[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Sep 7 21:10:31 BST 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
82887e57 by security tracker role at 2022-09-07T20:10:19+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,81 @@
+CVE-2022-40175
+ RESERVED
+CVE-2022-40174
+ RESERVED
+CVE-2022-40173
+ RESERVED
+CVE-2022-40172
+ RESERVED
+CVE-2022-40171
+ RESERVED
+CVE-2022-40170
+ RESERVED
+CVE-2022-40169
+ RESERVED
+CVE-2022-40168
+ RESERVED
+CVE-2022-40167
+ RESERVED
+CVE-2022-40166
+ RESERVED
+CVE-2022-40165
+ RESERVED
+CVE-2022-40164
+ RESERVED
+CVE-2022-40163
+ RESERVED
+CVE-2022-40162
+ RESERVED
+CVE-2022-40161
+ RESERVED
+CVE-2022-40160
+ RESERVED
+CVE-2022-40159
+ RESERVED
+CVE-2022-40158
+ RESERVED
+CVE-2022-40157
+ RESERVED
+CVE-2022-40156
+ RESERVED
+CVE-2022-40155
+ RESERVED
+CVE-2022-40154
+ RESERVED
+CVE-2022-40153
+ RESERVED
+CVE-2022-40152
+ RESERVED
+CVE-2022-40151
+ RESERVED
+CVE-2022-40150
+ RESERVED
+CVE-2022-40149
+ RESERVED
+CVE-2022-40148
+ RESERVED
+CVE-2022-40147
+ RESERVED
+CVE-2022-40146
+ RESERVED
+CVE-2022-40145
+ RESERVED
+CVE-2022-3155
+ RESERVED
+CVE-2022-3154
+ RESERVED
+CVE-2022-3153
+ RESERVED
+CVE-2022-3152 (Unverified Password Change in GitHub repository phpfusion/phpfusion pr ...)
+ TODO: check
+CVE-2022-3151
+ RESERVED
+CVE-2022-3150
+ RESERVED
+CVE-2022-3149
+ RESERVED
+CVE-2022-3148
+ RESERVED
CVE-2022-40144
RESERVED
CVE-2022-40143
@@ -264,8 +342,8 @@ CVE-2022-40025
RESERVED
CVE-2022-40024
RESERVED
-CVE-2022-40023
- RESERVED
+CVE-2022-40023 (Sqlalchemy mako before 1.2.2 is vulnerable to Regular expression Denia ...)
+ TODO: check
CVE-2022-40022
RESERVED
CVE-2022-40021
@@ -394,7 +472,7 @@ CVE-2022-39960
RESERVED
CVE-2022-3135
RESERVED
-CVE-2022-3134 (Use After Free in GitHub repository vim/vim prior to 9.0.0388. ...)
+CVE-2022-3134 (Use After Free in GitHub repository vim/vim prior to 9.0.0389. ...)
- vim <unfixed>
[bullseye] - vim <no-dsa> (Minor issue)
NOTE: https://huntr.dev/bounties/6ec79e49-c7ab-4cd6-a517-e7934c2eb9dc
@@ -6072,8 +6150,8 @@ CVE-2022-37781 (fdkaac v1.0.3 was discovered to contain a heap buffer overflow v
NOTE: https://github.com/nu774/fdkaac/issues/54
NOTE: https://github.com/nu774/fdkaac/commit/ecddb7d63306e01d137d65bbbe7b78c1e779943c
NOTE: Crash in CLI tool, no security impact
-CVE-2022-37780
- RESERVED
+CVE-2022-37780 (Phicomm FIR151B A2, FIR302E A2, FIR300B A2, FIR303B A2 routers V3.0.1. ...)
+ TODO: check
CVE-2022-37779
RESERVED
CVE-2022-37778
@@ -6179,10 +6257,10 @@ CVE-2022-37733
RESERVED
CVE-2022-37732
RESERVED
-CVE-2022-37731
- RESERVED
-CVE-2022-37730
- RESERVED
+CVE-2022-37731 (ftcms 2.1 poster.PHP has a XSS vulnerability. The attacker inserts mal ...)
+ TODO: check
+CVE-2022-37730 (In ftcms 2.1, there is a Cross Site Request Forgery (CSRF) vulnerabili ...)
+ TODO: check
CVE-2022-37729
RESERVED
CVE-2022-37728
@@ -7611,8 +7689,8 @@ CVE-2022-37191
RESERVED
CVE-2022-37190
RESERVED
-CVE-2022-37189
- RESERVED
+CVE-2022-37189 (DDMAL MEI2Volpiano 0.8.2 is vulnerable to XML External Entity (XXE), l ...)
+ TODO: check
CVE-2022-37188
RESERVED
CVE-2022-37187
@@ -7773,8 +7851,8 @@ CVE-2022-37110
RESERVED
CVE-2022-37109
RESERVED
-CVE-2022-37108
- RESERVED
+CVE-2022-37108 (An injection vulnerability in the syslog-ng configuration wizard in Se ...)
+ TODO: check
CVE-2022-37107
RESERVED
CVE-2022-37106
@@ -8890,12 +8968,12 @@ CVE-2022-36663 (Gluu Oxauth before v4.4.1 allows attackers to execute blind SSRF
NOT-FOR-US: Gluu Oxauth
CVE-2022-36662
RESERVED
-CVE-2022-36661
- RESERVED
-CVE-2022-36660
- RESERVED
-CVE-2022-36659
- RESERVED
+CVE-2022-36661 (xhyve commit dfbe09b was discovered to contain a NULL pointer derefere ...)
+ TODO: check
+CVE-2022-36660 (xhyve commit dfbe09b was discovered to contain a stack buffer overflow ...)
+ TODO: check
+CVE-2022-36659 (xhyve commit dfbe09b was discovered to contain a NULL pointer derefere ...)
+ TODO: check
CVE-2022-36658
RESERVED
CVE-2022-36657 (Library Management System v1.0 was discovered to contain a cross-site ...)
@@ -9042,8 +9120,8 @@ CVE-2022-36589
RESERVED
CVE-2022-36588
RESERVED
-CVE-2022-36587
- RESERVED
+CVE-2022-36587 (In Tenda G3 US_G3V3.0br_V15.11.0.6(7663)_EN_TDE, there is a buffer ove ...)
+ TODO: check
CVE-2022-36586
RESERVED
CVE-2022-36585
@@ -9138,8 +9216,8 @@ CVE-2022-36541
RESERVED
CVE-2022-36540
RESERVED
-CVE-2022-36539
- RESERVED
+CVE-2022-36539 (WeDayCare B.V Ouderapp before v1.1.22 allows attackers to alter the ID ...)
+ TODO: check
CVE-2022-36538
RESERVED
CVE-2022-36537 (ZK Framework v9.6.1, 9.6.0.1, 9.5.1.3, 9.0.1.2 and 8.6.4.1 allows atta ...)
@@ -9988,8 +10066,8 @@ CVE-2022-36273 (Tenda AC9 V15.03.2.21_cn is vulnerable to command injection via
NOT-FOR-US: Tenda
CVE-2022-36272 (Mingsoft MCMS 5.2.8 was discovered to contain a SQL injection vulnerab ...)
NOT-FOR-US: Mingsoft MCMS
-CVE-2022-36271
- RESERVED
+CVE-2022-36271 (Outbyte PC Repair Installation File 1.7.112.7856 is vulnerable to Dll ...)
+ TODO: check
CVE-2022-36270 (Clinic's Patient Management System v1.0 has arbitrary code execution v ...)
NOT-FOR-US: Clinic's Patient Management System
CVE-2022-36269
@@ -11799,8 +11877,8 @@ CVE-2022-35515
RESERVED
CVE-2022-35514
RESERVED
-CVE-2022-35513
- RESERVED
+CVE-2022-35513 (The Blink1Control2 application <= 2.2.7 uses weak password encrypti ...)
+ TODO: check
CVE-2022-35512
RESERVED
CVE-2022-35511
@@ -12108,7 +12186,7 @@ CVE-2022-35416 (H3C SSL VPN through 2022-07-10 allows wnm/login/login.json svpnl
NOT-FOR-US: H3C SSL VPN
CVE-2022-35415
RESERVED
-CVE-2022-35414 (softmmu/physmem.c in QEMU through 7.0.0 can perform an uninitialized r ...)
+CVE-2022-35414 (** DISPUTED ** softmmu/physmem.c in QEMU through 7.0.0 can perform an ...)
{DLA-3099-1}
- qemu <unfixed> (bug #1014958)
[bullseye] - qemu <no-dsa> (Minor issue)
@@ -22931,8 +23009,8 @@ CVE-2022-31416
RESERVED
CVE-2022-31415 (Online Fire Reporting System v1.0 was discovered to contain a SQL inje ...)
NOT-FOR-US: Online Fire Reporting System
-CVE-2022-31414
- RESERVED
+CVE-2022-31414 (D-Link DIR-1960 firmware DIR-1960_A1_1.11 was discovered to contain a ...)
+ TODO: check
CVE-2022-31413
RESERVED
CVE-2022-31412
@@ -23340,18 +23418,18 @@ CVE-2022-31253
RESERVED
CVE-2022-31252
RESERVED
-CVE-2022-31251
- RESERVED
+CVE-2022-31251 (A Incorrect Default Permissions vulnerability in the packaging of the ...)
+ TODO: check
CVE-2022-31250 (A UNIX Symbolic Link (Symlink) Following vulnerability in keylime of o ...)
NOT-FOR-US: keylime
CVE-2022-31249
RESERVED
CVE-2022-31248 (A Observable Response Discrepancy vulnerability in spacewalk-java of S ...)
NOT-FOR-US: Uyuni
-CVE-2022-31247
- RESERVED
-CVE-2022-1807
- RESERVED
+CVE-2022-31247 (An Improper Authorization vulnerability in SUSE Rancher, allows any us ...)
+ TODO: check
+CVE-2022-1807 (Multiple SQLi vulnerabilities in Webadmin allow for privilege escalati ...)
+ TODO: check
CVE-2022-1806 (Cross-site Scripting (XSS) - Reflected in GitHub repository rtxteam/rt ...)
NOT-FOR-US: RTX
CVE-2022-31246 (paymentrequest.py in Electrum before 4.2.2 allows a file:// URL in the ...)
@@ -23556,10 +23634,10 @@ CVE-2022-31169 (Wasmtime is a standalone runtime for WebAssembly. There is a bug
NOT-FOR-US: wasmtime
CVE-2022-31168 (Zulip is an open source team chat tool. Due to an incorrect authorizat ...)
NOT-FOR-US: Zulip
-CVE-2022-31167
- RESERVED
-CVE-2022-31166
- RESERVED
+CVE-2022-31167 (XWiki Platform Security Parent POM contains the security APIs for XWik ...)
+ TODO: check
+CVE-2022-31166 (XWiki Platform Old Core is a core package for XWiki Platform, a generi ...)
+ TODO: check
CVE-2022-31165
RESERVED
CVE-2022-31164 (Tovy is a a staff management system for Roblox groups. A vulnerability ...)
@@ -23610,8 +23688,8 @@ CVE-2022-31150 (undici is an HTTP/1.1 client, written from scratch for Node.js.
NOTE: https://github.com/nodejs/undici/security/advisories/GHSA-3cvr-822r-rqcc
NOTE: https://hackerone.com/reports/409943
NOTE: https://github.com/nodejs/undici/releases/tag/v5.8.0
-CVE-2022-31149
- RESERVED
+CVE-2022-31149 (ActivityWatch open-source automated time tracker. Versions prior to 0. ...)
+ TODO: check
CVE-2022-31148 (Shopware is an open source e-commerce software. In versions from 5.7.0 ...)
NOT-FOR-US: Shopware
CVE-2022-31147 (The jQuery Validation Plugin (jquery-validation) provides drop-in vali ...)
@@ -26174,8 +26252,8 @@ CVE-2022-30314 (Honeywell Experion PKS Safety Manager 5.02 uses Hard-coded Crede
NOT-FOR-US: Honeywell
CVE-2022-30313 (Honeywell Experion PKS Safety Manager through 2022-05-06 has Missing A ...)
NOT-FOR-US: Honeywell
-CVE-2022-30312
- RESERVED
+CVE-2022-30312 (The Trend Controls IC protocol through 2022-05-06 allows Cleartext Tra ...)
+ TODO: check
CVE-2022-30311 (In Festo Controller CECC-X-M1 product family in multiple versions, the ...)
NOT-FOR-US: Festo
CVE-2022-30310 (In Festo Controller CECC-X-M1 product family in multiple versions, the ...)
@@ -39009,7 +39087,7 @@ CVE-2022-25648 (The package git before 1.11.0 are vulnerable to Command Injectio
NOTE: Fixed by: https://github.com/ruby-git/ruby-git/commit/291ca0946bec7164b90ad5c572ac147f512c7159 (v1.11.0)
NOTE: https://security.snyk.io/vuln/SNYK-RUBY-GIT-2421270
CVE-2022-25647 (The package com.google.code.gson:gson before 2.8.9 are vulnerable to D ...)
- {DLA-3001-1}
+ {DSA-5227-1 DLA-3100-1 DLA-3001-1}
- libgoogle-gson-java 2.9.0-1 (bug #1010670)
NOTE: https://github.com/google/gson/pull/1991
NOTE: https://github.com/google/gson/commit/e6fae590cf2a758c47cd5a17f9bf3780ce62c986 (gson-parent-2.8.9)
@@ -54981,8 +55059,8 @@ CVE-2022-21952 (An Uncontrolled Resource Consumption vulnerability in spacewalk-
NOT-FOR-US: Uyuni
CVE-2022-21951 (A Missing Encryption of Sensitive Data vulnerability in SUSE Rancher, ...)
NOT-FOR-US: Rancher
-CVE-2022-21950
- RESERVED
+CVE-2022-21950 (A Improper Access Control vulnerability in the systemd service of cana ...)
+ TODO: check
CVE-2022-21949 (A Improper Restriction of XML External Entity Reference vulnerability ...)
- ruby-xmlhash <unfixed> (bug #1010667)
[bullseye] - ruby-xmlhash <no-dsa> (Minor issue)
@@ -80879,10 +80957,10 @@ CVE-2021-36785 (The miniorange_saml (aka Miniorange Saml) extension before 1.4.3
NOT-FOR-US: miniorange_saml (aka Miniorange Saml) extension for TYPO3
CVE-2021-36784 (A Improper Privilege Management vulnerability in SUSE Rancher allows u ...)
NOT-FOR-US: Rancher
-CVE-2021-36783
- RESERVED
-CVE-2021-36782
- RESERVED
+CVE-2021-36783 (A Exposure of Sensitive Information to an Unauthorized Actor vulnerabi ...)
+ TODO: check
+CVE-2021-36782 (A Cleartext Storage of Sensitive Information vulnerability in SUSE Ran ...)
+ TODO: check
CVE-2021-36781 (A Incorrect Default Permissions vulnerability in the parsec package of ...)
NOT-FOR-US: Parsec
CVE-2021-36780 (A Improper Access Control vulnerability in longhorn of SUSE Longhorn a ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/82887e570972e5e4c243cf0e3066318d56f4b977
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/82887e570972e5e4c243cf0e3066318d56f4b977
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220907/474a1fed/attachment.htm>
More information about the debian-security-tracker-commits
mailing list