[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Sep 1 09:10:29 BST 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
1dd172f1 by security tracker role at 2022-09-01T08:10:18+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,4 +1,11 @@
+CVE-2022-39079
+ RESERVED
+CVE-2022-39078
+ RESERVED
+CVE-2022-3070
+ RESERVED
CVE-2022-3071
+ RESERVED
- chromium 105.0.5195.52-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2022-39077
@@ -1896,20 +1903,20 @@ CVE-2022-33310
RESERVED
CVE-2022-2899
RESERVED
-CVE-2022-2898
- RESERVED
-CVE-2022-2897
- RESERVED
-CVE-2022-2896
- RESERVED
-CVE-2022-2895
- RESERVED
-CVE-2022-2894
- RESERVED
+CVE-2022-2898 (Measuresoft ScadaPro Server and Client (All Versions) do not properly ...)
+ TODO: check
+CVE-2022-2897 (Measuresoft ScadaPro Server and Client (All Versions) do not properly ...)
+ TODO: check
+CVE-2022-2896 (Measuresoft ScadaPro Server (All Versions) allows use after free while ...)
+ TODO: check
+CVE-2022-2895 (Measuresoft ScadaPro Server (All Versions) uses unmaintained ActiveX c ...)
+ TODO: check
+CVE-2022-2894 (Measuresoft ScadaPro Server (All Versions) uses unmaintained ActiveX c ...)
+ TODO: check
CVE-2022-2893
RESERVED
-CVE-2022-2892
- RESERVED
+CVE-2022-2892 (Measuresoft ScadaPro Server (Versions prior to 6.8.0.1) uses an unmain ...)
+ TODO: check
CVE-2021-46834
RESERVED
CVE-2020-36599 (lib/omniauth/failure_endpoint.rb in OmniAuth before 1.9.2 (and before ...)
@@ -5307,22 +5314,22 @@ CVE-2022-37132
RESERVED
CVE-2022-37131
RESERVED
-CVE-2022-37130
- RESERVED
-CVE-2022-37129
- RESERVED
-CVE-2022-37128
- RESERVED
+CVE-2022-37130 (In D-Link DIR-816 A2_v1.10CNB04.img a command injection vulnerability ...)
+ TODO: check
+CVE-2022-37129 (D-Link DIR-816 A2_v1.10CNB04.img is vulnerable to Command Injection vi ...)
+ TODO: check
+CVE-2022-37128 (In D-Link DIR-816 A2_v1.10CNB04.img the network can be initialized wit ...)
+ TODO: check
CVE-2022-37127
RESERVED
CVE-2022-37126
RESERVED
-CVE-2022-37125
- RESERVED
+CVE-2022-37125 (D-link DIR-816 A2_v1.10CNB04.img is vulnerable to Command injection vi ...)
+ TODO: check
CVE-2022-37124
RESERVED
-CVE-2022-37123
- RESERVED
+CVE-2022-37123 (D-link DIR-816 A2_v1.10CNB04.img is vulnerable to Command injection vi ...)
+ TODO: check
CVE-2022-37122 (Carel pCOWeb HVAC BACnet Gateway 2.1.0, Firmware: A2.1.0 - B2.1.0, App ...)
NOT-FOR-US: Carel pCOWeb HVAC BACnet Gateway
CVE-2022-37121
@@ -6436,18 +6443,18 @@ CVE-2022-36678 (Simple Task Scheduling System v1.0 was discovered to contain a S
NOT-FOR-US: Simple Task Scheduling System
CVE-2022-36677
RESERVED
-CVE-2022-36676
- RESERVED
-CVE-2022-36675
- RESERVED
-CVE-2022-36674
- RESERVED
+CVE-2022-36676 (Simple Task Scheduling System v1.0 was discovered to contain a SQL inj ...)
+ TODO: check
+CVE-2022-36675 (Simple Task Scheduling System v1.0 was discovered to contain a SQL inj ...)
+ TODO: check
+CVE-2022-36674 (Simple Task Scheduling System v1.0 was discovered to contain a SQL inj ...)
+ TODO: check
CVE-2022-36673
RESERVED
-CVE-2022-36672
- RESERVED
-CVE-2022-36671
- RESERVED
+CVE-2022-36672 (Novel-Plus v3.6.2 was discovered to contain a hard-coded JWT key locat ...)
+ TODO: check
+CVE-2022-36671 (Novel-Plus v3.6.2 was discovered to contain an arbitrary file download ...)
+ TODO: check
CVE-2022-36670
RESERVED
CVE-2022-36669
@@ -6548,10 +6555,10 @@ CVE-2022-36622
RESERVED
CVE-2022-36621
RESERVED
-CVE-2022-36620
- RESERVED
-CVE-2022-36619
- RESERVED
+CVE-2022-36620 (D-link DIR-816 A2_v1.10CNB04.img is vulnerable to Buffer Overflow via ...)
+ TODO: check
+CVE-2022-36619 (In D-link DIR-816 A2_v1.10CNB04.img,the network can be reset without a ...)
+ TODO: check
CVE-2022-36618
RESERVED
CVE-2022-36617
@@ -6624,12 +6631,12 @@ CVE-2022-36584
RESERVED
CVE-2022-36583
RESERVED
-CVE-2022-36582
- RESERVED
-CVE-2022-36581
- RESERVED
-CVE-2022-36580
- RESERVED
+CVE-2022-36582 (An arbitrary file upload vulnerability in the component /php_action/cr ...)
+ TODO: check
+CVE-2022-36581 (Online Ordering System v2.3.2 was discovered to contain a SQL injectio ...)
+ TODO: check
+CVE-2022-36580 (An arbitrary file upload vulnerability in the component /admin/product ...)
+ TODO: check
CVE-2022-36579 (Wellcms 2.2.0 is vulnerable to Cross Site Request Forgery (CSRF). ...)
NOT-FOR-US: Wellcms
CVE-2022-36578 (jizhicms v2.3.1 has SQL injection in the background. ...)
@@ -6646,14 +6653,14 @@ CVE-2022-36573 (A cross-site scripting (XSS) vulnerability in Pagekit CMS v1.0.1
NOT-FOR-US: Pagekit CMS
CVE-2022-36572 (Sinsiu Sinsiu Enterprise Website System v1.1.1.0 was discovered to con ...)
NOT-FOR-US: Sinsiu Sinsiu Enterprise Website System
-CVE-2022-36571
- RESERVED
-CVE-2022-36570
- RESERVED
-CVE-2022-36569
- RESERVED
-CVE-2022-36568
- RESERVED
+CVE-2022-36571 (Tenda AC9 V15.03.05.19 was discovered to contain a stack overflow via ...)
+ TODO: check
+CVE-2022-36570 (Tenda AC9 V15.03.05.19 was discovered to contain a stack overflow via ...)
+ TODO: check
+CVE-2022-36569 (Tenda AC9 V15.03.05.19 was discovered to contain a stack overflow via ...)
+ TODO: check
+CVE-2022-36568 (Tenda AC9 V15.03.05.19 was discovered to contain a stack overflow via ...)
+ TODO: check
CVE-2022-36567
RESERVED
CVE-2022-36566 (Rengine v1.3.0 was discovered to contain a command injection vulnerabi ...)
@@ -6890,8 +6897,8 @@ CVE-2022-36451
RESERVED
CVE-2022-36450 (Obsidian 0.14.x and 0.15.x before 0.15.5 allows obsidian://hook-get-ad ...)
NOT-FOR-US: Obsidian
-CVE-2022-36449
- RESERVED
+CVE-2022-36449 (An issue was discovered in the Arm Mali GPU Kernel Driver. A non-privi ...)
+ TODO: check
CVE-2022-36448
RESERVED
CVE-2022-36447 (An inflation issue was discovered in Chia Network CAT1 Standard 1.0.0. ...)
@@ -7693,12 +7700,12 @@ CVE-2022-36205
RESERVED
CVE-2022-36204
RESERVED
-CVE-2022-36203
- RESERVED
-CVE-2022-36202
- RESERVED
-CVE-2022-36201
- RESERVED
+CVE-2022-36203 (Doctor's Appointment System 1.0 is vulnerable to Cross Site Scripting ...)
+ TODO: check
+CVE-2022-36202 (Doctor's Appointment System1.0 is vulnerable to Incorrect Access Contr ...)
+ TODO: check
+CVE-2022-36201 (Doctor's Appointment System 1.0 is vulnerable to SQL Injection via boo ...)
+ TODO: check
CVE-2022-36200 (In FiberHome VDSL2 Modem HG150-Ub_V3.0, Credentials of Admin are submi ...)
NOT-FOR-US: FiberHome VDSL2 Modem
CVE-2022-36199
@@ -7868,8 +7875,8 @@ CVE-2022-36132
RESERVED
CVE-2022-36131 (The Better PDF Exporter add-on 10.0.0 for Atlassian Jira is prone to s ...)
NOT-FOR-US: Atlassian addon
-CVE-2022-36130
- RESERVED
+CVE-2022-36130 (HashiCorp Boundary up to 0.10.1 did not properly perform data integrit ...)
+ TODO: check
CVE-2022-36129 (HashiCorp Vault Enterprise 1.7.0 through 1.9.7, 1.10.4, and 1.11.0 clu ...)
NOT-FOR-US: HashiCorp Vault
CVE-2022-2455
@@ -8076,18 +8083,18 @@ CVE-2022-36053
RESERVED
CVE-2022-36052
RESERVED
-CVE-2022-36051
- RESERVED
+CVE-2022-36051 (ZITADEL combines the ease of Auth0 and the versatility of Keycloak.**A ...)
+ TODO: check
CVE-2022-36050
RESERVED
CVE-2022-36049
RESERVED
-CVE-2022-36048
- RESERVED
+CVE-2022-36048 (Zulip is an open-source team collaboration tool with topic-based threa ...)
+ TODO: check
CVE-2022-36047
RESERVED
-CVE-2022-36046
- RESERVED
+CVE-2022-36046 (Next.js is a React framework that can provide building blocks to creat ...)
+ TODO: check
CVE-2022-36045 (NodeBB Forum Software is powered by Node.js and supports either Redis, ...)
TODO: check
CVE-2022-36044
@@ -12495,8 +12502,8 @@ CVE-2022-34385
RESERVED
CVE-2022-34384
RESERVED
-CVE-2022-34383
- RESERVED
+CVE-2022-34383 (Dell Edge Gateway 5200 (EGW) versions before 1.03.10 contain an operat ...)
+ TODO: check
CVE-2022-34382
RESERVED
CVE-2022-34381
@@ -12515,8 +12522,8 @@ CVE-2022-34375 (Dell Container Storage Modules 1.2 contains a path traversal vul
TODO: check
CVE-2022-34374 (Dell Container Storage Modules 1.2 contains an OS command injection in ...)
TODO: check
-CVE-2022-34373
- RESERVED
+CVE-2022-34373 (Dell Command Integration Suite for System Center, versions prior to 6. ...)
+ TODO: check
CVE-2022-34372
RESERVED
CVE-2022-34371
@@ -20338,8 +20345,8 @@ CVE-2022-31479 (An unauthenticated attacker can update the hostname with a speci
NOT-FOR-US: HID Mercury Intelligent Controllers
CVE-2022-31478 (The UserTakeOver plugin before 4.0.1 for ILIAS allows an attacker to l ...)
NOT-FOR-US: UserTakeOver plugin for ILIAS
-CVE-2022-1841
- RESERVED
+CVE-2022-1841 (In subsys/net/ip/tcp.c , function tcp_flags , when the incoming parame ...)
+ TODO: check
CVE-2022-1840 (A vulnerability, which was classified as problematic, has been found i ...)
NOT-FOR-US: Home Clean Services Management System
CVE-2022-1839 (A vulnerability classified as critical was found in Home Clean Service ...)
@@ -20925,8 +20932,8 @@ CVE-2022-31235
RESERVED
CVE-2022-31234 (Dell EMC PowerStore, contain(s) an Improper Restriction of Excessive A ...)
NOT-FOR-US: Dell
-CVE-2022-31233
- RESERVED
+CVE-2022-31233 (Unisphere for PowerMax versions before 9.2.3.15 contain a privilege es ...)
+ TODO: check
CVE-2022-31232 (SmartFabric storage software version 1.0.0 contains a Command-Injectio ...)
TODO: check
CVE-2022-31231
@@ -40650,9 +40657,9 @@ CVE-2022-24554
RESERVED
CVE-2022-24553 (An issue was found in Zfaka <= 1.4.5. The verification of the backg ...)
NOT-FOR-US: Zfaka
-CVE-2022-24552 (StarWind SAN and NAS before 0.2 build 1685 allows remote code executio ...)
+CVE-2022-24552 (A flaw was found in the REST API in StarWind Stack. REST command, whic ...)
NOT-FOR-US: StarWind
-CVE-2022-24551 (StarWind SAN and NAS before 0.2 build 1685 allows users to reset other ...)
+CVE-2022-24551 (A flaw was found in StarWind Stack. The endpoint for setting a new pas ...)
NOT-FOR-US: StarWind
CVE-2022-24550 (Windows Telephony Server Elevation of Privilege Vulnerability. ...)
NOT-FOR-US: Microsoft
@@ -51519,7 +51526,7 @@ CVE-2021-45391 (A Buffer Overflow vulnerability exists in Tenda Router AX12 V22.
NOT-FOR-US: Tenda
CVE-2021-45390
RESERVED
-CVE-2021-45389 (StarWind SAN & NAS build 1578 and StarWind Command Center Build 68 ...)
+CVE-2021-45389 (A flaw was found with the JWT token. A self-signed JWT token could be ...)
NOT-FOR-US: StarWind
CVE-2021-45388
REJECTED
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1dd172f14a0280cca74b41f1ec9f9888bb4fc518
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1dd172f14a0280cca74b41f1ec9f9888bb4fc518
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220901/b29e80e1/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list