Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
32485e0f by Salvatore Bonaccorso at 2022-03-23T21:30:32+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1115,7 +1115,7 @@ CVE-2022-1035 (Segmentation Fault caused by MP4Box -lsr
in GitHub repository gpa
CVE-2022-1034 (There is a Unrestricted Upload of File vulnerability in ShowDoc
v2.10. ...)
NOT-FOR-US: ShowDoc
CVE-2022-1033 (Unrestricted Upload of File with Dangerous Type in GitHub
repository c ...)
- TODO: check
+ NOT-FOR-US: Crater
CVE-2022-1032
RESERVED
CVE-2022-1031 (Use After Free in op_is_set_bp in GitHub repository
radareorg/radare2 ...)
@@ -3378,17 +3378,17 @@ CVE-2022-0864
CVE-2022-0863
RESERVED
CVE-2022-0862 (A lack of password change protection vulnerability in a
depreciated AP ...)
- TODO: check
+ NOT-FOR-US: McAfee
CVE-2022-0861 (A XML Extended entity vulnerability in McAfee Enterprise
ePolicy Orche ...)
- TODO: check
+ NOT-FOR-US: McAfee
CVE-2022-0860 (Improper Authorization in GitHub repository cobbler/cobbler
prior to 3 ...)
- cobbler <removed>
CVE-2022-0859 (McAfee Enterprise ePolicy Orchestrator (ePO) prior to 5.10
Update 13 a ...)
- TODO: check
+ NOT-FOR-US: McAfee
CVE-2022-0858 (A cross-site scripting (XSS) vulnerability in McAfee Enterprise
ePolic ...)
- TODO: check
+ NOT-FOR-US: McAfee
CVE-2022-0857 (A reflected cross-site scripting (XSS) vulnerability in McAfee
Enterpr ...)
- TODO: check
+ NOT-FOR-US: McAfee
CVE-2022-0856 (libcaca is affected by a Divide By Zero issue via img2txt,
which allow ...)
- libcaca <unfixed> (unimportant)
NOTE: https://github.com/cacalabs/libcaca/issues/65
@@ -3552,7 +3552,7 @@ CVE-2022-0843
- firefox 98.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-10/#CVE-2022-0843
CVE-2022-0842 (A blind SQL injection vulnerability in McAfee Enterprise
ePolicy Orche ...)
- TODO: check
+ NOT-FOR-US: McAfee
CVE-2022-0841 (OS Command Injection in GitHub repository ljharb/npm-lockfile
in v2.0. ...)
NOT-FOR-US: ljharb/npm-lockfile
CVE-2022-0840
@@ -5785,9 +5785,9 @@ CVE-2022-25520
CVE-2022-25519
RESERVED
CVE-2022-25518 (In CMDBuild from version 3.0 to 3.3.2 payload requests are
saved in a ...)
- TODO: check
+ NOT-FOR-US: CMDBuild
CVE-2022-25517 (MyBatis plus v3.4.3 was discovered to contain a SQL injection
vulnerab ...)
- TODO: check
+ NOT-FOR-US: MyBatis plus
CVE-2022-25516 (stb_truetype.h v1.26 was discovered to contain a
heap-buffer-overflow ...)
- libstb <unfixed> (unimportant)
NOTE: https://github.com/nothings/stb/issues/1287
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/32485e0fcfcac7bd90767dde9c079eaf17ec4568
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/32485e0fcfcac7bd90767dde9c079eaf17ec4568
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
