[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) Sat, 30 Jul 2022 01:10:32 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
0b346db6 by security tracker role at 2022-07-30T08:10:11+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,77 @@
+CVE-2022-37037
+       RESERVED
+CVE-2022-37036
+       RESERVED
+CVE-2022-37035
+       RESERVED
+CVE-2022-37034
+       RESERVED
+CVE-2022-37033
+       RESERVED
+CVE-2022-37032
+       RESERVED
+CVE-2022-37031
+       RESERVED
+CVE-2022-37030
+       RESERVED
+CVE-2022-37029
+       RESERVED
+CVE-2022-37028
+       RESERVED
+CVE-2022-37027
+       RESERVED
+CVE-2022-37026
+       RESERVED
+CVE-2022-37025
+       RESERVED
+CVE-2022-37024
+       RESERVED
+CVE-2022-2588
+       RESERVED
+CVE-2022-2587
+       RESERVED
+CVE-2022-2586
+       RESERVED
+CVE-2022-2585
+       RESERVED
+CVE-2022-2584
+       RESERVED
+CVE-2022-2583
+       RESERVED
+CVE-2022-2582
+       RESERVED
+CVE-2021-4239
+       RESERVED
+CVE-2021-4238
+       RESERVED
+CVE-2021-4237
+       RESERVED
+CVE-2021-4236
+       RESERVED
+CVE-2021-4235
+       RESERVED
+CVE-2020-36569
+       RESERVED
+CVE-2020-36568
+       RESERVED
+CVE-2020-36567
+       RESERVED
+CVE-2020-36566
+       RESERVED
+CVE-2020-36565
+       RESERVED
+CVE-2020-36564
+       RESERVED
+CVE-2020-36563
+       RESERVED
+CVE-2019-25075
+       RESERVED
+CVE-2019-25074
+       RESERVED
+CVE-2019-25073
+       RESERVED
+CVE-2016-15005
+       RESERVED
 CVE-2022-37023
        RESERVED
 CVE-2022-37022
@@ -1274,8 +1348,8 @@ CVE-2022-36449
        RESERVED
 CVE-2022-36448
        RESERVED
-CVE-2022-36447
-       RESERVED
+CVE-2022-36447 (An inflation issue was discovered in Chia Network CAT1 
Standard 1.0.0. ...)
+       TODO: check
 CVE-2022-36446 (software/apt-lib.pl in Webmin before 1.997 lacks HTML escaping 
for a U ...)
        - webmin <removed>
 CVE-2022-36445
@@ -1448,8 +1522,8 @@ CVE-2022-36386
        RESERVED
 CVE-2022-36379
        RESERVED
-CVE-2022-36378
-       RESERVED
+CVE-2022-36378 (Authenticated (author or higher user role) Stored Cross-Site 
Scripting ...)
+       TODO: check
 CVE-2022-36375 (Authenticated (high role user) WordPress Options Change 
vulnerability  ...)
        NOT-FOR-US: WordPress plugin
 CVE-2022-36371
@@ -1577,8 +1651,8 @@ CVE-2022-36338
        RESERVED
 CVE-2022-36337
        RESERVED
-CVE-2022-36336
-       RESERVED
+CVE-2022-36336 (A link following vulnerability in the scanning function of 
Trend Micro ...)
+       TODO: check
 CVE-2022-36297
        RESERVED
 CVE-2022-36286
@@ -2823,8 +2897,7 @@ CVE-2022-35865
        RESERVED
 CVE-2022-35864
        RESERVED
-CVE-2022-2414
-       RESERVED
+CVE-2022-2414 (Access to external entities when parsing XML documents can lead 
to XML ...)
        - dogtag-pki <unfixed> (bug #1014957)
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2104676
        NOTE: https://github.com/dogtagpki/pki/pull/4021
@@ -4293,8 +4366,8 @@ CVE-2022-2327 (io_uring use work_flags to determine which 
identity need to grab
 CVE-2022-2326
        RESERVED
        - gitlab <unfixed>
-CVE-2022-35234
-       RESERVED
+CVE-2022-35234 (Trend Micro Security 2021 and 2022 (Consumer) is vulnerable to 
an Out- ...)
+       TODO: check
 CVE-2022-35233
        RESERVED
 CVE-2022-35232
@@ -4305,10 +4378,10 @@ CVE-2022-33896
        RESERVED
 CVE-2022-2325
        RESERVED
-CVE-2022-2324
-       RESERVED
-CVE-2022-2323
-       RESERVED
+CVE-2022-2324 (Improperly Implemented Security Check vulnerability in the 
SonicWall H ...)
+       TODO: check
+CVE-2022-2323 (Improper neutralization of special elements used in a user 
input allow ...)
+       TODO: check
 CVE-2022-2322
        RESERVED
 CVE-2022-2321 (Improper Restriction of Excessive Authentication Attempts in 
GitHub re ...)
@@ -6135,18 +6208,18 @@ CVE-2022-34533
        RESERVED
 CVE-2022-34532
        RESERVED
-CVE-2022-34531
-       RESERVED
+CVE-2022-34531 (DedeCMS v5.7.95 was discovered to contain a remote code 
execution (RCE ...)
+       TODO: check
 CVE-2022-34530
        RESERVED
 CVE-2022-34529 (WASM3 v0.5.0 was discovered to contain a segmentation fault 
via the co ...)
        NOT-FOR-US: WASM3
-CVE-2022-34528
-       RESERVED
-CVE-2022-34527
-       RESERVED
-CVE-2022-34526
-       RESERVED
+CVE-2022-34528 (D-Link DSL-3782 v1.03 and below was discovered to contain a 
stack over ...)
+       TODO: check
+CVE-2022-34527 (D-Link DSL-3782 v1.03 and below was discovered to contain a 
command in ...)
+       TODO: check
+CVE-2022-34526 (A stack overflow was discovered in the _TIFFVGetField function 
of Tiff ...)
+       TODO: check
 CVE-2022-34525
        RESERVED
 CVE-2022-34524
@@ -6210,8 +6283,8 @@ CVE-2022-34498
        RESERVED
 CVE-2022-34497
        RESERVED
-CVE-2022-34496
-       RESERVED
+CVE-2022-34496 (Hiby R3 PRO firmware v1.5 to v1.7 was discovered to contain a 
file upl ...)
+       TODO: check
 CVE-2022-34495 (rpmsg_probe in drivers/rpmsg/virtio_rpmsg_bus.c in the Linux 
kernel be ...)
        - linux 5.18.5-1
        [bullseye] - linux <not-affected> (Vulnerable code not present)
@@ -9627,8 +9700,8 @@ CVE-2022-33160
        RESERVED
 CVE-2022-33159
        RESERVED
-CVE-2022-33158
-       RESERVED
+CVE-2022-33158 (Trend Micro VPN Proxy Pro version 5.2.1026 and below contains 
a vulner ...)
+       TODO: check
 CVE-2022-33157 (The libconnect extension before 7.0.8 and 8.x before 8.1.0 for 
TYPO3 a ...)
        NOT-FOR-US: TYPO3 extension
 CVE-2022-33156 (The matomo_integration (aka Matomo Integration) extension 
before 1.3.2 ...)
@@ -18326,8 +18399,8 @@ CVE-2022-30085
        RESERVED
 CVE-2022-30084
        RESERVED
-CVE-2022-30083
-       RESERVED
+CVE-2022-30083 (EllieGrid Android Application version 3.4.1 is vulnerable to 
Code Inje ...)
+       TODO: check
 CVE-2022-30082
        RESERVED
 CVE-2022-30081
@@ -18838,7 +18911,7 @@ CVE-2022-29901 (Intel microprocessor generations 6 to 8 
are affected by a new Sp
        NOTE: https://comsec.ethz.ch/research/microarch/retbleed/
        NOTE: https://comsec.ethz.ch/wp-content/files/retbleed_sec22.pdf
        NOTE: 
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00702.html
-CVE-2022-29900 (AMD microprocessor families 15h to 18h are affected by a new 
Spectre v ...)
+CVE-2022-29900 (Mis-trained branch predictions for return instructions may 
allow arbit ...)
        {DSA-5184-1}
        - linux 5.18.14-1
        - xen <unfixed>
@@ -24897,12 +24970,12 @@ CVE-2022-27868 (A maliciously crafted CAT file in 
Autodesk AutoCAD 2023 can be u
        NOT-FOR-US: Autodesk
 CVE-2022-27867 (A maliciously crafted JT file in Autodesk AutoCAD 2022, 2021, 
2020, 20 ...)
        NOT-FOR-US: Autodesk
-CVE-2022-27866
-       RESERVED
-CVE-2022-27865
-       RESERVED
-CVE-2022-27864
-       RESERVED
+CVE-2022-27866 (A maliciously crafted TIFF file when consumed through 
DesignReview.exe ...)
+       TODO: check
+CVE-2022-27865 (A maliciously crafted TGA or PCX file may be used to write 
beyond the  ...)
+       TODO: check
+CVE-2022-27864 (A Double Free vulnerability allows remote attackers to execute 
arbitra ...)
+       TODO: check
 CVE-2022-27186
        RESERVED
 CVE-2022-27177 (A Python format string issue leading to information disclosure 
and pot ...)
@@ -40226,14 +40299,14 @@ CVE-2022-23006
        RESERVED
 CVE-2022-23005
        RESERVED
-CVE-2022-23004
-       RESERVED
-CVE-2022-23003
-       RESERVED
-CVE-2022-23002
-       RESERVED
-CVE-2022-23001
-       RESERVED
+CVE-2022-23004 (When computing a shared secret or point multiplication on the 
NIST P-2 ...)
+       TODO: check
+CVE-2022-23003 (When computing a shared secret or point multiplication on the 
NIST P-2 ...)
+       TODO: check
+CVE-2022-23002 (When compressing or decompressing a point on the NIST P-256 
elliptic c ...)
+       TODO: check
+CVE-2022-23001 (When compressing or decompressing elliptic curve points using 
the Swee ...)
+       TODO: check
 CVE-2022-23000 (The Western Digital My Cloud Web App 
[https://os5.mycloud.com/] uses a ...)
        NOT-FOR-US: Western Digital
 CVE-2022-22999 (Western Digital My Cloud devices are vulnerable to a cross 
side script ...)
@@ -43380,8 +43453,8 @@ CVE-2022-22282 (SonicWall SMA1000 series firmware 
12.4.0, 12.4.1-02965 and earli
        NOT-FOR-US: SonicWall
 CVE-2022-22281 (A buffer overflow vulnerability in the SonicWall SSL-VPN 
NetExtender W ...)
        NOT-FOR-US: SonicWall
-CVE-2022-22280
-       RESERVED
+CVE-2022-22280 (Improper Neutralization of Special Elements used in an SQL 
Command lea ...)
+       TODO: check
 CVE-2022-22279 (** UNSUPPORTED WHEN ASSIGNED ** A post-authentication 
arbitrary file r ...)
        NOT-FOR-US: Sonicwall
 CVE-2022-22278 (A vulnerability in SonicOS CFS (Content filtering service) 
returns a l ...)
@@ -95182,8 +95255,8 @@ CVE-2021-27787
        RESERVED
 CVE-2021-27786 (Cross-origin resource sharing (CORS) enables browsers to 
perform cross ...)
        NOT-FOR-US: HCL
-CVE-2021-27785
-       RESERVED
+CVE-2021-27785 (HCL Commerce's Remote Store server could allow a local 
attacker to obt ...)
+       TODO: check
 CVE-2021-27784
        RESERVED
 CVE-2021-27783 (User generated PPKG file for Bulk Enroll may have unencrypted 
sensitiv ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0b346db6c076e9834a1f3e979b4f933ef51b4bf2

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0b346db6c076e9834a1f3e979b4f933ef51b4bf2
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to