[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Aug 16 09:10:24 BST 2022 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
26797cd3 by security tracker role at 2022-08-16T08:10:14+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,15 +1,35 @@
-CVE-2022-38362
+CVE-2022-38368 (An issue was discovered in Aviatrix Gateway before 6.6.5712 and 6.7.x  ...)
+	TODO: check
+CVE-2022-38367
 	RESERVED
-CVE-2022-38361
+CVE-2022-38366
 	RESERVED
-CVE-2022-38360
+CVE-2022-38365
+	RESERVED
+CVE-2022-38364
+	RESERVED
+CVE-2022-38363
+	RESERVED
+CVE-2022-2829
 	RESERVED
-CVE-2022-38359
+CVE-2022-2828
 	RESERVED
-CVE-2022-38358
+CVE-2022-2827
 	RESERVED
-CVE-2022-38357
+CVE-2022-2826
+	RESERVED
+CVE-2022-38362
+	RESERVED
+CVE-2022-38361
+	RESERVED
+CVE-2022-38360
 	RESERVED
+CVE-2022-38359 (Cross-site request forgery attacks can be carried out against the Eyes ...)
+	TODO: check
+CVE-2022-38358 (Improper neutralization of input during web page generation leaves the ...)
+	TODO: check
+CVE-2022-38357 (Improper neutralization of special elements leaves the Eyes of Network ...)
+	TODO: check
 CVE-2022-38354
 	RESERVED
 CVE-2022-38353
@@ -306,10 +326,10 @@ CVE-2022-38219
 	RESERVED
 CVE-2022-38218
 	RESERVED
-CVE-2022-2817
-	RESERVED
-CVE-2022-2816
-	RESERVED
+CVE-2022-2817 (Use After Free in GitHub repository vim/vim prior to 9.0.0212. ...)
+	TODO: check
+CVE-2022-2816 (Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.0211. ...)
+	TODO: check
 CVE-2022-38217
 	RESERVED
 CVE-2022-2815
@@ -324,8 +344,8 @@ CVE-2022-2811 (A vulnerability classified as problematic has been found in Sourc
 	NOT-FOR-US: SourceCodester
 CVE-2022-2810
 	RESERVED
-CVE-2022-38216
-	RESERVED
+CVE-2022-38216 (An integer overflow exists in Mapbox's closed source gl-native library ...)
+	TODO: check
 CVE-2022-38215
 	RESERVED
 CVE-2022-38214
@@ -374,18 +394,18 @@ CVE-2022-38193
 	RESERVED
 CVE-2022-38192
 	RESERVED
-CVE-2022-38191
-	RESERVED
-CVE-2022-38190
-	RESERVED
+CVE-2022-38191 (There is an HTML injection issue in Esri Portal for ArcGIS versions 10 ...)
+	TODO: check
+CVE-2022-38190 (A stored Cross Site Scripting (XSS) vulnerability in Esri Portal for A ...)
+	TODO: check
 CVE-2022-38189
 	RESERVED
-CVE-2022-38188
-	RESERVED
-CVE-2022-38187
-	RESERVED
-CVE-2022-38186
-	RESERVED
+CVE-2022-38188 (There is a reflected XSS vulnerability in Esri Portal for ArcGIS versi ...)
+	TODO: check
+CVE-2022-38187 (Prior to version 10.9.0, the sharing/rest/content/features/analyze end ...)
+	TODO: check
+CVE-2022-38186 (There is a reflected XSS vulnerability in Esri Portal for ArcGIS versi ...)
+	TODO: check
 CVE-2022-38185
 	RESERVED
 CVE-2022-38184
@@ -2127,25 +2147,25 @@ CVE-2022-37451 (Exim before 4.96 has an invalid free in pam_converse in auths/ca
 CVE-2022-37450 (Go Ethereum (aka geth) through 1.10.21 allows attackers to increase re ...)
 	- golang-github-go-ethereum <itp> (bug #890541)
 CVE-2022-37449
-	RESERVED
+	REJECTED
 CVE-2022-37448
-	RESERVED
+	REJECTED
 CVE-2022-37447
-	RESERVED
+	REJECTED
 CVE-2022-37446
-	RESERVED
+	REJECTED
 CVE-2022-37445
-	RESERVED
+	REJECTED
 CVE-2022-37444
-	RESERVED
+	REJECTED
 CVE-2022-37443
-	RESERVED
+	REJECTED
 CVE-2022-37442
-	RESERVED
+	REJECTED
 CVE-2022-37441
-	RESERVED
+	REJECTED
 CVE-2022-37440
-	RESERVED
+	REJECTED
 CVE-2022-2687 (A vulnerability, which was classified as critical, was found in Source ...)
 	NOT-FOR-US: SourceCodester Gym Management System
 CVE-2022-2686 (A vulnerability, which was classified as problematic, was found in ore ...)
@@ -5080,20 +5100,20 @@ CVE-2021-46828 (In libtirpc before 1.3.3rc1, remote attackers could exhaust the
 	- libtirpc 1.3.2-2.1 (bug #1015873)
 	NOTE: Fixed by: http://git.linux-nfs.org/?p=steved/libtirpc.git;a=commit;h=86529758570cef4c73fb9b9c4104fdc510f701ed (libtirpc-1-3-3-rc1)
 	NOTE: Introduced by: http://git.linux-nfs.org/?p=steved/libtirpc.git;a=commit;h=b2c9430f46c4ac848957fb8adaac176a3f6ac03f (libtirpc-0-3-3-rc3)
-CVE-2022-36312
-	RESERVED
-CVE-2022-36311
-	RESERVED
-CVE-2022-36310
-	RESERVED
-CVE-2022-36309
-	RESERVED
-CVE-2022-36308
-	RESERVED
-CVE-2022-36307
-	RESERVED
-CVE-2022-36306
-	RESERVED
+CVE-2022-36312 (Airspan AirVelocity 1500 software version 15.18.00.2511 lacks CSRF pro ...)
+	TODO: check
+CVE-2022-36311 (Airspan AirVelocity 1500 prior to software version 15.18.00.2511 is vu ...)
+	TODO: check
+CVE-2022-36310 (Airspan AirVelocity 1500 software prior to version 15.18.00.2511 had N ...)
+	TODO: check
+CVE-2022-36309 (Airspan AirVelocity 1500 software versions prior to 15.18.00.2511 have ...)
+	TODO: check
+CVE-2022-36308 (Airspan AirVelocity 1500 web management UI displays SNMP credentials i ...)
+	TODO: check
+CVE-2022-36307 (The AirVelocity 1500 prints SNMP credentials on its physically accessi ...)
+	TODO: check
+CVE-2022-36306 (An authenticated attacker can enumerate and download sensitive files,  ...)
+	TODO: check
 CVE-2022-36294
 	RESERVED
 CVE-2022-36290
@@ -5828,8 +5848,8 @@ CVE-2022-36012
 	RESERVED
 CVE-2022-36011
 	RESERVED
-CVE-2022-36010
-	RESERVED
+CVE-2022-36010 (This library allows strings to be parsed as functions and stored as a  ...)
+	TODO: check
 CVE-2022-36009
 	RESERVED
 CVE-2022-36008
@@ -5892,8 +5912,8 @@ CVE-2022-35980 (OpenSearch Security is a plugin for OpenSearch that offers encry
 	NOT-FOR-US: OpenSearch Security plugin for OpenSearch
 CVE-2022-35979
 	RESERVED
-CVE-2022-35978
-	RESERVED
+CVE-2022-35978 (Minetest is a free open-source voxel game engine with easy modding and ...)
+	TODO: check
 CVE-2022-35977
 	RESERVED
 CVE-2022-35976
@@ -6303,8 +6323,8 @@ CVE-2022-35824 (Azure Site Recovery Remote Code Execution Vulnerability. This CV
 	NOT-FOR-US: Microsoft
 CVE-2022-35823
 	RESERVED
-CVE-2022-35822
-	RESERVED
+CVE-2022-35822 (Windows Defender Credential Guard Security Feature Bypass Vulnerabilit ...)
+	TODO: check
 CVE-2022-35821 (Azure Sphere Information Disclosure Vulnerability. ...)
 	NOT-FOR-US: Microsoft
 CVE-2022-35820 (Windows Bluetooth Driver Elevation of Privilege Vulnerability. ...)
@@ -9093,8 +9113,8 @@ CVE-2022-34713 (Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Exe
 	NOT-FOR-US: Microsoft
 CVE-2022-34712 (Windows Defender Credential Guard Information Disclosure Vulnerability ...)
 	NOT-FOR-US: Microsoft
-CVE-2022-34711
-	RESERVED
+CVE-2022-34711 (Windows Defender Credential Guard Elevation of Privilege Vulnerability ...)
+	TODO: check
 CVE-2022-34710 (Windows Defender Credential Guard Information Disclosure Vulnerability ...)
 	NOT-FOR-US: Microsoft
 CVE-2022-34709 (Windows Defender Credential Guard Security Feature Bypass Vulnerabilit ...)
@@ -25671,8 +25691,8 @@ CVE-2022-28758
 	RESERVED
 CVE-2022-28757
 	RESERVED
-CVE-2022-28756
-	RESERVED
+CVE-2022-28756 (The Zoom Client for Meetings for macOS (Standard and for IT Admin) sta ...)
+	TODO: check
 CVE-2022-28755 (The Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Wind ...)
 	NOT-FOR-US: Zoom
 CVE-2022-28754 (Zoom On-Premise Meeting Connector MMR before version 4.8.129.20220714  ...)
@@ -36784,14 +36804,14 @@ CVE-2022-24953 (The Crypt_GPG extension before 1.6.7 for PHP does not prevent ad
 	- php-crypt-gpg 1.6.7-1 (bug #1005921)
 	[bullseye] - php-crypt-gpg 1.6.4-2+deb11u1
 	NOTE: https://github.com/pear/Crypt_GPG/commit/74c8f989cefbe0887274b461dc56197e121bfd04 (v1.6.7)
-CVE-2022-24952
-	RESERVED
-CVE-2022-24951
-	RESERVED
-CVE-2022-24950
-	RESERVED
-CVE-2022-24949
-	RESERVED
+CVE-2022-24952 (Several denial of service vulnerabilities exist in Eternal Terminal pr ...)
+	TODO: check
+CVE-2022-24951 (A race condition exists in Eternal Terminal prior to version 6.2.0 whi ...)
+	TODO: check
+CVE-2022-24950 (A race condition exists in Eternal Terminal prior to version 6.2.0 tha ...)
+	TODO: check
+CVE-2022-24949 (A privilege escalation to root exists in Eternal Terminal prior to ver ...)
+	TODO: check
 CVE-2022-24948 (A carefully crafted user preferences for submission could trigger an X ...)
 	- jspwiki <removed>
 CVE-2022-24947 (Apache JSPWiki user preferences form is vulnerable to CSRF attacks, wh ...)
@@ -37881,8 +37901,8 @@ CVE-2022-24656 (HexoEditor 1.1.8 is affected by Cross Site Scripting (XSS). By p
 	NOT-FOR-US: HexoEditor
 CVE-2022-24655 (A stack overflow vulnerability exists in the upnpd service in Netgear  ...)
 	NOT-FOR-US: Netgear
-CVE-2022-24654
-	RESERVED
+CVE-2022-24654 (Authenticated stored cross-site scripting (XSS) vulnerability in "Fiel ...)
+	TODO: check
 CVE-2022-24653
 	RESERVED
 CVE-2022-24652 (sentcms 4.0.x allows remote attackers to cause arbitrary file uploads  ...)
@@ -84392,10 +84412,10 @@ CVE-2021-33238
 	RESERVED
 CVE-2021-33237
 	RESERVED
-CVE-2021-33236
-	RESERVED
-CVE-2021-33235
-	RESERVED
+CVE-2021-33236 (Buffer Overflow vulnerability in write_header in htmldoc through 1.9.1 ...)
+	TODO: check
+CVE-2021-33235 (Buffer overflow vulnerability in write_node in htmldoc through 1.9.11  ...)
+	TODO: check
 CVE-2021-33234
 	RESERVED
 CVE-2021-33233
@@ -140590,8 +140610,8 @@ CVE-2020-23624
 	RESERVED
 CVE-2020-23623
 	RESERVED
-CVE-2020-23622
-	RESERVED
+CVE-2020-23622 (** UNSUPPORTED WHEN ASSIGNED ** An issue in the UPnP protocol in 4thli ...)
+	TODO: check
 CVE-2020-23621 (The Java Remote Management Interface of all versions of SVI MS Managem ...)
 	NOT-FOR-US: Squire Remote Management Interface
 CVE-2020-23620 (The Java Remote Management Interface of all versions of Orlansoft ERP  ...)
@@ -144872,10 +144892,10 @@ CVE-2020-21644
 	RESERVED
 CVE-2020-21643
 	RESERVED
-CVE-2020-21642
-	RESERVED
-CVE-2020-21641
-	RESERVED
+CVE-2020-21642 (Directory Traversal vulnerability ZDBQAREFSUBDIR parameter in /zropuse ...)
+	TODO: check
+CVE-2020-21641 (Out-of-Band XML External Entity (OOB-XXE) vulnerability in Zoho Manage ...)
+	TODO: check
 CVE-2020-21640
 	RESERVED
 CVE-2020-21639 (Ruijie RG-UAC 6000-E50 commit 9071227 was discovered to contain a cros ...)
@@ -145525,8 +145545,8 @@ CVE-2020-21367
 	RESERVED
 CVE-2020-21366
 	RESERVED
-CVE-2020-21365
-	RESERVED
+CVE-2020-21365 (Directory traversal vulnerability in wkhtmltopdf through 0.12.5 allows ...)
+	TODO: check
 CVE-2020-21364
 	RESERVED
 CVE-2020-21363 (An arbitrary file deletion vulnerability exists within Maccms10. ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/26797cd3c4a0800d4751b5f54e348cd9902f4d75

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/26797cd3c4a0800d4751b5f54e348cd9902f4d75
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220816/df1fd70a/attachment.htm>

More information about the debian-security-tracker-commits mailing list