[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Sep 8 21:10:35 BST 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
7edf082c by security tracker role at 2022-09-08T20:10:25+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,101 @@
+CVE-2022-40237
+ RESERVED
+CVE-2022-40236
+ RESERVED
+CVE-2022-40235
+ RESERVED
+CVE-2022-40234
+ RESERVED
+CVE-2022-40233
+ RESERVED
+CVE-2022-40232
+ RESERVED
+CVE-2022-40231
+ RESERVED
+CVE-2022-40230
+ RESERVED
+CVE-2022-40229
+ RESERVED
+CVE-2022-40228
+ RESERVED
+CVE-2022-40227
+ RESERVED
+CVE-2022-40226
+ RESERVED
+CVE-2022-40225
+ RESERVED
+CVE-2022-40200
+ RESERVED
+CVE-2022-40198
+ RESERVED
+CVE-2022-40197
+ RESERVED
+CVE-2022-40195
+ RESERVED
+CVE-2022-40194
+ RESERVED
+CVE-2022-40191
+ RESERVED
+CVE-2022-40189
+ RESERVED
+CVE-2022-40132
+ RESERVED
+CVE-2022-38976
+ RESERVED
+CVE-2022-38704
+ RESERVED
+CVE-2022-38703
+ RESERVED
+CVE-2022-38470
+ RESERVED
+CVE-2022-38460
+ RESERVED
+CVE-2022-38144
+ RESERVED
+CVE-2022-38140
+ RESERVED
+CVE-2022-38139
+ RESERVED
+CVE-2022-38137
+ RESERVED
+CVE-2022-38135
+ RESERVED
+CVE-2022-38134
+ RESERVED
+CVE-2022-38098
+ RESERVED
+CVE-2022-38095
+ RESERVED
+CVE-2022-38086
+ RESERVED
+CVE-2022-38085
+ RESERVED
+CVE-2022-38077
+ RESERVED
+CVE-2022-37342
+ RESERVED
+CVE-2022-36790
+ RESERVED
+CVE-2022-36388
+ RESERVED
+CVE-2022-36356
+ RESERVED
+CVE-2022-36340
+ RESERVED
+CVE-2022-36299
+ RESERVED
+CVE-2022-36295
+ RESERVED
+CVE-2022-3167
+ RESERVED
+CVE-2022-3166
+ RESERVED
+CVE-2022-3165
+ RESERVED
+CVE-2022-3164
+ RESERVED
+CVE-2022-3163
+ RESERVED
CVE-2022-40188
RESERVED
CVE-2022-40187
@@ -104,8 +202,8 @@ CVE-2022-3155
RESERVED
CVE-2022-3154
RESERVED
-CVE-2022-3153
- RESERVED
+CVE-2022-3153 (NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.040 ...)
+ TODO: check
CVE-2022-3152 (Unverified Password Change in GitHub repository phpfusion/phpfusion pr ...)
NOT-FOR-US: PHP-Fusion
CVE-2022-3151
@@ -114,8 +212,8 @@ CVE-2022-3150
RESERVED
CVE-2022-3149
RESERVED
-CVE-2022-3148
- RESERVED
+CVE-2022-3148 (Cross-site Scripting (XSS) - Generic in GitHub repository jgraph/drawi ...)
+ TODO: check
CVE-2022-40144
RESERVED
CVE-2022-40143
@@ -170,8 +268,8 @@ CVE-2022-3140
RESERVED
CVE-2022-3139
RESERVED
-CVE-2022-3138
- RESERVED
+CVE-2022-3138 (Cross-site Scripting (XSS) - Generic in GitHub repository jgraph/drawi ...)
+ TODO: check
CVE-2022-3137
RESERVED
CVE-2022-3136
@@ -2609,10 +2707,10 @@ CVE-2022-39017
RESERVED
CVE-2022-39016
RESERVED
-CVE-2022-38400
- RESERVED
-CVE-2022-33941
- RESERVED
+CVE-2022-38400 (Mailform Pro CGI 4.3.1 and earlier allow a remote unauthenticated atta ...)
+ TODO: check
+CVE-2022-33941 (PowerCMS XMLRPC API provided by Alfasado Inc. contains a command injec ...)
+ TODO: check
CVE-2022-3060
RESERVED
CVE-2022-3059
@@ -3166,8 +3264,8 @@ CVE-2022-38796
RESERVED
CVE-2022-38453
RESERVED
-CVE-2022-38399
- RESERVED
+CVE-2022-38399 (Missing protection mechanism for alternate hardware interface in SmaCa ...)
+ TODO: check
CVE-2022-38138
RESERVED
CVE-2022-38100
@@ -3553,18 +3651,18 @@ CVE-2022-38705
RESERVED
CVE-2022-38458
RESERVED
-CVE-2022-38394
- RESERVED
-CVE-2022-38094
- RESERVED
+CVE-2022-38394 (Use of hard-coded credentials for the telnet server of CentreCOM AR260 ...)
+ TODO: check
+CVE-2022-38094 (OS command injection vulnerability in the telnet function of CentreCOM ...)
+ TODO: check
CVE-2022-37337
RESERVED
CVE-2022-36429
RESERVED
-CVE-2022-35273
- RESERVED
-CVE-2022-34869
- RESERVED
+CVE-2022-35273 (OS command injection vulnerability in GUI setting page of CentreCOM AR ...)
+ TODO: check
+CVE-2022-34869 (Undocumented hidden command that can be executed from the telnet funct ...)
+ TODO: check
CVE-2022-2973
RESERVED
CVE-2022-2972
@@ -4860,8 +4958,8 @@ CVE-2022-38307
RESERVED
CVE-2022-38306
RESERVED
-CVE-2022-36403
- RESERVED
+CVE-2022-36403 (Untrusted search path vulnerability in the installer of Device Softwar ...)
+ TODO: check
CVE-2022-2825
RESERVED
CVE-2022-2824 (Improper Access Control in GitHub repository openemr/openemr prior to ...)
@@ -4970,18 +5068,18 @@ CVE-2022-38262
RESERVED
CVE-2022-38261
RESERVED
-CVE-2022-38260
- RESERVED
+CVE-2022-38260 (Interview Management System v1.0 was discovered to contain a SQL injec ...)
+ TODO: check
CVE-2022-38259
RESERVED
-CVE-2022-38258
- RESERVED
+CVE-2022-38258 (A local file inclusion (LFI) vulnerability in D-Link DIR 819 v1.06 all ...)
+ TODO: check
CVE-2022-38257
RESERVED
-CVE-2022-38256
- RESERVED
-CVE-2022-38255
- RESERVED
+CVE-2022-38256 (TastyIgniter v3.5.0 was discovered to contain a cross-site scripting ( ...)
+ TODO: check
+CVE-2022-38255 (Interview Management System v1.0 was discovered to contain a SQL injec ...)
+ TODO: check
CVE-2022-38254 (Nagios XI before v5.8.7 was discovered to contain a cross-site scripti ...)
NOT-FOR-US: Nagios XI
CVE-2022-38253
@@ -6036,8 +6134,8 @@ CVE-2022-37859
RESERVED
CVE-2022-37858
RESERVED
-CVE-2022-37857
- RESERVED
+CVE-2022-37857 (bilde2910 Hauk v1.6.1 requires a hardcoded password which by default i ...)
+ TODO: check
CVE-2022-37856
RESERVED
CVE-2022-37855
@@ -7782,10 +7880,10 @@ CVE-2022-37166
RESERVED
CVE-2022-37165
RESERVED
-CVE-2022-37164
- RESERVED
-CVE-2022-37163
- RESERVED
+CVE-2022-37164 (Inoda OnTrack v3.4 employs a weak password policy which allows attacke ...)
+ TODO: check
+CVE-2022-37163 (Bminusl IHateToBudget v1.5.7 employs a weak password policy which allo ...)
+ TODO: check
CVE-2022-37162 (Claroline 13.5.7 and prior is vulnerable to Cross Site Scripting (XSS) ...)
NOT-FOR-US: Claroline
CVE-2022-37161 (Claroline 13.5.7 and prior is vulnerable to Cross Site Scripting (XSS) ...)
@@ -8861,8 +8959,8 @@ CVE-2022-36738
RESERVED
CVE-2022-36737
RESERVED
-CVE-2022-36736
- RESERVED
+CVE-2022-36736 (Jitsi-2.10.5550 was discovered to contain a vulnerability in its web U ...)
+ TODO: check
CVE-2022-36735 (Library Management System v1.0 was discovered to contain a SQL injecti ...)
NOT-FOR-US: Library Management System
CVE-2022-36734 (Library Management System v1.0 was discovered to contain a SQL injecti ...)
@@ -10549,14 +10647,14 @@ CVE-2022-36095
RESERVED
CVE-2022-36094
RESERVED
-CVE-2022-36093
- RESERVED
-CVE-2022-36092
- RESERVED
-CVE-2022-36091
- RESERVED
-CVE-2022-36090
- RESERVED
+CVE-2022-36093 (XWiki Platform Web Templates are templates for XWiki Platform, a gener ...)
+ TODO: check
+CVE-2022-36092 (XWiki Platform Old Core is a core package for XWiki Platform, a generi ...)
+ TODO: check
+CVE-2022-36091 (XWiki Platform Web Templates are templates for XWiki Platform, a gener ...)
+ TODO: check
+CVE-2022-36090 (XWiki Platform Old Core is a core package for XWiki Platform, a generi ...)
+ TODO: check
CVE-2022-36089 (KubeVela is an application delivery platform Users using KubeVela's Ve ...)
NOT-FOR-US: KubeVela
CVE-2022-36088 (GoCD is a continuous delivery server. Windows installations via either ...)
@@ -10565,8 +10663,8 @@ CVE-2022-36087
RESERVED
CVE-2022-36086 (linked_list_allocator is an allocator usable for no_std systems. Prior ...)
TODO: check
-CVE-2022-36085
- RESERVED
+CVE-2022-36085 (Open Policy Agent (OPA) is an open source, general-purpose policy engi ...)
+ TODO: check
CVE-2022-36084
RESERVED
CVE-2022-36083 (JOSE is "JSON Web Almost Everything" - JWA, JWS, JWE, JWT, JWK, JWKS w ...)
@@ -20398,7 +20496,7 @@ CVE-2022-32277 (Squiz Matrix CMS 6.20 is vulnerable to an Insecure Direct Object
NOT-FOR-US: Squiz Matrix CMS
CVE-2022-32276 (** DISPUTED ** Grafana 8.4.3 allows unauthenticated access via (for ex ...)
- grafana <removed>
-CVE-2022-32275 (Grafana 8.4.3 allows reading files via (for example) a /dashboard/snap ...)
+CVE-2022-32275 (** DISPUTED ** Grafana 8.4.3 allows reading files via (for example) a ...)
- grafana <removed>
CVE-2022-31472 (Browse restriction bypass vulnerability in Cabinet of Cybozu Garoon 4. ...)
NOT-FOR-US: Cybozu
@@ -27003,8 +27101,8 @@ CVE-2022-30081
RESERVED
CVE-2022-30080
RESERVED
-CVE-2022-30079
- RESERVED
+CVE-2022-30079 (Command injection vulnerability was discovered in Netgear R6200 v2 fir ...)
+ TODO: check
CVE-2022-30078 (NETGEAR R6200_V2 firmware versions through R6200v2-V1.0.3.12_10.1.11 a ...)
NOT-FOR-US: Netgear
CVE-2022-30077
@@ -32442,8 +32540,8 @@ CVE-2022-28222 (The CleanTalk AntiSpam plugin <= 5.173 for WordPress is vulne
NOT-FOR-US: WordPress plugin
CVE-2022-28221 (The CleanTalk AntiSpam plugin <= 5.173 for WordPress is vulnerable ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-28220
- RESERVED
+CVE-2022-28220 (Apache James prior to release 3.6.3 and 3.7.1 is vulnerable to a buffe ...)
+ TODO: check
CVE-2022-1185 (A denial of service vulnerability when rendering RDoc files in GitLab ...)
- gitlab <unfixed>
CVE-2022-1184 (A use-after-free flaw was found in fs/ext4/namei.c:dx_insert_block() i ...)
@@ -33333,12 +33431,12 @@ CVE-2022-27971
RESERVED
CVE-2022-27970
RESERVED
-CVE-2022-27969
- RESERVED
-CVE-2022-27968
- RESERVED
-CVE-2022-27967
- RESERVED
+CVE-2022-27969 (Cynet 360 Web Portal before v4.5 was discovered to allow attackers to ...)
+ TODO: check
+CVE-2022-27968 (Cynet 360 Web Portal before v4.5 was discovered to allow attackers to ...)
+ TODO: check
+CVE-2022-27967 (Cynet 360 Web Portal before v4.5 was discovered to allow attackers to ...)
+ TODO: check
CVE-2022-27966 (Xshell v7.0.0099 and below contains a binary hijack vulnerability whic ...)
NOT-FOR-US: NetSarang Xshell
CVE-2022-27965 (Xlpd v7.0.0094 and below contains a binary hijack vulnerability which ...)
@@ -34373,8 +34471,8 @@ CVE-2022-27595
RESERVED
CVE-2022-27594
RESERVED
-CVE-2022-27593
- RESERVED
+CVE-2022-27593 (An externally controlled reference to a resource vulnerability has bee ...)
+ TODO: check
CVE-2022-27592
RESERVED
CVE-2022-27591
@@ -51373,8 +51471,8 @@ CVE-2022-22316 (IBM MQ Appliance 9.2 CD and 9.2 LTS could allow an authenticated
NOT-FOR-US: IBM
CVE-2022-22315 (IBM UrbanCode Deploy (UCD) 7.2.2.1 could allow an authenticated user w ...)
NOT-FOR-US: IBM
-CVE-2022-22314
- RESERVED
+CVE-2022-22314 (IBM Planning Analytics Local 2.0 allows web pages to be stored locally ...)
+ TODO: check
CVE-2022-22313
RESERVED
CVE-2022-22312 (IBM Security Identity Manager (IBM Security Verify Password Synchroniz ...)
@@ -62702,8 +62800,8 @@ CVE-2022-20925
RESERVED
CVE-2022-20924
RESERVED
-CVE-2022-20923
- RESERVED
+CVE-2022-20923 (A vulnerability in the IPSec VPN Server authentication functionality o ...)
+ TODO: check
CVE-2022-20922
RESERVED
CVE-2022-20921 (A vulnerability in the API implementation of Cisco ACI Multi-Site Orch ...)
@@ -62822,8 +62920,8 @@ CVE-2022-20865 (A vulnerability in the CLI of Cisco FXOS Software could allow an
NOT-FOR-US: Cisco
CVE-2022-20864
RESERVED
-CVE-2022-20863
- RESERVED
+CVE-2022-20863 (A vulnerability in the messaging interface of Cisco Webex App, formerl ...)
+ TODO: check
CVE-2022-20862 (A vulnerability in the web-based management interface of Cisco Unified ...)
NOT-FOR-US: Cisco
CVE-2022-20861 (Multiple vulnerabilities in Cisco Nexus Dashboard could allow an unaut ...)
@@ -63183,8 +63281,8 @@ CVE-2022-20698 (A vulnerability in the OOXML parsing module in Clam AntiVirus (C
NOTE: https://github.com/Cisco-Talos/clamav/commit/9a6bb57f89721db637f4ddb5b233c1c4e23d223a (0.103.5)
CVE-2022-20697 (A vulnerability in the web services interface of Cisco IOS Software an ...)
NOT-FOR-US: Cisco
-CVE-2022-20696
- RESERVED
+CVE-2022-20696 (A vulnerability in the binding configuration of Cisco SD-WAN vManage S ...)
+ TODO: check
CVE-2022-20695 (A vulnerability in the authentication functionality of Cisco Wireless ...)
NOT-FOR-US: Cisco
CVE-2022-20694 (A vulnerability in the implementation of the Resource Public Key Infra ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7edf082c77d0d02d9d35f57f1d97c965f3064c2c
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7edf082c77d0d02d9d35f57f1d97c965f3064c2c
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220908/3de0d1de/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list