[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Mon Oct 31 20:10:26 GMT 2022



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
12a48cc6 by security tracker role at 2022-10-31T20:10:17+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,209 @@
+CVE-2022-44531
+	RESERVED
+CVE-2022-44530
+	RESERVED
+CVE-2022-44529
+	RESERVED
+CVE-2022-44528
+	RESERVED
+CVE-2022-44527
+	RESERVED
+CVE-2022-44526
+	RESERVED
+CVE-2022-44525
+	RESERVED
+CVE-2022-44524
+	RESERVED
+CVE-2022-44523
+	RESERVED
+CVE-2022-44522
+	RESERVED
+CVE-2022-44521
+	RESERVED
+CVE-2022-44520
+	RESERVED
+CVE-2022-44519
+	RESERVED
+CVE-2022-44518
+	RESERVED
+CVE-2022-44517
+	RESERVED
+CVE-2022-44516
+	RESERVED
+CVE-2022-44515
+	RESERVED
+CVE-2022-44514
+	RESERVED
+CVE-2022-44513
+	RESERVED
+CVE-2022-44512
+	RESERVED
+CVE-2022-44511
+	RESERVED
+CVE-2022-44510
+	RESERVED
+CVE-2022-44509
+	RESERVED
+CVE-2022-44508
+	RESERVED
+CVE-2022-44507
+	RESERVED
+CVE-2022-44506
+	RESERVED
+CVE-2022-44505
+	RESERVED
+CVE-2022-44504
+	RESERVED
+CVE-2022-44503
+	RESERVED
+CVE-2022-44502
+	RESERVED
+CVE-2022-44501
+	RESERVED
+CVE-2022-44500
+	RESERVED
+CVE-2022-44499
+	RESERVED
+CVE-2022-44498
+	RESERVED
+CVE-2022-44497
+	RESERVED
+CVE-2022-44496
+	RESERVED
+CVE-2022-44495
+	RESERVED
+CVE-2022-44494
+	RESERVED
+CVE-2022-44493
+	RESERVED
+CVE-2022-44492
+	RESERVED
+CVE-2022-44491
+	RESERVED
+CVE-2022-44490
+	RESERVED
+CVE-2022-44489
+	RESERVED
+CVE-2022-44488
+	RESERVED
+CVE-2022-44487
+	RESERVED
+CVE-2022-44486
+	RESERVED
+CVE-2022-44485
+	RESERVED
+CVE-2022-44484
+	RESERVED
+CVE-2022-44483
+	RESERVED
+CVE-2022-44482
+	RESERVED
+CVE-2022-44481
+	RESERVED
+CVE-2022-44480
+	RESERVED
+CVE-2022-44479
+	RESERVED
+CVE-2022-44478
+	RESERVED
+CVE-2022-44477
+	RESERVED
+CVE-2022-44476
+	RESERVED
+CVE-2022-44475
+	RESERVED
+CVE-2022-44474
+	RESERVED
+CVE-2022-44473
+	RESERVED
+CVE-2022-44472
+	RESERVED
+CVE-2022-44471
+	RESERVED
+CVE-2022-44470
+	RESERVED
+CVE-2022-44469
+	RESERVED
+CVE-2022-44468
+	RESERVED
+CVE-2022-44467
+	RESERVED
+CVE-2022-44466
+	RESERVED
+CVE-2022-44465
+	RESERVED
+CVE-2022-44464
+	RESERVED
+CVE-2022-44463
+	RESERVED
+CVE-2022-44462
+	RESERVED
+CVE-2022-44461
+	RESERVED
+CVE-2022-44460
+	RESERVED
+CVE-2022-44459
+	RESERVED
+CVE-2022-44458
+	RESERVED
+CVE-2022-44457
+	RESERVED
+CVE-2022-43506
+	RESERVED
+CVE-2022-43495
+	RESERVED
+CVE-2022-43457
+	RESERVED
+CVE-2022-43452
+	RESERVED
+CVE-2022-43451
+	RESERVED
+CVE-2022-43449
+	RESERVED
+CVE-2022-43447
+	RESERVED
+CVE-2022-41775
+	RESERVED
+CVE-2022-3780
+	RESERVED
+CVE-2022-3779
+	RESERVED
+CVE-2022-3778
+	RESERVED
+CVE-2022-3777
+	RESERVED
+CVE-2022-3776
+	RESERVED
+CVE-2022-3775
+	RESERVED
+CVE-2022-3774 (A vulnerability was found in SourceCodester Train Scheduler App 1.0 an ...)
+	TODO: check
+CVE-2022-3773 (A vulnerability has been found in EmbedPress Plugin and classified as  ...)
+	TODO: check
+CVE-2022-3772 (A vulnerability, which was classified as problematic, was found in eas ...)
+	TODO: check
+CVE-2022-3771 (A vulnerability, which was classified as critical, has been found in e ...)
+	TODO: check
+CVE-2022-3770 (A vulnerability classified as critical was found in Yunjing CMS. This  ...)
+	TODO: check
+CVE-2022-3769
+	RESERVED
+CVE-2022-3768
+	RESERVED
+CVE-2022-3767
+	RESERVED
+CVE-2022-3766 (Cross-site Scripting (XSS) - Reflected in GitHub repository thorsten/p ...)
+	TODO: check
+CVE-2022-3765 (Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpm ...)
+	TODO: check
+CVE-2022-3764
+	RESERVED
+CVE-2022-3763
+	RESERVED
+CVE-2022-3762
+	RESERVED
+CVE-2022-3761
+	RESERVED
 CVE-2023-20853
 	RESERVED
 CVE-2023-20852
@@ -742,12 +948,12 @@ CVE-2022-44083
 	RESERVED
 CVE-2022-44082
 	RESERVED
-CVE-2022-44081
-	RESERVED
+CVE-2022-44081 (Lodepng v20220717 was discovered to contain a segmentation fault via t ...)
+	TODO: check
 CVE-2022-44080
 	RESERVED
-CVE-2022-44079
-	RESERVED
+CVE-2022-44079 (pycdc commit 44a730f3a889503014fec94ae6e62d8401cb75e5 was discovered t ...)
+	TODO: check
 CVE-2022-44078
 	RESERVED
 CVE-2022-44077
@@ -4891,16 +5097,16 @@ CVE-2022-43154
 	RESERVED
 CVE-2022-43153
 	RESERVED
-CVE-2022-43152
-	RESERVED
-CVE-2022-43151
-	RESERVED
+CVE-2022-43152 (tsMuxer v2.6.16 was discovered to contain a heap overflow via the func ...)
+	TODO: check
+CVE-2022-43151 (timg v1.4.4 was discovered to contain a memory leak via the function t ...)
+	TODO: check
 CVE-2022-43150
 	RESERVED
 CVE-2022-43149
 	RESERVED
-CVE-2022-43148
-	RESERVED
+CVE-2022-43148 (rtf2html v0.2.0 was discovered to contain a heap overflow in the compo ...)
+	TODO: check
 CVE-2022-43147
 	RESERVED
 CVE-2022-43146
@@ -6151,10 +6357,10 @@ CVE-2022-3443
 	RESERVED
 CVE-2022-3442 (A vulnerability was found in Crealogix EBICS 7.0. It has been rated as ...)
 	NOT-FOR-US: Crealogix EBICS
-CVE-2022-3441
-	RESERVED
-CVE-2022-3440
-	RESERVED
+CVE-2022-3441 (The Rock Convert WordPress plugin before 2.11.0 does not sanitise and  ...)
+	TODO: check
+CVE-2022-3440 (The Rock Convert WordPress plugin before 2.11.0 does not sanitise and  ...)
+	TODO: check
 CVE-2022-3439 (Allocation of Resources Without Limits or Throttling in GitHub reposit ...)
 	- rdiffweb <itp> (bug #969974)
 CVE-2022-3438 (Open Redirect in GitHub repository ikus060/rdiffweb prior to 2.5.0a4. ...)
@@ -6759,10 +6965,10 @@ CVE-2022-3422 (Account Takeover :: when see the info i can see the hash pass i c
 	NOT-FOR-US: ToolJet
 CVE-2022-3421 (An attacker can pre-create the `/Applications/Google\ Drive.app/Conten ...)
 	NOT-FOR-US: Drive for Desktop MacOS
-CVE-2022-3420
-	RESERVED
-CVE-2022-3419
-	RESERVED
+CVE-2022-3420 (The Official Integration for Billingo WordPress plugin before 3.4.0 do ...)
+	TODO: check
+CVE-2022-3419 (The Automatic User Roles Switcher WordPress plugin before 1.1.2 does n ...)
+	TODO: check
 CVE-2022-42468 (Apache Flume versions 1.4.0 through 1.10.1 are vulnerable to a remote  ...)
 	NOT-FOR-US: Apache Flume
 CVE-2022-42467 (When running in prototype mode, the h2 webconsole module (accessible f ...)
@@ -6805,8 +7011,8 @@ CVE-2022-3410
 	RESERVED
 CVE-2022-3409 (A vulnerability in bmcweb of OpenBMC Project allows user to cause deni ...)
 	NOT-FOR-US: OpenBMC
-CVE-2022-3408
-	RESERVED
+CVE-2022-3408 (The WP Word Count WordPress plugin through 3.2.3 does not sanitise and ...)
+	TODO: check
 CVE-2022-3407
 	RESERVED
 CVE-2022-42457 (Generex CS141 through 2.10 allows remote command execution by administ ...)
@@ -8114,8 +8320,8 @@ CVE-2022-36795 (In BIG-IP versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.
 	NOT-FOR-US: F5 BIG-IP
 CVE-2022-3381
 	RESERVED
-CVE-2022-3380
-	RESERVED
+CVE-2022-3380 (The Customizer Export/Import WordPress plugin before 0.9.5 unserialize ...)
+	TODO: check
 CVE-2022-3379 (Horner Automation's Cscape version 9.90 SP7 and prior does not properl ...)
 	NOT-FOR-US: Horner Automation's Cscape
 CVE-2022-3378 (Horner Automation's Cscape version 9.90 SP 7 and prior does not proper ...)
@@ -8126,8 +8332,8 @@ CVE-2022-3376 (Weak Password Requirements in GitHub repository ikus060/rdiffweb
 	- rdiffweb <itp> (bug #969974)
 CVE-2022-3375
 	RESERVED
-CVE-2022-3374
-	RESERVED
+CVE-2022-3374 (The Ocean Extra WordPress plugin before 2.0.5 unserialises the content ...)
+	TODO: check
 CVE-2022-3373
 	RESERVED
 	{DSA-5245-1}
@@ -8220,8 +8426,8 @@ CVE-2022-38973
 	RESERVED
 CVE-2022-3367
 	RESERVED
-CVE-2022-3366
-	RESERVED
+CVE-2022-3366 (The PublishPress Capabilities WordPress plugin before 2.5.2, PublishPr ...)
+	TODO: check
 CVE-2022-3365
 	RESERVED
 CVE-2022-3364 (Allocation of Resources Without Limits or Throttling in GitHub reposit ...)
@@ -8311,12 +8517,12 @@ CVE-2022-40190
 	RESERVED
 CVE-2022-38355
 	RESERVED
-CVE-2022-38142
-	RESERVED
+CVE-2022-38142 (Delta Electronics InfraSuite Device Master versions 00.00.01a and prio ...)
+	TODO: check
 CVE-2022-3361
 	RESERVED
-CVE-2022-3360
-	RESERVED
+CVE-2022-3360 (The LearnPress WordPress plugin before 4.1.7.2 unserialises user input ...)
+	TODO: check
 CVE-2022-3359
 	RESERVED
 CVE-2022-3358 (OpenSSL supports creating a custom cipher via the legacy EVP_CIPHER_me ...)
@@ -8324,8 +8530,8 @@ CVE-2022-3358 (OpenSSL supports creating a custom cipher via the legacy EVP_CIPH
 	[bullseye] - openssl <not-affected> (Only affects 3.x)
 	[buster] - openssl <not-affected> (Only affects 3.x)
 	NOTE: https://www.openssl.org/news/secadv/20221011.txt
-CVE-2022-3357
-	RESERVED
+CVE-2022-3357 (The Smart Slider 3 WordPress plugin before 3.5.1.11 unserialises the c ...)
+	TODO: check
 CVE-2022-3356
 	RESERVED
 CVE-2022-3355 (Cross-site Scripting (XSS) - Stored in GitHub repository inventree/inv ...)
@@ -8803,8 +9009,8 @@ CVE-2022-3336
 	RESERVED
 CVE-2022-3335 (The Kadence WooCommerce Email Designer WordPress plugin before 1.5.7 u ...)
 	NOT-FOR-US: WordPress plugin
-CVE-2022-3334
-	RESERVED
+CVE-2022-3334 (The Easy WP SMTP WordPress plugin before 1.5.0 unserialises the conten ...)
+	TODO: check
 CVE-2022-3333 (A vulnerability, which was classified as problematic, was found in Zep ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-3332 (A vulnerability classified as critical has been found in SourceCodeste ...)
@@ -9745,8 +9951,8 @@ CVE-2022-3256 (Use After Free in GitHub repository vim/vim prior to 9.0.0530. ..
 	NOTE: https://github.com/vim/vim/commit/8ecfa2c56b4992c7f067b92488aa9acea5a454ad (v9.0.0530)
 CVE-2022-3255 (If an attacker can control a script that is executed in the victim's b ...)
 	NOT-FOR-US: pimcore
-CVE-2022-3254
-	RESERVED
+CVE-2022-3254 (The WordPress Classifieds Plugin WordPress plugin before 4.3 does not  ...)
+	TODO: check
 CVE-2022-41255 (Jenkins CONS3RT Plugin 1.0.0 and earlier stores Cons3rt API token unen ...)
 	NOT-FOR-US: Jenkins plugin
 CVE-2022-41254 (Missing permission checks in Jenkins CONS3RT Plugin 1.0.0 and earlier  ...)
@@ -10427,8 +10633,8 @@ CVE-2022-3238
 	[buster] - linux <not-affected> (Vulnerable code not present)
 	NOTE: NTFS3 driver not enabled in Debian
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2127927
-CVE-2022-3237
-	RESERVED
+CVE-2022-3237 (The WP Contact Slider WordPress plugin before 2.4.8 does not sanitize  ...)
+	TODO: check
 CVE-2022-40953
 	RESERVED
 CVE-2022-40952
@@ -11571,10 +11777,10 @@ CVE-2022-40490
 	RESERVED
 CVE-2022-40489
 	RESERVED
-CVE-2022-40488
-	RESERVED
-CVE-2022-40487
-	RESERVED
+CVE-2022-40488 (ProcessWire v3.0.200 was discovered to contain a Cross-Site Request Fo ...)
+	TODO: check
+CVE-2022-40487 (ProcessWire v3.0.200 was discovered to contain multiple cross-site scr ...)
+	TODO: check
 CVE-2022-40486 (TP Link Archer AX10 V1 Firmware Version 1.3.1 Build 20220401 Rel. 5745 ...)
 	NOT-FOR-US: TP Link
 CVE-2022-40485 (Wedding Planner v1.0 was discovered to contain a SQL injection vulnera ...)
@@ -11607,8 +11813,8 @@ CVE-2022-40473
 	RESERVED
 CVE-2022-40472 (ZKTeco Xiamen Information Technology ZKBio Time 8.0.7 Build: 20220721. ...)
 	NOT-FOR-US: ZKTeco Xiamen Information Technology ZKBio Time
-CVE-2022-40471
-	RESERVED
+CVE-2022-40471 (Remote Code Execution in Clinic's Patient Management System v 1.0 allo ...)
+	TODO: check
 CVE-2022-40470
 	RESERVED
 CVE-2022-40469 (iKuai OS v3.6.7 was discovered to contain an authenticated remote code ...)
@@ -14253,8 +14459,8 @@ CVE-2022-39296 (MelisAssetManager provides deliveries of Melis Platform's assets
 	NOT-FOR-US: MelisAssetManager
 CVE-2022-39295 (Knowage is an open source suite for modern business analytics alternat ...)
 	NOT-FOR-US: Knowage
-CVE-2022-39294
-	RESERVED
+CVE-2022-39294 (conduit-hyper integrates a conduit application with the hyper server.  ...)
+	TODO: check
 CVE-2022-39293 (Azure RTOS USBX is a high-performance USB host, device, and on-the-go  ...)
 	NOT-FOR-US: Azure RTOS USBX
 CVE-2022-39292 (Slack Morphism is a modern client library for Slack Web/Events API/Soc ...)
@@ -14540,8 +14746,8 @@ CVE-2022-3098 (The Login Block IPs WordPress plugin through 1.0.0 does not have
 	NOT-FOR-US: WordPress plugin
 CVE-2022-3097 (The LBStopAttack WordPress plugin through 1.1.2 does not use nonces wh ...)
 	NOT-FOR-US: WordPress plugin
-CVE-2022-3096
-	RESERVED
+CVE-2022-3096 (The WP Total Hacks WordPress plugin through 4.7.2 does not prevent low ...)
+	TODO: check
 CVE-2022-3095 (The implementation of backslash parsing in the Dart URI class for vers ...)
 	TODO: check
 CVE-2022-3094
@@ -18092,8 +18298,8 @@ CVE-2022-2743
 	RESERVED
 CVE-2022-2742
 	RESERVED
-CVE-2022-2741
-	RESERVED
+CVE-2022-2741 (The denial-of-service can be triggered by transmitting a carefully cra ...)
+	TODO: check
 CVE-2022-2740 (A vulnerability was found in SourceCodester Company Website CMS. It ha ...)
 	NOT-FOR-US: SourceCodester Company Website CMS
 CVE-2022-2739 (The version of podman as released for Red Hat Enterprise Linux 7 Extra ...)
@@ -19053,14 +19259,14 @@ CVE-2022-37625
 	RESERVED
 CVE-2022-37624
 	RESERVED
-CVE-2022-37623
-	RESERVED
+CVE-2022-37623 (Prototype pollution vulnerability in function resolveShims in resolve- ...)
+	TODO: check
 CVE-2022-37622
 	RESERVED
 CVE-2022-37621 (Prototype pollution vulnerability in function resolveShims in resolve- ...)
 	TODO: check
-CVE-2022-37620
-	RESERVED
+CVE-2022-37620 (A Regular Expression Denial of Service (ReDoS) flaw was found in kanga ...)
+	TODO: check
 CVE-2022-37619
 	RESERVED
 CVE-2022-37618
@@ -19398,7 +19604,7 @@ CVE-2022-37456
 CVE-2022-37455
 	RESERVED
 CVE-2022-37454 (The Keccak XKCP SHA-3 reference implementation before fdc6fef has an i ...)
-	{DSA-5267-1}
+	{DSA-5267-1 DLA-3174-1}
 	- php8.1 8.1.12-1
 	- php7.4 <removed>
 	- php7.3 <removed>
@@ -19877,8 +20083,8 @@ CVE-2022-2629 (The Top Bar WordPress plugin before 3.0.4 does not sanitise and e
 	NOT-FOR-US: WordPress plugin
 CVE-2022-2628 (The DSGVO All in one for WP WordPress plugin before 4.2 does not sanit ...)
 	NOT-FOR-US: WordPress plugin
-CVE-2022-2627
-	RESERVED
+CVE-2022-2627 (The Newspaper WordPress theme before 12 does not sanitise a parameter  ...)
+	TODO: check
 CVE-2022-2626 (Incorrect Privilege Assignment in GitHub repository hestiacp/hestiacp  ...)
 	NOT-FOR-US: Hestia Control Panel
 CVE-2022-37348 (Trend Micro Security 2021 and 2022 (Consumer) is vulnerable to an Out- ...)
@@ -27949,8 +28155,8 @@ CVE-2022-34349
 	RESERVED
 CVE-2022-34348 (IBM Sterling Partner Engagement Manager 6.1 is vulnerable to an XML Ex ...)
 	NOT-FOR-US: IBM
-CVE-2022-2190
-	RESERVED
+CVE-2022-2190 (The Gallery Plugin for WordPress plugin before 1.8.4.7 does not escape ...)
+	TODO: check
 CVE-2022-2189 (The WP Video Lightbox WordPress plugin before 1.9.5 does not escape th ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-2188
@@ -28188,8 +28394,8 @@ CVE-2022-2169 (The Loading Page with Loading Screen WordPress plugin before 1.0.
 	NOT-FOR-US: WordPress plugin
 CVE-2022-2168 (The Download Manager WordPress plugin before 3.2.44 does not escape a  ...)
 	NOT-FOR-US: WordPress plugin
-CVE-2022-2167
-	RESERVED
+CVE-2022-2167 (The Newspaper WordPress theme before 12 does not sanitise a parameter  ...)
+	TODO: check
 CVE-2022-34270
 	RESERVED
 CVE-2022-34269
@@ -84242,8 +84448,8 @@ CVE-2021-40663 (deep.assign npm package 0.0.0-alpha.0 is vulnerable to Improperl
 	NOT-FOR-US: Node deep.assign
 CVE-2021-40662 (A Cross-Site Request Forgery (CSRF) in Chamilo LMS 1.11.14 allows atta ...)
 	NOT-FOR-US: Chamilo LMS
-CVE-2021-40661
-	RESERVED
+CVE-2021-40661 (A remote, unauthenticated, directory traversal vulnerability was ident ...)
+	TODO: check
 CVE-2021-40660 (An issue was discovered in Delight Nashorn Sandbox 0.2.0. There is an  ...)
 	NOT-FOR-US: Delight Nashorn Sandbox
 CVE-2021-40659
@@ -85397,8 +85603,8 @@ CVE-2021-40243
 	RESERVED
 CVE-2021-40242
 	RESERVED
-CVE-2021-40241
-	RESERVED
+CVE-2021-40241 (xfig 3.2.7 is vulnerable to Buffer Overflow. ...)
+	TODO: check
 CVE-2021-40240
 	RESERVED
 CVE-2021-40239 (A Buffer Overflow vulnerability exists in the latest version of Minift ...)
@@ -164623,8 +164829,8 @@ CVE-2020-21018
 	RESERVED
 CVE-2020-21017
 	RESERVED
-CVE-2020-21016
-	RESERVED
+CVE-2020-21016 (D-Link DIR-846 devices with firmware 100A35 allow remote attackers to  ...)
+	TODO: check
 CVE-2020-21015
 	RESERVED
 CVE-2020-21014 (emlog v6.0.0 contains an arbitrary file deletion vulnerability in admi ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/12a48cc6db756115b76b764cb5653e30612d8ad3

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/12a48cc6db756115b76b764cb5653e30612d8ad3
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221031/993d9682/attachment-0001.htm>


More information about the debian-security-tracker-commits mailing list