Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
41b6e0d5 by security tracker role at 2022-12-14T08:10:16+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,179 @@
+CVE-2023-21773
+ RESERVED
+CVE-2023-21772
+ RESERVED
+CVE-2023-21771
+ RESERVED
+CVE-2023-21770
+ RESERVED
+CVE-2023-21769
+ RESERVED
+CVE-2023-21768
+ RESERVED
+CVE-2023-21767
+ RESERVED
+CVE-2023-21766
+ RESERVED
+CVE-2023-21765
+ RESERVED
+CVE-2023-21764
+ RESERVED
+CVE-2023-21763
+ RESERVED
+CVE-2023-21762
+ RESERVED
+CVE-2023-21761
+ RESERVED
+CVE-2023-21760
+ RESERVED
+CVE-2023-21759
+ RESERVED
+CVE-2023-21758
+ RESERVED
+CVE-2023-21757
+ RESERVED
+CVE-2023-21756
+ RESERVED
+CVE-2023-21755
+ RESERVED
+CVE-2023-21754
+ RESERVED
+CVE-2023-21753
+ RESERVED
+CVE-2023-21752
+ RESERVED
+CVE-2023-21751
+ RESERVED
+CVE-2023-21750
+ RESERVED
+CVE-2023-21749
+ RESERVED
+CVE-2023-21748
+ RESERVED
+CVE-2023-21747
+ RESERVED
+CVE-2023-21746
+ RESERVED
+CVE-2023-21745
+ RESERVED
+CVE-2023-21744
+ RESERVED
+CVE-2023-21743
+ RESERVED
+CVE-2023-21742
+ RESERVED
+CVE-2023-21741
+ RESERVED
+CVE-2023-21740
+ RESERVED
+CVE-2023-21739
+ RESERVED
+CVE-2023-21738
+ RESERVED
+CVE-2023-21737
+ RESERVED
+CVE-2023-21736
+ RESERVED
+CVE-2023-21735
+ RESERVED
+CVE-2023-21734
+ RESERVED
+CVE-2023-21733
+ RESERVED
+CVE-2023-21732
+ RESERVED
+CVE-2023-21731
+ RESERVED
+CVE-2023-21730
+ RESERVED
+CVE-2023-21729
+ RESERVED
+CVE-2023-21728
+ RESERVED
+CVE-2023-21727
+ RESERVED
+CVE-2023-21726
+ RESERVED
+CVE-2023-21725
+ RESERVED
+CVE-2023-21724
+ RESERVED
+CVE-2022-47393
+ RESERVED
+CVE-2022-47392
+ RESERVED
+CVE-2022-47391
+ RESERVED
+CVE-2022-47390
+ RESERVED
+CVE-2022-47389
+ RESERVED
+CVE-2022-47388
+ RESERVED
+CVE-2022-47387
+ RESERVED
+CVE-2022-47386
+ RESERVED
+CVE-2022-47385
+ RESERVED
+CVE-2022-47384
+ RESERVED
+CVE-2022-47383
+ RESERVED
+CVE-2022-47382
+ RESERVED
+CVE-2022-47381
+ RESERVED
+CVE-2022-47380
+ RESERVED
+CVE-2022-47379
+ RESERVED
+CVE-2022-47378
+ RESERVED
+CVE-2022-47377
+ RESERVED
+CVE-2022-47376
+ RESERVED
+CVE-2022-46330
+ RESERVED
+CVE-2022-4475
+ RESERVED
+CVE-2022-4474
+ RESERVED
+CVE-2022-4473
+ RESERVED
+CVE-2022-4472
+ RESERVED
+CVE-2022-4471
+ RESERVED
+CVE-2022-4470
+ RESERVED
+CVE-2022-4469
+ RESERVED
+CVE-2022-4468
+ RESERVED
+CVE-2022-4467
+ RESERVED
+CVE-2022-4466
+ RESERVED
+CVE-2022-4465
+ RESERVED
+CVE-2022-4464
+ RESERVED
+CVE-2022-4463
+ RESERVED
+CVE-2022-4462
+ RESERVED
+CVE-2022-4461
+ RESERVED
+CVE-2022-4460
+ RESERVED
+CVE-2022-4459
+ RESERVED
+CVE-2022-4458
+ RESERVED
+CVE-2022-43543
+ RESERVED
CVE-2023-21723
RESERVED
CVE-2023-21722
@@ -492,16 +668,16 @@ CVE-2022-44450
RESERVED
CVE-2022-4441
RESERVED
-CVE-2022-4440
- RESERVED
-CVE-2022-4439
- RESERVED
-CVE-2022-4438
- RESERVED
-CVE-2022-4437
- RESERVED
-CVE-2022-4436
- RESERVED
+CVE-2022-4440 (Use after free in Profiles in Google Chrome prior to
108.0.5359.124 al ...)
+ TODO: check
+CVE-2022-4439 (Use after free in Aura in Google Chrome on Windows prior to
108.0.5359 ...)
+ TODO: check
+CVE-2022-4438 (Use after free in Blink Frames in Google Chrome prior to
108.0.5359.12 ...)
+ TODO: check
+CVE-2022-4437 (Use after free in Mojo IPC in Google Chrome prior to
108.0.5359.124 al ...)
+ TODO: check
+CVE-2022-4436 (Use after free in Blink Media in Google Chrome prior to
108.0.5359.124 ...)
+ TODO: check
CVE-2022-4435
RESERVED
CVE-2022-4434
@@ -2583,8 +2759,8 @@ CVE-2022-46406
RESERVED
CVE-2022-46405 (Mastodon through 4.0.2 allows attackers to cause a denial of
service ( ...)
- mastodon <itp> (bug #859741)
-CVE-2022-46404
- RESERVED
+CVE-2022-46404 (A command injection vulnerability has been identified in Atos
Unify Op ...)
+ TODO: check
CVE-2022-46403
RESERVED
CVE-2022-46402
@@ -2633,8 +2809,8 @@ CVE-2022-46383 (RackN Digital Rebar through 4.6.14, 4.7
through 4.7.22, 4.8 thro
NOT-FOR-US: RackN Digital Rebar
CVE-2022-46382 (RackN Digital Rebar through 4.6.14, 4.7 through 4.7.22, 4.8
through 4. ...)
NOT-FOR-US: RackN Digital Rebar
-CVE-2022-46381
- RESERVED
+CVE-2022-46381 (Certain Linear eMerge E3-Series devices are vulnerable to XSS
via the ...)
+ TODO: check
CVE-2022-4280 (A vulnerability, which was classified as problematic, has been
found i ...)
NOT-FOR-US: Dot Tech Smart Campus System
CVE-2022-4279 (A vulnerability classified as problematic has been found in
SourceCode ...)
@@ -3131,8 +3307,8 @@ CVE-2022-46310
RESERVED
CVE-2022-46281
RESERVED
-CVE-2022-4207
- RESERVED
+CVE-2022-4207 (The Image Hover Effects Ultimate plugin for WordPress is
vulnerable to ...)
+ TODO: check
CVE-2022-4206
RESERVED
- gitlab <unfixed>
@@ -3625,8 +3801,8 @@ CVE-2022-44606 (OS command injection vulnerability in
UDR-JA1604/UDR-JA1608/UDR-
NOT-FOR-US: UDR-JA1604/UDR-JA1608/UDR-JA1616 firmware
CVE-2022-43464 (Hidden functionality vulnerability in
UDR-JA1604/UDR-JA1608/UDR-JA1616 ...)
NOT-FOR-US: UDR-JA1604/UDR-JA1608/UDR-JA1616 firmware
-CVE-2022-4171
- RESERVED
+CVE-2022-4171 (The demon image annotation plugin for WordPress is vulnerable
to impro ...)
+ TODO: check
CVE-2022-4170 (The rxvt-unicode package is vulnerable to a remote code
execution, in ...)
- rxvt-unicode <unfixed> (bug #1025489)
[bullseye] - rxvt-unicode <not-affected> (Vulnerable code introduced
later)
@@ -4148,7 +4324,7 @@ CVE-2022-4145
NOT-FOR-US: OpenShift
CVE-2022-45910 (Improper neutralization of special elements used in an LDAP
query ('LD ...)
NOT-FOR-US: Apache ManifoldCF
-CVE-2022-45909 (drachtio-server 0.8.18 has a heap-based buffer over-read via a
long Re ...)
+CVE-2022-45909 (drachtio-server before 0.8.19 has a heap-based buffer
over-read via a ...)
NOT-FOR-US: drachtio-server
CVE-2022-45908 (In PaddlePaddle before 2.4, paddle.audio.functional.get_window
is vuln ...)
NOT-FOR-US: PaddlePaddle
@@ -7259,8 +7435,8 @@ CVE-2022-44876
RESERVED
CVE-2022-44875
RESERVED
-CVE-2022-44874
- RESERVED
+CVE-2022-44874 (wasm3 commit 7890a2097569fde845881e0b352d813573e371f9 was
discovered t ...)
+ TODO: check
CVE-2022-44873
RESERVED
CVE-2022-44872
@@ -10470,8 +10646,8 @@ CVE-2022-3753 (The Evaluate WordPress plugin through
1.0 does not sanitize and e
NOT-FOR-US: WordPress plugin
CVE-2022-43997
RESERVED
-CVE-2022-43996
- RESERVED
+CVE-2022-43996 (The csaf_provider package before 0.8.2 allows XSS via a
crafted CSAF d ...)
+ TODO: check
CVE-2022-43995 (Sudo 1.8.0 through 1.9.12, with the crypt() password backend,
contains ...)
- sudo <unfixed> (unimportant)
NOTE: Fixed by:
https://github.com/sudo-project/sudo/commit/bd209b9f16fcd1270c13db27ae3329c677d48050
@@ -17380,12 +17556,12 @@ CVE-2022-42143 (Open Source SACCO Management System
v1.0 is vulnerable to SQL In
NOT-FOR-US: Open Source SACCO Management System
CVE-2022-42142 (Online Tours & Travels Management System v1.0 is
vulnerable to Arb ...)
NOT-FOR-US: Online Tours & Travels Management System
-CVE-2022-42141
- RESERVED
-CVE-2022-42140
- RESERVED
-CVE-2022-42139
- RESERVED
+CVE-2022-42141 (Delta Electronics DX-2100-L1-CN 2.42 is vulnerable to Cross
Site Scrip ...)
+ TODO: check
+CVE-2022-42140 (Delta Electronics DX-2100-L1-CN 2.42 is vulnerable to Command
Injectio ...)
+ TODO: check
+CVE-2022-42139 (Delta Electronics DVW-W02W2-E2 1.5.0.10 is vulnerable to
Command Injec ...)
+ TODO: check
CVE-2022-42138
RESERVED
CVE-2022-42137
@@ -18208,8 +18384,8 @@ CVE-2022-41657 (Delta Electronics InfraSuite Device
Master Versions 00.00.01a an
NOT-FOR-US: Delta Electronics
CVE-2022-41654
RESERVED
-CVE-2022-41653
- RESERVED
+CVE-2022-41653 (Daikin SVMPC1 version 2.1.22 and prior and SVMPC2 version
1.2.3 and pr ...)
+ TODO: check
CVE-2022-41651 (The affected product DIAEnergie (versions prior to
v1.9.01.002) is vul ...)
NOT-FOR-US: DIAEnergie
CVE-2022-41648 (The HEIDENHAIN Controller TNC 640, version 340590 07 SP5,
running HERO ...)
@@ -18246,8 +18422,8 @@ CVE-2022-40201
RESERVED
CVE-2022-40190 (SAUTER Controls moduWeb firmware version 2.7.1 is vulnerable
to reflec ...)
NOT-FOR-US: SAUTER Controls moduWeb firmware
-CVE-2022-38355
- RESERVED
+CVE-2022-38355 (Daikin SVMPC1 version 2.1.22 and prior and SVMPC2 version
1.2.3 and pr ...)
+ TODO: check
CVE-2022-38142 (Delta Electronics InfraSuite Device Master versions 00.00.01a
and prio ...)
NOT-FOR-US: Delta Electronics
CVE-2022-3361 (The Ultimate Member plugin for WordPress is vulnerable to
directory tr ...)
@@ -22035,8 +22211,8 @@ CVE-2022-40266 (Improper Input Validation vulnerability
in Mitsubishi Electric G
NOT-FOR-US: Mitsubishi
CVE-2022-40265 (Improper Input Validation vulnerability in Mitsubishi Electric
Corpora ...)
NOT-FOR-US: Mitsubishi
-CVE-2022-40264
- RESERVED
+CVE-2022-40264 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
+ TODO: check
CVE-2022-40263 (BD Totalys MultiProcessor, versions 1.70 and earlier, contain
hardcode ...)
NOT-FOR-US: BD Totalys MultiProcessor
CVE-2022-40262 (A potential attacker can execute an arbitrary code at the time
of the ...)
@@ -26237,16 +26413,16 @@ CVE-2022-2953 (LibTIFF 4.4.0 has an out-of-bounds
read in extractImageSection in
NOTE: Crash in CLI tool, no security impact
CVE-2022-2952 (GE CIMPICITY versions 2022 and prior is vulnerable when data
from a fa ...)
NOT-FOR-US: GE CIMPICITY
-CVE-2022-2951
- RESERVED
-CVE-2022-2950
- RESERVED
-CVE-2022-2949
- RESERVED
+CVE-2022-2951 (Altair HyperView Player versions 2021.1.0.27 and prior are
vulnerable ...)
+ TODO: check
+CVE-2022-2950 (Altair HyperView Player versions 2021.1.0.27 and prior are
vulnerable ...)
+ TODO: check
+CVE-2022-2949 (Altair HyperView Player versions 2021.1.0.27 and prior are
vulnerable ...)
+ TODO: check
CVE-2022-2948 (GE CIMPICITY versions 2022 and prior is vulnerable to a
heap-based buf ...)
NOT-FOR-US: GE CIMPICITY
-CVE-2022-2947
- RESERVED
+CVE-2022-2947 (Altair HyperView Player versions 2021.1.0.27 and prior perform
operati ...)
+ TODO: check
CVE-2022-38666 (Jenkins NS-ND Integration Performance Publisher Plugin
4.8.0.146 and e ...)
NOT-FOR-US: Jenkins plugin
CVE-2022-38665 (Jenkins CollabNet Plugins Plugin 2.0.8 and earlier stores a
RabbitMQ p ...)
@@ -26389,8 +26565,8 @@ CVE-2022-38630
RESERVED
CVE-2022-38629
RESERVED
-CVE-2022-38628
- RESERVED
+CVE-2022-38628 (Nortek Linear eMerge E3-Series 0.32-08f, 0.32-07p, 0.32-07e,
0.32-09c, ...)
+ TODO: check
CVE-2022-38627
RESERVED
CVE-2022-38626
@@ -28016,8 +28192,8 @@ CVE-2022-2759 (Delta Electronics Delta Robot Automation
Studio (DRAS) versions p
NOT-FOR-US: Delta Electronics
CVE-2022-2758 (Passwords are not adequately encrypted during the communication
proces ...)
NOT-FOR-US: LS Industrial Systems (LSIS) Co. Ltd
-CVE-2022-2757
- RESERVED
+CVE-2022-2757 (Due to the lack of adequately implemented access-control rules,
all ve ...)
+ TODO: check
CVE-2022-2756 (Server-Side Request Forgery (SSRF) in GitHub repository
kareadita/kavi ...)
NOT-FOR-US: Kareadita/Kavita
CVE-2022-2755
@@ -29782,8 +29958,8 @@ CVE-2022-2662 (Sequi PortBloque S has a improper
authentication issues which may
NOT-FOR-US: Sequi PortBloque S
CVE-2022-2661 (Sequi PortBloque S has an improper authorization vulnerability,
which ...)
NOT-FOR-US: Sequi PortBloque S
-CVE-2022-2660
- RESERVED
+CVE-2022-2660 (Delta Industrial Automation DIALink versions 1.4.0.0 and prior
are vul ...)
+ TODO: check
CVE-2022-2659
RESERVED
CVE-2022-2658
@@ -30494,8 +30670,8 @@ CVE-2022-37157
RESERVED
CVE-2022-37156
RESERVED
-CVE-2022-37155
- RESERVED
+CVE-2022-37155 (RCE in SPIP 3.1.13 through 4.1.2 allows remote authenticated
users to ...)
+ TODO: check
CVE-2022-37154
RESERVED
CVE-2022-37153 (An issue was discovered in Artica Proxy 4.30.000000. There is
a XSS vu ...)
@@ -62499,8 +62675,8 @@ CVE-2022-24429 (The package convert-svg-core before
0.6.3 are vulnerable to Arbi
NOT-FOR-US: Node convert-svg-core
CVE-2022-24381 (All versions of package asneg/opcuastack are vulnerable to
Denial of S ...)
NOT-FOR-US: ASNeG/OpcUaStack
-CVE-2022-24377
- RESERVED
+CVE-2022-24377 (The package cycle-import-check before 1.3.2 are vulnerable to
Command ...)
+ TODO: check
CVE-2022-24376 (All versions of package git-promise are vulnerable to Command
Injectio ...)
NOT-FOR-US: Node git-promise
CVE-2022-24375 (The package node-opcua before 2.74.0 are vulnerable to Denial
of Servi ...)
@@ -70365,8 +70541,8 @@ CVE-2022-23501
RESERVED
CVE-2022-23500
RESERVED
-CVE-2022-23499
- RESERVED
+CVE-2022-23499 (HTML sanitizer is written in PHP, aiming to provide XSS-safe
markup ba ...)
+ TODO: check
CVE-2022-23498
RESERVED
CVE-2022-23497 (FreshRSS is a free, self-hostable RSS aggregator. User
configuration f ...)
@@ -77261,8 +77437,8 @@ CVE-2022-22065 (Out of bound read in WLAN HOST due to
improper length check can
NOT-FOR-US: Snapdragon
CVE-2022-22064 (Possible buffer over read due to lack of size validation while
unpacki ...)
NOT-FOR-US: Snapdragon
-CVE-2022-22063
- RESERVED
+CVE-2022-22063 (Memory corruption in Core due to improper configuration in
boot remapp ...)
+ TODO: check
CVE-2022-22062 (An out-of-bounds read can occur while parsing a server
certificate due ...)
NOT-FOR-US: Snapdragon
CVE-2022-22061 (Out of bounds writing is possible while verifying device IDs
due to im ...)
@@ -204885,10 +205061,10 @@ CVE-2019-20484 (An issue was discovered in Viki
Vera 4.9.1.26180. A user without
NOT-FOR-US: Viki Vera
CVE-2019-20483 (An issue was discovered in Viki Vera 4.9.1.26180. An attacker
could se ...)
NOT-FOR-US: Viki Vera
-CVE-2020-9420
- RESERVED
-CVE-2020-9419
- RESERVED
+CVE-2020-9420 (The login password of the web administrative dashboard in
Arcadyan Wif ...)
+ TODO: check
+CVE-2020-9419 (Multiple stored cross-site scripting (XSS) vulnerabilities in
Arcadyan ...)
+ TODO: check
CVE-2020-9431 (In Wireshark 3.2.0 to 3.2.1, 3.0.0 to 3.0.8, and 2.6.0 to
2.6.14, the ...)
{DLA-2547-1}
- wireshark 3.2.2-1
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/41b6e0d5d767043a7e21435310502edf6c4a01a0
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/41b6e0d5d767043a7e21435310502edf6c4a01a0
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
