Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
7ce3d302 by Moritz Muehlenhoff at 2022-03-27T22:35:27+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,7 +1,7 @@
CVE-2022-27949
RESERVED
CVE-2022-27948 (Certain Tesla vehicles through 2022-03-26 allow attackers to
open the ...)
- TODO: check
+ NOT-FOR-US: Tesla
CVE-2022-1110
RESERVED
CVE-2022-1109
@@ -87,7 +87,7 @@ CVE-2022-27920 (libkiwix 10.0.0 and 10.0.1 allows XSS in the
built-in webserver
NOTE: https://github.com/kiwix/libkiwix/issues/728
NOTE: https://github.com/kiwix/libkiwix/pull/721
CVE-2022-27919 (Gradle Enterprise before 2022.1 allows remote code execution
if the in ...)
- TODO: check
+ NOT-FOR-US: Gradle Enterprise
CVE-2022-27918
RESERVED
CVE-2022-27917
@@ -177,9 +177,9 @@ CVE-2022-27884 (Maccms v10 was discovered to contain a
reflected cross-site scri
CVE-2022-27883
RESERVED
CVE-2022-27882 (slaacd in OpenBSD 6.9 and 7.0 before 2022-03-22 has an integer
signedn ...)
- TODO: check
+ NOT-FOR-US: slaacd from OpenBSD
CVE-2022-27881 (engine.c in slaacd in OpenBSD 6.9 and 7.0 before 2022-02-21
has a buff ...)
- TODO: check
+ NOT-FOR-US: slaacd from OpenBSD
CVE-2022-27873
RESERVED
CVE-2022-27872
@@ -4366,11 +4366,11 @@ CVE-2022-26256
CVE-2022-26255
RESERVED
CVE-2022-26254 (WoWonder The Ultimate PHP Social Network Platform v4.0.0 was
discovere ...)
- TODO: check
+ NOT-FOR-US: WoWonder
CVE-2022-26253
RESERVED
CVE-2022-26252 (aaPanel v6.8.21 was discovered to be vulnerable to directory
traversal ...)
- TODO: check
+ NOT-FOR-US: aaPanel
CVE-2022-26251
RESERVED
CVE-2022-26250
@@ -4384,7 +4384,7 @@ CVE-2022-26247 (TMS v2.28.0 contains an insecure
permissions vulnerability via t
CVE-2022-26246 (TMS v2.28.0 was discovered to contain a cross-site scripting
(XSS) vul ...)
NOT-FOR-US: TMS
CVE-2022-26245 (Falcon-plus v0.3 was discovered to contain a SQL injection
vulnerabili ...)
- TODO: check
+ NOT-FOR-US: Falcon-plus
CVE-2022-26244
RESERVED
CVE-2022-26243 (Tenda AC10-1200 v15.03.06.23_EN was discovered to contain a
buffer ove ...)
@@ -4464,7 +4464,7 @@ CVE-2022-26207 (Totolink A830R V5.9c.4729_B20191112,
A3100R V4.1.2cu.5050_B20200
CVE-2022-26206 (Totolink A830R V5.9c.4729_B20191112, A3100R
V4.1.2cu.5050_B20200504, A ...)
NOT-FOR-US: Totolink
CVE-2022-26205 (Marky commit 3686565726c65756e was discovered to contain a
remote code ...)
- TODO: check
+ NOT-FOR-US: Marky
CVE-2022-26204
RESERVED
CVE-2022-26203
@@ -4478,7 +4478,7 @@ CVE-2022-26200
CVE-2022-26199
RESERVED
CVE-2022-26198 (Notable v1.8.4 does not filter text editing, allowing
attackers to exe ...)
- TODO: check
+ NOT-FOR-US: Notable
CVE-2022-26197 (Joget DX 7 was discovered to contain a cross-site scripting
(XSS) vuln ...)
NOT-FOR-US: Joget
CVE-2022-26196
@@ -6183,7 +6183,7 @@ CVE-2022-25576 (Anchor CMS v0.12.7 was discovered to
contain a Cross-Site Reques
CVE-2022-25575 (Multiple cross-site scripting (XSS) vulnerabilities in Parking
Managem ...)
NOT-FOR-US: Parking Management System
CVE-2022-25574 (A stored cross-site scripting (XSS) vulnerability in the
upload functi ...)
- TODO: check
+ NOT-FOR-US: douphp
CVE-2022-25573
RESERVED
CVE-2022-25572
@@ -8361,9 +8361,9 @@ CVE-2022-24786
CVE-2022-24785
RESERVED
CVE-2022-24784 (Statamic is a Laravel and Git powered CMS. Before versions
3.2.39 and ...)
- TODO: check
+ NOT-FOR-US: Statamic
CVE-2022-24783 (Deno is a runtime for JavaScript and TypeScript. The versions
of Deno ...)
- TODO: check
+ NOT-FOR-US: Deno
CVE-2022-24782 (Discourse is an open source discussion platform. Versions
2.8.2 and pr ...)
NOT-FOR-US: Discourse
CVE-2022-24781 (Geon is a board game based on solving questions about the
Pythagorean ...)
@@ -8435,7 +8435,7 @@ CVE-2022-24761 (Waitress is a Web Server Gateway
Interface server for Python 2 a
CVE-2022-24760 (Parse Server is an open source http web server backend. In
versions pr ...)
TODO: check
CVE-2022-24759 (`@chainsafe/libp2p-noise` contains TypeScript implementation
of noise ...)
- TODO: check
+ NOT-FOR-US: chainsafe/libp2p-noise
CVE-2022-24758
RESERVED
CVE-2022-24757 (The Jupyter Server provides the backend (i.e. the core
services, APIs, ...)
@@ -8466,11 +8466,11 @@ CVE-2022-24754 (PJSIP is a free and open source
multimedia communication library
NOTE:
https://github.com/pjsip/pjproject/commit/d27f79da11df7bc8bb56c2f291d71e54df8d2c47
TODO: check impact on src:asterisk and src:ring
CVE-2022-24753 (Stripe CLI is a command-line tool for the Stripe eCommerce
platform. A ...)
- TODO: check
+ NOT-FOR-US: Stripe CLI
CVE-2022-24752 (SyliusGridBundle is a package of generic data grids for
Symfony applic ...)
- TODO: check
+ NOT-FOR-US: SyliusGridBundle
CVE-2022-24751 (Zulip is an open source group chat application. Starting with
version ...)
- TODO: check
+ - zulip-server <itp> (bug #800052)
CVE-2022-24750 (UltraVNC is a free and open source remote pc access software.
A vulner ...)
NOT-FOR-US: UltraVNC
CVE-2022-24749 (Sylius is an open source eCommerce platform. In versions prior
to 1.9. ...)
@@ -8547,7 +8547,7 @@ CVE-2022-24723 (URI.js is a Javascript URL mutation
library. Before version 1.19
CVE-2022-24722 (VIewComponent is a framework for building view components in
Ruby on R ...)
NOT-FOR-US: VIewComponent
CVE-2022-24721 (CometD is a scalable comet implementation for web messaging.
In any ve ...)
- TODO: check
+ NOT-FOR-US: CometD
CVE-2022-24720 (image_processing is an image processing wrapper for libvips
and ImageM ...)
- ruby-image-processing <unfixed> (bug #1007225)
NOTE:
https://github.com/janko/image_processing/security/advisories/GHSA-cxf7-qrc5-9446
@@ -8910,7 +8910,7 @@ CVE-2022-24645
CVE-2022-24644 (ZZ Inc. KeyMouse Windows 3.08 and prior is affected by a
remote code e ...)
NOT-FOR-US: KeyMouse
CVE-2022-24643 (A stored cross-site scripting (XSS) issue was discovered in
the OpenEM ...)
- TODO: check
+ NOT-FOR-US: OpenEMR
CVE-2022-24642
RESERVED
CVE-2022-24641
@@ -9766,7 +9766,8 @@ CVE-2022-0476 (Denial of Service in GitHub repository
radareorg/radare2 prior to
NOTE: https://huntr.dev/bounties/81ddfbda-6c9f-4b69-83ff-85b15141e35d
NOTE:
https://github.com/radareorg/radare2/commit/27fe8031782d3a06c3998eaa94354867864f9f1b
CVE-2022-0475 (Malicious translator is able to inject JavaScript code in few
translat ...)
- TODO: check
+ NOT-FOR-US: OTRS
+ NOTE: Only affects 7.x/8.x, so won't affect znuny fork packaged in
Debian
CVE-2022-0474 (Full list of recipients from customer users in a contact field
could b ...)
NOT-FOR-US: OTRS
NOTE: Only affects 8.x, so won't affect znuny fork packaged in Debian
@@ -14705,7 +14706,7 @@ CVE-2022-22997
CVE-2022-22996
RESERVED
CVE-2022-22995 (The combination of primitives offered by SMB and AFP in their
default ...)
- TODO: check
+ NOT-FOR-US: Western Digital
CVE-2022-22994 (A remote code execution vulnerability was discovered on
Western Digita ...)
NOT-FOR-US: Western Digital
CVE-2022-22993 (A limited SSRF vulnerability was discovered on Western Digital
My Clou ...)
@@ -17752,7 +17753,7 @@ CVE-2022-22276
CVE-2022-22275
RESERVED
CVE-2022-22274 (A Stack-based buffer overflow vulnerability in the SonicOS via
HTTP re ...)
- TODO: check
+ NOT-FOR-US: Sonicwall
CVE-2022-22273 (** UNSUPPORTED WHEN ASSIGNED ** Improper neutralization of
Special Ele ...)
NOT-FOR-US: Sonicwall
CVE-2022-22272 (Improper authorization in TelephonyManager prior to SMR
Jan-2022 Relea ...)
@@ -21248,7 +21249,7 @@ CVE-2021-45012
CVE-2021-45011
RESERVED
CVE-2021-45010 (A path traversal vulnerability in the file upload
functionality in tin ...)
- TODO: check
+ NOT-FOR-US: Tiny File Manager
CVE-2021-45009
RESERVED
CVE-2021-45008 (** DISPUTED ** Plesk CMS 18.0.37 is affected by an insecure
permission ...)
@@ -21519,7 +21520,7 @@ CVE-2021-44906 (Minimist <=1.2.5 is vulnerable to
Prototype Pollution via fil
NOTE: The initial fix for prototype pollution (cf.
SNYK-JS-MINIMIST-559764) in setKey()
NOTE: was insufficient.
CVE-2021-44905 (Incorrect permissions in the Bluetooth Services in the
Fortessa FTBTLD ...)
- TODO: check
+ NOT-FOR-US: Fortessa
CVE-2021-44904
RESERVED
CVE-2021-44903 (Micro-Star International (MSI) Center Pro <= 2.0.16.0 is
vulnerable ...)
@@ -22300,7 +22301,7 @@ CVE-2021-44685 (Git-it through 4.4.0 allows OS command
injection at the Branches
CVE-2021-44684 (naholyr github-todos 3.1.0 is vulnerable to command injection.
The ran ...)
NOT-FOR-US: naholyr github-todos
CVE-2021-44683 (The DuckDuckGo browser 7.64.4 on iOS allows Address Bar
Spoofing due t ...)
- TODO: check
+ NOT-FOR-US: DuckDuckGo browser
CVE-2021-44682 (An issue (6 of 6) was discovered in Veritas Enterprise Vault
through 1 ...)
NOT-FOR-US: Veritas
CVE-2021-44681 (An issue (5 of 6) was discovered in Veritas Enterprise Vault
through 1 ...)
@@ -24581,7 +24582,7 @@ CVE-2022-21719 (GLPI is a free asset and IT management
software package. All GLP
- glpi <removed> (unimportant)
NOTE: Only supported behind an authenticated HTTP zone
CVE-2022-21718 (Electron is a framework for writing cross-platform desktop
application ...)
- TODO: check
+ - electron <itp> (bug #842420)
CVE-2022-21717
RESERVED
CVE-2022-21716 (Twisted is an event-based framework for internet applications,
support ...)
@@ -26439,7 +26440,7 @@ CVE-2021-43638 (Amazon Amazon WorkSpaces agent is
affected by Integer Overflow.
CVE-2021-43637 (Amazon WorkSpaces agent is affected by Buffer Overflow. IOCTL
Handler ...)
NOT-FOR-US: Amazon
CVE-2021-43636 (Two Buffer Overflow vulnerabilities exists in T10 V2_Firmware
V4.1.8cu ...)
- TODO: check
+ NOT-FOR-US: T10 V2_Firmware
CVE-2021-43635 (A Cross Site Scripting (XSS) vulnerability exists in Codex
before 1.4. ...)
NOT-FOR-US: Codex
CVE-2021-43634
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7ce3d3029da2a98a27596dd633144ae86bd8f7e2
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7ce3d3029da2a98a27596dd633144ae86bd8f7e2
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
