[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Aug 2 09:10:28 BST 2022 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
be9b0c9e by security tracker role at 2022-08-02T08:10:19+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,121 @@
+CVE-2022-37348
+	RESERVED
+CVE-2022-37347
+	RESERVED
+CVE-2022-37341
+	RESERVED
+CVE-2022-37340
+	RESERVED
+CVE-2022-37326
+	RESERVED
+CVE-2022-37325
+	RESERVED
+CVE-2022-37324
+	RESERVED
+CVE-2022-37323
+	RESERVED
+CVE-2022-37322
+	RESERVED
+CVE-2022-37321
+	RESERVED
+CVE-2022-37320
+	RESERVED
+CVE-2022-37319
+	RESERVED
+CVE-2022-37318
+	RESERVED
+CVE-2022-37317
+	RESERVED
+CVE-2022-37316
+	RESERVED
+CVE-2022-37315 (graphql-go (aka GraphQL for Go) through 0.8.0 has infinite recursion i ...)
+	TODO: check
+CVE-2022-37314
+	RESERVED
+CVE-2022-37313
+	RESERVED
+CVE-2022-37312
+	RESERVED
+CVE-2022-37311
+	RESERVED
+CVE-2022-37310
+	RESERVED
+CVE-2022-37309
+	RESERVED
+CVE-2022-37308
+	RESERVED
+CVE-2022-37307
+	RESERVED
+CVE-2022-37306
+	RESERVED
+CVE-2022-37305
+	RESERVED
+CVE-2022-36426
+	RESERVED
+CVE-2022-36397
+	RESERVED
+CVE-2022-36369
+	RESERVED
+CVE-2022-36353
+	RESERVED
+CVE-2022-36348
+	RESERVED
+CVE-2022-36291
+	RESERVED
+CVE-2022-36281
+	RESERVED
+CVE-2022-33940
+	RESERVED
+CVE-2022-2625
+	RESERVED
+CVE-2022-2624
+	RESERVED
+CVE-2022-2623
+	RESERVED
+CVE-2022-2622
+	RESERVED
+CVE-2022-2621
+	RESERVED
+CVE-2022-2620
+	RESERVED
+CVE-2022-2619
+	RESERVED
+CVE-2022-2618
+	RESERVED
+CVE-2022-2617
+	RESERVED
+CVE-2022-2616
+	RESERVED
+CVE-2022-2615
+	RESERVED
+CVE-2022-2614
+	RESERVED
+CVE-2022-2613
+	RESERVED
+CVE-2022-2612
+	RESERVED
+CVE-2022-2611
+	RESERVED
+CVE-2022-2610
+	RESERVED
+CVE-2022-2609
+	RESERVED
+CVE-2022-2608
+	RESERVED
+CVE-2022-2607
+	RESERVED
+CVE-2022-2606
+	RESERVED
+CVE-2022-2605
+	RESERVED
+CVE-2022-2604
+	RESERVED
+CVE-2022-2603
+	RESERVED
+CVE-2022-2602
+	RESERVED
+CVE-2021-46831
+	RESERVED
 CVE-2022-37304
 	RESERVED
 CVE-2022-37303
@@ -3301,22 +3419,22 @@ CVE-2022-35924
 	RESERVED
 CVE-2022-35923
 	RESERVED
-CVE-2022-35922
-	RESERVED
-CVE-2022-35921
-	RESERVED
-CVE-2022-35920
-	RESERVED
-CVE-2022-35919
-	RESERVED
-CVE-2022-35918
-	RESERVED
-CVE-2022-35917
-	RESERVED
-CVE-2022-35916
-	RESERVED
-CVE-2022-35915
-	RESERVED
+CVE-2022-35922 (Rust-WebSocket is a WebSocket (RFC6455) library written in Rust. In ve ...)
+	TODO: check
+CVE-2022-35921 (fof/byobu is a private discussions extension for Flarum forum. Affecte ...)
+	TODO: check
+CVE-2022-35920 (Sanic is an opensource python web server/framework. Affected versions  ...)
+	TODO: check
+CVE-2022-35919 (MinIO is a High Performance Object Storage released under GNU Affero G ...)
+	TODO: check
+CVE-2022-35918 (Streamlit is a data oriented application development framework for pyt ...)
+	TODO: check
+CVE-2022-35917 (Solana Pay is a protocol and set of reference implementations that ena ...)
+	TODO: check
+CVE-2022-35916 (OpenZeppelin Contracts is a library for secure smart contract developm ...)
+	TODO: check
+CVE-2022-35915 (OpenZeppelin Contracts is a library for secure smart contract developm ...)
+	TODO: check
 CVE-2022-35914
 	RESERVED
 CVE-2022-35913
@@ -4485,10 +4603,10 @@ CVE-2022-35424
 	RESERVED
 CVE-2022-35423
 	RESERVED
-CVE-2022-35422
-	RESERVED
-CVE-2022-35421
-	RESERVED
+CVE-2022-35422 (Web Based Quiz System v1.0 was discovered to contain a SQL injection v ...)
+	TODO: check
+CVE-2022-35421 (Online Tours And Travels Management System v1.0 was discovered to cont ...)
+	TODO: check
 CVE-2022-35420
 	RESERVED
 CVE-2022-35419
@@ -5008,8 +5126,8 @@ CVE-2022-35219
 	RESERVED
 CVE-2022-35218
 	RESERVED
-CVE-2022-35217
-	RESERVED
+CVE-2022-35217 (The NHI card’s web service component has a stack-based buffer ov ...)
+	TODO: check
 CVE-2022-35216
 	RESERVED
 CVE-2022-2320 [ZDI-CAN-16070: X.Org Server ProcXkbSetDeviceInfo Out-Of-Bounds Access]
@@ -5248,8 +5366,8 @@ CVE-2022-35120
 	RESERVED
 CVE-2022-35119
 	RESERVED
-CVE-2022-35118
-	RESERVED
+CVE-2022-35118 (PyroCMS v3.9 was discovered to contain multiple cross-site scripting ( ...)
+	TODO: check
 CVE-2022-35117
 	RESERVED
 CVE-2022-35116
@@ -5572,30 +5690,30 @@ CVE-2022-34958
 	RESERVED
 CVE-2022-34957
 	RESERVED
-CVE-2022-34956
-	RESERVED
-CVE-2022-34955
-	RESERVED
-CVE-2022-34954
-	RESERVED
-CVE-2022-34953
-	RESERVED
-CVE-2022-34952
-	RESERVED
-CVE-2022-34951
-	RESERVED
-CVE-2022-34950
-	RESERVED
-CVE-2022-34949
-	RESERVED
-CVE-2022-34948
-	RESERVED
-CVE-2022-34947
-	RESERVED
-CVE-2022-34946
-	RESERVED
-CVE-2022-34945
-	RESERVED
+CVE-2022-34956 (Pligg CMS v2.0.2 was discovered to contain a time-based SQL injection  ...)
+	TODO: check
+CVE-2022-34955 (Pligg CMS v2.0.2 was discovered to contain a time-based SQL injection  ...)
+	TODO: check
+CVE-2022-34954 (Pharmacy Management System v1.0 was discovered to contain a SQL inject ...)
+	TODO: check
+CVE-2022-34953 (Pharmacy Management System v1.0 was discovered to contain a SQL inject ...)
+	TODO: check
+CVE-2022-34952 (Pharmacy Management System v1.0 was discovered to contain a SQL inject ...)
+	TODO: check
+CVE-2022-34951 (Pharmacy Management System v1.0 was discovered to contain a SQL inject ...)
+	TODO: check
+CVE-2022-34950 (Pharmacy Management System v1.0 was discovered to contain a SQL inject ...)
+	TODO: check
+CVE-2022-34949 (Pharmacy Management System v1.0 was discovered to contain multiple SQL ...)
+	TODO: check
+CVE-2022-34948 (Pharmacy Management System v1.0 was discovered to contain a SQL inject ...)
+	TODO: check
+CVE-2022-34947 (Pharmacy Management System v1.0 was discovered to contain a SQL inject ...)
+	TODO: check
+CVE-2022-34946 (Pharmacy Management System v1.0 was discovered to contain a SQL inject ...)
+	TODO: check
+CVE-2022-34945 (Pharmacy Management System v1.0 was discovered to contain a SQL inject ...)
+	TODO: check
 CVE-2022-34944
 	RESERVED
 CVE-2022-34943
@@ -6802,8 +6920,8 @@ CVE-2022-34532
 	RESERVED
 CVE-2022-34531 (DedeCMS v5.7.95 was discovered to contain a remote code execution (RCE ...)
 	NOT-FOR-US: DedeCMS
-CVE-2022-34530
-	RESERVED
+CVE-2022-34530 (An issue in the login and reset password functionality of Backdrop CMS ...)
+	TODO: check
 CVE-2022-34529 (WASM3 v0.5.0 was discovered to contain a segmentation fault via the co ...)
 	NOT-FOR-US: WASM3
 CVE-2022-34528 (D-Link DSL-3782 v1.03 and below was discovered to contain a stack over ...)
@@ -15292,8 +15410,8 @@ CVE-2022-31323
 	RESERVED
 CVE-2022-31322
 	RESERVED
-CVE-2022-31321
-	RESERVED
+CVE-2022-31321 (The foldername parameter in Bolt 5.1.7 was discovered to have incorrec ...)
+	TODO: check
 CVE-2022-31320
 	RESERVED
 CVE-2022-31319
@@ -15664,58 +15782,58 @@ CVE-2022-31199
 	RESERVED
 CVE-2022-1797 (A malformed Class 3 common industrial protocol message with a cached c ...)
 	NOT-FOR-US: Rockwell Automation
-CVE-2022-31198
-	RESERVED
+CVE-2022-31198 (OpenZeppelin Contracts is a library for secure smart contract developm ...)
+	TODO: check
 CVE-2022-31197
 	RESERVED
 CVE-2022-31196
 	RESERVED
-CVE-2022-31195
-	RESERVED
-CVE-2022-31194
-	RESERVED
-CVE-2022-31193
-	RESERVED
-CVE-2022-31192
-	RESERVED
-CVE-2022-31191
-	RESERVED
-CVE-2022-31190
-	RESERVED
-CVE-2022-31189
-	RESERVED
-CVE-2022-31188
-	RESERVED
+CVE-2022-31195 (DSpace open source software is a repository application which provides ...)
+	TODO: check
+CVE-2022-31194 (DSpace open source software is a repository application which provides ...)
+	TODO: check
+CVE-2022-31193 (DSpace open source software is a repository application which provides ...)
+	TODO: check
+CVE-2022-31192 (DSpace open source software is a repository application which provides ...)
+	TODO: check
+CVE-2022-31191 (DSpace open source software is a repository application which provides ...)
+	TODO: check
+CVE-2022-31190 (DSpace open source software is a repository application which provides ...)
+	TODO: check
+CVE-2022-31189 (DSpace open source software is a repository application which provides ...)
+	TODO: check
+CVE-2022-31188 (CVAT is an opensource interactive video and image annotation tool for  ...)
+	TODO: check
 CVE-2022-31187
 	RESERVED
-CVE-2022-31186
-	RESERVED
-CVE-2022-31185
-	RESERVED
-CVE-2022-31184
-	RESERVED
-CVE-2022-31183
-	RESERVED
-CVE-2022-31182
-	RESERVED
-CVE-2022-31181
-	RESERVED
-CVE-2022-31180
-	RESERVED
-CVE-2022-31179
-	RESERVED
-CVE-2022-31178
-	RESERVED
-CVE-2022-31177
-	RESERVED
+CVE-2022-31186 (NextAuth.js is a complete open source authentication solution for Next ...)
+	TODO: check
+CVE-2022-31185 (mprweb is a hosting platform for the makedeb Package Repository. Email ...)
+	TODO: check
+CVE-2022-31184 (Discourse is the an open source discussion platform. In affected versi ...)
+	TODO: check
+CVE-2022-31183 (fs2 is a compositional, streaming I/O library for Scala. When establis ...)
+	TODO: check
+CVE-2022-31182 (Discourse is the an open source discussion platform. In affected versi ...)
+	TODO: check
+CVE-2022-31181 (PrestaShop is an Open Source e-commerce platform. In versions from 1.6 ...)
+	TODO: check
+CVE-2022-31180 (Shescape is a simple shell escape package for JavaScript. Affected ver ...)
+	TODO: check
+CVE-2022-31179 (Shescape is a simple shell escape package for JavaScript. Versions pri ...)
+	TODO: check
+CVE-2022-31178 (eLabFTW is an electronic lab notebook manager for research teams. A vu ...)
+	TODO: check
+CVE-2022-31177 (Flask-AppBuilder is an application development framework built on top  ...)
+	TODO: check
 CVE-2022-31176
 	RESERVED
 CVE-2022-31175
 	RESERVED
 CVE-2022-31174
 	RESERVED
-CVE-2022-31173
-	RESERVED
+CVE-2022-31173 (Juniper is a GraphQL server library for Rust. Affected versions of Jun ...)
+	TODO: check
 CVE-2022-31172 (OpenZeppelin Contracts is a library for smart contract development. Ve ...)
 	NOT-FOR-US: OpenZeppelin Contracts
 CVE-2022-31171
@@ -15758,10 +15876,10 @@ CVE-2022-31157 (LTI 1.3 Tool Library is a library used for building IMS-certifie
 CVE-2022-31156 (Gradle is a build tool. Dependency verification is a security feature  ...)
 	- gradle <not-affected> (Vulnerable node not yet uploaded; introduced in 6.2)
 	NOTE: https://github.com/gradle/gradle/security/advisories/GHSA-j6wc-xfg8-jx2j
-CVE-2022-31155
-	RESERVED
-CVE-2022-31154
-	RESERVED
+CVE-2022-31155 (Sourcegraph is an opensource code search and navigation engine. In Sou ...)
+	TODO: check
+CVE-2022-31154 (Sourcegraph is an opensource code search and navigation engine. It is  ...)
+	TODO: check
 CVE-2022-31153 (OpenZeppelin Contracts for Cairo is a library for contract development ...)
 	NOT-FOR-US: OpenZeppelin Contracts
 CVE-2022-31152



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/be9b0c9e33e3b75d16e18c636779ebec1825d6ad

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/be9b0c9e33e3b75d16e18c636779ebec1825d6ad
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220802/a19e643a/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list