[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) Fri, 29 Jul 2022 01:10:35 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
601bd2b5 by security tracker role at 2022-07-29T08:10:13+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,23 @@
+CVE-2022-37020
+       RESERVED
+CVE-2022-37019
+       RESERVED
+CVE-2022-37018
+       RESERVED
+CVE-2022-37017
+       RESERVED
+CVE-2022-37016
+       RESERVED
+CVE-2022-37015
+       RESERVED
+CVE-2022-37014
+       RESERVED
+CVE-2022-2572
+       RESERVED
+CVE-2022-2571
+       RESERVED
+CVE-2022-2570
+       RESERVED
 CVE-2022-37013
        RESERVED
 CVE-2022-37012
@@ -598,8 +618,8 @@ CVE-2022-36754
        RESERVED
 CVE-2022-36753
        RESERVED
-CVE-2022-36752
-       RESERVED
+CVE-2022-36752 (png2webp v1.0.4 was discovered to contain an out-of-bounds 
write via t ...)
+       TODO: check
 CVE-2022-36751
        RESERVED
 CVE-2022-36750
@@ -1888,8 +1908,8 @@ CVE-2022-36236
        RESERVED
 CVE-2022-36235
        RESERVED
-CVE-2022-36234
-       RESERVED
+CVE-2022-36234 (SimpleNetwork TCP Server commit 
29bc615f0d9910eb2f59aa8dff1f54f0e3af44 ...)
+       TODO: check
 CVE-2022-36233
        RESERVED
 CVE-2022-36232
@@ -3017,8 +3037,8 @@ CVE-2022-2400 (External Control of File Name or Path in 
GitHub repository dompdf
        - php-dompdf <unfixed> (bug #1015874)
        NOTE: https://huntr.dev/bounties/a6da5e5e-86be-499a-a3c3-2950f749202a
        NOTE: 
https://github.com/dompdf/dompdf/commit/99aeec1efec9213e87098d42eb09439e7ee0bb6a
-CVE-2022-2399
-       RESERVED
+CVE-2022-2399 (Use after free in WebGPU in Google Chrome prior to 
100.0.4896.88 allow ...)
+       TODO: check
 CVE-2022-35741 (Apache CloudStack version 4.5.0 and later has a SAML 2.0 
authenticatio ...)
        NOT-FOR-US: Apache CloudStack
 CVE-2022-2398
@@ -5915,8 +5935,8 @@ CVE-2022-34595 (Tenda AX1803 v1.0.0.1_2890 was discovered 
to contain a command i
        NOT-FOR-US: Tenda
 CVE-2022-34594 (Advanced School Management System v1.0 was discovered to 
contain a cro ...)
        NOT-FOR-US: Advanced School Management System
-CVE-2022-34593
-       RESERVED
+CVE-2022-34593 (DPTech VPN v8.1.28.0 was discovered to contain an arbitrary 
file read  ...)
+       TODO: check
 CVE-2022-34592 (Wavlink WL-WN575A3 RPT75A3.V4300.201217 was discovered to 
contain a co ...)
        NOT-FOR-US: Wavlink
 CVE-2022-34591
@@ -5941,12 +5961,12 @@ CVE-2022-34582
        RESERVED
 CVE-2022-34581
        RESERVED
-CVE-2022-34580
-       RESERVED
+CVE-2022-34580 (Advanced School Management System v1.0 was discovered to 
contain a cro ...)
+       TODO: check
 CVE-2022-34579
        RESERVED
-CVE-2022-34578
-       RESERVED
+CVE-2022-34578 (Open Source Point of Sale v3.3.7 was discovered to contain an 
arbitrar ...)
+       TODO: check
 CVE-2022-34577 (A vulnerability in adm.cgi of WAVLINK WN535 G3 
M35G3R.V5030.180927 all ...)
        NOT-FOR-US: Wavlink
 CVE-2022-34576 (A vulnerability in /cgi-bin/ExportAllSettings.sh of WAVLINK 
WN535 G3 M ...)
@@ -5965,8 +5985,8 @@ CVE-2022-34570 (WAVLINK WN579 X3 
M79X3.V5030.191012/M79X3.V5030.191012 contains
        NOT-FOR-US: Wavlink
 CVE-2022-34569
        RESERVED
-CVE-2022-34568
-       RESERVED
+CVE-2022-34568 (SDL v1.2 was discovered to contain a use-after-free via the 
XFree func ...)
+       TODO: check
 CVE-2022-34567
        RESERVED
 CVE-2022-34566
@@ -5985,14 +6005,14 @@ CVE-2022-34560
        RESERVED
 CVE-2022-34559
        RESERVED
-CVE-2022-34558
-       RESERVED
-CVE-2022-34557
-       RESERVED
-CVE-2022-34556
-       RESERVED
-CVE-2022-34555
-       RESERVED
+CVE-2022-34558 (WMAgent v1.3.3rc2 and 1.3.3rc1, reqmgr 2 1.4.1rc5 and 
1.4.0rc2, reqmon ...)
+       TODO: check
+CVE-2022-34557 (Barangay Management System v1.0 was discovered to contain a 
SQL inject ...)
+       TODO: check
+CVE-2022-34556 (PicoC v3.2.2 was discovered to contain a NULL pointer 
dereference at v ...)
+       TODO: check
+CVE-2022-34555 (TP-LINK TL-R473G 2.0.1 Build 220529 Rel.65574n was discovered 
to conta ...)
+       TODO: check
 CVE-2022-34554
        RESERVED
 CVE-2022-34553
@@ -17652,8 +17672,7 @@ CVE-2022-30289 (A stored Cross-site Scripting (XSS) 
vulnerability was identified
        NOT-FOR-US: OpenCTI
 CVE-2022-30288 (** DISPUTED ** Agoo before 2.14.3 does not reject GraphQL 
fragment spr ...)
        NOT-FOR-US: Ruby gem agoo
-CVE-2022-30287
-       RESERVED
+CVE-2022-30287 (Horde Groupware Webmail Edition through 5.2.22 allows a 
reflection inj ...)
        - php-horde-turba 4.2.25-6 (bug #1012279)
        NOTE: https://blog.sonarsource.com/horde-webmail-rce-via-email/
        NOTE: 
https://lists.horde.org/archives/horde/Week-of-Mon-20220530/059225.html
@@ -19857,8 +19876,8 @@ CVE-2021-46784 (In Squid 3.x through 3.5.28, 4.x 
through 4.17, and 5.x before 5.
        NOTE: Squid 5: 
http://www.squid-cache.org/Versions/v5/changesets/SQUID-2021_7.patch
 CVE-2022-29559
        RESERVED
-CVE-2022-29558
-       RESERVED
+CVE-2022-29558 (Realtek rtl819x-SDK before v3.6.1 allows command injection 
over the we ...)
+       TODO: check
 CVE-2022-29557
        RESERVED
 CVE-2022-29556 (The iot-manager microservice 1.0.0 in Northern.tech Mender 
Enterprise  ...)
@@ -20396,8 +20415,8 @@ CVE-2022-29362 (A cross-site scripting (XSS) 
vulnerability in /navigation/create
 CVE-2022-29361 (** DISPUTED ** Improper parsing of HTTP requests in Pallets 
Werkzeug v ...)
        NOTE: Disputed Werkzeug issue, no security impact
        NOTE: https://github.com/pallets/werkzeug/issues/2420
-CVE-2022-29360
-       RESERVED
+CVE-2022-29360 (The Email Viewer in RainLoop through 1.6.0 allows XSS via a 
crafted em ...)
+       TODO: check
 CVE-2022-29359 (A stored cross-site scripting (XSS) vulnerability in 
/scas/?page=clubs ...)
        NOT-FOR-US: School Club Application System
 CVE-2022-29358 (epub2txt2 v2.04 was discovered to contain an integer overflow 
via the  ...)
@@ -60000,8 +60019,8 @@ CVE-2021-41558 (The set_user extension module before 
3.0.0 for PostgreSQL allows
        NOT-FOR-US: set_user extension for Postgres
 CVE-2021-41557 (Sofico Miles RIA 2020.2 Build 127964T is affected by Stored 
Cross Site ...)
        NOT-FOR-US: Sofico
-CVE-2021-41556
-       RESERVED
+CVE-2021-41556 (sqclass.cpp in Squirrel through 2.2.5 and 3.x through 3.1 
allows an ou ...)
+       TODO: check
 CVE-2021-41555 (** UNSUPPORTED WHEN ASSIGNED ** In ARCHIBUS Web Central 
21.3.3.815 (a  ...)
        NOT-FOR-US: ARCHIBUS Web Central
 CVE-2021-41554 (** UNSUPPORTED WHEN ASSIGNED ** ARCHIBUS Web Central 
21.3.3.815 (a ver ...)
@@ -66283,8 +66302,8 @@ CVE-2021-39090
        RESERVED
 CVE-2021-39089
        RESERVED
-CVE-2021-39088
-       RESERVED
+CVE-2021-39088 (IBM QRadar SIEM 7.3, 7.4, and 7.5 is vulnerable to local 
privilege esc ...)
+       TODO: check
 CVE-2021-39087
        RESERVED
 CVE-2021-39086



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/601bd2b595a0a6fff07b3cf94ff85d9759d6c121

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/601bd2b595a0a6fff07b3cf94ff85d9759d6c121
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to