[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Sat Aug 20 09:10:26 BST 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
1c96570b by security tracker role at 2022-08-20T08:10:17+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,59 @@
+CVE-2022-38485
+ RESERVED
+CVE-2022-38484
+ RESERVED
+CVE-2022-38483
+ RESERVED
+CVE-2022-38482
+ RESERVED
+CVE-2022-38481
+ RESERVED
+CVE-2022-38480
+ RESERVED
+CVE-2022-38479
+ RESERVED
+CVE-2022-38478
+ RESERVED
+CVE-2022-38477
+ RESERVED
+CVE-2022-38476
+ RESERVED
+CVE-2022-38475
+ RESERVED
+CVE-2022-38474
+ RESERVED
+CVE-2022-38473
+ RESERVED
+CVE-2022-38472
+ RESERVED
+CVE-2022-38471
+ RESERVED
+CVE-2022-38452
+ RESERVED
+CVE-2022-2920
+ RESERVED
+CVE-2022-2919
+ RESERVED
+CVE-2022-2918
+ RESERVED
+CVE-2022-2917
+ RESERVED
+CVE-2022-2916
+ RESERVED
+CVE-2022-2915
+ RESERVED
+CVE-2022-2914
+ RESERVED
+CVE-2022-2913
+ RESERVED
+CVE-2022-2912
+ RESERVED
+CVE-2022-2911
+ RESERVED
+CVE-2022-2910
+ RESERVED
+CVE-2022-2909
+ RESERVED
CVE-2022-38466
RESERVED
CVE-2022-38465
@@ -927,18 +983,18 @@ CVE-2022-38171
RESERVED
CVE-2022-2794
RESERVED
-CVE-2022-2793
- RESERVED
-CVE-2022-2792
- RESERVED
+CVE-2022-2793 (Emerson Electric's Proficy Machine Edition Version 9.00 and prior is v ...)
+ TODO: check
+CVE-2022-2792 (Emerson Electric's Proficy Machine Edition Version 9.00 and prior is v ...)
+ TODO: check
CVE-2022-2791
RESERVED
-CVE-2022-2790
- RESERVED
-CVE-2022-2789
- RESERVED
-CVE-2022-2788
- RESERVED
+CVE-2022-2790 (Emerson Electric's Proficy Machine Edition Version 9.00 and prior is v ...)
+ TODO: check
+CVE-2022-2789 (Emerson Electric's Proficy Machine Edition Version 9.00 and prior is v ...)
+ TODO: check
+CVE-2022-2788 (Emerson Electric's Proficy Machine Edition Version 9.80 and prior is v ...)
+ TODO: check
CVE-2022-2787
RESERVED
{DSA-5213-1 DLA-3075-1}
@@ -3445,8 +3501,8 @@ CVE-2022-37177
RESERVED
CVE-2022-37176
RESERVED
-CVE-2022-37175
- RESERVED
+CVE-2022-37175 (Tenda ac15 firmware V15.03.05.18 httpd server has stack buffer overflo ...)
+ TODO: check
CVE-2022-37174
RESERVED
CVE-2022-37173
@@ -5840,8 +5896,8 @@ CVE-2022-36235
RESERVED
CVE-2022-36234 (SimpleNetwork TCP Server commit 29bc615f0d9910eb2f59aa8dff1f54f0e3af44 ...)
NOT-FOR-US: SimpleNetwork TCP Server
-CVE-2022-36233
- RESERVED
+CVE-2022-36233 (Tenda AC9 V15.03.2.13 is vulnerable to Buffer Overflow via httpd, form ...)
+ TODO: check
CVE-2022-36232
RESERVED
CVE-2022-36231
@@ -5974,10 +6030,10 @@ CVE-2022-36173
RESERVED
CVE-2022-36172
RESERVED
-CVE-2022-36171
- RESERVED
-CVE-2022-36170
- RESERVED
+CVE-2022-36171 (MapGIS IGServer 10.5.6.11 is vulnerable to Arbitrary file deletion. ...)
+ TODO: check
+CVE-2022-36170 (MapGIS 10.5 Pro IGServer has hardcoded credentials in the front-end an ...)
+ TODO: check
CVE-2022-36169
RESERVED
CVE-2022-36168
@@ -6002,8 +6058,8 @@ CVE-2022-36159
RESERVED
CVE-2022-36158
RESERVED
-CVE-2022-36157
- RESERVED
+CVE-2022-36157 (XXL-JOB all versions as of 11 July 2022 are vulnerable to Insecure Per ...)
+ TODO: check
CVE-2022-36156
RESERVED
CVE-2022-36155 (tifig v0.2.2 was discovered to contain a resource allocation issue via ...)
@@ -6309,10 +6365,10 @@ CVE-2022-36033
RESERVED
CVE-2022-36032
RESERVED
-CVE-2022-36031
- RESERVED
-CVE-2022-36030
- RESERVED
+CVE-2022-36031 (Directus is a free and open-source data platform for headless content ...)
+ TODO: check
+CVE-2022-36030 (Project-nexus is a general-purpose blog website framework. Affected ve ...)
+ TODO: check
CVE-2022-36029
RESERVED
CVE-2022-36028
@@ -6323,7 +6379,7 @@ CVE-2022-36026
RESERVED
CVE-2022-36025
RESERVED
-CVE-2022-36024 (A fork of discord.py py-cord is a modern, easy to use, feature-rich, a ...)
+CVE-2022-36024 (py-cord is a an API wrapper for Discord written in Python. Bots creati ...)
NOT-FOR-US: py-cord
CVE-2022-36023 (Hyperledger Fabric is an enterprise-grade permissioned distributed led ...)
NOT-FOR-US: Hyperledger Fabric
@@ -6353,10 +6409,10 @@ CVE-2022-36011
RESERVED
CVE-2022-36010 (This library allows strings to be parsed as functions and stored as a ...)
NOT-FOR-US: oxyno-zeta
-CVE-2022-36009
- RESERVED
-CVE-2022-36008
- RESERVED
+CVE-2022-36009 (gomatrixserverlib is a Go library for matrix protocol federation. Dend ...)
+ TODO: check
+CVE-2022-36008 (Frontier is Substrate's Ethereum compatibility layer. A security issue ...)
+ TODO: check
CVE-2022-36007 (Venice is a Clojure inspired sandboxed Lisp dialect with excellent Jav ...)
NOT-FOR-US: Venice
CVE-2022-36006 (Arvados is an open source platform for managing, processing, and shari ...)
@@ -7110,8 +7166,8 @@ CVE-2022-35694
RESERVED
CVE-2022-35693
RESERVED
-CVE-2022-35692
- RESERVED
+CVE-2022-35692 (Adobe Commerce versions 2.4.3-p2 (and earlier), 2.3.7-p3 (and earlier) ...)
+ TODO: check
CVE-2022-35691
RESERVED
CVE-2022-35690
@@ -7452,8 +7508,8 @@ CVE-2022-35556
RESERVED
CVE-2022-35555 (A command injection vulnerability exists in /goform/exeCommand in Tend ...)
NOT-FOR-US: Tenda
-CVE-2022-35554
- RESERVED
+CVE-2022-35554 (Multiple reflected XSS vulnerabilities occur when handling error messa ...)
+ TODO: check
CVE-2022-35553
RESERVED
CVE-2022-35552
@@ -37363,7 +37419,7 @@ CVE-2022-24948 (A carefully crafted user preferences for submission could trigge
- jspwiki <removed>
CVE-2022-24947 (Apache JSPWiki user preferences form is vulnerable to CSRF attacks, wh ...)
- jspwiki <removed>
-CVE-2022-24946 (Improper Resource Locking vulnerability in Mitsubishi Electric MELSEC- ...)
+CVE-2022-24946 (Improper Resource Locking vulnerability in Mitsubishi Electric MELSEC ...)
NOT-FOR-US: Mitsubishi
CVE-2022-24945
RESERVED
@@ -42526,10 +42582,10 @@ CVE-2022-23462
RESERVED
CVE-2022-23461
RESERVED
-CVE-2022-23460
- RESERVED
-CVE-2022-23459
- RESERVED
+CVE-2022-23460 (Jsonxx or Json++ is a JSON parser, writer and reader written in C++. I ...)
+ TODO: check
+CVE-2022-23459 (Jsonxx or Json++ is a JSON parser, writer and reader written in C++. I ...)
+ TODO: check
CVE-2022-23458
RESERVED
CVE-2022-23457 (ESAPI (The OWASP Enterprise Security API) is a free, open source, web ...)
@@ -46435,8 +46491,8 @@ CVE-2022-22491
RESERVED
CVE-2022-22490 (IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 could allow ...)
NOT-FOR-US: IBM
-CVE-2022-22489
- RESERVED
+CVE-2022-22489 (IBM MQ 8.0, (9.0, 9.1, 9.2 LTS), and (9.1 and 9.2 CD) are vulnerable t ...)
+ TODO: check
CVE-2022-22488
RESERVED
CVE-2022-22487 (An IBM Spectrum Protect storage agent could allow a remote attacker to ...)
@@ -98700,7 +98756,7 @@ CVE-2021-28089 (Tor before 0.4.5.7 allows a remote participant in the Tor direct
NOTE: https://blog.torproject.org/node/2009
NOTE: https://bugs.torproject.org/tpo/core/tor/40286
CVE-2020-36256
- RESERVED
+ REJECTED
CVE-2021-21381 (Flatpak is a system for building, distributing, and running sandboxed ...)
{DSA-4868-1}
- flatpak 1.10.1-4 (bug #984859)
@@ -130593,14 +130649,14 @@ CVE-2020-27797
RESERVED
CVE-2020-27796
RESERVED
-CVE-2020-27795
- RESERVED
-CVE-2020-27794
- RESERVED
-CVE-2020-27793
- RESERVED
-CVE-2020-27792
- RESERVED
+CVE-2020-27795 (A segmentation fault was discovered in radare2 with adf command. In li ...)
+ TODO: check
+CVE-2020-27794 (A double free issue was discovered in radare2 in cmd_info.c:cmd_info() ...)
+ TODO: check
+CVE-2020-27793 (An off-by-one overflow flaw was found in radare2 due to mismatched arr ...)
+ TODO: check
+CVE-2020-27792 (A heap-based buffer over write vulnerability was found in GhostScript' ...)
+ TODO: check
CVE-2020-27791
REJECTED
CVE-2020-27790 (A floating point exception issue was discovered in UPX in PackLinuxElf ...)
@@ -233207,7 +233263,8 @@ CVE-2018-20787 (The ft5x46 touchscreen driver for custom Linux kernels on the Xi
NOT-FOR-US: touchscreen driver for custom Linux kernels on the Xiaomi perseus-p-oss MIX 3 device
CVE-2019-9082 (ThinkPHP before 3.2.4, as used in Open Source BMS v1.1.1 and other pro ...)
NOT-FOR-US: ThinkPHP
-CVE-2019-9081 (The Illuminate component of Laravel Framework 5.7.x has a deserializat ...)
+CVE-2019-9081
+ REJECTED
- php-laravel-framework <not-affected> (Fixed before initial upload to archive)
NOTE: https://security.snyk.io/vuln/SNYK-PHP-LARAVELFRAMEWORK-174529
CVE-2019-9080 (DomainMOD before 4.14.0 uses MD5 without a salt for password storage. ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1c96570b61739ee0c84803673031a6653eea0bb4
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1c96570b61739ee0c84803673031a6653eea0bb4
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220820/bedb98c2/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list