[Git][security-tracker-team/security-tracker][master] automatic update

Sat Dec 10 08:10:28 GMT 2022


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
a338d3e8 by security tracker role at 2022-12-10T08:10:18+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,39 @@
+CVE-2022-46906
+	RESERVED
+CVE-2022-46905
+	RESERVED
+CVE-2022-46904
+	RESERVED
+CVE-2022-46903
+	RESERVED
+CVE-2022-46902
+	RESERVED
+CVE-2022-46901
+	RESERVED
+CVE-2022-46900
+	RESERVED
+CVE-2022-46899
+	RESERVED
+CVE-2022-46898
+	RESERVED
+CVE-2022-46897
+	RESERVED
+CVE-2022-46896
+	RESERVED
+CVE-2022-46895
+	RESERVED
+CVE-2022-46894
+	RESERVED
+CVE-2022-46893
+	RESERVED
+CVE-2022-4395
+	RESERVED
+CVE-2022-4394
+	RESERVED
+CVE-2022-4393
+	RESERVED
+CVE-2022-4392
+	RESERVED
 CVE-2022-46892
 	RESERVED
 CVE-2022-46891
@@ -110,8 +146,8 @@ CVE-2022-46838
 	RESERVED
 CVE-2022-4391
 	RESERVED
-CVE-2022-4390
-	RESERVED
+CVE-2022-4390 (A network misconfiguration is present in versions prior to 1.0.9.90 of ...)
+	TODO: check
 CVE-2022-4389
 	RESERVED
 CVE-2022-4388
@@ -2284,8 +2320,8 @@ CVE-2022-46168
 	RESERVED
 CVE-2022-46167 (Capsule is a multi-tenancy and policy-based framework for Kubernetes.  ...)
 	NOT-FOR-US: Capsule
-CVE-2022-46166
-	RESERVED
+CVE-2022-46166 (Spring boot admins is an open source administrative user interface for ...)
+	TODO: check
 CVE-2022-46165
 	RESERVED
 CVE-2022-46164 (NodeBB is an open source Node.js based forum software. Due to a plain  ...)
@@ -2302,8 +2338,8 @@ CVE-2022-46159 (Discourse is an open-source discussion platform. In version 2.8.
 	NOT-FOR-US: Discourse
 CVE-2022-46158 (PrestaShop is an open-source e-commerce solution. Versions prior to 1. ...)
 	NOT-FOR-US: PrestaShop
-CVE-2022-46157
-	RESERVED
+CVE-2022-46157 (Akeneo PIM is an open source Product Information Management (PIM). Ake ...)
+	TODO: check
 CVE-2022-46156 (The Synthetic Monitoring Agent for Grafana's Synthetic Monitoring appl ...)
 	NOT-FOR-US: Grafana Synthetic Monitoring
 CVE-2022-46155 (Airtable.js is the JavaScript client for Airtable. Prior to version 0. ...)
@@ -4814,8 +4850,8 @@ CVE-2022-45294
 	RESERVED
 CVE-2022-45293
 	RESERVED
-CVE-2022-45292
-	RESERVED
+CVE-2022-45292 (User invites for Funkwhale v1.2.8 do not permanently expire after bein ...)
+	TODO: check
 CVE-2022-45291
 	RESERVED
 CVE-2022-45290 (Kbase Doc v1.0 was discovered to contain an arbitrary file deletion vu ...)
@@ -6154,8 +6190,8 @@ CVE-2022-44792 (handle_ipDefaultTTL in agent/mibgroup/ip-mib/ip_scalars.c in Net
 	NOTE: https://gist.github.com/menglong2234/b7bc13ae1a144f47cc3c95a7ea062428
 CVE-2022-44791
 	RESERVED
-CVE-2022-44790
-	RESERVED
+CVE-2022-44790 (Interspire Email Marketer through 6.5.1 allows SQL Injection via the s ...)
+	TODO: check
 CVE-2022-44789 (A logical issue in O_getOwnPropertyDescriptor() in Artifex MuJS 1.0.0  ...)
 	{DSA-5291-1}
 	- mujs 1.3.2-1 (bug #1024769)
@@ -24639,8 +24675,8 @@ CVE-2022-38746
 	RESERVED
 CVE-2022-38745
 	RESERVED
-CVE-2022-2993
-	RESERVED
+CVE-2022-2993 (There is an error in the condition of the last if-statement in the fun ...)
+	TODO: check
 CVE-2022-2992 (A vulnerability in GitLab CE/EE affecting all versions from 11.10 prio ...)
 	[experimental] - gitlab 15.2.3+ds1-1
 	- gitlab <unfixed>
@@ -37088,8 +37124,8 @@ CVE-2022-34299 (There is a heap-based buffer over-read in libdwarf 0.4.0. This i
 	NOTE: https://www.prevanders.net/dwarfbug.html#DW202206-001
 CVE-2022-34298 (The NT auth module in OpenAM before 14.6.6 allows a "replace Samba use ...)
 	NOT-FOR-US: OpenAM (different from src:openam)
-CVE-2022-34297
-	RESERVED
+CVE-2022-34297 (Yii Yii2 Gii through 2.2.4 allows stored XSS by injecting a payload in ...)
+	TODO: check
 CVE-2022-34296 (In Zalando Skipper before 0.13.218, a query predicate could be bypasse ...)
 	NOT-FOR-US: Zalando Skipper
 CVE-2022-34295 (totd before 1.5.3 does not properly randomize mesg IDs. ...)
@@ -69040,8 +69076,8 @@ CVE-2022-23512
 	RESERVED
 CVE-2022-23511
 	RESERVED
-CVE-2022-23510
-	RESERVED
+CVE-2022-23510 (cube-js is a headless business intelligence platform. In version 0.31. ...)
+	TODO: check
 CVE-2022-23509
 	RESERVED
 CVE-2022-23508
@@ -69066,8 +69102,8 @@ CVE-2022-23499
 	RESERVED
 CVE-2022-23498
 	RESERVED
-CVE-2022-23497
-	RESERVED
+CVE-2022-23497 (FreshRSS is a free, self-hostable RSS aggregator. User configuration f ...)
+	TODO: check
 CVE-2022-23496 (Yet Another UserAgent Analyzer (Yauaa) is a java library that tries to ...)
 	TODO: check
 CVE-2022-23495 (go-merkledag implements the 'DAGService' interface and adds two ipld n ...)
@@ -69090,8 +69126,8 @@ CVE-2022-23487 (js-libp2p is the official javascript Implementation of libp2p ne
 	TODO: check
 CVE-2022-23486 (libp2p-rust is the official rust language Implementation of the libp2p ...)
 	TODO: check
-CVE-2022-23485
-	RESERVED
+CVE-2022-23485 (Sentry is an error tracking and performance monitoring platform. In ve ...)
+	TODO: check
 CVE-2022-23484 (xrdp is an open source project which provides a graphical login to rem ...)
 	TODO: check
 CVE-2022-23483 (xrdp is an open source project which provides a graphical login to rem ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a338d3e83d112a142643e369c85c8733b9459f0b

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a338d3e83d112a142643e369c85c8733b9459f0b
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221210/866d3ba7/attachment.htm>
