Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
4878a678 by Salvatore Bonaccorso at 2022-02-15T09:41:18+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -491,7 +491,7 @@ CVE-2022-0581 (Crash in the CMS protocol dissector in
Wireshark 3.6.0 to 3.6.1 a
NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17935
NOTE: https://www.wireshark.org/security/wnpa-sec-2022-05.html
CVE-2022-0580 (Improper Access Control in Packagist librenms/librenms prior to
22.2.0 ...)
- TODO: check
+ NOT-FOR-US: LibreNMS
CVE-2022-24980
RESERVED
CVE-2022-24979
@@ -501,7 +501,7 @@ CVE-2022-24978
CVE-2022-24977 (ImpressCMS before 1.4.2 allows unauthenticated remote code
execution v ...)
NOT-FOR-US: ImpressCMS
CVE-2022-0579 (Improper Privilege Management in Packagist snipe/snipe-it prior
to 5.3 ...)
- TODO: check
+ NOT-FOR-US: snipe-it
CVE-2022-0578
RESERVED
CVE-2022-24976 (Atheme IRC Services before 7.2.12, when used in conjunction
with InspI ...)
@@ -1237,7 +1237,7 @@ CVE-2022-0541
CVE-2022-0540
RESERVED
CVE-2022-0539 (Cross-site Scripting (XSS) - Stored in Packagist
ptrofimov/beanstalk_c ...)
- TODO: check
+ NOT-FOR-US: beanstalk_console
CVE-2022-0538 (Jenkins 2.333 and earlier, LTS 2.319.2 and earlier defines
custom XStr ...)
- jenkins <removed>
CVE-2022-0537
@@ -1290,15 +1290,15 @@ CVE-2022-24666 (A program using swift-nio-http2 is
vulnerable to a denial of ser
CVE-2022-0528
RESERVED
CVE-2022-0527 (Cross-site Scripting (XSS) - Stored in GitHub repository
chatwoot/chat ...)
- TODO: check
+ NOT-FOR-US: chatwoot
CVE-2022-0526 (Cross-site Scripting (XSS) - Stored in GitHub repository
chatwoot/chat ...)
- TODO: check
+ NOT-FOR-US: chatwoot
CVE-2022-0525 (Out-of-bounds Read in Homebrew mruby prior to 3.2. ...)
- mruby <not-affected> (Vulnerable code introduced later)
NOTE: https://huntr.dev/bounties/e19e109f-acf0-4048-8ee8-1b10a870f1e9
NOTE:
https://github.com/mruby/mruby/commit/0849a2885f81cfd82134992c06df3ccd59052ac7
CVE-2022-0524 (Business Logic Errors in GitHub repository publify/publify
prior to 9. ...)
- TODO: check
+ NOT-FOR-US: Publify
CVE-2022-0523 (Expired Pointer Dereference in GitHub repository
radareorg/radare2 pri ...)
- radare2 <unfixed>
NOTE: https://huntr.dev/bounties/9d8d6ae0-fe00-40b9-ae1e-b0e8103bac69
@@ -1868,7 +1868,7 @@ CVE-2007-20001 (StarWind iSCSI SAN before 3.5 build
2007-08-09 allows socket exh
CVE-2022-24408
RESERVED
CVE-2022-0501 (Cross-site Scripting (XSS) - Reflected in Packagist
ptrofimov/beanstal ...)
- TODO: check
+ NOT-FOR-US: beanstalk_console
CVE-2022-0500
RESERVED
CVE-2022-0499
@@ -2635,7 +2635,7 @@ CVE-2022-24208
CVE-2022-24207
RESERVED
CVE-2022-24206 (Tongda2000 v11.10 was discovered to contain a SQL injection
vulnerabil ...)
- TODO: check
+ NOT-FOR-US: Tongda2000
CVE-2022-24205
RESERVED
CVE-2022-24204
@@ -3457,7 +3457,7 @@ CVE-2022-23994 (An Improper access control vulnerability
in StBedtimeModeReceive
CVE-2022-23993 (/usr/local/www/pkg.php in pfSense through 2.5.2 uses
$_REQUEST['pkg_fi ...)
NOT-FOR-US: pfSense
CVE-2022-23992 (XCOM Data Transport for Windows, Linux, and UNIX 11.6 releases
contain ...)
- TODO: check
+ NOT-FOR-US: XCOM Data Transport
CVE-2022-23991
RESERVED
CVE-2022-23990 (Expat (aka libexpat) before 2.4.4 has an integer overflow in
the doPro ...)
@@ -3754,7 +3754,7 @@ CVE-2022-23904
CVE-2022-23903
RESERVED
CVE-2022-23902 (Tongda2000 v11.10 was discovered to contain a SQL injection
vulnerabil ...)
- TODO: check
+ NOT-FOR-US: Tongda2000
CVE-2022-23901
RESERVED
CVE-2022-23900
@@ -5443,7 +5443,7 @@ CVE-2022-23412
CVE-2022-23411
RESERVED
CVE-2022-23410 (AXIS IP Utility prior to 4.17.0 allows for remote code
execution and l ...)
- TODO: check
+ NOT-FOR-US: AXIS IP Utility
CVE-2022-23409 (The Logs plugin before 3.0.4 for Craft CMS allows remote
attackers to ...)
NOT-FOR-US: Craft CMS
CVE-2022-23408 (wolfSSL 5.x before 5.1.1 uses non-random IV values in certain
situatio ...)
@@ -5481,11 +5481,11 @@ CVE-2022-23393
CVE-2022-23392
RESERVED
CVE-2022-23391 (A cross-site scripting (XSS) vulnerability in Pybbs v6.0
allows attack ...)
- TODO: check
+ NOT-FOR-US: Pybbs
CVE-2022-23390 (An issue in the getType function of BBS Forum v5.3 and below
allows at ...)
- TODO: check
+ NOT-FOR-US: BBS Forum
CVE-2022-23389 (PublicCMS v4.0 was discovered to contain a remote code
execution (RCE) ...)
- TODO: check
+ NOT-FOR-US: PublicCMS
CVE-2022-23388
RESERVED
CVE-2022-23387
@@ -5589,11 +5589,11 @@ CVE-2022-23339
CVE-2022-23338
RESERVED
CVE-2022-23337 (DedeCMS v5.7.87 was discovered to contain a SQL injection
vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: DedeCMS
CVE-2022-23336 (S-CMS v5.0 was discovered to contain a SQL injection
vulnerability in ...)
- TODO: check
+ NOT-FOR-US: S-CMS
CVE-2022-23335 (Metinfo v7.5.0 was discovered to contain a SQL injection
vulnerability ...)
- TODO: check
+ NOT-FOR-US: Metinfo
CVE-2022-23334
RESERVED
CVE-2022-23333
@@ -8187,7 +8187,7 @@ CVE-2022-0132 (peertube is vulnerable to Server-Side
Request Forgery (SSRF) ...)
CVE-2022-0131 (Jimoty App for Android versions prior to 3.7.42 uses a
hard-coded API ...)
NOT-FOR-US: Jimoty App for Android
CVE-2021-4201 (Missing access control in ForgeRock Access Management 7.1.0 and
earlie ...)
- TODO: check
+ NOT-FOR-US: ForgeRock
CVE-2022-22708
RESERVED
CVE-2022-22707 (In lighttpd 1.4.46 through 1.4.63, the
mod_extforward_Forwarded functi ...)
@@ -9261,7 +9261,7 @@ CVE-2022-22297
CVE-2022-22296 (Sourcecodester Hospital's Patient Records Management System
1.0 is vul ...)
NOT-FOR-US: Sourcecodester
CVE-2022-22295 (Metinfo v7.5.0 was discovered to contain a SQL injection
vulnerability ...)
- TODO: check
+ NOT-FOR-US: Metinfo
CVE-2022-22294 (A SQL injection vulnerability exists in ZFAKA<=1.43 which
an attack ...)
NOT-FOR-US: zfaka
CVE-2022-0086 (uppy is vulnerable to Server-Side Request Forgery (SSRF) ...)
@@ -11998,9 +11998,9 @@ CVE-2021-45350
CVE-2021-45349
RESERVED
CVE-2021-45348 (An Arbitrary File Deletion vulnerability exists in
SourceCodester Atte ...)
- TODO: check
+ NOT-FOR-US: SourceCodester
CVE-2021-45347 (An Incorrect Access Control vulnerability exists in zzcms 8.2,
which l ...)
- TODO: check
+ NOT-FOR-US: zzcms
CVE-2021-45346 (A Memory Leak vulnerabilty exists in SQLite Project SQLite3
3.35.1 and ...)
TODO: check
CVE-2021-45345
@@ -12091,7 +12091,7 @@ CVE-2021-45312
CVE-2021-45311
RESERVED
CVE-2021-45310 (Sangoma Technologies Corporation Switchvox Version 102409 is
affected ...)
- TODO: check
+ NOT-FOR-US: Sangoma Technologies Corporation Switchvox
CVE-2021-45309
RESERVED
CVE-2021-45308
@@ -13982,7 +13982,7 @@ CVE-2022-21820
CVE-2022-21819
RESERVED
CVE-2022-21818 (NVIDIA License System contains a vulnerability in the
installation scr ...)
- TODO: check
+ NOT-FOR-US: NVIDIA License System
CVE-2022-21817 (NVIDIA Omniverse Launcher contains a Cross-Origin Resource
Sharing (CO ...)
NOT-FOR-US: NVIDIA
CVE-2022-21816 (NVIDIA vGPU software contains a vulnerability in the Virtual
GPU Manag ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4878a6784c52da0e41cec28aba768e2f41d71a99
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4878a6784c52da0e41cec28aba768e2f41d71a99
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
