Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
65af02c4 by security tracker role at 2022-09-03T08:10:16+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,59 @@
+CVE-2022-39808
+ RESERVED
+CVE-2022-39807
+ RESERVED
+CVE-2022-39806
+ RESERVED
+CVE-2022-39805
+ RESERVED
+CVE-2022-39804
+ RESERVED
+CVE-2022-39803
+ RESERVED
+CVE-2022-39802
+ RESERVED
+CVE-2022-39801
+ RESERVED
+CVE-2022-39800
+ RESERVED
+CVE-2022-39799
+ RESERVED
+CVE-2022-3117
+ RESERVED
+CVE-2022-3116
+ RESERVED
+CVE-2022-3115
+ RESERVED
+CVE-2022-3114
+ RESERVED
+CVE-2022-3113
+ RESERVED
+CVE-2022-3112
+ RESERVED
+CVE-2022-3111
+ RESERVED
+CVE-2022-3110
+ RESERVED
+CVE-2022-3109
+ RESERVED
+CVE-2022-3108
+ RESERVED
+CVE-2022-3107
+ RESERVED
+CVE-2022-3106
+ RESERVED
+CVE-2022-3105
+ RESERVED
+CVE-2022-3104
+ RESERVED
+CVE-2022-3103
+ RESERVED
+CVE-2022-3102
+ RESERVED
+CVE-2022-3101
+ RESERVED
+CVE-2022-3100
+ RESERVED
CVE-2022-39798
RESERVED
CVE-2022-39797
@@ -1606,8 +1662,8 @@ CVE-2022-3067
RESERVED
CVE-2022-3066
RESERVED
-CVE-2022-3065
- RESERVED
+CVE-2022-3065 (Improper Access Control in GitHub repository jgraph/drawio
prior to 20 ...)
+ TODO: check
CVE-2022-3064
RESERVED
CVE-2022-3063
@@ -7852,8 +7908,8 @@ CVE-2022-36756 (DIR845L A1 v1.00-v1.03 is vulnerable to
command injection via /h
NOT-FOR-US: D-Link
CVE-2022-36755 (D-Link DIR845L A1 contains a authentication vulnerability via
an AUTHO ...)
NOT-FOR-US: D-Link
-CVE-2022-36754
- RESERVED
+CVE-2022-36754 (Expense Management System v1.0 was discovered to contain a SQL
injecti ...)
+ TODO: check
CVE-2022-36753
RESERVED
CVE-2022-36752 (png2webp v1.0.4 was discovered to contain an out-of-bounds
write via t ...)
@@ -8066,8 +8122,8 @@ CVE-2022-36649
RESERVED
CVE-2022-36648
RESERVED
-CVE-2022-36647
- RESERVED
+CVE-2022-36647 (PKUVCL davs2 v1.6.205 was discovered to contain a global
buffer overfl ...)
+ TODO: check
CVE-2022-36646
RESERVED
CVE-2022-36645
@@ -8076,16 +8132,16 @@ CVE-2022-36644
RESERVED
CVE-2022-36643
RESERVED
-CVE-2022-36642
- RESERVED
+CVE-2022-36642 (A local file disclosure vulnerability in
/appConfig/userDB.json of Tel ...)
+ TODO: check
CVE-2022-36641
RESERVED
-CVE-2022-36640
- RESERVED
-CVE-2022-36639
- RESERVED
-CVE-2022-36638
- RESERVED
+CVE-2022-36640 (influxData influxDB before v1.8.10 contains no authentication
mechanis ...)
+ TODO: check
+CVE-2022-36639 (A stored cross-site scripting (XSS) vulnerability in
/client.php of Ga ...)
+ TODO: check
+CVE-2022-36638 (An access control issue in the component print.php of Garage
Managemen ...)
+ TODO: check
CVE-2022-36637 (Garage Management System v1.0 was discovered to contain a
persistent c ...)
NOT-FOR-US: Garage Management System
CVE-2022-36636 (Garage Management System v1.0 was discovered to contain a SQL
injectio ...)
@@ -9907,8 +9963,8 @@ CVE-2022-35935
RESERVED
CVE-2022-35934
RESERVED
-CVE-2022-35933
- RESERVED
+CVE-2022-35933 (This package is a PrestaShop module that allows users to post
reviews ...)
+ TODO: check
CVE-2022-35932 (Nextcloud Talk is a video and audio conferencing app for
Nextcloud. Pr ...)
NOT-FOR-US: Nextcloud Talk
CVE-2022-35931
@@ -22611,8 +22667,8 @@ CVE-2022-31197 (PostgreSQL JDBC Driver (PgJDBC for
short) allows Java programs t
- libpgjava 42.4.1-1 (bug #1016662)
NOTE:
https://github.com/pgjdbc/pgjdbc/security/advisories/GHSA-r38f-c4h4-hqq2
NOTE:
https://github.com/pgjdbc/pgjdbc/commit/739e599d52ad80f8dcd6efedc6157859b1a9d637
(REL42.4.1-rc1)
-CVE-2022-31196
- RESERVED
+CVE-2022-31196 (Databasir is a database metadata management platform.
Databasir <= ...)
+ TODO: check
CVE-2022-31195 (DSpace open source software is a repository application which
provides ...)
NOT-FOR-US: DSpace
CVE-2022-31194 (DSpace open source software is a repository application which
provides ...)
@@ -22652,8 +22708,8 @@ CVE-2022-31178 (eLabFTW is an electronic lab notebook
manager for research teams
CVE-2022-31177 (Flask-AppBuilder is an application development framework built
on top ...)
- flask-appbuilder <not-affected> (Fixed with initial upload to Debian)
NOTE:
https://github.com/dpgaspar/Flask-AppBuilder/security/advisories/GHSA-32ff-4g79-vgfc
-CVE-2022-31176
- RESERVED
+CVE-2022-31176 (Grafana Image Renderer is a Grafana backend plugin that
handles render ...)
+ TODO: check
CVE-2022-31175 (CKEditor 5 is a JavaScript rich text editor. A cross-site
scripting vu ...)
NOT-FOR-US: ckeditor5-{markdown-gfm,html-support,html-embed} CKEditor 5
packages
CVE-2022-31174
@@ -22709,8 +22765,8 @@ CVE-2022-31154 (Sourcegraph is an opensource code
search and navigation engine.
NOT-FOR-US: Sourcegraph
CVE-2022-31153 (OpenZeppelin Contracts for Cairo is a library for contract
development ...)
NOT-FOR-US: OpenZeppelin Contracts
-CVE-2022-31152
- RESERVED
+CVE-2022-31152 (Synapse is an open-source Matrix homeserver written and
maintained by ...)
+ TODO: check
CVE-2022-31151 (Authorization headers are cleared on cross-origin redirect.
However, c ...)
- node-undici 5.8.0+dfsg1+~cs18.9.16-1
NOTE:
https://github.com/nodejs/undici/security/advisories/GHSA-q768-x9m6-m9qp
@@ -127641,8 +127697,8 @@ CVE-2020-29262
RESERVED
CVE-2020-29261
RESERVED
-CVE-2020-29260
- RESERVED
+CVE-2020-29260 (libvncclient v0.9.13 was discovered to contain a memory leak
via the f ...)
+ TODO: check
CVE-2020-29259 (Cross-site scripting (XSS) vulnerability in Online Examination
System ...)
NOT-FOR-US: Online Examination System
CVE-2020-29258 (Cross-site scripting (XSS) vulnerability in Online Examination
System ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/65af02c4c325ce7686c9684eda277b01c1a3a43f
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/65af02c4c325ce7686c9684eda277b01c1a3a43f
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
