Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
91f5ab52 by security tracker role at 2022-11-16T20:10:16+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,81 @@
+CVE-2022-45459
+ RESERVED
+CVE-2022-45458
+ RESERVED
+CVE-2022-45457
+ RESERVED
+CVE-2022-45456
+ RESERVED
+CVE-2022-45455
+ RESERVED
+CVE-2022-45454
+ RESERVED
+CVE-2022-45453
+ RESERVED
+CVE-2022-45452
+ RESERVED
+CVE-2022-45451
+ RESERVED
+CVE-2022-45450
+ RESERVED
+CVE-2022-45449
+ RESERVED
+CVE-2022-45448
+ RESERVED
+CVE-2022-45447
+ RESERVED
+CVE-2022-4036
+ RESERVED
+CVE-2022-4035
+ RESERVED
+CVE-2022-4034
+ RESERVED
+CVE-2022-4033
+ RESERVED
+CVE-2022-4032
+ RESERVED
+CVE-2022-4031
+ RESERVED
+CVE-2022-4030
+ RESERVED
+CVE-2022-4029
+ RESERVED
+CVE-2022-4028
+ RESERVED
+CVE-2022-4027
+ RESERVED
+CVE-2022-4026
+ RESERVED
+CVE-2022-4025
+ RESERVED
+CVE-2022-4024
+ RESERVED
+CVE-2022-4023
+ RESERVED
+CVE-2022-4022 (The SVG Support plugin for WordPress defaults to insecure
settings in ...)
+ TODO: check
+CVE-2022-4021 (The Permalink Manager Lite plugin for WordPress is vulnerable
to Cross ...)
+ TODO: check
+CVE-2022-4020
+ RESERVED
+CVE-2022-4019
+ RESERVED
+CVE-2022-4018 (Missing Authentication for Critical Function in GitHub
repository ikus ...)
+ TODO: check
+CVE-2022-4017
+ RESERVED
+CVE-2022-4016
+ RESERVED
+CVE-2022-4015 (A vulnerability, which was classified as critical, was found in
Sports ...)
+ TODO: check
+CVE-2022-4014 (A vulnerability, which was classified as problematic, has been
found i ...)
+ TODO: check
+CVE-2022-4013 (A vulnerability classified as problematic was found in Hospital
Manage ...)
+ TODO: check
+CVE-2022-4012 (A vulnerability classified as critical has been found in
Hospital Mana ...)
+ TODO: check
+CVE-2022-4011 (A vulnerability was found in Simple History Plugin. It has been
rated ...)
+ TODO: check
CVE-2022-43468
RESERVED
CVE-2022-41783
@@ -290,6 +368,7 @@ CVE-2023-21419
RESERVED
CVE-2022-45421
RESERVED
+ {DSA-5282-1}
- firefox 107.0-1
- firefox-esr 102.5.0esr-1
- thunderbird 1:102.5.0-1
@@ -298,6 +377,7 @@ CVE-2022-45421
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-49/#CVE-2022-45421
CVE-2022-45420
RESERVED
+ {DSA-5282-1}
- firefox 107.0-1
- firefox-esr 102.5.0esr-1
- thunderbird 1:102.5.0-1
@@ -310,6 +390,7 @@ CVE-2022-45419
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-47/#CVE-2022-45419
CVE-2022-45418
RESERVED
+ {DSA-5282-1}
- firefox 107.0-1
- firefox-esr 102.5.0esr-1
- thunderbird 1:102.5.0-1
@@ -322,6 +403,7 @@ CVE-2022-45417
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-47/#CVE-2022-45417
CVE-2022-45416
RESERVED
+ {DSA-5282-1}
- firefox 107.0-1
- firefox-esr 102.5.0esr-1
- thunderbird 1:102.5.0-1
@@ -340,6 +422,7 @@ CVE-2022-45413
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-47/#CVE-2022-45413
CVE-2022-45412
RESERVED
+ {DSA-5282-1}
- firefox 107.0-1
- firefox-esr 102.5.0esr-1
- thunderbird 1:102.5.0-1
@@ -348,6 +431,7 @@ CVE-2022-45412
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-49/#CVE-2022-45412
CVE-2022-45411
RESERVED
+ {DSA-5282-1}
- firefox 107.0-1
- firefox-esr 102.5.0esr-1
- thunderbird 1:102.5.0-1
@@ -356,6 +440,7 @@ CVE-2022-45411
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-49/#CVE-2022-45411
CVE-2022-45410
RESERVED
+ {DSA-5282-1}
- firefox 107.0-1
- firefox-esr 102.5.0esr-1
- thunderbird 1:102.5.0-1
@@ -364,6 +449,7 @@ CVE-2022-45410
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-49/#CVE-2022-45410
CVE-2022-45409
RESERVED
+ {DSA-5282-1}
- firefox 107.0-1
- firefox-esr 102.5.0esr-1
- thunderbird 1:102.5.0-1
@@ -372,6 +458,7 @@ CVE-2022-45409
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-49/#CVE-2022-45409
CVE-2022-45408
RESERVED
+ {DSA-5282-1}
- firefox 107.0-1
- firefox-esr 102.5.0esr-1
- thunderbird 1:102.5.0-1
@@ -384,6 +471,7 @@ CVE-2022-45407
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-47/#CVE-2022-45407
CVE-2022-45406
RESERVED
+ {DSA-5282-1}
- firefox 107.0-1
- firefox-esr 102.5.0esr-1
- thunderbird 1:102.5.0-1
@@ -392,6 +480,7 @@ CVE-2022-45406
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-49/#CVE-2022-45406
CVE-2022-45405
RESERVED
+ {DSA-5282-1}
- firefox 107.0-1
- firefox-esr 102.5.0esr-1
- thunderbird 1:102.5.0-1
@@ -400,6 +489,7 @@ CVE-2022-45405
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-49/#CVE-2022-45405
CVE-2022-45404
RESERVED
+ {DSA-5282-1}
- firefox 107.0-1
- firefox-esr 102.5.0esr-1
- thunderbird 1:102.5.0-1
@@ -408,6 +498,7 @@ CVE-2022-45404
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-49/#CVE-2022-45404
CVE-2022-45403
RESERVED
+ {DSA-5282-1}
- firefox 107.0-1
- firefox-esr 102.5.0esr-1
- thunderbird 1:102.5.0-1
@@ -842,8 +933,8 @@ CVE-2022-3982
RESERVED
CVE-2022-3981
RESERVED
-CVE-2022-3980
- RESERVED
+CVE-2022-3980 (An XML External Entity (XEE) vulnerability allows server-side
request ...)
+ TODO: check
CVE-2022-37406
RESERVED
CVE-2022-45199 (Pillow before 9.3.0 allows denial of service via
SAMPLESPERPIXEL. ...)
@@ -1352,8 +1443,7 @@ CVE-2022-45049
RESERVED
CVE-2022-45048
RESERVED
-CVE-2022-45047
- RESERVED
+CVE-2022-45047 (Class
org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyProvide ...)
NOT-FOR-US: Apache Mina SSHD
CVE-2022-45046
RESERVED
@@ -3999,7 +4089,7 @@ CVE-2022-3776 (The Restaurant Menu – Food Ordering
System – Table Re
NOT-FOR-US: WordPress plugin
CVE-2022-3775
RESERVED
- {DSA-5280-1}
+ {DSA-5280-1 DLA-3190-1}
- grub2 2.06-5
NOTE:
https://lists.gnu.org/archive/html/grub-devel/2022-11/msg00059.html
CVE-2022-3774 (A vulnerability was found in SourceCodester Train Scheduler App
1.0 an ...)
@@ -4791,16 +4881,16 @@ CVE-2022-44075
RESERVED
CVE-2022-44074
RESERVED
-CVE-2022-44073
- RESERVED
+CVE-2022-44073 (Zenario CMS 9.3.57186 is vulnerable to Cross Site Scripting
(XSS) via ...)
+ TODO: check
CVE-2022-44072
RESERVED
-CVE-2022-44071
- RESERVED
-CVE-2022-44070
- RESERVED
-CVE-2022-44069
- RESERVED
+CVE-2022-44071 (Zenario CMS 9.3.57186 is is vulnerable to Cross Site Scripting
(XSS) v ...)
+ TODO: check
+CVE-2022-44070 (Zenario CMS 9.3.57186 is vulnerable to Cross Site Scripting
(XSS) via ...)
+ TODO: check
+CVE-2022-44069 (Zenario CMS 9.3.57186 is vulnerable to Cross Site Scripting
(XSS) via ...)
+ TODO: check
CVE-2022-44068
RESERVED
CVE-2022-44067
@@ -8714,12 +8804,12 @@ CVE-2022-43266
RESERVED
CVE-2022-43265 (An arbitrary file upload vulnerability in the component
/pages/save_us ...)
NOT-FOR-US: Canteen Management System
-CVE-2022-43264
- RESERVED
-CVE-2022-43263
- RESERVED
-CVE-2022-43262
- RESERVED
+CVE-2022-43264 (Arobas Music Guitar Pro for iPad and iPhone before v1.10.2
allows atta ...)
+ TODO: check
+CVE-2022-43263 (A cross-site scripting (XSS) vulnerability in Arobas Music
Guitar Pro ...)
+ TODO: check
+CVE-2022-43262 (Human Resource Management System v1.0 was discovered to
contain a SQL ...)
+ TODO: check
CVE-2022-43261
RESERVED
CVE-2022-43260 (Tenda AC18 V15.03.05.19(6318) was discovered to contain a
stack overfl ...)
@@ -8730,8 +8820,8 @@ CVE-2022-43258
RESERVED
CVE-2022-43257
RESERVED
-CVE-2022-43256
- RESERVED
+CVE-2022-43256 (SeaCms before v12.6 was discovered to contain a SQL injection
vulnerab ...)
+ TODO: check
CVE-2022-43255 (GPAC v2.1-DEV-rev368-gfd054169b-master was discovered to
contain a mem ...)
- gpac <unfixed> (unimportant)
NOTE: https://github.com/gpac/gpac/issues/2285
@@ -8796,8 +8886,8 @@ CVE-2022-43236 (Libde265 v1.0.8 was discovered to contain
a stack-buffer-overflo
CVE-2022-43235 (Libde265 v1.0.8 was discovered to contain a
heap-buffer-overflow vulne ...)
- libde265 <unfixed>
NOTE: https://github.com/strukturag/libde265/issues/337
-CVE-2022-43234
- RESERVED
+CVE-2022-43234 (An arbitrary file upload vulnerability in the /attachments
component o ...)
+ TODO: check
CVE-2022-43233 (Canteen Management System v1.0 was discovered to contain a SQL
injecti ...)
NOT-FOR-US: Canteen Management System
CVE-2022-43232 (Canteen Management System v1.0 was discovered to contain a SQL
injecti ...)
@@ -24357,7 +24447,7 @@ CVE-2022-37300 (A CWE-640: Weak Password Recovery
Mechanism for Forgotten Passwo
NOT-FOR-US: EcoStruxure Control Expert, EcoStruxure Process Expert, and
Modicon Controllers M580 and M340
CVE-2022-2601
RESERVED
- {DSA-5280-1}
+ {DSA-5280-1 DLA-3190-1}
- grub2 2.06-5
NOTE:
https://lists.gnu.org/archive/html/grub-devel/2022-11/msg00059.html
CVE-2022-2600 (The Auto-hyperlink URLs WordPress plugin through 5.4.1 does not
set re ...)
@@ -32244,8 +32334,8 @@ CVE-2022-34356 (IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1
could allow a non-privileged
NOT-FOR-US: IBM
CVE-2022-34355
RESERVED
-CVE-2022-34354
- RESERVED
+CVE-2022-34354 (IBM Sterling Partner Engagement Manager 2.0 allows encrypted
storage o ...)
+ TODO: check
CVE-2022-34353
RESERVED
CVE-2022-34352
@@ -62222,8 +62312,8 @@ CVE-2022-24038
RESERVED
CVE-2022-24037
RESERVED
-CVE-2022-24036
- RESERVED
+CVE-2022-24036 (Karmasis informatics solutions Infraskope Security Event
Manager produ ...)
+ TODO: check
CVE-2022-23921 (Exploitation of this vulnerability may result in local
privilege escal ...)
NOT-FOR-US: GE
CVE-2022-22987 (The affected product has a hardcoded private key available
inside the ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/91f5ab52952b5ff9e90358bafcb2ff5c640295d6
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/91f5ab52952b5ff9e90358bafcb2ff5c640295d6
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
