Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
bde0dd0a by security tracker role at 2022-11-09T20:10:21+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,115 @@
+CVE-2022-45108
+ RESERVED
+CVE-2022-45107
+ RESERVED
+CVE-2022-45106
+ RESERVED
+CVE-2022-45105
+ RESERVED
+CVE-2022-45104
+ RESERVED
+CVE-2022-45103
+ RESERVED
+CVE-2022-45102
+ RESERVED
+CVE-2022-45101
+ RESERVED
+CVE-2022-45100
+ RESERVED
+CVE-2022-45099
+ RESERVED
+CVE-2022-45098
+ RESERVED
+CVE-2022-45097
+ RESERVED
+CVE-2022-45096
+ RESERVED
+CVE-2022-45095
+ RESERVED
+CVE-2022-45094
+ RESERVED
+CVE-2022-45093
+ RESERVED
+CVE-2022-45092
+ RESERVED
+CVE-2022-45091
+ RESERVED
+CVE-2022-45090
+ RESERVED
+CVE-2022-45089
+ RESERVED
+CVE-2022-45088
+ RESERVED
+CVE-2022-45087
+ RESERVED
+CVE-2022-45086
+ RESERVED
+CVE-2022-45085
+ RESERVED
+CVE-2022-45084
+ RESERVED
+CVE-2022-45083
+ RESERVED
+CVE-2022-45082
+ RESERVED
+CVE-2022-45081
+ RESERVED
+CVE-2022-45080
+ RESERVED
+CVE-2022-45079
+ RESERVED
+CVE-2022-45078
+ RESERVED
+CVE-2022-45077
+ RESERVED
+CVE-2022-45076
+ RESERVED
+CVE-2022-45075
+ RESERVED
+CVE-2022-45074
+ RESERVED
+CVE-2022-45073
+ RESERVED
+CVE-2022-45072
+ RESERVED
+CVE-2022-45071
+ RESERVED
+CVE-2022-45070
+ RESERVED
+CVE-2022-45069
+ RESERVED
+CVE-2022-45068
+ RESERVED
+CVE-2022-45067
+ RESERVED
+CVE-2022-45066
+ RESERVED
+CVE-2022-45065
+ RESERVED
+CVE-2022-45064
+ RESERVED
+CVE-2022-3919
+ RESERVED
+CVE-2022-3918
+ RESERVED
+CVE-2022-3917
+ RESERVED
+CVE-2022-3916
+ RESERVED
+CVE-2022-3915
+ RESERVED
+CVE-2022-3914
+ RESERVED
+CVE-2022-3913
+ RESERVED
+CVE-2022-3912
+ RESERVED
+CVE-2022-3911
+ RESERVED
+CVE-2022-3910
+ RESERVED
+CVE-2022-3909
+ RESERVED
CVE-2022-45063
RESERVED
CVE-2022-45062 (In Xfce xfce4-settings before 4.16.4 and 4.17.x before 4.17.1,
there i ...)
@@ -6656,8 +6768,8 @@ CVE-2022-43491 (Cross-Site Request Forgery (CSRF)
vulnerability in Advanced Dyna
NOT-FOR-US: WordPress plugin
CVE-2022-43490
RESERVED
-CVE-2022-43488
- RESERVED
+CVE-2022-43488 (Cross-Site Request Forgery (CSRF) vulnerability in Advanced
Dynamic Pr ...)
+ TODO: check
CVE-2022-43482
RESERVED
CVE-2022-43481 (Cross-Site Request Forgery (CSRF) vulnerability in Advanced
Coupons fo ...)
@@ -6742,8 +6854,8 @@ CVE-2022-41987
RESERVED
CVE-2022-41980 (Auth. (admin+) Cross-Site Scripting (XSS) vulnerability in
Mantenimien ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-41978
- RESERVED
+CVE-2022-41978 (Auth. (subscriber+) Arbitrary Options Update vulnerability in
Zoho CRM ...)
+ TODO: check
CVE-2022-41840
RESERVED
CVE-2022-41839
@@ -6831,7 +6943,8 @@ CVE-2022-3640 (A vulnerability, which was classified as
critical, was found in L
NOTE:
https://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth-next.git/commit/?id=42cf46dea905a80f6de218e837ba4d4cc33d6979
CVE-2022-3639 (A potential DOS vulnerability was discovered in GitLab CE/EE
affecting ...)
- gitlab <unfixed>
-CVE-2022-3638 (A vulnerability was found in Nginx and classified as
problematic. This ...)
+CVE-2022-3638
+ REJECTED
- nginx <not-affected> (Vulnerable code not present)
NOTE: http://hg.nginx.org/nginx/rev/0422365794f7
NOTE: Introduced by:
https://github.com/nginx/nginx/commit/5178da4f94fbae1daec2800bc7fd74cd2923c5bd
(release-1.23.1)
@@ -7290,10 +7403,10 @@ CVE-2022-43323
RESERVED
CVE-2022-43322
RESERVED
-CVE-2022-43321
- RESERVED
-CVE-2022-43320
- RESERVED
+CVE-2022-43321 (Shopwind v3.4.3 was discovered to contain a reflected
cross-site scrip ...)
+ TODO: check
+CVE-2022-43320 (FeehiCMS v2.1.1 was discovered to contain a reflected
cross-site scrip ...)
+ TODO: check
CVE-2022-43319 (An information disclosure vulnerability in the component
vcs/downloadF ...)
NOT-FOR-US: Simple E-Learning System
CVE-2022-43318 (Human Resource Management System v1.0 was discovered to
contain a SQL ...)
@@ -7348,12 +7461,12 @@ CVE-2022-43294
RESERVED
CVE-2022-43293
RESERVED
-CVE-2022-43292
- RESERVED
-CVE-2022-43291
- RESERVED
-CVE-2022-43290
- RESERVED
+CVE-2022-43292 (Canteen Management System v1.0 was discovered to contain a SQL
injecti ...)
+ TODO: check
+CVE-2022-43291 (Canteen Management System v1.0 was discovered to contain a SQL
injecti ...)
+ TODO: check
+CVE-2022-43290 (Canteen Management System v1.0 was discovered to contain a SQL
injecti ...)
+ TODO: check
CVE-2022-43289
RESERVED
CVE-2022-43288
@@ -7384,10 +7497,10 @@ CVE-2022-43280 (wasm-interp v1.0.29 was discovered to
contain an out-of-bounds r
NOTE: Crash in CLI tool, no security impact
CVE-2022-43279
RESERVED
-CVE-2022-43278
- RESERVED
-CVE-2022-43277
- RESERVED
+CVE-2022-43278 (Canteen Management System v1.0 was discovered to contain a SQL
injecti ...)
+ TODO: check
+CVE-2022-43277 (Canteen Management System v1.0 was discovered to contain an
arbitrary ...)
+ TODO: check
CVE-2022-43276 (Canteen Management System v1.0 was discovered to contain a SQL
injecti ...)
NOT-FOR-US: Canteen Management System
CVE-2022-43275 (Canteen Management System v1.0 was discovered to contain an
arbitrary ...)
@@ -7723,14 +7836,14 @@ CVE-2022-43123
RESERVED
CVE-2022-43122
RESERVED
-CVE-2022-43121
- RESERVED
-CVE-2022-43120
- RESERVED
-CVE-2022-43119
- RESERVED
-CVE-2022-43118
- RESERVED
+CVE-2022-43121 (A cross-site scripting (XSS) vulnerability in the CMS Field
Add page o ...)
+ TODO: check
+CVE-2022-43120 (A cross-site scripting (XSS) vulnerability in the
/panel/fields/add co ...)
+ TODO: check
+CVE-2022-43119 (A cross-site scripting (XSS) vulnerability in Clansphere CMS
v2011.4 a ...)
+ TODO: check
+CVE-2022-43118 (A cross-site scripting (XSS) vulnerability in flatCore-CMS
v2.1.0 allo ...)
+ TODO: check
CVE-2022-43117
RESERVED
CVE-2022-43116
@@ -8713,12 +8826,12 @@ CVE-2022-42826
CVE-2022-42825 (This issue was addressed by removing additional entitlements.
This iss ...)
NOT-FOR-US: Apple
CVE-2022-42824 (A logic issue was addressed with improved state management.
This issue ...)
- {DSA-5274-1 DSA-5273-1}
+ {DSA-5274-1 DSA-5273-1 DLA-3183-1}
- webkit2gtk 2.38.2-1
- wpewebkit 2.38.2-1
NOTE: https://webkitgtk.org/security/WSA-2022-0010.html
CVE-2022-42823 (A type confusion issue was addressed with improved memory
handling. Th ...)
- {DSA-5274-1 DSA-5273-1}
+ {DSA-5274-1 DSA-5273-1 DLA-3183-1}
- webkit2gtk 2.38.2-1
- wpewebkit 2.38.2-1
NOTE: https://webkitgtk.org/security/WSA-2022-0010.html
@@ -8769,7 +8882,7 @@ CVE-2022-42801 (A logic issue was addressed with improved
checks. This issue is
CVE-2022-42800 (This issue was addressed with improved checks. This issue is
fixed in ...)
NOT-FOR-US: Apple
CVE-2022-42799 (The issue was addressed with improved UI handling. This issue
is fixed ...)
- {DSA-5274-1 DSA-5273-1}
+ {DSA-5274-1 DSA-5273-1 DLA-3183-1}
- webkit2gtk 2.38.2-1
- wpewebkit 2.38.2-1
NOTE: https://webkitgtk.org/security/WSA-2022-0010.html
@@ -8915,33 +9028,27 @@ CVE-2022-41797 (Improper authorization in handler for
custom URL scheme vulnerab
NOT-FOR-US: Lemon8 App
CVE-2022-3451 (The Product Stock Manager WordPress plugin before 1.0.5 does
not have ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-3450
- RESERVED
+CVE-2022-3450 (Use after free in Peer Connection in Google Chrome prior to
106.0.5249 ...)
{DSA-5253-1}
- chromium 106.0.5249.119-1
[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2022-3449
- RESERVED
+CVE-2022-3449 (Use after free in Safe Browsing in Google Chrome prior to
106.0.5249.1 ...)
{DSA-5253-1}
- chromium 106.0.5249.119-1
[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2022-3448
- RESERVED
+CVE-2022-3448 (Use after free in Permissions API in Google Chrome prior to
106.0.5249 ...)
{DSA-5253-1}
- chromium 106.0.5249.119-1
[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2022-3447
- RESERVED
+CVE-2022-3447 (Inappropriate implementation in Custom Tabs in Google Chrome on
Androi ...)
{DSA-5253-1}
- chromium 106.0.5249.119-1
[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2022-3446
- RESERVED
+CVE-2022-3446 (Heap buffer overflow in WebSQL in Google Chrome prior to
106.0.5249.11 ...)
{DSA-5253-1}
- chromium 106.0.5249.119-1
[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2022-3445
- RESERVED
+CVE-2022-3445 (Use after free in Skia in Google Chrome prior to 106.0.5249.119
allowe ...)
{DSA-5253-1}
- chromium 106.0.5249.119-1
[buster] - chromium <end-of-life> (see DSA 5046)
@@ -34422,8 +34529,8 @@ CVE-2022-32959 (HiCOS’ client-side citizen
digital certificate component h
NOT-FOR-US: HICOS
CVE-2022-32958 (A remote attacker with general user privilege can send a
message to Te ...)
NOT-FOR-US: TeamPlus Pro
-CVE-2022-32588
- RESERVED
+CVE-2022-32588 (An out-of-bounds write vulnerability exists in the PICT
parsing pctwre ...)
+ TODO: check
CVE-2022-32281
RESERVED
CVE-2022-2053 (When a POST request comes through AJP and the request exceeds
the max- ...)
@@ -39281,8 +39388,8 @@ CVE-2022-31255
NOT-FOR-US: Uyuni
CVE-2022-31254
RESERVED
-CVE-2022-31253
- RESERVED
+CVE-2022-31253 (A Untrusted Search Path vulnerability in openldap2 of openSUSE
Factory ...)
+ TODO: check
CVE-2022-31252 (A Incorrect Authorization vulnerability in chkstat of SUSE
Linux Enter ...)
NOT-FOR-US: OpenSUSE
CVE-2022-31251 (A Incorrect Default Permissions vulnerability in the packaging
of the ...)
@@ -40359,10 +40466,10 @@ CVE-2022-30710 (Improper validation vulnerability in
RemoteViews prior to SMR Ju
NOT-FOR-US: Samsung
CVE-2022-30709 (Improper input validation check logic vulnerability in SECRIL
prior to ...)
NOT-FOR-US: Samsung
-CVE-2022-29888
- RESERVED
-CVE-2022-25932
- RESERVED
+CVE-2022-29888 (A leftover debug code vulnerability exists in the httpd port
4444 uplo ...)
+ TODO: check
+CVE-2022-25932 (The firmware of InHand Networks InRouter302 V3.5.45 introduces
fixes f ...)
+ TODO: check
CVE-2022-1736
RESERVED
- gnome-remote-desktop 42.1.1-2 (unimportant)
@@ -40885,16 +40992,16 @@ CVE-2022-30695 (Local privilege escalation due to
excessive permissions assigned
NOT-FOR-US: Acronis
CVE-2022-30694 (A vulnerability has been identified in SIMATIC Drive
Controller family ...)
NOT-FOR-US: Siemens
-CVE-2022-30543
- RESERVED
+CVE-2022-30543 (A leftover debug code vulnerability exists in the console
infct functi ...)
+ TODO: check
CVE-2022-29485 (Cross-site scripting vulnerability in SHIRASAGI v1.0.0 to
v1.14.2, and ...)
NOT-FOR-US: SHIRASAGI
-CVE-2022-29481
- RESERVED
-CVE-2022-28689
- RESERVED
-CVE-2022-26023
- RESERVED
+CVE-2022-29481 (A leftover debug code vulnerability exists in the console
nvram functi ...)
+ TODO: check
+CVE-2022-28689 (A leftover debug code vulnerability exists in the console
support func ...)
+ TODO: check
+CVE-2022-26023 (A leftover debug code vulnerability exists in the console
verify funct ...)
+ TODO: check
CVE-2022-1715 (Account Takeover in GitHub repository neorazorx/facturascripts
prior t ...)
NOT-FOR-US: neorazorx/facturascripts
CVE-2022-1714 (Heap-based Buffer Overflow in GitHub repository
radareorg/radare2 prio ...)
@@ -68177,8 +68284,8 @@ CVE-2022-0033
RESERVED
CVE-2022-0032
RESERVED
-CVE-2022-0031
- RESERVED
+CVE-2022-0031 (A local privilege escalation (PE) vulnerability in the Palo
Alto Netwo ...)
+ TODO: check
CVE-2022-0030 (An authentication bypass vulnerability in the Palo Alto
Networks PAN-O ...)
NOT-FOR-US: Palo Alto Networks
CVE-2022-0029 (An improper link resolution vulnerability in the Palo Alto
Networks Co ...)
@@ -97009,7 +97116,7 @@ CVE-2021-36785 (The miniorange_saml (aka Miniorange
Saml) extension before 1.4.3
NOT-FOR-US: miniorange_saml (aka Miniorange Saml) extension for TYPO3
CVE-2021-36784 (A Improper Privilege Management vulnerability in SUSE Rancher
allows u ...)
NOT-FOR-US: Rancher
-CVE-2021-36783 (A Exposure of Sensitive Information to an Unauthorized Actor
vulnerabi ...)
+CVE-2021-36783 (A Insufficiently Protected Credentials vulnerability in SUSE
Rancher a ...)
NOT-FOR-US: Rancher
CVE-2021-36782 (A Cleartext Storage of Sensitive Information vulnerability in
SUSE Ran ...)
NOT-FOR-US: Rancher
@@ -102299,12 +102406,12 @@ CVE-2021-34581 (Missing Release of Resource after
Effective Lifetime vulnerabili
NOT-FOR-US: WAGO
CVE-2021-34580 (In mymbCONNECT24, mbCONNECT24 <= 2.9.0 an unauthenticated
user can ...)
NOT-FOR-US: MB connect line
-CVE-2021-34579
- RESERVED
+CVE-2021-34579 (In Phoenix Contact: FL MGUARD DM version 1.12.0 and 1.13.0
access to t ...)
+ TODO: check
CVE-2021-34578 (This vulnerability allows an attacker who has access to the
WBM to rea ...)
NOT-FOR-US: WAGO
-CVE-2021-34577
- RESERVED
+CVE-2021-34577 (In the Kaden PICOFLUX AiR water meter an adversary can read
the values ...)
+ TODO: check
CVE-2021-34576 (In Kaden PICOFLUX Air in all known versions an information
exposure th ...)
NOT-FOR-US: Kaden PICOFLUX Air
CVE-2021-34575 (In MB connect line mymbCONNECT24, mbCONNECT24 in versions
<= 2.8.0 ...)
@@ -102319,14 +102426,14 @@ CVE-2021-34571 (Multiple Wireless M-Bus devices by
Enbra use Hard-coded Credenti
NOT-FOR-US: Enbra
CVE-2021-34570 (Multiple Phoenix Contact PLCnext control devices in versions
prior to ...)
NOT-FOR-US: Phoenix Contact PLCnext control devices
-CVE-2021-34569
- RESERVED
-CVE-2021-34568
- RESERVED
-CVE-2021-34567
- RESERVED
-CVE-2021-34566
- RESERVED
+CVE-2021-34569 (In WAGO I/O-Check Service in multiple products an attacker can
send a ...)
+ TODO: check
+CVE-2021-34568 (In WAGO I/O-Check Service in multiple products an
unauthenticated remo ...)
+ TODO: check
+CVE-2021-34567 (In WAGO I/O-Check Service in multiple products an
unauthenticated remo ...)
+ TODO: check
+CVE-2021-34566 (In WAGO I/O-Check Service in multiple products an
unauthenticated remo ...)
+ TODO: check
CVE-2021-34565 (In PEPPERL+FUCHS WirelessHART-Gateway 3.0.7 to 3.0.9 the SSH
and telne ...)
NOT-FOR-US: PEPPERL+FUCHS WirelessHART-Gateway
CVE-2021-34564 (Any cookie-stealing vulnerabilities within the application or
browser ...)
@@ -108956,7 +109063,7 @@ CVE-2021-32003 (Unprotected Transport of Credentials
vulnerability in SiteManage
NOT-FOR-US: Secomea SiteManager
CVE-2021-32002 (Improper Access Control vulnerability in web service of
Secomea SiteMa ...)
NOT-FOR-US: Secomea SiteManager
-CVE-2021-32001 (A Missing Encryption of Sensitive Data vulnerability in k3s,
kde2 of S ...)
+CVE-2021-32001 (K3s in SUSE Rancher allows any user with direct access to the
datastor ...)
NOT-FOR-US: Rancher
CVE-2021-32000 (A UNIX Symbolic Link (Symlink) Following vulnerability in the
clone-ma ...)
NOT-FOR-US: clone-master-clean-up in SUSE Linux Enterprise Server
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bde0dd0a108f2e05f857ad596bac18786a0fdfea
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bde0dd0a108f2e05f857ad596bac18786a0fdfea
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
