[Git][security-tracker-team/security-tracker][master] automatic update

Sat, 20 Aug 2022 01:10:40 -0700 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
1c96570b by security tracker role at 2022-08-20T08:10:17+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,59 @@
+CVE-2022-38485
+       RESERVED
+CVE-2022-38484
+       RESERVED
+CVE-2022-38483
+       RESERVED
+CVE-2022-38482
+       RESERVED
+CVE-2022-38481
+       RESERVED
+CVE-2022-38480
+       RESERVED
+CVE-2022-38479
+       RESERVED
+CVE-2022-38478
+       RESERVED
+CVE-2022-38477
+       RESERVED
+CVE-2022-38476
+       RESERVED
+CVE-2022-38475
+       RESERVED
+CVE-2022-38474
+       RESERVED
+CVE-2022-38473
+       RESERVED
+CVE-2022-38472
+       RESERVED
+CVE-2022-38471
+       RESERVED
+CVE-2022-38452
+       RESERVED
+CVE-2022-2920
+       RESERVED
+CVE-2022-2919
+       RESERVED
+CVE-2022-2918
+       RESERVED
+CVE-2022-2917
+       RESERVED
+CVE-2022-2916
+       RESERVED
+CVE-2022-2915
+       RESERVED
+CVE-2022-2914
+       RESERVED
+CVE-2022-2913
+       RESERVED
+CVE-2022-2912
+       RESERVED
+CVE-2022-2911
+       RESERVED
+CVE-2022-2910
+       RESERVED
+CVE-2022-2909
+       RESERVED
 CVE-2022-38466
        RESERVED
 CVE-2022-38465
@@ -927,18 +983,18 @@ CVE-2022-38171
        RESERVED
 CVE-2022-2794
        RESERVED
-CVE-2022-2793
-       RESERVED
-CVE-2022-2792
-       RESERVED
+CVE-2022-2793 (Emerson Electric's Proficy Machine Edition Version 9.00 and 
prior is v ...)
+       TODO: check
+CVE-2022-2792 (Emerson Electric's Proficy Machine Edition Version 9.00 and 
prior is v ...)
+       TODO: check
 CVE-2022-2791
        RESERVED
-CVE-2022-2790
-       RESERVED
-CVE-2022-2789
-       RESERVED
-CVE-2022-2788
-       RESERVED
+CVE-2022-2790 (Emerson Electric's Proficy Machine Edition Version 9.00 and 
prior is v ...)
+       TODO: check
+CVE-2022-2789 (Emerson Electric's Proficy Machine Edition Version 9.00 and 
prior is v ...)
+       TODO: check
+CVE-2022-2788 (Emerson Electric's Proficy Machine Edition Version 9.80 and 
prior is v ...)
+       TODO: check
 CVE-2022-2787
        RESERVED
        {DSA-5213-1 DLA-3075-1}
@@ -3445,8 +3501,8 @@ CVE-2022-37177
        RESERVED
 CVE-2022-37176
        RESERVED
-CVE-2022-37175
-       RESERVED
+CVE-2022-37175 (Tenda ac15 firmware V15.03.05.18 httpd server has stack buffer 
overflo ...)
+       TODO: check
 CVE-2022-37174
        RESERVED
 CVE-2022-37173
@@ -5840,8 +5896,8 @@ CVE-2022-36235
        RESERVED
 CVE-2022-36234 (SimpleNetwork TCP Server commit 
29bc615f0d9910eb2f59aa8dff1f54f0e3af44 ...)
        NOT-FOR-US: SimpleNetwork TCP Server
-CVE-2022-36233
-       RESERVED
+CVE-2022-36233 (Tenda AC9 V15.03.2.13 is vulnerable to Buffer Overflow via 
httpd, form ...)
+       TODO: check
 CVE-2022-36232
        RESERVED
 CVE-2022-36231
@@ -5974,10 +6030,10 @@ CVE-2022-36173
        RESERVED
 CVE-2022-36172
        RESERVED
-CVE-2022-36171
-       RESERVED
-CVE-2022-36170
-       RESERVED
+CVE-2022-36171 (MapGIS IGServer 10.5.6.11 is vulnerable to Arbitrary file 
deletion. ...)
+       TODO: check
+CVE-2022-36170 (MapGIS 10.5 Pro IGServer has hardcoded credentials in the 
front-end an ...)
+       TODO: check
 CVE-2022-36169
        RESERVED
 CVE-2022-36168
@@ -6002,8 +6058,8 @@ CVE-2022-36159
        RESERVED
 CVE-2022-36158
        RESERVED
-CVE-2022-36157
-       RESERVED
+CVE-2022-36157 (XXL-JOB all versions as of 11 July 2022 are vulnerable to 
Insecure Per ...)
+       TODO: check
 CVE-2022-36156
        RESERVED
 CVE-2022-36155 (tifig v0.2.2 was discovered to contain a resource allocation 
issue via ...)
@@ -6309,10 +6365,10 @@ CVE-2022-36033
        RESERVED
 CVE-2022-36032
        RESERVED
-CVE-2022-36031
-       RESERVED
-CVE-2022-36030
-       RESERVED
+CVE-2022-36031 (Directus is a free and open-source data platform for headless 
content  ...)
+       TODO: check
+CVE-2022-36030 (Project-nexus is a general-purpose blog website framework. 
Affected ve ...)
+       TODO: check
 CVE-2022-36029
        RESERVED
 CVE-2022-36028
@@ -6323,7 +6379,7 @@ CVE-2022-36026
        RESERVED
 CVE-2022-36025
        RESERVED
-CVE-2022-36024 (A fork of discord.py py-cord is a modern, easy to use, 
feature-rich, a ...)
+CVE-2022-36024 (py-cord is a an API wrapper for Discord written in Python. 
Bots creati ...)
        NOT-FOR-US: py-cord
 CVE-2022-36023 (Hyperledger Fabric is an enterprise-grade permissioned 
distributed led ...)
        NOT-FOR-US: Hyperledger Fabric
@@ -6353,10 +6409,10 @@ CVE-2022-36011
        RESERVED
 CVE-2022-36010 (This library allows strings to be parsed as functions and 
stored as a  ...)
        NOT-FOR-US: oxyno-zeta
-CVE-2022-36009
-       RESERVED
-CVE-2022-36008
-       RESERVED
+CVE-2022-36009 (gomatrixserverlib is a Go library for matrix protocol 
federation. Dend ...)
+       TODO: check
+CVE-2022-36008 (Frontier is Substrate's Ethereum compatibility layer. A 
security issue ...)
+       TODO: check
 CVE-2022-36007 (Venice is a Clojure inspired sandboxed Lisp dialect with 
excellent Jav ...)
        NOT-FOR-US: Venice
 CVE-2022-36006 (Arvados is an open source platform for managing, processing, 
and shari ...)
@@ -7110,8 +7166,8 @@ CVE-2022-35694
        RESERVED
 CVE-2022-35693
        RESERVED
-CVE-2022-35692
-       RESERVED
+CVE-2022-35692 (Adobe Commerce versions 2.4.3-p2 (and earlier), 2.3.7-p3 (and 
earlier) ...)
+       TODO: check
 CVE-2022-35691
        RESERVED
 CVE-2022-35690
@@ -7452,8 +7508,8 @@ CVE-2022-35556
        RESERVED
 CVE-2022-35555 (A command injection vulnerability exists in /goform/exeCommand 
in Tend ...)
        NOT-FOR-US: Tenda
-CVE-2022-35554
-       RESERVED
+CVE-2022-35554 (Multiple reflected XSS vulnerabilities occur when handling 
error messa ...)
+       TODO: check
 CVE-2022-35553
        RESERVED
 CVE-2022-35552
@@ -37363,7 +37419,7 @@ CVE-2022-24948 (A carefully crafted user preferences 
for submission could trigge
        - jspwiki <removed>
 CVE-2022-24947 (Apache JSPWiki user preferences form is vulnerable to CSRF 
attacks, wh ...)
        - jspwiki <removed>
-CVE-2022-24946 (Improper Resource Locking vulnerability in Mitsubishi Electric 
MELSEC- ...)
+CVE-2022-24946 (Improper Resource Locking vulnerability in Mitsubishi Electric 
MELSEC  ...)
        NOT-FOR-US: Mitsubishi
 CVE-2022-24945
        RESERVED
@@ -42526,10 +42582,10 @@ CVE-2022-23462
        RESERVED
 CVE-2022-23461
        RESERVED
-CVE-2022-23460
-       RESERVED
-CVE-2022-23459
-       RESERVED
+CVE-2022-23460 (Jsonxx or Json++ is a JSON parser, writer and reader written 
in C++. I ...)
+       TODO: check
+CVE-2022-23459 (Jsonxx or Json++ is a JSON parser, writer and reader written 
in C++. I ...)
+       TODO: check
 CVE-2022-23458
        RESERVED
 CVE-2022-23457 (ESAPI (The OWASP Enterprise Security API) is a free, open 
source, web  ...)
@@ -46435,8 +46491,8 @@ CVE-2022-22491
        RESERVED
 CVE-2022-22490 (IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 
could allow  ...)
        NOT-FOR-US: IBM
-CVE-2022-22489
-       RESERVED
+CVE-2022-22489 (IBM MQ 8.0, (9.0, 9.1, 9.2 LTS), and (9.1 and 9.2 CD) are 
vulnerable t ...)
+       TODO: check
 CVE-2022-22488
        RESERVED
 CVE-2022-22487 (An IBM Spectrum Protect storage agent could allow a remote 
attacker to ...)
@@ -98700,7 +98756,7 @@ CVE-2021-28089 (Tor before 0.4.5.7 allows a remote 
participant in the Tor direct
        NOTE: https://blog.torproject.org/node/2009
        NOTE: https://bugs.torproject.org/tpo/core/tor/40286
 CVE-2020-36256
-       RESERVED
+       REJECTED
 CVE-2021-21381 (Flatpak is a system for building, distributing, and running 
sandboxed  ...)
        {DSA-4868-1}
        - flatpak 1.10.1-4 (bug #984859)
@@ -130593,14 +130649,14 @@ CVE-2020-27797
        RESERVED
 CVE-2020-27796
        RESERVED
-CVE-2020-27795
-       RESERVED
-CVE-2020-27794
-       RESERVED
-CVE-2020-27793
-       RESERVED
-CVE-2020-27792
-       RESERVED
+CVE-2020-27795 (A segmentation fault was discovered in radare2 with adf 
command. In li ...)
+       TODO: check
+CVE-2020-27794 (A double free issue was discovered in radare2 in 
cmd_info.c:cmd_info() ...)
+       TODO: check
+CVE-2020-27793 (An off-by-one overflow flaw was found in radare2 due to 
mismatched arr ...)
+       TODO: check
+CVE-2020-27792 (A heap-based buffer over write vulnerability was found in 
GhostScript' ...)
+       TODO: check
 CVE-2020-27791
        REJECTED
 CVE-2020-27790 (A floating point exception issue was discovered in UPX in 
PackLinuxElf ...)
@@ -233207,7 +233263,8 @@ CVE-2018-20787 (The ft5x46 touchscreen driver for 
custom Linux kernels on the Xi
        NOT-FOR-US: touchscreen driver for custom Linux kernels on the Xiaomi 
perseus-p-oss MIX 3 device
 CVE-2019-9082 (ThinkPHP before 3.2.4, as used in Open Source BMS v1.1.1 and 
other pro ...)
        NOT-FOR-US: ThinkPHP
-CVE-2019-9081 (The Illuminate component of Laravel Framework 5.7.x has a 
deserializat ...)
+CVE-2019-9081
+       REJECTED
        - php-laravel-framework <not-affected> (Fixed before initial upload to 
archive)
        NOTE: https://security.snyk.io/vuln/SNYK-PHP-LARAVELFRAMEWORK-174529
 CVE-2019-9080 (DomainMOD before 4.14.0 uses MD5 without a salt for password 
storage. ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1c96570b61739ee0c84803673031a6653eea0bb4

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1c96570b61739ee0c84803673031a6653eea0bb4
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to