[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Aug 16 21:10:26 BST 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
17ba084d by security tracker role at 2022-08-16T20:10:16+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,73 @@
+CVE-2022-38381
+ RESERVED
+CVE-2022-38380
+ RESERVED
+CVE-2022-38379
+ RESERVED
+CVE-2022-38378
+ RESERVED
+CVE-2022-38377
+ RESERVED
+CVE-2022-38376
+ RESERVED
+CVE-2022-38375
+ RESERVED
+CVE-2022-38374
+ RESERVED
+CVE-2022-38373
+ RESERVED
+CVE-2022-38372
+ RESERVED
+CVE-2022-38371
+ RESERVED
+CVE-2022-38370
+ RESERVED
+CVE-2022-38369
+ RESERVED
+CVE-2022-2851
+ RESERVED
+CVE-2022-2850
+ RESERVED
+CVE-2022-2849
+ RESERVED
+CVE-2022-2848
+ RESERVED
+CVE-2022-2847
+ RESERVED
+CVE-2022-2846
+ RESERVED
+CVE-2022-2845
+ RESERVED
+CVE-2022-2844
+ RESERVED
+CVE-2022-2843
+ RESERVED
+CVE-2022-2842
+ RESERVED
+CVE-2022-2841
+ RESERVED
+CVE-2022-2840
+ RESERVED
+CVE-2022-2839
+ RESERVED
+CVE-2022-2838 (In Eclipse Sphinx™ before version 0.13.1, Apache Xerces XML Pars ...)
+ TODO: check
+CVE-2022-2837
+ RESERVED
+CVE-2022-2836
+ RESERVED
+CVE-2022-2835
+ RESERVED
+CVE-2022-2834
+ RESERVED
+CVE-2022-2833
+ RESERVED
+CVE-2022-2832
+ RESERVED
+CVE-2022-2831
+ RESERVED
+CVE-2022-2830
+ RESERVED
CVE-2022-38368 (An issue was discovered in Aviatrix Gateway before 6.6.5712 and 6.7.x ...)
NOT-FOR-US: Aviatrix Gateway
CVE-2022-38367
@@ -18,8 +88,7 @@ CVE-2022-2827
RESERVED
CVE-2022-2826
RESERVED
-CVE-2022-38362
- RESERVED
+CVE-2022-38362 (Apache Airflow Docker's Provider prior to 3.0.0 shipped with an exampl ...)
- airflow <itp> (bug #819700)
CVE-2022-38361
RESERVED
@@ -394,18 +463,18 @@ CVE-2022-38196
RESERVED
CVE-2022-38195
RESERVED
-CVE-2022-38194
- RESERVED
-CVE-2022-38193
- RESERVED
-CVE-2022-38192
- RESERVED
+CVE-2022-38194 (In Esri Portal for ArcGIS versions 10.8.1, a system property is not pr ...)
+ TODO: check
+CVE-2022-38193 (There is a code injection vulnerability in Esri Portal for ArcGIS vers ...)
+ TODO: check
+CVE-2022-38192 (A stored Cross Site Scripting (XSS) vulnerability in Esri Portal for A ...)
+ TODO: check
CVE-2022-38191 (There is an HTML injection issue in Esri Portal for ArcGIS versions 10 ...)
NOT-FOR-US: Esri Portal for ArcGIS
CVE-2022-38190 (A stored Cross Site Scripting (XSS) vulnerability in Esri Portal for A ...)
NOT-FOR-US: Esri Portal for ArcGIS
-CVE-2022-38189
- RESERVED
+CVE-2022-38189 (A stored Cross Site Scripting (XSS) vulnerability in Esri Portal for A ...)
+ TODO: check
CVE-2022-38188 (There is a reflected XSS vulnerability in Esri Portal for ArcGIS versi ...)
NOT-FOR-US: Esri Portal for ArcGIS
CVE-2022-38187 (Prior to version 10.9.0, the sharing/rest/content/features/analyze end ...)
@@ -414,8 +483,8 @@ CVE-2022-38186 (There is a reflected XSS vulnerability in Esri Portal for ArcGIS
NOT-FOR-US: Esri Portal for ArcGIS
CVE-2022-38185
RESERVED
-CVE-2022-38184
- RESERVED
+CVE-2022-38184 (There is an improper access control vulnerability in Portal for ArcGIS ...)
+ TODO: check
CVE-2022-38183 (In Gitea before 1.16.9, it was possible for users to add existing issu ...)
- gitea <removed>
CVE-2022-38182
@@ -4350,8 +4419,8 @@ CVE-2022-36601
RESERVED
CVE-2022-36600
RESERVED
-CVE-2022-36599
- RESERVED
+CVE-2022-36599 (Mingsoft MCMS 5.2.8 was discovered to contain a SQL injection vulnerab ...)
+ TODO: check
CVE-2022-36598
RESERVED
CVE-2022-36597
@@ -4488,8 +4557,8 @@ CVE-2022-36532
RESERVED
CVE-2022-36531
RESERVED
-CVE-2022-36530
- RESERVED
+CVE-2022-36530 (An issue was discovered in rageframe2 2.6.37. There is a XSS vulnerabi ...)
+ TODO: check
CVE-2022-36529
RESERVED
CVE-2022-36528
@@ -4756,14 +4825,14 @@ CVE-2022-2523 (Cross-site Scripting (XSS) - Reflected in GitHub repository beanc
[buster] - fava <no-dsa> (Minor issue)
NOTE: https://huntr.dev/bounties/2a1802d8-1c2e-4919-96a7-d4dcf7ffcf8f
NOTE: https://github.com/beancount/fava/commit/dccfb6a2f4567f35ce2e9a78e24f92ebf946bc9b (v1.22.2)
-CVE-2022-36381
- RESERVED
-CVE-2022-36293
- RESERVED
-CVE-2022-35734
- RESERVED
-CVE-2022-34156
- RESERVED
+CVE-2022-36381 (OS command injection vulnerability in Nintendo Wi-Fi Network Adaptor W ...)
+ TODO: check
+CVE-2022-36293 (Buffer overflow vulnerability in Nintendo Wi-Fi Network Adaptor WAP-00 ...)
+ TODO: check
+CVE-2022-35734 ('Hulu / フールー' App for Android from version ...)
+ TODO: check
+CVE-2022-34156 ('Hulu / フールー' App for iOS versions prior t ...)
+ TODO: check
CVE-2022-36415 (A DLL hijacking vulnerability exists in the uninstaller in Scooter Bey ...)
NOT-FOR-US: Scooter Beyond Compare
CVE-2022-36414 (There is an elevation of privilege breakout vulnerability in the Windo ...)
@@ -4840,8 +4909,8 @@ CVE-2022-36357
RESERVED
CVE-2022-36346
RESERVED
-CVE-2022-36344
- RESERVED
+CVE-2022-36344 (An unquoted search path vulnerability exists in 'JustSystems JUST Onli ...)
+ TODO: check
CVE-2022-36343 (Authenticated (author or higher user role) Stored Cross-Site Scripting ...)
NOT-FOR-US: WordPress plugin
CVE-2022-36341
@@ -4944,8 +5013,8 @@ CVE-2022-36361
RESERVED
CVE-2022-36360
RESERVED
-CVE-2022-35239
- RESERVED
+CVE-2022-35239 (The image file management page of SolarView Compact SV-CPT-MC310 Ver.7 ...)
+ TODO: check
CVE-2022-2505
RESERVED
- firefox 103.0-1
@@ -5288,10 +5357,10 @@ CVE-2022-36275
RESERVED
CVE-2022-36274
RESERVED
-CVE-2022-36273
- RESERVED
-CVE-2022-36272
- RESERVED
+CVE-2022-36273 (Tenda AC9 V15.03.2.21_cn is vulnerable to command injection via goform ...)
+ TODO: check
+CVE-2022-36272 (Mingsoft MCMS 5.2.8 was discovered to contain a SQL injection vulnerab ...)
+ TODO: check
CVE-2022-36271
RESERVED
CVE-2022-36270 (Clinic's Patient Management System v1.0 has arbitrary code execution v ...)
@@ -5350,8 +5419,8 @@ CVE-2022-36244
RESERVED
CVE-2022-36243
RESERVED
-CVE-2022-36242
- RESERVED
+CVE-2022-36242 (Clinic's Patient Management System v1.0 is vulnerable to SQL Injection ...)
+ TODO: check
CVE-2022-36241
RESERVED
CVE-2022-36240
@@ -7524,8 +7593,8 @@ CVE-2022-35301
REJECTED
CVE-2022-35300
REJECTED
-CVE-2022-33939
- RESERVED
+CVE-2022-33939 (CENTUM VP / CS 3000 controller FCS (CP31, CP33, CP345, CP401, and CP45 ...)
+ TODO: check
CVE-2022-2346
RESERVED
CVE-2022-2345 (Use After Free in GitHub repository vim/vim prior to 9.0.0046. ...)
@@ -20376,10 +20445,10 @@ CVE-2022-30578
RESERVED
CVE-2022-30577
RESERVED
-CVE-2022-30576
- RESERVED
-CVE-2022-30575
- RESERVED
+CVE-2022-30576 (The Web Console component of TIBCO Software Inc.'s TIBCO Data Science ...)
+ TODO: check
+CVE-2022-30575 (The Web Console component of TIBCO Software Inc.'s TIBCO Data Science ...)
+ TODO: check
CVE-2022-30574 (The ftlserver component of TIBCO Software Inc.'s TIBCO FTL - Community ...)
NOT-FOR-US: TIBCO
CVE-2022-30573 (The ftlserver component of TIBCO Software Inc.'s TIBCO FTL - Community ...)
@@ -21360,8 +21429,8 @@ CVE-2022-30266
RESERVED
CVE-2022-30265
RESERVED
-CVE-2022-30264
- RESERVED
+CVE-2022-30264 (The Emerson ROC and FloBoss RTU product lines through 2022-05-02 perfo ...)
+ TODO: check
CVE-2022-30263
RESERVED
CVE-2022-30262
@@ -22183,8 +22252,8 @@ CVE-2022-29961
RESERVED
CVE-2022-29960 (Emerson OpenBSI through 2022-04-29 uses weak cryptography. It is an en ...)
NOT-FOR-US: Emerson
-CVE-2022-29959
- RESERVED
+CVE-2022-29959 (Emerson OpenBSI through 2022-04-29 mishandles credential storage. It i ...)
+ TODO: check
CVE-2022-29958 (JTEKT TOYOPUC PLCs through 2022-04-29 do not ensure data integrity. Th ...)
NOT-FOR-US: JTEKT TOYOPUC PLCs
CVE-2022-29957 (The Emerson DeltaV Distributed Control System (DCS) through 2022-04-29 ...)
@@ -23565,6 +23634,7 @@ CVE-2022-29537 (gp_rtp_builder_do_hevc in ietf/rtp_pck_mpeg4.c in GPAC 2.0.0 has
NOTE: https://github.com/gpac/gpac/issues/2173
NOTE: Fixed by: https://github.com/gpac/gpac/commit/1773b7a34bc08734aee7d3f5dfe65d06389fe15a
CVE-2022-29536 (In GNOME Epiphany before 41.4 and 42.x before 42.2, an HTML document c ...)
+ {DSA-5208-1}
- epiphany-browser 42.2-1 (bug #1009959)
[stretch] - epiphany-browser <not-affected> (Vulnerable code not present)
NOTE: https://gitlab.gnome.org/GNOME/epiphany/-/merge_requests/1106
@@ -37174,36 +37244,42 @@ CVE-2022-24811 (Combodi iTop is a web based IT Service Management tool. Prior to
NOT-FOR-US: Combodi
CVE-2022-24810 [A malformed OID in a SET to the nsVacmAccessTable can cause a NULL pointer dereference]
RESERVED
+ {DSA-5209-1}
- net-snmp 5.9.3+dfsg-1 (bug #1016139)
NOTE: https://fossies.org/linux/net-snmp/CHANGES (fixed in 5.9.3)
NOTE: https://github.com/net-snmp/net-snmp/commit/67ebb43e9038b2dae6e74ae8838b36fcc10fc937 (v5.9.2.pre1)
NOTE: https://github.com/net-snmp/net-snmp/commit/9a0cd7c00947d5e1c6ceb54558d454f87c3b8341 (v5.9.2.pre1)
CVE-2022-24809 [A malformed OID in a GET-NEXT to the nsVacmAccessTable can cause a NULL pointer dereference]
RESERVED
+ {DSA-5209-1}
- net-snmp 5.9.3+dfsg-1 (bug #1016139)
NOTE: https://fossies.org/linux/net-snmp/CHANGES (fixed in 5.9.3)
NOTE: https://github.com/net-snmp/net-snmp/commit/67ebb43e9038b2dae6e74ae8838b36fcc10fc937 (v5.9.2.pre1)
NOTE: https://github.com/net-snmp/net-snmp/commit/9a0cd7c00947d5e1c6ceb54558d454f87c3b8341 (v5.9.2.pre1)
CVE-2022-24808 [A malformed OID in a SET request to NET-SNMP-AGENT-MIB::nsLogTable can cause a NULL pointer dereference]
RESERVED
+ {DSA-5209-1}
- net-snmp 5.9.3+dfsg-1 (bug #1016139)
NOTE: https://fossies.org/linux/net-snmp/CHANGES (fixed in 5.9.3)
NOTE: https://github.com/net-snmp/net-snmp/commit/67ebb43e9038b2dae6e74ae8838b36fcc10fc937 (v5.9.2.pre1)
NOTE: https://github.com/net-snmp/net-snmp/commit/9a0cd7c00947d5e1c6ceb54558d454f87c3b8341 (v5.9.2.pre1)
CVE-2022-24807 [A malformed OID in a SET request to SNMP-VIEW-BASED-ACM-MIB::vacmAccessTable can cause an out-of-bounds memory access]
RESERVED
+ {DSA-5209-1}
- net-snmp 5.9.3+dfsg-1 (bug #1016139)
NOTE: https://fossies.org/linux/net-snmp/CHANGES (fixed in 5.9.3)
NOTE: https://github.com/net-snmp/net-snmp/commit/67ebb43e9038b2dae6e74ae8838b36fcc10fc937 (v5.9.2.pre1)
NOTE: https://github.com/net-snmp/net-snmp/commit/9a0cd7c00947d5e1c6ceb54558d454f87c3b8341 (v5.9.2.pre1)
CVE-2022-24806 [Improper Input Validation when SETing malformed OIDs in master agent and subagent simultaneously]
RESERVED
+ {DSA-5209-1}
- net-snmp 5.9.3+dfsg-1 (bug #1016139)
NOTE: https://fossies.org/linux/net-snmp/CHANGES (fixed in 5.9.3)
NOTE: https://github.com/net-snmp/net-snmp/commit/67ebb43e9038b2dae6e74ae8838b36fcc10fc937 (v5.9.2.pre1)
NOTE: https://github.com/net-snmp/net-snmp/commit/9a0cd7c00947d5e1c6ceb54558d454f87c3b8341 (v5.9.2.pre1)
CVE-2022-24805 [A buffer overflow in the handling of the INDEX of NET-SNMP-VACM-MIB can cause an out-of-bounds memory access]
RESERVED
+ {DSA-5209-1}
- net-snmp 5.9.3+dfsg-1 (bug #1016139)
NOTE: https://fossies.org/linux/net-snmp/CHANGES (fixed in 5.9.3)
NOTE: https://github.com/net-snmp/net-snmp/commit/67ebb43e9038b2dae6e74ae8838b36fcc10fc937 (v5.9.2.pre1)
@@ -91937,8 +92013,8 @@ CVE-2021-30492
RESERVED
CVE-2021-30491
RESERVED
-CVE-2021-30490
- RESERVED
+CVE-2021-30490 (upsMonitor in ViewPower (aka ViewPowerHTML) 1.04-21012 through 1.04-21 ...)
+ TODO: check
CVE-2021-30489
RESERVED
CVE-2021-30488
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/17ba084de896e80458777bcad94524d426d26489
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/17ba084de896e80458777bcad94524d426d26489
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220816/d96919c2/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list