[Git][security-tracker-team/security-tracker][master] automatic update

Tue Aug 30 21:34:11 BST 2022


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
b64286c2 by security tracker role at 2022-08-30T20:10:22+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,14 @@
+CVE-2022-3065
+	RESERVED
+CVE-2022-3064
+	RESERVED
+CVE-2022-3063
+	REJECTED
+	TODO: check
+CVE-2022-3062
+	RESERVED
+CVE-2022-3061
+	RESERVED
 CVE-2022-39043
 	RESERVED
 CVE-2022-39042
@@ -573,7 +584,7 @@ CVE-2022-3024
 CVE-2022-3023
 	RESERVED
 CVE-2022-3022
-	RESERVED
+	REJECTED
 CVE-2022-3021
 	RESERVED
 CVE-2022-3020
@@ -4930,8 +4941,8 @@ CVE-2022-37239 (MDaemon Technologies SecurityGateway for Email Servers 8.5.2 is
 	NOT-FOR-US: MDaemon
 CVE-2022-37238 (MDaemon Technologies SecurityGateway for Email Servers 8.5.2 is vulner ...)
 	NOT-FOR-US: MDaemon
-CVE-2022-37237
-	RESERVED
+CVE-2022-37237 (An attacker can send malicious RTMP requests to make the ZLMediaKit se ...)
+	TODO: check
 CVE-2022-37236
 	RESERVED
 CVE-2022-37235
@@ -5052,8 +5063,8 @@ CVE-2022-37178 (An issue was discovered in 72crm 9.0. There is a SQL Injection v
 	NOT-FOR-US: 72crm
 CVE-2022-37177 (HireVue Hiring Platform V1.0 suffers from Use of a Broken or Risky Cry ...)
 	NOT-FOR-US: HireVue Hiring Platform
-CVE-2022-37176
-	RESERVED
+CVE-2022-37176 (Tenda AC6(AC1200) v5.0 Firmware v02.03.01.114 and below contains a vul ...)
+	TODO: check
 CVE-2022-37175 (Tenda ac15 firmware V15.03.05.18 httpd server has stack buffer overflo ...)
 	NOT-FOR-US: Tenda
 CVE-2022-37174
@@ -5106,8 +5117,8 @@ CVE-2022-37151 (There is an unauthorized access vulnerability in Online Diagnost
 	NOT-FOR-US: Online Diagnostic Lab Management System
 CVE-2022-37150 (An issue was discovered in Online Diagnostic Lab Management System 1.0 ...)
 	NOT-FOR-US: Online Diagnostic Lab Management System
-CVE-2022-37149
-	RESERVED
+CVE-2022-37149 (WAVLINK WL-WN575A3 RPT75A3.V4300.201217 was discovered to contain a co ...)
+	TODO: check
 CVE-2022-37148
 	RESERVED
 CVE-2022-37147
@@ -6519,8 +6530,8 @@ CVE-2022-36554 (A command injection vulnerability in the CLI (Command Line Inter
 	NOT-FOR-US: Hytec Inter HWL-2511-SS
 CVE-2022-36553 (Hytec Inter HWL-2511-SS v1.05 and below was discovered to contain a co ...)
 	NOT-FOR-US: Hytec Inter HWL-2511-SS
-CVE-2022-36552
-	RESERVED
+CVE-2022-36552 (Tenda AC6(AC1200) v5.0 Firmware v02.03.01.114 and below contains an is ...)
+	TODO: check
 CVE-2022-36551
 	RESERVED
 CVE-2022-36550
@@ -9915,8 +9926,8 @@ CVE-2022-32765
 	RESERVED
 CVE-2022-2331
 	RESERVED
-CVE-2022-2330
-	RESERVED
+CVE-2022-2330 (Improper Restriction of XML External Entity Reference vulnerability in ...)
+	TODO: check
 CVE-2022-2329
 	RESERVED
 CVE-2022-2328 (The Flexi Quote Rotator WordPress plugin through 0.9.4 does not saniti ...)
@@ -12965,6 +12976,7 @@ CVE-2022-2133 (The OAuth Single Sign On WordPress plugin before 6.22.6 doesn't v
 	NOT-FOR-US: WordPress plugin
 CVE-2022-2132
 	RESERVED
+	{DSA-5222-1}
 	- dpdk <unfixed>
 	NOTE: https://bugs.dpdk.org/show_bug.cgi?id=1031
 	NOTE: https://git.dpdk.org/dpdk/commit/?id=71bd0cc536ad6d84188d947d6f24c17400d8f623 (main)
@@ -29769,6 +29781,7 @@ CVE-2022-28200 (NVIDIA DGX A100 contains a vulnerability in SBIOS in the BiosCfg
 	NOT-FOR-US: NVIDIA
 CVE-2022-28199
 	RESERVED
+	{DSA-5222-1}
 	- dpdk <unfixed>
 	[buster] - dpdk <not-affected> (Vulnerable code introduced later)
 	NOTE: https://git.dpdk.org/dpdk/commit/?id=60b254e3923d007bcadbb8d410f95ad89a2f13fa (main)
@@ -67683,7 +67696,7 @@ CVE-2021-40907 (SQL injection vulnerability in Sourcecodester Storage Unit Renta
 	NOT-FOR-US: Sourcecodester
 CVE-2021-40906 (CheckMK Raw Edition software (versions 1.5.0 to 1.6.0) does not saniti ...)
 	- check-mk <removed>
-CVE-2021-40905 (The web management console of CheckMK Enterprise Edition (versions 1.5 ...)
+CVE-2021-40905 (** DISPUTED ** The web management console of CheckMK Enterprise Editio ...)
 	NOT-FOR-US: CheckMK Enterprise Edition
 CVE-2021-40904 (The web management console of CheckMK Raw Edition (versions 1.5.0 to 1 ...)
 	- check-mk <removed>



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b64286c20532038322424f949ee101adebc14566

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b64286c20532038322424f949ee101adebc14566
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220830/521bc6aa/attachment.htm>
