[Git][security-tracker-team/security-tracker][master] automatic update

Sat Sep 3 09:10:28 BST 2022


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
65af02c4 by security tracker role at 2022-09-03T08:10:16+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,59 @@
+CVE-2022-39808
+	RESERVED
+CVE-2022-39807
+	RESERVED
+CVE-2022-39806
+	RESERVED
+CVE-2022-39805
+	RESERVED
+CVE-2022-39804
+	RESERVED
+CVE-2022-39803
+	RESERVED
+CVE-2022-39802
+	RESERVED
+CVE-2022-39801
+	RESERVED
+CVE-2022-39800
+	RESERVED
+CVE-2022-39799
+	RESERVED
+CVE-2022-3117
+	RESERVED
+CVE-2022-3116
+	RESERVED
+CVE-2022-3115
+	RESERVED
+CVE-2022-3114
+	RESERVED
+CVE-2022-3113
+	RESERVED
+CVE-2022-3112
+	RESERVED
+CVE-2022-3111
+	RESERVED
+CVE-2022-3110
+	RESERVED
+CVE-2022-3109
+	RESERVED
+CVE-2022-3108
+	RESERVED
+CVE-2022-3107
+	RESERVED
+CVE-2022-3106
+	RESERVED
+CVE-2022-3105
+	RESERVED
+CVE-2022-3104
+	RESERVED
+CVE-2022-3103
+	RESERVED
+CVE-2022-3102
+	RESERVED
+CVE-2022-3101
+	RESERVED
+CVE-2022-3100
+	RESERVED
 CVE-2022-39798
 	RESERVED
 CVE-2022-39797
@@ -1606,8 +1662,8 @@ CVE-2022-3067
 	RESERVED
 CVE-2022-3066
 	RESERVED
-CVE-2022-3065
-	RESERVED
+CVE-2022-3065 (Improper Access Control in GitHub repository jgraph/drawio prior to 20 ...)
+	TODO: check
 CVE-2022-3064
 	RESERVED
 CVE-2022-3063
@@ -7852,8 +7908,8 @@ CVE-2022-36756 (DIR845L A1 v1.00-v1.03 is vulnerable to command injection via /h
 	NOT-FOR-US: D-Link
 CVE-2022-36755 (D-Link DIR845L A1 contains a authentication vulnerability via an AUTHO ...)
 	NOT-FOR-US: D-Link
-CVE-2022-36754
-	RESERVED
+CVE-2022-36754 (Expense Management System v1.0 was discovered to contain a SQL injecti ...)
+	TODO: check
 CVE-2022-36753
 	RESERVED
 CVE-2022-36752 (png2webp v1.0.4 was discovered to contain an out-of-bounds write via t ...)
@@ -8066,8 +8122,8 @@ CVE-2022-36649
 	RESERVED
 CVE-2022-36648
 	RESERVED
-CVE-2022-36647
-	RESERVED
+CVE-2022-36647 (PKUVCL davs2 v1.6.205 was discovered to contain a global buffer overfl ...)
+	TODO: check
 CVE-2022-36646
 	RESERVED
 CVE-2022-36645
@@ -8076,16 +8132,16 @@ CVE-2022-36644
 	RESERVED
 CVE-2022-36643
 	RESERVED
-CVE-2022-36642
-	RESERVED
+CVE-2022-36642 (A local file disclosure vulnerability in /appConfig/userDB.json of Tel ...)
+	TODO: check
 CVE-2022-36641
 	RESERVED
-CVE-2022-36640
-	RESERVED
-CVE-2022-36639
-	RESERVED
-CVE-2022-36638
-	RESERVED
+CVE-2022-36640 (influxData influxDB before v1.8.10 contains no authentication mechanis ...)
+	TODO: check
+CVE-2022-36639 (A stored cross-site scripting (XSS) vulnerability in /client.php of Ga ...)
+	TODO: check
+CVE-2022-36638 (An access control issue in the component print.php of Garage Managemen ...)
+	TODO: check
 CVE-2022-36637 (Garage Management System v1.0 was discovered to contain a persistent c ...)
 	NOT-FOR-US: Garage Management System
 CVE-2022-36636 (Garage Management System v1.0 was discovered to contain a SQL injectio ...)
@@ -9907,8 +9963,8 @@ CVE-2022-35935
 	RESERVED
 CVE-2022-35934
 	RESERVED
-CVE-2022-35933
-	RESERVED
+CVE-2022-35933 (This package is a PrestaShop module that allows users to post reviews  ...)
+	TODO: check
 CVE-2022-35932 (Nextcloud Talk is a video and audio conferencing app for Nextcloud. Pr ...)
 	NOT-FOR-US: Nextcloud Talk
 CVE-2022-35931
@@ -22611,8 +22667,8 @@ CVE-2022-31197 (PostgreSQL JDBC Driver (PgJDBC for short) allows Java programs t
 	- libpgjava 42.4.1-1 (bug #1016662)
 	NOTE: https://github.com/pgjdbc/pgjdbc/security/advisories/GHSA-r38f-c4h4-hqq2
 	NOTE: https://github.com/pgjdbc/pgjdbc/commit/739e599d52ad80f8dcd6efedc6157859b1a9d637 (REL42.4.1-rc1)
-CVE-2022-31196
-	RESERVED
+CVE-2022-31196 (Databasir is a database metadata management platform. Databasir <=  ...)
+	TODO: check
 CVE-2022-31195 (DSpace open source software is a repository application which provides ...)
 	NOT-FOR-US: DSpace
 CVE-2022-31194 (DSpace open source software is a repository application which provides ...)
@@ -22652,8 +22708,8 @@ CVE-2022-31178 (eLabFTW is an electronic lab notebook manager for research teams
 CVE-2022-31177 (Flask-AppBuilder is an application development framework built on top  ...)
 	- flask-appbuilder <not-affected> (Fixed with initial upload to Debian)
 	NOTE: https://github.com/dpgaspar/Flask-AppBuilder/security/advisories/GHSA-32ff-4g79-vgfc
-CVE-2022-31176
-	RESERVED
+CVE-2022-31176 (Grafana Image Renderer is a Grafana backend plugin that handles render ...)
+	TODO: check
 CVE-2022-31175 (CKEditor 5 is a JavaScript rich text editor. A cross-site scripting vu ...)
 	NOT-FOR-US: ckeditor5-{markdown-gfm,html-support,html-embed} CKEditor 5 packages
 CVE-2022-31174
@@ -22709,8 +22765,8 @@ CVE-2022-31154 (Sourcegraph is an opensource code search and navigation engine.
 	NOT-FOR-US: Sourcegraph
 CVE-2022-31153 (OpenZeppelin Contracts for Cairo is a library for contract development ...)
 	NOT-FOR-US: OpenZeppelin Contracts
-CVE-2022-31152
-	RESERVED
+CVE-2022-31152 (Synapse is an open-source Matrix homeserver written and maintained by  ...)
+	TODO: check
 CVE-2022-31151 (Authorization headers are cleared on cross-origin redirect. However, c ...)
 	- node-undici 5.8.0+dfsg1+~cs18.9.16-1
 	NOTE: https://github.com/nodejs/undici/security/advisories/GHSA-q768-x9m6-m9qp
@@ -127641,8 +127697,8 @@ CVE-2020-29262
 	RESERVED
 CVE-2020-29261
 	RESERVED
-CVE-2020-29260
-	RESERVED
+CVE-2020-29260 (libvncclient v0.9.13 was discovered to contain a memory leak via the f ...)
+	TODO: check
 CVE-2020-29259 (Cross-site scripting (XSS) vulnerability in Online Examination System  ...)
 	NOT-FOR-US: Online Examination System
 CVE-2020-29258 (Cross-site scripting (XSS) vulnerability in Online Examination System  ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/65af02c4c325ce7686c9684eda277b01c1a3a43f

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/65af02c4c325ce7686c9684eda277b01c1a3a43f
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220903/44b33d18/attachment.htm>
