Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: add796c4 by security tracker role at 2022-11-30T20:10:23+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,3 +1,65 @@ +CVE-2022-46359 + RESERVED +CVE-2022-46358 + RESERVED +CVE-2022-46357 + RESERVED +CVE-2022-46356 + RESERVED +CVE-2022-46355 + RESERVED +CVE-2022-46354 + RESERVED +CVE-2022-46353 + RESERVED +CVE-2022-46352 + RESERVED +CVE-2022-46351 + RESERVED +CVE-2022-46350 + RESERVED +CVE-2022-46349 + RESERVED +CVE-2022-46348 + RESERVED +CVE-2022-46347 + RESERVED +CVE-2022-46346 + RESERVED +CVE-2022-46345 + RESERVED +CVE-2022-4239 + RESERVED +CVE-2022-4238 + RESERVED +CVE-2022-4237 + RESERVED +CVE-2022-4236 + RESERVED +CVE-2022-4235 + RESERVED +CVE-2022-4234 (A vulnerability was found in SourceCodester Canteen Management System. ...) + TODO: check +CVE-2022-4233 (A vulnerability has been found in SourceCodester Event Registration Sy ...) + TODO: check +CVE-2022-4232 (A vulnerability, which was classified as critical, was found in Source ...) + TODO: check +CVE-2022-4231 (A vulnerability, which was classified as problematic, has been found i ...) + TODO: check +CVE-2022-4230 + RESERVED +CVE-2022-4229 (A vulnerability classified as critical was found in SourceCodester Boo ...) + TODO: check +CVE-2022-4228 (A vulnerability classified as problematic has been found in SourceCode ...) + TODO: check +CVE-2022-4227 + RESERVED +CVE-2022-4226 + RESERVED +CVE-2022-4225 + RESERVED +CVE-2021-4242 (A vulnerability was found in Sapido BR270n, BRC76n, GR297 and RB1732 a ...) + TODO: check CVE-2022-46344 RESERVED CVE-2022-46343 @@ -522,8 +584,8 @@ CVE-2022-46151 RESERVED CVE-2022-46150 (Discourse is an open-source discussion platform. Prior to version 2.8. ...) NOT-FOR-US: Discourse -CVE-2022-46149 - RESERVED +CVE-2022-46149 (Cap'n Proto is a data interchange format and remote procedure call (RP ...) + TODO: check CVE-2022-46148 (Discourse is an open-source messaging platform. In versions 2.8.10 and ...) NOT-FOR-US: Discourse CVE-2022-46147 (Drag and Drop XBlock v2 implements a drag-and-drop style problem, wher ...) @@ -1266,8 +1328,8 @@ CVE-2022-45844 RESERVED CVE-2022-45843 RESERVED -CVE-2022-45842 - RESERVED +CVE-2022-45842 (Unauth. Race Condition vulnerability in WP ULike Plugin <= 4.6.4 on ...) + TODO: check CVE-2022-45841 RESERVED CVE-2022-45840 @@ -4557,8 +4619,8 @@ CVE-2022-3861 (The Betheme theme for WordPress is vulnerable to PHP Object Injec NOT-FOR-US: Betheme theme for WordPress CVE-2022-3860 RESERVED -CVE-2022-3859 - RESERVED +CVE-2022-3859 (An uncontrolled search path vulnerability exists in Trellix Agent (TA) ...) + TODO: check CVE-2022-3858 RESERVED CVE-2022-3857 [Null pointer dereference leads to segmentation fault] @@ -6737,12 +6799,12 @@ CVE-2022-44298 RESERVED CVE-2022-44297 RESERVED -CVE-2022-44296 - RESERVED -CVE-2022-44295 - RESERVED -CVE-2022-44294 - RESERVED +CVE-2022-44296 (Sanitization Management System v1.0 is vulnerable to SQL Injection via ...) + TODO: check +CVE-2022-44295 (Sanitization Management System v1.0 is vulnerable to SQL Injection via ...) + TODO: check +CVE-2022-44294 (Sanitization Management System v1.0 is vulnerable to SQL Injection via ...) + TODO: check CVE-2022-44293 RESERVED CVE-2022-44292 @@ -7027,8 +7089,8 @@ CVE-2022-44153 RESERVED CVE-2022-44152 RESERVED -CVE-2022-44151 - RESERVED +CVE-2022-44151 (Simple Inventory Management System v1.0 is vulnerable to SQL Injection ...) + TODO: check CVE-2022-44150 RESERVED CVE-2022-44149 @@ -7057,8 +7119,8 @@ CVE-2022-44138 RESERVED CVE-2022-44137 RESERVED -CVE-2022-44136 - RESERVED +CVE-2022-44136 (Zenario CMS 9.3.57186 is vulnerable to Remote Code Excution (RCE). ...) + TODO: check CVE-2022-44135 RESERVED CVE-2022-44134 @@ -22302,12 +22364,12 @@ CVE-2022-38805 RESERVED CVE-2022-38804 RESERVED -CVE-2022-38803 - RESERVED -CVE-2022-38802 - RESERVED -CVE-2022-38801 - RESERVED +CVE-2022-38803 (Zkteco BioTime < 8.5.3 Build:20200816.447 is vulnerable to Incorrec ...) + TODO: check +CVE-2022-38802 (Zkteco BioTime < 8.5.3 Build:20200816.447 is vulnerable to Incorrec ...) + TODO: check +CVE-2022-38801 (In Zkteco BioTime < 8.5.3 Build:20200816.447, an employee can hijac ...) + TODO: check CVE-2022-38800 RESERVED CVE-2022-38799 @@ -25094,8 +25156,8 @@ CVE-2022-37934 RESERVED CVE-2022-37933 RESERVED -CVE-2022-37932 - RESERVED +CVE-2022-37932 (A potential security vulnerability has been identified in Hewlett Pack ...) + TODO: check CVE-2022-37931 (A vulnerability in NetBatch-Plus software allows unauthorized access t ...) NOT-FOR-US: HPE CVE-2022-37930 (A security vulnerability has been identified in HPE Nimble Storage Hyb ...) @@ -33309,8 +33371,8 @@ CVE-2022-29489 (Cross-Site Request Forgery (CSRF) vulnerability in Sucuri Securi NOT-FOR-US: WordPress plugin CVE-2022-27235 (Multiple Broken Access Control vulnerabilities in Social Share Buttons ...) NOT-FOR-US: WordPress plugin -CVE-2022-26366 - RESERVED +CVE-2022-26366 (Cross-Site Request Forgery (CSRF) in AdRotate Banner Manager Plugin &l ...) + TODO: check CVE-2022-25952 (Cross-Site Request Forgery (CSRF) vulnerability in Keywordrush Content ...) NOT-FOR-US: WordPress plugin CVE-2022-2276 (The WP Edit Menu WordPress plugin before 1.5.0 does not have authorisa ...) @@ -41559,8 +41621,8 @@ CVE-2022-1913 (The Add Post URL WordPress plugin through 2.1.0 does not have CSR NOT-FOR-US: WordPress plugin CVE-2022-1912 (The Button Widget Smartsoft plugin for WordPress is vulnerable to Cros ...) NOT-FOR-US: WordPress plugin -CVE-2022-1911 - RESERVED +CVE-2022-1911 (Error in parser function in M-Files Server versions before 22.6.11534. ...) + TODO: check CVE-2022-1910 (The Shortcodes and extra features for Phlox WordPress plugin before 2. ...) NOT-FOR-US: WordPress plugin CVE-2022-1909 (Cross-site Scripting (XSS) - Stored in GitHub repository causefx/organ ...) @@ -46070,8 +46132,8 @@ CVE-2022-1608 (The OnePress Social Locker WordPress plugin through 5.6.2 does no NOT-FOR-US: WordPress plugin CVE-2022-1607 RESERVED -CVE-2022-1606 - RESERVED +CVE-2022-1606 (Incorrect privilege assignment in M-Files Server versions before 22.3. ...) + TODO: check CVE-2022-1605 (The Email Users WordPress plugin through 4.8.8 does not have CSRF chec ...) NOT-FOR-US: WordPress plugin CVE-2022-1604 (The MailerLite WordPress plugin before 1.5.4 does not sanitise and esc ...) @@ -58945,8 +59007,8 @@ CVE-2022-24912 (The package github.com/runatlantis/atlantis/server/controllers/e NOT-FOR-US: github.com/runatlantis/atlantis CVE-2022-24909 RESERVED -CVE-2022-24441 - RESERVED +CVE-2022-24441 (The package snyk before 1.1064.0 are vulnerable to Code Injection when ...) + TODO: check CVE-2022-24440 (The package cocoapods-downloader before 1.6.0, from 1.6.2 and before 1 ...) NOT-FOR-US: cocoapods-downloader CVE-2022-24439 @@ -59006,8 +59068,8 @@ CVE-2022-23812 (This affects the package node-ipc from 10.1.1 and before 10.1.3. NOT-FOR-US: Node ipc CVE-2022-23811 RESERVED -CVE-2022-22984 - RESERVED +CVE-2022-22984 (The package snyk before 1.1064.0; the package snyk-mvn-plugin before 2 ...) + TODO: check CVE-2022-22143 (The package convict before 6.2.2 are vulnerable to Prototype Pollution ...) NOT-FOR-US: Node convict CVE-2022-22138 (All versions of package fast-string-search are vulnerable to Denial of ...) @@ -66276,8 +66338,8 @@ CVE-2022-23748 (mDNSResponder.exe is vulnerable to DLL Sideloading attack. Execu NOT-FOR-US: Zoom CVE-2022-23747 (In Sony Xperia series 1, 5, and Pro, an out of bound memory access can ...) NOT-FOR-US: Sony -CVE-2022-23746 - RESERVED +CVE-2022-23746 (The IPsec VPN blade has a dedicated portal for downloading and connect ...) + TODO: check CVE-2022-23745 (A potential memory corruption issue was found in Capsule Workspace And ...) NOT-FOR-US: Checkpoint Harmony Capsule Workspace CVE-2022-23744 (Check Point Endpoint before version E86.50 failed to protect against s ...) @@ -113702,8 +113764,8 @@ CVE-2021-31742 RESERVED CVE-2021-31741 RESERVED -CVE-2021-31740 - RESERVED +CVE-2021-31740 (SEPPMail's web frontend, user input is not embedded correctly in the w ...) + TODO: check CVE-2021-31739 (The SEPPmail solution is vulnerable to a Cross-Site Scripting vulnerab ...) NOT-FOR-US: SEPPmail CVE-2021-31738 (Adiscon LogAnalyzer 4.1.10 and 4.1.11 allow login.php XSS. ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/add796c4df9aee90292c8ac82cbc9df2a24d0db4 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/add796c4df9aee90292c8ac82cbc9df2a24d0db4 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits