[Git][security-tracker-team/security-tracker][master] automatic update

Wed Aug 3 21:10:37 BST 2022


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
898f935b by security tracker role at 2022-08-03T20:10:29+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,19 @@
+CVE-2022-37396 (In JetBrains Rider before 2022.2 Trust and Open Project dialog could b ...)
+	TODO: check
+CVE-2022-37395
+	RESERVED
+CVE-2022-37394 (An issue was discovered in OpenStack Nova before 23.2.2, 24.x before 2 ...)
+	TODO: check
+CVE-2022-2639
+	RESERVED
+CVE-2022-2638
+	RESERVED
+CVE-2022-2637
+	RESERVED
+CVE-2022-2636
+	RESERVED
+CVE-2022-2635
+	RESERVED
 CVE-2022-37393
 	RESERVED
 CVE-2022-2634
@@ -2498,8 +2514,7 @@ CVE-2022-2503
 	RESERVED
 CVE-2022-2502
 	RESERVED
-CVE-2022-36359
-	RESERVED
+CVE-2022-36359 (An issue was discovered in the HTTP FileResponse class in Django 3.2 b ...)
 	- python-django 3:3.2.15-1
 	NOTE: https://www.openwall.com/lists/oss-security/2022/08/03/1
 	NOTE: https://github.com/django/django/commit/bd062445cffd3f6cc6dcd20d13e2abed818fa173 (main)
@@ -3754,14 +3769,14 @@ CVE-2022-35869 (This vulnerability allows remote attackers to bypass authenticat
 	NOT-FOR-US: Ignition
 CVE-2022-35868
 	RESERVED
-CVE-2022-35867
-	RESERVED
-CVE-2022-35866
-	RESERVED
-CVE-2022-35865
-	RESERVED
-CVE-2022-35864
-	RESERVED
+CVE-2022-35867 (This vulnerability allows local attackers to escalate privileges on af ...)
+	TODO: check
+CVE-2022-35866 (This vulnerability allows remote attackers to bypass authentication on ...)
+	TODO: check
+CVE-2022-35865 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+	TODO: check
+CVE-2022-35864 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+	TODO: check
 CVE-2022-2414 (Access to external entities when parsing XML documents can lead to XML ...)
 	- dogtag-pki <unfixed> (bug #1014957)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2104676
@@ -4364,10 +4379,10 @@ CVE-2022-35622
 	RESERVED
 CVE-2022-35621
 	RESERVED
-CVE-2022-35620
-	RESERVED
-CVE-2022-35619
-	RESERVED
+CVE-2022-35620 (D-LINK DIR-818LW A1:DIR818L_FW105b01 was discovered to contain a remot ...)
+	TODO: check
+CVE-2022-35619 (D-LINK DIR-818LW A1:DIR818L_FW105b01 was discovered to contain a remot ...)
+	TODO: check
 CVE-2022-35618
 	RESERVED
 CVE-2022-35617
@@ -5777,8 +5792,8 @@ CVE-2022-34994
 	RESERVED
 CVE-2022-34993
 	RESERVED
-CVE-2022-34992
-	RESERVED
+CVE-2022-34992 (Luadec v0.9.9 was discovered to contain a heap-buffer overflow via the ...)
+	TODO: check
 CVE-2022-34991 (Paymoney v3.3 was discovered to contain multiple reflected cross-site  ...)
 	NOT-FOR-US: Paymoney
 CVE-2022-34990
@@ -5813,10 +5828,10 @@ CVE-2022-34976
 	RESERVED
 CVE-2022-34975
 	RESERVED
-CVE-2022-34974
-	RESERVED
-CVE-2022-34973
-	RESERVED
+CVE-2022-34974 (D-Link DIR810LA1_FW102B22 was discovered to contain a command injectio ...)
+	TODO: check
+CVE-2022-34973 (D-Link DIR820LA1_FW106B02 was discovered to contain a buffer overflow  ...)
+	TODO: check
 CVE-2022-34972 (So Filter Shop v3.x was discovered to contain multiple blind SQL injec ...)
 	NOT-FOR-US: So Filter Shop
 CVE-2022-34971 (An arbitrary file upload vulnerability in the Advertising Management m ...)
@@ -6159,10 +6174,10 @@ CVE-2022-34874 (This vulnerability allows remote attackers to disclose sensitive
 	NOT-FOR-US: Foxit
 CVE-2022-34873 (This vulnerability allows remote attackers to disclose sensitive infor ...)
 	NOT-FOR-US: Foxit
-CVE-2022-34872
-	RESERVED
-CVE-2022-34871
-	RESERVED
+CVE-2022-34872 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+	TODO: check
+CVE-2022-34871 (This vulnerability allows remote attackers to escalate privileges on a ...)
+	TODO: check
 CVE-2022-34870
 	RESERVED
 CVE-2022-34858
@@ -6244,8 +6259,8 @@ CVE-2022-2274 (The OpenSSL 3.0.4 release introduced a serious bug in the RSA imp
 	NOTE: https://www.openssl.org/news/secadv/20220705.txt
 CVE-2022-2273 (The Simple Membership WordPress plugin before 4.1.3 does not properly  ...)
 	NOT-FOR-US: WordPress plugin
-CVE-2022-2272
-	RESERVED
+CVE-2022-2272 (This vulnerability allows remote attackers to bypass authentication on ...)
+	TODO: check
 CVE-2022-2271
 	RESERVED
 CVE-2022-2270 (An issue has been discovered in GitLab affecting all versions starting ...)
@@ -12681,10 +12696,10 @@ CVE-2022-32295 (On Ampere Altra and AltraMax devices before SRP 1.09, the Altra
 	NOT-FOR-US: Ampere devices
 CVE-2022-32294 (Zimbra Collaboration Open Source 8.8.15 does not encrypt the initial-l ...)
 	NOT-FOR-US: Zimbra
-CVE-2022-32293
-	RESERVED
-CVE-2022-32292
-	RESERVED
+CVE-2022-32293 (In ConnMan through 1.41, a man-in-the-middle attack against a WISPR HT ...)
+	TODO: check
+CVE-2022-32292 (In ConnMan through 1.41, remote attackers able to send HTTP requests t ...)
+	TODO: check
 CVE-2022-32291 (In Real Player through 20.1.0.312, attackers can execute arbitrary cod ...)
 	NOT-FOR-US: Real Player
 CVE-2022-32290 (The client in Northern.tech Mender 3.2.0, 3.2.1, and 3.2.2 has Incorre ...)
@@ -23257,8 +23272,8 @@ CVE-2022-28686
 	RESERVED
 CVE-2022-28685
 	RESERVED
-CVE-2022-28684
-	RESERVED
+CVE-2022-28684 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+	TODO: check
 CVE-2022-28683 (This vulnerability allows remote attackers to execute arbitrary code o ...)
 	NOT-FOR-US: Foxit
 CVE-2022-28682 (This vulnerability allows remote attackers to execute arbitrary code o ...)
@@ -23289,8 +23304,8 @@ CVE-2022-28670 (This vulnerability allows remote attackers to disclose sensitive
 	NOT-FOR-US: Foxit
 CVE-2022-28669 (This vulnerability allows remote attackers to execute arbitrary code o ...)
 	NOT-FOR-US: Foxit
-CVE-2022-28668
-	RESERVED
+CVE-2022-28668 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+	TODO: check
 CVE-2022-28667
 	RESERVED
 CVE-2022-28665
@@ -26897,8 +26912,8 @@ CVE-2022-27486
 	RESERVED
 CVE-2022-27485
 	RESERVED
-CVE-2022-27484
-	RESERVED
+CVE-2022-27484 (A unverified password change in Fortinet FortiADC version 6.2.0 throug ...)
+	TODO: check
 CVE-2022-27483 (A improper neutralization of special elements used in an os command (' ...)
 	NOT-FOR-US: Fortinet
 CVE-2022-27482
@@ -39443,8 +39458,8 @@ CVE-2022-23444
 	RESERVED
 CVE-2022-23443 (An improper access control in Fortinet FortiSOAR before 7.2.0 allows u ...)
 	NOT-FOR-US: FortiGuard
-CVE-2022-23442
-	RESERVED
+CVE-2022-23442 (An improper access control vulnerability [CWE-284] in FortiOS versions ...)
+	TODO: check
 CVE-2022-23441 (A use of hard-coded cryptographic key vulnerability [CWE-321] in Forti ...)
 	NOT-FOR-US: Fortinet
 CVE-2022-23440 (A use of hard-coded cryptographic key vulnerability [CWE-321] in the r ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/898f935bcefca0129b7ca983da59ad442065cf17

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/898f935bcefca0129b7ca983da59ad442065cf17
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220803/74bd0487/attachment-0001.htm>
