[Git][security-tracker-team/security-tracker][master] automatic update

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
add796c4 by security tracker role at 2022-11-30T20:10:23+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,65 @@
+CVE-2022-46359
+       RESERVED
+CVE-2022-46358
+       RESERVED
+CVE-2022-46357
+       RESERVED
+CVE-2022-46356
+       RESERVED
+CVE-2022-46355
+       RESERVED
+CVE-2022-46354
+       RESERVED
+CVE-2022-46353
+       RESERVED
+CVE-2022-46352
+       RESERVED
+CVE-2022-46351
+       RESERVED
+CVE-2022-46350
+       RESERVED
+CVE-2022-46349
+       RESERVED
+CVE-2022-46348
+       RESERVED
+CVE-2022-46347
+       RESERVED
+CVE-2022-46346
+       RESERVED
+CVE-2022-46345
+       RESERVED
+CVE-2022-4239
+       RESERVED
+CVE-2022-4238
+       RESERVED
+CVE-2022-4237
+       RESERVED
+CVE-2022-4236
+       RESERVED
+CVE-2022-4235
+       RESERVED
+CVE-2022-4234 (A vulnerability was found in SourceCodester Canteen Management 
System. ...)
+       TODO: check
+CVE-2022-4233 (A vulnerability has been found in SourceCodester Event 
Registration Sy ...)
+       TODO: check
+CVE-2022-4232 (A vulnerability, which was classified as critical, was found in 
Source ...)
+       TODO: check
+CVE-2022-4231 (A vulnerability, which was classified as problematic, has been 
found i ...)
+       TODO: check
+CVE-2022-4230
+       RESERVED
+CVE-2022-4229 (A vulnerability classified as critical was found in 
SourceCodester Boo ...)
+       TODO: check
+CVE-2022-4228 (A vulnerability classified as problematic has been found in 
SourceCode ...)
+       TODO: check
+CVE-2022-4227
+       RESERVED
+CVE-2022-4226
+       RESERVED
+CVE-2022-4225
+       RESERVED
+CVE-2021-4242 (A vulnerability was found in Sapido BR270n, BRC76n, GR297 and 
RB1732 a ...)
+       TODO: check
 CVE-2022-46344
        RESERVED
 CVE-2022-46343
@@ -522,8 +584,8 @@ CVE-2022-46151
        RESERVED
 CVE-2022-46150 (Discourse is an open-source discussion platform. Prior to 
version 2.8. ...)
        NOT-FOR-US: Discourse
-CVE-2022-46149
-       RESERVED
+CVE-2022-46149 (Cap'n Proto is a data interchange format and remote procedure 
call (RP ...)
+       TODO: check
 CVE-2022-46148 (Discourse is an open-source messaging platform. In versions 
2.8.10 and ...)
        NOT-FOR-US: Discourse
 CVE-2022-46147 (Drag and Drop XBlock v2 implements a drag-and-drop style 
problem, wher ...)
@@ -1266,8 +1328,8 @@ CVE-2022-45844
        RESERVED
 CVE-2022-45843
        RESERVED
-CVE-2022-45842
-       RESERVED
+CVE-2022-45842 (Unauth. Race Condition vulnerability in WP ULike Plugin <= 
4.6.4 on ...)
+       TODO: check
 CVE-2022-45841
        RESERVED
 CVE-2022-45840
@@ -4557,8 +4619,8 @@ CVE-2022-3861 (The Betheme theme for WordPress is 
vulnerable to PHP Object Injec
        NOT-FOR-US: Betheme theme for WordPress
 CVE-2022-3860
        RESERVED
-CVE-2022-3859
-       RESERVED
+CVE-2022-3859 (An uncontrolled search path vulnerability exists in Trellix 
Agent (TA) ...)
+       TODO: check
 CVE-2022-3858
        RESERVED
 CVE-2022-3857 [Null pointer dereference leads to segmentation fault]
@@ -6737,12 +6799,12 @@ CVE-2022-44298
        RESERVED
 CVE-2022-44297
        RESERVED
-CVE-2022-44296
-       RESERVED
-CVE-2022-44295
-       RESERVED
-CVE-2022-44294
-       RESERVED
+CVE-2022-44296 (Sanitization Management System v1.0 is vulnerable to SQL 
Injection via ...)
+       TODO: check
+CVE-2022-44295 (Sanitization Management System v1.0 is vulnerable to SQL 
Injection via ...)
+       TODO: check
+CVE-2022-44294 (Sanitization Management System v1.0 is vulnerable to SQL 
Injection via ...)
+       TODO: check
 CVE-2022-44293
        RESERVED
 CVE-2022-44292
@@ -7027,8 +7089,8 @@ CVE-2022-44153
        RESERVED
 CVE-2022-44152
        RESERVED
-CVE-2022-44151
-       RESERVED
+CVE-2022-44151 (Simple Inventory Management System v1.0 is vulnerable to SQL 
Injection ...)
+       TODO: check
 CVE-2022-44150
        RESERVED
 CVE-2022-44149
@@ -7057,8 +7119,8 @@ CVE-2022-44138
        RESERVED
 CVE-2022-44137
        RESERVED
-CVE-2022-44136
-       RESERVED
+CVE-2022-44136 (Zenario CMS 9.3.57186 is vulnerable to Remote Code Excution 
(RCE). ...)
+       TODO: check
 CVE-2022-44135
        RESERVED
 CVE-2022-44134
@@ -22302,12 +22364,12 @@ CVE-2022-38805
        RESERVED
 CVE-2022-38804
        RESERVED
-CVE-2022-38803
-       RESERVED
-CVE-2022-38802
-       RESERVED
-CVE-2022-38801
-       RESERVED
+CVE-2022-38803 (Zkteco BioTime < 8.5.3 Build:20200816.447 is vulnerable to 
Incorrec ...)
+       TODO: check
+CVE-2022-38802 (Zkteco BioTime < 8.5.3 Build:20200816.447 is vulnerable to 
Incorrec ...)
+       TODO: check
+CVE-2022-38801 (In Zkteco BioTime < 8.5.3 Build:20200816.447, an employee 
can hijac ...)
+       TODO: check
 CVE-2022-38800
        RESERVED
 CVE-2022-38799
@@ -25094,8 +25156,8 @@ CVE-2022-37934
        RESERVED
 CVE-2022-37933
        RESERVED
-CVE-2022-37932
-       RESERVED
+CVE-2022-37932 (A potential security vulnerability has been identified in 
Hewlett Pack ...)
+       TODO: check
 CVE-2022-37931 (A vulnerability in NetBatch-Plus software allows unauthorized 
access t ...)
        NOT-FOR-US: HPE
 CVE-2022-37930 (A security vulnerability has been identified in HPE Nimble 
Storage Hyb ...)
@@ -33309,8 +33371,8 @@ CVE-2022-29489 (Cross-Site Request Forgery (CSRF) 
vulnerability in Sucuri Securi
        NOT-FOR-US: WordPress plugin
 CVE-2022-27235 (Multiple Broken Access Control vulnerabilities in Social Share 
Buttons ...)
        NOT-FOR-US: WordPress plugin
-CVE-2022-26366
-       RESERVED
+CVE-2022-26366 (Cross-Site Request Forgery (CSRF) in AdRotate Banner Manager 
Plugin &l ...)
+       TODO: check
 CVE-2022-25952 (Cross-Site Request Forgery (CSRF) vulnerability in Keywordrush 
Content ...)
        NOT-FOR-US: WordPress plugin
 CVE-2022-2276 (The WP Edit Menu WordPress plugin before 1.5.0 does not have 
authorisa ...)
@@ -41559,8 +41621,8 @@ CVE-2022-1913 (The Add Post URL WordPress plugin 
through 2.1.0 does not have CSR
        NOT-FOR-US: WordPress plugin
 CVE-2022-1912 (The Button Widget Smartsoft plugin for WordPress is vulnerable 
to Cros ...)
        NOT-FOR-US: WordPress plugin
-CVE-2022-1911
-       RESERVED
+CVE-2022-1911 (Error in parser function in M-Files Server versions before 
22.6.11534. ...)
+       TODO: check
 CVE-2022-1910 (The Shortcodes and extra features for Phlox WordPress plugin 
before 2. ...)
        NOT-FOR-US: WordPress plugin
 CVE-2022-1909 (Cross-site Scripting (XSS) - Stored in GitHub repository 
causefx/organ ...)
@@ -46070,8 +46132,8 @@ CVE-2022-1608 (The OnePress Social Locker WordPress 
plugin through 5.6.2 does no
        NOT-FOR-US: WordPress plugin
 CVE-2022-1607
        RESERVED
-CVE-2022-1606
-       RESERVED
+CVE-2022-1606 (Incorrect privilege assignment in M-Files Server versions 
before 22.3. ...)
+       TODO: check
 CVE-2022-1605 (The Email Users WordPress plugin through 4.8.8 does not have 
CSRF chec ...)
        NOT-FOR-US: WordPress plugin
 CVE-2022-1604 (The MailerLite WordPress plugin before 1.5.4 does not sanitise 
and esc ...)
@@ -58945,8 +59007,8 @@ CVE-2022-24912 (The package 
github.com/runatlantis/atlantis/server/controllers/e
        NOT-FOR-US: github.com/runatlantis/atlantis
 CVE-2022-24909
        RESERVED
-CVE-2022-24441
-       RESERVED
+CVE-2022-24441 (The package snyk before 1.1064.0 are vulnerable to Code 
Injection when ...)
+       TODO: check
 CVE-2022-24440 (The package cocoapods-downloader before 1.6.0, from 1.6.2 and 
before 1 ...)
        NOT-FOR-US: cocoapods-downloader
 CVE-2022-24439
@@ -59006,8 +59068,8 @@ CVE-2022-23812 (This affects the package node-ipc from 
10.1.1 and before 10.1.3.
        NOT-FOR-US: Node ipc
 CVE-2022-23811
        RESERVED
-CVE-2022-22984
-       RESERVED
+CVE-2022-22984 (The package snyk before 1.1064.0; the package snyk-mvn-plugin 
before 2 ...)
+       TODO: check
 CVE-2022-22143 (The package convict before 6.2.2 are vulnerable to Prototype 
Pollution ...)
        NOT-FOR-US: Node convict
 CVE-2022-22138 (All versions of package fast-string-search are vulnerable to 
Denial of ...)
@@ -66276,8 +66338,8 @@ CVE-2022-23748 (mDNSResponder.exe is vulnerable to DLL 
Sideloading attack. Execu
        NOT-FOR-US: Zoom
 CVE-2022-23747 (In Sony Xperia series 1, 5, and Pro, an out of bound memory 
access can ...)
        NOT-FOR-US: Sony
-CVE-2022-23746
-       RESERVED
+CVE-2022-23746 (The IPsec VPN blade has a dedicated portal for downloading and 
connect ...)
+       TODO: check
 CVE-2022-23745 (A potential memory corruption issue was found in Capsule 
Workspace And ...)
        NOT-FOR-US: Checkpoint Harmony Capsule Workspace
 CVE-2022-23744 (Check Point Endpoint before version E86.50 failed to protect 
against s ...)
@@ -113702,8 +113764,8 @@ CVE-2021-31742
        RESERVED
 CVE-2021-31741
        RESERVED
-CVE-2021-31740
-       RESERVED
+CVE-2021-31740 (SEPPMail's web frontend, user input is not embedded correctly 
in the w ...)
+       TODO: check
 CVE-2021-31739 (The SEPPmail solution is vulnerable to a Cross-Site Scripting 
vulnerab ...)
        NOT-FOR-US: SEPPmail
 CVE-2021-31738 (Adiscon LogAnalyzer 4.1.10 and 4.1.11 allow login.php XSS. ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/add796c4df9aee90292c8ac82cbc9df2a24d0db4

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/add796c4df9aee90292c8ac82cbc9df2a24d0db4
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits