[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Jul 21 09:10:25 BST 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
a432e4e8 by security tracker role at 2022-07-21T08:10:16+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,47 @@
+CVE-2022-36359
+ RESERVED
+CVE-2022-36342
+ RESERVED
+CVE-2022-36338
+ RESERVED
+CVE-2022-36337
+ RESERVED
+CVE-2022-36336
+ RESERVED
+CVE-2022-36297
+ RESERVED
+CVE-2022-36286
+ RESERVED
+CVE-2022-35732
+ RESERVED
+CVE-2022-35731
+ RESERVED
+CVE-2022-35727
+ RESERVED
+CVE-2022-34852
+ RESERVED
+CVE-2022-34849
+ RESERVED
+CVE-2022-29494
+ RESERVED
+CVE-2022-29493
+ RESERVED
+CVE-2022-2501
+ RESERVED
+CVE-2022-2500
+ RESERVED
+CVE-2022-2499
+ RESERVED
+CVE-2022-2498
+ RESERVED
+CVE-2022-2497
+ RESERVED
+CVE-2022-2496
+ RESERVED
+CVE-2020-36558 (A race condition in the Linux kernel before 5.5.7 involving VT_RESIZEX ...)
+ TODO: check
+CVE-2020-36557 (A race condition in the Linux kernel before 5.6.2 between the VT_DISAL ...)
+ TODO: check
CVE-2022-36335
RESERVED
CVE-2022-36334
@@ -1867,8 +1911,8 @@ CVE-2022-35571
RESERVED
CVE-2022-35570
RESERVED
-CVE-2022-35569
- RESERVED
+CVE-2022-35569 (Blogifier v3.0 was discovered to contain an arbitrary file upload vuln ...)
+ TODO: check
CVE-2022-35568
RESERVED
CVE-2022-35567
@@ -4344,16 +4388,16 @@ CVE-2022-34592 (Wavlink WL-WN575A3 RPT75A3.V4300.201217 was discovered to contai
NOT-FOR-US: Wavlink
CVE-2022-34591
RESERVED
-CVE-2022-34590
- RESERVED
+CVE-2022-34590 (Hospital Management System v1.0 was discovered to contain a SQL inject ...)
+ TODO: check
CVE-2022-34589
RESERVED
-CVE-2022-34588
- RESERVED
+CVE-2022-34588 (itsourcecode Advanced School Management System v1.0 is vulnerable to S ...)
+ TODO: check
CVE-2022-34587
RESERVED
-CVE-2022-34586
- RESERVED
+CVE-2022-34586 (itsourcecode Advanced School Management System v1.0 is vulnerable to S ...)
+ TODO: check
CVE-2022-34585
RESERVED
CVE-2022-34584
@@ -4955,8 +4999,8 @@ CVE-2022-34369
RESERVED
CVE-2022-34368
RESERVED
-CVE-2022-34367
- RESERVED
+CVE-2022-34367 (Dell EMC Data Protection Central versions 19.1, 19.2, 19.3, 19.4, 19.5 ...)
+ TODO: check
CVE-2022-34366
RESERVED
CVE-2022-34365
@@ -6269,8 +6313,8 @@ CVE-2022-33925
RESERVED
CVE-2022-33924
RESERVED
-CVE-2022-33923
- RESERVED
+CVE-2022-33923 (Dell PowerStore, versions prior to 3.0.0.0, contains an OS Command Inj ...)
+ TODO: check
CVE-2022-33922
RESERVED
CVE-2022-33921
@@ -9339,8 +9383,8 @@ CVE-2022-30536
RESERVED
CVE-2022-30337
RESERVED
-CVE-2022-29923
- RESERVED
+CVE-2022-29923 (Authenticated (admin or higher user role) Reflected Cross-Site Scripti ...)
+ TODO: check
CVE-2022-28700
RESERVED
CVE-2022-28666
@@ -9574,8 +9618,8 @@ CVE-2022-2002
RESERVED
CVE-2022-2001 (The DX Share Selection plugin for WordPress is vulnerable to Cross-Sit ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-32498
- RESERVED
+CVE-2022-32498 (Dell EMC PowerStore, Versions prior to v3.0.0.0 contain a DLL Hijackin ...)
+ TODO: check
CVE-2022-32497
RESERVED
CVE-2022-32496
@@ -13196,8 +13240,8 @@ CVE-2022-31236
RESERVED
CVE-2022-31235
RESERVED
-CVE-2022-31234
- RESERVED
+CVE-2022-31234 (Dell EMC PowerStore, contain(s) an Improper Restriction of Excessive A ...)
+ TODO: check
CVE-2022-31233
RESERVED
CVE-2022-31232
@@ -13347,7 +13391,7 @@ CVE-2022-31173
CVE-2022-31172
RESERVED
CVE-2022-31171
- RESERVED
+ REJECTED
CVE-2022-31170
RESERVED
CVE-2022-31169
@@ -13368,8 +13412,8 @@ CVE-2022-31162
RESERVED
CVE-2022-31161 (Roxy-WI is a Web interface for managing HAProxy, Nginx and Keepalived ...)
NOT-FOR-US: Roxy-WI
-CVE-2022-31160
- RESERVED
+CVE-2022-31160 (jQuery UI is a curated set of user interface interactions, effects, wi ...)
+ TODO: check
CVE-2022-31159 (The AWS SDK for Java enables Java developers to work with Amazon Web S ...)
NOT-FOR-US: AWS SDK for Java
CVE-2022-31158 (LTI 1.3 Tool Library is a library used for building IMS-certified LTI ...)
@@ -13386,8 +13430,8 @@ CVE-2022-31153 (OpenZeppelin Contracts for Cairo is a library for contract devel
TODO: check
CVE-2022-31152
RESERVED
-CVE-2022-31151
- RESERVED
+CVE-2022-31151 (Authorization headers are cleared on cross-origin redirect. However, c ...)
+ TODO: check
CVE-2022-31150 (undici is an HTTP/1.1 client, written from scratch for Node.js. It is ...)
TODO: check
CVE-2022-31149
@@ -13396,8 +13440,8 @@ CVE-2022-31148
RESERVED
CVE-2022-31147 (The jQuery Validation Plugin (jquery-validation) provides drop-in vali ...)
TODO: check
-CVE-2022-31146
- RESERVED
+CVE-2022-31146 (There is a bug in the Wasmtime's code generator, Cranelift, where func ...)
+ TODO: check
CVE-2022-31145 (FlyteAdmin is the control plane for Flyte responsible for managing ent ...)
TODO: check
CVE-2022-31144 (Redis is an in-memory database that persists on disk. A specially craf ...)
@@ -18607,8 +18651,8 @@ CVE-2022-29456
RESERVED
CVE-2022-29455 (DOM-based Reflected Cross-Site Scripting (XSS) vulnerability in Elemen ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-29454
- RESERVED
+CVE-2022-29454 (Cross-Site Request Forgery (CSRF) vulnerability in WordPlus Better Mes ...)
+ TODO: check
CVE-2022-29453 (Cross-Site Request Forgery (CSRF) vulnerability in API KEY for Google ...)
NOT-FOR-US: WordPress plugin
CVE-2022-29452 (Authenticated (editor or higher user role) Stored Cross-Site Scripting ...)
@@ -28289,12 +28333,12 @@ CVE-2022-26140
RESERVED
CVE-2022-26139
RESERVED
-CVE-2022-26138
- RESERVED
-CVE-2022-26137
- RESERVED
-CVE-2022-26136
- RESERVED
+CVE-2022-26138 (The Atlassian Questions For Confluence app for Confluence Server and D ...)
+ TODO: check
+CVE-2022-26137 (A vulnerability in multiple Atlassian products allows a remote, unauth ...)
+ TODO: check
+CVE-2022-26136 (A vulnerability in multiple Atlassian products allows a remote, unauth ...)
+ TODO: check
CVE-2022-26135 (A vulnerability in Mobile Plugin for Jira Data Center and Server allow ...)
NOT-FOR-US: Atlassian
CVE-2022-26134 (In affected versions of Confluence Server and Data Center, an OGNL inj ...)
@@ -40317,8 +40361,8 @@ CVE-2022-22557 (PowerStore contains Plain-Text Password Storage Vulnerability in
NOT-FOR-US: Dell
CVE-2022-22556 (Dell PowerStore contains an Uncontrolled Resource Consumption Vulnerab ...)
NOT-FOR-US: Dell
-CVE-2022-22555
- RESERVED
+CVE-2022-22555 (Dell EMC PowerStore, contains an OS command injection Vulnerability. A ...)
+ TODO: check
CVE-2022-22554 (Dell EMC System Update, version 1.9.2 and prior, contain an Unprotecte ...)
NOT-FOR-US: EMC
CVE-2022-22553 (Dell EMC AppSync versions 3.9 to 4.3 contain an Improper Restriction o ...)
@@ -40761,8 +40805,8 @@ CVE-2022-22426 (IBM Spectrum Copy Data Management Admin 2.2.0.0 through 2.2.15.0
NOT-FOR-US: IBM
CVE-2022-22425
RESERVED
-CVE-2022-22424
- RESERVED
+CVE-2022-22424 (IBM QRadar SIEM 7.3, 7.4, and 7.5 could allow a local user to obtain s ...)
+ TODO: check
CVE-2022-22423
RESERVED
CVE-2022-22422
@@ -52231,94 +52275,94 @@ CVE-2022-20918
RESERVED
CVE-2022-20917
RESERVED
-CVE-2022-20916
- RESERVED
+CVE-2022-20916 (A vulnerability in the web-based management interface of Cisco IoT Con ...)
+ TODO: check
CVE-2022-20915
RESERVED
CVE-2022-20914
RESERVED
-CVE-2022-20913
- RESERVED
-CVE-2022-20912
- RESERVED
-CVE-2022-20911
- RESERVED
-CVE-2022-20910
- RESERVED
-CVE-2022-20909
- RESERVED
-CVE-2022-20908
- RESERVED
-CVE-2022-20907
- RESERVED
-CVE-2022-20906
- RESERVED
+CVE-2022-20913 (A vulnerability in Cisco Nexus Dashboard could allow an authenticated, ...)
+ TODO: check
+CVE-2022-20912 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ TODO: check
+CVE-2022-20911 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ TODO: check
+CVE-2022-20910 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ TODO: check
+CVE-2022-20909 (Multiple vulnerabilities in Cisco Nexus Dashboard could allow an authe ...)
+ TODO: check
+CVE-2022-20908 (Multiple vulnerabilities in Cisco Nexus Dashboard could allow an authe ...)
+ TODO: check
+CVE-2022-20907 (Multiple vulnerabilities in Cisco Nexus Dashboard could allow an authe ...)
+ TODO: check
+CVE-2022-20906 (Multiple vulnerabilities in Cisco Nexus Dashboard could allow an authe ...)
+ TODO: check
CVE-2022-20905
RESERVED
-CVE-2022-20904
- RESERVED
-CVE-2022-20903
- RESERVED
-CVE-2022-20902
- RESERVED
-CVE-2022-20901
- RESERVED
-CVE-2022-20900
- RESERVED
-CVE-2022-20899
- RESERVED
-CVE-2022-20898
- RESERVED
-CVE-2022-20897
- RESERVED
-CVE-2022-20896
- RESERVED
-CVE-2022-20895
- RESERVED
-CVE-2022-20894
- RESERVED
-CVE-2022-20893
- RESERVED
-CVE-2022-20892
- RESERVED
-CVE-2022-20891
- RESERVED
-CVE-2022-20890
- RESERVED
-CVE-2022-20889
- RESERVED
-CVE-2022-20888
- RESERVED
-CVE-2022-20887
- RESERVED
-CVE-2022-20886
- RESERVED
-CVE-2022-20885
- RESERVED
-CVE-2022-20884
- RESERVED
-CVE-2022-20883
- RESERVED
-CVE-2022-20882
- RESERVED
-CVE-2022-20881
- RESERVED
-CVE-2022-20880
- RESERVED
-CVE-2022-20879
- RESERVED
-CVE-2022-20878
- RESERVED
-CVE-2022-20877
- RESERVED
-CVE-2022-20876
- RESERVED
-CVE-2022-20875
- RESERVED
-CVE-2022-20874
- RESERVED
-CVE-2022-20873
- RESERVED
+CVE-2022-20904 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ TODO: check
+CVE-2022-20903 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ TODO: check
+CVE-2022-20902 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ TODO: check
+CVE-2022-20901 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ TODO: check
+CVE-2022-20900 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ TODO: check
+CVE-2022-20899 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ TODO: check
+CVE-2022-20898 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ TODO: check
+CVE-2022-20897 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ TODO: check
+CVE-2022-20896 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ TODO: check
+CVE-2022-20895 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ TODO: check
+CVE-2022-20894 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ TODO: check
+CVE-2022-20893 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ TODO: check
+CVE-2022-20892 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ TODO: check
+CVE-2022-20891 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ TODO: check
+CVE-2022-20890 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ TODO: check
+CVE-2022-20889 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ TODO: check
+CVE-2022-20888 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ TODO: check
+CVE-2022-20887 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ TODO: check
+CVE-2022-20886 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ TODO: check
+CVE-2022-20885 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ TODO: check
+CVE-2022-20884 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ TODO: check
+CVE-2022-20883 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ TODO: check
+CVE-2022-20882 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ TODO: check
+CVE-2022-20881 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ TODO: check
+CVE-2022-20880 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ TODO: check
+CVE-2022-20879 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ TODO: check
+CVE-2022-20878 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ TODO: check
+CVE-2022-20877 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ TODO: check
+CVE-2022-20876 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ TODO: check
+CVE-2022-20875 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ TODO: check
+CVE-2022-20874 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ TODO: check
+CVE-2022-20873 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ TODO: check
CVE-2022-20872
RESERVED
CVE-2022-20871
@@ -52341,16 +52385,16 @@ CVE-2022-20863
RESERVED
CVE-2022-20862 (A vulnerability in the web-based management interface of Cisco Unified ...)
NOT-FOR-US: Cisco
-CVE-2022-20861
- RESERVED
-CVE-2022-20860
- RESERVED
+CVE-2022-20861 (Multiple vulnerabilities in Cisco Nexus Dashboard could allow an unaut ...)
+ TODO: check
+CVE-2022-20860 (A vulnerability in the SSL/TLS implementation of Cisco Nexus Dashboard ...)
+ TODO: check
CVE-2022-20859 (A vulnerability in the Disaster Recovery framework of Cisco Unified Co ...)
NOT-FOR-US: Cisco
-CVE-2022-20858
- RESERVED
-CVE-2022-20857
- RESERVED
+CVE-2022-20858 (Multiple vulnerabilities in Cisco Nexus Dashboard could allow an unaut ...)
+ TODO: check
+CVE-2022-20857 (Multiple vulnerabilities in Cisco Nexus Dashboard could allow an unaut ...)
+ TODO: check
CVE-2022-20856
RESERVED
CVE-2022-20855
@@ -65018,8 +65062,8 @@ CVE-2021-38938
RESERVED
CVE-2021-38937 (IBM PowerVM Hypervisor FW940, FW950, and FW1010 could allow an authent ...)
NOT-FOR-US: IBM
-CVE-2021-38936
- RESERVED
+CVE-2021-38936 (IBM QRadar SIEM 7.3, 7.4, and 7.5 could disclose highly sensitive info ...)
+ TODO: check
CVE-2021-38935 (IBM Maximo Asset Management 7.6.1.2 does not require that users should ...)
NOT-FOR-US: IBM
CVE-2021-38934
@@ -70315,8 +70359,8 @@ CVE-2021-36851 (Authenticated (editor or higher user role) Cross-Site Scripting
NOT-FOR-US: WordPress plugin
CVE-2021-36850 (Cross-Site Request Forgery (CSRF) vulnerability in WordPress Media Fil ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-36849
- RESERVED
+CVE-2021-36849 (Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability ...)
+ TODO: check
CVE-2021-36848 (Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability ...)
NOT-FOR-US: WordPress plugin
CVE-2021-36847
@@ -88484,8 +88528,8 @@ CVE-2021-29757 (IBM QRadar User Behavior Analytics 4.1.1 is vulnerable to cross-
NOT-FOR-US: IBM
CVE-2021-29756 (IBM Cognos Analytics 11.1.7 and 11.2.0 is vulnerable to cross-site req ...)
NOT-FOR-US: IBM
-CVE-2021-29755
- RESERVED
+CVE-2021-29755 (IBM QRadar SIEM 7.3, 7.4, and 7.5 does not preform proper certificate ...)
+ TODO: check
CVE-2021-29754 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable ...)
NOT-FOR-US: IBM
CVE-2021-29753 (IBM Business Automation Workflow 18. 19, 20, 21, and IBM Business Proc ...)
@@ -140084,10 +140128,10 @@ CVE-2020-21408
RESERVED
CVE-2020-21407
RESERVED
-CVE-2020-21406
- RESERVED
-CVE-2020-21405
- RESERVED
+CVE-2020-21406 (An issue was discovered in RK Smart TV Box MAX and V88 SmartTV box tha ...)
+ TODO: check
+CVE-2020-21405 (An issue was discovered in H96 Smart TV Box H96 Pro Plus allows attack ...)
+ TODO: check
CVE-2020-21404
RESERVED
CVE-2020-21403
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a432e4e80a12652970ecede987f8fd5b36503239
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a432e4e80a12652970ecede987f8fd5b36503239
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220721/3c58dfb6/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list