[Git][security-tracker-team/security-tracker][master] automatic update

Tue Sep 13 09:10:29 BST 2022


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
48b5b24a by security tracker role at 2022-09-13T08:10:17+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,73 @@
+CVE-2022-40630
+	RESERVED
+CVE-2022-40629
+	RESERVED
+CVE-2022-40628
+	RESERVED
+CVE-2022-40627
+	RESERVED
+CVE-2022-40626
+	RESERVED
+CVE-2022-40625
+	RESERVED
+CVE-2022-40624
+	RESERVED
+CVE-2022-40623
+	RESERVED
+CVE-2022-40622
+	RESERVED
+CVE-2022-40621
+	RESERVED
+CVE-2022-40620
+	RESERVED
+CVE-2022-40619
+	RESERVED
+CVE-2022-40618
+	RESERVED
+CVE-2022-40617
+	RESERVED
+CVE-2022-40616
+	RESERVED
+CVE-2022-40615
+	RESERVED
+CVE-2022-40614
+	RESERVED
+CVE-2022-40613
+	RESERVED
+CVE-2022-40612
+	RESERVED
+CVE-2022-40611
+	RESERVED
+CVE-2022-40610
+	RESERVED
+CVE-2022-40609
+	RESERVED
+CVE-2022-40608
+	RESERVED
+CVE-2022-40607
+	RESERVED
+CVE-2022-3192
+	RESERVED
+CVE-2022-3191
+	RESERVED
+CVE-2022-3190
+	RESERVED
+CVE-2022-3189
+	RESERVED
+CVE-2022-3188
+	RESERVED
+CVE-2022-3187
+	RESERVED
+CVE-2022-3186
+	RESERVED
+CVE-2022-3185
+	RESERVED
+CVE-2022-3184
+	RESERVED
+CVE-2022-3183
+	RESERVED
+CVE-2022-3182
+	RESERVED
 CVE-2022-40606
 	RESERVED
 CVE-2022-40605
@@ -849,8 +919,8 @@ CVE-2022-38139
 	RESERVED
 CVE-2022-38137
 	RESERVED
-CVE-2022-38135
-	RESERVED
+CVE-2022-38135 (Broken Access Control vulnerability in Dean Oakley's Photospace Galler ...)
+	TODO: check
 CVE-2022-38134
 	RESERVED
 CVE-2022-38098
@@ -3016,8 +3086,8 @@ CVE-2022-39202
 	RESERVED
 CVE-2022-39201
 	RESERVED
-CVE-2022-39200
-	RESERVED
+CVE-2022-39200 (Dendrite is a Matrix homeserver written in Go. In affected versions ev ...)
+	TODO: check
 CVE-2022-39199
 	RESERVED
 CVE-2022-39198
@@ -4385,8 +4455,8 @@ CVE-2022-2980 (NULL Pointer Dereference in GitHub repository vim/vim prior to 9.
 	NOTE: https://huntr.dev/bounties/6e7b12a5-242c-453d-b39e-9625d563b0ea
 	NOTE: https://github.com/vim/vim/commit/80525751c5ce9ed82c41d83faf9ef38667bf61b1 (9.0.0259)
 	NOTE: Crash in CLI tool, no security impact
-CVE-2022-2979
-	RESERVED
+CVE-2022-2979 (Opening a specially crafted file could cause the affected product to f ...)
+	TODO: check
 CVE-2022-2978 (A flaw use after free in the Linux kernel NILFS file system was found  ...)
 	- linux <unfixed>
 	NOTE: https://lore.kernel.org/linux-fsdevel/20220816040859.659129-1-dzm91@hust.edu.cn/T/#u
@@ -4765,18 +4835,18 @@ CVE-2022-38612
 	RESERVED
 CVE-2022-38611
 	RESERVED
-CVE-2022-38610
-	RESERVED
+CVE-2022-38610 (Garage Management System v1.0 was discovered to contain a SQL injectio ...)
+	TODO: check
 CVE-2022-38609
 	RESERVED
 CVE-2022-38608
 	RESERVED
 CVE-2022-38607
 	RESERVED
-CVE-2022-38606
-	RESERVED
-CVE-2022-38605
-	RESERVED
+CVE-2022-38606 (Garage Management System v1.0 was discovered to contain a SQL injectio ...)
+	TODO: check
+CVE-2022-38605 (Church Management System v1.0 was discovered to contain a SQL injectio ...)
+	TODO: check
 CVE-2022-38604
 	RESERVED
 CVE-2022-38603
@@ -5781,34 +5851,34 @@ CVE-2022-2818 (Authentication Bypass by Primary Weakness in GitHub repository co
 	NOT-FOR-US: Cockpit-HQ/Cockpit
 CVE-2022-38305
 	RESERVED
-CVE-2022-38304
-	RESERVED
-CVE-2022-38303
-	RESERVED
-CVE-2022-38302
-	RESERVED
+CVE-2022-38304 (Online Leave Management System v1.0 was discovered to contain a SQL in ...)
+	TODO: check
+CVE-2022-38303 (Online Leave Management System v1.0 was discovered to contain a SQL in ...)
+	TODO: check
+CVE-2022-38302 (Online Leave Management System v1.0 was discovered to contain a SQL in ...)
+	TODO: check
 CVE-2022-38301
 	RESERVED
 CVE-2022-38300
 	RESERVED
-CVE-2022-38299
-	RESERVED
-CVE-2022-38298
-	RESERVED
-CVE-2022-38297
-	RESERVED
-CVE-2022-38296
-	RESERVED
-CVE-2022-38295
-	RESERVED
+CVE-2022-38299 (An issue in the Elasticsearch plugin of Appsmith v1.7.11 allows attack ...)
+	TODO: check
+CVE-2022-38298 (Appsmith v1.7.11 was discovered to allow attackers to execute an authe ...)
+	TODO: check
+CVE-2022-38297 (UCMS v1.6.0 contains an authentication bypass vulnerability which is e ...)
+	TODO: check
+CVE-2022-38296 (Cuppa CMS v1.0 was discovered to contain an arbitrary file upload vuln ...)
+	TODO: check
+CVE-2022-38295 (Cuppa CMS v1.0 was discovered to contain a cross-site scripting vulner ...)
+	TODO: check
 CVE-2022-38294
 	RESERVED
 CVE-2022-38293
 	RESERVED
-CVE-2022-38292
-	RESERVED
-CVE-2022-38291
-	RESERVED
+CVE-2022-38292 (SLiMS Senayan Library Management System v9.4.2 was discovered to conta ...)
+	TODO: check
+CVE-2022-38291 (SLiMS Senayan Library Management System v9.4.2 was discovered to conta ...)
+	TODO: check
 CVE-2022-38290
 	RESERVED
 CVE-2022-38289
@@ -11223,10 +11293,10 @@ CVE-2022-36176
 	RESERVED
 CVE-2022-36175
 	RESERVED
-CVE-2022-36174
-	RESERVED
-CVE-2022-36173
-	RESERVED
+CVE-2022-36174 (FreshService Windows Agent < 2.11.0 and FreshService macOS Agent &l ...)
+	TODO: check
+CVE-2022-36173 (FreshService macOS Agent < 4.4.0 and FreshServce Linux Agent < 3 ...)
+	TODO: check
 CVE-2022-36172
 	RESERVED
 CVE-2022-36171 (MapGIS IGServer 10.5.6.11 is vulnerable to Arbitrary file deletion. ...)
@@ -11441,10 +11511,10 @@ CVE-2022-36104
 	RESERVED
 CVE-2022-36103
 	RESERVED
-CVE-2022-36102
-	RESERVED
-CVE-2022-36101
-	RESERVED
+CVE-2022-36102 (Shopware is an open source e-commerce software. In affected versions i ...)
+	TODO: check
+CVE-2022-36101 (Shopware is an open source e-commerce software. In affected versions t ...)
+	TODO: check
 CVE-2022-36100 (XWiki Platform Applications Tag and XWiki Platform Tag UI are tag appl ...)
 	NOT-FOR-US: XWiki
 CVE-2022-36099 (XWiki Platform Wiki UI Main Wiki is software for managing subwikis on  ...)
@@ -12723,8 +12793,8 @@ CVE-2022-35574
 	RESERVED
 CVE-2022-35573
 	RESERVED
-CVE-2022-35572
-	RESERVED
+CVE-2022-35572 (On Linksys E5350 WiFi Router with firmware version 1.0.00.037 and lowe ...)
+	TODO: check
 CVE-2022-35571
 	RESERVED
 CVE-2022-35570
@@ -28364,8 +28434,8 @@ CVE-2022-29909
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-18/#CVE-2022-29909
 CVE-2022-29492
 	RESERVED
-CVE-2022-29490
-	RESERVED
+CVE-2022-29490 (Improper Authorization vulnerability exists in the Workplace X WebUI o ...)
+	TODO: check
 CVE-2022-1543 (Improper handling of Length parameter in GitHub repository erudika/sco ...)
 	NOT-FOR-US: scoold
 CVE-2022-1542 (The HPB Dashboard WordPress plugin through 1.3.1 does not sanitise and ...)
@@ -58634,10 +58704,10 @@ CVE-2021-44428 (Pinkie 2.15 allows remote attackers to cause a denial of service
 	NOT-FOR-US: Pinkie
 CVE-2021-44427 (An unauthenticated SQL Injection vulnerability in Rosario Student Info ...)
 	NOT-FOR-US: Rosario Student Information System
-CVE-2021-44426
-	RESERVED
-CVE-2021-44425
-	RESERVED
+CVE-2021-44426 (An issue was discovered in AnyDesk before 6.2.6 and 6.3.x before 6.3.5 ...)
+	TODO: check
+CVE-2021-44425 (An issue was discovered in AnyDesk before 6.2.6 and 6.3.x before 6.3.3 ...)
+	TODO: check
 CVE-2021-44424
 	RESERVED
 CVE-2021-44423 (An out-of-bounds read vulnerability exists when reading a BMP file usi ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/48b5b24acd37bd143149e34d9d5ba736161a8837

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/48b5b24acd37bd143149e34d9d5ba736161a8837
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220913/0421d645/attachment.htm>
