Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
0541db70 by security tracker role at 2022-12-01T20:10:26+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,135 @@
+CVE-2023-21573
+ RESERVED
+CVE-2023-21572
+ RESERVED
+CVE-2023-21571
+ RESERVED
+CVE-2023-21570
+ RESERVED
+CVE-2023-21569
+ RESERVED
+CVE-2023-21568
+ RESERVED
+CVE-2023-21567
+ RESERVED
+CVE-2023-21566
+ RESERVED
+CVE-2023-21565
+ RESERVED
+CVE-2023-21564
+ RESERVED
+CVE-2023-21563
+ RESERVED
+CVE-2023-21562
+ RESERVED
+CVE-2023-21561
+ RESERVED
+CVE-2023-21560
+ RESERVED
+CVE-2023-21559
+ RESERVED
+CVE-2023-21558
+ RESERVED
+CVE-2023-21557
+ RESERVED
+CVE-2023-21556
+ RESERVED
+CVE-2023-21555
+ RESERVED
+CVE-2023-21554
+ RESERVED
+CVE-2023-21553
+ RESERVED
+CVE-2023-21552
+ RESERVED
+CVE-2023-21551
+ RESERVED
+CVE-2023-21550
+ RESERVED
+CVE-2023-21549
+ RESERVED
+CVE-2023-21548
+ RESERVED
+CVE-2023-21547
+ RESERVED
+CVE-2023-21546
+ RESERVED
+CVE-2023-21545
+ RESERVED
+CVE-2023-21544
+ RESERVED
+CVE-2023-21543
+ RESERVED
+CVE-2023-21542
+ RESERVED
+CVE-2023-21541
+ RESERVED
+CVE-2023-21540
+ RESERVED
+CVE-2023-21539
+ RESERVED
+CVE-2023-21538
+ RESERVED
+CVE-2023-21537
+ RESERVED
+CVE-2023-21536
+ RESERVED
+CVE-2023-21535
+ RESERVED
+CVE-2023-21534
+ RESERVED
+CVE-2023-21533
+ RESERVED
+CVE-2023-21532
+ RESERVED
+CVE-2023-21531
+ RESERVED
+CVE-2023-21530
+ RESERVED
+CVE-2023-21529
+ RESERVED
+CVE-2023-21528
+ RESERVED
+CVE-2023-21527
+ RESERVED
+CVE-2023-21526
+ RESERVED
+CVE-2023-21525
+ RESERVED
+CVE-2023-21524
+ RESERVED
+CVE-2022-4261
+ RESERVED
+CVE-2022-4260
+ RESERVED
+CVE-2022-4259
+ RESERVED
+CVE-2022-4258
+ RESERVED
+CVE-2022-4257 (A vulnerability was found in C-DATA Web Management System. It
has been ...)
+ TODO: check
+CVE-2022-4256
+ RESERVED
+CVE-2022-4255
+ RESERVED
+CVE-2022-4254
+ RESERVED
+CVE-2022-4253 (A vulnerability was found in SourceCodester Canteen Management
System. ...)
+ TODO: check
+CVE-2022-4252 (A vulnerability was found in SourceCodester Canteen Management
System. ...)
+ TODO: check
+CVE-2022-4251 (A vulnerability was found in Movie Ticket Booking System and
classifie ...)
+ TODO: check
+CVE-2022-4250 (A vulnerability has been found in Movie Ticket Booking System
and clas ...)
+ TODO: check
+CVE-2022-4249 (A vulnerability, which was classified as problematic, was found
in Mov ...)
+ TODO: check
+CVE-2022-4248 (A vulnerability, which was classified as critical, has been
found in M ...)
+ TODO: check
+CVE-2022-4247 (A vulnerability classified as critical was found in Movie
Ticket Booki ...)
+ TODO: check
+CVE-2022-4246 (A vulnerability classified as problematic has been found in
Kakao PotP ...)
+ TODO: check
CVE-2022-46361
RESERVED
CVE-2022-43485
@@ -94,8 +226,8 @@ CVE-2022-4223
RESERVED
CVE-2022-4222 (A vulnerability was found in SourceCodester Canteen Management
System. ...)
NOT-FOR-US: SourceCodester Canteen Management System
-CVE-2022-4221
- RESERVED
+CVE-2022-4221 (Improper Neutralization of Special Elements used in an OS
Command ('OS ...)
+ TODO: check
CVE-2022-4220
RESERVED
CVE-2022-4219
@@ -1481,8 +1613,8 @@ CVE-2021-46854 (mod_radius in ProFTPD before 1.3.7c
allows memory disclosure to
NOTE: https://github.com/proftpd/proftpd/pull/1285
NOTE: Fixed by:
https://github.com/proftpd/proftpd/commit/10a227b4d50e0a2cd2faf87926f58d865da44e43
(v1.3.8rc2)
NOTE: Fixed by:
https://github.com/proftpd/proftpd/commit/e7c0b6e78a81fa97ec41ea6332e5e11b864089b8
(v1.3.7c)
-CVE-2022-45797
- RESERVED
+CVE-2022-45797 (An arbitrary file deletion vulnerability in the Damage Cleanup
Engine ...)
+ TODO: check
CVE-2022-45796
RESERVED
CVE-2022-45795
@@ -3821,8 +3953,8 @@ CVE-2022-45052
RESERVED
CVE-2022-45051
RESERVED
-CVE-2022-45050
- RESERVED
+CVE-2022-45050 (A reflected XSS vulnerability has been found in Axiell Iguana
CMS, all ...)
+ TODO: check
CVE-2022-45049
RESERVED
CVE-2022-45048
@@ -6144,7 +6276,8 @@ CVE-2022-44579
RESERVED
CVE-2022-44578
RESERVED
-CVE-2022-44577 (This CVE ID has been rejected or withdrawn by its CVE
Numbering Author ...)
+CVE-2022-44577
+ REJECTED
NOT-FOR-US: WordPress plugin
CVE-2022-44576 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Agen ...)
NOT-FOR-US: WordPress plugin
@@ -9391,16 +9524,16 @@ CVE-2022-43934
RESERVED
CVE-2022-43933
RESERVED
-CVE-2022-3713
- RESERVED
+CVE-2022-3713 (A code injection vulnerability allows adjacent attackers to
execute co ...)
+ TODO: check
CVE-2022-3712
RESERVED
-CVE-2022-3711
- RESERVED
-CVE-2022-3710
- RESERVED
-CVE-2022-3709
- RESERVED
+CVE-2022-3711 (A post-auth read-only SQL injection vulnerability allows users
to read ...)
+ TODO: check
+CVE-2022-3710 (A post-auth read-only SQL injection vulnerability allows API
clients t ...)
+ TODO: check
+CVE-2022-3709 (A stored XSS vulnerability allows admin to super-admin
privilege escal ...)
+ TODO: check
CVE-2022-3708 (The Web Stories plugin for WordPress is vulnerable to
Server-Side Requ ...)
NOT-FOR-US: Web Stories plugin for WordPress
CVE-2022-3707
@@ -9472,10 +9605,10 @@ CVE-2022-43903
RESERVED
CVE-2022-43902
RESERVED
-CVE-2022-43901
- RESERVED
-CVE-2022-43900
- RESERVED
+CVE-2022-43901 (IBM WebSphere Automation for IBM Cloud Pak for Watson AIOps
1.4.3 coul ...)
+ TODO: check
+CVE-2022-43900 (IBM WebSphere Automation for IBM Cloud Pak for Watson AIOps
1.4.2 coul ...)
+ TODO: check
CVE-2022-43899
RESERVED
CVE-2022-43898
@@ -9779,8 +9912,8 @@ CVE-2022-3697 (A flaw was found in Ansible in the
amazon.aws collection when usi
- ansible 7.0.0+dfsg-1
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2137664
NOTE: https://github.com/ansible-collections/amazon.aws/pull/1199
-CVE-2022-3696
- RESERVED
+CVE-2022-3696 (A post-auth code injection vulnerability allows admins to
execute code ...)
+ TODO: check
CVE-2022-3695
RESERVED
CVE-2022-3694
@@ -15608,6 +15741,7 @@ CVE-2022-38099 (Improper input validation in BIOS
firmware for some Intel(R) NUC
NOT-FOR-US: Intel
CVE-2022-3328
RESERVED
+ {DSA-5292-1}
- snapd 2.57.6-1
NOTE:
https://github.com/snapcore/snapd/commit/6226cdc57052f4b7057d92f2e549aa169e35cd2d
(2.57.6)
NOTE:
https://github.com/snapcore/snapd/commit/21ebc51f00b8a1417888faa2e83a372fd29d0f5e
(2.57.6)
@@ -16303,8 +16437,8 @@ CVE-2022-3272 (Improper Handling of Length Parameter
Inconsistency in GitHub rep
- rdiffweb <itp> (bug #969974)
CVE-2022-3271
RESERVED
-CVE-2022-3270
- RESERVED
+CVE-2022-3270 (In multiple products by Festo a remote unauthenticated attacker
could ...)
+ TODO: check
CVE-2022-3269 (Session Fixation in GitHub repository ikus060/rdiffweb prior to
2.4.7. ...)
- rdiffweb <itp> (bug #969974)
CVE-2022-3268 (Weak Password Requirements in GitHub repository ikus060/minarca
prior ...)
@@ -16374,8 +16508,8 @@ CVE-2022-41299
RESERVED
CVE-2022-41298
RESERVED
-CVE-2022-41297
- RESERVED
+CVE-2022-41297 (IBM Db2U 3.5, 4.0, and 4.5 is vulnerable to cross-site request
forgery ...)
+ TODO: check
CVE-2022-41296
RESERVED
CVE-2022-41295
@@ -17632,8 +17766,8 @@ CVE-2022-40739 (Ragic report generation page has
insufficient filtering for spec
NOT-FOR-US: Ragic
CVE-2022-3227
RESERVED
-CVE-2022-3226
- RESERVED
+CVE-2022-3226 (An OS command injection vulnerability allows admins to execute
code vi ...)
+ TODO: check
CVE-2022-3225 (Improper Access Control in GitHub repository budibase/budibase
prior t ...)
NOT-FOR-US: budibase
CVE-2022-3224 (Misinterpretation of Input in GitHub repository
ionicabizau/parse-url ...)
@@ -22863,8 +22997,8 @@ CVE-2022-2971 (MZ Automation's libIEC61850 (versions
1.4 and prior; version 1.5
NOT-FOR-US: libIEC61850
CVE-2022-2970 (MZ Automation's libIEC61850 (versions 1.4 and prior; version
1.5 prior ...)
NOT-FOR-US: libIEC61850
-CVE-2022-2969
- RESERVED
+CVE-2022-2969 (Delta Industrial Automation DIALink versions prior to v1.5.0.0
Beta 4 ...)
+ TODO: check
CVE-2022-2968
RESERVED
CVE-2022-2967
@@ -27656,10 +27790,10 @@ CVE-2022-37019
RESERVED
CVE-2022-37018 (A potential vulnerability has been identified in the system
BIOS for c ...)
NOT-FOR-US: HPE
-CVE-2022-37017
- RESERVED
-CVE-2022-37016
- RESERVED
+CVE-2022-37017 (Symantec Endpoint Protection (Windows) agent, prior to 14.3
RU6/14.3 R ...)
+ TODO: check
+CVE-2022-37016 (Symantec Endpoint Protection (Windows) agent may be
susceptible to a P ...)
+ TODO: check
CVE-2022-37015 (Symantec Endpoint Detection and Response (SEDR) Appliance,
prior to 4. ...)
NOT-FOR-US: Symantec Endpoint Detection and Response (SEDR) Appliance
CVE-2022-37014
@@ -45495,8 +45629,8 @@ CVE-2022-1663 (The Stop Spam Comments WordPress plugin
through 0.2.1.2 does not
NOT-FOR-US: WordPress plugin
CVE-2022-30529 (File upload vulnerability in asith-eranga ISIC tour booking
through ve ...)
NOT-FOR-US: asith-eranga ISIC tour booking
-CVE-2022-30528
- RESERVED
+CVE-2022-30528 (SQL Injection vulnerability in asith-eranga ISIC tour booking
through ...)
+ TODO: check
CVE-2022-30527
RESERVED
CVE-2022-1662 (In convert2rhel, there's an ansible playbook named
ansible/run-convert ...)
@@ -47531,8 +47665,8 @@ CVE-2022-29839
RESERVED
CVE-2022-29838
RESERVED
-CVE-2022-29837
- RESERVED
+CVE-2022-29837 (A path traversal vulnerability was addressed in Western
Digital My Clo ...)
+ TODO: check
CVE-2022-29836 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
NOT-FOR-US: Western Digital
CVE-2022-29835 (WD Discovery software executable files were signed with an
unsafe SHA- ...)
@@ -47760,8 +47894,8 @@ CVE-2022-1473 (The OPENSSL_LH_flush() function, which
empties a hash table, cont
NOTE:
https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=64c85430f95200b6b51fe9475bd5203f7c19daf1
(openssl-3.0.3)
CVE-2022-1472 (The Better Find and Replace WordPress plugin before 1.3.6 does
not pro ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-1471
- RESERVED
+CVE-2022-1471 (SnakeYaml's Constructor() class does not restrict types which
can be i ...)
+ TODO: check
CVE-2022-1470 (The Ultimate WooCommerce CSV Importer WordPress plugin through
2.0 doe ...)
NOT-FOR-US: WordPress plugin
CVE-2022-1469 (The FiboSearch WordPress plugin before 1.17.0 does not sanitise
and es ...)
@@ -51226,8 +51360,8 @@ CVE-2022-28609
RESERVED
CVE-2022-28608
RESERVED
-CVE-2022-28607
- RESERVED
+CVE-2022-28607 (An issue was discovered in asith-eranga ISIC tour booking
through vers ...)
+ TODO: check
CVE-2022-28606 (An arbitrary file upload vulnerability exists in Wenzhou
Huoyin Inform ...)
NOT-FOR-US: BossCMS
CVE-2022-28605 (Hardcoded admin token in SoundBar apps in Linkplay SDK 1.00
allows rem ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0541db70be8a7b04bf0656527737e2d435f45d9f
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0541db70be8a7b04bf0656527737e2d435f45d9f
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
