[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Aug 30 09:10:30 BST 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
d15c86df by security tracker role at 2022-08-30T08:10:18+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,115 @@
+CVE-2022-39043
+ RESERVED
+CVE-2022-39042
+ RESERVED
+CVE-2022-39041
+ RESERVED
+CVE-2022-39040
+ RESERVED
+CVE-2022-39039
+ RESERVED
+CVE-2022-39038
+ RESERVED
+CVE-2022-39037
+ RESERVED
+CVE-2022-39036
+ RESERVED
+CVE-2022-39035
+ RESERVED
+CVE-2022-39034
+ RESERVED
+CVE-2022-39033
+ RESERVED
+CVE-2022-39032
+ RESERVED
+CVE-2022-39031
+ RESERVED
+CVE-2022-39030
+ RESERVED
+CVE-2022-39029
+ RESERVED
+CVE-2022-39027
+ RESERVED
+CVE-2022-39026
+ RESERVED
+CVE-2022-39025
+ RESERVED
+CVE-2022-39024
+ RESERVED
+CVE-2022-39023
+ RESERVED
+CVE-2022-39022
+ RESERVED
+CVE-2022-39021
+ RESERVED
+CVE-2022-39020
+ RESERVED
+CVE-2022-39019
+ RESERVED
+CVE-2022-39018
+ RESERVED
+CVE-2022-39017
+ RESERVED
+CVE-2022-39016
+ RESERVED
+CVE-2022-38400
+ RESERVED
+CVE-2022-33941
+ RESERVED
+CVE-2022-3060
+ RESERVED
+CVE-2022-3059
+ RESERVED
+CVE-2022-3058
+ RESERVED
+CVE-2022-3057
+ RESERVED
+CVE-2022-3056
+ RESERVED
+CVE-2022-3055
+ RESERVED
+CVE-2022-3054
+ RESERVED
+CVE-2022-3053
+ RESERVED
+CVE-2022-3052
+ RESERVED
+CVE-2022-3051
+ RESERVED
+CVE-2022-3050
+ RESERVED
+CVE-2022-3049
+ RESERVED
+CVE-2022-3048
+ RESERVED
+CVE-2022-3047
+ RESERVED
+CVE-2022-3046
+ RESERVED
+CVE-2022-3045
+ RESERVED
+CVE-2022-3044
+ RESERVED
+CVE-2022-3043
+ RESERVED
+CVE-2022-3042
+ RESERVED
+CVE-2022-3041
+ RESERVED
+CVE-2022-3040
+ RESERVED
+CVE-2022-3039
+ RESERVED
+CVE-2022-3038
+ RESERVED
+CVE-2022-3037
+ RESERVED
+CVE-2022-3036
+ RESERVED
+CVE-2022-3035 (Cross-site Scripting (XSS) - Stored in GitHub repository snipe/snipe-i ...)
+ TODO: check
+CVE-2022-3034
+ RESERVED
CVE-2022-39015
RESERVED
CVE-2022-39014
@@ -470,7 +582,7 @@ CVE-2021-46836
RESERVED
CVE-2022-3019 (The forgot password token basically just makes us capable of taking ov ...)
NOT-FOR-US: ToolJet
-CVE-2022-39028 [DoS vulnerability in inetutils-telnetd: NULL pointer dereference when sending the byte sequences]
+CVE-2022-39028 (telnetd in GNU Inetutils through 2.3, MIT krb5-appl through 1.0.3, and ...)
- inetutils 2:2.3-5
[bullseye] - inetutils <no-dsa> (Minor issue)
NOTE: https://lists.gnu.org/archive/html/bug-inetutils/2022-08/msg00002.html
@@ -519,8 +631,8 @@ CVE-2022-3011
RESERVED
CVE-2022-38785
REJECTED
-CVE-2022-38784
- RESERVED
+CVE-2022-38784 (Poppler prior to and including 22.08.0 contains an integer overflow in ...)
+ TODO: check
CVE-2022-38783
RESERVED
CVE-2022-38782
@@ -565,8 +677,8 @@ CVE-2022-3001
RESERVED
CVE-2022-3000
RESERVED
-CVE-2022-38772
- RESERVED
+CVE-2022-38772 (Zoho ManageEngine OpManager, OpManager Plus, OpManager MSP, Network Co ...)
+ TODO: check
CVE-2022-38771
RESERVED
CVE-2022-38770
@@ -1059,8 +1171,8 @@ CVE-2022-38627
RESERVED
CVE-2022-38626
RESERVED
-CVE-2022-38625
- RESERVED
+CVE-2022-38625 (Patlite NH-FB v1.46 and below was discovered to contain insufficient f ...)
+ TODO: check
CVE-2022-38624
RESERVED
CVE-2022-38623
@@ -1375,7 +1487,7 @@ CVE-2022-38479
RESERVED
CVE-2022-38478
RESERVED
- {DSA-5217-1 DLA-3080-1}
+ {DSA-5221-1 DSA-5217-1 DLA-3080-1}
- firefox 104.0-1
- firefox-esr 102.2.0esr-1
- thunderbird 1:102.2.0-1
@@ -1416,7 +1528,7 @@ CVE-2022-38474
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-33/#CVE-2022-38474
CVE-2022-38473
RESERVED
- {DSA-5217-1 DLA-3080-1}
+ {DSA-5221-1 DSA-5217-1 DLA-3080-1}
- firefox 104.0-1
- firefox-esr 102.2.0esr-1
- thunderbird 1:102.2.0-1
@@ -1427,7 +1539,7 @@ CVE-2022-38473
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-37/#CVE-2022-38473
CVE-2022-38472
RESERVED
- {DSA-5217-1 DLA-3080-1}
+ {DSA-5221-1 DSA-5217-1 DLA-3080-1}
- firefox 104.0-1
- firefox-esr 102.2.0esr-1
- thunderbird 1:102.2.0-1
@@ -1715,7 +1827,7 @@ CVE-2022-XXXX [freeciv modpack installer buffer overflow]
[buster] - freeciv <no-dsa> (Minor issue)
NOTE: https://osdn.net/projects/freeciv/ticket/45299
NOTE: https://www.openwall.com/lists/oss-security/2022/08/05/1
-CVE-2022-38392 (A certain 5400 RPM OEM hard drive, as shipped with laptop PCs in appro ...)
+CVE-2022-38392 (Certain 5400 RPM hard drives, for laptops and other PCs in approximate ...)
NOT-FOR-US: Microsoft
CVE-2022-2875
RESERVED
@@ -2559,12 +2671,12 @@ CVE-2022-38120
RESERVED
CVE-2022-38119
RESERVED
-CVE-2022-38118
- RESERVED
+CVE-2022-38118 (OAKlouds Portal website’s Meeting Room has insufficient validati ...)
+ TODO: check
CVE-2022-38117
RESERVED
-CVE-2022-38116
- RESERVED
+CVE-2022-38116 (Le-yan Personnel and Salary Management System has hard-coded database ...)
+ TODO: check
CVE-2022-38103
RESERVED
CVE-2022-38092
@@ -3585,10 +3697,10 @@ CVE-2022-37683
RESERVED
CVE-2022-37682
RESERVED
-CVE-2022-37681
- RESERVED
-CVE-2022-37680
- RESERVED
+CVE-2022-37681 (Hitachi Kokusai Electric Inc ISnex HC-IP9100HD Version 1.07 and below ...)
+ TODO: check
+CVE-2022-37680 (An access control issue in Hitachi Kokusai Electric Inc ISnex HC-IP910 ...)
+ TODO: check
CVE-2022-37679
RESERVED
CVE-2022-37678
@@ -4934,8 +5046,8 @@ CVE-2022-37179
RESERVED
CVE-2022-37178 (An issue was discovered in 72crm 9.0. There is a SQL Injection vulnera ...)
NOT-FOR-US: 72crm
-CVE-2022-37177
- RESERVED
+CVE-2022-37177 (HireVue Hiring Platform V1.0 suffers from Use of a Broken or Risky Cry ...)
+ TODO: check
CVE-2022-37176
RESERVED
CVE-2022-37175 (Tenda ac15 firmware V15.03.05.18 httpd server has stack buffer overflo ...)
@@ -6078,18 +6190,18 @@ CVE-2022-36716 (Library Management System v1.0 was discovered to contain a SQL i
NOT-FOR-US: Library Management System
CVE-2022-36715 (Library Management System v1.0 was discovered to contain a SQL injecti ...)
NOT-FOR-US: Library Management System
-CVE-2022-36714
- RESERVED
-CVE-2022-36713
- RESERVED
-CVE-2022-36712
- RESERVED
-CVE-2022-36711
- RESERVED
+CVE-2022-36714 (Library Management System v1.0 was discovered to contain a SQL injecti ...)
+ TODO: check
+CVE-2022-36713 (Library Management System v1.0 was discovered to contain a SQL injecti ...)
+ TODO: check
+CVE-2022-36712 (Library Management System v1.0 was discovered to contain a SQL injecti ...)
+ TODO: check
+CVE-2022-36711 (Library Management System v1.0 was discovered to contain a SQL injecti ...)
+ TODO: check
CVE-2022-36710
RESERVED
-CVE-2022-36709
- RESERVED
+CVE-2022-36709 (Library Management System v1.0 was discovered to contain a SQL injecti ...)
+ TODO: check
CVE-2022-36708 (Library Management System v1.0 was discovered to contain a SQL injecti ...)
NOT-FOR-US: Library Management System
CVE-2022-36707
@@ -6386,22 +6498,22 @@ CVE-2022-36562
RESERVED
CVE-2022-36561
RESERVED
-CVE-2022-36560
- RESERVED
-CVE-2022-36559
- RESERVED
-CVE-2022-36558
- RESERVED
-CVE-2022-36557
- RESERVED
-CVE-2022-36556
- RESERVED
-CVE-2022-36555
- RESERVED
-CVE-2022-36554
- RESERVED
-CVE-2022-36553
- RESERVED
+CVE-2022-36560 (Seiko SkyBridge MB-A200 v01.00.04 and below was discovered to contain ...)
+ TODO: check
+CVE-2022-36559 (Seiko SkyBridge MB-A200 v01.00.04 and below was discovered to contain ...)
+ TODO: check
+CVE-2022-36558 (Seiko SkyBridge MB-A100/A110 v4.2.0 and below implements a hard-coded ...)
+ TODO: check
+CVE-2022-36557 (Seiko SkyBridge MB-A100/A110 v4.2.0 and below was discovered to contai ...)
+ TODO: check
+CVE-2022-36556 (Seiko SkyBridge MB-A100/A110 v4.2.0 and below was discovered to contai ...)
+ TODO: check
+CVE-2022-36555 (Hytec Inter HWL-2511-SS v1.05 and below implements a SHA512crypt hash ...)
+ TODO: check
+CVE-2022-36554 (A command injection vulnerability in the CLI (Command Line Interface) ...)
+ TODO: check
+CVE-2022-36553 (Hytec Inter HWL-2511-SS v1.05 and below was discovered to contain a co ...)
+ TODO: check
CVE-2022-36552
RESERVED
CVE-2022-36551
@@ -15569,8 +15681,8 @@ CVE-2022-32995 (Halo CMS v1.5.3 was discovered to contain a Server-Side Request
NOT-FOR-US: Halo CMS
CVE-2022-32994 (Halo CMS v1.5.3 was discovered to contain an arbitrary file upload vul ...)
NOT-FOR-US: Halo CMS
-CVE-2022-32993
- RESERVED
+CVE-2022-32993 (TOTOLINK A7000R V4.1cu.4134 was discovered to contain an access contro ...)
+ TODO: check
CVE-2022-32992 (Online Tours And Travels Management System v1.0 was discovered to cont ...)
NOT-FOR-US: Online Tours And Travels Management System
CVE-2022-32991 (Web Based Quiz System v1.0 was discovered to contain a SQL injection v ...)
@@ -15902,7 +16014,7 @@ CVE-2022-32895
CVE-2022-32894 (An out-of-bounds write issue was addressed with improved bounds checki ...)
TODO: check
CVE-2022-32893 (An out-of-bounds write issue was addressed with improved bounds checki ...)
- {DSA-5220-1 DSA-5219-1}
+ {DSA-5220-1 DSA-5219-1 DLA-3087-1}
- webkit2gtk 2.36.7-1
- wpewebkit 2.36.7-1
NOTE: https://wpewebkit.org/security/WSA-2022-0008.html
@@ -34417,12 +34529,12 @@ CVE-2022-26530 (swaylock before 1.6 allows attackers to trigger a crash and achi
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2066596
NOTE: https://github.com/swaywm/swaylock/commit/1d1c75b6316d21933069a9d201f966d84099f6ca (1.6)
NOTE: https://github.com/swaywm/swaylock/pull/219
-CVE-2022-26529
- RESERVED
-CVE-2022-26528
- RESERVED
-CVE-2022-26527
- RESERVED
+CVE-2022-26529 (Realtek Linux/Android Bluetooth Mesh SDK has a buffer overflow vulnera ...)
+ TODO: check
+CVE-2022-26528 (Realtek Linux/Android Bluetooth Mesh SDK has a buffer overflow vulnera ...)
+ TODO: check
+CVE-2022-26527 (Realtek Linux/Android Bluetooth Mesh SDK has a buffer overflow vulnera ...)
+ TODO: check
CVE-2022-26526 (Anaconda Anaconda3 (Anaconda Distribution) through 2021.11.0.0 and Min ...)
NOT-FOR-US: Anaconda Python
CVE-2022-26525
@@ -36067,8 +36179,8 @@ CVE-2022-25890
RESERVED
CVE-2022-25888 (The package opcua from 0.0.0 are vulnerable to Denial of Service (DoS) ...)
TODO: check
-CVE-2022-25887
- RESERVED
+CVE-2022-25887 (The package sanitize-html before 2.7.1 are vulnerable to Regular Expre ...)
+ TODO: check
CVE-2022-25886
RESERVED
CVE-2022-25885
@@ -36124,8 +36236,8 @@ CVE-2022-25858 (The package terser before 4.8.1, from 5.0.0 and before 5.14.2 ar
NOTE: https://snyk.io/vuln/SNYK-JS-TERSER-2806366
NOTE: https://github.com/terser/terser/commit/a4da7349fdc92c05094f41d33d06d8cd4e90e76b (v5.14.2)
NOTE: https://github.com/terser/terser/commit/d8cc5691be980d663c29cc4d5ce67e852d597012 (v4.8.1)
-CVE-2022-25857
- RESERVED
+CVE-2022-25857 (The package org.yaml:snakeyaml from 0 and before 1.31 are vulnerable t ...)
+ TODO: check
CVE-2022-25856 (The package github.com/argoproj/argo-events/sensors/artifacts before 1 ...)
NOT-FOR-US: github.com/argoproj/argo-events/sensors/artifacts
CVE-2022-25855
@@ -36190,8 +36302,8 @@ CVE-2022-25647 (The package com.google.code.gson:gson before 2.8.9 are vulnerabl
NOTE: https://github.com/google/gson/pull/1991
NOTE: https://github.com/google/gson/commit/e6fae590cf2a758c47cd5a17f9bf3780ce62c986 (gson-parent-2.8.9)
NOTE: https://snyk.io/vuln/SNYK-JAVA-COMGOOGLECODEGSON-1730327
-CVE-2022-25646
- RESERVED
+CVE-2022-25646 (All versions of package x-data-spreadsheet are vulnerable to Cross-sit ...)
+ TODO: check
CVE-2022-25645 (All versions of package dset are vulnerable to Prototype Pollution via ...)
NOT-FOR-US: Node dset
CVE-2022-25644 (All versions of package @pendo324/get-process-by-name are vulnerable t ...)
@@ -36924,8 +37036,8 @@ CVE-2022-25638 (In wolfSSL before 5.2.0, certificate validation may be bypassed
NOTE: https://github.com/wolfSSL/wolfssl/commit/08047b2d959ee5e21a4a2c672308f45fec61f059 (v5.2.0-stable)
CVE-2022-25637
RESERVED
-CVE-2022-25635
- RESERVED
+CVE-2022-25635 (Realtek Linux/Android Bluetooth Mesh SDK has a buffer overflow vulnera ...)
+ TODO: check
CVE-2022-25634 (Qt through 5.15.8 and 6.x through 6.2.3 can load system library files ...)
- qt6-base <not-affected> (Vulnerable code specific to Windows platform)
- qtbase-opensource-src <not-affected> (Vulnerable code specific to Windows platform)
@@ -41814,10 +41926,10 @@ CVE-2022-24109
RESERVED
CVE-2022-24108 (The Skyoftech So Listing Tabs module 2.2.0 for OpenCart allows a remot ...)
NOT-FOR-US: OpenCart plugin
-CVE-2022-24107
- RESERVED
-CVE-2022-24106
- RESERVED
+CVE-2022-24107 (Xpdf prior to 4.04 lacked an integer overflow check in JPXStream.cc. ...)
+ TODO: check
+CVE-2022-24106 (In Xpdf prior to 4.04, the DCT (JPEG) decoder was incorrectly allowing ...)
+ TODO: check
CVE-2022-24105 (Adobe Photoshop versions 22.5.6 (and earlier)and 23.2.2 (and earlier) ...)
NOT-FOR-US: Adobe
CVE-2022-24104 (Acrobat Reader DC versions 20.001.20085 (and earlier), 20.005.3031x (a ...)
@@ -57458,8 +57570,8 @@ CVE-2022-21387 (Vulnerability in the Oracle Commerce Platform product of Oracle
NOT-FOR-US: Oracle
CVE-2022-21386 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...)
NOT-FOR-US: Oracle
-CVE-2022-21385
- RESERVED
+CVE-2022-21385 (A flaw in net_rds_alloc_sgs() in Oracle Linux kernels allows unprivile ...)
+ TODO: check
CVE-2022-21384
RESERVED
CVE-2022-21383 (Vulnerability in the Oracle Enterprise Session Border Controller produ ...)
@@ -72528,8 +72640,8 @@ CVE-2021-38936 (IBM QRadar SIEM 7.3, 7.4, and 7.5 could disclose highly sensitiv
NOT-FOR-US: IBM
CVE-2021-38935 (IBM Maximo Asset Management 7.6.1.2 does not require that users should ...)
NOT-FOR-US: IBM
-CVE-2021-38934
- RESERVED
+CVE-2021-38934 (IBM Engineering Test Management 7.0, 7.0.1, and 7.0.2 is vulnerable to ...)
+ TODO: check
CVE-2021-38933
RESERVED
CVE-2021-38932
@@ -134878,8 +134990,8 @@ CVE-2020-26939 (In Legion of the Bouncy Castle BC before 1.61 and BC-FJA before
[buster] - bouncycastle <no-dsa> (Minor issue)
NOTE: https://github.com/bcgit/bc-java/wiki/CVE-2020-26939
NOTE: https://github.com/bcgit/bc-java/commit/930f8b274c4f1f3a46e68b5441f1e7fadb57e8c1 (r1rv61)
-CVE-2020-26938
- RESERVED
+CVE-2020-26938 (In oauth2-server (aka node-oauth2-server) through 3.1.1, the value of ...)
+ TODO: check
CVE-2020-26937
RESERVED
CVE-2020-26936 (Cloudera Data Engineering (CDE) before 1.1 was vulnerable to a CSRF at ...)
@@ -214147,11 +214259,11 @@ CVE-2019-15299 (An issue was discovered in Centreon Web through 19.04.3. When a
- centreon-web <itp> (bug #913903)
CVE-2019-15298 (A problem was found in Centreon Web through 19.04.3. An authenticated ...)
- centreon-web <itp> (bug #913903)
-CVE-2021-46837
+CVE-2021-46837 (res_pjsip_t38 in Sangoma Asterisk 16.x before 16.16.2, 17.x before 17. ...)
- asterisk 1:18.9.0~dfsg+~cs6.10.40431411-1 (bug #1018073)
NOTE: https://downloads.asterisk.org/pub/security/AST-2021-006.html
NOTE: This is related to CVE-2019-15297 symptoms but not for exactly the same reason.
-CVE-2019-15297 (res_pjsip_t38 in Sangoma Asterisk 13.21-cert4, 15.7.3, and 16.5.0 allo ...)
+CVE-2019-15297 (res_pjsip_t38 in Sangoma Asterisk 15.x before 15.7.4 and 16.x before 1 ...)
- asterisk 1:16.10.0~dfsg-1 (low; bug #940060)
[buster] - asterisk 1:16.2.1~dfsg-1+deb10u2
[stretch] - asterisk <ignored> (Minor issue; Intrusive to backport)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d15c86df289029080c835a3b67d2a0398c75d708
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d15c86df289029080c835a3b67d2a0398c75d708
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220830/c9283510/attachment.htm>
More information about the debian-security-tracker-commits
mailing list