[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Sep 8 09:10:23 BST 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
ac71ff77 by security tracker role at 2022-09-08T08:10:12+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,43 @@
+CVE-2022-40188
+ RESERVED
+CVE-2022-40187
+ RESERVED
+CVE-2022-40186
+ RESERVED
+CVE-2022-40185
+ RESERVED
+CVE-2022-40184
+ RESERVED
+CVE-2022-40183
+ RESERVED
+CVE-2022-40182
+ RESERVED
+CVE-2022-40181
+ RESERVED
+CVE-2022-40180
+ RESERVED
+CVE-2022-40179
+ RESERVED
+CVE-2022-40178
+ RESERVED
+CVE-2022-40177
+ RESERVED
+CVE-2022-40176
+ RESERVED
+CVE-2022-3162
+ RESERVED
+CVE-2022-3161
+ RESERVED
+CVE-2022-3160
+ RESERVED
+CVE-2022-3159
+ RESERVED
+CVE-2022-3158
+ RESERVED
+CVE-2022-3157
+ RESERVED
+CVE-2022-3156
+ RESERVED
CVE-2022-40175
RESERVED
CVE-2022-40174
@@ -717,10 +757,10 @@ CVE-2022-3132
RESERVED
CVE-2022-3131
RESERVED
-CVE-2022-3130
- RESERVED
-CVE-2022-3129
- RESERVED
+CVE-2022-3130 (A vulnerability classified as critical has been found in codeprojects ...)
+ TODO: check
+CVE-2022-3129 (A vulnerability was found in codeprojects Online Driving School. It ha ...)
+ TODO: check
CVE-2022-3128
RESERVED
CVE-2022-3127 (Cross-site Scripting (XSS) - Stored in GitHub repository jgraph/drawio ...)
@@ -3988,8 +4028,8 @@ CVE-2022-38533 (In GNU Binutils before 2.40, there is a heap-buffer-overflow in
NOTE: binutils not covered by security support
CVE-2022-38532
RESERVED
-CVE-2022-38531
- RESERVED
+CVE-2022-38531 (FPT G-97RG6M R4.2.98.035 and G-97RG3 R4.2.43.078 are vulnerable to Rem ...)
+ TODO: check
CVE-2022-38530 (GPAC v2.1-DEV-rev232-gfcaa01ebb-master was discovered to contain a sta ...)
- gpac <unfixed>
[bullseye] - gpac <no-dsa> (Minor issue)
@@ -4802,18 +4842,18 @@ CVE-2022-38316
RESERVED
CVE-2022-38315
RESERVED
-CVE-2022-38314
- RESERVED
-CVE-2022-38313
- RESERVED
-CVE-2022-38312
- RESERVED
-CVE-2022-38311
- RESERVED
-CVE-2022-38310
- RESERVED
-CVE-2022-38309
- RESERVED
+CVE-2022-38314 (Tenda AC18 router v15.03.05.19 and v15.03.05.05 was discovered to cont ...)
+ TODO: check
+CVE-2022-38313 (Tenda AC18 router v15.03.05.19 and v15.03.05.05 was discovered to cont ...)
+ TODO: check
+CVE-2022-38312 (Tenda AC18 router v15.03.05.19 and v15.03.05.05 was discovered to cont ...)
+ TODO: check
+CVE-2022-38311 (Tenda AC18 router v15.03.05.19 and v15.03.05.05 was discovered to cont ...)
+ TODO: check
+CVE-2022-38310 (Tenda AC18 router v15.03.05.19 and v15.03.05.05 was discovered to cont ...)
+ TODO: check
+CVE-2022-38309 (Tenda AC18 router v15.03.05.19 and v15.03.05.05 was discovered to cont ...)
+ TODO: check
CVE-2022-38308
RESERVED
CVE-2022-38307
@@ -4942,22 +4982,22 @@ CVE-2022-38256
RESERVED
CVE-2022-38255
RESERVED
-CVE-2022-38254
- RESERVED
+CVE-2022-38254 (Nagios XI before v5.8.7 was discovered to contain a cross-site scripti ...)
+ TODO: check
CVE-2022-38253
RESERVED
CVE-2022-38252
RESERVED
-CVE-2022-38251
- RESERVED
-CVE-2022-38250
- RESERVED
-CVE-2022-38249
- RESERVED
-CVE-2022-38248
- RESERVED
-CVE-2022-38247
- RESERVED
+CVE-2022-38251 (Nagios XI v5.8.6 was discovered to contain a cross-site scripting (XSS ...)
+ TODO: check
+CVE-2022-38250 (Nagios XI v5.8.6 was discovered to contain a SQL injection vulnerabili ...)
+ TODO: check
+CVE-2022-38249 (Nagios XI v5.8.6 was discovered to contain a cross-site scripting (XSS ...)
+ TODO: check
+CVE-2022-38248 (Nagios XI before v5.8.7 was discovered to contain multiple cross-site ...)
+ TODO: check
+CVE-2022-38247 (Nagios XI v5.8.6 was discovered to contain a cross-site scripting (XSS ...)
+ TODO: check
CVE-2022-38246
RESERVED
CVE-2022-38245
@@ -6155,12 +6195,12 @@ CVE-2022-37781 (fdkaac v1.0.3 was discovered to contain a heap buffer overflow v
NOTE: Crash in CLI tool, no security impact
CVE-2022-37780 (Phicomm FIR151B A2, FIR302E A2, FIR300B A2, FIR303B A2 routers V3.0.1. ...)
NOT-FOR-US: Phicomm FIR151B A2, FIR302E A2, FIR300B A2, FIR303B A2 routers
-CVE-2022-37779
- RESERVED
-CVE-2022-37778
- RESERVED
-CVE-2022-37777
- RESERVED
+CVE-2022-37779 (Phicomm FIR151B A2, FIR302E A2, FIR300B A2, FIR303B A2 routers V3.0.1. ...)
+ TODO: check
+CVE-2022-37778 (Phicomm FIR151B A2, FIR302E A2, FIR300B A2, FIR303B A2 routers V3.0.1. ...)
+ TODO: check
+CVE-2022-37777 (Phicomm FIR151B A2, FIR302E A2, FIR300B A2, FIR303B A2 routers 3.0.1.1 ...)
+ TODO: check
CVE-2022-37776
RESERVED
CVE-2022-37775
@@ -7778,12 +7818,12 @@ CVE-2022-37148
RESERVED
CVE-2022-37147
RESERVED
-CVE-2022-37146
- RESERVED
-CVE-2022-37145
- RESERVED
-CVE-2022-37144
- RESERVED
+CVE-2022-37146 (The PlexTrac platform prior to version 1.28.0 allows for username enum ...)
+ TODO: check
+CVE-2022-37145 (The PlexTrac platform prior to version 1.17.0 does not restrict excess ...)
+ TODO: check
+CVE-2022-37144 (The PlexTrac platform prior to API version 1.17.0 does not restrict ex ...)
+ TODO: check
CVE-2022-37143
RESERVED
CVE-2022-37142
@@ -9121,14 +9161,14 @@ CVE-2022-36590
RESERVED
CVE-2022-36589
RESERVED
-CVE-2022-36588
- RESERVED
+CVE-2022-36588 (In D-Link DAP1650 v1.04 firmware, the fileaccess.cgi program in the fi ...)
+ TODO: check
CVE-2022-36587 (In Tenda G3 US_G3V3.0br_V15.11.0.6(7663)_EN_TDE, there is a buffer ove ...)
NOT-FOR-US: Tenda
-CVE-2022-36586
- RESERVED
-CVE-2022-36585
- RESERVED
+CVE-2022-36586 (In Tenda G3 US_G3V3.0br_V15.11.0.6(7663)_EN_TDE, there is a buffer ove ...)
+ TODO: check
+CVE-2022-36585 (In Tenda G3 US_G3V3.0br_V15.11.0.6(7663)_EN_TDE, in httpd binary, the ...)
+ TODO: check
CVE-2022-36584 (In Tenda G3 US_G3V3.0br_V15.11.0.6(7663)_EN_TDE, the getsinglepppuser ...)
NOT-FOR-US: Tenda
CVE-2022-36583 (DedeCMS V5.7.97 was discovered to contain multiple cross-site scriptin ...)
@@ -10517,28 +10557,28 @@ CVE-2022-36091
RESERVED
CVE-2022-36090
RESERVED
-CVE-2022-36089
- RESERVED
-CVE-2022-36088
- RESERVED
+CVE-2022-36089 (KubeVela is an application delivery platform Users using KubeVela's Ve ...)
+ TODO: check
+CVE-2022-36088 (GoCD is a continuous delivery server. Windows installations via either ...)
+ TODO: check
CVE-2022-36087
RESERVED
-CVE-2022-36086
- RESERVED
+CVE-2022-36086 (linked_list_allocator is an allocator usable for no_std systems. Prior ...)
+ TODO: check
CVE-2022-36085
RESERVED
CVE-2022-36084
RESERVED
-CVE-2022-36083
- RESERVED
-CVE-2022-36082
- RESERVED
-CVE-2022-36081
- RESERVED
-CVE-2022-36080
- RESERVED
-CVE-2022-36079
- RESERVED
+CVE-2022-36083 (JOSE is "JSON Web Almost Everything" - JWA, JWS, JWE, JWT, JWK, JWKS w ...)
+ TODO: check
+CVE-2022-36082 (mangadex-downloader is a command-line tool to download manga from Mang ...)
+ TODO: check
+CVE-2022-36081 (Wikmd is a file based wiki that uses markdown. Prior to version 1.7.1, ...)
+ TODO: check
+CVE-2022-36080 (Wikmd is a file based wiki that uses markdown. Prior to version 1.7.1, ...)
+ TODO: check
+CVE-2022-36079 (Parse Server is an open source backend that can be deployed to any inf ...)
+ TODO: check
CVE-2022-36078 (Binary provides encoding/decoding in Borsh and other formats. The vuln ...)
NOT-FOR-US: gagliardetto/Binary (tool to provide encoding/decoding in Borsh and other formats)
CVE-2022-36077
@@ -10549,16 +10589,16 @@ CVE-2022-36075
RESERVED
CVE-2022-36074
RESERVED
-CVE-2022-36073
- RESERVED
+CVE-2022-36073 (RubyGems.org is the Ruby community gem host. A bug in password & e ...)
+ TODO: check
CVE-2022-36072 (SilverwareGames.io is a social network for users to play video games o ...)
NOT-FOR-US: SilverwareGames.io
CVE-2022-36071 (SFTPGo is configurable SFTP server with optional HTTP/S, FTP/S and Web ...)
NOT-FOR-US: SFTPGo
-CVE-2022-36070
- RESERVED
-CVE-2022-36069
- RESERVED
+CVE-2022-36070 (Poetry is a dependency manager for Python. To handle dependencies that ...)
+ TODO: check
+CVE-2022-36069 (Poetry is a dependency manager for Python. When handling dependencies ...)
+ TODO: check
CVE-2022-36068
RESERVED
CVE-2022-36067 (vm2 is a sandbox that can run untrusted code with whitelisted Node's b ...)
@@ -10606,8 +10646,8 @@ CVE-2022-36051 (ZITADEL combines the ease of Auth0 and the versatility of Keyclo
NOT-FOR-US: ZITADEL
CVE-2022-36050
RESERVED
-CVE-2022-36049
- RESERVED
+CVE-2022-36049 (Flux2 is a tool for keeping Kubernetes clusters in sync with sources o ...)
+ TODO: check
CVE-2022-36048 (Zulip is an open-source team collaboration tool with topic-based threa ...)
NOT-FOR-US: Zulip
CVE-2022-36047
@@ -19591,7 +19631,7 @@ CVE-2022-2023 (Incorrect Use of Privileged APIs in GitHub repository polonel/tru
NOT-FOR-US: Trudesk
CVE-2017-20050 (A vulnerability has been found in AXIS P1204, P3225, P3367, M3045, M30 ...)
NOT-FOR-US: AXIS
-CVE-2017-20049 (A vulnerability, which was classified as critical, was found in AXIS P ...)
+CVE-2017-20049 (A vulnerability, was found in legacy Axis devices such as P3225 and M3 ...)
NOT-FOR-US: AXIS
CVE-2017-20048 (A vulnerability, which was classified as critical, has been found in A ...)
NOT-FOR-US: AXIS
@@ -26965,8 +27005,8 @@ CVE-2022-30080
RESERVED
CVE-2022-30079
RESERVED
-CVE-2022-30078
- RESERVED
+CVE-2022-30078 (NETGEAR R6200_V2 firmware versions through R6200v2-V1.0.3.12_10.1.11 a ...)
+ TODO: check
CVE-2022-30077
RESERVED
CVE-2022-30076
@@ -38915,8 +38955,8 @@ CVE-2022-25918
RESERVED
CVE-2022-25916
RESERVED
-CVE-2022-25914
- RESERVED
+CVE-2022-25914 (The package com.google.cloud.tools:jib-core before 0.22.0 are vulnerab ...)
+ TODO: check
CVE-2022-25913
RESERVED
CVE-2022-25912
@@ -38943,8 +38983,8 @@ CVE-2022-25900 (All versions of package git-clone are vulnerable to Command Inje
NOT-FOR-US: Node git-clone
CVE-2022-25898 (The package jsrsasign before 10.5.25 are vulnerable to Improper Verifi ...)
NOT-FOR-US: Node jsrsasign
-CVE-2022-25897
- RESERVED
+CVE-2022-25897 (The package org.eclipse.milo:sdk-server before 0.6.8 are vulnerable to ...)
+ TODO: check
CVE-2022-25896 (This affects the package passport before 0.6.0. When a user logs in or ...)
- passportjs 0.6.0+~1.0.0-1 (bug #1014385)
[bullseye] - passportjs <no-dsa> (Minor issue)
@@ -87095,8 +87135,8 @@ CVE-2021-34238
RESERVED
CVE-2021-34237
RESERVED
-CVE-2021-34236
- RESERVED
+CVE-2021-34236 (Buffer Overflow in Netgear R8000 Router with firmware v1.0.4.56 allows ...)
+ TODO: check
CVE-2021-34235 (Tokheim Profleet DiaLOG 11.005.02 is affected by SQL Injection. The co ...)
NOT-FOR-US: Tokheim Profleet DiaLOG
CVE-2021-34234
@@ -153748,8 +153788,8 @@ CVE-2020-19916
RESERVED
CVE-2020-19915 (Cross Site Scripting (XSS vulnerability exists in WUZHI CMS 4.1.0 via ...)
NOT-FOR-US: WUZHI CMS
-CVE-2020-19914
- RESERVED
+CVE-2020-19914 (Cross Site Scripting (XSS) in xiunobbs 4.0.4 allows remote attackers t ...)
+ TODO: check
CVE-2020-19913
RESERVED
CVE-2020-19912
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ac71ff77a68b4e07b0bffc97c576e89a5dbc98bc
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ac71ff77a68b4e07b0bffc97c576e89a5dbc98bc
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220908/27be66b0/attachment.htm>
More information about the debian-security-tracker-commits
mailing list