[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) Mon, 05 Dec 2022 00:11:35 -0800


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
d4361077 by security tracker role at 2022-12-05T08:10:24+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,7 @@
+CVE-2022-46421
+       RESERVED
+CVE-2022-4281
+       RESERVED
 CVE-2022-46288
        RESERVED
 CVE-2022-46287
@@ -83,7 +87,7 @@ CVE-2022-4280 (A vulnerability, which was classified as 
problematic, has been fo
        NOT-FOR-US: Dot Tech Smart Campus System
 CVE-2022-4279 (A vulnerability classified as problematic has been found in 
SourceCode ...)
        NOT-FOR-US: SourceCodester Human Resource Management System
-CVE-2022-4278 (A vulnerability was found in SourceCodester Book Store 
Management Syst ...)
+CVE-2022-4278 (A vulnerability was found in SourceCodester Human Resource 
Management  ...)
        NOT-FOR-US: SourceCodester Book Store Management System
 CVE-2022-4277 (A vulnerability was found in Shaoxing Background Management 
System. It ...)
        NOT-FOR-US: Shaoxing Background Management System
@@ -261,6 +265,7 @@ CVE-2023-21575
 CVE-2023-21574
        RESERVED
 CVE-2022-4262 (Type confusion in V8 in Google Chrome prior to 108.0.5359.94 
allowed a ...)
+       {DSA-5295-1}
        - chromium 108.0.5359.94-1
        [buster] - chromium <end-of-life> (see DSA 5046)
 CVE-2023-21573
@@ -10456,30 +10461,30 @@ CVE-2022-43509
        RESERVED
 CVE-2022-43508
        RESERVED
-CVE-2022-43504
-       RESERVED
-CVE-2022-43500
-       RESERVED
-CVE-2022-43497
-       RESERVED
-CVE-2022-43487
-       RESERVED
-CVE-2022-43484
-       RESERVED
-CVE-2022-43470
-       RESERVED
-CVE-2022-43442
-       RESERVED
+CVE-2022-43504 (Improper authentication vulnerability in WordPress versions 
prior to 6 ...)
+       TODO: check
+CVE-2022-43500 (Cross-site scripting vulnerability in WordPress versions prior 
to 6.0. ...)
+       TODO: check
+CVE-2022-43497 (Cross-site scripting vulnerability in WordPress versions prior 
to 6.0. ...)
+       TODO: check
+CVE-2022-43487 (Cross-site scripting vulnerability in Salon booking system 
versions pr ...)
+       TODO: check
+CVE-2022-43484 (TERASOLUNA Global Framework 1.0.0 (Public review version) and 
TERASOLU ...)
+       TODO: check
+CVE-2022-43470 (Cross-site request forgery (CSRF) vulnerability in +F FS040U 
software  ...)
+       TODO: check
+CVE-2022-43442 (Plaintext storage of a password vulnerability exists in +F 
FS040U soft ...)
+       TODO: check
 CVE-2022-42486
        RESERVED
 CVE-2022-41994
        RESERVED
-CVE-2022-41830
-       RESERVED
-CVE-2022-41807
-       RESERVED
-CVE-2022-41798
-       RESERVED
+CVE-2022-41830 (Stored cross-site scripting vulnerability in Kyocera Document 
Solution ...)
+       TODO: check
+CVE-2022-41807 (Missing authorization vulnerability exists in Kyocera Document 
Solutio ...)
+       TODO: check
+CVE-2022-41798 (Session information easily guessable vulnerability exists in 
Kyocera D ...)
+       TODO: check
 CVE-2022-3680
        RESERVED
 CVE-2022-3679
@@ -10875,8 +10880,8 @@ CVE-2022-43514
        RESERVED
 CVE-2022-43513
        RESERVED
-CVE-2022-43499
-       RESERVED
+CVE-2022-43499 (Stored cross-site scripting vulnerability in SHIRASAGI 
versions prior  ...)
+       TODO: check
 CVE-2022-43492 (Auth. (subscriber+) Insecure Direct Object References (IDOR) 
vulnerabi ...)
        NOT-FOR-US: WordPress plugin
 CVE-2022-43491 (Cross-Site Request Forgery (CSRF) vulnerability in Advanced 
Dynamic Pr ...)
@@ -10891,8 +10896,8 @@ CVE-2022-43481 (Cross-Site Request Forgery (CSRF) 
vulnerability in Advanced Coup
        NOT-FOR-US: WordPress plugin
 CVE-2022-43480
        RESERVED
-CVE-2022-43479
-       RESERVED
+CVE-2022-43479 (Open redirect vulnerability in SHIRASAGI v1.14.4 to v1.15.0 
allows a r ...)
+       TODO: check
 CVE-2022-43476
        RESERVED
 CVE-2022-43472
@@ -11005,8 +11010,8 @@ CVE-2022-41619
        RESERVED
 CVE-2022-41554
        RESERVED
-CVE-2022-40968
-       RESERVED
+CVE-2022-40968 (Reflected Cross-Site Scripting (XSS) vulnerability in 2kb 
Amazon Affil ...)
+       TODO: check
 CVE-2022-40963 (Multiple Auth. (author+) Stored Cross-Site Scripting (XSS) 
vulnerabili ...)
        NOT-FOR-US: WordPress plugin
 CVE-2022-40698 (Auth. (subscriber+) Cross-Site Scripting (XSS) vulnerability 
in Quiz A ...)
@@ -11377,12 +11382,12 @@ CVE-2022-43380
        RESERVED
 CVE-2022-43379
        RESERVED
-CVE-2022-42496
-       RESERVED
-CVE-2022-41777
-       RESERVED
-CVE-2022-41642
-       RESERVED
+CVE-2022-42496 (OS command injection vulnerability in Nako3edit, editor 
component of n ...)
+       TODO: check
+CVE-2022-41777 (Improper check or handling of exceptional conditions 
vulnerability in  ...)
+       TODO: check
+CVE-2022-41642 (OS command injection vulnerability in Nadesiko3 (PC Version) 
v3.3.61 a ...)
+       TODO: check
 CVE-2022-3575 (Frauscher Sensortechnik GmbH FDS102 for FAdC R2 and FAdCi R2 
v2.8.0 to ...)
        NOT-FOR-US: Frauscher Sensortechnik
 CVE-2022-3574 (The WPForms Pro WordPress plugin before 1.7.7 does not validate 
its fo ...)
@@ -16104,8 +16109,8 @@ CVE-2022-36418
        RESERVED
 CVE-2022-36399
        RESERVED
-CVE-2022-35730
-       RESERVED
+CVE-2022-35730 (Cross-Site Request Forgery (CSRF) vulnerability in Oceanwp 
sticky head ...)
+       TODO: check
 CVE-2022-34840
        RESERVED
 CVE-2022-3347
@@ -68844,6 +68849,7 @@ CVE-2022-0237 (Rapid7 Insight Agent versions 3.1.2.38 
and earlier suffer from a
 CVE-2022-0236 (The WP Import Export WordPress plugin (both free and premium 
versions) ...)
        NOT-FOR-US: WordPress plugin
 CVE-2022-0235 (node-fetch is vulnerable to Exposure of Sensitive Information 
to an Un ...)
+       {DLA-3222-1}
        - node-fetch 2.6.1-7
        [bullseye] - node-fetch 2.6.1-5+deb11u1
        NOTE: https://huntr.dev/bounties/d26ab655-38d6-48b3-be15-f9ad6b6ae6f7/
@@ -135268,6 +135274,7 @@ CVE-2021-23520 (The package juce-framework/juce 
before 6.1.5 are vulnerable to A
 CVE-2021-23519
        RESERVED
 CVE-2021-23518 (The package cached-path-relative before 1.1.0 are vulnerable 
to Protot ...)
+       {DLA-3221-1}
        - node-cached-path-relative 1.1.0+~1.0.0-1 (bug #1004338)
        [bullseye] - node-cached-path-relative 1.0.2-1+deb11u1
        NOTE: 
https://github.com/ashaffer/cached-path-relative/commit/40c73bf70c58add5aec7d11e4f36b93d144bb760
@@ -291876,6 +291883,7 @@ CVE-2018-16474 (A stored xss in tianma-static module 
versions &lt;=1.0.4 allows
 CVE-2018-16473 (A path traversal in takeapeek module versions &lt;=0.2.2 
allows an att ...)
        NOT-FOR-US: takeapeek
 CVE-2018-16472 (A prototype pollution attack in cached-path-relative versions 
&lt;=1.0 ...)
+       {DLA-3221-1}
        - node-cached-path-relative 1.0.2-1
        NOTE: https://hackerone.com/reports/390847
        NOTE: https://github.com/ashaffer/cached-path-relative/issues/3



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d436107725d31992fd0d97a6534c3b98d17cd4b5

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d436107725d31992fd0d97a6534c3b98d17cd4b5
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to