Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
1d0a5186 by security tracker role at 2022-11-22T08:10:12+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,29 @@
+CVE-2022-45785
+ RESERVED
+CVE-2022-45784
+ RESERVED
+CVE-2022-45783
+ RESERVED
+CVE-2022-45782
+ RESERVED
+CVE-2022-4114
+ RESERVED
+CVE-2022-4113
+ RESERVED
+CVE-2022-4112
+ RESERVED
+CVE-2022-4111 (What happens if a bot net starts uploading 100MB files from 100
machin ...)
+ TODO: check
+CVE-2022-4110
+ RESERVED
+CVE-2022-4109
+ RESERVED
+CVE-2022-4108
+ RESERVED
+CVE-2022-4107
+ RESERVED
+CVE-2022-4106
+ RESERVED
CVE-2022-45781
RESERVED
CVE-2022-45780
@@ -594,8 +620,8 @@ CVE-2022-45485
RESERVED
CVE-2022-45484
RESERVED
-CVE-2022-4105
- RESERVED
+CVE-2022-4105 (A stored XSS in a kiwi Test Plan can run malicious javascript
which co ...)
+ TODO: check
CVE-2022-4104
RESERVED
CVE-2022-4103
@@ -2839,16 +2865,16 @@ CVE-2022-44790
RESERVED
CVE-2022-44789
RESERVED
-CVE-2022-44788
- RESERVED
-CVE-2022-44787
- RESERVED
-CVE-2022-44786
- RESERVED
-CVE-2022-44785
- RESERVED
-CVE-2022-44784
- RESERVED
+CVE-2022-44788 (An issue was discovered in Appalti & Contratti 9.12.2. It
allows S ...)
+ TODO: check
+CVE-2022-44787 (An issue was discovered in Appalti & Contratti 9.12.2. The
web app ...)
+ TODO: check
+CVE-2022-44786 (An issue was discovered in Appalti & Contratti 9.12.2. The
target ...)
+ TODO: check
+CVE-2022-44785 (An issue was discovered in Appalti & Contratti 9.12.2. The
target ...)
+ TODO: check
+CVE-2022-44784 (An issue was discovered in Appalti & Contratti 9.12.2. The
target ...)
+ TODO: check
CVE-2022-44619
RESERVED
CVE-2022-44610
@@ -8323,12 +8349,12 @@ CVE-2022-43711
RESERVED
CVE-2022-43710
RESERVED
-CVE-2022-43709
- RESERVED
-CVE-2022-43708
- RESERVED
-CVE-2022-43707
- RESERVED
+CVE-2022-43709 (MyBB 1.8.31 has a SQL injection vulnerability in the Admin
CP's Users ...)
+ TODO: check
+CVE-2022-43708 (MyBB 1.8.31 has a (issue 2 of 2) cross-site scripting (XSS)
vulnerabil ...)
+ TODO: check
+CVE-2022-43707 (MyBB 1.8.31 has a Cross-site scripting (XSS) vulnerability in
the visu ...)
+ TODO: check
CVE-2022-43706
RESERVED
CVE-2022-43705 [malicious OCSP responder could forge OCSP responses]
@@ -8383,8 +8409,8 @@ CVE-2022-43687 (Concrete CMS (formerly concrete5) below
8.5.10 and between 9.0.0
NOT-FOR-US: Concrete CMS
CVE-2022-43686 (In Concrete CMS (formerly concrete5) below 8.5.10 and between
9.0.0 an ...)
NOT-FOR-US: Concrete CMS
-CVE-2022-43685
- RESERVED
+CVE-2022-43685 (CKAN through 2.9.6 account takeovers by unauthenticated users
when an ...)
+ TODO: check
CVE-2022-43684
RESERVED
CVE-2022-43683
@@ -9728,10 +9754,10 @@ CVE-2022-43217
RESERVED
CVE-2022-43216
RESERVED
-CVE-2022-43215
- RESERVED
-CVE-2022-43214
- RESERVED
+CVE-2022-43215 (Billing System Project v1.0 was discovered to contain a SQL
injection ...)
+ TODO: check
+CVE-2022-43214 (Billing System Project v1.0 was discovered to contain a SQL
injection ...)
+ TODO: check
CVE-2022-43213
RESERVED
CVE-2022-43212
@@ -9875,8 +9901,8 @@ CVE-2022-43145
RESERVED
CVE-2022-43144 (A cross-site scripting (XSS) vulnerability in Canteen
Management Syste ...)
NOT-FOR-US: Canteen Management System
-CVE-2022-43143
- RESERVED
+CVE-2022-43143 (A cross-site scripting (XSS) vulnerability in Beekeeper Studio
v3.6.6 ...)
+ TODO: check
CVE-2022-43142 (A cross-site scripting (XSS) vulnerability in the add-fee.php
componen ...)
NOT-FOR-US: Password Storage Application
CVE-2022-43141
@@ -12661,8 +12687,8 @@ CVE-2022-42098
RESERVED
CVE-2022-42097
RESERVED
-CVE-2022-42096
- RESERVED
+CVE-2022-42096 (Backdrop CMS version 1.23.0 was discovered to contain a stored
cross-s ...)
+ TODO: check
CVE-2022-42095
RESERVED
CVE-2022-42094
@@ -12888,7 +12914,7 @@ CVE-2022-38143
RESERVED
CVE-2022-36354
RESERVED
-CVE-2022-3388 (Improper Input Validation vulnerability in Hitachi Energy
MicroSCADA P ...)
+CVE-2022-3388 (An input validation vulnerability exists in the Monitor Pro
interface ...)
NOT-FOR-US: MicroSCADA
CVE-2022-3387 (Advantech R-SeeNet Versions 2.4.19 and prior are vulnerable to
path tr ...)
NOT-FOR-US: Advantech R-SeeNet
@@ -12988,8 +13014,8 @@ CVE-2022-41947
RESERVED
CVE-2022-41946
RESERVED
-CVE-2022-41945
- RESERVED
+CVE-2022-41945 (super-xray is a vulnerability scanner (xray) GUI launcher. In
version ...)
+ TODO: check
CVE-2022-41944
RESERVED
CVE-2022-41943
@@ -12998,16 +13024,16 @@ CVE-2022-41942
RESERVED
CVE-2022-41941
RESERVED
-CVE-2022-41940
- RESERVED
+CVE-2022-41940 (Engine.IO is the implementation of transport-based
cross-browser/cross ...)
+ TODO: check
CVE-2022-41939 (knative.dev/func is is a client library and CLI enabling the
developme ...)
NOT-FOR-US: knative.dev/func
CVE-2022-41938 (Flarum is an open source discussion platform. Flarum's page
title syst ...)
NOT-FOR-US: Flarum
-CVE-2022-41937
- RESERVED
-CVE-2022-41936
- RESERVED
+CVE-2022-41937 (XWiki Platform is a generic wiki platform offering runtime
services fo ...)
+ TODO: check
+CVE-2022-41936 (XWiki Platform is a generic wiki platform offering runtime
services fo ...)
+ TODO: check
CVE-2022-41935
RESERVED
CVE-2022-41934
@@ -14611,8 +14637,8 @@ CVE-2022-3283 (A potential DOS vulnerability was
discovered in GitLab CE/EE affe
- gitlab <unfixed>
CVE-2022-3282 (The Drag and Drop Multiple File Upload WordPress plugin before
1.3.6.5 ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-41326
- RESERVED
+CVE-2022-41326 (The web conferencing component of Mitel MiCollab through
9.6.0.13 coul ...)
+ TODO: check
CVE-2022-41325
RESERVED
CVE-2022-41324
@@ -14832,8 +14858,8 @@ CVE-2022-41257
RESERVED
CVE-2022-41256
RESERVED
-CVE-2022-41223
- RESERVED
+CVE-2022-41223 (The Director database component of MiVoice Connect through
19.3 (22.22 ...)
+ TODO: check
CVE-2022-41221
RESERVED
CVE-2022-40224
@@ -15764,8 +15790,8 @@ CVE-2022-40844 (In Tenda (Shenzhen Tenda Technology
Co., Ltd) AC1200 Router mode
NOT-FOR-US: Tenda
CVE-2022-40843 (The Tenda AC1200 V-W15Ev2 V15.11.0.10(1576) router is
vulnerable to im ...)
NOT-FOR-US: Tenda
-CVE-2022-40842
- RESERVED
+CVE-2022-40842 (ndk design NdkAdvancedCustomizationFields 3.5.0 is vulnerable
to Serve ...)
+ TODO: check
CVE-2022-40841
RESERVED
CVE-2022-40840 (ndk design NdkAdvancedCustomizationFields 3.5.0 is vulnerable
to Cross ...)
@@ -15921,8 +15947,8 @@ CVE-2022-40767
RESERVED
CVE-2022-40766 (Modern Campus Omni CMS (formerly OU Campus) 10.2.4 allows
login-page S ...)
NOT-FOR-US: Modern Campus Omni CMS (formerly OU Campus)
-CVE-2022-40765
- RESERVED
+CVE-2022-40765 (A vulnerability in the Edge Gateway component of Mitel MiVoice
Connect ...)
+ TODO: check
CVE-2022-40764 (Snyk CLI before 1.996.0 allows arbitrary command execution,
affecting ...)
NOT-FOR-US: Snyk CLI
CVE-2022-3236 (A code injection vulnerability in the User Portal and Webadmin
allows ...)
@@ -16025,7 +16051,7 @@ CVE-2022-40737 (An issue was discovered in Bento4
through 1.6.0-639. A buffer ov
NOT-FOR-US: Bento4
CVE-2022-40736 (An issue was discovered in Bento4 1.6.0-639. There ie
excessive memory ...)
NOT-FOR-US: Bento4
-CVE-2022-40735 (Using long exponents in the Diffie-Hellman Key Agreement
Protocol allo ...)
+CVE-2022-40735 (The Diffie-Hellman Key Agreement Protocol allows use of long
exponents ...)
TODO: check
CVE-2022-40734 (UniSharp laravel-filemanager (aka Laravel Filemanager) through
2.5.1 a ...)
NOT-FOR-US: Laravel Filemanager
@@ -16438,8 +16464,8 @@ CVE-2022-40604 (In Apache Airflow 2.3.0 through 2.3.4,
part of a url was unneces
- airflow <itp> (bug #819700)
CVE-2022-40603
RESERVED
-CVE-2022-40602
- RESERVED
+CVE-2022-40602 (A flaw in the Zyxel LTE3301-M209 firmware verisons prior to
V1.00(ABLG ...)
+ TODO: check
CVE-2022-40601
RESERVED
CVE-2022-40600
@@ -17136,7 +17162,7 @@ CVE-2022-40286
CVE-2022-40285
RESERVED
CVE-2022-40284 (A buffer overflow was discovered in NTFS-3G before 2022.10.3.
Crafted ...)
- {DSA-5270-1}
+ {DSA-5270-1 DLA-3201-1}
- ntfs-3g 1:2022.10.3-1
NOTE: https://www.openwall.com/lists/oss-security/2022/10/31/2
NOTE:
https://github.com/tuxera/ntfs-3g/commit/18bfc676119a1188e8135287b8327b0760ba44a1
(2022.10.3)
@@ -23574,8 +23600,8 @@ CVE-2022-37933
RESERVED
CVE-2022-37932
RESERVED
-CVE-2022-37931
- RESERVED
+CVE-2022-37931 (A vulnerability in NetBatch-Plus software allows unauthorized
access t ...)
+ TODO: check
CVE-2022-37930 (A security vulnerability has been identified in HPE Nimble
Storage Hyb ...)
NOT-FOR-US: HPE
CVE-2022-37929 (Improper Privilege Management vulnerability in Hewlett Packard
Enterpr ...)
@@ -26020,8 +26046,8 @@ CVE-2022-37020
RESERVED
CVE-2022-37019
RESERVED
-CVE-2022-37018
- RESERVED
+CVE-2022-37018 (A potential vulnerability has been identified in the system
BIOS for c ...)
+ TODO: check
CVE-2022-37017
RESERVED
CVE-2022-37016
@@ -28020,8 +28046,8 @@ CVE-2022-36229
RESERVED
CVE-2022-36228
RESERVED
-CVE-2022-36227
- RESERVED
+CVE-2022-36227 (In libarchive 3.6.1, the software does not check for an error
after ca ...)
+ TODO: check
CVE-2022-36226 (SiteServerCMS 5.X has a Remote-download-Getshell-vulnerability
via /Si ...)
NOT-FOR-US: SiteServerCMS
CVE-2022-36225 (EyouCMS V1.5.8-UTF8-SP1 is vulnerable to Cross Site Request
Forgery (C ...)
@@ -28127,10 +28153,10 @@ CVE-2022-36182 (Hashicorp Boundary v0.8.0 is
vulnerable to Clickjacking which al
NOT-FOR-US: HashiCorp Boundary
CVE-2022-36181
RESERVED
-CVE-2022-36180
- RESERVED
-CVE-2022-36179
- RESERVED
+CVE-2022-36180 (Fusiondirectory 1.3 is vulnerable to Cross Site Scripting
(XSS) via /f ...)
+ TODO: check
+CVE-2022-36179 (Fusiondirectory 1.3 suffers from Improper Session Handling.
...)
+ TODO: check
CVE-2022-36178
RESERVED
CVE-2022-36177
@@ -30156,8 +30182,8 @@ CVE-2022-35409 (An issue was discovered in Mbed TLS
before 2.28.1 and 3.x before
NOTE:
https://github.com/Mbed-TLS/mbedtls/commit/719c723afc63930d3472a12c0edb654a7d08d6b9
(v2.28.1)
CVE-2022-35408 (An issue was discovered in Insyde InsydeH2O with kernel 5.0
through 5. ...)
NOT-FOR-US: Insyde
-CVE-2022-35407
- RESERVED
+CVE-2022-35407 (An issue was discovered in Insyde InsydeH2O with kernel 5.0
through 5. ...)
+ TODO: check
CVE-2022-35406 (A URL disclosure issue was discovered in Burp Suite before
2022.6. If ...)
- burpsuite <itp> (bug #832943)
CVE-2022-35405 (Zoho ManageEngine Password Manager Pro before 12101 and PAM360
before ...)
@@ -43847,8 +43873,8 @@ CVE-2022-1664 (Dpkg::Source::Archive in dpkg, the
Debian package management syst
NOTE:
https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=faa4c92debe45412bfcf8a44f26e827800bb24be
(1.18.26)
CVE-2022-1663 (The Stop Spam Comments WordPress plugin through 0.2.1.2 does
not prope ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-30529
- RESERVED
+CVE-2022-30529 (File upload vulnerability in asith-eranga ISIC tour booking
through ve ...)
+ TODO: check
CVE-2022-30528
RESERVED
CVE-2022-30527
@@ -44685,10 +44711,10 @@ CVE-2022-1585 (The Project Source Code Download
WordPress plugin through 1.0.0 d
NOT-FOR-US: WordPress plugin
CVE-2022-30259
RESERVED
-CVE-2022-30258
- RESERVED
-CVE-2022-30257
- RESERVED
+CVE-2022-30258 (An issue was discovered in Technitium DNS Server through 8.0.2
that al ...)
+ TODO: check
+CVE-2022-30257 (An issue was discovered in Technitium DNS Server through 8.0.2
that al ...)
+ TODO: check
CVE-2022-30256 (An issue was discovered in MaraDNS Deadwood through 3.5.0021
that allo ...)
- maradns <unfixed>
NOTE: https://maradns.samiam.org/security.html#CVE-2022-30256
@@ -52794,8 +52820,8 @@ CVE-2022-1040 (An authentication bypass vulnerability
in the User Portal and Web
NOT-FOR-US: Sophos
CVE-2022-1039 (The weak password on the web user interface can be exploited
via HTTP ...)
NOT-FOR-US: Red Lion
-CVE-2022-1038
- RESERVED
+CVE-2022-1038 (A potential security vulnerability has been identified in the
HP Jumps ...)
+ TODO: check
CVE-2022-27492 (An integer underflow in WhatsApp could have caused remote code
executi ...)
NOT-FOR-US: WhatsApp
CVE-2022-27491 (A improper verification of source of a communication channel
in Fortin ...)
@@ -81752,8 +81778,8 @@ CVE-2021-3921 (firefly-iii is vulnerable to Cross-Site
Request Forgery (CSRF) ..
NOT-FOR-US: firefly-iii
CVE-2021-3920 (grav-plugin-admin is vulnerable to Improper Neutralization of
Input Du ...)
NOT-FOR-US: Grav CMS
-CVE-2021-3919
- RESERVED
+CVE-2021-3919 (A potential security vulnerability has been identified in OMEN
Gaming ...)
+ TODO: check
CVE-2021-43203 (In JetBrains Ktor before 1.6.4, nonce verification during the
OAuth2 a ...)
NOT-FOR-US: JetBrains Ktor
CVE-2021-43202 (In JetBrains TeamCity before 2021.1.3, the X-Frame-Options
header is m ...)
@@ -87344,8 +87370,8 @@ CVE-2021-41526
RESERVED
CVE-2021-41525 (An issue related to modification of otherwise restricted files
through ...)
NOT-FOR-US: FlexNet
-CVE-2021-3821
- RESERVED
+CVE-2021-3821 (A potential security vulnerability has been identified for
certain HP ...)
+ TODO: check
CVE-2021-3820 (inflect is vulnerable to Inefficient Regular Expression
Complexity ...)
NOT-FOR-US: Nodejs inflect
NOTE: https://github.com/pksunkara/inflect
@@ -97934,8 +97960,8 @@ CVE-2021-3663 (firefly-iii is vulnerable to Improper
Restriction of Excessive Au
NOT-FOR-US: firefly-iii
CVE-2021-3662 (Certain HP Enterprise LaserJet and PageWide MFPs may be
vulnerable to ...)
NOT-FOR-US: HP
-CVE-2021-3661
- RESERVED
+CVE-2021-3661 (A potential security vulnerability has been identified in
certain HP W ...)
+ TODO: check
CVE-2021-37403 (OX App Suite before 7.10.3-rev32 and 7.10.4 before
7.10.4-rev18 allows ...)
NOT-FOR-US: OX App Suite
CVE-2021-37402 (OX App Suite before 7.10.3-rev32 and 7.10.4 before
7.10.4-rev18 allows ...)
@@ -121270,8 +121296,8 @@ CVE-2021-3439
RESERVED
CVE-2021-3438 (A potential buffer overflow in the software drivers for certain
HP Las ...)
NOT-FOR-US: HP LaserJet products and Samsung product printers
-CVE-2021-3437
- RESERVED
+CVE-2021-3437 (Potential security vulnerabilities have been identified in an
OMEN Gam ...)
+ TODO: check
CVE-2021-3436 (BT: Possible to overwrite an existing bond during keys
distribution ph ...)
NOT-FOR-US: Zephyr, different from src:zephyr
CVE-2021-28216 (BootPerformanceTable pointer is read from an NVRAM variable in
PEI. Re ...)
@@ -164351,8 +164377,8 @@ CVE-2020-23584
RESERVED
CVE-2020-23583
RESERVED
-CVE-2020-23582
- RESERVED
+CVE-2020-23582 (A vulnerability in the "/admin/wlmultipleap.asp" of optilink
OP-XT7100 ...)
+ TODO: check
CVE-2020-23581
RESERVED
CVE-2020-23580 (Remote Code Execution vulnerability in PbootCMS 2.0.8 in the
message b ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1d0a51863960fe2233d156a9890ab19a699fc905
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1d0a51863960fe2233d156a9890ab19a699fc905
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
