[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri Dec 30 08:10:27 GMT 2022 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
221d1919 by security tracker role at 2022-12-30T08:10:17+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,17 @@
+CVE-2022-48195
+	RESERVED
+CVE-2022-48194 (TP-Link TL-WR902AC devices through V3 0.9.1 allow remote authenticated ...)
+	TODO: check
+CVE-2022-48193
+	RESERVED
+CVE-2022-48192
+	RESERVED
+CVE-2022-48191
+	RESERVED
+CVE-2021-46870
+	RESERVED
+CVE-2021-46869
+	RESERVED
 CVE-2023-22500
 	RESERVED
 CVE-2023-22499
@@ -918,7 +932,7 @@ CVE-2023-22277
 	RESERVED
 CVE-2023-0026
 	RESERVED
-CVE-2022-47968 (Heimdall Application Dashboard through 2.5.4 allows reflected XSS via  ...)
+CVE-2022-47968 (Heimdall Application Dashboard through 2.5.4 allows reflected and stor ...)
 	NOT-FOR-US: Heimdall Application Dashboard
 CVE-2022-47967
 	RESERVED
@@ -14419,8 +14433,8 @@ CVE-2022-44139 (Apartment Visitor Management System v1.0 is vulnerable to SQL In
 	NOT-FOR-US: Apartment Visitor Management System
 CVE-2022-44138
 	RESERVED
-CVE-2022-44137
-	RESERVED
+CVE-2022-44137 (SourceCodester Sanitization Management System 1.0 is vulnerable to SQL ...)
+	TODO: check
 CVE-2022-44136 (Zenario CMS 9.3.57186 is vulnerable to Remote Code Excution (RCE). ...)
 	NOT-FOR-US: Zenario CMS
 CVE-2022-44135
@@ -32078,26 +32092,26 @@ CVE-2022-38214
 	RESERVED
 CVE-2022-38213
 	RESERVED
-CVE-2022-38212
-	RESERVED
-CVE-2022-38211
-	RESERVED
-CVE-2022-38210
-	RESERVED
-CVE-2022-38209
-	RESERVED
-CVE-2022-38208
-	RESERVED
-CVE-2022-38207
-	RESERVED
-CVE-2022-38206
-	RESERVED
-CVE-2022-38205
-	RESERVED
-CVE-2022-38204
-	RESERVED
-CVE-2022-38203
-	RESERVED
+CVE-2022-38212 (Protections against potential Server-Side Request Forgery (SSRF) vulne ...)
+	TODO: check
+CVE-2022-38211 (Protections against potential Server-Side Request Forgery (SSRF) vulne ...)
+	TODO: check
+CVE-2022-38210 (There is a reflected HTML injection vulnerability in Esri Portal for A ...)
+	TODO: check
+CVE-2022-38209 (There is a reflected XSS vulnerability in Esri Portal for ArcGIS versi ...)
+	TODO: check
+CVE-2022-38208 (There is an unvalidated redirect vulnerability in Esri Portal for ArcG ...)
+	TODO: check
+CVE-2022-38207 (There is a reflected XSS vulnerability in Esri Portal for ArcGIS versi ...)
+	TODO: check
+CVE-2022-38206 (There is a reflected XSS vulnerability in Esri Portal for ArcGIS versi ...)
+	TODO: check
+CVE-2022-38205 (In some non-default installations of Esri Portal for ArcGIS versions 1 ...)
+	TODO: check
+CVE-2022-38204 (There is a reflected XSS vulnerability in Esri Portal for ArcGIS versi ...)
+	TODO: check
+CVE-2022-38203 (Protections against potential Server-Side Request Forgery (SSRF) vulne ...)
+	TODO: check
 CVE-2022-38202 (There is a path traversal vulnerability in Esri ArcGIS Server versions ...)
 	TODO: check
 CVE-2022-38201 (An unvalidated redirect vulnerability exists in Esri Portal for ArcGIS ...)
@@ -36597,8 +36611,8 @@ CVE-2022-36439 (AsusSoftwareManager.exe in ASUS System Control Interface on ASUS
 	NOT-FOR-US: ASUS
 CVE-2022-36438 (AsusSwitch.exe on ASUS personal computers (running Windows) sets weak  ...)
 	NOT-FOR-US: ASUS
-CVE-2022-36437
-	RESERVED
+CVE-2022-36437 (The Connection handler in Hazelcast and Hazelcast Jet allows a remote  ...)
+	TODO: check
 CVE-2022-36436 (OSU Open Source Lab VNCAuthProxy through 1.1.1 is affected by an vncap ...)
 	NOT-FOR-US: OSU Open Source Lab VNCAuthProxy
 CVE-2022-36435
@@ -53408,8 +53422,8 @@ CVE-2022-30521 (The LAN-side Web-Configuration Interface has Stack-based Buffer
 	NOT-FOR-US: D-Link
 CVE-2022-30520
 	RESERVED
-CVE-2022-30519
-	RESERVED
+CVE-2022-30519 (XSS in signing form in Reprise Software RLM License Administration v14 ...)
+	TODO: check
 CVE-2022-30518 (ChatBot Application with a Suggestion Feature 1.0 was discovered to co ...)
 	NOT-FOR-US: ChatBot Application with a Suggestion Feature
 CVE-2022-30517 (Mogu blog 5.2 is vulnerable to Cross Site Scripting (XSS). ...)
@@ -107109,6 +107123,7 @@ CVE-2021-37535 (SAP NetWeaver Application Server Java (JMS Connector Service) -
 CVE-2021-37534 (app/View/GalaxyClusters/add.ctp in MISP 2.4.146 allows Stored XSS when ...)
 	NOT-FOR-US: MISP
 CVE-2021-37533 (Prior to Apache Commons Net 3.9.0, Net's FTP client trusts the host fr ...)
+	{DSA-5307-1 DLA-3251-1}
 	- libcommons-net-java 3.9.0-1 (bug #1025910)
 	NOTE: https://lists.apache.org/thread/o6yn9r9x6s94v97264hmgol1sf48mvx7
 	NOTE: https://issues.apache.org/jira/browse/NET-711



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/221d191914f13507efd559affbc414491d00bd5a

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/221d191914f13507efd559affbc414491d00bd5a
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221230/e61322c7/attachment.htm>

More information about the debian-security-tracker-commits mailing list