Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
1c138355 by security tracker role at 2022-11-23T20:10:28+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,149 @@
+CVE-2022-45865
+ RESERVED
+CVE-2022-45864
+ RESERVED
+CVE-2022-45863
+ RESERVED
+CVE-2022-45862
+ RESERVED
+CVE-2022-45861
+ RESERVED
+CVE-2022-45860
+ RESERVED
+CVE-2022-45859
+ RESERVED
+CVE-2022-45858
+ RESERVED
+CVE-2022-45857
+ RESERVED
+CVE-2022-45856
+ RESERVED
+CVE-2022-45855
+ RESERVED
+CVE-2022-45854
+ RESERVED
+CVE-2022-45853
+ RESERVED
+CVE-2022-45852
+ RESERVED
+CVE-2022-45851
+ RESERVED
+CVE-2022-45850
+ RESERVED
+CVE-2022-45849
+ RESERVED
+CVE-2022-45848
+ RESERVED
+CVE-2022-45847
+ RESERVED
+CVE-2022-45846
+ RESERVED
+CVE-2022-45845
+ RESERVED
+CVE-2022-45844
+ RESERVED
+CVE-2022-45843
+ RESERVED
+CVE-2022-45842
+ RESERVED
+CVE-2022-45841
+ RESERVED
+CVE-2022-45840
+ RESERVED
+CVE-2022-45839
+ RESERVED
+CVE-2022-45838
+ RESERVED
+CVE-2022-45837
+ RESERVED
+CVE-2022-45836
+ RESERVED
+CVE-2022-45835
+ RESERVED
+CVE-2022-45834
+ RESERVED
+CVE-2022-45833
+ RESERVED
+CVE-2022-45832
+ RESERVED
+CVE-2022-45831
+ RESERVED
+CVE-2022-45830
+ RESERVED
+CVE-2022-45829
+ RESERVED
+CVE-2022-45828
+ RESERVED
+CVE-2022-45827
+ RESERVED
+CVE-2022-45826
+ RESERVED
+CVE-2022-45825
+ RESERVED
+CVE-2022-45824
+ RESERVED
+CVE-2022-45823
+ RESERVED
+CVE-2022-45822
+ RESERVED
+CVE-2022-45821
+ RESERVED
+CVE-2022-45820
+ RESERVED
+CVE-2022-45819
+ RESERVED
+CVE-2022-45818
+ RESERVED
+CVE-2022-45817
+ RESERVED
+CVE-2022-45816
+ RESERVED
+CVE-2022-45815
+ RESERVED
+CVE-2022-45814
+ RESERVED
+CVE-2022-45813
+ RESERVED
+CVE-2022-45812
+ RESERVED
+CVE-2022-45811
+ RESERVED
+CVE-2022-45810
+ RESERVED
+CVE-2022-45809
+ RESERVED
+CVE-2022-45808
+ RESERVED
+CVE-2022-45807
+ RESERVED
+CVE-2022-45806
+ RESERVED
+CVE-2022-45805
+ RESERVED
+CVE-2022-45804
+ RESERVED
+CVE-2022-45803
+ RESERVED
+CVE-2022-45802
+ RESERVED
+CVE-2022-45801
+ RESERVED
+CVE-2022-4131
+ RESERVED
+CVE-2022-4130
+ RESERVED
+CVE-2022-4129
+ RESERVED
+CVE-2022-4128
+ RESERVED
+CVE-2022-4127
+ RESERVED
+CVE-2022-4126
+ RESERVED
+CVE-2022-4125
+ RESERVED
+CVE-2022-4124
+ RESERVED
CVE-2022-45800
RESERVED
CVE-2022-45799
@@ -848,8 +994,8 @@ CVE-2022-4055 (When xdg-mail is configured to use
thunderbird for mailto URLs, i
NOTE:
https://gitlab.freedesktop.org/xdg/xdg-utils/-/issues/205#note_1494267
CVE-2022-4054
RESERVED
-CVE-2022-45462
- RESERVED
+CVE-2022-45462 (Alarm instance management has command injection when there is
a specif ...)
+ TODO: check
CVE-2022-45461 (The Java Admin Console in Veritas NetBackup through 10.1 and
related V ...)
NOT-FOR-US: Veritas NetBackup
CVE-2022-45460
@@ -1987,14 +2133,11 @@ CVE-2022-45153
CVE-2022-45152
RESERVED
- moodle <removed>
-CVE-2022-45151
- RESERVED
+CVE-2022-45151 (The stored-XSS vulnerability was discovered in Moodle which
exists due ...)
- moodle <removed>
-CVE-2022-45150
- RESERVED
+CVE-2022-45150 (A reflected cross-site scripting vulnerability was discovered
in Moodl ...)
- moodle <removed>
-CVE-2022-45149
- RESERVED
+CVE-2022-45149 (A vulnerability was found in Moodle which exists due to
insufficient v ...)
- moodle <removed>
CVE-2022-45148
RESERVED
@@ -5371,12 +5514,12 @@ CVE-2022-44282
RESERVED
CVE-2022-44281
RESERVED
-CVE-2022-44280
- RESERVED
+CVE-2022-44280 (Automotive Shop Management System v1.0 is vulnerable to Delete
any fil ...)
+ TODO: check
CVE-2022-44279
RESERVED
-CVE-2022-44278
- RESERVED
+CVE-2022-44278 (Sanitization Management System v1.0 is vulnerable to SQL
Injection via ...)
+ TODO: check
CVE-2022-44277
RESERVED
CVE-2022-44276
@@ -5411,30 +5554,30 @@ CVE-2022-44262
RESERVED
CVE-2022-44261
RESERVED
-CVE-2022-44260
- RESERVED
-CVE-2022-44259
- RESERVED
-CVE-2022-44258
- RESERVED
-CVE-2022-44257
- RESERVED
-CVE-2022-44256
- RESERVED
-CVE-2022-44255
- RESERVED
-CVE-2022-44254
- RESERVED
-CVE-2022-44253
- RESERVED
-CVE-2022-44252
- RESERVED
-CVE-2022-44251
- RESERVED
-CVE-2022-44250
- RESERVED
-CVE-2022-44249
- RESERVED
+CVE-2022-44260 (TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a
post-authentication b ...)
+ TODO: check
+CVE-2022-44259 (TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a
post-authentication b ...)
+ TODO: check
+CVE-2022-44258 (TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a
post-authentication b ...)
+ TODO: check
+CVE-2022-44257 (TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a
post-authentication b ...)
+ TODO: check
+CVE-2022-44256 (TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a
post-authentication b ...)
+ TODO: check
+CVE-2022-44255 (TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a
pre-authentication bu ...)
+ TODO: check
+CVE-2022-44254 (TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a
post-authentication b ...)
+ TODO: check
+CVE-2022-44253 (TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a
post-authentication b ...)
+ TODO: check
+CVE-2022-44252 (TOTOLINK NR1800X V9.1.0u.6279_B20210910 contains a command
injection v ...)
+ TODO: check
+CVE-2022-44251 (TOTOLINK NR1800X V9.1.0u.6279_B20210910 contains a command
injection v ...)
+ TODO: check
+CVE-2022-44250 (TOTOLINK NR1800X V9.1.0u.6279_B20210910 contains a command
injection v ...)
+ TODO: check
+CVE-2022-44249 (TOTOLINK NR1800X V9.1.0u.6279_B20210910 contains a command
injection v ...)
+ TODO: check
CVE-2022-44248
RESERVED
CVE-2022-44247
@@ -5653,8 +5796,8 @@ CVE-2022-44141
RESERVED
CVE-2022-44140
RESERVED
-CVE-2022-44139
- RESERVED
+CVE-2022-44139 (Apartment Visitor Management System v1.0 is vulnerable to SQL
Injectio ...)
+ TODO: check
CVE-2022-44138
RESERVED
CVE-2022-44137
@@ -8589,7 +8732,8 @@ CVE-2022-3662 (A vulnerability was found in Axiomatic
Bento4. It has been declar
NOT-FOR-US: Bento4
CVE-2021-46850 (myVesta Control Panel before 0.9.8-26-43 and Vesta Control
Panel befor ...)
NOT-FOR-US: myVesta Control Panel
-CVE-2021-46849 (pikepdf before 2.10.0 allows an XXE attack against PDF XMP
metadata pa ...)
+CVE-2021-46849
+ REJECTED
- pikepdf 3.2.0+dfsg-1
[bullseye] - pikepdf <no-dsa> (Minor issue)
[buster] - pikepdf <no-dsa> (Minor issue)
@@ -10833,12 +10977,10 @@ CVE-2022-42906 (powerline-gitstatus (aka Powerline
Gitstatus) before 1.3.2 allow
[buster] - powerline-gitstatus <ignored> (Minor issue and solution
require the user to reconfigure)
NOTE: https://github.com/jaspernbrouwer/powerline-gitstatus/issues/45
NOTE: https://github.com/jaspernbrouwer/powerline-gitstatus/pull/46
-CVE-2022-42896 [Bluetooth: L2CAP: Fix accepting connection request for invalid
SPSM]
- RESERVED
+CVE-2022-42896 (There are use-after-free vulnerabilities in the Linux kernel's
net/blu ...)
- linux 6.0.7-1
NOTE:
https://git.kernel.org/linus/711f8c3fb3db61897080468586b970c87c61d9e4
-CVE-2022-42895 [Bluetooth: L2CAP: Fix attempting to access uninitialized
memory]
- RESERVED
+CVE-2022-42895 (There is an infoleak vulnerability in the Linux kernel's
net/bluetooth ...)
- linux 6.0.7-1
NOTE:
https://git.kernel.org/linus/b1a2cd50c0357f243b7435a732b4e62ba3157a2e
CVE-2022-42894 (A vulnerability has been identified in syngo Dynamics (All
versions &l ...)
@@ -13123,22 +13265,22 @@ CVE-2022-41931
RESERVED
CVE-2022-41930
RESERVED
-CVE-2022-41929
- RESERVED
-CVE-2022-41928
- RESERVED
-CVE-2022-41927
- RESERVED
+CVE-2022-41929 (org.xwiki.platform:xwiki-platform-oldcore is missing
authorization in ...)
+ TODO: check
+CVE-2022-41928 (XWiki Platform vulnerable to Improper Neutralization of
Directives in ...)
+ TODO: check
+CVE-2022-41927 (XWiki Platform is vulnerable to Cross-Site Request Forgery
(CSRF) that ...)
+ TODO: check
CVE-2022-41926
RESERVED
-CVE-2022-41925
- RESERVED
-CVE-2022-41924
- RESERVED
-CVE-2022-41923
- RESERVED
-CVE-2022-41922
- RESERVED
+CVE-2022-41925 (A vulnerability identified in the Tailscale client allows a
malicious ...)
+ TODO: check
+CVE-2022-41924 (A vulnerability identified in the Tailscale Windows client
allows a ma ...)
+ TODO: check
+CVE-2022-41923 (Grails Spring Security Core plugin is vulnerable to privilege
escalati ...)
+ TODO: check
+CVE-2022-41922 (`yiisoft/yii` before version 1.1.27 are vulnerable to Remote
Code Exec ...)
+ TODO: check
CVE-2022-41921
RESERVED
CVE-2022-41920 (Lancet is a general utility library for the go programming
language. A ...)
@@ -13242,8 +13384,8 @@ CVE-2022-41877 (FreeRDP is a free remote desktop
protocol library and clients. A
NOTE:
https://github.com/FreeRDP/FreeRDP/commit/6655841cf2a00b764f855040aecb8803cfc5eaba
CVE-2022-41876 (ezplatform-graphql is a GraphQL server implementation for
Ibexa DXP an ...)
NOT-FOR-US: ezplatform-graphql
-CVE-2022-41875
- RESERVED
+CVE-2022-41875 (A remote code execution (RCE) vulnerability in Optica allows
unauthent ...)
+ TODO: check
CVE-2022-41874 (Tauri is a framework for building binaries for all major
desktop platf ...)
NOT-FOR-US: Tauri
CVE-2022-41873 (Contiki-NG is an open-source, cross-platform operating system
for Next ...)
@@ -16012,10 +16154,10 @@ CVE-2022-40774 (An issue was discovered in Bento4
through 1.6.0-639. There is a
NOT-FOR-US: Bento4
CVE-2022-40773 (Zoho ManageEngine ServiceDesk Plus MSP before 10609 and
SupportCenter ...)
NOT-FOR-US: Zoho ManageEngine
-CVE-2022-40772
- RESERVED
-CVE-2022-40771
- RESERVED
+CVE-2022-40772 (Zoho ManageEngine ServiceDesk Plus versions 13010 and prior
are vulner ...)
+ TODO: check
+CVE-2022-40771 (Zoho ManageEngine ServiceDesk Plus versions 13010 and prior
are vulner ...)
+ TODO: check
CVE-2022-40770 (Zoho ManageEngine ServiceDesk Plus versions 13010 and prior
are vulner ...)
NOT-FOR-US: Zoho ManageEngine
CVE-2022-40769 (profanity through 1.60 has only four billion possible RNG
initializati ...)
@@ -17190,8 +17332,7 @@ CVE-2022-40306 (The login form /Login in ECi
Printanista Hub (formerly FMAudit P
NOT-FOR-US: ECi Printanista Hub
CVE-2022-40305 (A Server-Side Request Forgery issue in Canto Cumulus through
11.1.3 al ...)
NOT-FOR-US: Canto Cumulus
-CVE-2022-40304 [dict corruption caused by entity reference cycles]
- RESERVED
+CVE-2022-40304 (An issue was discovered in libxml2 before 2.10.3. Certain
invalid XML ...)
{DSA-5271-1 DLA-3172-1}
- libxml2 2.9.14+dfsg-1.1 (bug #1022225)
NOTE: Fixed by:
https://gitlab.gnome.org/GNOME/libxml2/-/commit/1b41ec4e9433b05bb0376be4725804c54ef1d80b
(v2.10.3)
@@ -18326,8 +18467,8 @@ CVE-2022-39835 (An issue was discovered in Gajim
through 1.4.7. The vulnerabilit
NOTE:
https://dev.gajim.org/gajim/gajim/-/commit/af02c6bd53fad4e0065951597bd7ec801c002067
(1.5.0)
CVE-2022-39834 (A stored XSS vulnerability was discovered in
adminweb/ra/viewendentity ...)
NOT-FOR-US: PrimeKey EJBCA
-CVE-2022-39833
- RESERVED
+CVE-2022-39833 (FileCloud Versions 20.2 and later allows remote attackers to
potential ...)
+ TODO: check
CVE-2022-39832 (An issue was discovered in PSPP 1.6.2. There is a heap-based
buffer ov ...)
- pspp <unfixed> (bug #1019598)
[bullseye] - pspp <no-dsa> (Minor issue)
@@ -22773,7 +22914,7 @@ CVE-2022-38268 (School Activity Updates with SMS
Notification v1.0 was discovere
NOT-FOR-US: School Activity Updates with SMS Notification
CVE-2022-38267 (School Activity Updates with SMS Notification v1.0 was
discovered to c ...)
NOT-FOR-US: School Activity Updates with SMS Notification
-CVE-2022-38266 (An issue in the Leptonica linked library (v1.79.0) in
Tesseract v5.0.0 ...)
+CVE-2022-38266 (An issue in the Leptonica linked library (v1.79.0) allows
attackers to ...)
- leptonlib 1.82.0-1
[bullseye] - leptonlib <no-dsa> (Minor issue)
[buster] - leptonlib <postponed> (Minor issue, SIGFPE in CLI tools)
@@ -23277,12 +23418,12 @@ CVE-2022-38150 (In Varnish Cache 7.0.0, 7.0.1, 7.0.2,
and 7.1.0, it is possible
NOTE: Introduced by:
https://github.com/varnishcache/varnish-cache/commit/f4dffe593b04a33f07423db3f9dc69eb428b2e85
(varnish-7.0.0)
NOTE: Fixed by:
https://github.com/varnishcache/varnish-cache/commit/c5fd097e5cce8b461c6443af02b3448baef2491d
(master)
NOTE: Fixed by:
https://github.com/varnishcache/varnish-cache/commit/19544fdc6649bd294f25314d9f609b4979b1fe48
(varnish-7.1.1)
-CVE-2022-38115
- RESERVED
-CVE-2022-38114
- RESERVED
-CVE-2022-38113
- RESERVED
+CVE-2022-38115 (Insecure method vulnerability in which allowed HTTP methods
are disclo ...)
+ TODO: check
+CVE-2022-38114 (This vulnerability occurs when a web server fails to correctly
process ...)
+ TODO: check
+CVE-2022-38113 (This vulnerability discloses build and services versions in
the server ...)
+ TODO: check
CVE-2022-38112
RESERVED
CVE-2022-38111
@@ -28465,8 +28606,8 @@ CVE-2022-36113 (Cargo is a package manager for the rust
programming language. Af
CVE-2022-36112 (GLPI stands for Gestionnaire Libre de Parc Informatique and is
a Free ...)
- glpi <removed> (unimportant)
NOTE: Only supported behind an authenticated HTTP zone
-CVE-2022-36111
- RESERVED
+CVE-2022-36111 (immudb is a database with built-in cryptographic proof and
verificatio ...)
+ TODO: check
CVE-2022-36110 (Netmaker makes networks with WireGuard. Prior to version
0.15.1, Impro ...)
NOT-FOR-US: Netmaker
CVE-2022-36109 (Moby is an open-source project created by Docker to enable
software co ...)
@@ -29921,8 +30062,8 @@ CVE-2022-35503
RESERVED
CVE-2022-35502
RESERVED
-CVE-2022-35501
- RESERVED
+CVE-2022-35501 (Stored Cross-site Scripting in Amasty Blog Pro 2.10.4 and
2.10.4 creat ...)
+ TODO: check
CVE-2022-35500 (Amasty Blog 2.10.3 is vulnerable to Cross Site Scripting (XSS)
via lea ...)
TODO: check
CVE-2022-35499
@@ -64866,8 +65007,8 @@ CVE-2022-23742 (Check Point Endpoint Security Client
for Windows versions earlie
NOT-FOR-US: Check Point Enterprise Endpoint
CVE-2022-23741
RESERVED
-CVE-2022-23740
- RESERVED
+CVE-2022-23740 (CRITICAL: An improper neutralization of argument delimiters in
a comma ...)
+ TODO: check
CVE-2022-23739
RESERVED
CVE-2022-23738 (An improper cache key vulnerability was identified in GitHub
Enterpris ...)
@@ -80720,8 +80861,8 @@ CVE-2021-43260
RESERVED
CVE-2021-43259
RESERVED
-CVE-2021-43258
- RESERVED
+CVE-2021-43258 (CartView.php in ChurchInfo 1.3.0 allows attackers to achieve
remote co ...)
+ TODO: check
CVE-2021-43257 (Lack of Neutralization of Formula Elements in the CSV API of
MantisBT ...)
- mantis <removed>
CVE-2021-3923
@@ -103178,8 +103319,8 @@ CVE-2021-35286
RESERVED
CVE-2021-35285
RESERVED
-CVE-2021-35284
- RESERVED
+CVE-2021-35284 (SQL Injection vulnerability in function get_user in
login_manager.php ...)
+ TODO: check
CVE-2021-35283 (SQL Injection vulnerability in product_admin.php in atoms183
CMS 1.0, ...)
NOT-FOR-US: atoms183 CMS
CVE-2021-35282
@@ -103270,8 +103411,8 @@ CVE-2021-35248 (It has been reported that any Orion
user, e.g. guest accounts ca
NOT-FOR-US: SolarWinds
CVE-2021-35247 (Serv-U web login screen to LDAP authentication was allowing
characters ...)
NOT-FOR-US: SolarWinds
-CVE-2021-35246
- RESERVED
+CVE-2021-35246 (The application fails to prevent users from connecting to it
over unen ...)
+ TODO: check
CVE-2021-35245 (When a user has admin rights in Serv-U Console, the user can
move, cre ...)
NOT-FOR-US: SolarWinds
CVE-2021-35244 (The "Log alert to a file" action within action management
enables any ...)
@@ -544047,10 +544188,10 @@ CVE-2009-1145
RESERVED
CVE-2009-1144 (Untrusted search path vulnerability in the Gentoo package of
Xpdf befo ...)
- xpdf <not-affected> (Gentoo specific vulnerability in building xpdf)
-CVE-2009-1143
- RESERVED
-CVE-2009-1142
- RESERVED
+CVE-2009-1143 (An issue was discovered in open-vm-tools 2009.03.18-154848.
Local user ...)
+ TODO: check
+CVE-2009-1142 (An issue was discovered in open-vm-tools 2009.03.18-154848.
Local user ...)
+ TODO: check
CVE-2009-1141 (Microsoft Internet Explorer 6 for Windows XP SP2 and SP3 and
Server 20 ...)
NOT-FOR-US: Microsoft
CVE-2009-1140 (Microsoft Internet Explorer 5.01 SP4; 6 SP1; 6 and 7 for
Windows XP SP ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1c138355769469d5e1360f2e49d815a3bc6410f4
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1c138355769469d5e1360f2e49d815a3bc6410f4
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
