[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Sun Jan 1 20:10:44 GMT 2023 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
eca7adfc by security tracker role at 2023-01-01T20:10:35+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,27 @@
+CVE-2023-22551 (The FTP (aka "Implementation of a simple FTP client and server") proje ...)
+	TODO: check
+CVE-2023-0030
+	RESERVED
+CVE-2023-0029 (A vulnerability was found in Multilaser RE708 RE1200R4GC-2T2R-V3_v3411 ...)
+	TODO: check
+CVE-2022-4869
+	RESERVED
+CVE-2022-48199
+	RESERVED
+CVE-2021-4297 (A vulnerability has been found in trampgeek jobe up to 1.6.4 and class ...)
+	TODO: check
+CVE-2018-25063 (A vulnerability classified as problematic was found in Zenoss Dashboar ...)
+	TODO: check
+CVE-2018-25062 (A vulnerability classified as problematic has been found in flar2 Elem ...)
+	TODO: check
+CVE-2015-10006 (A vulnerability, which was classified as problematic, has been found i ...)
+	TODO: check
+CVE-2014-125030 (A vulnerability, which was classified as critical, has been found in t ...)
+	TODO: check
+CVE-2013-10006 (A vulnerability classified as problematic was found in Ziftr primecoin ...)
+	TODO: check
+CVE-2010-10002 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as problema ...)
+	TODO: check
 CVE-2023-22550
 	RESERVED
 CVE-2023-22549
@@ -2255,8 +2279,8 @@ CVE-2022-47636
 	RESERVED
 CVE-2022-47635 (Wildix WMS 6 before 6.02.20221216, WMS 5 before 5.04.20221214, and WMS ...)
 	NOT-FOR-US: Wildix CMS
-CVE-2022-47634
-	RESERVED
+CVE-2022-47634 (M-Link Archive Server in Isode M-Link R16.2v1 through R17.0 before R17 ...)
+	TODO: check
 CVE-2022-47633 (An image signature validation bypass vulnerability in Kyverno 1.8.3 an ...)
 	NOT-FOR-US: Kyverno
 CVE-2022-47632
@@ -10702,8 +10726,8 @@ CVE-2022-45215 (A cross-site scripting (XSS) vulnerability in Book Store Managem
 	NOT-FOR-US: Book Store Management System
 CVE-2022-45214 (A cross-site scripting (XSS) vulnerability in Sanitization Management  ...)
 	NOT-FOR-US: Sanitization Management System
-CVE-2022-45213
-	RESERVED
+CVE-2022-45213 (perfSONAR before 4.4.6 inadvertently supports the parse option for a f ...)
+	TODO: check
 CVE-2022-45212
 	RESERVED
 CVE-2022-45211
@@ -11406,8 +11430,8 @@ CVE-2022-45029
 	RESERVED
 CVE-2022-45028 (A cross-site scripting (XSS) vulnerability in Arris NVG443B 9.3.0h3d36 ...)
 	NOT-FOR-US: Arris
-CVE-2022-45027
-	RESERVED
+CVE-2022-45027 (perfSONAR before 4.4.6, when performing participant discovery, incorre ...)
+	TODO: check
 CVE-2022-45026 (An issue in Markdown Preview Enhanced v0.6.5 and v0.19.6 for VSCode an ...)
 	NOT-FOR-US: Markdown Preview Enhanced
 CVE-2022-45025 (Markdown Preview Enhanced v0.6.5 and v0.19.6 for VSCode and Atom was d ...)
@@ -25471,8 +25495,8 @@ CVE-2022-40713 (An issue was discovered in NOKIA 1350OMS R14.2. Multiple Relativ
 	NOT-FOR-US: NOKIA
 CVE-2022-40712 (An issue was discovered in NOKIA 1350OMS R14.2. Reflected XSS exists u ...)
 	NOT-FOR-US: NOKIA
-CVE-2022-40711
-	RESERVED
+CVE-2022-40711 (PrimeKey EJBCA 7.9.0.2 Community allows stored XSS in the End Entity s ...)
+	TODO: check
 CVE-2022-40710 (A link following vulnerability in Trend Micro Deep Security 20 and Clo ...)
 	NOT-FOR-US: Trend Micro
 CVE-2022-40709 (An Out-of-bounds read vulnerability in Trend Micro Deep Security 20 an ...)
@@ -28705,6 +28729,7 @@ CVE-2022-39355 (Discourse Patreon enables syncronization between Discourse Group
 CVE-2022-39354 (SputnikVM, also called evm, is a Rust implementation of Ethereum Virtu ...)
 	NOT-FOR-US: Rust crate evm
 CVE-2022-39353 (xmldom is a pure JavaScript W3C standard-based (XML DOM Level 2 Core)  ...)
+	{DLA-3260-1}
 	- node-xmldom 0.8.6-1 (bug #1024736)
 	[bullseye] - node-xmldom 0.5.0-1+deb11u2
 	NOTE: https://github.com/xmldom/xmldom/security/advisories/GHSA-crh6-fp67-6883
@@ -33387,12 +33412,12 @@ CVE-2022-37789
 	RESERVED
 CVE-2022-37788
 	RESERVED
-CVE-2022-37787
-	RESERVED
-CVE-2022-37786
-	RESERVED
-CVE-2022-37785
-	RESERVED
+CVE-2022-37787 (An issue was discovered in WeCube platform 3.2.2. A DOM XSS vulnerabil ...)
+	TODO: check
+CVE-2022-37786 (An issue was discovered in WeCube Platform 3.2.2. There are multiple C ...)
+	TODO: check
+CVE-2022-37785 (An issue was discovered in WeCube Platform 3.2.2. Cleartext passwords  ...)
+	TODO: check
 CVE-2022-37784
 	RESERVED
 CVE-2022-37783 (All Craft CMS versions between 3.0.0 and 3.7.32 disclose password hash ...)
@@ -42892,12 +42917,12 @@ CVE-2022-34326 (In ambiot amb1_sdk (aka SDK for Ameba1) before 2022-06-20 on Rea
 	NOT-FOR-US: Realtek
 CVE-2022-34325 (DMA transactions which are targeted at input buffers used for the Stor ...)
 	NOT-FOR-US: Insyde
-CVE-2022-34324
-	RESERVED
-CVE-2022-34323
-	RESERVED
-CVE-2022-34322
-	RESERVED
+CVE-2022-34324 (Multiple SQL injections in Sage XRT Business Exchange 12.4.302 allow a ...)
+	TODO: check
+CVE-2022-34323 (Multiple XSS issues were discovered in Sage XRT Business Exchange 12.4 ...)
+	TODO: check
+CVE-2022-34322 (Multiple XSS issues were discovered in Sage Enterprise Intelligence 20 ...)
+	TODO: check
 CVE-2022-34321
 	RESERVED
 CVE-2022-34320 (IBM CICS TX 11.1 uses weaker than expected cryptographic algorithms th ...)
@@ -149006,6 +149031,7 @@ CVE-2021-21368 (msgpack5 is a msgpack v5 implementation for node.js and the brow
 CVE-2021-21367 (Switchboard Bluetooth Plug for elementary OS from version 2.3.0 and be ...)
 	NOT-FOR-US: Switchboard Bluetooth Plug for elementary OS
 CVE-2021-21366 (xmldom is a pure JavaScript W3C standard-based (XML DOM Level 2 Core)  ...)
+	{DLA-3260-1}
 	- node-xmldom 0.5.0-1
 	NOTE: https://github.com/xmldom/xmldom/security/advisories/GHSA-h6q6-9hqw-rwfv
 	NOTE: https://github.com/xmldom/xmldom/commit/d4201b9dfbf760049f457f9f08a3888d48835135



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/eca7adfcdb036f34d6070cf9198476c5cd6aac5a

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/eca7adfcdb036f34d6070cf9198476c5cd6aac5a
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230101/a3e4bb2e/attachment.htm>

More information about the debian-security-tracker-commits mailing list