[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) Thu, 18 Aug 2022 13:10:35 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
c498f672 by security tracker role at 2022-08-18T20:10:18+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,21 @@
+CVE-2022-38398
+       RESERVED
+CVE-2022-38397
+       RESERVED
+CVE-2022-2891
+       RESERVED
+CVE-2022-2890
+       RESERVED
+CVE-2022-2889
+       RESERVED
+CVE-2022-2888
+       RESERVED
+CVE-2022-2887
+       RESERVED
+CVE-2022-2886
+       RESERVED
+CVE-2022-2885
+       RESERVED
 CVE-2022-38396
        RESERVED
 CVE-2022-38395
@@ -20,8 +38,8 @@ CVE-2022-2878
        RESERVED
 CVE-2022-2877
        RESERVED
-CVE-2022-2876
-       RESERVED
+CVE-2022-2876 (A vulnerability, which was classified as critical, was found in 
Source ...)
+       TODO: check
 CVE-2022-XXXX [freeciv modpack installer buffer overflow]
        - freeciv <unfixed> (bug #1017579)
        [bullseye] - freeciv <no-dsa> (Minor issue)
@@ -31,8 +49,8 @@ CVE-2022-38392 (A certain 5400 RPM OEM hard drive, as shipped 
with laptop PCs in
        NOT-FOR-US: Microsoft
 CVE-2022-2875
        RESERVED
-CVE-2022-2874
-       RESERVED
+CVE-2022-2874 (NULL Pointer Dereference in GitHub repository vim/vim prior to 
9.0.022 ...)
+       TODO: check
 CVE-2022-2873
        RESERVED
 CVE-2022-2872
@@ -718,6 +736,7 @@ CVE-2022-2788
        RESERVED
 CVE-2022-2787
        RESERVED
+       {DSA-5213-1 DLA-3075-1}
        - schroot 1.6.12-2
        NOTE: 
https://codeberg.org/shelter/reschroot/commit/6f7166a285e1e97aea390be633591f9791b29a6d
 CVE-2022-38170
@@ -2481,8 +2500,8 @@ CVE-2022-37424
        RESERVED
 CVE-2022-37423 (Neo4j APOC (Awesome Procedures on Cypher) before 4.3.0.7 and 
4.x befor ...)
        NOT-FOR-US: Neo4j APOC (Awesome Procedures on Cypher)
-CVE-2022-37422
-       RESERVED
+CVE-2022-37422 (Payara through 5.2022.2 allows directory traversal without 
authenticat ...)
+       TODO: check
 CVE-2022-37421
        RESERVED
 CVE-2022-37420
@@ -3442,14 +3461,14 @@ CVE-2022-37065
        RESERVED
 CVE-2022-37064
        RESERVED
-CVE-2022-37063
-       RESERVED
-CVE-2022-37062
-       RESERVED
-CVE-2022-37061
-       RESERVED
-CVE-2022-37060
-       RESERVED
+CVE-2022-37063 (All FLIR AX8 thermal sensor cameras versions up to and 
including 1.46. ...)
+       TODO: check
+CVE-2022-37062 (All FLIR AX8 thermal sensor cameras version up to and 
including 1.46.1 ...)
+       TODO: check
+CVE-2022-37061 (All FLIR AX8 thermal sensor cameras version up to and 
including 1.46.1 ...)
+       TODO: check
+CVE-2022-37060 (FLIR AX8 thermal sensor cameras version up to and including 
1.46.16 is ...)
+       TODO: check
 CVE-2022-37059
        RESERVED
 CVE-2022-37058
@@ -3539,8 +3558,8 @@ CVE-2022-37027
        RESERVED
 CVE-2022-37026
        RESERVED
-CVE-2022-37025
-       RESERVED
+CVE-2022-37025 (An improper privilege management vulnerability in McAfee 
Security Scan ...)
+       TODO: check
 CVE-2022-37024 (Zoho ManageEngine OpManager, OpManager Plus, OpManager MSP, 
Network Co ...)
        NOT-FOR-US: Zoho ManageEngine
 CVE-2022-2588
@@ -6088,10 +6107,10 @@ CVE-2022-36026
        RESERVED
 CVE-2022-36025
        RESERVED
-CVE-2022-36024
-       RESERVED
-CVE-2022-36023
-       RESERVED
+CVE-2022-36024 (A fork of discord.py py-cord is a modern, easy to use, 
feature-rich, a ...)
+       TODO: check
+CVE-2022-36023 (Hyperledger Fabric is an enterprise-grade permissioned 
distributed led ...)
+       TODO: check
 CVE-2022-36022
        RESERVED
 CVE-2022-36021
@@ -6188,8 +6207,8 @@ CVE-2022-35977
        RESERVED
 CVE-2022-35976
        RESERVED
-CVE-2022-35975
-       RESERVED
+CVE-2022-35975 (The GitOps Tools Extension for VSCode can make it easier to 
manage Flu ...)
+       TODO: check
 CVE-2022-35974
        RESERVED
 CVE-2022-35973
@@ -8094,8 +8113,8 @@ CVE-2022-35200
        RESERVED
 CVE-2022-35199
        RESERVED
-CVE-2022-35198
-       RESERVED
+CVE-2022-35198 (Contract Management System v2.0 contains a weak default 
password which ...)
+       TODO: check
 CVE-2022-35197
        RESERVED
 CVE-2022-35196
@@ -8140,12 +8159,12 @@ CVE-2022-35177
        RESERVED
 CVE-2022-35176
        RESERVED
-CVE-2022-35175
-       RESERVED
-CVE-2022-35174
-       RESERVED
-CVE-2022-35173
-       RESERVED
+CVE-2022-35175 (Barangay Management System v1.0 was discovered to contain a 
SQL inject ...)
+       TODO: check
+CVE-2022-35174 (A stored cross-site scripting (XSS) vulnerability in Kirby's 
Starterki ...)
+       TODO: check
+CVE-2022-35173 (An issue was discovered in Nginx NJS v0.7.5. The JUMP offset 
for a bre ...)
+       TODO: check
 CVE-2022-35172 (SAP NetWeaver Enterprise Portal - versions 7.10, 7.11, 7.20, 
7.30, 7.3 ...)
        NOT-FOR-US: SAP
 CVE-2022-35171 (When a user opens manipulated JPEG 2000 (.jp2, jp2k.x3d) files 
receive ...)
@@ -11743,30 +11762,30 @@ CVE-2022-33882
        RESERVED
 CVE-2022-33881 (Parsing a maliciously crafted PRT file can force Autodesk 
AutoCAD 2023 ...)
        NOT-FOR-US: Autodesk
-CVE-2022-33311
-       RESERVED
-CVE-2022-33151
-       RESERVED
-CVE-2022-32583
-       RESERVED
-CVE-2022-32544
-       RESERVED
-CVE-2022-32453
-       RESERVED
-CVE-2022-32283
-       RESERVED
-CVE-2022-30693
-       RESERVED
-CVE-2022-30604
-       RESERVED
-CVE-2022-29891
-       RESERVED
-CVE-2022-29487
-       RESERVED
-CVE-2022-28715
-       RESERVED
-CVE-2022-25986
-       RESERVED
+CVE-2022-33311 (Browse restriction bypass vulnerability in Address Book of 
Cybozu Offi ...)
+       TODO: check
+CVE-2022-33151 (Cross-site scripting vulnerability in the specific parameters 
of Cyboz ...)
+       TODO: check
+CVE-2022-32583 (Operation restriction bypass vulnerability in Scheduler of 
Cybozu Offi ...)
+       TODO: check
+CVE-2022-32544 (Operation restriction bypass vulnerability in Project of 
Cybozu Office ...)
+       TODO: check
+CVE-2022-32453 (HTTP header injection vulnerability in Cybozu Office 10.0.0 to 
10.8.5  ...)
+       TODO: check
+CVE-2022-32283 (Browse restriction bypass vulnerability in Cabinet of Cybozu 
Office 10 ...)
+       TODO: check
+CVE-2022-30693 (Information disclosure vulnerability in the system 
configuration of Cy ...)
+       TODO: check
+CVE-2022-30604 (Cross-site scripting vulnerability in the specific parameters 
of Cyboz ...)
+       TODO: check
+CVE-2022-29891 (Browse restriction bypass vulnerability in Custom Ap of Cybozu 
Office  ...)
+       TODO: check
+CVE-2022-29487 (Cross-site scripting vulnerability in Cybozu Office 10.0.0 to 
10.8.5 a ...)
+       TODO: check
+CVE-2022-28715 (Cross-site scripting vulnerability in the specific parameters 
of Cyboz ...)
+       TODO: check
+CVE-2022-25986 (Browse restriction bypass vulnerability in Scheduler of Cybozu 
Office  ...)
+       TODO: check
 CVE-2022-2108 (The plugin Wbcom Designs &#8211; BuddyPress Group Reviews for 
WordPres ...)
        NOT-FOR-US: WordPress plugin
 CVE-2022-2107 (The MiCODUS MV720 GPS tracker API server has an authentication 
mechani ...)
@@ -18880,6 +18899,7 @@ CVE-2022-31165
 CVE-2022-31164 (Tovy is a a staff management system for Roblox groups. A 
vulnerability ...)
        NOT-FOR-US: Tovy
 CVE-2022-31163 (TZInfo is a Ruby library that provides access to time zone 
data and al ...)
+       {DLA-3077-1}
        - ruby-tzinfo 2.0.4-2
        NOTE: 
https://github.com/tzinfo/tzinfo/security/advisories/GHSA-5cm2-9h8c-rvfx
        NOTE: 
https://github.com/tzinfo/tzinfo/commit/9eddbb5c0e682736f61d0dd803b6031a5db9eadf
 (v0.3.61)
@@ -23818,10 +23838,10 @@ CVE-2022-29552
        RESERVED
 CVE-2022-29551
        RESERVED
-CVE-2022-29550
-       RESERVED
-CVE-2022-29549
-       RESERVED
+CVE-2022-29550 (** DISPUTED ** An issue was discovered in Qualys Cloud Agent 
4.8.0-49. ...)
+       TODO: check
+CVE-2022-29549 (An issue was discovered in Qualys Cloud Agent 4.8.0-49. It 
executes pr ...)
+       TODO: check
 CVE-2022-29548 (A reflected XSS issue exists in the Management Console of 
several WSO2 ...)
        NOT-FOR-US: WSO2
 CVE-2022-29547 (The CreateRedirect extension before 2022-04-14 for MediaWiki 
does not  ...)
@@ -47724,7 +47744,7 @@ CVE-2021-45845 (The Path Sanity Check script of FreeCAD 
0.19 is vulnerable to OS
        NOTE: Fixed by: 
https://github.com/FreeCAD/FreeCAD/commit/a73f442f88725e08f36a3614e690bdef24c3dee3
 (0.19.4)
        NOTE: https://tracker.freecad.org/view.php?id=4810
 CVE-2021-45844 (Improper sanitization in the invocation of ODA File Converter 
from Fre ...)
-       {DLA-2934-1}
+       {DLA-3076-1 DLA-2934-1}
        - freecad 0.19.4+dfsg1-1 (bug #1005747)
        NOTE: Fixed by; 
https://github.com/FreeCAD/FreeCAD/commit/1742d7ff82af1653253c4a4183c262c9af3b26d6
 (master)
        NOTE: Fxied by: 
https://github.com/FreeCAD/FreeCAD/commit/ad6977f940d3e64d78a4367452d9a338ad43fa1c
 (0.19.4)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c498f672adc85d05e7335e3225ca5da805df08d2

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c498f672adc85d05e7335e3225ca5da805df08d2
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to