[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri Jun 17 09:10:22 BST 2022 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
06f88580 by security tracker role at 2022-06-17T08:10:14+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,93 @@
+CVE-2022-33916
+	RESERVED
+CVE-2022-33915 (Versions of the Amazon AWS Apache Log4j hotpatch package before log4j- ...)
+	TODO: check
+CVE-2022-33914
+	RESERVED
+CVE-2022-33913
+	RESERVED
+CVE-2022-33912 (A permission issue affects users that deployed the shipped version of  ...)
+	TODO: check
+CVE-2022-33911
+	RESERVED
+CVE-2022-33910
+	RESERVED
+CVE-2022-33909
+	RESERVED
+CVE-2022-33908
+	RESERVED
+CVE-2022-33907
+	RESERVED
+CVE-2022-33906
+	RESERVED
+CVE-2022-33905
+	RESERVED
+CVE-2022-33904
+	RESERVED
+CVE-2022-33903
+	RESERVED
+CVE-2022-33891
+	RESERVED
+CVE-2022-33890
+	RESERVED
+CVE-2022-33889
+	RESERVED
+CVE-2022-33888
+	RESERVED
+CVE-2022-33887
+	RESERVED
+CVE-2022-33886
+	RESERVED
+CVE-2022-33885
+	RESERVED
+CVE-2022-33884
+	RESERVED
+CVE-2022-33883
+	RESERVED
+CVE-2022-33882
+	RESERVED
+CVE-2022-33881
+	RESERVED
+CVE-2022-33311
+	RESERVED
+CVE-2022-33151
+	RESERVED
+CVE-2022-32583
+	RESERVED
+CVE-2022-32544
+	RESERVED
+CVE-2022-32453
+	RESERVED
+CVE-2022-32283
+	RESERVED
+CVE-2022-30693
+	RESERVED
+CVE-2022-30604
+	RESERVED
+CVE-2022-29891
+	RESERVED
+CVE-2022-29487
+	RESERVED
+CVE-2022-28715
+	RESERVED
+CVE-2022-25986
+	RESERVED
+CVE-2022-2108
+	RESERVED
+CVE-2022-2107
+	RESERVED
+CVE-2022-2106
+	RESERVED
+CVE-2022-2105
+	RESERVED
+CVE-2022-2104
+	RESERVED
+CVE-2022-2103
+	RESERVED
+CVE-2022-2102
+	RESERVED
+CVE-2022-2101
+	RESERVED
 CVE-2022-33880
 	RESERVED
 CVE-2022-33879
@@ -276,20 +366,20 @@ CVE-2022-33758
 	RESERVED
 CVE-2022-33757
 	RESERVED
-CVE-2022-33756
-	RESERVED
-CVE-2022-33755
-	RESERVED
-CVE-2022-33754
-	RESERVED
-CVE-2022-33753
-	RESERVED
-CVE-2022-33752
-	RESERVED
-CVE-2022-33751
-	RESERVED
-CVE-2022-33750
-	RESERVED
+CVE-2022-33756 (CA Automic Automation 12.2 and 12.3 contain an entropy weakness vulner ...)
+	TODO: check
+CVE-2022-33755 (CA Automic Automation 12.2 and 12.3 contain an insecure input handling ...)
+	TODO: check
+CVE-2022-33754 (CA Automic Automation 12.2 and 12.3 contain an insufficient input vali ...)
+	TODO: check
+CVE-2022-33753 (CA Automic Automation 12.2 and 12.3 contain an insecure file creation  ...)
+	TODO: check
+CVE-2022-33752 (CA Automic Automation 12.2 and 12.3 contain an insufficient input vali ...)
+	TODO: check
+CVE-2022-33751 (CA Automic Automation 12.2 and 12.3 contain an insecure memory handlin ...)
+	TODO: check
+CVE-2022-33750 (CA Automic Automation 12.2 and 12.3 contain an authentication error vu ...)
+	TODO: check
 CVE-2022-33749
 	RESERVED
 CVE-2022-33748
@@ -310,8 +400,8 @@ CVE-2022-33741
 	RESERVED
 CVE-2022-33740
 	RESERVED
-CVE-2022-33739
-	RESERVED
+CVE-2022-33739 (CA Clarity 15.8 and below and 15.9.0 contain an insecure XML parsing v ...)
+	TODO: check
 CVE-2022-33738
 	RESERVED
 CVE-2022-33737
@@ -1892,8 +1982,8 @@ CVE-2022-2060 (Cross-site Scripting (XSS) - Stored in GitHub repository dolibarr
 	- dolibarr <removed>
 CVE-2022-2059
 	RESERVED
-CVE-2021-46820
-	RESERVED
+CVE-2021-46820 (Arbitrary File Deletion vulnerability in XOS-Shop xos_shop_system 1.0. ...)
+	TODO: check
 CVE-2020-36546
 	RESERVED
 CVE-2020-36545
@@ -3586,16 +3676,16 @@ CVE-2019-25066 (A vulnerability has been found in ajenti 2.1.31 and classified a
 	- ajenti <itp> (bug #792019)
 CVE-2019-25065 (A vulnerability was found in OpenNetAdmin 18.1.1. It has been rated as ...)
 	NOT-FOR-US: OpenNetAdmin
-CVE-2018-25044
-	RESERVED
-CVE-2018-25043
-	RESERVED
-CVE-2018-25042
-	RESERVED
-CVE-2018-25041
-	RESERVED
-CVE-2018-25040
-	RESERVED
+CVE-2018-25044 (A vulnerability, which was classified as critical, has been found in u ...)
+	TODO: check
+CVE-2018-25043 (A vulnerability classified as critical was found in uTorrent. This vul ...)
+	TODO: check
+CVE-2018-25042 (A vulnerability classified as critical has been found in uTorrent. Thi ...)
+	TODO: check
+CVE-2018-25041 (A vulnerability was found in uTorrent. It has been rated as critical.  ...)
+	TODO: check
+CVE-2018-25040 (A vulnerability was found in uTorrent Web. It has been declared as cri ...)
+	TODO: check
 CVE-2018-25039 (A vulnerability was found in Thomson TCW710 ST5D.10.05. It has been de ...)
 	NOT-FOR-US: Thomson TCW710
 CVE-2018-25038 (A vulnerability was found in Thomson TCW710 ST5D.10.05. It has been cl ...)
@@ -6011,8 +6101,8 @@ CVE-2022-31466 (Time of Check - Time of Use (TOCTOU) vulnerability in Quick Heal
 	NOT-FOR-US: Quick Heal Total Security
 CVE-2022-31465 (A vulnerability has been identified in Xpedition Designer (All version ...)
 	NOT-FOR-US: Siemens
-CVE-2022-31464
-	RESERVED
+CVE-2022-31464 (Insecure permissions configuration in Adaware Protect v1.2.439.4251 al ...)
+	TODO: check
 CVE-2022-31463 (Owl Labs Meeting Owl 5.2.0.15 does not require a password for Bluetoot ...)
 	NOT-FOR-US: Owl Labs Meeting Owl
 CVE-2022-31462 (Owl Labs Meeting Owl 5.2.0.15 allows attackers to control the device v ...)
@@ -6341,16 +6431,16 @@ CVE-2022-31301 (Haraj v3.7 was discovered to contain a stored cross-site scripti
 	TODO: check
 CVE-2022-31300 (A cross-site scripting vulnerability in the DM Section component of Ha ...)
 	TODO: check
-CVE-2022-31299
-	RESERVED
+CVE-2022-31299 (Haraj v3.7 was discovered to contain a reflected cross-site scripting  ...)
+	TODO: check
 CVE-2022-31298 (A cross-site scripting vulnerability in the ads comment section of Har ...)
 	TODO: check
 CVE-2022-31297
 	RESERVED
 CVE-2022-31296
 	RESERVED
-CVE-2022-31295
-	RESERVED
+CVE-2022-31295 (An issue in the delete_post() function of Online Discussion Forum Site ...)
+	TODO: check
 CVE-2022-31294 (An issue in the save_users() function of Online Discussion Forum Site  ...)
 	NOT-FOR-US: Online Discussion Forum Site
 CVE-2022-31293
@@ -9125,16 +9215,16 @@ CVE-2022-30331
 	RESERVED
 CVE-2022-30330 (In the KeepKey firmware before 7.3.2, the bootloader can be exploited  ...)
 	NOT-FOR-US: KeepKey firmware
-CVE-2022-30329
-	RESERVED
-CVE-2022-30328
-	RESERVED
-CVE-2022-30327
-	RESERVED
-CVE-2022-30326
-	RESERVED
-CVE-2022-30325
-	RESERVED
+CVE-2022-30329 (An issue was found on TRENDnet TEW-831DR 1.0 601.130.1.1356 devices. A ...)
+	TODO: check
+CVE-2022-30328 (An issue was found on TRENDnet TEW-831DR 1.0 601.130.1.1356 devices. T ...)
+	TODO: check
+CVE-2022-30327 (An issue was found on TRENDnet TEW-831DR 1.0 601.130.1.1356 devices. T ...)
+	TODO: check
+CVE-2022-30326 (An issue was found on TRENDnet TEW-831DR 1.0 601.130.1.1356 devices. T ...)
+	TODO: check
+CVE-2022-30325 (An issue was found on TRENDnet TEW-831DR 1.0 601.130.1.1356 devices. T ...)
+	TODO: check
 CVE-2022-30324 (HashiCorp Nomad and Nomad Enterprise version 0.2.0 up to 1.3.0 were im ...)
 	TODO: check
 CVE-2022-30323 (HashiCorp go-getter through 2.0.2 does not safely perform downloads (i ...)
@@ -17335,10 +17425,10 @@ CVE-2022-27514
 	RESERVED
 CVE-2022-27513
 	RESERVED
-CVE-2022-27512
-	RESERVED
-CVE-2022-27511
-	RESERVED
+CVE-2022-27512 (Temporary disruption of the ADM license service. The impact of this in ...)
+	TODO: check
+CVE-2022-27511 (Corruption of the system by a remote, unauthenticated user. The impact ...)
+	TODO: check
 CVE-2022-27510
 	RESERVED
 CVE-2022-27509
@@ -21139,8 +21229,8 @@ CVE-2022-26175
 	RESERVED
 CVE-2022-26174 (A remote code execution (RCE) vulnerability in Beekeeper Studio v3.2.0 ...)
 	NOT-FOR-US: Beekeeper Studio
-CVE-2022-26173
-	RESERVED
+CVE-2022-26173 (JForum v2.8.0 was discovered to contain a Cross-Site Request Forgery ( ...)
+	TODO: check
 CVE-2022-26172
 	RESERVED
 CVE-2022-26171 (Bank Management System v1.o was discovered to contain a SQL injection  ...)
@@ -25941,8 +26031,8 @@ CVE-2022-24564 (Checkmk <=2.0.0p19 contains a Cross Site Scripting (XSS) vuln
 	- check-mk <removed>
 CVE-2022-24563 (In Genixcms v1.1.11, a stored Cross-Site Scripting (XSS) vulnerability ...)
 	NOT-FOR-US: Genixcms
-CVE-2022-24562
-	RESERVED
+CVE-2022-24562 (In IOBit IOTransfer 4.3.1.1561, an unauthenticated attacker can send G ...)
+	TODO: check
 CVE-2022-24561
 	RESERVED
 CVE-2022-24560
@@ -61028,8 +61118,8 @@ CVE-2021-37766
 	RESERVED
 CVE-2021-37765
 	RESERVED
-CVE-2021-37764
-	RESERVED
+CVE-2021-37764 (Arbitrary File Deletion vulnerability in XOS-Shop xos_shop_system 1.0. ...)
+	TODO: check
 CVE-2021-37763
 	RESERVED
 CVE-2021-37762 (Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestr ...)
@@ -63826,10 +63916,10 @@ CVE-2021-36611
 	RESERVED
 CVE-2021-36610
 	RESERVED
-CVE-2021-36609
-	RESERVED
-CVE-2021-36608
-	RESERVED
+CVE-2021-36609 (Cross Site Scripting (XSS) vulnerability in webTareas 2.2p1 via the Na ...)
+	TODO: check
+CVE-2021-36608 (Cross Site Scripting (XSS) vulnerability in webTareas 2.2p1 via the Na ...)
+	TODO: check
 CVE-2021-36607
 	RESERVED
 CVE-2021-36606
@@ -71765,8 +71855,8 @@ CVE-2021-33297
 	RESERVED
 CVE-2021-33296
 	RESERVED
-CVE-2021-33295
-	RESERVED
+CVE-2021-33295 (Cross Site Scripting (XSS) vulnerability in Joplin Desktop App before  ...)
+	TODO: check
 CVE-2021-33294
 	RESERVED
 CVE-2021-33293 (Panorama Tools libpano13 v2.9.20 was discovered to contain an out-of-b ...)
@@ -104181,8 +104271,8 @@ CVE-2020-35599
 	RESERVED
 CVE-2020-35598 (ACS Advanced Comment System 1.0 is affected by Directory Traversal via ...)
 	NOT-FOR-US: ACS Advanced Comment System
-CVE-2020-35597
-	RESERVED
+CVE-2020-35597 (Victor CMS 1.0 is vulnerable to SQL injection via c_id parameter of ad ...)
+	TODO: check
 CVE-2020-35596
 	RESERVED
 CVE-2020-35595
@@ -111915,8 +112005,8 @@ CVE-2020-28867
 	RESERVED
 CVE-2020-28866
 	RESERVED
-CVE-2020-28865
-	RESERVED
+CVE-2020-28865 (An issue was discovered in PowerJob through 3.2.2, allows attackers to ...)
+	TODO: check
 CVE-2020-28864 (Buffer overflow in WinSCP 5.17.8 allows a malicious FTP server to caus ...)
 	NOT-FOR-US: WinSCP
 CVE-2020-28863
@@ -123942,8 +124032,8 @@ CVE-2020-25461 (Invalid Memory Access in the fxProxyGetter function in moddable/
 	NOT-FOR-US: Moddable SDK
 CVE-2020-25460
 	RESERVED
-CVE-2020-25459
-	RESERVED
+CVE-2020-25459 (An issue was discovered in function sync_tree in hetero_decision_tree_ ...)
+	TODO: check
 CVE-2020-25458
 	RESERVED
 CVE-2020-25457
@@ -246736,8 +246826,8 @@ CVE-2018-18909 (xhEditor 1.2.2 allows XSS via JavaScript code in the SRC attribu
 	NOT-FOR-US: xhEditor
 CVE-2018-18908 (The Sky Go Desktop application 1.0.19-1 through 1.0.23-1 for Windows p ...)
 	NOT-FOR-US: Sky Go Desktop
-CVE-2018-18907
-	RESERVED
+CVE-2018-18907 (An issue was discovered on D-Link DIR-850L 1.21WW devices. A partially ...)
+	TODO: check
 CVE-2018-18906
 	RESERVED
 CVE-2018-18905



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/06f88580d3906bef428fce3e12a93b70822f3cf1

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/06f88580d3906bef428fce3e12a93b70822f3cf1
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220617/28dd74e6/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list