Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
5a32dc1e by Salvatore Bonaccorso at 2022-02-23T09:53:25+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -6493,7 +6493,7 @@ CVE-2022-23656
CVE-2022-23655
RESERVED
CVE-2022-23654 (Wiki.js is a wiki app built on Node.js. In affected versions
an authen ...)
- TODO: check
+ NOT-FOR-US: Wiki.js
CVE-2022-23653
RESERVED
CVE-2022-23652 (capsule-proxy is a reverse proxy for Capsule Operator which
provides m ...)
@@ -6537,7 +6537,7 @@ CVE-2022-23637 (K-Box is a web-based application to
manage documents, images, vi
CVE-2022-23636 (Wasmtime is an open source runtime for WebAssembly & WASI.
Prior t ...)
NOT-FOR-US: wasmtime
CVE-2022-23635 (Istio is an open platform to connect, manage, and secure
microservices ...)
- TODO: check
+ NOT-FOR-US: Istio
CVE-2022-23634 (Puma is a Ruby/Rack web server built for parallelism. Prior to
`puma` ...)
- puma <unfixed> (bug #1005391)
NOTE:
https://github.com/puma/puma/security/advisories/GHSA-rmj8-8hhh-gv5h
@@ -6604,7 +6604,7 @@ CVE-2022-23613 (xrdp is an open source remote desktop
protocol (RDP) server. In
NOTE: Introduced by:
https://github.com/neutrinolabs/xrdp/commit/738e346f810c97d578df9e99a36520616ee201be
(v0.9.17)
NOTE: Fixed by:
https://github.com/neutrinolabs/xrdp/commit/4def30ab8ea445cdc06832a44c3ec40a506a0ffa
CVE-2022-23612 (OpenMRS is a patient-based medical record system focusing on
giving pr ...)
- TODO: check
+ NOT-FOR-US: OpenMRS
CVE-2022-23611 (iTunesRPC-Remastered is a Discord Rich Presence for iTunes on
Windows ...)
NOT-FOR-US: iTunesRPC-Remastered
CVE-2022-23610
@@ -8565,7 +8565,7 @@ CVE-2022-23045 (PhpIPAM v1.4.4 allows an authenticated
admin user to inject pers
CVE-2022-23044
RESERVED
CVE-2022-23043 (Zenario CMS 9.2 allows an authenticated admin user to bypass
the file ...)
- TODO: check
+ NOT-FOR-US: Zenario CMS
CVE-2022-23042
RESERVED
CVE-2022-23041
@@ -16470,11 +16470,11 @@ CVE-2021-44568 (Two heap-overflow vulnerabilities
exist in openSUSE/libsolv libs
NOTE:
https://github.com/openSUSE/libsolv/commit/0077ef29eb46d2e1df2f230fc95a1d9748d49dec
(0.7.17)
NOTE: Issue is fixed in the testcase; negligible security impact
CVE-2021-44567 (An SQL Injection vulnerability exits in RosarioSIS before
7.6.1 via th ...)
- TODO: check
+ NOT-FOR-US: RosarioSIS
CVE-2021-44566 (A Cross Site Scripting vulnerability exists RosarioSIS before
4.3 via ...)
- TODO: check
+ NOT-FOR-US: RosarioSIS
CVE-2021-44565 (A Cross Site Scripting (XSS) vulnerabilty exits in RosarioSIS
before 7 ...)
- TODO: check
+ NOT-FOR-US: RosarioSIS
CVE-2021-44564 (A security vulnerability originally reported in the SYNC2101
product, ...)
NOT-FOR-US: SYNC2101
CVE-2021-44563
@@ -94916,7 +94916,7 @@ CVE-2020-27469
CVE-2020-27468
RESERVED
CVE-2020-27467 (A Directory Traversal vulnerability exits in Processwire CMS
before 2. ...)
- TODO: check
+ NOT-FOR-US: Processwire CMS
CVE-2020-27466 (An arbitrary file write vulnerability in
lib/AjaxHandlers/ajaxEditTemp ...)
NOT-FOR-US: rConfig
CVE-2020-27465
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5a32dc1ec94aec78460c36931c058ae0df8f62e8
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5a32dc1ec94aec78460c36931c058ae0df8f62e8
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
