[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Jul 21 21:10:29 BST 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
44f1987b by security tracker role at 2022-07-21T20:10:21+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,21 @@
+CVE-2022-36363
+ RESERVED
+CVE-2022-36362
+ RESERVED
+CVE-2022-36361
+ RESERVED
+CVE-2022-36360
+ RESERVED
+CVE-2022-35239
+ RESERVED
+CVE-2022-2505
+ RESERVED
+CVE-2022-2504
+ RESERVED
+CVE-2022-2503
+ RESERVED
+CVE-2022-2502
+ RESERVED
CVE-2022-36359
RESERVED
CVE-2022-36342
@@ -88,8 +106,8 @@ CVE-2022-36315
RESERVED
CVE-2022-36314
RESERVED
-CVE-2022-36313
- RESERVED
+CVE-2022-36313 (An issue was discovered in the file-type package before 16.5.4 and 17. ...)
+ TODO: check
CVE-2022-2495
RESERVED
CVE-2022-2494
@@ -1077,8 +1095,8 @@ CVE-2022-35901 (An issue was discovered in Bentley MicroStation before 10.17.0.x
NOT-FOR-US: Bantley MicroStation
CVE-2022-35900 (An issue was discovered in Bentley MicroStation before 10.17.0.x and B ...)
NOT-FOR-US: Bantley MicroStation
-CVE-2022-35899
- RESERVED
+CVE-2022-35899 (There is an unquoted service path in ASUSTeK Aura Ready Game SDK servi ...)
+ TODO: check
CVE-2022-35898
RESERVED
CVE-2022-35897
@@ -3621,8 +3639,8 @@ CVE-2022-34654
RESERVED
CVE-2022-34650
RESERVED
-CVE-2022-34487
- RESERVED
+CVE-2022-34487 (Unauthenticated Arbitrary Option Update vulnerability in biplob018's S ...)
+ TODO: check
CVE-2022-34347
RESERVED
CVE-2022-34155
@@ -3643,8 +3661,8 @@ CVE-2022-33901
RESERVED
CVE-2022-33900
RESERVED
-CVE-2022-33198
- RESERVED
+CVE-2022-33198 (Unauthenticated WordPress Options Change vulnerability in Biplob Adhik ...)
+ TODO: check
CVE-2022-33191
RESERVED
CVE-2022-33177
@@ -3868,8 +3886,8 @@ CVE-2022-34769
RESERVED
CVE-2022-34768
RESERVED
-CVE-2022-34767
- RESERVED
+CVE-2022-34767 (Web page which "wizardpwd.asp" ALLNET Router model WR0500AC is prone t ...)
+ TODO: check
CVE-2022-34766
RESERVED
CVE-2022-2254 (A user with administrative privileges in Distributed Data Systems WebH ...)
@@ -9339,8 +9357,8 @@ CVE-2022-32558 (An issue was discovered in Couchbase Server before 7.0.4. Sample
NOT-FOR-US: Couchbase Server
CVE-2022-32557 (An issue was discovered in Couchbase Server before 7.0.4. The Index Se ...)
NOT-FOR-US: Couchbase Server
-CVE-2022-32556
- RESERVED
+CVE-2022-32556 (An issue was discovered in Couchbase Server before 7.0.4. A private ke ...)
+ TODO: check
CVE-2022-32555
RESERVED
CVE-2022-32554 (Pure Storage FlashArray products running Purity//FA 6.2.0 - 6.2.3, 6.1 ...)
@@ -9375,22 +9393,22 @@ CVE-2022-32550 (An issue was discovered in AgileBits 1Password, involving the me
NOT-FOR-US: AgileBits 1Password
CVE-2022-32549 (Apache Sling Commons Log <= 5.4.0 and Apache Sling API <= 2.25.0 ...)
NOT-FOR-US: Apache Sling
-CVE-2022-32289
- RESERVED
+CVE-2022-32289 (Cross-Site Request Forgery (CSRF) vulnerability in Sygnoos Popup Build ...)
+ TODO: check
CVE-2022-32280 (Authenticated (contributor or higher user role) Stored Cross-Site Scri ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-31475
- RESERVED
-CVE-2022-30536
- RESERVED
-CVE-2022-30337
- RESERVED
+CVE-2022-31475 (Authenticated (custom plugin role) Arbitrary File Read via Export func ...)
+ TODO: check
+CVE-2022-30536 (Authenticated Stored Cross-Site Scripting (XSS) vulnerability in Flore ...)
+ TODO: check
+CVE-2022-30337 (Cross-Site Request Forgery (CSRF) vulnerability in JoomUnited WP Meta ...)
+ TODO: check
CVE-2022-29923 (Authenticated (admin or higher user role) Reflected Cross-Site Scripti ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-28700
- RESERVED
-CVE-2022-28666
- RESERVED
+CVE-2022-28700 (Authenticated Arbitrary File Creation via Export function vulnerabilit ...)
+ TODO: check
+CVE-2022-28666 (Broken Access Control vulnerability in YIKES Inc. Custom Product Tabs ...)
+ TODO: check
CVE-2022-28612 (Improper Access Control vulnerability leading to multiple Authenticate ...)
NOT-FOR-US: WordPress plugin
CVE-2022-25649
@@ -9793,8 +9811,8 @@ CVE-2022-32432
RESERVED
CVE-2022-32431
RESERVED
-CVE-2022-32430
- RESERVED
+CVE-2022-32430 (An access control issue in Lin CMS Spring Boot v0.2.1 allows attackers ...)
+ TODO: check
CVE-2022-32429
RESERVED
CVE-2022-32428
@@ -13390,14 +13408,14 @@ CVE-2022-31174
RESERVED
CVE-2022-31173
RESERVED
-CVE-2022-31172
- RESERVED
+CVE-2022-31172 (OpenZeppelin Contracts is a library for smart contract development. Ve ...)
+ TODO: check
CVE-2022-31171
REJECTED
-CVE-2022-31170
- RESERVED
-CVE-2022-31169
- RESERVED
+CVE-2022-31170 (OpenZeppelin Contracts is a library for smart contract development. Ve ...)
+ TODO: check
+CVE-2022-31169 (Wasmtime is a standalone runtime for WebAssembly. There is a bug in Wa ...)
+ TODO: check
CVE-2022-31168
RESERVED
CVE-2022-31167
@@ -13406,12 +13424,12 @@ CVE-2022-31166
RESERVED
CVE-2022-31165
RESERVED
-CVE-2022-31164
- RESERVED
-CVE-2022-31163
- RESERVED
-CVE-2022-31162
- RESERVED
+CVE-2022-31164 (Tovy is a a staff management system for Roblox groups. A vulnerability ...)
+ TODO: check
+CVE-2022-31163 (TZInfo is a Ruby library that provides access to time zone data and al ...)
+ TODO: check
+CVE-2022-31162 (Slack Morphism is an async client library for Rust. Prior to 0.41.0, i ...)
+ TODO: check
CVE-2022-31161 (Roxy-WI is a Web interface for managing HAProxy, Nginx and Keepalived ...)
NOT-FOR-US: Roxy-WI
CVE-2022-31160 (jQuery UI is a curated set of user interface interactions, effects, wi ...)
@@ -14972,8 +14990,8 @@ CVE-2022-30629
NOTE: https://go.dev/issue/52814
NOTE: https://github.com/golang/go/commit/c838098c327a1b6d63446f4722e943b02d235d78 (go1.18.3)
NOTE: https://github.com/golang/go/commit/c15a8e2dbb5ac376a6ed890735341b812d6b965c (go1.17.11)
-CVE-2022-30628
- RESERVED
+CVE-2022-30628 (It was possible to download all receipts without authentication. Must ...)
+ TODO: check
CVE-2022-30627 (This vulnerability affects all of the company's products that also inc ...)
TODO: check
CVE-2022-30626 (Browsing the path: http://ip/wifi_ap_pata_get.cmd, will show in the na ...)
@@ -20281,8 +20299,8 @@ CVE-2022-28879
RESERVED
CVE-2022-28878
RESERVED
-CVE-2022-28877
- RESERVED
+CVE-2022-28877 (This vulnerability allows local user to delete arbitrary file in the s ...)
+ TODO: check
CVE-2022-28876 (A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atl ...)
TODO: check
CVE-2022-28875 (A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atl ...)
@@ -20313,10 +20331,10 @@ CVE-2022-28863
RESERVED
CVE-2022-28862 (In Archibus Web Central before 26.2, multiple SQL Injection vulnerabil ...)
NOT-FOR-US: ARCHIBUS Web Central
-CVE-2022-28861
- RESERVED
-CVE-2022-28860
- RESERVED
+CVE-2022-28861 (The server in Citilog 8.0 allows an attacker (in a man in the middle p ...)
+ TODO: check
+CVE-2022-28860 (An authentication downgrade in the server in Citilog 8.0 allows an att ...)
+ TODO: check
CVE-2022-1285 (Server-Side Request Forgery (SSRF) in GitHub repository gogs/gogs prio ...)
NOT-FOR-US: Go Git Service
CVE-2022-28857
@@ -23230,7 +23248,7 @@ CVE-2022-27906 (Mendelson OFTP2 before 1.1 b43 is affected by directory traversa
NOT-FOR-US: Mendelson OFTP2
CVE-2022-27905 (In ControlUp Real-Time Agent before 8.6, an unquoted path can result i ...)
NOT-FOR-US: ControlUp Real-Time Agent
-CVE-2022-27904 (The Automox Agent installation package before 37 on macOS allows an un ...)
+CVE-2022-27904 (Automox Agent for macOS before version 39 was vulnerable to a time-of- ...)
NOT-FOR-US: Automox Agent installation package on macOS
CVE-2022-27903 (An OS Command Injection vulnerability in the configuration parser of E ...)
NOT-FOR-US: EVE-NG Professional
@@ -26427,8 +26445,8 @@ CVE-2022-0904 (A stack overflow bug in the document extractor in Mattermost Serv
- mattermost-server <itp> (bug #823556)
CVE-2022-0903 (A call stack overflow bug in the SAML login feature in Mattermost serv ...)
- mattermost-server <itp> (bug #823556)
-CVE-2022-0902
- RESERVED
+CVE-2022-0902 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
+ TODO: check
CVE-2022-0901 (The Ad Inserter Free and Pro WordPress plugins before 2.7.12 do not sa ...)
NOT-FOR-US: WordPress plugins
CVE-2022-0900 (A Stored Cross-Site Scripting (XSS) vulnerability in DivvyDrive's "aci ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/44f1987bf43351a1bac87e105913b74db3a9be99
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/44f1987bf43351a1bac87e105913b74db3a9be99
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220721/a5c59315/attachment.htm>
More information about the debian-security-tracker-commits
mailing list