8320,8 @@ CVE-2022-36795 (In BIG-IP versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.
NOT-FOR-US: F5 BIG-IP
CVE-2022-3381
RESERVED
-CVE-2022-3380
- RESERVED
+CVE-2022-3380 (The Customizer Export/Import WordPress plugin before 0.9.5 unserialize ...)
+ TODO: check
CVE-2022-3379 (Horner Automation's Cscape version 9.90 SP7 and prior does not properl ...)
NOT-FOR-US: Horner Automation's Cscape
CVE-2022-3378 (Horner Automation's Cscape version 9.90 SP 7 and prior does not proper ...)
@@ -8126,8 +8332,8 @@ CVE-2022-3376 (Weak Password Requirements in GitHub repository ikus060/rdiffweb
- rdiffweb <itp> (bug #969974)
CVE-2022-3375
RESERVED
-CVE-2022-3374
- RESERVED
+CVE-2022-3374 (The Ocean Extra WordPress plugin before 2.0.5 unserialises the content ...)
+ TODO: check
CVE-2022-3373
RESERVED
{DSA-5245-1}
@@ -8220,8 +8426,8 @@ CVE-2022-38973
RESERVED
CVE-2022-3367
RESERVED
-CVE-2022-3366
- RESERVED
+CVE-2022-3366 (The PublishPress Capabilities WordPress plugin before 2.5.2, PublishPr ...)
+ TODO: check
CVE-2022-3365
RESERVED
CVE-2022-3364 (Allocation of Resources Without Limits or Throttling in GitHub reposit ...)
@@ -8311,12 +8517,12 @@ CVE-2022-40190
RESERVED
CVE-2022-38355
RESERVED
-CVE-2022-38142
- RESERVED
+CVE-2022-38142 (Delta Electronics InfraSuite Device Master versions 00.00.01a and prio ...)
+ TODO: check
CVE-2022-3361
RESERVED
-CVE-2022-3360
- RESERVED
+CVE-2022-3360 (The LearnPress WordPress plugin before 4.1.7.2 unserialises user input ...)
+ TODO: check
CVE-2022-3359
RESERVED
CVE-2022-3358 (OpenSSL supports creating a custom cipher via the legacy EVP_CIPHER_me ...)
@@ -8324,8 +8530,8 @@ CVE-2022-3358 (OpenSSL supports creating a custom cipher via the legacy EVP_CIPH
[bullseye] - openssl <not-affected> (Only affects 3.x)
[buster] - openssl <not-affected> (Only affects 3.x)
NOTE: https://www.openssl.org/news/secadv/20221011.txt
-CVE-2022-3357
- RESERVED
+CVE-2022-3357 (The Smart Slider 3 WordPress plugin before 3.5.1.11 unserialises the c ...)
+ TODO: check
CVE-2022-3356
RESERVED
CVE-2022-3355 (Cross-site Scripting (XSS) - Stored in GitHub repository inventree/inv ...)
@@ -8803,8 +9009,8 @@ CVE-2022-3336
RESERVED
CVE-2022-3335 (The Kadence WooCommerce Email Designer WordPress plugin before 1.5.7 u ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-3334
- RESERVED
+CVE-2022-3334 (The Easy WP SMTP WordPress plugin before 1.5.0 unserialises the conten ...)
+ TODO: check
CVE-2022-3333 (A vulnerability, which was classified as problematic, was found in Zep ...)
NOT-FOR-US: WordPress plugin
CVE-2022-3332 (A vulnerability classified as critical has been found in SourceCodeste ...)
@@ -9745,8 +9951,8 @@ CVE-2022-3256 (Use After Free in GitHub repository vim/vim prior to 9.0.0530. ..
NOTE: https://github.com/vim/vim/commit/8ecfa2c56b4992c7f067b92488aa9acea5a454ad (v9.0.0530)
CVE-2022-3255 (If an attacker can control a script that is executed in the victim's b ...)
NOT-FOR-US: pimcore
-CVE-2022-3254
- RESERVED
+CVE-2022-3254 (The WordPress Classifieds Plugin WordPress plugin before 4.3 does not ...)
+ TODO: check
CVE-2022-41255 (Jenkins CONS3RT Plugin 1.0.0 and earlier stores Cons3rt API token unen ...)
NOT-FOR-US: Jenkins plugin
CVE-2022-41254 (Missing permission checks in Jenkins CONS3RT Plugin 1.0.0 and earlier ...)
@@ -10427,8 +10633,8 @@ CVE-2022-3238
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: NTFS3 driver not enabled in Debian
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2127927
-CVE-2022-3237
- RESERVED
+CVE-2022-3237 (The WP Contact Slider WordPress plugin before 2.4.8 does not sanitize ...)
+ TODO: check
CVE-2022-40953
RESERVED
CVE-2022-40952
@@ -11571,10 +11777,10 @@ CVE-2022-40490
RESERVED
CVE-2022-40489
RESERVED
-CVE-2022-40488
- RESERVED
-CVE-2022-40487
- RESERVED
+CVE-2022-40488 (ProcessWire v3.0.200 was discovered to contain a Cross-Site Request Fo ...)
+ TODO: check
+CVE-2022-40487 (ProcessWire v3.0.200 was discovered to contain multiple cross-site scr ...)
+ TODO: check
CVE-2022-40486 (TP Link Archer AX10 V1 Firmware Version 1.3.1 Build 20220401 Rel. 5745 ...)
NOT-FOR-US: TP Link
CVE-2022-40485 (Wedding Planner v1.0 was discovered to contain a SQL injection vulnera ...)
@@ -11607,8 +11813,8 @@ CVE-2022-40473
RESERVED
CVE-2022-40472 (ZKTeco Xiamen Information Technology ZKBio Time 8.0.7 Build: 20220721. ...)
NOT-FOR-US: ZKTeco Xiamen Information Technology ZKBio Time
-CVE-2022-40471
- RESERVED
+CVE-2022-40471 (Remote Code Execution in Clinic's Patient Management System v 1.0 allo ...)
+ TODO: check
CVE-2022-40470
RESERVED
CVE-2022-40469 (iKuai OS v3.6.7 was discovered to contain an authenticated remote code ...)
@@ -14253,8 +14459,8 @@ CVE-2022-39296 (MelisAssetManager provides deliveries of Melis Platform's assets
NOT-FOR-US: MelisAssetManager
CVE-2022-39295 (Knowage is an open source suite for modern business analytics alternat ...)
NOT-FOR-US: Knowage
-CVE-2022-39294
- RESERVED
+CVE-2022-39294 (conduit-hyper integrates a conduit application with the hyper server. ...)
+ TODO: check
CVE-2022-39293 (Azure RTOS USBX is a high-performance USB host, device, and on-the-go ...)
NOT-FOR-US: Azure RTOS USBX
CVE-2022-39292 (Slack Morphism is a modern client library for Slack Web/Events API/Soc ...)
@@ -14540,8 +14746,8 @@ CVE-2022-3098 (The Login Block IPs WordPress plugin through 1.0.0 does not have
NOT-FOR-US: WordPress plugin
CVE-2022-3097 (The LBStopAttack WordPress plugin through 1.1.2 does not use nonces wh ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-3096
- RESERVED
+CVE-2022-3096 (The WP Total Hacks WordPress plugin through 4.7.2 does not prevent low ...)
+ TODO: check
CVE-2022-3095 (The implementation of backslash parsing in the Dart URI class for vers ...)
TODO: check
CVE-2022-3094
@@ -18092,8 +18298,8 @@ CVE-2022-2743
RESERVED
CVE-2022-2742
RESERVED
-CVE-2022-2741
- RESERVED
+CVE-2022-2741 (The denial-of-service can be triggered by transmitting a carefully cra ...)
+ TODO: check
CVE-2022-2740 (A vulnerability was found in SourceCodester Company Website CMS. It ha ...)
NOT-FOR-US: SourceCodester Company Website CMS
CVE-2022-2739 (The version of podman as released for Red Hat Enterprise Linux 7 Extra ...)
@@ -19053,14 +19259,14 @@ CVE-2022-37625
RESERVED
CVE-2022-37624
RESERVED
-CVE-2022-37623
- RESERVED
+CVE-2022-37623 (Prototype pollution vulnerability in function resolveShims in resolve- ...)
+ TODO: check
CVE-2022-37622
RESERVED
CVE-2022-37621 (Prototype pollution vulnerability in function resolveShims in resolve- ...)
TODO: check
-CVE-2022-37620
- RESERVED
+CVE-2022-37620 (A Regular Expression Denial of Service (ReDoS) flaw was found in kanga ...)
+ TODO: check
CVE-2022-37619
RESERVED
CVE-2022-37618
@@ -19398,7 +19604,7 @@ CVE-2022-37456
CVE-2022-37455
RESERVED
CVE-2022-37454 (The Keccak XKCP SHA-3 reference implementation before fdc6fef has an i ...)
- {DSA-5267-1}
+ {DSA-5267-1 DLA-3174-1}
- php8.1 8.1.12-1
- php7.4 <removed>
- php7.3 <removed>
@@ -19877,8 +20083,8 @@ CVE-2022-2629 (The Top Bar WordPress plugin before 3.0.4 does not sanitise and e
NOT-FOR-US: WordPress plugin
CVE-2022-2628 (The DSGVO All in one for WP WordPress plugin before 4.2 does not sanit ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-2627
- RESERVED
+CVE-2022-2627 (The Newspaper WordPress theme before 12 does not sanitise a parameter ...)
+ TODO: check
CVE-2022-2626 (Incorrect Privilege Assignment in GitHub repository hestiacp/hestiacp ...)
NOT-FOR-US: Hestia Control Panel
CVE-2022-37348 (Trend Micro Security 2021 and 2022 (Consumer) is vulnerable to an Out- ...)
@@ -27949,8 +28155,8 @@ CVE-2022-34349
RESERVED
CVE-2022-34348 (IBM Sterling Partner Engagement Manager 6.1 is vulnerable to an XML Ex ...)
NOT-FOR-US: IBM
-CVE-2022-2190
- RESERVED
+CVE-2022-2190 (The Gallery Plugin for WordPress plugin before 1.8.4.7 does not escape ...)
+ TODO: check
CVE-2022-2189 (The WP Video Lightbox WordPress plugin before 1.9.5 does not escape th ...)
NOT-FOR-US: WordPress plugin
CVE-2022-2188
@@ -28188,8 +28394,8 @@ CVE-2022-2169 (The Loading Page with Loading Screen WordPress plugin before 1.0.
NOT-FOR-US: WordPress plugin
CVE-2022-2168 (The Download Manager WordPress plugin before 3.2.44 does not escape a ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-2167
- RESERVED
+CVE-2022-2167 (The Newspaper WordPress theme before 12 does not sanitise a parameter ...)
+ TODO: check
CVE-2022-34270
RESERVED
CVE-2022-34269
@@ -84242,8 +84448,8 @@ CVE-2021-40663 (deep.assign npm package 0.0.0-alpha.0 is vulnerable to Improperl
NOT-FOR-US: Node deep.assign
CVE-2021-40662 (A Cross-Site Request Forgery (CSRF) in Chamilo LMS 1.11.14 allows atta ...)
NOT-FOR-US: Chamilo LMS
-CVE-2021-40661
- RESERVED
+CVE-2021-40661 (A remote, unauthenticated, directory traversal vulnerability was ident ...)
+ TODO: check
CVE-2021-40660 (An issue was discovered in Delight Nashorn Sandbox 0.2.0. There is an ...)
NOT-FOR-US: Delight Nashorn Sandbox
CVE-2021-40659
@@ -85397,8 +85603,8 @@ CVE-2021-40243
RESERVED
CVE-2021-40242
RESERVED
-CVE-2021-40241
- RESERVED
+CVE-2021-40241 (xfig 3.2.7 is vulnerable to Buffer Overflow. ...)
+ TODO: check
CVE-2021-40240
RESERVED
CVE-2021-40239 (A Buffer Overflow vulnerability exists in the latest version of Minift ...)
@@ -164623,8 +164829,8 @@ CVE-2020-21018
RESERVED
CVE-2020-21017
RESERVED
-CVE-2020-21016
- RESERVED
+CVE-2020-21016 (D-Link DIR-846 devices with firmware 100A35 allow remote attackers to ...)
+ TODO: check
CVE-2020-21015
RESERVED
CVE-2020-21014 (emlog v6.0.0 contains an arbitrary file deletion vulnerability in admi ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/12a48cc6db756115b76b764cb5653e30612d8ad3
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/12a48cc6db756115b76b764cb5653e30612d8ad3
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221031/993d9682/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list