[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Aug 18 21:10:27 BST 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
c498f672 by security tracker role at 2022-08-18T20:10:18+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,21 @@
+CVE-2022-38398
+ RESERVED
+CVE-2022-38397
+ RESERVED
+CVE-2022-2891
+ RESERVED
+CVE-2022-2890
+ RESERVED
+CVE-2022-2889
+ RESERVED
+CVE-2022-2888
+ RESERVED
+CVE-2022-2887
+ RESERVED
+CVE-2022-2886
+ RESERVED
+CVE-2022-2885
+ RESERVED
CVE-2022-38396
RESERVED
CVE-2022-38395
@@ -20,8 +38,8 @@ CVE-2022-2878
RESERVED
CVE-2022-2877
RESERVED
-CVE-2022-2876
- RESERVED
+CVE-2022-2876 (A vulnerability, which was classified as critical, was found in Source ...)
+ TODO: check
CVE-2022-XXXX [freeciv modpack installer buffer overflow]
- freeciv <unfixed> (bug #1017579)
[bullseye] - freeciv <no-dsa> (Minor issue)
@@ -31,8 +49,8 @@ CVE-2022-38392 (A certain 5400 RPM OEM hard drive, as shipped with laptop PCs in
NOT-FOR-US: Microsoft
CVE-2022-2875
RESERVED
-CVE-2022-2874
- RESERVED
+CVE-2022-2874 (NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.022 ...)
+ TODO: check
CVE-2022-2873
RESERVED
CVE-2022-2872
@@ -718,6 +736,7 @@ CVE-2022-2788
RESERVED
CVE-2022-2787
RESERVED
+ {DSA-5213-1 DLA-3075-1}
- schroot 1.6.12-2
NOTE: https://codeberg.org/shelter/reschroot/commit/6f7166a285e1e97aea390be633591f9791b29a6d
CVE-2022-38170
@@ -2481,8 +2500,8 @@ CVE-2022-37424
RESERVED
CVE-2022-37423 (Neo4j APOC (Awesome Procedures on Cypher) before 4.3.0.7 and 4.x befor ...)
NOT-FOR-US: Neo4j APOC (Awesome Procedures on Cypher)
-CVE-2022-37422
- RESERVED
+CVE-2022-37422 (Payara through 5.2022.2 allows directory traversal without authenticat ...)
+ TODO: check
CVE-2022-37421
RESERVED
CVE-2022-37420
@@ -3442,14 +3461,14 @@ CVE-2022-37065
RESERVED
CVE-2022-37064
RESERVED
-CVE-2022-37063
- RESERVED
-CVE-2022-37062
- RESERVED
-CVE-2022-37061
- RESERVED
-CVE-2022-37060
- RESERVED
+CVE-2022-37063 (All FLIR AX8 thermal sensor cameras versions up to and including 1.46. ...)
+ TODO: check
+CVE-2022-37062 (All FLIR AX8 thermal sensor cameras version up to and including 1.46.1 ...)
+ TODO: check
+CVE-2022-37061 (All FLIR AX8 thermal sensor cameras version up to and including 1.46.1 ...)
+ TODO: check
+CVE-2022-37060 (FLIR AX8 thermal sensor cameras version up to and including 1.46.16 is ...)
+ TODO: check
CVE-2022-37059
RESERVED
CVE-2022-37058
@@ -3539,8 +3558,8 @@ CVE-2022-37027
RESERVED
CVE-2022-37026
RESERVED
-CVE-2022-37025
- RESERVED
+CVE-2022-37025 (An improper privilege management vulnerability in McAfee Security Scan ...)
+ TODO: check
CVE-2022-37024 (Zoho ManageEngine OpManager, OpManager Plus, OpManager MSP, Network Co ...)
NOT-FOR-US: Zoho ManageEngine
CVE-2022-2588
@@ -6088,10 +6107,10 @@ CVE-2022-36026
RESERVED
CVE-2022-36025
RESERVED
-CVE-2022-36024
- RESERVED
-CVE-2022-36023
- RESERVED
+CVE-2022-36024 (A fork of discord.py py-cord is a modern, easy to use, feature-rich, a ...)
+ TODO: check
+CVE-2022-36023 (Hyperledger Fabric is an enterprise-grade permissioned distributed led ...)
+ TODO: check
CVE-2022-36022
RESERVED
CVE-2022-36021
@@ -6188,8 +6207,8 @@ CVE-2022-35977
RESERVED
CVE-2022-35976
RESERVED
-CVE-2022-35975
- RESERVED
+CVE-2022-35975 (The GitOps Tools Extension for VSCode can make it easier to manage Flu ...)
+ TODO: check
CVE-2022-35974
RESERVED
CVE-2022-35973
@@ -8094,8 +8113,8 @@ CVE-2022-35200
RESERVED
CVE-2022-35199
RESERVED
-CVE-2022-35198
- RESERVED
+CVE-2022-35198 (Contract Management System v2.0 contains a weak default password which ...)
+ TODO: check
CVE-2022-35197
RESERVED
CVE-2022-35196
@@ -8140,12 +8159,12 @@ CVE-2022-35177
RESERVED
CVE-2022-35176
RESERVED
-CVE-2022-35175
- RESERVED
-CVE-2022-35174
- RESERVED
-CVE-2022-35173
- RESERVED
+CVE-2022-35175 (Barangay Management System v1.0 was discovered to contain a SQL inject ...)
+ TODO: check
+CVE-2022-35174 (A stored cross-site scripting (XSS) vulnerability in Kirby's Starterki ...)
+ TODO: check
+CVE-2022-35173 (An issue was discovered in Nginx NJS v0.7.5. The JUMP offset for a bre ...)
+ TODO: check
CVE-2022-35172 (SAP NetWeaver Enterprise Portal - versions 7.10, 7.11, 7.20, 7.30, 7.3 ...)
NOT-FOR-US: SAP
CVE-2022-35171 (When a user opens manipulated JPEG 2000 (.jp2, jp2k.x3d) files receive ...)
@@ -11743,30 +11762,30 @@ CVE-2022-33882
RESERVED
CVE-2022-33881 (Parsing a maliciously crafted PRT file can force Autodesk AutoCAD 2023 ...)
NOT-FOR-US: Autodesk
-CVE-2022-33311
- RESERVED
-CVE-2022-33151
- RESERVED
-CVE-2022-32583
- RESERVED
-CVE-2022-32544
- RESERVED
-CVE-2022-32453
- RESERVED
-CVE-2022-32283
- RESERVED
-CVE-2022-30693
- RESERVED
-CVE-2022-30604
- RESERVED
-CVE-2022-29891
- RESERVED
-CVE-2022-29487
- RESERVED
-CVE-2022-28715
- RESERVED
-CVE-2022-25986
- RESERVED
+CVE-2022-33311 (Browse restriction bypass vulnerability in Address Book of Cybozu Offi ...)
+ TODO: check
+CVE-2022-33151 (Cross-site scripting vulnerability in the specific parameters of Cyboz ...)
+ TODO: check
+CVE-2022-32583 (Operation restriction bypass vulnerability in Scheduler of Cybozu Offi ...)
+ TODO: check
+CVE-2022-32544 (Operation restriction bypass vulnerability in Project of Cybozu Office ...)
+ TODO: check
+CVE-2022-32453 (HTTP header injection vulnerability in Cybozu Office 10.0.0 to 10.8.5 ...)
+ TODO: check
+CVE-2022-32283 (Browse restriction bypass vulnerability in Cabinet of Cybozu Office 10 ...)
+ TODO: check
+CVE-2022-30693 (Information disclosure vulnerability in the system configuration of Cy ...)
+ TODO: check
+CVE-2022-30604 (Cross-site scripting vulnerability in the specific parameters of Cyboz ...)
+ TODO: check
+CVE-2022-29891 (Browse restriction bypass vulnerability in Custom Ap of Cybozu Office ...)
+ TODO: check
+CVE-2022-29487 (Cross-site scripting vulnerability in Cybozu Office 10.0.0 to 10.8.5 a ...)
+ TODO: check
+CVE-2022-28715 (Cross-site scripting vulnerability in the specific parameters of Cyboz ...)
+ TODO: check
+CVE-2022-25986 (Browse restriction bypass vulnerability in Scheduler of Cybozu Office ...)
+ TODO: check
CVE-2022-2108 (The plugin Wbcom Designs – BuddyPress Group Reviews for WordPres ...)
NOT-FOR-US: WordPress plugin
CVE-2022-2107 (The MiCODUS MV720 GPS tracker API server has an authentication mechani ...)
@@ -18880,6 +18899,7 @@ CVE-2022-31165
CVE-2022-31164 (Tovy is a a staff management system for Roblox groups. A vulnerability ...)
NOT-FOR-US: Tovy
CVE-2022-31163 (TZInfo is a Ruby library that provides access to time zone data and al ...)
+ {DLA-3077-1}
- ruby-tzinfo 2.0.4-2
NOTE: https://github.com/tzinfo/tzinfo/security/advisories/GHSA-5cm2-9h8c-rvfx
NOTE: https://github.com/tzinfo/tzinfo/commit/9eddbb5c0e682736f61d0dd803b6031a5db9eadf (v0.3.61)
@@ -23818,10 +23838,10 @@ CVE-2022-29552
RESERVED
CVE-2022-29551
RESERVED
-CVE-2022-29550
- RESERVED
-CVE-2022-29549
- RESERVED
+CVE-2022-29550 (** DISPUTED ** An issue was discovered in Qualys Cloud Agent 4.8.0-49. ...)
+ TODO: check
+CVE-2022-29549 (An issue was discovered in Qualys Cloud Agent 4.8.0-49. It executes pr ...)
+ TODO: check
CVE-2022-29548 (A reflected XSS issue exists in the Management Console of several WSO2 ...)
NOT-FOR-US: WSO2
CVE-2022-29547 (The CreateRedirect extension before 2022-04-14 for MediaWiki does not ...)
@@ -47724,7 +47744,7 @@ CVE-2021-45845 (The Path Sanity Check script of FreeCAD 0.19 is vulnerable to OS
NOTE: Fixed by: https://github.com/FreeCAD/FreeCAD/commit/a73f442f88725e08f36a3614e690bdef24c3dee3 (0.19.4)
NOTE: https://tracker.freecad.org/view.php?id=4810
CVE-2021-45844 (Improper sanitization in the invocation of ODA File Converter from Fre ...)
- {DLA-2934-1}
+ {DLA-3076-1 DLA-2934-1}
- freecad 0.19.4+dfsg1-1 (bug #1005747)
NOTE: Fixed by; https://github.com/FreeCAD/FreeCAD/commit/1742d7ff82af1653253c4a4183c262c9af3b26d6 (master)
NOTE: Fxied by: https://github.com/FreeCAD/FreeCAD/commit/ad6977f940d3e64d78a4367452d9a338ad43fa1c (0.19.4)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c498f672adc85d05e7335e3225ca5da805df08d2
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c498f672adc85d05e7335e3225ca5da805df08d2
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220818/114f8f45/attachment.htm>
More information about the debian-security-tracker-commits
mailing list