Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
2b125f6b by Salvatore Bonaccorso at 2022-04-19T13:30:09+02:00
Add CVE-2022-26651/asterisk
- - - - -
c9ec860e by Salvatore Bonaccorso at 2022-04-19T13:30:11+02:00
Process some NFUs
- - - - -
73f0077d by Salvatore Bonaccorso at 2022-04-19T13:30:12+02:00
Add CVE-2022-24859/pypdf2
- - - - -
9b7d11a8 by Salvatore Bonaccorso at 2022-04-19T13:30:13+02:00
Add two pjproject CVEs
- - - - -
21963c4f by Salvatore Bonaccorso at 2022-04-19T13:30:15+02:00
Process one more NFU
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -7700,7 +7700,9 @@ CVE-2022-26653 (Zoho ManageEngine Remote Access Plus
before 10.1.2137.15 allows
CVE-2022-26652 (NATS nats-server before 2.7.4 allows Directory Traversal (with
write a ...)
NOT-FOR-US: nats-server
CVE-2022-26651 (An issue was discovered in Asterisk through 19.x and Certified
Asteris ...)
- TODO: check
+ - asterisk 1:18.11.2~dfsg+~cs6.10.40431413-1
+ NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-29838
+ NOTE: https://downloads.asterisk.org/pub/security/AST-2022-003.html
CVE-2022-25943 (The installer of WPS Office for Windows versions prior to
v11.2.0.1025 ...)
NOT-FOR-US: WPS Office for Windows
CVE-2022-0880 (Cross-site Scripting (XSS) - Stored in GitHub repository
star7th/showd ...)
@@ -9313,25 +9315,25 @@ CVE-2022-26101 (Fiori launchpad - versions 754, 755,
756, does not sufficiently
CVE-2022-26100 (SAPCAR - version 7.22, does not contain sufficient input
validation on ...)
NOT-FOR-US: SAPCAR
CVE-2022-26099 (Null pointer dereference vulnerability in parser_infe function
of libs ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-26098 (Heap-based buffer overflow vulnerability in sheifd_create
function of ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-26097 (Null pointer dereference vulnerability in
parser_unknown_property func ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-26096 (Null pointer dereference vulnerability in parser_ispe function
in libs ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-26095 (Null pointer dereference vulnerability in parser_colr function
in libs ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-26094 (Null pointer dereference vulnerability in parser_auxC function
in libs ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-26093 (Null pointer dereference vulnerability in parser_irot function
in libs ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-26092 (Improper boundary check in Quram Agif library prior to SMR
Apr-2022 Re ...)
TODO: check
CVE-2022-26091 (Improper access control vulnerability in Knox Manage prior to
SMR Apr- ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-26090 (Improper access control vulnerability in SamsungContacts prior
to SMR ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-26089
RESERVED
CVE-2022-26088
@@ -9896,7 +9898,7 @@ CVE-2022-25833 (Improper authentication in ImsService
prior to SMR Apr-2022 Rele
CVE-2022-25832 (Improper authentication vulnerability in S Secure prior to SMR
Apr-202 ...)
TODO: check
CVE-2022-25831 (Improper access control vulnerability in S Secure prior to SMR
Apr-202 ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-25830 (Information Exposure vulnerability in Galaxy Watch3 Plugin
prior to ve ...)
NOT-FOR-US: Samsung
CVE-2022-25829 (Information Exposure vulnerability in Watch Active2 Plugin
prior to ve ...)
@@ -10001,23 +10003,23 @@ CVE-2022-25799
CVE-2022-25798
RESERVED
CVE-2022-25797 (A Memory Corruption Vulnerability in Autodesk TrueView 2022
and 2021 m ...)
- TODO: check
+ NOT-FOR-US: Autodesk
CVE-2022-25796 (A Double Free vulnerability allows remote malicious actors to
execute ...)
- TODO: check
+ NOT-FOR-US: Autodesk
CVE-2022-25795 (A maliciously crafted PDF file can be used to dereference for
a write ...)
- TODO: check
+ NOT-FOR-US: Autodesk
CVE-2022-25794 (An Out-Of-Bounds Read Vulnerability in Autodesk FBX Review
version 1.5 ...)
- TODO: check
+ NOT-FOR-US: Autodesk
CVE-2022-25793
RESERVED
CVE-2022-25792 (A maliciously crafted DXF file in Autodesk AutoCAD 2022, 2021,
2020, 2 ...)
- TODO: check
+ NOT-FOR-US: Autodesk
CVE-2022-25791 (A Memory Corruption vulnerability for DWF and DWFX files in
Autodesk A ...)
- TODO: check
+ NOT-FOR-US: Autodesk
CVE-2022-25790 (A maliciously crafted DWF file in Autodesk AutoCAD 2022, 2021,
2020, 2 ...)
- TODO: check
+ NOT-FOR-US: Autodesk
CVE-2022-25789 (A maliciously crafted DWF, 3DS and DWFX files in Autodesk
AutoCAD 2022 ...)
- TODO: check
+ NOT-FOR-US: Autodesk
CVE-2022-25788
RESERVED
CVE-2022-25787
@@ -10294,7 +10296,7 @@ CVE-2022-25652
CVE-2022-25651
RESERVED
CVE-2022-25650 (A vulnerability has been identified in Mendix Applications
using Mendi ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2022-25172
RESERVED
CVE-2022-25170 (The affected product is vulnerable to a stack-based buffer
overflow wh ...)
@@ -10443,7 +10445,7 @@ CVE-2022-25636 (net/netfilter/nf_dup_netdev.c in the
Linux kernel 5.4 through 5.
NOTE: https://www.openwall.com/lists/oss-security/2022/02/21/2
NOTE: https://nickgregory.me/linux/security/2022/03/12/cve-2022-25636/
CVE-2022-25622 (A vulnerability has been identified in SIMATIC CFU DIQ (All
versions), ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2022-25621 (UUNIVERGE WA 1020 Ver8.2.11 and prior, UNIVERGE WA 1510
Ver8.2.11 and ...)
NOT-FOR-US: UUNIVERGE
CVE-2022-25620 (Improper Neutralization of Script-Related HTML Tags in a Web
Page (Bas ...)
@@ -11660,7 +11662,7 @@ CVE-2022-24435 (Cross-site scripting vulnerability in
phpUploader v1.2 and earli
CVE-2022-23986 (SQL injection vulnerability in the phpUploader v1.2 and
earlier allows ...)
NOT-FOR-US: phpUploader
CVE-2022-21159 (A denial of service vulnerability exists in the
parseNormalModeParamet ...)
- TODO: check
+ NOT-FOR-US: MZ Automation
CVE-2022-0618 (A program using swift-nio-http2 is vulnerable to a denial of
service a ...)
NOT-FOR-US: swift-nio-http2
CVE-2022-0617 (A flaw null pointer dereference in the Linux kernel UDF file
system fu ...)
@@ -11765,9 +11767,9 @@ CVE-2022-25174 (Jenkins Pipeline: Shared Groovy
Libraries Plugin 552.vd9cc05b8a2
CVE-2022-25173 (Jenkins Pipeline: Groovy Plugin 2648.va9433432b33c and earlier
uses th ...)
NOT-FOR-US: Jenkins plugin
CVE-2022-25166 (An issue was discovered in Amazon AWS VPN Client 2.0.0. It is
possible ...)
- TODO: check
+ NOT-FOR-US: Amazon AWS VPN Client
CVE-2022-25165 (An issue was discovered in Amazon AWS VPN Client 2.0.0. A
TOCTOU race ...)
- TODO: check
+ NOT-FOR-US: Amazon AWS VPN Client
CVE-2022-25164
RESERVED
CVE-2022-25163
@@ -12621,7 +12623,10 @@ CVE-2022-24861
CVE-2022-24860
RESERVED
CVE-2022-24859 (PyPDF2 is an open source python PDF library capable of
splitting, merg ...)
- TODO: check
+ - pypdf2 <unfixed>
+ NOTE:
https://github.com/py-pdf/PyPDF2/security/advisories/GHSA-xcjx-m2pj-8g79
+ NOTE: https://github.com/py-pdf/PyPDF2/issues/329
+ NOTE: https://github.com/py-pdf/PyPDF2/pull/740
CVE-2022-24858
RESERVED
CVE-2022-24857 (django-mfa3 is a library that implements multi factor
authentication f ...)
@@ -12629,11 +12634,11 @@ CVE-2022-24857 (django-mfa3 is a library that
implements multi factor authentica
CVE-2022-24856
RESERVED
CVE-2022-24855 (Metabase is an open source business intelligence and analytics
applica ...)
- TODO: check
+ NOT-FOR-US: Metabase
CVE-2022-24854 (Metabase is an open source business intelligence and analytics
applica ...)
- TODO: check
+ NOT-FOR-US: Metabase
CVE-2022-24853 (Metabase is an open source business intelligence and analytics
applica ...)
- TODO: check
+ NOT-FOR-US: Metabase
CVE-2022-24852
RESERVED
CVE-2022-24851 (LDAP Account Manager (LAM) is an open source web frontend for
managing ...)
@@ -12643,7 +12648,7 @@ CVE-2022-24851 (LDAP Account Manager (LAM) is an open
source web frontend for ma
NOTE:
https://github.com/LDAPAccountManager/lam/commit/3c6f09a3579e048e224eb5a4c4e3eefaa8bccd49
NOTE: https://github.com/LDAPAccountManager/lam/issues/170
CVE-2022-24850 (Discourse is an open source platform for community discussion.
A categ ...)
- TODO: check
+ NOT-FOR-US: Discourse
CVE-2022-24849 (DisCatSharp is a Discord API wrapper for .NET. Users of
versions 9.8.5 ...)
TODO: check
CVE-2022-24848
@@ -12673,7 +12678,7 @@ CVE-2022-24839 (org.cyberneko.html is an html parser
written in Java. The fork o
CVE-2022-24838 (Nextcloud Calendar is a calendar application for the nextcloud
framewo ...)
TODO: check
CVE-2022-24837 (HedgeDoc is an open-source, web-based, self-hosted,
collaborative mark ...)
- TODO: check
+ NOT-FOR-US: HedgeDoc
CVE-2022-24836 (Nokogiri is an open source XML and HTML library for Ruby.
Nokogiri `&l ...)
- ruby-nokogiri <unfixed> (bug #1009787)
NOTE:
https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-crjr-9rc5-ghw8
@@ -12701,7 +12706,7 @@ CVE-2022-24826
CVE-2022-24825
RESERVED
CVE-2022-24824 (Discourse is an open source platform for community discussion.
In affe ...)
- TODO: check
+ NOT-FOR-US: Discourse
CVE-2022-24823
RESERVED
CVE-2022-24822 (Podium is a library for building micro frontends.
@podium/layout is a ...)
@@ -12741,7 +12746,7 @@ CVE-2022-24806
CVE-2022-24805
RESERVED
CVE-2022-24804 (Discourse is an open source platform for community discussion.
In stab ...)
- TODO: check
+ NOT-FOR-US: Discourse
CVE-2022-24803 (Asciidoctor-include-ext is Asciidoctor’s standard
include proces ...)
- ruby-asciidoctor-include-ext <unfixed> (bug #1009035)
[bullseye] - ruby-asciidoctor-include-ext <no-dsa> (Minor issue)
@@ -12773,7 +12778,10 @@ CVE-2022-24795 (yajl-ruby is a C binding to the YAJL
JSON parsing and generation
CVE-2022-24794 (Express OpenID Connect is an Express JS middleware
implementing sign o ...)
NOT-FOR-US: Express OpenID Connect
CVE-2022-24793 (PJSIP is a free and open source multimedia communication
library writt ...)
- TODO: check
+ - pjproject <removed>
+ NOTE:
https://github.com/pjsip/pjproject/security/advisories/GHSA-p6g5-v97c-w5q4
+ NOTE:
https://github.com/pjsip/pjproject/commit/9fae8f43accef8ea65d4a8ae9cdf297c46cfe29a
+ TODO: check, might impact src:asterisk and src:ring
CVE-2022-24792
RESERVED
CVE-2022-24791 (Wasmtime is a standalone JIT-style runtime for WebAssembly,
using Cran ...)
@@ -12786,11 +12794,14 @@ CVE-2022-24790 (Puma is a simple, fast,
multi-threaded, parallel HTTP 1.1 server
CVE-2022-24789 (C1 CMS is an open-source, .NET based Content Management System
(CMS). ...)
NOT-FOR-US: C1 CMS
CVE-2022-24788 (Vyper is a pythonic Smart Contract Language for the ethereum
virtual m ...)
- TODO: check
+ NOT-FOR-US: Vyper
CVE-2022-24787 (Vyper is a Pythonic Smart Contract Language for the Ethereum
Virtual M ...)
NOT-FOR-US: Vyper
CVE-2022-24786 (PJSIP is a free and open source multimedia communication
library writt ...)
- TODO: check
+ - pjproject <removed>
+ NOTE:
https://github.com/pjsip/pjproject/security/advisories/GHSA-vhxv-phmx-g52q
+ NOTE:
https://github.com/pjsip/pjproject/commit/11559e49e65bdf00922ad5ae28913ec6a198d508
+ TODO: check, might impact src:asterisk and src:ring
CVE-2022-24785 (Moment.js is a JavaScript date library for parsing,
validating, manipu ...)
- node-moment 2.29.2+ds-1 (bug #1009327)
[bullseye] - node-moment <no-dsa> (Minor issue)
@@ -13598,53 +13609,53 @@ CVE-2022-24552 (StarWind SAN and NAS before 0.2 build
1685 allows remote code ex
CVE-2022-24551 (StarWind SAN and NAS before 0.2 build 1685 allows users to
reset other ...)
NOT-FOR-US: StarWind
CVE-2022-24550 (Windows Telephony Server Elevation of Privilege Vulnerability.
...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-24549 (Windows AppX Package Manager Elevation of Privilege
Vulnerability. ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-24548 (Microsoft Defender Denial of Service Vulnerability. ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-24547 (Windows Digital Media Receiver Elevation of Privilege
Vulnerability. ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-24546 (Windows DWM Core Library Elevation of Privilege Vulnerability.
...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-24545 (Windows Kerberos Remote Code Execution Vulnerability. ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-24544 (Windows Kerberos Elevation of Privilege Vulnerability. This
CVE ID is ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-24543 (Windows Upgrade Assistant Remote Code Execution Vulnerability.
...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-24542 (Windows Win32k Elevation of Privilege Vulnerability. This CVE
ID is un ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-24541 (Windows Server Service Remote Code Execution Vulnerability.
...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-24540 (Windows ALPC Elevation of Privilege Vulnerability. This CVE ID
is uniq ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-24539 (Windows Hyper-V Shared Virtual Hard Disks Information
Disclosure Vulne ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-24538 (Windows Cluster Shared Volume (CSV) Denial of Service
Vulnerability. T ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-24537 (Windows Hyper-V Remote Code Execution Vulnerability. This CVE
ID is un ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-24536 (Windows DNS Server Remote Code Execution Vulnerability. This
CVE ID is ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-24535
RESERVED
CVE-2022-24534 (Win32 Stream Enumeration Remote Code Execution Vulnerability.
This CVE ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-24533 (Remote Desktop Protocol Remote Code Execution Vulnerability.
...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-24532 (HEVC Video Extensions Remote Code Execution Vulnerability. ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-24531
RESERVED
CVE-2022-24530 (Windows Installer Elevation of Privilege Vulnerability. This
CVE ID is ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-24529
RESERVED
CVE-2022-24528 (Remote Procedure Call Runtime Remote Code Execution
Vulnerability. Thi ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-24527 (Windows Endpoint Configuration Manager Elevation of Privilege
Vulnerab ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-24526 (Visual Studio Code Spoofing Vulnerability. ...)
NOT-FOR-US: Microsoft
CVE-2022-24525 (Windows Update Stack Elevation of Privilege Vulnerability. ...)
@@ -13656,7 +13667,7 @@ CVE-2022-24523 (Microsoft Edge (Chromium-based)
Spoofing Vulnerability. ...)
CVE-2022-24522 (Skype Extension for Chrome Information Disclosure
Vulnerability. ...)
NOT-FOR-US: Skype Extension for Chrome
CVE-2022-24521 (Windows Common Log File System Driver Elevation of Privilege
Vulnerabi ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-24520 (Azure Site Recovery Remote Code Execution Vulnerability. This
CVE ID i ...)
NOT-FOR-US: Microsoft
CVE-2022-24519 (Azure Site Recovery Elevation of Privilege Vulnerability. This
CVE ID ...)
@@ -13672,7 +13683,7 @@ CVE-2022-24515 (Azure Site Recovery Elevation of
Privilege Vulnerability. This C
CVE-2022-24514
RESERVED
CVE-2022-24513 (Visual Studio Elevation of Privilege Vulnerability. ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-24512 (.NET and Visual Studio Remote Code Execution Vulnerability.
...)
NOT-FOR-US: Microsoft .NET
CVE-2022-24511 (Microsoft Office Word Tampering Vulnerability. ...)
@@ -13698,49 +13709,49 @@ CVE-2022-24502 (Windows HTML Platforms Security
Feature Bypass Vulnerability. ..
CVE-2022-24501 (VP9 Video Extensions Remote Code Execution Vulnerability. This
CVE ID ...)
NOT-FOR-US: Microsoft
CVE-2022-24500 (Windows SMB Remote Code Execution Vulnerability. ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-24499 (Windows Installer Elevation of Privilege Vulnerability. This
CVE ID is ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-24498 (Windows iSCSI Target Service Information Disclosure
Vulnerability. ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-24497 (Windows Network File System Remote Code Execution
Vulnerability. This ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-24496 (Local Security Authority (LSA) Elevation of Privilege
Vulnerability. ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-24495 (Windows Direct Show - Remote Code Execution Vulnerability. ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-24494 (Windows Ancillary Function Driver for WinSock Elevation of
Privilege V ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-24493 (Microsoft Local Security Authority (LSA) Server Information
Disclosure ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-24492 (Remote Procedure Call Runtime Remote Code Execution
Vulnerability. Thi ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-24491 (Windows Network File System Remote Code Execution
Vulnerability. This ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-24490 (Windows Hyper-V Shared Virtual Hard Disks Information
Disclosure Vulne ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-24489 (Cluster Client Failover (CCF) Elevation of Privilege
Vulnerability. ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-24488 (Windows Desktop Bridge Elevation of Privilege Vulnerability.
...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-24487 (Windows Local Security Authority (LSA) Remote Code Execution
Vulnerabi ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-24486 (Windows Kerberos Elevation of Privilege Vulnerability. This
CVE ID is ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-24485 (Win32 File Enumeration Remote Code Execution Vulnerability.
...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-24484 (Windows Cluster Shared Volume (CSV) Denial of Service
Vulnerability. T ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-24483 (Windows Kernel Information Disclosure Vulnerability. ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-24482 (Windows ALPC Elevation of Privilege Vulnerability. This CVE ID
is uniq ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-24481 (Windows Common Log File System Driver Elevation of Privilege
Vulnerabi ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-24480
RESERVED
CVE-2022-24479 (Connected User Experiences and Telemetry Elevation of
Privilege Vulner ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-24478
RESERVED
CVE-2022-24477
@@ -13750,11 +13761,11 @@ CVE-2022-24476
CVE-2022-24475 (Microsoft Edge (Chromium-based) Elevation of Privilege
Vulnerability. ...)
NOT-FOR-US: Microsoft
CVE-2022-24474 (Windows Win32k Elevation of Privilege Vulnerability. This CVE
ID is un ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-24473 (Microsoft Excel Remote Code Execution Vulnerability. This CVE
ID is un ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-24472 (Microsoft SharePoint Server Spoofing Vulnerability. ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-24471 (Azure Site Recovery Remote Code Execution Vulnerability. This
CVE ID i ...)
NOT-FOR-US: Microsoft
CVE-2022-24470 (Azure Site Recovery Remote Code Execution Vulnerability. This
CVE ID i ...)
@@ -14250,7 +14261,7 @@ CVE-2022-0473 (OTRS administrators can configure
dynamic field and inject malici
NOT-FOR-US: OTRS
NOTE: Only affects 7.x, so won't affect znuny fork packaged in Debian
CVE-2022-24308 (Automox Agent prior to version 37 on Windows and Linux and
Version 36 ...)
- TODO: check
+ NOT-FOR-US: Automox
CVE-2022-24307 (Mastodon before 3.3.2 and 3.4.x before 3.4.6 has incorrect
access cont ...)
NOT-FOR-US: Mastodon
CVE-2022-24306 (Zoho ManageEngine SharePoint Manager Plus before 4329 allows
account t ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/ca6b38c50cf804deac2a831e7fba67a01cf9da51...21963c4f529842f713c71bca60d8fd5a68ce42d7
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/ca6b38c50cf804deac2a831e7fba67a01cf9da51...21963c4f529842f713c71bca60d8fd5a68ce42d7
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
