[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) Tue, 16 Aug 2022 01:10:34 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
26797cd3 by security tracker role at 2022-08-16T08:10:14+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,15 +1,35 @@
-CVE-2022-38362
+CVE-2022-38368 (An issue was discovered in Aviatrix Gateway before 6.6.5712 
and 6.7.x  ...)
+       TODO: check
+CVE-2022-38367
        RESERVED
-CVE-2022-38361
+CVE-2022-38366
        RESERVED
-CVE-2022-38360
+CVE-2022-38365
+       RESERVED
+CVE-2022-38364
+       RESERVED
+CVE-2022-38363
+       RESERVED
+CVE-2022-2829
        RESERVED
-CVE-2022-38359
+CVE-2022-2828
        RESERVED
-CVE-2022-38358
+CVE-2022-2827
        RESERVED
-CVE-2022-38357
+CVE-2022-2826
+       RESERVED
+CVE-2022-38362
+       RESERVED
+CVE-2022-38361
+       RESERVED
+CVE-2022-38360
        RESERVED
+CVE-2022-38359 (Cross-site request forgery attacks can be carried out against 
the Eyes ...)
+       TODO: check
+CVE-2022-38358 (Improper neutralization of input during web page generation 
leaves the ...)
+       TODO: check
+CVE-2022-38357 (Improper neutralization of special elements leaves the Eyes of 
Network ...)
+       TODO: check
 CVE-2022-38354
        RESERVED
 CVE-2022-38353
@@ -306,10 +326,10 @@ CVE-2022-38219
        RESERVED
 CVE-2022-38218
        RESERVED
-CVE-2022-2817
-       RESERVED
-CVE-2022-2816
-       RESERVED
+CVE-2022-2817 (Use After Free in GitHub repository vim/vim prior to 9.0.0212. 
...)
+       TODO: check
+CVE-2022-2816 (Out-of-bounds Read in GitHub repository vim/vim prior to 
9.0.0211. ...)
+       TODO: check
 CVE-2022-38217
        RESERVED
 CVE-2022-2815
@@ -324,8 +344,8 @@ CVE-2022-2811 (A vulnerability classified as problematic 
has been found in Sourc
        NOT-FOR-US: SourceCodester
 CVE-2022-2810
        RESERVED
-CVE-2022-38216
-       RESERVED
+CVE-2022-38216 (An integer overflow exists in Mapbox's closed source gl-native 
library ...)
+       TODO: check
 CVE-2022-38215
        RESERVED
 CVE-2022-38214
@@ -374,18 +394,18 @@ CVE-2022-38193
        RESERVED
 CVE-2022-38192
        RESERVED
-CVE-2022-38191
-       RESERVED
-CVE-2022-38190
-       RESERVED
+CVE-2022-38191 (There is an HTML injection issue in Esri Portal for ArcGIS 
versions 10 ...)
+       TODO: check
+CVE-2022-38190 (A stored Cross Site Scripting (XSS) vulnerability in Esri 
Portal for A ...)
+       TODO: check
 CVE-2022-38189
        RESERVED
-CVE-2022-38188
-       RESERVED
-CVE-2022-38187
-       RESERVED
-CVE-2022-38186
-       RESERVED
+CVE-2022-38188 (There is a reflected XSS vulnerability in Esri Portal for 
ArcGIS versi ...)
+       TODO: check
+CVE-2022-38187 (Prior to version 10.9.0, the 
sharing/rest/content/features/analyze end ...)
+       TODO: check
+CVE-2022-38186 (There is a reflected XSS vulnerability in Esri Portal for 
ArcGIS versi ...)
+       TODO: check
 CVE-2022-38185
        RESERVED
 CVE-2022-38184
@@ -2127,25 +2147,25 @@ CVE-2022-37451 (Exim before 4.96 has an invalid free in 
pam_converse in auths/ca
 CVE-2022-37450 (Go Ethereum (aka geth) through 1.10.21 allows attackers to 
increase re ...)
        - golang-github-go-ethereum <itp> (bug #890541)
 CVE-2022-37449
-       RESERVED
+       REJECTED
 CVE-2022-37448
-       RESERVED
+       REJECTED
 CVE-2022-37447
-       RESERVED
+       REJECTED
 CVE-2022-37446
-       RESERVED
+       REJECTED
 CVE-2022-37445
-       RESERVED
+       REJECTED
 CVE-2022-37444
-       RESERVED
+       REJECTED
 CVE-2022-37443
-       RESERVED
+       REJECTED
 CVE-2022-37442
-       RESERVED
+       REJECTED
 CVE-2022-37441
-       RESERVED
+       REJECTED
 CVE-2022-37440
-       RESERVED
+       REJECTED
 CVE-2022-2687 (A vulnerability, which was classified as critical, was found in 
Source ...)
        NOT-FOR-US: SourceCodester Gym Management System
 CVE-2022-2686 (A vulnerability, which was classified as problematic, was found 
in ore ...)
@@ -5080,20 +5100,20 @@ CVE-2021-46828 (In libtirpc before 1.3.3rc1, remote 
attackers could exhaust the
        - libtirpc 1.3.2-2.1 (bug #1015873)
        NOTE: Fixed by: 
http://git.linux-nfs.org/?p=steved/libtirpc.git;a=commit;h=86529758570cef4c73fb9b9c4104fdc510f701ed
 (libtirpc-1-3-3-rc1)
        NOTE: Introduced by: 
http://git.linux-nfs.org/?p=steved/libtirpc.git;a=commit;h=b2c9430f46c4ac848957fb8adaac176a3f6ac03f
 (libtirpc-0-3-3-rc3)
-CVE-2022-36312
-       RESERVED
-CVE-2022-36311
-       RESERVED
-CVE-2022-36310
-       RESERVED
-CVE-2022-36309
-       RESERVED
-CVE-2022-36308
-       RESERVED
-CVE-2022-36307
-       RESERVED
-CVE-2022-36306
-       RESERVED
+CVE-2022-36312 (Airspan AirVelocity 1500 software version 15.18.00.2511 lacks 
CSRF pro ...)
+       TODO: check
+CVE-2022-36311 (Airspan AirVelocity 1500 prior to software version 
15.18.00.2511 is vu ...)
+       TODO: check
+CVE-2022-36310 (Airspan AirVelocity 1500 software prior to version 
15.18.00.2511 had N ...)
+       TODO: check
+CVE-2022-36309 (Airspan AirVelocity 1500 software versions prior to 
15.18.00.2511 have ...)
+       TODO: check
+CVE-2022-36308 (Airspan AirVelocity 1500 web management UI displays SNMP 
credentials i ...)
+       TODO: check
+CVE-2022-36307 (The AirVelocity 1500 prints SNMP credentials on its physically 
accessi ...)
+       TODO: check
+CVE-2022-36306 (An authenticated attacker can enumerate and download sensitive 
files,  ...)
+       TODO: check
 CVE-2022-36294
        RESERVED
 CVE-2022-36290
@@ -5828,8 +5848,8 @@ CVE-2022-36012
        RESERVED
 CVE-2022-36011
        RESERVED
-CVE-2022-36010
-       RESERVED
+CVE-2022-36010 (This library allows strings to be parsed as functions and 
stored as a  ...)
+       TODO: check
 CVE-2022-36009
        RESERVED
 CVE-2022-36008
@@ -5892,8 +5912,8 @@ CVE-2022-35980 (OpenSearch Security is a plugin for 
OpenSearch that offers encry
        NOT-FOR-US: OpenSearch Security plugin for OpenSearch
 CVE-2022-35979
        RESERVED
-CVE-2022-35978
-       RESERVED
+CVE-2022-35978 (Minetest is a free open-source voxel game engine with easy 
modding and ...)
+       TODO: check
 CVE-2022-35977
        RESERVED
 CVE-2022-35976
@@ -6303,8 +6323,8 @@ CVE-2022-35824 (Azure Site Recovery Remote Code Execution 
Vulnerability. This CV
        NOT-FOR-US: Microsoft
 CVE-2022-35823
        RESERVED
-CVE-2022-35822
-       RESERVED
+CVE-2022-35822 (Windows Defender Credential Guard Security Feature Bypass 
Vulnerabilit ...)
+       TODO: check
 CVE-2022-35821 (Azure Sphere Information Disclosure Vulnerability. ...)
        NOT-FOR-US: Microsoft
 CVE-2022-35820 (Windows Bluetooth Driver Elevation of Privilege Vulnerability. 
...)
@@ -9093,8 +9113,8 @@ CVE-2022-34713 (Microsoft Windows Support Diagnostic Tool 
(MSDT) Remote Code Exe
        NOT-FOR-US: Microsoft
 CVE-2022-34712 (Windows Defender Credential Guard Information Disclosure 
Vulnerability ...)
        NOT-FOR-US: Microsoft
-CVE-2022-34711
-       RESERVED
+CVE-2022-34711 (Windows Defender Credential Guard Elevation of Privilege 
Vulnerability ...)
+       TODO: check
 CVE-2022-34710 (Windows Defender Credential Guard Information Disclosure 
Vulnerability ...)
        NOT-FOR-US: Microsoft
 CVE-2022-34709 (Windows Defender Credential Guard Security Feature Bypass 
Vulnerabilit ...)
@@ -25671,8 +25691,8 @@ CVE-2022-28758
        RESERVED
 CVE-2022-28757
        RESERVED
-CVE-2022-28756
-       RESERVED
+CVE-2022-28756 (The Zoom Client for Meetings for macOS (Standard and for IT 
Admin) sta ...)
+       TODO: check
 CVE-2022-28755 (The Zoom Client for Meetings (for Android, iOS, Linux, macOS, 
and Wind ...)
        NOT-FOR-US: Zoom
 CVE-2022-28754 (Zoom On-Premise Meeting Connector MMR before version 
4.8.129.20220714  ...)
@@ -36784,14 +36804,14 @@ CVE-2022-24953 (The Crypt_GPG extension before 1.6.7 
for PHP does not prevent ad
        - php-crypt-gpg 1.6.7-1 (bug #1005921)
        [bullseye] - php-crypt-gpg 1.6.4-2+deb11u1
        NOTE: 
https://github.com/pear/Crypt_GPG/commit/74c8f989cefbe0887274b461dc56197e121bfd04
 (v1.6.7)
-CVE-2022-24952
-       RESERVED
-CVE-2022-24951
-       RESERVED
-CVE-2022-24950
-       RESERVED
-CVE-2022-24949
-       RESERVED
+CVE-2022-24952 (Several denial of service vulnerabilities exist in Eternal 
Terminal pr ...)
+       TODO: check
+CVE-2022-24951 (A race condition exists in Eternal Terminal prior to version 
6.2.0 whi ...)
+       TODO: check
+CVE-2022-24950 (A race condition exists in Eternal Terminal prior to version 
6.2.0 tha ...)
+       TODO: check
+CVE-2022-24949 (A privilege escalation to root exists in Eternal Terminal 
prior to ver ...)
+       TODO: check
 CVE-2022-24948 (A carefully crafted user preferences for submission could 
trigger an X ...)
        - jspwiki <removed>
 CVE-2022-24947 (Apache JSPWiki user preferences form is vulnerable to CSRF 
attacks, wh ...)
@@ -37881,8 +37901,8 @@ CVE-2022-24656 (HexoEditor 1.1.8 is affected by Cross 
Site Scripting (XSS). By p
        NOT-FOR-US: HexoEditor
 CVE-2022-24655 (A stack overflow vulnerability exists in the upnpd service in 
Netgear  ...)
        NOT-FOR-US: Netgear
-CVE-2022-24654
-       RESERVED
+CVE-2022-24654 (Authenticated stored cross-site scripting (XSS) vulnerability 
in "Fiel ...)
+       TODO: check
 CVE-2022-24653
        RESERVED
 CVE-2022-24652 (sentcms 4.0.x allows remote attackers to cause arbitrary file 
uploads  ...)
@@ -84392,10 +84412,10 @@ CVE-2021-33238
        RESERVED
 CVE-2021-33237
        RESERVED
-CVE-2021-33236
-       RESERVED
-CVE-2021-33235
-       RESERVED
+CVE-2021-33236 (Buffer Overflow vulnerability in write_header in htmldoc 
through 1.9.1 ...)
+       TODO: check
+CVE-2021-33235 (Buffer overflow vulnerability in write_node in htmldoc through 
1.9.11  ...)
+       TODO: check
 CVE-2021-33234
        RESERVED
 CVE-2021-33233
@@ -140590,8 +140610,8 @@ CVE-2020-23624
        RESERVED
 CVE-2020-23623
        RESERVED
-CVE-2020-23622
-       RESERVED
+CVE-2020-23622 (** UNSUPPORTED WHEN ASSIGNED ** An issue in the UPnP protocol 
in 4thli ...)
+       TODO: check
 CVE-2020-23621 (The Java Remote Management Interface of all versions of SVI MS 
Managem ...)
        NOT-FOR-US: Squire Remote Management Interface
 CVE-2020-23620 (The Java Remote Management Interface of all versions of 
Orlansoft ERP  ...)
@@ -144872,10 +144892,10 @@ CVE-2020-21644
        RESERVED
 CVE-2020-21643
        RESERVED
-CVE-2020-21642
-       RESERVED
-CVE-2020-21641
-       RESERVED
+CVE-2020-21642 (Directory Traversal vulnerability ZDBQAREFSUBDIR parameter in 
/zropuse ...)
+       TODO: check
+CVE-2020-21641 (Out-of-Band XML External Entity (OOB-XXE) vulnerability in 
Zoho Manage ...)
+       TODO: check
 CVE-2020-21640
        RESERVED
 CVE-2020-21639 (Ruijie RG-UAC 6000-E50 commit 9071227 was discovered to 
contain a cros ...)
@@ -145525,8 +145545,8 @@ CVE-2020-21367
        RESERVED
 CVE-2020-21366
        RESERVED
-CVE-2020-21365
-       RESERVED
+CVE-2020-21365 (Directory traversal vulnerability in wkhtmltopdf through 
0.12.5 allows ...)
+       TODO: check
 CVE-2020-21364
        RESERVED
 CVE-2020-21363 (An arbitrary file deletion vulnerability exists within 
Maccms10. ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/26797cd3c4a0800d4751b5f54e348cd9902f4d75

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/26797cd3c4a0800d4751b5f54e348cd9902f4d75
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to