[Git][security-tracker-team/security-tracker][master] automatic update

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
11fadef7 by security tracker role at 2022-12-27T08:10:12+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,11 @@
+CVE-2022-47966
+       RESERVED
+CVE-2022-4746
+       RESERVED
+CVE-2022-4745
+       RESERVED
+CVE-2021-4281 (A vulnerability was found in Brave UX for-the-badge and 
classified as  ...)
+       TODO: check
 CVE-2022-47908
        RESERVED
 CVE-2022-4744
@@ -87,7 +95,7 @@ CVE-2022-4725 (A vulnerability was found in AWS SDK 2.59.0. 
It has been rated as
        NOT-FOR-US: aws-sdk-android
 CVE-2021-4277 (A vulnerability, which was classified as problematic, has been 
found i ...)
        NOT-FOR-US: fredsmith utils
-CVE-2021-4276 (** UNSUPPORTED WHEN ASSIGNED ** ** DISPUTED ** A vulnerability 
was fou ...)
+CVE-2021-4276 (** DISPUTED ** ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability 
was fou ...)
        NOT-FOR-US: dns-stats hedgehog
 CVE-2020-36629 (A vulnerability classified as critical was found in SimbCo 
httpster. T ...)
        NOT-FOR-US: SimbCo httpster
@@ -4813,10 +4821,10 @@ CVE-2022-46766
        RESERVED
 CVE-2022-46765
        RESERVED
-CVE-2022-46764
-       RESERVED
-CVE-2022-46763
-       RESERVED
+CVE-2022-46764 (A SQL injection issue in the web API in TrueConf Server 
5.2.0.10225 al ...)
+       TODO: check
+CVE-2022-46763 (A SQL injection issue in a database stored function in 
TrueConf Server ...)
+       TODO: check
 CVE-2022-46762
        RESERVED
 CVE-2022-46761
@@ -35031,8 +35039,8 @@ CVE-2022-36666
        RESERVED
 CVE-2022-36665
        RESERVED
-CVE-2022-36664
-       RESERVED
+CVE-2022-36664 (Password Manager for IIS 2.0 has a cross-site scripting (XSS) 
vulnerab ...)
+       TODO: check
 CVE-2022-36663 (Gluu Oxauth before v4.4.1 allows attackers to execute blind 
SSRF (Serv ...)
        NOT-FOR-US: Gluu Oxauth
 CVE-2022-36662
@@ -160870,8 +160878,8 @@ CVE-2020-28193
        RESERVED
 CVE-2020-28192
        RESERVED
-CVE-2020-28191
-       RESERVED
+CVE-2020-28191 (The console in Togglz before 2.9.4 allows CSRF. ...)
+       TODO: check
 CVE-2020-28190 (TerraMaster TOS <= 4.2.06 was found to check for updates 
(of both s ...)
        NOT-FOR-US: TerraMaster TOS
 CVE-2020-28189
@@ -170477,8 +170485,8 @@ CVE-2020-24602 (Ignite Realtime Openfire 4.5.1 has a 
reflected Cross-site script
        NOT-FOR-US: Ignite Realtime Openfire
 CVE-2020-24601 (In Ignite Realtime Openfire 4.5.1 a Stored Cross-site 
Vulnerability al ...)
        NOT-FOR-US: Ignite Realtime Openfire
-CVE-2020-24600
-       RESERVED
+CVE-2020-24600 (Shilpi CAPExWeb 1.1 allows SQL injection via a 
servlet/capexweb.cap_se ...)
+       TODO: check
 CVE-2020-24599 (An issue was discovered in Joomla! before 3.9.21. Lack of 
escaping in  ...)
        NOT-FOR-US: Joomla!
 CVE-2020-24598 (An issue was discovered in Joomla! before 3.9.21. Lack of 
input valida ...)
@@ -203441,8 +203449,8 @@ CVE-2020-11102 (hw/net/tulip.c in QEMU 4.2.0 has a 
buffer overflow during the co
        - qemu-kvm <not-affected> (Vulnerable code/Tulip NIC emulator added 
later)
        NOTE: https://www.openwall.com/lists/oss-security/2020/04/06/1
        NOTE: 
https://git.qemu.org/?p=qemu.git;a=commit;h=8ffb7265af64ec81748335ec8f20e7ab542c3850
 (v5.0.0-rc1)
-CVE-2020-11101
-       RESERVED
+CVE-2020-11101 (Sierra Wireless AirLink Mobility Manager (AMM) before 2.17 
mishandles  ...)
+       TODO: check
 CVE-2020-11100 (In hpack_dht_insert in hpack-tbl.c in the HPACK decoder in 
HAProxy 1.8 ...)
        {DSA-4649-1}
        - haproxy 2.0.13-2
@@ -205271,8 +205279,8 @@ CVE-2020-10652
        RESERVED
 CVE-2020-10651
        RESERVED
-CVE-2020-10650
-       RESERVED
+CVE-2020-10650 (A deserialization flaw was discovered in jackson-databind 
through 2.9. ...)
+       TODO: check
 CVE-2019-20510
        REJECTED
 CVE-2020-10649 (DevActSvc.exe in ASUS Device Activation before 1.0.7.0 for 
Windows 10  ...)
@@ -226470,8 +226478,8 @@ CVE-2019-19707 (On Moxa EDS-G508E, EDS-G512E, and 
EDS-G516E devices (with firmwa
        NOT-FOR-US: Moxa
 CVE-2019-19706
        RESERVED
-CVE-2019-19705
-       RESERVED
+CVE-2019-19705 (Realtek Audio Drivers for Windows, as used on the Lenovo 
ThinkPad X1 C ...)
+       TODO: check
 CVE-2019-19704 (In JetBrains Upsource before 2020.1, information disclosure is 
possibl ...)
        NOT-FOR-US: JetBrains Upsource
 CVE-2019-19703 (In Ktor through 1.2.6, the client resends data from the HTTP 
Authoriza ...)
@@ -230350,8 +230358,8 @@ CVE-2019-19032 (XMLBlueprint through 16.191112 is 
affected by XML External Entit
        NOT-FOR-US: XMLBlueprint
 CVE-2019-19031 (Easy XML Editor through v1.7.8 is affected by: XML External 
Entity Inj ...)
        NOT-FOR-US: Easy XML Editor
-CVE-2019-19030
-       RESERVED
+CVE-2019-19030 (Cloud Native Computing Foundation Harbor before 1.10.3 and 2.x 
before  ...)
+       TODO: check
 CVE-2019-19029 (Cloud Native Computing Foundation Harbor prior to 1.8.6 and 
1.9.3 allo ...)
        NOT-FOR-US: Harbor
 CVE-2019-19028
@@ -236016,8 +236024,8 @@ CVE-2019-18179 (An issue was discovered in Open 
Ticket Request System (OTRS) 7.0
        NOTE: 
https://community.otrs.com/security-advisory-2019-14-security-update-for-otrs-framework/
 CVE-2019-18178 (Real Time Engineers FreeRTOS+FAT 160919a has a use after free. 
The fun ...)
        NOT-FOR-US: FreeRTOS+FAT
-CVE-2019-18177
-       RESERVED
+CVE-2019-18177 (In certain Citrix products, information disclosure can be 
achieved by  ...)
+       TODO: check
 CVE-2019-18176
        RESERVED
 CVE-2019-18175
@@ -245985,8 +245993,8 @@ CVE-2019-14804 (studio/polyglot.php?page=etemplates 
in UNA 10.0.0-RC1 allows XSS
        NOT-FOR-US: UNA
 CVE-2019-14803
        RESERVED
-CVE-2019-14802
-       RESERVED
+CVE-2019-14802 (HashiCorp Nomad 0.5.0 through 0.9.4 (fixed in 0.9.5) reveals 
unintende ...)
+       TODO: check
 CVE-2017-18486 (Jitbit Helpdesk before 9.0.3 allows remote attackers to 
escalate privi ...)
        NOT-FOR-US: Jitbit Helpdesk
 CVE-2019-14801 (The FV Flowplayer Video Player plugin before 7.3.15.727 for 
WordPress  ...)
@@ -248837,8 +248845,8 @@ CVE-2019-13989 (dpic 2019.06.20 has a Stack-based 
Buffer Overflow in the wfloat(
        - dpic <not-affected> (Fixed before initial upload to Debian)
        NOTE: https://gitlab.com/aplevich/dpic/issues/4
        NOTE: 
https://gitlab.com/aplevich/dpic/commit/aa9fc45e207134cbfefa4b9e7a1b49cf11e9397d
-CVE-2019-13988
-       RESERVED
+CVE-2019-13988 (Sierra Wireless MGOS before 3.15.2 and 4.x before 4.3 allows 
attackers ...)
+       TODO: check
 CVE-2019-13987
        RESERVED
 CVE-2019-13986
@@ -255646,8 +255654,8 @@ CVE-2019-11853 (Several potential command injections 
vulnerabilities exist in th
        NOT-FOR-US: ALEOS
 CVE-2019-11852 (An out-of-bounds reads vulnerability exists in the ACEView 
Service of  ...)
        NOT-FOR-US: ALEOS
-CVE-2019-11851
-       RESERVED
+CVE-2019-11851 (The ACENet service in Sierra Wireless ALEOS before 4.4.9, 
4.5.x throug ...)
+       TODO: check
 CVE-2019-11850 (A stack overflow vulnerabiltity exist in the AT command 
interface of A ...)
        NOT-FOR-US: ALEOS
 CVE-2019-11849 (A stack overflow vulnerabiltity exists in the AT command APIs 
of ALEOS ...)
@@ -263293,8 +263301,8 @@ CVE-2019-9581 (phpscheduleit Booked Scheduler 2.7.5 
allows arbitrary file upload
        NOT-FOR-US: phpscheduleit Booked Scheduler
 CVE-2019-9580 (In st2web in StackStorm Web UI before 2.9.3 and 2.10.x before 
2.10.3,  ...)
        NOT-FOR-US: StackStorm
-CVE-2019-9579
-       RESERVED
+CVE-2019-9579 (An issue was discovered in Illumos in Nexenta NexentaStor 4.0.5 
and 5. ...)
+       TODO: check
 CVE-2019-9578 (In devs.c in Yubico libu2f-host before 1.1.8, the response to 
init is  ...)
        - libu2f-host 1.1.9-1 (low; bug #923874)
        [stretch] - libu2f-host 1.1.2-2+deb9u2
@@ -264987,8 +264995,8 @@ CVE-2019-9013 (An issue was discovered in 3S-Smart 
CODESYS V3 products. The appl
        NOT-FOR-US: 3S-Smart CODESYS V3
 CVE-2019-9012 (An issue was discovered in 3S-Smart CODESYS V3 products. A 
crafted com ...)
        NOT-FOR-US: 3S-Smart CODESYS V3
-CVE-2019-9011
-       RESERVED
+CVE-2019-9011 (In Pilz PMC programming tool 3.x before 3.5.17 (based on 
CODESYS Devel ...)
+       TODO: check
 CVE-2019-9010 (An issue was discovered in 3S-Smart CODESYS V3 products. The 
CODESYS G ...)
        NOT-FOR-US: 3S-Smart CODESYS V3
 CVE-2019-9009 (An issue was discovered in 3S-Smart CODESYS before 3.5.15.0 . 
Crafted  ...)
@@ -298710,8 +298718,8 @@ CVE-2018-16137 (An issue was discovered in the Web 
Management Console in IPBRICK
        NOT-FOR-US: IPBRICK OS
 CVE-2018-16136 (An issue was discovered in the administrator interface in 
IPBRICK OS 6 ...)
        NOT-FOR-US: IPBRICK OS
-CVE-2018-16135
-       RESERVED
+CVE-2018-16135 (The Opera Mini application 47.1.2249.129326 for Android allows 
remote  ...)
+       TODO: check
 CVE-2018-16134 (Cybrotech CyBroHttpServer 1.0.3 allows XSS via a URI. ...)
        NOT-FOR-US: Cybrotech
 CVE-2018-16133 (Cybrotech CyBroHttpServer 1.0.3 allows Directory Traversal via 
a ../ i ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/11fadef779104ea6f83be44abfff852c875d8407

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/11fadef779104ea6f83be44abfff852c875d8407
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits