Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 17ba084d by security tracker role at 2022-08-16T20:10:16+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,3 +1,73 @@ +CVE-2022-38381 + RESERVED +CVE-2022-38380 + RESERVED +CVE-2022-38379 + RESERVED +CVE-2022-38378 + RESERVED +CVE-2022-38377 + RESERVED +CVE-2022-38376 + RESERVED +CVE-2022-38375 + RESERVED +CVE-2022-38374 + RESERVED +CVE-2022-38373 + RESERVED +CVE-2022-38372 + RESERVED +CVE-2022-38371 + RESERVED +CVE-2022-38370 + RESERVED +CVE-2022-38369 + RESERVED +CVE-2022-2851 + RESERVED +CVE-2022-2850 + RESERVED +CVE-2022-2849 + RESERVED +CVE-2022-2848 + RESERVED +CVE-2022-2847 + RESERVED +CVE-2022-2846 + RESERVED +CVE-2022-2845 + RESERVED +CVE-2022-2844 + RESERVED +CVE-2022-2843 + RESERVED +CVE-2022-2842 + RESERVED +CVE-2022-2841 + RESERVED +CVE-2022-2840 + RESERVED +CVE-2022-2839 + RESERVED +CVE-2022-2838 (In Eclipse Sphinx™ before version 0.13.1, Apache Xerces XML Pars ...) + TODO: check +CVE-2022-2837 + RESERVED +CVE-2022-2836 + RESERVED +CVE-2022-2835 + RESERVED +CVE-2022-2834 + RESERVED +CVE-2022-2833 + RESERVED +CVE-2022-2832 + RESERVED +CVE-2022-2831 + RESERVED +CVE-2022-2830 + RESERVED CVE-2022-38368 (An issue was discovered in Aviatrix Gateway before 6.6.5712 and 6.7.x ...) NOT-FOR-US: Aviatrix Gateway CVE-2022-38367 @@ -18,8 +88,7 @@ CVE-2022-2827 RESERVED CVE-2022-2826 RESERVED -CVE-2022-38362 - RESERVED +CVE-2022-38362 (Apache Airflow Docker's Provider prior to 3.0.0 shipped with an exampl ...) - airflow <itp> (bug #819700) CVE-2022-38361 RESERVED @@ -394,18 +463,18 @@ CVE-2022-38196 RESERVED CVE-2022-38195 RESERVED -CVE-2022-38194 - RESERVED -CVE-2022-38193 - RESERVED -CVE-2022-38192 - RESERVED +CVE-2022-38194 (In Esri Portal for ArcGIS versions 10.8.1, a system property is not pr ...) + TODO: check +CVE-2022-38193 (There is a code injection vulnerability in Esri Portal for ArcGIS vers ...) + TODO: check +CVE-2022-38192 (A stored Cross Site Scripting (XSS) vulnerability in Esri Portal for A ...) + TODO: check CVE-2022-38191 (There is an HTML injection issue in Esri Portal for ArcGIS versions 10 ...) NOT-FOR-US: Esri Portal for ArcGIS CVE-2022-38190 (A stored Cross Site Scripting (XSS) vulnerability in Esri Portal for A ...) NOT-FOR-US: Esri Portal for ArcGIS -CVE-2022-38189 - RESERVED +CVE-2022-38189 (A stored Cross Site Scripting (XSS) vulnerability in Esri Portal for A ...) + TODO: check CVE-2022-38188 (There is a reflected XSS vulnerability in Esri Portal for ArcGIS versi ...) NOT-FOR-US: Esri Portal for ArcGIS CVE-2022-38187 (Prior to version 10.9.0, the sharing/rest/content/features/analyze end ...) @@ -414,8 +483,8 @@ CVE-2022-38186 (There is a reflected XSS vulnerability in Esri Portal for ArcGIS NOT-FOR-US: Esri Portal for ArcGIS CVE-2022-38185 RESERVED -CVE-2022-38184 - RESERVED +CVE-2022-38184 (There is an improper access control vulnerability in Portal for ArcGIS ...) + TODO: check CVE-2022-38183 (In Gitea before 1.16.9, it was possible for users to add existing issu ...) - gitea <removed> CVE-2022-38182 @@ -4350,8 +4419,8 @@ CVE-2022-36601 RESERVED CVE-2022-36600 RESERVED -CVE-2022-36599 - RESERVED +CVE-2022-36599 (Mingsoft MCMS 5.2.8 was discovered to contain a SQL injection vulnerab ...) + TODO: check CVE-2022-36598 RESERVED CVE-2022-36597 @@ -4488,8 +4557,8 @@ CVE-2022-36532 RESERVED CVE-2022-36531 RESERVED -CVE-2022-36530 - RESERVED +CVE-2022-36530 (An issue was discovered in rageframe2 2.6.37. There is a XSS vulnerabi ...) + TODO: check CVE-2022-36529 RESERVED CVE-2022-36528 @@ -4756,14 +4825,14 @@ CVE-2022-2523 (Cross-site Scripting (XSS) - Reflected in GitHub repository beanc [buster] - fava <no-dsa> (Minor issue) NOTE: https://huntr.dev/bounties/2a1802d8-1c2e-4919-96a7-d4dcf7ffcf8f NOTE: https://github.com/beancount/fava/commit/dccfb6a2f4567f35ce2e9a78e24f92ebf946bc9b (v1.22.2) -CVE-2022-36381 - RESERVED -CVE-2022-36293 - RESERVED -CVE-2022-35734 - RESERVED -CVE-2022-34156 - RESERVED +CVE-2022-36381 (OS command injection vulnerability in Nintendo Wi-Fi Network Adaptor W ...) + TODO: check +CVE-2022-36293 (Buffer overflow vulnerability in Nintendo Wi-Fi Network Adaptor WAP-00 ...) + TODO: check +CVE-2022-35734 ('Hulu / フールー' App for Android from version ...) + TODO: check +CVE-2022-34156 ('Hulu / フールー' App for iOS versions prior t ...) + TODO: check CVE-2022-36415 (A DLL hijacking vulnerability exists in the uninstaller in Scooter Bey ...) NOT-FOR-US: Scooter Beyond Compare CVE-2022-36414 (There is an elevation of privilege breakout vulnerability in the Windo ...) @@ -4840,8 +4909,8 @@ CVE-2022-36357 RESERVED CVE-2022-36346 RESERVED -CVE-2022-36344 - RESERVED +CVE-2022-36344 (An unquoted search path vulnerability exists in 'JustSystems JUST Onli ...) + TODO: check CVE-2022-36343 (Authenticated (author or higher user role) Stored Cross-Site Scripting ...) NOT-FOR-US: WordPress plugin CVE-2022-36341 @@ -4944,8 +5013,8 @@ CVE-2022-36361 RESERVED CVE-2022-36360 RESERVED -CVE-2022-35239 - RESERVED +CVE-2022-35239 (The image file management page of SolarView Compact SV-CPT-MC310 Ver.7 ...) + TODO: check CVE-2022-2505 RESERVED - firefox 103.0-1 @@ -5288,10 +5357,10 @@ CVE-2022-36275 RESERVED CVE-2022-36274 RESERVED -CVE-2022-36273 - RESERVED -CVE-2022-36272 - RESERVED +CVE-2022-36273 (Tenda AC9 V15.03.2.21_cn is vulnerable to command injection via goform ...) + TODO: check +CVE-2022-36272 (Mingsoft MCMS 5.2.8 was discovered to contain a SQL injection vulnerab ...) + TODO: check CVE-2022-36271 RESERVED CVE-2022-36270 (Clinic's Patient Management System v1.0 has arbitrary code execution v ...) @@ -5350,8 +5419,8 @@ CVE-2022-36244 RESERVED CVE-2022-36243 RESERVED -CVE-2022-36242 - RESERVED +CVE-2022-36242 (Clinic's Patient Management System v1.0 is vulnerable to SQL Injection ...) + TODO: check CVE-2022-36241 RESERVED CVE-2022-36240 @@ -7524,8 +7593,8 @@ CVE-2022-35301 REJECTED CVE-2022-35300 REJECTED -CVE-2022-33939 - RESERVED +CVE-2022-33939 (CENTUM VP / CS 3000 controller FCS (CP31, CP33, CP345, CP401, and CP45 ...) + TODO: check CVE-2022-2346 RESERVED CVE-2022-2345 (Use After Free in GitHub repository vim/vim prior to 9.0.0046. ...) @@ -20376,10 +20445,10 @@ CVE-2022-30578 RESERVED CVE-2022-30577 RESERVED -CVE-2022-30576 - RESERVED -CVE-2022-30575 - RESERVED +CVE-2022-30576 (The Web Console component of TIBCO Software Inc.'s TIBCO Data Science ...) + TODO: check +CVE-2022-30575 (The Web Console component of TIBCO Software Inc.'s TIBCO Data Science ...) + TODO: check CVE-2022-30574 (The ftlserver component of TIBCO Software Inc.'s TIBCO FTL - Community ...) NOT-FOR-US: TIBCO CVE-2022-30573 (The ftlserver component of TIBCO Software Inc.'s TIBCO FTL - Community ...) @@ -21360,8 +21429,8 @@ CVE-2022-30266 RESERVED CVE-2022-30265 RESERVED -CVE-2022-30264 - RESERVED +CVE-2022-30264 (The Emerson ROC and FloBoss RTU product lines through 2022-05-02 perfo ...) + TODO: check CVE-2022-30263 RESERVED CVE-2022-30262 @@ -22183,8 +22252,8 @@ CVE-2022-29961 RESERVED CVE-2022-29960 (Emerson OpenBSI through 2022-04-29 uses weak cryptography. It is an en ...) NOT-FOR-US: Emerson -CVE-2022-29959 - RESERVED +CVE-2022-29959 (Emerson OpenBSI through 2022-04-29 mishandles credential storage. It i ...) + TODO: check CVE-2022-29958 (JTEKT TOYOPUC PLCs through 2022-04-29 do not ensure data integrity. Th ...) NOT-FOR-US: JTEKT TOYOPUC PLCs CVE-2022-29957 (The Emerson DeltaV Distributed Control System (DCS) through 2022-04-29 ...) @@ -23565,6 +23634,7 @@ CVE-2022-29537 (gp_rtp_builder_do_hevc in ietf/rtp_pck_mpeg4.c in GPAC 2.0.0 has NOTE: https://github.com/gpac/gpac/issues/2173 NOTE: Fixed by: https://github.com/gpac/gpac/commit/1773b7a34bc08734aee7d3f5dfe65d06389fe15a CVE-2022-29536 (In GNOME Epiphany before 41.4 and 42.x before 42.2, an HTML document c ...) + {DSA-5208-1} - epiphany-browser 42.2-1 (bug #1009959) [stretch] - epiphany-browser <not-affected> (Vulnerable code not present) NOTE: https://gitlab.gnome.org/GNOME/epiphany/-/merge_requests/1106 @@ -37174,36 +37244,42 @@ CVE-2022-24811 (Combodi iTop is a web based IT Service Management tool. Prior to NOT-FOR-US: Combodi CVE-2022-24810 [A malformed OID in a SET to the nsVacmAccessTable can cause a NULL pointer dereference] RESERVED + {DSA-5209-1} - net-snmp 5.9.3+dfsg-1 (bug #1016139) NOTE: https://fossies.org/linux/net-snmp/CHANGES (fixed in 5.9.3) NOTE: https://github.com/net-snmp/net-snmp/commit/67ebb43e9038b2dae6e74ae8838b36fcc10fc937 (v5.9.2.pre1) NOTE: https://github.com/net-snmp/net-snmp/commit/9a0cd7c00947d5e1c6ceb54558d454f87c3b8341 (v5.9.2.pre1) CVE-2022-24809 [A malformed OID in a GET-NEXT to the nsVacmAccessTable can cause a NULL pointer dereference] RESERVED + {DSA-5209-1} - net-snmp 5.9.3+dfsg-1 (bug #1016139) NOTE: https://fossies.org/linux/net-snmp/CHANGES (fixed in 5.9.3) NOTE: https://github.com/net-snmp/net-snmp/commit/67ebb43e9038b2dae6e74ae8838b36fcc10fc937 (v5.9.2.pre1) NOTE: https://github.com/net-snmp/net-snmp/commit/9a0cd7c00947d5e1c6ceb54558d454f87c3b8341 (v5.9.2.pre1) CVE-2022-24808 [A malformed OID in a SET request to NET-SNMP-AGENT-MIB::nsLogTable can cause a NULL pointer dereference] RESERVED + {DSA-5209-1} - net-snmp 5.9.3+dfsg-1 (bug #1016139) NOTE: https://fossies.org/linux/net-snmp/CHANGES (fixed in 5.9.3) NOTE: https://github.com/net-snmp/net-snmp/commit/67ebb43e9038b2dae6e74ae8838b36fcc10fc937 (v5.9.2.pre1) NOTE: https://github.com/net-snmp/net-snmp/commit/9a0cd7c00947d5e1c6ceb54558d454f87c3b8341 (v5.9.2.pre1) CVE-2022-24807 [A malformed OID in a SET request to SNMP-VIEW-BASED-ACM-MIB::vacmAccessTable can cause an out-of-bounds memory access] RESERVED + {DSA-5209-1} - net-snmp 5.9.3+dfsg-1 (bug #1016139) NOTE: https://fossies.org/linux/net-snmp/CHANGES (fixed in 5.9.3) NOTE: https://github.com/net-snmp/net-snmp/commit/67ebb43e9038b2dae6e74ae8838b36fcc10fc937 (v5.9.2.pre1) NOTE: https://github.com/net-snmp/net-snmp/commit/9a0cd7c00947d5e1c6ceb54558d454f87c3b8341 (v5.9.2.pre1) CVE-2022-24806 [Improper Input Validation when SETing malformed OIDs in master agent and subagent simultaneously] RESERVED + {DSA-5209-1} - net-snmp 5.9.3+dfsg-1 (bug #1016139) NOTE: https://fossies.org/linux/net-snmp/CHANGES (fixed in 5.9.3) NOTE: https://github.com/net-snmp/net-snmp/commit/67ebb43e9038b2dae6e74ae8838b36fcc10fc937 (v5.9.2.pre1) NOTE: https://github.com/net-snmp/net-snmp/commit/9a0cd7c00947d5e1c6ceb54558d454f87c3b8341 (v5.9.2.pre1) CVE-2022-24805 [A buffer overflow in the handling of the INDEX of NET-SNMP-VACM-MIB can cause an out-of-bounds memory access] RESERVED + {DSA-5209-1} - net-snmp 5.9.3+dfsg-1 (bug #1016139) NOTE: https://fossies.org/linux/net-snmp/CHANGES (fixed in 5.9.3) NOTE: https://github.com/net-snmp/net-snmp/commit/67ebb43e9038b2dae6e74ae8838b36fcc10fc937 (v5.9.2.pre1) @@ -91937,8 +92013,8 @@ CVE-2021-30492 RESERVED CVE-2021-30491 RESERVED -CVE-2021-30490 - RESERVED +CVE-2021-30490 (upsMonitor in ViewPower (aka ViewPowerHTML) 1.04-21012 through 1.04-21 ...) + TODO: check CVE-2021-30489 RESERVED CVE-2021-30488 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/17ba084de896e80458777bcad94524d426d26489 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/17ba084de896e80458777bcad94524d426d26489 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits