[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Aug 3 09:10:19 BST 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
7ae1079f by security tracker role at 2022-08-03T08:10:11+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,7 @@
+CVE-2022-37393
+ RESERVED
+CVE-2022-2634
+ RESERVED
CVE-2022-37392
RESERVED
CVE-2022-37391
@@ -835,8 +839,8 @@ CVE-2022-37037
RESERVED
CVE-2022-37036
RESERVED
-CVE-2022-37035
- RESERVED
+CVE-2022-37035 (An issue was discovered in bgpd in FRRouting (FRR) 8.3. In bgp_notify_ ...)
+ TODO: check
CVE-2022-37034
RESERVED
CVE-2022-37033
@@ -1080,10 +1084,10 @@ CVE-2022-36970
RESERVED
CVE-2022-36969
RESERVED
-CVE-2022-36968
- RESERVED
-CVE-2022-36967
- RESERVED
+CVE-2022-36968 (In Progress WS_FTP Server prior to version 8.7.3, forms within the adm ...)
+ TODO: check
+CVE-2022-36967 (In Progress WS_FTP Server prior to version 8.7.3, multiple reflected c ...)
+ TODO: check
CVE-2022-36966
RESERVED
CVE-2022-36965
@@ -1475,8 +1479,8 @@ CVE-2022-36802
RESERVED
CVE-2022-36801
RESERVED
-CVE-2022-36800
- RESERVED
+CVE-2022-36800 (Affected versions of Atlassian Jira Service Management Server and Data ...)
+ TODO: check
CVE-2022-36799 (This issue exists to document that a security improvement in the way t ...)
NOT-FOR-US: Atlassian
CVE-2022-35401
@@ -2312,7 +2316,8 @@ CVE-2022-36410
RESERVED
CVE-2022-36409
RESERVED
-CVE-2022-36408 (PrestaShop 1.6.0.10 through 1.7.x before 1.7.8.7 allows remote attacke ...)
+CVE-2022-36408
+ REJECTED
NOT-FOR-US: PrestaShop
CVE-2022-36398
RESERVED
@@ -2973,8 +2978,8 @@ CVE-2022-36199
RESERVED
CVE-2022-36198
RESERVED
-CVE-2022-36197
- RESERVED
+CVE-2022-36197 (BigTree CMS 4.4.16 was discovered to contain an arbitrary file upload ...)
+ TODO: check
CVE-2022-36196
RESERVED
CVE-2022-36195
@@ -3561,12 +3566,12 @@ CVE-2022-35927
RESERVED
CVE-2022-35926
RESERVED
-CVE-2022-35925
- RESERVED
+CVE-2022-35925 (BookWyrm is a social network for tracking reading. Versions prior to 0 ...)
+ TODO: check
CVE-2022-35924 (NextAuth.js is a complete open source authentication solution for Next ...)
TODO: check
-CVE-2022-35923
- RESERVED
+CVE-2022-35923 (v8n is a javascript validation library. Versions of v8n prior to 1.5.1 ...)
+ TODO: check
CVE-2022-35922 (Rust-WebSocket is a WebSocket (RFC6455) library written in Rust. In ve ...)
NOT-FOR-US: Rust crate websocket
CVE-2022-35921 (fof/byobu is a private discussions extension for Flarum forum. Affecte ...)
@@ -4050,8 +4055,7 @@ CVE-2022-35739
RESERVED
CVE-2022-35738
RESERVED
-CVE-2022-35737
- RESERVED
+CVE-2022-35737 (SQLite 1.0.12 through 3.39.x before 3.39.2 sometimes allows an array-b ...)
- sqlite3 3.39.2-1 (unimportant)
NOTE: https://sqlite.org/forum/forumpost/3607259d3c
NOTE: Debian sqlite3 packages not compiled with -DSQLITE_ENABLE_STAT4
@@ -5814,12 +5818,12 @@ CVE-2022-34971 (An arbitrary file upload vulnerability in the Advertising Manage
NOT-FOR-US: Feehi CMS
CVE-2022-34970
RESERVED
-CVE-2022-34969
- RESERVED
-CVE-2022-34968
- RESERVED
-CVE-2022-34967
- RESERVED
+CVE-2022-34969 (PingCAP TiDB v6.1.0 was discovered to contain a NULL pointer dereferen ...)
+ TODO: check
+CVE-2022-34968 (An issue in the fetch_step function in Percona Server for MySQL v8.0.2 ...)
+ TODO: check
+CVE-2022-34967 (The assertion `stmt->Dbc->FirstStmt' failed in MonetDB Database ...)
+ TODO: check
CVE-2022-34966 (OpenTeknik LLC OSSN OPEN SOURCE SOCIAL NETWORK v6.3 LTS was discovered ...)
NOT-FOR-US: OpenTeknik
CVE-2022-34965 (OpenTeknik LLC OSSN OPEN SOURCE SOCIAL NETWORK v6.3 LTS was discovered ...)
@@ -5866,8 +5870,8 @@ CVE-2022-34945 (Pharmacy Management System v1.0 was discovered to contain a SQL
NOT-FOR-US: Pharmacy Management System
CVE-2022-34944
RESERVED
-CVE-2022-34943
- RESERVED
+CVE-2022-34943 (Laravel v5.1 was discovered to contain a remote code execution (RCE) v ...)
+ TODO: check
CVE-2022-34942
RESERVED
CVE-2022-34941
@@ -5878,8 +5882,8 @@ CVE-2022-34939
RESERVED
CVE-2022-34938
RESERVED
-CVE-2022-34937
- RESERVED
+CVE-2022-34937 (Yuba u5cms v8.3.5 was discovered to contain a Cross-Site Request Forge ...)
+ TODO: check
CVE-2022-34936
RESERVED
CVE-2022-34935
@@ -5896,16 +5900,16 @@ CVE-2022-34930
RESERVED
CVE-2022-34929
RESERVED
-CVE-2022-34928
- RESERVED
-CVE-2022-34927
- RESERVED
+CVE-2022-34928 (JFinal CMS v5.1.0 was discovered to contain a SQL injection vulnerabil ...)
+ TODO: check
+CVE-2022-34927 (MilkyTracker v1.03.00 was discovered to contain a stack overflow via t ...)
+ TODO: check
CVE-2022-34926
RESERVED
CVE-2022-34925
RESERVED
-CVE-2022-34924
- RESERVED
+CVE-2022-34924 (Lanling OA Landray Office Automation (OA) internal patch number #13338 ...)
+ TODO: check
CVE-2022-34923
RESERVED
CVE-2022-34922
@@ -6888,8 +6892,8 @@ CVE-2022-34621
RESERVED
CVE-2022-34620
RESERVED
-CVE-2022-34619
- RESERVED
+CVE-2022-34619 (A stored cross-site scripting (XSS) vulnerability in Mealie v0.5.5 all ...)
+ TODO: check
CVE-2022-34618 (A stored cross-site scripting (XSS) vulnerability in Mealie 1.0.0beta3 ...)
TODO: check
CVE-2022-34617
@@ -8896,8 +8900,8 @@ CVE-2022-33919
RESERVED
CVE-2022-33918
RESERVED
-CVE-2022-33917
- RESERVED
+CVE-2022-33917 (An issue was discovered in the Arm Mali GPU Kernel Driver (Valhall r29 ...)
+ TODO: check
CVE-2022-2117 (The GiveWP plugin for WordPress is vulnerable to Sensitive Information ...)
NOT-FOR-US: WordPress plugin
CVE-2022-2116
@@ -18725,8 +18729,8 @@ CVE-2022-30287 (Horde Groupware Webmail Edition through 5.2.22 allows a reflecti
NOTE: Fixed by: https://github.com/horde/turba/commit/3bccab322af4ae96d5925f0ce9f9af0978af924b (v4.2.26)
CVE-2022-30286 (pyscriptjs (aka PyScript Demonstrator) in PyScript through 2022-05-04 ...)
NOT-FOR-US: pyscriptjs
-CVE-2022-30285
- RESERVED
+CVE-2022-30285 (In Quest KACE Systems Management Appliance (SMA) through 12.0, a hash ...)
+ TODO: check
CVE-2022-30284 (** DISPUTED ** In the python-libnmap package through 0.7.2 for Python, ...)
NOTE: Bogus python-libnmap issue
CVE-2022-30283
@@ -20230,10 +20234,10 @@ CVE-2022-1470 (The Ultimate WooCommerce CSV Importer WordPress plugin through 2.
NOT-FOR-US: WordPress plugin
CVE-2022-1469 (The FiboSearch WordPress plugin before 1.17.0 does not sanitise and es ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-29808
- RESERVED
-CVE-2022-29807
- RESERVED
+CVE-2022-29808 (In Quest KACE Systems Management Appliance (SMA) through 12.0, predict ...)
+ TODO: check
+CVE-2022-29807 (A SQL injection vulnerability exists within Quest KACE Systems Managem ...)
+ TODO: check
CVE-2022-29806 (ZoneMinder before 1.36.13 allows remote code execution via an invalid ...)
- zoneminder 1.36.13+dfsg1-1 (unimportant)
NOTE: https://forums.zoneminder.com/viewtopic.php?t=31638
@@ -26595,18 +26599,18 @@ CVE-2022-27623
RESERVED
CVE-2022-27622
RESERVED
-CVE-2022-27621
- RESERVED
-CVE-2022-27620
- RESERVED
-CVE-2022-27619
- RESERVED
-CVE-2022-27618
- RESERVED
-CVE-2022-27617
- RESERVED
-CVE-2022-27616
- RESERVED
+CVE-2022-27621 (Improper limitation of a pathname to a restricted directory ('Path Tra ...)
+ TODO: check
+CVE-2022-27620 (Improper limitation of a pathname to a restricted directory ('Path Tra ...)
+ TODO: check
+CVE-2022-27619 (Cleartext transmission of sensitive information vulnerability in authe ...)
+ TODO: check
+CVE-2022-27618 (Improper limitation of a pathname to a restricted directory ('Path Tra ...)
+ TODO: check
+CVE-2022-27617 (Improper limitation of a pathname to a restricted directory ('Path Tra ...)
+ TODO: check
+CVE-2022-27616 (Improper neutralization of special elements used in an OS command ('OS ...)
+ TODO: check
CVE-2022-27615 (Improper limitation of a pathname to a restricted directory ('Path Tra ...)
NOT-FOR-US: Synology
CVE-2022-27614 (Exposure of sensitive information to an unauthorized actor vulnerabili ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7ae1079f9dcf245e78f748a01584092ad1587aee
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7ae1079f9dcf245e78f748a01584092ad1587aee
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220803/2ea0428c/attachment.htm>
More information about the debian-security-tracker-commits
mailing list