[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Jul 29 09:10:24 BST 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
601bd2b5 by security tracker role at 2022-07-29T08:10:13+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,23 @@
+CVE-2022-37020
+ RESERVED
+CVE-2022-37019
+ RESERVED
+CVE-2022-37018
+ RESERVED
+CVE-2022-37017
+ RESERVED
+CVE-2022-37016
+ RESERVED
+CVE-2022-37015
+ RESERVED
+CVE-2022-37014
+ RESERVED
+CVE-2022-2572
+ RESERVED
+CVE-2022-2571
+ RESERVED
+CVE-2022-2570
+ RESERVED
CVE-2022-37013
RESERVED
CVE-2022-37012
@@ -598,8 +618,8 @@ CVE-2022-36754
RESERVED
CVE-2022-36753
RESERVED
-CVE-2022-36752
- RESERVED
+CVE-2022-36752 (png2webp v1.0.4 was discovered to contain an out-of-bounds write via t ...)
+ TODO: check
CVE-2022-36751
RESERVED
CVE-2022-36750
@@ -1888,8 +1908,8 @@ CVE-2022-36236
RESERVED
CVE-2022-36235
RESERVED
-CVE-2022-36234
- RESERVED
+CVE-2022-36234 (SimpleNetwork TCP Server commit 29bc615f0d9910eb2f59aa8dff1f54f0e3af44 ...)
+ TODO: check
CVE-2022-36233
RESERVED
CVE-2022-36232
@@ -3017,8 +3037,8 @@ CVE-2022-2400 (External Control of File Name or Path in GitHub repository dompdf
- php-dompdf <unfixed> (bug #1015874)
NOTE: https://huntr.dev/bounties/a6da5e5e-86be-499a-a3c3-2950f749202a
NOTE: https://github.com/dompdf/dompdf/commit/99aeec1efec9213e87098d42eb09439e7ee0bb6a
-CVE-2022-2399
- RESERVED
+CVE-2022-2399 (Use after free in WebGPU in Google Chrome prior to 100.0.4896.88 allow ...)
+ TODO: check
CVE-2022-35741 (Apache CloudStack version 4.5.0 and later has a SAML 2.0 authenticatio ...)
NOT-FOR-US: Apache CloudStack
CVE-2022-2398
@@ -5915,8 +5935,8 @@ CVE-2022-34595 (Tenda AX1803 v1.0.0.1_2890 was discovered to contain a command i
NOT-FOR-US: Tenda
CVE-2022-34594 (Advanced School Management System v1.0 was discovered to contain a cro ...)
NOT-FOR-US: Advanced School Management System
-CVE-2022-34593
- RESERVED
+CVE-2022-34593 (DPTech VPN v8.1.28.0 was discovered to contain an arbitrary file read ...)
+ TODO: check
CVE-2022-34592 (Wavlink WL-WN575A3 RPT75A3.V4300.201217 was discovered to contain a co ...)
NOT-FOR-US: Wavlink
CVE-2022-34591
@@ -5941,12 +5961,12 @@ CVE-2022-34582
RESERVED
CVE-2022-34581
RESERVED
-CVE-2022-34580
- RESERVED
+CVE-2022-34580 (Advanced School Management System v1.0 was discovered to contain a cro ...)
+ TODO: check
CVE-2022-34579
RESERVED
-CVE-2022-34578
- RESERVED
+CVE-2022-34578 (Open Source Point of Sale v3.3.7 was discovered to contain an arbitrar ...)
+ TODO: check
CVE-2022-34577 (A vulnerability in adm.cgi of WAVLINK WN535 G3 M35G3R.V5030.180927 all ...)
NOT-FOR-US: Wavlink
CVE-2022-34576 (A vulnerability in /cgi-bin/ExportAllSettings.sh of WAVLINK WN535 G3 M ...)
@@ -5965,8 +5985,8 @@ CVE-2022-34570 (WAVLINK WN579 X3 M79X3.V5030.191012/M79X3.V5030.191012 contains
NOT-FOR-US: Wavlink
CVE-2022-34569
RESERVED
-CVE-2022-34568
- RESERVED
+CVE-2022-34568 (SDL v1.2 was discovered to contain a use-after-free via the XFree func ...)
+ TODO: check
CVE-2022-34567
RESERVED
CVE-2022-34566
@@ -5985,14 +6005,14 @@ CVE-2022-34560
RESERVED
CVE-2022-34559
RESERVED
-CVE-2022-34558
- RESERVED
-CVE-2022-34557
- RESERVED
-CVE-2022-34556
- RESERVED
-CVE-2022-34555
- RESERVED
+CVE-2022-34558 (WMAgent v1.3.3rc2 and 1.3.3rc1, reqmgr 2 1.4.1rc5 and 1.4.0rc2, reqmon ...)
+ TODO: check
+CVE-2022-34557 (Barangay Management System v1.0 was discovered to contain a SQL inject ...)
+ TODO: check
+CVE-2022-34556 (PicoC v3.2.2 was discovered to contain a NULL pointer dereference at v ...)
+ TODO: check
+CVE-2022-34555 (TP-LINK TL-R473G 2.0.1 Build 220529 Rel.65574n was discovered to conta ...)
+ TODO: check
CVE-2022-34554
RESERVED
CVE-2022-34553
@@ -17652,8 +17672,7 @@ CVE-2022-30289 (A stored Cross-site Scripting (XSS) vulnerability was identified
NOT-FOR-US: OpenCTI
CVE-2022-30288 (** DISPUTED ** Agoo before 2.14.3 does not reject GraphQL fragment spr ...)
NOT-FOR-US: Ruby gem agoo
-CVE-2022-30287
- RESERVED
+CVE-2022-30287 (Horde Groupware Webmail Edition through 5.2.22 allows a reflection inj ...)
- php-horde-turba 4.2.25-6 (bug #1012279)
NOTE: https://blog.sonarsource.com/horde-webmail-rce-via-email/
NOTE: https://lists.horde.org/archives/horde/Week-of-Mon-20220530/059225.html
@@ -19857,8 +19876,8 @@ CVE-2021-46784 (In Squid 3.x through 3.5.28, 4.x through 4.17, and 5.x before 5.
NOTE: Squid 5: http://www.squid-cache.org/Versions/v5/changesets/SQUID-2021_7.patch
CVE-2022-29559
RESERVED
-CVE-2022-29558
- RESERVED
+CVE-2022-29558 (Realtek rtl819x-SDK before v3.6.1 allows command injection over the we ...)
+ TODO: check
CVE-2022-29557
RESERVED
CVE-2022-29556 (The iot-manager microservice 1.0.0 in Northern.tech Mender Enterprise ...)
@@ -20396,8 +20415,8 @@ CVE-2022-29362 (A cross-site scripting (XSS) vulnerability in /navigation/create
CVE-2022-29361 (** DISPUTED ** Improper parsing of HTTP requests in Pallets Werkzeug v ...)
NOTE: Disputed Werkzeug issue, no security impact
NOTE: https://github.com/pallets/werkzeug/issues/2420
-CVE-2022-29360
- RESERVED
+CVE-2022-29360 (The Email Viewer in RainLoop through 1.6.0 allows XSS via a crafted em ...)
+ TODO: check
CVE-2022-29359 (A stored cross-site scripting (XSS) vulnerability in /scas/?page=clubs ...)
NOT-FOR-US: School Club Application System
CVE-2022-29358 (epub2txt2 v2.04 was discovered to contain an integer overflow via the ...)
@@ -60000,8 +60019,8 @@ CVE-2021-41558 (The set_user extension module before 3.0.0 for PostgreSQL allows
NOT-FOR-US: set_user extension for Postgres
CVE-2021-41557 (Sofico Miles RIA 2020.2 Build 127964T is affected by Stored Cross Site ...)
NOT-FOR-US: Sofico
-CVE-2021-41556
- RESERVED
+CVE-2021-41556 (sqclass.cpp in Squirrel through 2.2.5 and 3.x through 3.1 allows an ou ...)
+ TODO: check
CVE-2021-41555 (** UNSUPPORTED WHEN ASSIGNED ** In ARCHIBUS Web Central 21.3.3.815 (a ...)
NOT-FOR-US: ARCHIBUS Web Central
CVE-2021-41554 (** UNSUPPORTED WHEN ASSIGNED ** ARCHIBUS Web Central 21.3.3.815 (a ver ...)
@@ -66283,8 +66302,8 @@ CVE-2021-39090
RESERVED
CVE-2021-39089
RESERVED
-CVE-2021-39088
- RESERVED
+CVE-2021-39088 (IBM QRadar SIEM 7.3, 7.4, and 7.5 is vulnerable to local privilege esc ...)
+ TODO: check
CVE-2021-39087
RESERVED
CVE-2021-39086
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/601bd2b595a0a6fff07b3cf94ff85d9759d6c121
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/601bd2b595a0a6fff07b3cf94ff85d9759d6c121
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220729/0329c335/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list