[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Jul 20 21:10:32 BST 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
80f7bcb9 by security tracker role at 2022-07-20T20:10:23+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,71 @@
+CVE-2022-36335
+ RESERVED
+CVE-2022-36334
+ RESERVED
+CVE-2022-36333
+ RESERVED
+CVE-2022-36332
+ RESERVED
+CVE-2022-36331
+ RESERVED
+CVE-2022-36330
+ RESERVED
+CVE-2022-36329
+ RESERVED
+CVE-2022-36328
+ RESERVED
+CVE-2022-36327
+ RESERVED
+CVE-2022-36326
+ RESERVED
+CVE-2022-36325
+ RESERVED
+CVE-2022-36324
+ RESERVED
+CVE-2022-36323
+ RESERVED
+CVE-2022-36322 (In JetBrains TeamCity before 2022.04.2 build parameter injection was p ...)
+ TODO: check
+CVE-2022-36321 (In JetBrains TeamCity before 2022.04.2 the private SSH key could be wr ...)
+ TODO: check
+CVE-2022-36320
+ RESERVED
+CVE-2022-36319
+ RESERVED
+CVE-2022-36318
+ RESERVED
+CVE-2022-36317
+ RESERVED
+CVE-2022-36316
+ RESERVED
+CVE-2022-36315
+ RESERVED
+CVE-2022-36314
+ RESERVED
+CVE-2022-36313
+ RESERVED
+CVE-2022-2495
+ RESERVED
+CVE-2022-2494
+ RESERVED
+CVE-2022-2493
+ RESERVED
+CVE-2022-2492 (A vulnerability was found in SourceCodester Library Management System ...)
+ TODO: check
+CVE-2022-2491 (A vulnerability has been found in SourceCodester Library Management Sy ...)
+ TODO: check
+CVE-2022-2490 (A vulnerability classified as critical has been found in SourceCodeste ...)
+ TODO: check
+CVE-2022-2489 (A vulnerability was found in SourceCodester Simple E-Learning System 1 ...)
+ TODO: check
+CVE-2022-2488 (A vulnerability was found in WAVLINK WN535K2 and WN535K3 and classifie ...)
+ TODO: check
+CVE-2022-2487 (A vulnerability has been found in WAVLINK WN535K2 and WN535K3 and clas ...)
+ TODO: check
+CVE-2022-2486 (A vulnerability, which was classified as critical, was found in WAVLIN ...)
+ TODO: check
+CVE-2021-46828 (In libtirpc before 1.3.3rc1, remote attackers could exhaust the file d ...)
+ TODO: check
CVE-2022-36312
RESERVED
CVE-2022-36311
@@ -2537,8 +2605,8 @@ CVE-2022-35247
RESERVED
CVE-2022-35246
RESERVED
-CVE-2022-34866
- RESERVED
+CVE-2022-34866 (Passage Drive versions v1.4.0 to v1.5.1.0 and Passage Drive for Box ve ...)
+ TODO: check
CVE-2022-32765
RESERVED
CVE-2022-2331
@@ -3762,8 +3830,8 @@ CVE-2021-46826
RESERVED
CVE-2021-46825 (Symantec Advanced Secure Gateway (ASG) and ProxySG are susceptible to ...)
NOT-FOR-US: Symantec
-CVE-2022-33967
- RESERVED
+CVE-2022-33967 (squashfs filesystem implementation of U-Boot versions from v2020.10-rc ...)
+ TODO: check
CVE-2022-2249
RESERVED
CVE-2022-2248
@@ -4226,30 +4294,30 @@ CVE-2022-34612
RESERVED
CVE-2022-34611
RESERVED
-CVE-2022-34610
- RESERVED
-CVE-2022-34609
- RESERVED
-CVE-2022-34608
- RESERVED
-CVE-2022-34607
- RESERVED
-CVE-2022-34606
- RESERVED
-CVE-2022-34605
- RESERVED
-CVE-2022-34604
- RESERVED
-CVE-2022-34603
- RESERVED
-CVE-2022-34602
- RESERVED
-CVE-2022-34601
- RESERVED
-CVE-2022-34600
- RESERVED
-CVE-2022-34599
- RESERVED
+CVE-2022-34610 (H3C Magic R200 R200V200R004L02 was discovered to contain a stack overf ...)
+ TODO: check
+CVE-2022-34609 (H3C Magic R200 R200V200R004L02 was discovered to contain a stack overf ...)
+ TODO: check
+CVE-2022-34608 (H3C Magic R200 R200V200R004L02 was discovered to contain a stack overf ...)
+ TODO: check
+CVE-2022-34607 (H3C Magic R200 R200V200R004L02 was discovered to contain a stack overf ...)
+ TODO: check
+CVE-2022-34606 (H3C Magic R200 R200V200R004L02 was discovered to contain a stack overf ...)
+ TODO: check
+CVE-2022-34605 (H3C Magic R200 R200V200R004L02 was discovered to contain a stack overf ...)
+ TODO: check
+CVE-2022-34604 (H3C Magic R200 R200V200R004L02 was discovered to contain a stack overf ...)
+ TODO: check
+CVE-2022-34603 (H3C Magic R200 R200V200R004L02 was discovered to contain a stack overf ...)
+ TODO: check
+CVE-2022-34602 (H3C Magic R200 R200V200R004L02 was discovered to contain a stack overf ...)
+ TODO: check
+CVE-2022-34601 (H3C Magic R200 R200V200R004L02 was discovered to contain a stack overf ...)
+ TODO: check
+CVE-2022-34600 (H3C Magic R200 R200V200R004L02 was discovered to contain a stack overf ...)
+ TODO: check
+CVE-2022-34599 (H3C Magic R200 R200V200R004L02 was discovered to contain a stack overf ...)
+ TODO: check
CVE-2022-34598 (The udpserver in H3C Magic R100 V200R004 and V100R005 has the 9034 por ...)
NOT-FOR-US: udpserver in H3C Magic R100 V200R004 and V100R005
CVE-2022-34597 (Tenda AX1806 v1.0.0.1 was discovered to contain a command injection vu ...)
@@ -4538,10 +4606,10 @@ CVE-2017-20099 (A vulnerability was found in Analytics Stats Counter Statistics
NOT-FOR-US: WordPress plugin
CVE-2017-20098 (A vulnerability was found in Admin Custom Login Plugin 2.4.5.2. It has ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-34150
- RESERVED
-CVE-2022-33944
- RESERVED
+CVE-2022-34150 (The main MiCODUS MV720 GPS tracker web server has an authenticated ins ...)
+ TODO: check
+CVE-2022-33944 (The main MiCODUS MV720 GPS tracker web server has an authenticated ins ...)
+ TODO: check
CVE-2022-2203
RESERVED
CVE-2022-2202
@@ -4557,8 +4625,8 @@ CVE-2022-2200
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-24/#CVE-2022-2200
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-25/#CVE-2022-2200
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-26/#CVE-2022-2200
-CVE-2022-2199
- RESERVED
+CVE-2022-2199 (The main MiCODUS MV720 GPS tracker web server has a reflected cross-si ...)
+ TODO: check
CVE-2022-34485
RESERVED
- firefox 102.0-1
@@ -5126,8 +5194,8 @@ CVE-2022-34271
RESERVED
CVE-2022-2180
RESERVED
-CVE-2022-2179
- RESERVED
+CVE-2022-2179 (The X-Frame-Options header in Rockwell Automation MicroLogix 1100/1400 ...)
+ TODO: check
CVE-2022-2178
RESERVED
CVE-2022-2177
@@ -5488,8 +5556,8 @@ CVE-2022-2143
RESERVED
CVE-2022-2142
RESERVED
-CVE-2022-2141
- RESERVED
+CVE-2022-2141 (SMS-based GPS commands can be executed by MiCODUS MV720 GPS tracker wi ...)
+ TODO: check
CVE-2022-2140 (Elcomplus SmartICS v2.3.4.0 does not neutralize user-controllable inpu ...)
NOT-FOR-US: Elcomplus SmartICS
CVE-2022-2139
@@ -5711,22 +5779,22 @@ CVE-2022-34051
RESERVED
CVE-2022-34050
RESERVED
-CVE-2022-34049
- RESERVED
-CVE-2022-34048
- RESERVED
-CVE-2022-34047
- RESERVED
-CVE-2022-34046
- RESERVED
-CVE-2022-34045
- RESERVED
+CVE-2022-34049 (An access control issue in Wavlink WN530HG4 M30HG4.V5030.191116 allows ...)
+ TODO: check
+CVE-2022-34048 (Wavlink WN533A8 M33A8.V5030.190716 was discovered to contain a reflect ...)
+ TODO: check
+CVE-2022-34047 (An access control issue in Wavlink WN530HG4 M30HG4.V5030.191116 allows ...)
+ TODO: check
+CVE-2022-34046 (An access control issue in Wavlink WN533A8 M33A8.V5030.190716 allows a ...)
+ TODO: check
+CVE-2022-34045 (Wavlink WN530HG4 M30HG4.V5030.191116 was discovered to contain a hardc ...)
+ TODO: check
CVE-2022-34044
RESERVED
CVE-2022-34043 (Incorrect permissions for the folder C:\ProgramData\NoMachine\var\unin ...)
NOT-FOR-US: NoMachine Windows builds
-CVE-2022-34042
- RESERVED
+CVE-2022-34042 (Barangay Management System v1.0 was discovered to contain a SQL inject ...)
+ TODO: check
CVE-2022-34041
RESERVED
CVE-2022-34040
@@ -6306,8 +6374,8 @@ CVE-2022-25986
RESERVED
CVE-2022-2108 (The plugin Wbcom Designs – BuddyPress Group Reviews for WordPres ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-2107
- RESERVED
+CVE-2022-2107 (The MiCODUS MV720 GPS tracker API server has an authentication mechani ...)
+ TODO: check
CVE-2022-2106 (Elcomplus SmartICS v2.3.4.0 does not validate the filenames sufficient ...)
NOT-FOR-US: Elcomplus SmartICS
CVE-2022-2105 (Client-side JavaScript controls may be bypassed to change user credent ...)
@@ -7519,18 +7587,18 @@ CVE-2022-33322
RESERVED
CVE-2022-33321
RESERVED
-CVE-2022-33320
- RESERVED
-CVE-2022-33319
- RESERVED
-CVE-2022-33318
- RESERVED
-CVE-2022-33317
- RESERVED
-CVE-2022-33316
- RESERVED
-CVE-2022-33315
- RESERVED
+CVE-2022-33320 (Deserialization of Untrusted Data vulnerability in ICONICS GENESIS64 v ...)
+ TODO: check
+CVE-2022-33319 (Out-of-bounds Read vulnerability in ICONICS GENESIS64 versions 10.97.1 ...)
+ TODO: check
+CVE-2022-33318 (Deserialization of Untrusted Data vulnerability in ICONICS GENESIS64 v ...)
+ TODO: check
+CVE-2022-33317 (Inclusion of Functionality from Untrusted Control Sphere vulnerability ...)
+ TODO: check
+CVE-2022-33316 (Deserialization of Untrusted Data vulnerability in ICONICS GENESIS64 v ...)
+ TODO: check
+CVE-2022-33315 (Deserialization of Untrusted Data vulnerability in ICONICS GENESIS64 v ...)
+ TODO: check
CVE-2022-33314 (Multiple command injection vulnerabilities exist in the web_server act ...)
NOT-FOR-US: Robustel R1510
CVE-2022-33313 (Multiple command injection vulnerabilities exist in the web_server act ...)
@@ -13067,8 +13135,8 @@ CVE-2022-31252
RESERVED
CVE-2022-31251
RESERVED
-CVE-2022-31250
- RESERVED
+CVE-2022-31250 (A UNIX Symbolic Link (Symlink) Following vulnerability in keylime of o ...)
+ TODO: check
CVE-2022-31249
RESERVED
CVE-2022-31248 (A Observable Response Discrepancy vulnerability in spacewalk-java of S ...)
@@ -13860,8 +13928,8 @@ CVE-2022-1768 (The RSVPMaker plugin for WordPress is vulnerable to unauthenticat
NOT-FOR-US: RSVPMaker plugin for WordPress
CVE-2022-1767 (Server-Side Request Forgery (SSRF) in GitHub repository jgraph/drawio ...)
NOT-FOR-US: jgraph/drawio
-CVE-2022-1766
- RESERVED
+CVE-2022-1766 (Anchore Enterprise anchorectl version 0.1.4 improperly stored credenti ...)
+ TODO: check
CVE-2022-1765 (The Hot Linked Image Cacher WordPress plugin through 1.16 is vulnerabl ...)
NOT-FOR-US: WordPress plugin
CVE-2022-1764 (The WP-chgFontSize WordPress plugin through 1.8 does not have CSRF che ...)
@@ -17263,8 +17331,8 @@ CVE-2022-29836
RESERVED
CVE-2022-29835
RESERVED
-CVE-2022-29834
- RESERVED
+CVE-2022-29834 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
+ TODO: check
CVE-2022-29833
RESERVED
CVE-2022-29832
@@ -20683,8 +20751,8 @@ CVE-2022-1266 (The Post Grid, Slider & Carousel Ultimate WordPress plugin be
NOT-FOR-US: WordPress plugin
CVE-2022-1265 (The BulletProof Security WordPress plugin before 6.1 does not sanitize ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-1264
- RESERVED
+CVE-2022-1264 (The affected product may allow an attacker with access to the Ignition ...)
+ TODO: check
CVE-2022-1262 (A command injection vulnerability in the protest binary allows an atta ...)
NOT-FOR-US: D-Link Routers
CVE-2022-1261 (Matrikon, a subsidary of Honeywell Matrikon OPC Server (all versions) ...)
@@ -32570,14 +32638,14 @@ CVE-2022-24662
RESERVED
CVE-2022-24661 (A vulnerability has been identified in Simcenter STAR-CCM+ Viewer (All ...)
NOT-FOR-US: Siemens
-CVE-2022-24660
- RESERVED
-CVE-2022-24659
- RESERVED
+CVE-2022-24660 (The debug interface of Goldshell ASIC Miners v2.2.1 and below was disc ...)
+ TODO: check
+CVE-2022-24659 (Goldshell ASIC Miners v2.2.1 and below was discovered to contain a pat ...)
+ TODO: check
CVE-2022-24658
RESERVED
-CVE-2022-24657
- RESERVED
+CVE-2022-24657 (Goldshell ASIC Miners v2.1.x was discovered to contain hardcoded crede ...)
+ TODO: check
CVE-2022-24656 (HexoEditor 1.1.8 is affected by Cross Site Scripting (XSS). By putting ...)
NOT-FOR-US: HexoEditor
CVE-2022-24655 (A stack overflow vulnerability exists in the upnpd service in Netgear ...)
@@ -43151,8 +43219,7 @@ CVE-2022-22223
RESERVED
CVE-2022-22222
RESERVED
-CVE-2022-22221
- RESERVED
+CVE-2022-22221 (An Improper Neutralization of Special Elements vulnerability in the do ...)
NOT-FOR-US: Juniper
CVE-2022-22220
RESERVED
@@ -43160,51 +43227,37 @@ CVE-2022-22219
RESERVED
CVE-2022-22218
RESERVED
-CVE-2022-22217
- RESERVED
+CVE-2022-22217 (An Improper Check for Unusual or Exceptional Conditions vulnerability ...)
NOT-FOR-US: Juniper
-CVE-2022-22216
- RESERVED
+CVE-2022-22216 (An Exposure of Sensitive Information to an Unauthorized Actor vulnerab ...)
NOT-FOR-US: Juniper
-CVE-2022-22215
- RESERVED
+CVE-2022-22215 (A Missing Release of File Descriptor or Handle after Effective Lifetim ...)
NOT-FOR-US: Juniper
-CVE-2022-22214
- RESERVED
+CVE-2022-22214 (An Improper Input Validation vulnerability in the Packet Forwarding En ...)
NOT-FOR-US: Juniper
-CVE-2022-22213
- RESERVED
+CVE-2022-22213 (A vulnerability in Handling of Undefined Values in the routing protoco ...)
NOT-FOR-US: Juniper
-CVE-2022-22212
- RESERVED
+CVE-2022-22212 (An Allocation of Resources Without Limits or Throttling vulnerability ...)
NOT-FOR-US: Juniper
CVE-2022-22211
RESERVED
-CVE-2022-22210
- RESERVED
+CVE-2022-22210 (A NULL Pointer Dereference vulnerability in the Packet Forwarding Engi ...)
NOT-FOR-US: Juniper
-CVE-2022-22209
- RESERVED
+CVE-2022-22209 (A Missing Release of Memory after Effective Lifetime vulnerability in ...)
NOT-FOR-US: Juniper
CVE-2022-22208
RESERVED
-CVE-2022-22207
- RESERVED
+CVE-2022-22207 (A Use After Free vulnerability in the Advanced Forwarding Toolkit (AFT ...)
NOT-FOR-US: Juniper
-CVE-2022-22206
- RESERVED
+CVE-2022-22206 (A Buffer Overflow vulnerability in the PFE of Juniper Networks Junos O ...)
NOT-FOR-US: Juniper
-CVE-2022-22205
- RESERVED
+CVE-2022-22205 (A Missing Release of Memory after Effective Lifetime vulnerability in ...)
NOT-FOR-US: Juniper
-CVE-2022-22204
- RESERVED
+CVE-2022-22204 (An Improper Release of Memory Before Removing Last Reference vulnerabi ...)
NOT-FOR-US: Juniper
-CVE-2022-22203
- RESERVED
+CVE-2022-22203 (An Incorrect Comparison vulnerability in PFE of Juniper Networks Junos ...)
NOT-FOR-US: Juniper
-CVE-2022-22202
- RESERVED
+CVE-2022-22202 (An Improper Handling of Exceptional Conditions vulnerability on specif ...)
NOT-FOR-US: Juniper
CVE-2022-22201
RESERVED
@@ -82716,8 +82769,8 @@ CVE-2021-31860
RESERVED
CVE-2021-31859 (Incorrect privileges in the MU55 FlexiSpooler service in YSoft SafeQ 6 ...)
NOT-FOR-US: Ysoft SafeQ
-CVE-2021-31858
- RESERVED
+CVE-2021-31858 (DotNetNuke (DNN) 9.9.1 CMS is vulnerable to a Stored Cross-Site Script ...)
+ TODO: check
CVE-2021-31857 (In Zoho ManageEngine Password Manager Pro before 11.1 build 11104, att ...)
NOT-FOR-US: Zoho ManageEngine Password Manager Pro
CVE-2021-31856 (A SQL Injection vulnerability in the REST API in Layer5 Meshery 0.5.2 ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/80f7bcb955f3238a1a10bd7a8ed24d0a7cfebc04
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/80f7bcb955f3238a1a10bd7a8ed24d0a7cfebc04
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220720/304232c0/attachment.htm>
More information about the debian-security-tracker-commits
mailing list