Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
cdc5f508 by Moritz Muehlenhoff at 2022-02-25T22:31:01+01:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -4541,9 +4541,9 @@ CVE-2022-24348 (Argo CD before 2.1.9 and 2.2.x before
2.2.4 allows directory tra
CVE-2022-24347 (JetBrains YouTrack before 2021.4.36872 was vulnerable to
stored XSS vi ...)
NOT-FOR-US: JetBrains YouTrack
CVE-2022-24346 (In JetBrains IntelliJ IDEA before 2021.3.1, local code
execution via R ...)
- TODO: check
+ - intellij-idea <itp> (bug #747616)
CVE-2022-24345 (In JetBrains IntelliJ IDEA before 2021.2.4, local code
execution (with ...)
- TODO: check
+ - intellij-idea <itp> (bug #747616)
CVE-2022-24344 (JetBrains YouTrack before 2021.4.31698 was vulnerable to
stored XSS on ...)
NOT-FOR-US: JetBrains YouTrack
CVE-2022-24343 (In JetBrains YouTrack before 2021.4.31698, a custom logo could
be set ...)
@@ -7287,11 +7287,11 @@ CVE-2022-23655 (Octobercms is a self-hosted CMS
platform based on the Laravel PH
CVE-2022-23654 (Wiki.js is a wiki app built on Node.js. In affected versions
an authen ...)
NOT-FOR-US: Wiki.js
CVE-2022-23653 (B2 Command Line Tool is the official command line tool for the
backbla ...)
- TODO: check
+ NOT-FOR-US: B2 (CLI tool for Backblaze)
CVE-2022-23652 (capsule-proxy is a reverse proxy for Capsule Operator which
provides m ...)
NOT-FOR-US: capsule-proxy
CVE-2022-23651 (b2-sdk-python is a python library to access cloud storage
provided by ...)
- TODO: check
+ NOT-FOR-US: b2-sdk-python
CVE-2022-23650 (Netmaker is a platform for creating and managing virtual
overlay netwo ...)
NOT-FOR-US: Netmaker
CVE-2022-23649 (Cosign provides container signing, verification, and storage
in an OCI ...)
@@ -8085,7 +8085,7 @@ CVE-2022-23359
CVE-2022-23358 (EasyCMS v1.6 allows for SQL injection via
ArticlemAction.class.php. In ...)
NOT-FOR-US: EasyCMS
CVE-2022-23357 (mozilo2.0 was discovered to be vulnerable to directory
traversal attac ...)
- TODO: check
+ NOT-FOR-US: mozilo
CVE-2022-23356
RESERVED
CVE-2022-23355
@@ -8509,7 +8509,7 @@ CVE-2022-0249
CVE-2022-0248
RESERVED
CVE-2022-0247 (An issue exists in Fuchsia where VMO data can be modified
through acce ...)
- TODO: check
+ NOT-FOR-US: Fuchsia
CVE-2022-0246
RESERVED
CVE-2022-23304 (The implementations of EAP-pwd in hostapd before 2.10 and
wpa_supplica ...)
@@ -12240,7 +12240,7 @@ CVE-2021-45979 (Foxit PDF Reader and PDF Editor before
11.1 on macOS allow remot
CVE-2021-45978 (Foxit PDF Reader and PDF Editor before 11.1 on macOS allow
remote atta ...)
NOT-FOR-US: Foxit
CVE-2021-45977 (JetBrains IntelliJ IDEA 2021.3.1 Preview, IntelliJ IDEA
2021.3.1 RC, P ...)
- TODO: check
+ - intellij-idea <itp> (bug #747616)
CVE-2021-45976
RESERVED
CVE-2021-45975 (In ListCheck.exe in Acer Care Center 4.x before 4.00.3038, a
vulnerabi ...)
@@ -17360,9 +17360,9 @@ CVE-2021-44552
CVE-2021-44551
RESERVED
CVE-2021-44550 (An Incorrect Access Control vulnerability exists in CoreNLP
4.3.2 via ...)
- TODO: check
+ NOT-FOR-US: CoreNLP
CVE-2021-4070 (Off-by-one Error in GitHub repository v2fly/v2ray-core prior to
4.44.0 ...)
- TODO: check
+ NOT-FOR-US: v2fly/v2ray-core
CVE-2021-44549 (Apache Sling Commons Messaging Mail provides a simple layer on
top of ...)
NOT-FOR-US: Apache Sling
CVE-2021-4069 (vim is vulnerable to Use After Free ...)
@@ -32620,7 +32620,6 @@ CVE-2021-39944 (An issue has been discovered in GitLab
CE/EE affecting all versi
- gitlab <unfixed>
CVE-2021-39943 (An authorization logic error in the External Status Check API
in GitLa ...)
- gitlab <unfixed>
- TODO: reach out for details
CVE-2021-39942 (A denial of service vulnerability in GitLab CE/EE affecting
all versio ...)
- gitlab <unfixed>
CVE-2021-39941 (An information disclosure vulnerability in GitLab CE/EE
versions 12.0 ...)
@@ -32790,7 +32789,7 @@ CVE-2021-39881 (In all versions of GitLab CE/EE since
version 7.7, the applicati
CVE-2021-39880 (A Denial Of Service vulnerability in the apollo_upload_server
Ruby gem ...)
- gitlab <unfixed>
- ruby-apollo-upload-server <unfixed>
- TODO: reach out for details
+ TODO: reach out for details for ruby-apollo-upload-server
CVE-2021-39879 (Missing authentication in all versions of GitLab CE/EE since
version 7 ...)
- gitlab <unfixed>
CVE-2021-39878 (A stored Reflected Cross-Site Scripting vulnerability in the
Jira inte ...)
@@ -56370,7 +56369,7 @@ CVE-2021-30506 (Incorrect security UI in Web App
Installs in Google Chrome on An
CVE-2021-30505
RESERVED
CVE-2021-30504 (In JetBrains IntelliJ IDEA before 2021.1, DoS was possible
because of ...)
- NOT-FOR-US: JetBrains
+ - intellij-idea <itp> (bug #747616)
CVE-2021-30503 (The unofficial GLSL Linting extension before 1.4.0 for Visual
Studio C ...)
NOT-FOR-US: GLSL Linting extension for Visual Studio Code
CVE-2021-30502 (The unofficial vscode-ghc-simple (aka Simple Glasgow Haskell
Compiler) ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cdc5f5083696158f97b7b0888ef1351035275d39
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cdc5f5083696158f97b7b0888ef1351035275d39
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
