[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Dec 27 08:10:22 GMT 2022 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
11fadef7 by security tracker role at 2022-12-27T08:10:12+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,11 @@
+CVE-2022-47966
+	RESERVED
+CVE-2022-4746
+	RESERVED
+CVE-2022-4745
+	RESERVED
+CVE-2021-4281 (A vulnerability was found in Brave UX for-the-badge and classified as  ...)
+	TODO: check
 CVE-2022-47908
 	RESERVED
 CVE-2022-4744
@@ -87,7 +95,7 @@ CVE-2022-4725 (A vulnerability was found in AWS SDK 2.59.0. It has been rated as
 	NOT-FOR-US: aws-sdk-android
 CVE-2021-4277 (A vulnerability, which was classified as problematic, has been found i ...)
 	NOT-FOR-US: fredsmith utils
-CVE-2021-4276 (** UNSUPPORTED WHEN ASSIGNED ** ** DISPUTED ** A vulnerability was fou ...)
+CVE-2021-4276 (** DISPUTED ** ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was fou ...)
 	NOT-FOR-US: dns-stats hedgehog
 CVE-2020-36629 (A vulnerability classified as critical was found in SimbCo httpster. T ...)
 	NOT-FOR-US: SimbCo httpster
@@ -4813,10 +4821,10 @@ CVE-2022-46766
 	RESERVED
 CVE-2022-46765
 	RESERVED
-CVE-2022-46764
-	RESERVED
-CVE-2022-46763
-	RESERVED
+CVE-2022-46764 (A SQL injection issue in the web API in TrueConf Server 5.2.0.10225 al ...)
+	TODO: check
+CVE-2022-46763 (A SQL injection issue in a database stored function in TrueConf Server ...)
+	TODO: check
 CVE-2022-46762
 	RESERVED
 CVE-2022-46761
@@ -35031,8 +35039,8 @@ CVE-2022-36666
 	RESERVED
 CVE-2022-36665
 	RESERVED
-CVE-2022-36664
-	RESERVED
+CVE-2022-36664 (Password Manager for IIS 2.0 has a cross-site scripting (XSS) vulnerab ...)
+	TODO: check
 CVE-2022-36663 (Gluu Oxauth before v4.4.1 allows attackers to execute blind SSRF (Serv ...)
 	NOT-FOR-US: Gluu Oxauth
 CVE-2022-36662
@@ -160870,8 +160878,8 @@ CVE-2020-28193
 	RESERVED
 CVE-2020-28192
 	RESERVED
-CVE-2020-28191
-	RESERVED
+CVE-2020-28191 (The console in Togglz before 2.9.4 allows CSRF. ...)
+	TODO: check
 CVE-2020-28190 (TerraMaster TOS <= 4.2.06 was found to check for updates (of both s ...)
 	NOT-FOR-US: TerraMaster TOS
 CVE-2020-28189
@@ -170477,8 +170485,8 @@ CVE-2020-24602 (Ignite Realtime Openfire 4.5.1 has a reflected Cross-site script
 	NOT-FOR-US: Ignite Realtime Openfire
 CVE-2020-24601 (In Ignite Realtime Openfire 4.5.1 a Stored Cross-site Vulnerability al ...)
 	NOT-FOR-US: Ignite Realtime Openfire
-CVE-2020-24600
-	RESERVED
+CVE-2020-24600 (Shilpi CAPExWeb 1.1 allows SQL injection via a servlet/capexweb.cap_se ...)
+	TODO: check
 CVE-2020-24599 (An issue was discovered in Joomla! before 3.9.21. Lack of escaping in  ...)
 	NOT-FOR-US: Joomla!
 CVE-2020-24598 (An issue was discovered in Joomla! before 3.9.21. Lack of input valida ...)
@@ -203441,8 +203449,8 @@ CVE-2020-11102 (hw/net/tulip.c in QEMU 4.2.0 has a buffer overflow during the co
 	- qemu-kvm <not-affected> (Vulnerable code/Tulip NIC emulator added later)
 	NOTE: https://www.openwall.com/lists/oss-security/2020/04/06/1
 	NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=8ffb7265af64ec81748335ec8f20e7ab542c3850 (v5.0.0-rc1)
-CVE-2020-11101
-	RESERVED
+CVE-2020-11101 (Sierra Wireless AirLink Mobility Manager (AMM) before 2.17 mishandles  ...)
+	TODO: check
 CVE-2020-11100 (In hpack_dht_insert in hpack-tbl.c in the HPACK decoder in HAProxy 1.8 ...)
 	{DSA-4649-1}
 	- haproxy 2.0.13-2
@@ -205271,8 +205279,8 @@ CVE-2020-10652
 	RESERVED
 CVE-2020-10651
 	RESERVED
-CVE-2020-10650
-	RESERVED
+CVE-2020-10650 (A deserialization flaw was discovered in jackson-databind through 2.9. ...)
+	TODO: check
 CVE-2019-20510
 	REJECTED
 CVE-2020-10649 (DevActSvc.exe in ASUS Device Activation before 1.0.7.0 for Windows 10  ...)
@@ -226470,8 +226478,8 @@ CVE-2019-19707 (On Moxa EDS-G508E, EDS-G512E, and EDS-G516E devices (with firmwa
 	NOT-FOR-US: Moxa
 CVE-2019-19706
 	RESERVED
-CVE-2019-19705
-	RESERVED
+CVE-2019-19705 (Realtek Audio Drivers for Windows, as used on the Lenovo ThinkPad X1 C ...)
+	TODO: check
 CVE-2019-19704 (In JetBrains Upsource before 2020.1, information disclosure is possibl ...)
 	NOT-FOR-US: JetBrains Upsource
 CVE-2019-19703 (In Ktor through 1.2.6, the client resends data from the HTTP Authoriza ...)
@@ -230350,8 +230358,8 @@ CVE-2019-19032 (XMLBlueprint through 16.191112 is affected by XML External Entit
 	NOT-FOR-US: XMLBlueprint
 CVE-2019-19031 (Easy XML Editor through v1.7.8 is affected by: XML External Entity Inj ...)
 	NOT-FOR-US: Easy XML Editor
-CVE-2019-19030
-	RESERVED
+CVE-2019-19030 (Cloud Native Computing Foundation Harbor before 1.10.3 and 2.x before  ...)
+	TODO: check
 CVE-2019-19029 (Cloud Native Computing Foundation Harbor prior to 1.8.6 and 1.9.3 allo ...)
 	NOT-FOR-US: Harbor
 CVE-2019-19028
@@ -236016,8 +236024,8 @@ CVE-2019-18179 (An issue was discovered in Open Ticket Request System (OTRS) 7.0
 	NOTE: https://community.otrs.com/security-advisory-2019-14-security-update-for-otrs-framework/
 CVE-2019-18178 (Real Time Engineers FreeRTOS+FAT 160919a has a use after free. The fun ...)
 	NOT-FOR-US: FreeRTOS+FAT
-CVE-2019-18177
-	RESERVED
+CVE-2019-18177 (In certain Citrix products, information disclosure can be achieved by  ...)
+	TODO: check
 CVE-2019-18176
 	RESERVED
 CVE-2019-18175
@@ -245985,8 +245993,8 @@ CVE-2019-14804 (studio/polyglot.php?page=etemplates in UNA 10.0.0-RC1 allows XSS
 	NOT-FOR-US: UNA
 CVE-2019-14803
 	RESERVED
-CVE-2019-14802
-	RESERVED
+CVE-2019-14802 (HashiCorp Nomad 0.5.0 through 0.9.4 (fixed in 0.9.5) reveals unintende ...)
+	TODO: check
 CVE-2017-18486 (Jitbit Helpdesk before 9.0.3 allows remote attackers to escalate privi ...)
 	NOT-FOR-US: Jitbit Helpdesk
 CVE-2019-14801 (The FV Flowplayer Video Player plugin before 7.3.15.727 for WordPress  ...)
@@ -248837,8 +248845,8 @@ CVE-2019-13989 (dpic 2019.06.20 has a Stack-based Buffer Overflow in the wfloat(
 	- dpic <not-affected> (Fixed before initial upload to Debian)
 	NOTE: https://gitlab.com/aplevich/dpic/issues/4
 	NOTE: https://gitlab.com/aplevich/dpic/commit/aa9fc45e207134cbfefa4b9e7a1b49cf11e9397d
-CVE-2019-13988
-	RESERVED
+CVE-2019-13988 (Sierra Wireless MGOS before 3.15.2 and 4.x before 4.3 allows attackers ...)
+	TODO: check
 CVE-2019-13987
 	RESERVED
 CVE-2019-13986
@@ -255646,8 +255654,8 @@ CVE-2019-11853 (Several potential command injections vulnerabilities exist in th
 	NOT-FOR-US: ALEOS
 CVE-2019-11852 (An out-of-bounds reads vulnerability exists in the ACEView Service of  ...)
 	NOT-FOR-US: ALEOS
-CVE-2019-11851
-	RESERVED
+CVE-2019-11851 (The ACENet service in Sierra Wireless ALEOS before 4.4.9, 4.5.x throug ...)
+	TODO: check
 CVE-2019-11850 (A stack overflow vulnerabiltity exist in the AT command interface of A ...)
 	NOT-FOR-US: ALEOS
 CVE-2019-11849 (A stack overflow vulnerabiltity exists in the AT command APIs of ALEOS ...)
@@ -263293,8 +263301,8 @@ CVE-2019-9581 (phpscheduleit Booked Scheduler 2.7.5 allows arbitrary file upload
 	NOT-FOR-US: phpscheduleit Booked Scheduler
 CVE-2019-9580 (In st2web in StackStorm Web UI before 2.9.3 and 2.10.x before 2.10.3,  ...)
 	NOT-FOR-US: StackStorm
-CVE-2019-9579
-	RESERVED
+CVE-2019-9579 (An issue was discovered in Illumos in Nexenta NexentaStor 4.0.5 and 5. ...)
+	TODO: check
 CVE-2019-9578 (In devs.c in Yubico libu2f-host before 1.1.8, the response to init is  ...)
 	- libu2f-host 1.1.9-1 (low; bug #923874)
 	[stretch] - libu2f-host 1.1.2-2+deb9u2
@@ -264987,8 +264995,8 @@ CVE-2019-9013 (An issue was discovered in 3S-Smart CODESYS V3 products. The appl
 	NOT-FOR-US: 3S-Smart CODESYS V3
 CVE-2019-9012 (An issue was discovered in 3S-Smart CODESYS V3 products. A crafted com ...)
 	NOT-FOR-US: 3S-Smart CODESYS V3
-CVE-2019-9011
-	RESERVED
+CVE-2019-9011 (In Pilz PMC programming tool 3.x before 3.5.17 (based on CODESYS Devel ...)
+	TODO: check
 CVE-2019-9010 (An issue was discovered in 3S-Smart CODESYS V3 products. The CODESYS G ...)
 	NOT-FOR-US: 3S-Smart CODESYS V3
 CVE-2019-9009 (An issue was discovered in 3S-Smart CODESYS before 3.5.15.0 . Crafted  ...)
@@ -298710,8 +298718,8 @@ CVE-2018-16137 (An issue was discovered in the Web Management Console in IPBRICK
 	NOT-FOR-US: IPBRICK OS
 CVE-2018-16136 (An issue was discovered in the administrator interface in IPBRICK OS 6 ...)
 	NOT-FOR-US: IPBRICK OS
-CVE-2018-16135
-	RESERVED
+CVE-2018-16135 (The Opera Mini application 47.1.2249.129326 for Android allows remote  ...)
+	TODO: check
 CVE-2018-16134 (Cybrotech CyBroHttpServer 1.0.3 allows XSS via a URI. ...)
 	NOT-FOR-US: Cybrotech
 CVE-2018-16133 (Cybrotech CyBroHttpServer 1.0.3 allows Directory Traversal via a ../ i ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/11fadef779104ea6f83be44abfff852c875d8407

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/11fadef779104ea6f83be44abfff852c875d8407
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221227/965108da/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list