Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
673cdbbc by security tracker role at 2022-12-25T08:10:12+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,21 @@
+CVE-2022-47952
+ RESERVED
+CVE-2022-47951
+ RESERVED
+CVE-2022-47950
+ RESERVED
+CVE-2022-47949 (The Nintendo NetworkBuffer class, as used in Animal Crossing:
New Hori ...)
+ TODO: check
+CVE-2022-47948
+ RESERVED
+CVE-2022-47947
+ RESERVED
+CVE-2022-4734 (Exposure of Sensitive Information to an Unauthorized Actor in
GitHub r ...)
+ TODO: check
+CVE-2022-4733 (Cross-site Scripting (XSS) - Stored in GitHub repository
openemr/opene ...)
+ TODO: check
+CVE-2022-4732 (Unrestricted Upload of File with Dangerous Type in GitHub
repository m ...)
+ TODO: check
CVE-2022-4731
RESERVED
CVE-2022-4730 (A vulnerability was found in Graphite Web. It has been
classified as p ...)
@@ -10,7 +28,7 @@ CVE-2022-4727 (A vulnerability, which was classified as
problematic, was found i
TODO: check
CVE-2022-4726 (A vulnerability classified as critical was found in
SourceCodester San ...)
TODO: check
-CVE-2022-4725 (A vulnerability was found in AWS SDK 2.59.1. It has been rated
as crit ...)
+CVE-2022-4725 (A vulnerability was found in AWS SDK 2.59.0. It has been rated
as crit ...)
TODO: check
CVE-2021-4277
RESERVED
@@ -161,12 +179,12 @@ CVE-2022-47938 (An issue was discovered in ksmbd in the
Linux kernel before 5.19
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/824d4f64c20093275f72fc8101394d75ff6a249e (6.0-rc1)
NOTE: https://www.zerodayinitiative.com/advisories/ZDI-CAN-17818/
-CVE-2022-47934
- RESERVED
-CVE-2022-47933
- RESERVED
-CVE-2022-47932
- RESERVED
+CVE-2022-47934 (Brave Browser before 1.43.88 allowed a remote attacker to
cause a deni ...)
+ TODO: check
+CVE-2022-47933 (Brave Browser before 1.42.51 allowed a remote attacker to
cause a deni ...)
+ TODO: check
+CVE-2022-47932 (Brave Browser before 1.43.34 allowed a remote attacker to
cause a deni ...)
+ TODO: check
CVE-2022-47931 (IO FinNet tss-lib before 2.0.0 allows a collision of hash
values. ...)
TODO: check
CVE-2022-47930
@@ -278,7 +296,7 @@ CVE-2022-4649
RESERVED
CVE-2020-36625 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in
destiny.g ...)
TODO: check
-CVE-2020-36624 (A vulnerability was found in ahorner text-helpers 1.1.0/1.1.1.
It has ...)
+CVE-2020-36624 (A vulnerability was found in ahorner text-helpers up to 1.0.x.
It has ...)
TODO: check
CVE-2022-47925
RESERVED
@@ -294,7 +312,7 @@ CVE-2022-4645
RESERVED
CVE-2022-4644 (Open Redirect in GitHub repository ikus060/rdiffweb prior to
2.5.4. ...)
- rdiffweb <itp> (bug #969974)
-CVE-2022-4643 (A vulnerability was found in docconv up to 1.3.4. It has been
declared ...)
+CVE-2022-4643 (A vulnerability was found in docconv up to 1.2.0. It has been
declared ...)
NOT-FOR-US: docconv
CVE-2022-4642 (A vulnerability was found in tatoeba2. It has been classified
as probl ...)
NOT-FOR-US: Tatoeba
@@ -308,7 +326,7 @@ CVE-2022-4639 (A vulnerability, which was classified as
critical, has been found
NOTE:
https://github.com/yrutschle/sslh/commit/b19f8a6046b080e4c2e28354a58556bb26040c6f
CVE-2022-4638 (A vulnerability classified as problematic was found in
collective.cont ...)
NOT-FOR-US: collective.contact.widget
-CVE-2022-4637 (A vulnerability classified as problematic has been found in
ep3-bs 1.8 ...)
+CVE-2022-4637 (A vulnerability classified as problematic has been found in
ep3-bs up ...)
NOT-FOR-US: ep3-bs
CVE-2022-4636
RESERVED
@@ -362,9 +380,9 @@ CVE-2022-46658
RESERVED
CVE-2022-4634
RESERVED
-CVE-2022-4633 (A vulnerability was found in Auto Upload Images 3.3.1 and
classified a ...)
+CVE-2022-4633 (A vulnerability was found in Auto Upload Images up to 3.3.0 and
classi ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-4632 (A vulnerability has been found in Auto Upload Images 3.3.1 and
classif ...)
+CVE-2022-4632 (A vulnerability has been found in Auto Upload Images up to
3.3.0 and c ...)
NOT-FOR-US: WordPress plugin
CVE-2022-4631 (A vulnerability, which was classified as problematic, was found
in WP- ...)
NOT-FOR-US: WordPress plugin
@@ -440,7 +458,7 @@ CVE-2020-36622 (A vulnerability was found in sah-comp
bienlein and classified as
NOT-FOR-US: sah-comp bienlein
CVE-2020-36621 (A vulnerability, which was classified as problematic, has been
found i ...)
NOT-FOR-US: chedabob whatismyudid
-CVE-2020-36620 (A vulnerability was found in Brondahl EnumStringValues 4.0.1.
It has b ...)
+CVE-2020-36620 (A vulnerability was found in Brondahl EnumStringValues up to
4.0.0. It ...)
NOT-FOR-US: Brondahl EnumStringValues
CVE-2023-22381
RESERVED
@@ -1298,7 +1316,7 @@ CVE-2021-4261 (A vulnerability classified as critical has
been found in pacman-c
NOT-FOR-US: pacman-canvas
CVE-2021-4260 (A vulnerability was found in oils-js. It has been declared as
critical ...)
NOT-FOR-US: oils-js
-CVE-2021-4259 (A vulnerability was found in phpRedisAdmin up to 1.17.3. It has
been c ...)
+CVE-2021-4259 (A vulnerability was found in phpRedisAdmin up to 1.16.1. It has
been c ...)
NOT-FOR-US: phpRedisAdmin
CVE-2021-4258 (** DISPUTED ** A vulnerability was found in whohas. It has been
rated ...)
- whohas <unfixed> (unimportant)
@@ -2448,7 +2466,7 @@ CVE-2022-4562
RESERVED
CVE-2022-4561 (A vulnerability classified as problematic has been found in
SemanticDr ...)
NOT-FOR-US: SemanticDrilldown MediaWiki extension
-CVE-2022-4560 (A vulnerability was found in Joget up to 7.0.32. It has been
rated as ...)
+CVE-2022-4560 (A vulnerability was found in Joget up to 7.0.31. It has been
rated as ...)
NOT-FOR-US: Joget
CVE-2022-4559 (A vulnerability was found in INEX IPX-Manager up to 6.2.0. It
has been ...)
NOT-FOR-US: INEX IPX-Manager
@@ -2529,7 +2547,7 @@ CVE-2022-4529
RESERVED
CVE-2022-4528
RESERVED
-CVE-2022-4527 (A vulnerability was found in collective.task up to 3.0.9. It
has been ...)
+CVE-2022-4527 (A vulnerability was found in collective.task up to 3.0.8. It
has been ...)
NOT-FOR-US: collective.task
CVE-2022-4526 (A vulnerability was found in django-photologue up to 3.15.1 and
classi ...)
NOT-FOR-US: django-photologue
@@ -7333,22 +7351,22 @@ CVE-2022-4139
NOTE:
https://git.kernel.org/linus/04aa64375f48a5d430b5550d9271f8428883e550
CVE-2022-45897
RESERVED
-CVE-2022-45896
- RESERVED
-CVE-2022-45895
- RESERVED
-CVE-2022-45894
- RESERVED
-CVE-2022-45893
- RESERVED
-CVE-2022-45892
- RESERVED
-CVE-2022-45891
- RESERVED
-CVE-2022-45890
- RESERVED
-CVE-2022-45889
- RESERVED
+CVE-2022-45896 (Planet eStream before 6.72.10.07 allows unauthenticated upload
of arbi ...)
+ TODO: check
+CVE-2022-45895 (Planet eStream before 6.72.10.07 discloses sensitive
information, rela ...)
+ TODO: check
+CVE-2022-45894 (GetFile.aspx in Planet eStream before 6.72.10.07 allows ..\
directory ...)
+ TODO: check
+CVE-2022-45893 (Planet eStream before 6.72.10.07 allows a low-privileged user
to gain ...)
+ TODO: check
+CVE-2022-45892 (In Planet eStream before 6.72.10.07, multiple Stored
Cross-Site Script ...)
+ TODO: check
+CVE-2022-45891 (Planet eStream before 6.72.10.07 allows attackers to call
restricted f ...)
+ TODO: check
+CVE-2022-45890 (In Planet eStream before 6.72.10.07, a Reflected Cross-Site
Scripting ...)
+ TODO: check
+CVE-2022-45889 (Planet eStream before 6.72.10.07 allows a remote attacker (who
is a pu ...)
+ TODO: check
CVE-2022-45888 (An issue was discovered in the Linux kernel through 6.0.9.
drivers/cha ...)
- linux <unfixed>
[bullseye] - linux <not-affected> (Vulnerable code introduced later)
@@ -9495,8 +9513,7 @@ CVE-2022-3964 (A vulnerability classified as problematic
has been found in ffmpe
[bullseye] - ffmpeg <postponed> (Wait until it lands in 4.1.x)
[buster] - ffmpeg <postponed> (Wait until it lands in 4.1.x)
NOTE:
https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/92f9b28ed84a77138105475beba16c146bdaf984
-CVE-2022-45197 [missing certificate hostname validation]
- RESERVED
+CVE-2022-45197 (Slixmpp before 1.8.3 lacks SSL Certificate hostname validation
in XMLS ...)
- slixmpp 1.8.3-1
[bullseye] - slixmpp <no-dsa> (Minor issue)
[buster] - slixmpp <no-dsa> (Minor issue)
@@ -11967,8 +11984,7 @@ CVE-2022-44641 (In Linaro Automated Validation
Architecture (LAVA) before 2022.1
- lava <unfixed> (bug #1024429)
NOTE:
https://lists.lavasoftware.org/archives/list/[email protected]/thread/WHXGQMIZAPW3GCQEXYHC32N2ZAAAIYCY/
NOTE:
https://git.lavasoftware.org/lava/lava/-/commit/1bee0f8957741582c2bed800974f31439c6f3ff5
(2022.11)
-CVE-2022-44640 [Invalid free in ASN.1 codec]
- RESERVED
+CVE-2022-44640 (Heimdal before 7.7.1 allows remote attackers to execute
arbitrary code ...)
{DSA-5287-1 DLA-3206-1}
- heimdal 7.8.git20221115.a6cf945+dfsg-1 (bug #1024187)
- samba 2:4.17.4+dfsg-1
@@ -12799,10 +12815,10 @@ CVE-2022-44383
RESERVED
CVE-2022-44382
RESERVED
-CVE-2022-44381
- RESERVED
-CVE-2022-44380
- RESERVED
+CVE-2022-44381 (Snipe-IT through 6.0.14 allows attackers to check whether a
user accou ...)
+ TODO: check
+CVE-2022-44380 (Snipe-IT before 6.0.14 is vulnerable to Cross Site Scripting
(XSS) for ...)
+ TODO: check
CVE-2022-44379 (Automotive Shop Management System v1.0 is vulnerable to SQL
Injection ...)
NOT-FOR-US: Automotive Shop Management System
CVE-2022-44378 (Automotive Shop Management System v1.0 is vulnerable to SQL
via /asms/ ...)
@@ -13540,18 +13556,18 @@ CVE-2022-44019 (In Total.js 4 before 0e5ace7,
/api/common/ping can achieve remot
NOT-FOR-US: Total.js CMS
CVE-2022-44018
RESERVED
-CVE-2022-44017
- RESERVED
-CVE-2022-44016
- RESERVED
-CVE-2022-44015
- RESERVED
-CVE-2022-44014
- RESERVED
-CVE-2022-44013
- RESERVED
-CVE-2022-44012
- RESERVED
+CVE-2022-44017 (An issue was discovered in Simmeth Lieferantenmanager before
5.6. Due ...)
+ TODO: check
+CVE-2022-44016 (An issue was discovered in Simmeth Lieferantenmanager before
5.6. An a ...)
+ TODO: check
+CVE-2022-44015 (An issue was discovered in Simmeth Lieferantenmanager before
5.6. An a ...)
+ TODO: check
+CVE-2022-44014 (An issue was discovered in Simmeth Lieferantenmanager before
5.6. In t ...)
+ TODO: check
+CVE-2022-44013 (An issue was discovered in Simmeth Lieferantenmanager before
5.6. An a ...)
+ TODO: check
+CVE-2022-44012 (An issue was discovered in
/DS/LM_API/api/SelectionService/InsertQuery ...)
+ TODO: check
CVE-2022-44011
RESERVED
CVE-2022-44010
@@ -18218,8 +18234,8 @@ CVE-2022-42955 (The PassWork extension 5.0.9 for Chrome
and other browsers allow
NOT-FOR-US: PassWork extension for Chrome
CVE-2022-42954 (Keyfactor EJBCA before 7.10.0 allows XSS. ...)
NOT-FOR-US: Keyfactor EJBCA
-CVE-2022-42953
- RESERVED
+CVE-2022-42953 (Certain ZKTeco products (ZEM500-510-560-760, ZEM600-800,
ZEM720, ZMM) ...)
+ TODO: check
CVE-2022-42952
RESERVED
CVE-2022-42951
@@ -18496,8 +18512,7 @@ CVE-2022-42900 (Bentley MicroStation and
MicroStation-based applications may be
NOT-FOR-US: Bentley
CVE-2022-42899 (Bentley MicroStation and MicroStation-based applications may
be affect ...)
NOT-FOR-US: Bentley
-CVE-2022-42898 [krb5_pac_parse() buffer parsing vulnerability]
- RESERVED
+CVE-2022-42898 (PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and
1.20.x befo ...)
{DSA-5287-1 DSA-5286-1 DLA-3213-1 DLA-3206-1}
- heimdal 7.8.git20221115.a6cf945+dfsg-1 (bug #1024187)
- krb5 1.20.1-1 (bug #1024267)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/673cdbbcb966dac0701e21fc1f6ea43d6d5fbe66
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/673cdbbcb966dac0701e21fc1f6ea43d6d5fbe66
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
