[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Mon Sep 5 21:10:31 BST 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
e4b85c5c by security tracker role at 2022-09-05T20:10:22+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,261 @@
+CVE-2022-39959
+ RESERVED
+CVE-2022-39958
+ RESERVED
+CVE-2022-39957
+ RESERVED
+CVE-2022-39956
+ RESERVED
+CVE-2022-39955
+ RESERVED
+CVE-2022-39954
+ RESERVED
+CVE-2022-39953
+ RESERVED
+CVE-2022-39952
+ RESERVED
+CVE-2022-39951
+ RESERVED
+CVE-2022-39950
+ RESERVED
+CVE-2022-39949
+ RESERVED
+CVE-2022-39948
+ RESERVED
+CVE-2022-39947
+ RESERVED
+CVE-2022-39946
+ RESERVED
+CVE-2022-39945
+ RESERVED
+CVE-2022-39944
+ RESERVED
+CVE-2022-39943
+ RESERVED
+CVE-2022-39942
+ RESERVED
+CVE-2022-39941
+ RESERVED
+CVE-2022-39940
+ RESERVED
+CVE-2022-39939
+ RESERVED
+CVE-2022-39938
+ RESERVED
+CVE-2022-39937
+ RESERVED
+CVE-2022-39936
+ RESERVED
+CVE-2022-39935
+ RESERVED
+CVE-2022-39934
+ RESERVED
+CVE-2022-39933
+ RESERVED
+CVE-2022-39932
+ RESERVED
+CVE-2022-39931
+ RESERVED
+CVE-2022-39930
+ RESERVED
+CVE-2022-39929
+ RESERVED
+CVE-2022-39928
+ RESERVED
+CVE-2022-39927
+ RESERVED
+CVE-2022-39926
+ RESERVED
+CVE-2022-39925
+ RESERVED
+CVE-2022-39924
+ RESERVED
+CVE-2022-39923
+ RESERVED
+CVE-2022-39922
+ RESERVED
+CVE-2022-39921
+ RESERVED
+CVE-2022-39920
+ RESERVED
+CVE-2022-39919
+ RESERVED
+CVE-2022-39918
+ RESERVED
+CVE-2022-39917
+ RESERVED
+CVE-2022-39916
+ RESERVED
+CVE-2022-39915
+ RESERVED
+CVE-2022-39914
+ RESERVED
+CVE-2022-39913
+ RESERVED
+CVE-2022-39912
+ RESERVED
+CVE-2022-39911
+ RESERVED
+CVE-2022-39910
+ RESERVED
+CVE-2022-39909
+ RESERVED
+CVE-2022-39908
+ RESERVED
+CVE-2022-39907
+ RESERVED
+CVE-2022-39906
+ RESERVED
+CVE-2022-39905
+ RESERVED
+CVE-2022-39904
+ RESERVED
+CVE-2022-39903
+ RESERVED
+CVE-2022-39902
+ RESERVED
+CVE-2022-39901
+ RESERVED
+CVE-2022-39900
+ RESERVED
+CVE-2022-39899
+ RESERVED
+CVE-2022-39898
+ RESERVED
+CVE-2022-39897
+ RESERVED
+CVE-2022-39896
+ RESERVED
+CVE-2022-39895
+ RESERVED
+CVE-2022-39894
+ RESERVED
+CVE-2022-39893
+ RESERVED
+CVE-2022-39892
+ RESERVED
+CVE-2022-39891
+ RESERVED
+CVE-2022-39890
+ RESERVED
+CVE-2022-39889
+ RESERVED
+CVE-2022-39888
+ RESERVED
+CVE-2022-39887
+ RESERVED
+CVE-2022-39886
+ RESERVED
+CVE-2022-39885
+ RESERVED
+CVE-2022-39884
+ RESERVED
+CVE-2022-39883
+ RESERVED
+CVE-2022-39882
+ RESERVED
+CVE-2022-39881
+ RESERVED
+CVE-2022-39880
+ RESERVED
+CVE-2022-39879
+ RESERVED
+CVE-2022-39878
+ RESERVED
+CVE-2022-39877
+ RESERVED
+CVE-2022-39876
+ RESERVED
+CVE-2022-39875
+ RESERVED
+CVE-2022-39874
+ RESERVED
+CVE-2022-39873
+ RESERVED
+CVE-2022-39872
+ RESERVED
+CVE-2022-39871
+ RESERVED
+CVE-2022-39870
+ RESERVED
+CVE-2022-39869
+ RESERVED
+CVE-2022-39868
+ RESERVED
+CVE-2022-39867
+ RESERVED
+CVE-2022-39866
+ RESERVED
+CVE-2022-39865
+ RESERVED
+CVE-2022-39864
+ RESERVED
+CVE-2022-39863
+ RESERVED
+CVE-2022-39862
+ RESERVED
+CVE-2022-39861
+ RESERVED
+CVE-2022-39860
+ RESERVED
+CVE-2022-39859
+ RESERVED
+CVE-2022-39858
+ RESERVED
+CVE-2022-39857
+ RESERVED
+CVE-2022-39856
+ RESERVED
+CVE-2022-39855
+ RESERVED
+CVE-2022-39854
+ RESERVED
+CVE-2022-39853
+ RESERVED
+CVE-2022-39852
+ RESERVED
+CVE-2022-39851
+ RESERVED
+CVE-2022-39850
+ RESERVED
+CVE-2022-39849
+ RESERVED
+CVE-2022-39848
+ RESERVED
+CVE-2022-39847
+ RESERVED
+CVE-2022-39846
+ RESERVED
+CVE-2022-39845
+ RESERVED
+CVE-2022-39844
+ RESERVED
+CVE-2022-3133
+ RESERVED
+CVE-2022-3132
+ RESERVED
+CVE-2022-3131
+ RESERVED
+CVE-2022-3130
+ RESERVED
+CVE-2022-3129
+ RESERVED
+CVE-2022-3128
+ RESERVED
+CVE-2022-3127 (Cross-site Scripting (XSS) - Stored in GitHub repository jgraph/drawio ...)
+ TODO: check
+CVE-2022-3126
+ RESERVED
+CVE-2022-3125
+ RESERVED
+CVE-2022-3124
+ RESERVED
+CVE-2022-3123 (Cross-site Scripting (XSS) - Reflected in GitHub repository splitbrain ...)
+ TODO: check
+CVE-2022-3122 (A vulnerability was found in SourceCodester Clinics Patient Management ...)
+ TODO: check
+CVE-2022-3121 (A vulnerability was found in SourceCodester Online Employee Leave Mana ...)
+ TODO: check
CVE-2022-39843 (123elf Lotus 1-2-3 before 1.0.0rc3 for Linux, and Lotus 1-2-3 R3 for U ...)
NOT-FOR-US: Lotus 1-2-3
CVE-2022-39842 (An issue was discovered in the Linux kernel before 5.19. In pxa3xx_gcu ...)
@@ -9,8 +267,8 @@ CVE-2022-39840 (Cotonti Siena 0.9.20 allows admins to conduct stored XSS attacks
NOT-FOR-US: Cotonti Siena
CVE-2022-39839 (Cotonti Siena 0.9.20 allows admins to conduct stored XSS attacks via a ...)
NOT-FOR-US: Cotonti Siena
-CVE-2022-39838
- RESERVED
+CVE-2022-39838 (Systematic FIX Adapter (ALFAFX) 2.4.0.25 13/09/2017 allows remote file ...)
+ TODO: check
CVE-2022-39837
RESERVED
CVE-2022-39836
@@ -81,8 +339,8 @@ CVE-2022-38064
RESERVED
CVE-2022-36423
RESERVED
-CVE-2022-3120
- RESERVED
+CVE-2022-3120 (A vulnerability classified as critical was found in SourceCodester Cli ...)
+ TODO: check
CVE-2022-3119
RESERVED
CVE-2022-3118 (A vulnerability was found in Sourcecodehero ERP System Project. It has ...)
@@ -1345,7 +1603,7 @@ CVE-2022-39199
RESERVED
CVE-2022-39198
RESERVED
-CVE-2022-3099 (Use After Free in GitHub repository vim/vim prior to 9.0.0359. ...)
+CVE-2022-3099 (Use After Free in GitHub repository vim/vim prior to 9.0.0360. ...)
- vim <unfixed>
[bullseye] - vim <no-dsa> (Minor issue)
NOTE: https://huntr.dev/bounties/403210c7-6cc7-4874-8934-b57f88bd4f5e
@@ -1732,12 +1990,12 @@ CVE-2022-39053
RESERVED
CVE-2022-39052
RESERVED
-CVE-2022-39051
- RESERVED
-CVE-2022-39050
- RESERVED
-CVE-2022-39049
- RESERVED
+CVE-2022-39051 (Attacker might be able to execute malicious Perl code in the Template ...)
+ TODO: check
+CVE-2022-39050 (An attacker who is logged into OTRS as an admin user may manipulate cu ...)
+ TODO: check
+CVE-2022-39049 (An attacker who is logged into OTRS as an admin user may manipulate th ...)
+ TODO: check
CVE-2022-3069
RESERVED
CVE-2022-3068
@@ -2512,8 +2770,8 @@ CVE-2022-3010
RESERVED
CVE-2022-3009
RESERVED
-CVE-2022-3008
- RESERVED
+CVE-2022-3008 (The tinygltf library uses the C library function wordexp() to perform ...)
+ TODO: check
CVE-2022-3007
RESERVED
CVE-2022-3006
@@ -2584,14 +2842,14 @@ CVE-2022-2995
- cri-o <itp> (bug #979702)
CVE-2022-2994
RESERVED
-CVE-2022-38752
- RESERVED
-CVE-2022-38751
- RESERVED
-CVE-2022-38750
- RESERVED
-CVE-2022-38749
- RESERVED
+CVE-2022-38752 (Using snakeYAML to parse untrusted YAML files may be vulnerable to Den ...)
+ TODO: check
+CVE-2022-38751 (Using snakeYAML to parse untrusted YAML files may be vulnerable to Den ...)
+ TODO: check
+CVE-2022-38750 (Using snakeYAML to parse untrusted YAML files may be vulnerable to Den ...)
+ TODO: check
+CVE-2022-38749 (Using snakeYAML to parse untrusted YAML files may be vulnerable to Den ...)
+ TODO: check
CVE-2022-38748
RESERVED
CVE-2022-38747
@@ -3839,11 +4097,9 @@ CVE-2022-38372
RESERVED
CVE-2022-38371
RESERVED
-CVE-2022-38370
- RESERVED
+CVE-2022-38370 (Apache IoTDB grafana-connector version 0.13.0 contains an interface wi ...)
NOT-FOR-US: Apache IoTDB
-CVE-2022-38369
- RESERVED
+CVE-2022-38369 (Apache IoTDB version 0.13.0 is vulnerable by session id attack. Users ...)
NOT-FOR-US: Apache IoTDB
CVE-2022-2851
RESERVED
@@ -3914,12 +4170,12 @@ CVE-2022-2831 (A flaw was found in Blender 3.3.0. An interger overflow in source
NOTE: https://developer.blender.org/T99705
NOTE: https://developer.blender.org/rB32df09b2416a6961704eca0fe73534c8c4e715b2
NOTE: https://developer.blender.org/rBb1329d7eaa52a11c73b75d19d20bd8f6d11ac535
-CVE-2022-2830
- RESERVED
+CVE-2022-2830 (Deserialization of Untrusted Data vulnerability in the message process ...)
+ TODO: check
CVE-2022-38368 (An issue was discovered in Aviatrix Gateway before 6.6.5712 and 6.7.x ...)
NOT-FOR-US: Aviatrix Gateway
-CVE-2022-38367
- RESERVED
+CVE-2022-38367 (The Netic User Export add-on before 2.0.6 for Atlassian Jira does not ...)
+ TODO: check
CVE-2022-38366
RESERVED
CVE-2022-38365
@@ -4435,8 +4691,8 @@ CVE-2022-2777 (Cross-site Scripting (XSS) - Stored in GitHub repository microweb
NOT-FOR-US: microweber
CVE-2022-2776 (A vulnerability classified as problematic has been found in SourceCode ...)
NOT-FOR-US: SourceCodester Gym Management System
-CVE-2022-2775
- RESERVED
+CVE-2022-2775 (The Fast Flow WordPress plugin before 1.2.13 does not sanitise and esc ...)
+ TODO: check
CVE-2022-2774 (A vulnerability was found in SourceCodester Library Management System. ...)
NOT-FOR-US: SourceCodester Library Management System
CVE-2022-2773 (A vulnerability was found in SourceCodester Apartment Visitor Manageme ...)
@@ -6299,8 +6555,8 @@ CVE-2022-2659
RESERVED
CVE-2022-2658
RESERVED
-CVE-2022-2657
- RESERVED
+CVE-2022-2657 (The Multivendor Marketplace Solution for WooCommerce WordPress plugin ...)
+ TODO: check
CVE-2022-2656 (A vulnerability classified as critical has been found in SourceCodeste ...)
NOT-FOR-US: SourceCodester Multi Language Hotel Management Software
CVE-2022-2655
@@ -6683,8 +6939,8 @@ CVE-2022-2598 (Undefined Behavior for Input to API in GitHub repository vim/vim
- vim 2:9.0.0135-1
NOTE: https://huntr.dev/bounties/2f08363a-47a2-422d-a7de-ce96a89ad08e/
NOTE: https://github.com/vim/vim/commit/4e677b9c40ccbc5f090971b31dc2fe07bf05541d (v9.0.0101)
-CVE-2022-2597
- RESERVED
+CVE-2022-2597 (The Visual Portfolio, Photo Gallery & Post Grid WordPress plugin b ...)
+ TODO: check
CVE-2022-2596 (Denial of Service in GitHub repository node-fetch/node-fetch prior to ...)
- node-fetch <not-affected> (Vulnerable code not present)
NOTE: https://huntr.dev/bounties/a7e6a136-0a4b-46c4-ad20-802f1dd60bf7/
@@ -7427,8 +7683,8 @@ CVE-2022-2567
RESERVED
CVE-2022-2566
RESERVED
-CVE-2022-2565
- RESERVED
+CVE-2022-2565 (The Simple Payment Donations & Subscriptions WordPress plugin befo ...)
+ TODO: check
CVE-2022-2564 (Prototype Pollution in GitHub repository automattic/mongoose prior to ...)
NOT-FOR-US: Mongoose
CVE-2022-2563
@@ -7966,8 +8222,8 @@ CVE-2022-2545
RESERVED
CVE-2022-2544 (The Ninja Job Board WordPress plugin before 1.3.3 does not protect the ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-2543
- RESERVED
+CVE-2022-2543 (The Visual Portfolio, Photo Gallery & Post Grid WordPress plugin b ...)
+ TODO: check
CVE-2022-2542
RESERVED
CVE-2022-2541
@@ -10848,8 +11104,8 @@ CVE-2022-2378 (The Easy Student Results WordPress plugin through 2.2.8 does not
NOT-FOR-US: WordPress plugin
CVE-2022-2377 (The Directorist WordPress plugin before 7.3.0 does not have authorisat ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-2376
- RESERVED
+CVE-2022-2376 (The Directorist WordPress plugin before 7.3.1 discloses the email addr ...)
+ TODO: check
CVE-2022-2375 (The WP Sticky Button WordPress plugin before 1.4.1 does not have autho ...)
NOT-FOR-US: WordPress plugin
CVE-2022-2374 (The Simply Schedule Appointments WordPress plugin before 1.5.7.7 does ...)
@@ -12936,8 +13192,8 @@ CVE-2022-2273 (The Simple Membership WordPress plugin before 4.1.3 does not prop
NOT-FOR-US: WordPress plugin
CVE-2022-2272 (This vulnerability allows remote attackers to bypass authentication on ...)
NOT-FOR-US: Sante PACS Server
-CVE-2022-2271
- RESERVED
+CVE-2022-2271 (The WP Database Backup WordPress plugin before 5.9 does not escape som ...)
+ TODO: check
CVE-2022-2270 (An issue has been discovered in GitLab affecting all versions starting ...)
- gitlab <unfixed>
CVE-2022-2269 (The Website File Changes Monitor WordPress plugin before 1.8.3 does no ...)
@@ -16929,8 +17185,8 @@ CVE-2022-2084 [logged schema failures can include password hashes]
[buster] - cloud-init <not-affected> (Vulnerable code not present, introduced in 22.2)
NOTE: https://github.com/canonical/cloud-init/commit/4d467b14363d800b2185b89790d57871f11ea88c
NOTE: https://bugs.launchpad.net/cloud-init/+bug/1978422
-CVE-2022-2083
- RESERVED
+CVE-2022-2083 (The Simple Single Sign On WordPress plugin through 4.1.0 leaks its OAu ...)
+ TODO: check
CVE-2022-33329 (Multiple command injection vulnerabilities exist in the web_server aja ...)
NOT-FOR-US: Robustel R1510
CVE-2022-33328 (Multiple command injection vulnerabilities exist in the web_server aja ...)
@@ -20764,8 +21020,8 @@ CVE-2022-31816
RESERVED
CVE-2022-31815
RESERVED
-CVE-2022-31814
- RESERVED
+CVE-2022-31814 (pfSense pfBlockerNG through 2.1.4_26 allows remote attackers to execut ...)
+ TODO: check
CVE-2022-1948 (An issue has been discovered in GitLab affecting all versions starting ...)
- gitlab <not-affected> (Vulnerable code introduced later)
NOTE: https://about.gitlab.com/releases/2022/06/01/critical-security-release-gitlab-15-0-1-released/
@@ -25393,8 +25649,8 @@ CVE-2022-30333 (RARLAB UnRAR before 6.12 on Linux and UNIX allows directory trav
NOTE: https://github.com/debian-calibre/unrar-nonfree/compare/upstream/6.1.6...upstream/6.1.7
CVE-2022-30332
RESERVED
-CVE-2022-30331
- RESERVED
+CVE-2022-30331 (** DISPUTED ** The User-Defined Functions (UDF) feature in TigerGraph ...)
+ TODO: check
CVE-2022-30330 (In the KeepKey firmware before 7.3.2,Flaws in the supervisor interface ...)
NOT-FOR-US: KeepKey firmware
CVE-2022-30329 (An issue was found on TRENDnet TEW-831DR 1.0 601.130.1.1356 devices. A ...)
@@ -101603,8 +101859,8 @@ CVE-2021-28400
RESERVED
CVE-2021-28399 (OrangeHRM 4.7 allows an unauthenticated user to enumerate the valid us ...)
- orangehrm <itp> (bug #786622)
-CVE-2021-28398
- RESERVED
+CVE-2021-28398 (A privileged attacker in GeoNetwork before 3.12.0 and 4.x before 4.0.4 ...)
+ TODO: check
CVE-2021-28397
RESERVED
CVE-2021-28396
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e4b85c5ce22b001f7f6a466b38e5a16390bbbb07
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e4b85c5ce22b001f7f6a466b38e5a16390bbbb07
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220905/713d91db/attachment.htm>
More information about the debian-security-tracker-commits
mailing list