[Git][security-tracker-team/security-tracker][master] automatic update

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
9901a029 by security tracker role at 2022-05-27T20:10:19+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,85 @@
+CVE-2022-31780
+       RESERVED
+CVE-2022-31779
+       RESERVED
+CVE-2022-31778
+       RESERVED
+CVE-2022-31777
+       RESERVED
+CVE-2022-31776
+       RESERVED
+CVE-2022-31775
+       RESERVED
+CVE-2022-31774
+       RESERVED
+CVE-2022-31773
+       RESERVED
+CVE-2022-31772
+       RESERVED
+CVE-2022-31771
+       RESERVED
+CVE-2022-31770
+       RESERVED
+CVE-2022-31769
+       RESERVED
+CVE-2022-31768
+       RESERVED
+CVE-2022-31767
+       RESERVED
+CVE-2022-31766
+       RESERVED
+CVE-2022-31765
+       RESERVED
+CVE-2022-31764
+       RESERVED
+CVE-2022-1925
+       RESERVED
+CVE-2022-1924
+       RESERVED
+CVE-2022-1923
+       RESERVED
+CVE-2022-1922
+       RESERVED
+CVE-2022-1921
+       RESERVED
+CVE-2022-1920
+       RESERVED
+CVE-2022-1919
+       RESERVED
+CVE-2022-1918
+       RESERVED
+CVE-2022-1917
+       RESERVED
+CVE-2022-1916
+       RESERVED
+CVE-2022-1915
+       RESERVED
+CVE-2022-1914
+       RESERVED
+CVE-2022-1913
+       RESERVED
+CVE-2022-1912
+       RESERVED
+CVE-2022-1911
+       RESERVED
+CVE-2022-1910
+       RESERVED
+CVE-2022-1909 (Cross-site Scripting (XSS) - Stored in GitHub repository 
causefx/organ ...)
+       TODO: check
+CVE-2022-1908 (Buffer Over-read in GitHub repository bfabiszewski/libmobi 
prior to 0. ...)
+       TODO: check
+CVE-2022-1907 (Buffer Over-read in GitHub repository bfabiszewski/libmobi 
prior to 0. ...)
+       TODO: check
+CVE-2022-1906
+       RESERVED
+CVE-2022-1905
+       RESERVED
+CVE-2022-1904
+       RESERVED
+CVE-2022-1903
+       RESERVED
+CVE-2020-36528
+       RESERVED
 CVE-2022-31763
        RESERVED
 CVE-2022-31762
@@ -84,10 +166,10 @@ CVE-2022-1899 (Out-of-bounds Read in GitHub repository 
radareorg/radare2 prior t
        - radare2 <unfixed>
        NOTE: https://huntr.dev/bounties/8a3dc5cb-08b3-4807-82b2-77f08c137a04
        NOTE: 
https://github.com/radareorg/radare2/commit/193f4fe01d7f626e2ea937450f2e0c4604420e9d
-CVE-2022-1898
-       RESERVED
-CVE-2022-1897
-       RESERVED
+CVE-2022-1898 (Use After Free in GitHub repository vim/vim prior to 8.2. ...)
+       TODO: check
+CVE-2022-1897 (Out-of-bounds Write in GitHub repository vim/vim prior to 8.2. 
...)
+       TODO: check
 CVE-2022-1896
        RESERVED
 CVE-2022-1895
@@ -3454,30 +3536,30 @@ CVE-2022-30516 (In Hospital-Management-System v1.0, the 
editid parameter in the
        NOT-FOR-US: Hospital-Management-System
 CVE-2022-30515
        RESERVED
-CVE-2022-30514
-       RESERVED
-CVE-2022-30513
-       RESERVED
-CVE-2022-30512
-       RESERVED
-CVE-2022-30511
-       RESERVED
-CVE-2022-30510
-       RESERVED
+CVE-2022-30514 (School Dormitory Management System v1.0 is vulnerable to 
reflected cro ...)
+       TODO: check
+CVE-2022-30513 (School Dormitory Management System v1.0 is vulnerable to 
reflected cro ...)
+       TODO: check
+CVE-2022-30512 (School Dormitory Management System 1.0 is vulnerable to SQL 
Injection  ...)
+       TODO: check
+CVE-2022-30511 (School Dormitory Management System 1.0 is vulnerable to SQL 
Injection  ...)
+       TODO: check
+CVE-2022-30510 (School Dormitory Management System 1.0 is vulnerable to SQL 
Injection  ...)
+       TODO: check
 CVE-2022-30509
        RESERVED
 CVE-2022-30508 (DedeCMS v5.7.93 was discovered to contain arbitrary file 
deletion vuln ...)
        NOT-FOR-US: DedeCMS
 CVE-2022-30507
        RESERVED
-CVE-2022-30506
-       RESERVED
+CVE-2022-30506 (An arbitrary file upload vulnerability was discovered in MCMS 
5.2.7, a ...)
+       TODO: check
 CVE-2022-30505
        RESERVED
 CVE-2022-30504
        RESERVED
-CVE-2022-30503
-       RESERVED
+CVE-2022-30503 (Nginx NJS v0.7.2 was discovered to contain a segmentation 
violation in ...)
+       TODO: check
 CVE-2022-30502
        RESERVED
 CVE-2022-30501
@@ -3632,12 +3714,12 @@ CVE-2022-30427 (In ginadmin through 05-10-2022 the 
incoming path value is not fi
        TODO: check
 CVE-2022-30426
        RESERVED
-CVE-2022-30425
-       RESERVED
+CVE-2022-30425 (Tenda Technology Co.,Ltd HG6 3.3.0-210926 was discovered to 
contain a  ...)
+       TODO: check
 CVE-2022-30424
        RESERVED
-CVE-2022-30423
-       RESERVED
+CVE-2022-30423 (Merchandise Online Store v1.0 by oretnom23 has an arbitrary 
code execu ...)
+       TODO: check
 CVE-2022-30422
        RESERVED
 CVE-2022-30421
@@ -3778,14 +3860,14 @@ CVE-2022-30354
        RESERVED
 CVE-2022-30353
        RESERVED
-CVE-2022-30352
-       RESERVED
+CVE-2022-30352 (phpABook 0.9i is vulnerable to SQL Injection due to 
insufficient sanit ...)
+       TODO: check
 CVE-2022-30351
        RESERVED
 CVE-2022-30350
        RESERVED
-CVE-2022-30349
-       RESERVED
+CVE-2022-30349 (siteserver SSCMS 6.15.51 is vulnerable to Cross Site Scripting 
(XSS). ...)
+       TODO: check
 CVE-2022-30348
        RESERVED
 CVE-2022-30347
@@ -3881,8 +3963,8 @@ CVE-2022-30326
        RESERVED
 CVE-2022-30325
        RESERVED
-CVE-2022-30324
-       RESERVED
+CVE-2022-30324 (HashiCorp Nomad and Nomad Enterprise version 0.2.0 up to 1.3.0 
were im ...)
+       TODO: check
 CVE-2022-30323 (HashiCorp go-getter through 2.0.2 does not safely perform 
downloads (i ...)
        - golang-github-hashicorp-go-getter <unfixed> (bug #1011741)
        NOTE: 
https://discuss.hashicorp.com/t/hcsec-2022-13-multiple-vulnerabilities-in-go-getter-library/39930
@@ -5640,10 +5722,10 @@ CVE-2022-29782
        RESERVED
 CVE-2022-29781
        RESERVED
-CVE-2022-29780
-       RESERVED
-CVE-2022-29779
-       RESERVED
+CVE-2022-29780 (Nginx NJS v0.7.2 was discovered to contain a segmentation 
violation in ...)
+       TODO: check
+CVE-2022-29779 (Nginx NJS v0.7.2 was discovered to contain a segmentation 
violation in ...)
+       TODO: check
 CVE-2022-29778
        RESERVED
 CVE-2022-29777
@@ -5730,20 +5812,20 @@ CVE-2022-29737
        RESERVED
 CVE-2022-29736
        RESERVED
-CVE-2022-29735
-       RESERVED
-CVE-2022-29734
-       RESERVED
-CVE-2022-29733
-       RESERVED
-CVE-2022-29732
-       RESERVED
-CVE-2022-29731
-       RESERVED
-CVE-2022-29730
-       RESERVED
-CVE-2022-29729
-       RESERVED
+CVE-2022-29735 (Delta Controls enteliTOUCH 3.40.3935, 3.40.3706, and 3.33.4005 
allows  ...)
+       TODO: check
+CVE-2022-29734 (A cross-site scripting (XSS) vulnerability in ICT Protege 
GX/WX v2.08  ...)
+       TODO: check
+CVE-2022-29733 (Delta Controls enteliTOUCH 3.40.3935, 3.40.3706, and 3.33.4005 
was dis ...)
+       TODO: check
+CVE-2022-29732 (Delta Controls enteliTOUCH 3.40.3935, 3.40.3706, and 3.33.4005 
was dis ...)
+       TODO: check
+CVE-2022-29731 (An access control issue in ICT Protege GX/WX 2.08 allows 
attackers to  ...)
+       TODO: check
+CVE-2022-29730 (USR IOT 4G LTE Industrial Cellular VPN Router v1.0.36 was 
discovered t ...)
+       TODO: check
+CVE-2022-29729 (Verizon 4G LTE Network Extender GA4.38 - V0.4.038.2131 
utilizes a weak ...)
+       TODO: check
 CVE-2022-29728 (Survey Sparrow Enterprise Survey Software 2022 has a Reflected 
cross-s ...)
        NOT-FOR-US: Survey Sparrow Enterprise Survey Software
 CVE-2022-29727 (Survey Sparrow Enterprise Survey Software 2022 has a Stored 
cross-site ...)
@@ -6047,8 +6129,8 @@ CVE-2022-1443
        RESERVED
 CVE-2022-1442 (The Metform WordPress plugin is vulnerable to sensitive 
information di ...)
        NOT-FOR-US: WordPress plugin
-CVE-2022-29598
-       RESERVED
+CVE-2022-29598 (Solutions Atlantic Regulatory Reporting System (RRS) v500 is 
vulnerabl ...)
+       TODO: check
 CVE-2022-29597
        RESERVED
 CVE-2022-29596 (MicroStrategy Enterprise Manager 2022 allows authentication 
bypass by  ...)
@@ -18450,8 +18532,8 @@ CVE-2022-25239
        RESERVED
 CVE-2022-25238
        RESERVED
-CVE-2022-25237
-       RESERVED
+CVE-2022-25237 (Bonita Web 2021.2 is affected by a 
authentication/authorization bypass ...)
+       TODO: check
 CVE-2022-25236 (xmlparse.c in Expat (aka libexpat) before 2.4.5 allows 
attackers to in ...)
        {DSA-5085-1 DLA-2935-1}
        - expat 2.4.5-1 (bug #1005895)
@@ -39974,10 +40056,10 @@ CVE-2022-20809 (Multiple vulnerabilities in the API 
and web-based management int
        NOT-FOR-US: Cisco
 CVE-2022-20808
        RESERVED
-CVE-2022-20807
-       RESERVED
-CVE-2022-20806
-       RESERVED
+CVE-2022-20807 (Multiple vulnerabilities in the API and web-based management 
interface ...)
+       TODO: check
+CVE-2022-20806 (Multiple vulnerabilities in the API and web-based management 
interface ...)
+       TODO: check
 CVE-2022-20805 (A vulnerability in the automatic decryption process in Cisco 
Umbrella  ...)
        NOT-FOR-US: Cisco
 CVE-2022-20804 (A vulnerability in the Cisco Discovery Protocol of Cisco 
Unified Commu ...)
@@ -39986,8 +40068,8 @@ CVE-2022-20803
        RESERVED
        - clamav <not-affected> (Only affects 0.104.x)
        NOTE: 
https://blog.clamav.net/2022/05/clamav-01050-01043-01036-released.html
-CVE-2022-20802
-       RESERVED
+CVE-2022-20802 (A vulnerability in the web interface of Cisco Enterprise Chat 
and Emai ...)
+       TODO: check
 CVE-2022-20801 (Multiple vulnerabilities in the web-based management interface 
of Cisc ...)
        NOT-FOR-US: Cisco
 CVE-2022-20800
@@ -39996,8 +40078,8 @@ CVE-2022-20799 (Multiple vulnerabilities in the 
web-based management interface o
        NOT-FOR-US: Cisco
 CVE-2022-20798
        RESERVED
-CVE-2022-20797
-       RESERVED
+CVE-2022-20797 (A vulnerability in the web-based management interface of Cisco 
Secure  ...)
+       TODO: check
 CVE-2022-20796 (On May 4, 2022, the following vulnerability in the ClamAV 
scanning lib ...)
        - clamav 0.103.6+dfsg-1
        [bullseye] - clamav <no-dsa> (clamav is updated via -updates)
@@ -40076,8 +40158,8 @@ CVE-2022-20767 (A vulnerability in the Snort rule 
evaluation function of Cisco F
        NOT-FOR-US: Cisco Firepower
 CVE-2022-20766
        RESERVED
-CVE-2022-20765
-       RESERVED
+CVE-2022-20765 (A vulnerability in the web applications of Cisco UCS Director 
could al ...)
+       TODO: check
 CVE-2022-20764 (Multiple vulnerabilities in the web engine of Cisco 
TelePresence Colla ...)
        NOT-FOR-US: Cisco
 CVE-2022-20763 (A vulnerability in the login authorization components of Cisco 
Webex M ...)
@@ -40263,24 +40345,24 @@ CVE-2022-20676 (A vulnerability in the Tool Command 
Language (Tcl) interpreter o
        NOT-FOR-US: Cisco
 CVE-2022-20675 (A vulnerability in the TCP/IP stack of Cisco Email Security 
Appliance  ...)
        NOT-FOR-US: Cisco
-CVE-2022-20674
-       RESERVED
-CVE-2022-20673
-       RESERVED
-CVE-2022-20672
-       RESERVED
-CVE-2022-20671
-       RESERVED
-CVE-2022-20670
-       RESERVED
-CVE-2022-20669
-       RESERVED
-CVE-2022-20668
-       RESERVED
-CVE-2022-20667
-       RESERVED
-CVE-2022-20666
-       RESERVED
+CVE-2022-20674 (Multiple vulnerabilities in the web-based management interface 
of Cisc ...)
+       TODO: check
+CVE-2022-20673 (Multiple vulnerabilities in the web-based management interface 
of Cisc ...)
+       TODO: check
+CVE-2022-20672 (Multiple vulnerabilities in the web-based management interface 
of Cisc ...)
+       TODO: check
+CVE-2022-20671 (Multiple vulnerabilities in the web-based management interface 
of Cisc ...)
+       TODO: check
+CVE-2022-20670 (Multiple vulnerabilities in the web-based management interface 
of Cisc ...)
+       TODO: check
+CVE-2022-20669 (Multiple vulnerabilities in the web-based management interface 
of Cisc ...)
+       TODO: check
+CVE-2022-20668 (Multiple vulnerabilities in the web-based management interface 
of Cisc ...)
+       TODO: check
+CVE-2022-20667 (Multiple vulnerabilities in the web-based management interface 
of Cisc ...)
+       TODO: check
+CVE-2022-20666 (Multiple vulnerabilities in the web-based management interface 
of Cisc ...)
+       TODO: check
 CVE-2022-20665 (A vulnerability in the CLI of Cisco StarOS could allow an 
authenticate ...)
        NOT-FOR-US: Cisco
 CVE-2022-20664
@@ -80835,10 +80917,10 @@ CVE-2021-27783 (User generated PPKG file for Bulk 
Enroll may have unencrypted se
        NOT-FOR-US: HCL
 CVE-2021-27782
        RESERVED
-CVE-2021-27781
-       RESERVED
-CVE-2021-27780
-       RESERVED
+CVE-2021-27781 (The Master operator may be able to embed script tag in HTML 
with alert ...)
+       TODO: check
+CVE-2021-27780 (The software may be vulnerable to both Un-Auth XML interaction 
and una ...)
+       TODO: check
 CVE-2021-27779 (VersionVault Express exposes sensitive information that an 
attacker ca ...)
        NOT-FOR-US: HCL
 CVE-2021-27778
@@ -201240,6 +201322,7 @@ CVE-2019-13454 (ImageMagick 7.0.8-54 Q16 allows 
Division by Zero in RemoveDuplic
        NOTE: https://github.com/ImageMagick/ImageMagick/issues/1629
        NOTE: 
https://github.com/ImageMagick/ImageMagick6/commit/4f31d78716ac94c85c244efcea368fea202e2ed4
 CVE-2019-13453 (Zipios before 0.1.7 does not properly handle certain malformed 
zip arc ...)
+       {DLA-3030-1}
        - zipios++ 0.1.5.9+cvs.2007.04.28-11 (low; bug #932556)
        [buster] - zipios++ 0.1.5.9+cvs.2007.04.28-10+deb10u1
        [jessie] - zipios++ <no-dsa> (Minor issue)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9901a0299747c0d6d5b5179857bd364890288f80

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9901a0299747c0d6d5b5179857bd364890288f80
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits