[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Sat Aug 20 09:10:26 BST 2022



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
1c96570b by security tracker role at 2022-08-20T08:10:17+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,59 @@
+CVE-2022-38485
+	RESERVED
+CVE-2022-38484
+	RESERVED
+CVE-2022-38483
+	RESERVED
+CVE-2022-38482
+	RESERVED
+CVE-2022-38481
+	RESERVED
+CVE-2022-38480
+	RESERVED
+CVE-2022-38479
+	RESERVED
+CVE-2022-38478
+	RESERVED
+CVE-2022-38477
+	RESERVED
+CVE-2022-38476
+	RESERVED
+CVE-2022-38475
+	RESERVED
+CVE-2022-38474
+	RESERVED
+CVE-2022-38473
+	RESERVED
+CVE-2022-38472
+	RESERVED
+CVE-2022-38471
+	RESERVED
+CVE-2022-38452
+	RESERVED
+CVE-2022-2920
+	RESERVED
+CVE-2022-2919
+	RESERVED
+CVE-2022-2918
+	RESERVED
+CVE-2022-2917
+	RESERVED
+CVE-2022-2916
+	RESERVED
+CVE-2022-2915
+	RESERVED
+CVE-2022-2914
+	RESERVED
+CVE-2022-2913
+	RESERVED
+CVE-2022-2912
+	RESERVED
+CVE-2022-2911
+	RESERVED
+CVE-2022-2910
+	RESERVED
+CVE-2022-2909
+	RESERVED
 CVE-2022-38466
 	RESERVED
 CVE-2022-38465
@@ -927,18 +983,18 @@ CVE-2022-38171
 	RESERVED
 CVE-2022-2794
 	RESERVED
-CVE-2022-2793
-	RESERVED
-CVE-2022-2792
-	RESERVED
+CVE-2022-2793 (Emerson Electric's Proficy Machine Edition Version 9.00 and prior is v ...)
+	TODO: check
+CVE-2022-2792 (Emerson Electric's Proficy Machine Edition Version 9.00 and prior is v ...)
+	TODO: check
 CVE-2022-2791
 	RESERVED
-CVE-2022-2790
-	RESERVED
-CVE-2022-2789
-	RESERVED
-CVE-2022-2788
-	RESERVED
+CVE-2022-2790 (Emerson Electric's Proficy Machine Edition Version 9.00 and prior is v ...)
+	TODO: check
+CVE-2022-2789 (Emerson Electric's Proficy Machine Edition Version 9.00 and prior is v ...)
+	TODO: check
+CVE-2022-2788 (Emerson Electric's Proficy Machine Edition Version 9.80 and prior is v ...)
+	TODO: check
 CVE-2022-2787
 	RESERVED
 	{DSA-5213-1 DLA-3075-1}
@@ -3445,8 +3501,8 @@ CVE-2022-37177
 	RESERVED
 CVE-2022-37176
 	RESERVED
-CVE-2022-37175
-	RESERVED
+CVE-2022-37175 (Tenda ac15 firmware V15.03.05.18 httpd server has stack buffer overflo ...)
+	TODO: check
 CVE-2022-37174
 	RESERVED
 CVE-2022-37173
@@ -5840,8 +5896,8 @@ CVE-2022-36235
 	RESERVED
 CVE-2022-36234 (SimpleNetwork TCP Server commit 29bc615f0d9910eb2f59aa8dff1f54f0e3af44 ...)
 	NOT-FOR-US: SimpleNetwork TCP Server
-CVE-2022-36233
-	RESERVED
+CVE-2022-36233 (Tenda AC9 V15.03.2.13 is vulnerable to Buffer Overflow via httpd, form ...)
+	TODO: check
 CVE-2022-36232
 	RESERVED
 CVE-2022-36231
@@ -5974,10 +6030,10 @@ CVE-2022-36173
 	RESERVED
 CVE-2022-36172
 	RESERVED
-CVE-2022-36171
-	RESERVED
-CVE-2022-36170
-	RESERVED
+CVE-2022-36171 (MapGIS IGServer 10.5.6.11 is vulnerable to Arbitrary file deletion. ...)
+	TODO: check
+CVE-2022-36170 (MapGIS 10.5 Pro IGServer has hardcoded credentials in the front-end an ...)
+	TODO: check
 CVE-2022-36169
 	RESERVED
 CVE-2022-36168
@@ -6002,8 +6058,8 @@ CVE-2022-36159
 	RESERVED
 CVE-2022-36158
 	RESERVED
-CVE-2022-36157
-	RESERVED
+CVE-2022-36157 (XXL-JOB all versions as of 11 July 2022 are vulnerable to Insecure Per ...)
+	TODO: check
 CVE-2022-36156
 	RESERVED
 CVE-2022-36155 (tifig v0.2.2 was discovered to contain a resource allocation issue via ...)
@@ -6309,10 +6365,10 @@ CVE-2022-36033
 	RESERVED
 CVE-2022-36032
 	RESERVED
-CVE-2022-36031
-	RESERVED
-CVE-2022-36030
-	RESERVED
+CVE-2022-36031 (Directus is a free and open-source data platform for headless content  ...)
+	TODO: check
+CVE-2022-36030 (Project-nexus is a general-purpose blog website framework. Affected ve ...)
+	TODO: check
 CVE-2022-36029
 	RESERVED
 CVE-2022-36028
@@ -6323,7 +6379,7 @@ CVE-2022-36026
 	RESERVED
 CVE-2022-36025
 	RESERVED
-CVE-2022-36024 (A fork of discord.py py-cord is a modern, easy to use, feature-rich, a ...)
+CVE-2022-36024 (py-cord is a an API wrapper for Discord written in Python. Bots creati ...)
 	NOT-FOR-US: py-cord
 CVE-2022-36023 (Hyperledger Fabric is an enterprise-grade permissioned distributed led ...)
 	NOT-FOR-US: Hyperledger Fabric
@@ -6353,10 +6409,10 @@ CVE-2022-36011
 	RESERVED
 CVE-2022-36010 (This library allows strings to be parsed as functions and stored as a  ...)
 	NOT-FOR-US: oxyno-zeta
-CVE-2022-36009
-	RESERVED
-CVE-2022-36008
-	RESERVED
+CVE-2022-36009 (gomatrixserverlib is a Go library for matrix protocol federation. Dend ...)
+	TODO: check
+CVE-2022-36008 (Frontier is Substrate's Ethereum compatibility layer. A security issue ...)
+	TODO: check
 CVE-2022-36007 (Venice is a Clojure inspired sandboxed Lisp dialect with excellent Jav ...)
 	NOT-FOR-US: Venice
 CVE-2022-36006 (Arvados is an open source platform for managing, processing, and shari ...)
@@ -7110,8 +7166,8 @@ CVE-2022-35694
 	RESERVED
 CVE-2022-35693
 	RESERVED
-CVE-2022-35692
-	RESERVED
+CVE-2022-35692 (Adobe Commerce versions 2.4.3-p2 (and earlier), 2.3.7-p3 (and earlier) ...)
+	TODO: check
 CVE-2022-35691
 	RESERVED
 CVE-2022-35690
@@ -7452,8 +7508,8 @@ CVE-2022-35556
 	RESERVED
 CVE-2022-35555 (A command injection vulnerability exists in /goform/exeCommand in Tend ...)
 	NOT-FOR-US: Tenda
-CVE-2022-35554
-	RESERVED
+CVE-2022-35554 (Multiple reflected XSS vulnerabilities occur when handling error messa ...)
+	TODO: check
 CVE-2022-35553
 	RESERVED
 CVE-2022-35552
@@ -37363,7 +37419,7 @@ CVE-2022-24948 (A carefully crafted user preferences for submission could trigge
 	- jspwiki <removed>
 CVE-2022-24947 (Apache JSPWiki user preferences form is vulnerable to CSRF attacks, wh ...)
 	- jspwiki <removed>
-CVE-2022-24946 (Improper Resource Locking vulnerability in Mitsubishi Electric MELSEC- ...)
+CVE-2022-24946 (Improper Resource Locking vulnerability in Mitsubishi Electric MELSEC  ...)
 	NOT-FOR-US: Mitsubishi
 CVE-2022-24945
 	RESERVED
@@ -42526,10 +42582,10 @@ CVE-2022-23462
 	RESERVED
 CVE-2022-23461
 	RESERVED
-CVE-2022-23460
-	RESERVED
-CVE-2022-23459
-	RESERVED
+CVE-2022-23460 (Jsonxx or Json++ is a JSON parser, writer and reader written in C++. I ...)
+	TODO: check
+CVE-2022-23459 (Jsonxx or Json++ is a JSON parser, writer and reader written in C++. I ...)
+	TODO: check
 CVE-2022-23458
 	RESERVED
 CVE-2022-23457 (ESAPI (The OWASP Enterprise Security API) is a free, open source, web  ...)
@@ -46435,8 +46491,8 @@ CVE-2022-22491
 	RESERVED
 CVE-2022-22490 (IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 could allow  ...)
 	NOT-FOR-US: IBM
-CVE-2022-22489
-	RESERVED
+CVE-2022-22489 (IBM MQ 8.0, (9.0, 9.1, 9.2 LTS), and (9.1 and 9.2 CD) are vulnerable t ...)
+	TODO: check
 CVE-2022-22488
 	RESERVED
 CVE-2022-22487 (An IBM Spectrum Protect storage agent could allow a remote attacker to ...)
@@ -98700,7 +98756,7 @@ CVE-2021-28089 (Tor before 0.4.5.7 allows a remote participant in the Tor direct
 	NOTE: https://blog.torproject.org/node/2009
 	NOTE: https://bugs.torproject.org/tpo/core/tor/40286
 CVE-2020-36256
-	RESERVED
+	REJECTED
 CVE-2021-21381 (Flatpak is a system for building, distributing, and running sandboxed  ...)
 	{DSA-4868-1}
 	- flatpak 1.10.1-4 (bug #984859)
@@ -130593,14 +130649,14 @@ CVE-2020-27797
 	RESERVED
 CVE-2020-27796
 	RESERVED
-CVE-2020-27795
-	RESERVED
-CVE-2020-27794
-	RESERVED
-CVE-2020-27793
-	RESERVED
-CVE-2020-27792
-	RESERVED
+CVE-2020-27795 (A segmentation fault was discovered in radare2 with adf command. In li ...)
+	TODO: check
+CVE-2020-27794 (A double free issue was discovered in radare2 in cmd_info.c:cmd_info() ...)
+	TODO: check
+CVE-2020-27793 (An off-by-one overflow flaw was found in radare2 due to mismatched arr ...)
+	TODO: check
+CVE-2020-27792 (A heap-based buffer over write vulnerability was found in GhostScript' ...)
+	TODO: check
 CVE-2020-27791
 	REJECTED
 CVE-2020-27790 (A floating point exception issue was discovered in UPX in PackLinuxElf ...)
@@ -233207,7 +233263,8 @@ CVE-2018-20787 (The ft5x46 touchscreen driver for custom Linux kernels on the Xi
 	NOT-FOR-US: touchscreen driver for custom Linux kernels on the Xiaomi perseus-p-oss MIX 3 device
 CVE-2019-9082 (ThinkPHP before 3.2.4, as used in Open Source BMS v1.1.1 and other pro ...)
 	NOT-FOR-US: ThinkPHP
-CVE-2019-9081 (The Illuminate component of Laravel Framework 5.7.x has a deserializat ...)
+CVE-2019-9081
+	REJECTED
 	- php-laravel-framework <not-affected> (Fixed before initial upload to archive)
 	NOTE: https://security.snyk.io/vuln/SNYK-PHP-LARAVELFRAMEWORK-174529
 CVE-2019-9080 (DomainMOD before 4.14.0 uses MD5 without a salt for password storage. ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1c96570b61739ee0c84803673031a6653eea0bb4

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1c96570b61739ee0c84803673031a6653eea0bb4
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220820/bedb98c2/attachment-0001.htm>


More information about the debian-security-tracker-commits mailing list