[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) Fri, 30 Dec 2022 00:10:42 -0800


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
221d1919 by security tracker role at 2022-12-30T08:10:17+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,17 @@
+CVE-2022-48195
+       RESERVED
+CVE-2022-48194 (TP-Link TL-WR902AC devices through V3 0.9.1 allow remote 
authenticated ...)
+       TODO: check
+CVE-2022-48193
+       RESERVED
+CVE-2022-48192
+       RESERVED
+CVE-2022-48191
+       RESERVED
+CVE-2021-46870
+       RESERVED
+CVE-2021-46869
+       RESERVED
 CVE-2023-22500
        RESERVED
 CVE-2023-22499
@@ -918,7 +932,7 @@ CVE-2023-22277
        RESERVED
 CVE-2023-0026
        RESERVED
-CVE-2022-47968 (Heimdall Application Dashboard through 2.5.4 allows reflected 
XSS via  ...)
+CVE-2022-47968 (Heimdall Application Dashboard through 2.5.4 allows reflected 
and stor ...)
        NOT-FOR-US: Heimdall Application Dashboard
 CVE-2022-47967
        RESERVED
@@ -14419,8 +14433,8 @@ CVE-2022-44139 (Apartment Visitor Management System 
v1.0 is vulnerable to SQL In
        NOT-FOR-US: Apartment Visitor Management System
 CVE-2022-44138
        RESERVED
-CVE-2022-44137
-       RESERVED
+CVE-2022-44137 (SourceCodester Sanitization Management System 1.0 is 
vulnerable to SQL ...)
+       TODO: check
 CVE-2022-44136 (Zenario CMS 9.3.57186 is vulnerable to Remote Code Excution 
(RCE). ...)
        NOT-FOR-US: Zenario CMS
 CVE-2022-44135
@@ -32078,26 +32092,26 @@ CVE-2022-38214
        RESERVED
 CVE-2022-38213
        RESERVED
-CVE-2022-38212
-       RESERVED
-CVE-2022-38211
-       RESERVED
-CVE-2022-38210
-       RESERVED
-CVE-2022-38209
-       RESERVED
-CVE-2022-38208
-       RESERVED
-CVE-2022-38207
-       RESERVED
-CVE-2022-38206
-       RESERVED
-CVE-2022-38205
-       RESERVED
-CVE-2022-38204
-       RESERVED
-CVE-2022-38203
-       RESERVED
+CVE-2022-38212 (Protections against potential Server-Side Request Forgery 
(SSRF) vulne ...)
+       TODO: check
+CVE-2022-38211 (Protections against potential Server-Side Request Forgery 
(SSRF) vulne ...)
+       TODO: check
+CVE-2022-38210 (There is a reflected HTML injection vulnerability in Esri 
Portal for A ...)
+       TODO: check
+CVE-2022-38209 (There is a reflected XSS vulnerability in Esri Portal for 
ArcGIS versi ...)
+       TODO: check
+CVE-2022-38208 (There is an unvalidated redirect vulnerability in Esri Portal 
for ArcG ...)
+       TODO: check
+CVE-2022-38207 (There is a reflected XSS vulnerability in Esri Portal for 
ArcGIS versi ...)
+       TODO: check
+CVE-2022-38206 (There is a reflected XSS vulnerability in Esri Portal for 
ArcGIS versi ...)
+       TODO: check
+CVE-2022-38205 (In some non-default installations of Esri Portal for ArcGIS 
versions 1 ...)
+       TODO: check
+CVE-2022-38204 (There is a reflected XSS vulnerability in Esri Portal for 
ArcGIS versi ...)
+       TODO: check
+CVE-2022-38203 (Protections against potential Server-Side Request Forgery 
(SSRF) vulne ...)
+       TODO: check
 CVE-2022-38202 (There is a path traversal vulnerability in Esri ArcGIS Server 
versions ...)
        TODO: check
 CVE-2022-38201 (An unvalidated redirect vulnerability exists in Esri Portal 
for ArcGIS ...)
@@ -36597,8 +36611,8 @@ CVE-2022-36439 (AsusSoftwareManager.exe in ASUS System 
Control Interface on ASUS
        NOT-FOR-US: ASUS
 CVE-2022-36438 (AsusSwitch.exe on ASUS personal computers (running Windows) 
sets weak  ...)
        NOT-FOR-US: ASUS
-CVE-2022-36437
-       RESERVED
+CVE-2022-36437 (The Connection handler in Hazelcast and Hazelcast Jet allows a 
remote  ...)
+       TODO: check
 CVE-2022-36436 (OSU Open Source Lab VNCAuthProxy through 1.1.1 is affected by 
an vncap ...)
        NOT-FOR-US: OSU Open Source Lab VNCAuthProxy
 CVE-2022-36435
@@ -53408,8 +53422,8 @@ CVE-2022-30521 (The LAN-side Web-Configuration 
Interface has Stack-based Buffer
        NOT-FOR-US: D-Link
 CVE-2022-30520
        RESERVED
-CVE-2022-30519
-       RESERVED
+CVE-2022-30519 (XSS in signing form in Reprise Software RLM License 
Administration v14 ...)
+       TODO: check
 CVE-2022-30518 (ChatBot Application with a Suggestion Feature 1.0 was 
discovered to co ...)
        NOT-FOR-US: ChatBot Application with a Suggestion Feature
 CVE-2022-30517 (Mogu blog 5.2 is vulnerable to Cross Site Scripting (XSS). ...)
@@ -107109,6 +107123,7 @@ CVE-2021-37535 (SAP NetWeaver Application Server Java 
(JMS Connector Service) -
 CVE-2021-37534 (app/View/GalaxyClusters/add.ctp in MISP 2.4.146 allows Stored 
XSS when ...)
        NOT-FOR-US: MISP
 CVE-2021-37533 (Prior to Apache Commons Net 3.9.0, Net's FTP client trusts the 
host fr ...)
+       {DSA-5307-1 DLA-3251-1}
        - libcommons-net-java 3.9.0-1 (bug #1025910)
        NOTE: https://lists.apache.org/thread/o6yn9r9x6s94v97264hmgol1sf48mvx7
        NOTE: https://issues.apache.org/jira/browse/NET-711



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/221d191914f13507efd559affbc414491d00bd5a

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/221d191914f13507efd559affbc414491d00bd5a
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to