Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
7891a8fd by Salvatore Bonaccorso at 2022-09-03T10:51:13+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1663,7 +1663,7 @@ CVE-2022-3067
CVE-2022-3066
RESERVED
CVE-2022-3065 (Improper Access Control in GitHub repository jgraph/drawio
prior to 20 ...)
- TODO: check
+ NOT-FOR-US: jgraph/drawio
CVE-2022-3064
RESERVED
CVE-2022-3063
@@ -7909,7 +7909,7 @@ CVE-2022-36756 (DIR845L A1 v1.00-v1.03 is vulnerable to
command injection via /h
CVE-2022-36755 (D-Link DIR845L A1 contains a authentication vulnerability via
an AUTHO ...)
NOT-FOR-US: D-Link
CVE-2022-36754 (Expense Management System v1.0 was discovered to contain a SQL
injecti ...)
- TODO: check
+ NOT-FOR-US: Expense Management System
CVE-2022-36753
RESERVED
CVE-2022-36752 (png2webp v1.0.4 was discovered to contain an out-of-bounds
write via t ...)
@@ -8133,15 +8133,15 @@ CVE-2022-36644
CVE-2022-36643
RESERVED
CVE-2022-36642 (A local file disclosure vulnerability in
/appConfig/userDB.json of Tel ...)
- TODO: check
+ NOT-FOR-US: Telos Alliance Omnia MPX Node
CVE-2022-36641
RESERVED
CVE-2022-36640 (influxData influxDB before v1.8.10 contains no authentication
mechanis ...)
TODO: check
CVE-2022-36639 (A stored cross-site scripting (XSS) vulnerability in
/client.php of Ga ...)
- TODO: check
+ NOT-FOR-US: Garage Management System
CVE-2022-36638 (An access control issue in the component print.php of Garage
Managemen ...)
- TODO: check
+ NOT-FOR-US: Garage Management System
CVE-2022-36637 (Garage Management System v1.0 was discovered to contain a
persistent c ...)
NOT-FOR-US: Garage Management System
CVE-2022-36636 (Garage Management System v1.0 was discovered to contain a SQL
injectio ...)
@@ -9964,7 +9964,7 @@ CVE-2022-35935
CVE-2022-35934
RESERVED
CVE-2022-35933 (This package is a PrestaShop module that allows users to post
reviews ...)
- TODO: check
+ NOT-FOR-US: PrestaShop
CVE-2022-35932 (Nextcloud Talk is a video and audio conferencing app for
Nextcloud. Pr ...)
NOT-FOR-US: Nextcloud Talk
CVE-2022-35931
@@ -22668,7 +22668,7 @@ CVE-2022-31197 (PostgreSQL JDBC Driver (PgJDBC for
short) allows Java programs t
NOTE:
https://github.com/pgjdbc/pgjdbc/security/advisories/GHSA-r38f-c4h4-hqq2
NOTE:
https://github.com/pgjdbc/pgjdbc/commit/739e599d52ad80f8dcd6efedc6157859b1a9d637
(REL42.4.1-rc1)
CVE-2022-31196 (Databasir is a database metadata management platform.
Databasir <= ...)
- TODO: check
+ NOT-FOR-US: Databasir
CVE-2022-31195 (DSpace open source software is a repository application which
provides ...)
NOT-FOR-US: DSpace
CVE-2022-31194 (DSpace open source software is a repository application which
provides ...)
@@ -22709,7 +22709,7 @@ CVE-2022-31177 (Flask-AppBuilder is an application
development framework built o
- flask-appbuilder <not-affected> (Fixed with initial upload to Debian)
NOTE:
https://github.com/dpgaspar/Flask-AppBuilder/security/advisories/GHSA-32ff-4g79-vgfc
CVE-2022-31176 (Grafana Image Renderer is a Grafana backend plugin that
handles render ...)
- TODO: check
+ NOT-FOR-US: Grafana Image Renderer
CVE-2022-31175 (CKEditor 5 is a JavaScript rich text editor. A cross-site
scripting vu ...)
NOT-FOR-US: ckeditor5-{markdown-gfm,html-support,html-embed} CKEditor 5
packages
CVE-2022-31174
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7891a8fd6fcc8031c27ab6d9609fb838ff14f919
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7891a8fd6fcc8031c27ab6d9609fb838ff14f919
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
