[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) Wed, 03 Aug 2022 13:10:47 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
898f935b by security tracker role at 2022-08-03T20:10:29+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,19 @@
+CVE-2022-37396 (In JetBrains Rider before 2022.2 Trust and Open Project dialog 
could b ...)
+       TODO: check
+CVE-2022-37395
+       RESERVED
+CVE-2022-37394 (An issue was discovered in OpenStack Nova before 23.2.2, 24.x 
before 2 ...)
+       TODO: check
+CVE-2022-2639
+       RESERVED
+CVE-2022-2638
+       RESERVED
+CVE-2022-2637
+       RESERVED
+CVE-2022-2636
+       RESERVED
+CVE-2022-2635
+       RESERVED
 CVE-2022-37393
        RESERVED
 CVE-2022-2634
@@ -2498,8 +2514,7 @@ CVE-2022-2503
        RESERVED
 CVE-2022-2502
        RESERVED
-CVE-2022-36359
-       RESERVED
+CVE-2022-36359 (An issue was discovered in the HTTP FileResponse class in 
Django 3.2 b ...)
        - python-django 3:3.2.15-1
        NOTE: https://www.openwall.com/lists/oss-security/2022/08/03/1
        NOTE: 
https://github.com/django/django/commit/bd062445cffd3f6cc6dcd20d13e2abed818fa173
 (main)
@@ -3754,14 +3769,14 @@ CVE-2022-35869 (This vulnerability allows remote 
attackers to bypass authenticat
        NOT-FOR-US: Ignition
 CVE-2022-35868
        RESERVED
-CVE-2022-35867
-       RESERVED
-CVE-2022-35866
-       RESERVED
-CVE-2022-35865
-       RESERVED
-CVE-2022-35864
-       RESERVED
+CVE-2022-35867 (This vulnerability allows local attackers to escalate 
privileges on af ...)
+       TODO: check
+CVE-2022-35866 (This vulnerability allows remote attackers to bypass 
authentication on ...)
+       TODO: check
+CVE-2022-35865 (This vulnerability allows remote attackers to execute 
arbitrary code o ...)
+       TODO: check
+CVE-2022-35864 (This vulnerability allows remote attackers to disclose 
sensitive infor ...)
+       TODO: check
 CVE-2022-2414 (Access to external entities when parsing XML documents can lead 
to XML ...)
        - dogtag-pki <unfixed> (bug #1014957)
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2104676
@@ -4364,10 +4379,10 @@ CVE-2022-35622
        RESERVED
 CVE-2022-35621
        RESERVED
-CVE-2022-35620
-       RESERVED
-CVE-2022-35619
-       RESERVED
+CVE-2022-35620 (D-LINK DIR-818LW A1:DIR818L_FW105b01 was discovered to contain 
a remot ...)
+       TODO: check
+CVE-2022-35619 (D-LINK DIR-818LW A1:DIR818L_FW105b01 was discovered to contain 
a remot ...)
+       TODO: check
 CVE-2022-35618
        RESERVED
 CVE-2022-35617
@@ -5777,8 +5792,8 @@ CVE-2022-34994
        RESERVED
 CVE-2022-34993
        RESERVED
-CVE-2022-34992
-       RESERVED
+CVE-2022-34992 (Luadec v0.9.9 was discovered to contain a heap-buffer overflow 
via the ...)
+       TODO: check
 CVE-2022-34991 (Paymoney v3.3 was discovered to contain multiple reflected 
cross-site  ...)
        NOT-FOR-US: Paymoney
 CVE-2022-34990
@@ -5813,10 +5828,10 @@ CVE-2022-34976
        RESERVED
 CVE-2022-34975
        RESERVED
-CVE-2022-34974
-       RESERVED
-CVE-2022-34973
-       RESERVED
+CVE-2022-34974 (D-Link DIR810LA1_FW102B22 was discovered to contain a command 
injectio ...)
+       TODO: check
+CVE-2022-34973 (D-Link DIR820LA1_FW106B02 was discovered to contain a buffer 
overflow  ...)
+       TODO: check
 CVE-2022-34972 (So Filter Shop v3.x was discovered to contain multiple blind 
SQL injec ...)
        NOT-FOR-US: So Filter Shop
 CVE-2022-34971 (An arbitrary file upload vulnerability in the Advertising 
Management m ...)
@@ -6159,10 +6174,10 @@ CVE-2022-34874 (This vulnerability allows remote 
attackers to disclose sensitive
        NOT-FOR-US: Foxit
 CVE-2022-34873 (This vulnerability allows remote attackers to disclose 
sensitive infor ...)
        NOT-FOR-US: Foxit
-CVE-2022-34872
-       RESERVED
-CVE-2022-34871
-       RESERVED
+CVE-2022-34872 (This vulnerability allows remote attackers to disclose 
sensitive infor ...)
+       TODO: check
+CVE-2022-34871 (This vulnerability allows remote attackers to escalate 
privileges on a ...)
+       TODO: check
 CVE-2022-34870
        RESERVED
 CVE-2022-34858
@@ -6244,8 +6259,8 @@ CVE-2022-2274 (The OpenSSL 3.0.4 release introduced a 
serious bug in the RSA imp
        NOTE: https://www.openssl.org/news/secadv/20220705.txt
 CVE-2022-2273 (The Simple Membership WordPress plugin before 4.1.3 does not 
properly  ...)
        NOT-FOR-US: WordPress plugin
-CVE-2022-2272
-       RESERVED
+CVE-2022-2272 (This vulnerability allows remote attackers to bypass 
authentication on ...)
+       TODO: check
 CVE-2022-2271
        RESERVED
 CVE-2022-2270 (An issue has been discovered in GitLab affecting all versions 
starting ...)
@@ -12681,10 +12696,10 @@ CVE-2022-32295 (On Ampere Altra and AltraMax devices 
before SRP 1.09, the Altra
        NOT-FOR-US: Ampere devices
 CVE-2022-32294 (Zimbra Collaboration Open Source 8.8.15 does not encrypt the 
initial-l ...)
        NOT-FOR-US: Zimbra
-CVE-2022-32293
-       RESERVED
-CVE-2022-32292
-       RESERVED
+CVE-2022-32293 (In ConnMan through 1.41, a man-in-the-middle attack against a 
WISPR HT ...)
+       TODO: check
+CVE-2022-32292 (In ConnMan through 1.41, remote attackers able to send HTTP 
requests t ...)
+       TODO: check
 CVE-2022-32291 (In Real Player through 20.1.0.312, attackers can execute 
arbitrary cod ...)
        NOT-FOR-US: Real Player
 CVE-2022-32290 (The client in Northern.tech Mender 3.2.0, 3.2.1, and 3.2.2 has 
Incorre ...)
@@ -23257,8 +23272,8 @@ CVE-2022-28686
        RESERVED
 CVE-2022-28685
        RESERVED
-CVE-2022-28684
-       RESERVED
+CVE-2022-28684 (This vulnerability allows remote attackers to execute 
arbitrary code o ...)
+       TODO: check
 CVE-2022-28683 (This vulnerability allows remote attackers to execute 
arbitrary code o ...)
        NOT-FOR-US: Foxit
 CVE-2022-28682 (This vulnerability allows remote attackers to execute 
arbitrary code o ...)
@@ -23289,8 +23304,8 @@ CVE-2022-28670 (This vulnerability allows remote 
attackers to disclose sensitive
        NOT-FOR-US: Foxit
 CVE-2022-28669 (This vulnerability allows remote attackers to execute 
arbitrary code o ...)
        NOT-FOR-US: Foxit
-CVE-2022-28668
-       RESERVED
+CVE-2022-28668 (This vulnerability allows remote attackers to execute 
arbitrary code o ...)
+       TODO: check
 CVE-2022-28667
        RESERVED
 CVE-2022-28665
@@ -26897,8 +26912,8 @@ CVE-2022-27486
        RESERVED
 CVE-2022-27485
        RESERVED
-CVE-2022-27484
-       RESERVED
+CVE-2022-27484 (A unverified password change in Fortinet FortiADC version 
6.2.0 throug ...)
+       TODO: check
 CVE-2022-27483 (A improper neutralization of special elements used in an os 
command (' ...)
        NOT-FOR-US: Fortinet
 CVE-2022-27482
@@ -39443,8 +39458,8 @@ CVE-2022-23444
        RESERVED
 CVE-2022-23443 (An improper access control in Fortinet FortiSOAR before 7.2.0 
allows u ...)
        NOT-FOR-US: FortiGuard
-CVE-2022-23442
-       RESERVED
+CVE-2022-23442 (An improper access control vulnerability [CWE-284] in FortiOS 
versions ...)
+       TODO: check
 CVE-2022-23441 (A use of hard-coded cryptographic key vulnerability [CWE-321] 
in Forti ...)
        NOT-FOR-US: Fortinet
 CVE-2022-23440 (A use of hard-coded cryptographic key vulnerability [CWE-321] 
in the r ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/898f935bcefca0129b7ca983da59ad442065cf17

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/898f935bcefca0129b7ca983da59ad442065cf17
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to