[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) Sun, 01 Jan 2023 12:10:53 -0800


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
eca7adfc by security tracker role at 2023-01-01T20:10:35+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,27 @@
+CVE-2023-22551 (The FTP (aka "Implementation of a simple FTP client and 
server") proje ...)
+       TODO: check
+CVE-2023-0030
+       RESERVED
+CVE-2023-0029 (A vulnerability was found in Multilaser RE708 
RE1200R4GC-2T2R-V3_v3411 ...)
+       TODO: check
+CVE-2022-4869
+       RESERVED
+CVE-2022-48199
+       RESERVED
+CVE-2021-4297 (A vulnerability has been found in trampgeek jobe up to 1.6.4 
and class ...)
+       TODO: check
+CVE-2018-25063 (A vulnerability classified as problematic was found in Zenoss 
Dashboar ...)
+       TODO: check
+CVE-2018-25062 (A vulnerability classified as problematic has been found in 
flar2 Elem ...)
+       TODO: check
+CVE-2015-10006 (A vulnerability, which was classified as problematic, has been 
found i ...)
+       TODO: check
+CVE-2014-125030 (A vulnerability, which was classified as critical, has been 
found in t ...)
+       TODO: check
+CVE-2013-10006 (A vulnerability classified as problematic was found in Ziftr 
primecoin ...)
+       TODO: check
+CVE-2010-10002 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as 
problema ...)
+       TODO: check
 CVE-2023-22550
        RESERVED
 CVE-2023-22549
@@ -2255,8 +2279,8 @@ CVE-2022-47636
        RESERVED
 CVE-2022-47635 (Wildix WMS 6 before 6.02.20221216, WMS 5 before 5.04.20221214, 
and WMS ...)
        NOT-FOR-US: Wildix CMS
-CVE-2022-47634
-       RESERVED
+CVE-2022-47634 (M-Link Archive Server in Isode M-Link R16.2v1 through R17.0 
before R17 ...)
+       TODO: check
 CVE-2022-47633 (An image signature validation bypass vulnerability in Kyverno 
1.8.3 an ...)
        NOT-FOR-US: Kyverno
 CVE-2022-47632
@@ -10702,8 +10726,8 @@ CVE-2022-45215 (A cross-site scripting (XSS) 
vulnerability in Book Store Managem
        NOT-FOR-US: Book Store Management System
 CVE-2022-45214 (A cross-site scripting (XSS) vulnerability in Sanitization 
Management  ...)
        NOT-FOR-US: Sanitization Management System
-CVE-2022-45213
-       RESERVED
+CVE-2022-45213 (perfSONAR before 4.4.6 inadvertently supports the parse option 
for a f ...)
+       TODO: check
 CVE-2022-45212
        RESERVED
 CVE-2022-45211
@@ -11406,8 +11430,8 @@ CVE-2022-45029
        RESERVED
 CVE-2022-45028 (A cross-site scripting (XSS) vulnerability in Arris NVG443B 
9.3.0h3d36 ...)
        NOT-FOR-US: Arris
-CVE-2022-45027
-       RESERVED
+CVE-2022-45027 (perfSONAR before 4.4.6, when performing participant discovery, 
incorre ...)
+       TODO: check
 CVE-2022-45026 (An issue in Markdown Preview Enhanced v0.6.5 and v0.19.6 for 
VSCode an ...)
        NOT-FOR-US: Markdown Preview Enhanced
 CVE-2022-45025 (Markdown Preview Enhanced v0.6.5 and v0.19.6 for VSCode and 
Atom was d ...)
@@ -25471,8 +25495,8 @@ CVE-2022-40713 (An issue was discovered in NOKIA 
1350OMS R14.2. Multiple Relativ
        NOT-FOR-US: NOKIA
 CVE-2022-40712 (An issue was discovered in NOKIA 1350OMS R14.2. Reflected XSS 
exists u ...)
        NOT-FOR-US: NOKIA
-CVE-2022-40711
-       RESERVED
+CVE-2022-40711 (PrimeKey EJBCA 7.9.0.2 Community allows stored XSS in the End 
Entity s ...)
+       TODO: check
 CVE-2022-40710 (A link following vulnerability in Trend Micro Deep Security 20 
and Clo ...)
        NOT-FOR-US: Trend Micro
 CVE-2022-40709 (An Out-of-bounds read vulnerability in Trend Micro Deep 
Security 20 an ...)
@@ -28705,6 +28729,7 @@ CVE-2022-39355 (Discourse Patreon enables 
syncronization between Discourse Group
 CVE-2022-39354 (SputnikVM, also called evm, is a Rust implementation of 
Ethereum Virtu ...)
        NOT-FOR-US: Rust crate evm
 CVE-2022-39353 (xmldom is a pure JavaScript W3C standard-based (XML DOM Level 
2 Core)  ...)
+       {DLA-3260-1}
        - node-xmldom 0.8.6-1 (bug #1024736)
        [bullseye] - node-xmldom 0.5.0-1+deb11u2
        NOTE: 
https://github.com/xmldom/xmldom/security/advisories/GHSA-crh6-fp67-6883
@@ -33387,12 +33412,12 @@ CVE-2022-37789
        RESERVED
 CVE-2022-37788
        RESERVED
-CVE-2022-37787
-       RESERVED
-CVE-2022-37786
-       RESERVED
-CVE-2022-37785
-       RESERVED
+CVE-2022-37787 (An issue was discovered in WeCube platform 3.2.2. A DOM XSS 
vulnerabil ...)
+       TODO: check
+CVE-2022-37786 (An issue was discovered in WeCube Platform 3.2.2. There are 
multiple C ...)
+       TODO: check
+CVE-2022-37785 (An issue was discovered in WeCube Platform 3.2.2. Cleartext 
passwords  ...)
+       TODO: check
 CVE-2022-37784
        RESERVED
 CVE-2022-37783 (All Craft CMS versions between 3.0.0 and 3.7.32 disclose 
password hash ...)
@@ -42892,12 +42917,12 @@ CVE-2022-34326 (In ambiot amb1_sdk (aka SDK for 
Ameba1) before 2022-06-20 on Rea
        NOT-FOR-US: Realtek
 CVE-2022-34325 (DMA transactions which are targeted at input buffers used for 
the Stor ...)
        NOT-FOR-US: Insyde
-CVE-2022-34324
-       RESERVED
-CVE-2022-34323
-       RESERVED
-CVE-2022-34322
-       RESERVED
+CVE-2022-34324 (Multiple SQL injections in Sage XRT Business Exchange 12.4.302 
allow a ...)
+       TODO: check
+CVE-2022-34323 (Multiple XSS issues were discovered in Sage XRT Business 
Exchange 12.4 ...)
+       TODO: check
+CVE-2022-34322 (Multiple XSS issues were discovered in Sage Enterprise 
Intelligence 20 ...)
+       TODO: check
 CVE-2022-34321
        RESERVED
 CVE-2022-34320 (IBM CICS TX 11.1 uses weaker than expected cryptographic 
algorithms th ...)
@@ -149006,6 +149031,7 @@ CVE-2021-21368 (msgpack5 is a msgpack v5 
implementation for node.js and the brow
 CVE-2021-21367 (Switchboard Bluetooth Plug for elementary OS from version 
2.3.0 and be ...)
        NOT-FOR-US: Switchboard Bluetooth Plug for elementary OS
 CVE-2021-21366 (xmldom is a pure JavaScript W3C standard-based (XML DOM Level 
2 Core)  ...)
+       {DLA-3260-1}
        - node-xmldom 0.5.0-1
        NOTE: 
https://github.com/xmldom/xmldom/security/advisories/GHSA-h6q6-9hqw-rwfv
        NOTE: 
https://github.com/xmldom/xmldom/commit/d4201b9dfbf760049f457f9f08a3888d48835135



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/eca7adfcdb036f34d6070cf9198476c5cd6aac5a

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/eca7adfcdb036f34d6070cf9198476c5cd6aac5a
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to