Neil Williams pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
df0de439 by Neil Williams at 2022-04-21T09:07:34+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -2182,7 +2182,7 @@ CVE-2022-1256 (A local privilege escalation vulnerability
in MA for Windows prio
CVE-2022-1255
RESERVED
CVE-2022-1254 (A URL redirection vulnerability in Skyhigh SWG in main releases
10.x p ...)
- TODO: check
+ NOT-FOR-US: Skyhigh SWG
CVE-2022-1253 (Heap-based Buffer Overflow in GitHub repository
strukturag/libde265 pr ...)
- libde265 <unfixed>
[stretch] - libde265 <no-dsa> (Minor issue)
@@ -12814,7 +12814,7 @@ CVE-2022-24834
CVE-2022-24833 (PrivateBin is minimalist, open source online pastebin clone
where the ...)
TODO: check
CVE-2022-24832 (GoCD is an open source a continuous delivery server. The
bundled gocd- ...)
- TODO: check
+ NOT-FOR-US: GoCD
CVE-2022-24831
RESERVED
CVE-2022-24830
@@ -12826,7 +12826,7 @@ CVE-2022-24828 (Composer is a dependency manager for
the PHP programming languag
CVE-2022-24827 (Elide is a Java library that lets you stand up a
GraphQL/JSON-API web ...)
TODO: check
CVE-2022-24826 (On Windows, if Git LFS operates on a malicious repository with
a `..ex ...)
- TODO: check
+ NOT-FOR-US: Git-for-Windows (Git fork containing Windows-specific
patches)
CVE-2022-24825 (Smokescreen is a simple HTTP proxy that fogs over naughty
URLs. The pr ...)
TODO: check
CVE-2022-24824 (Discourse is an open source platform for community discussion.
In affe ...)
@@ -13372,7 +13372,7 @@ CVE-2022-0542
CVE-2022-0541
RESERVED
CVE-2022-0540 (A vulnerability in Jira Seraph allows a remote, unauthenticated
attack ...)
- TODO: check
+ NOT-FOR-US: Jira Seraph
CVE-2022-0539 (Cross-site Scripting (XSS) - Stored in Packagist
ptrofimov/beanstalk_c ...)
NOT-FOR-US: beanstalk_console
CVE-2022-0538 (Jenkins 2.333 and earlier, LTS 2.319.2 and earlier defines
custom XStr ...)
@@ -15382,7 +15382,7 @@ CVE-2022-22987 (The affected product has a hardcoded
private key available insid
CVE-2022-21798 (The affected product is vulnerable due to cleartext
transmission of cr ...)
NOT-FOR-US: GE
CVE-2022-21154 (An integer overflow vulnerability exists in the fltSaveCMP
functionali ...)
- TODO: check
+ NOT-FOR-US: LeadTools
CVE-2022-0392 (Heap-based Buffer Overflow in GitHub repository vim prior to
8.2. ...)
- vim 2:8.2.4659-1
[bullseye] - vim <no-dsa> (Minor issue)
@@ -29170,11 +29170,11 @@ CVE-2021-43992
CVE-2021-43991 (The Kentico Xperience CMS version 13.0 – 13.0.43 is
vulnerable t ...)
NOT-FOR-US: Kentico Xperience CMS
CVE-2021-43990 (The affected product is vulnerable to a network-based attack
by threat ...)
- TODO: check
+ NOT-FOR-US: FANUC Roboguide
CVE-2021-43989 (mySCADA myPRO Versions 8.20.0 and prior stores passwords using
MD5, wh ...)
NOT-FOR-US: mySCADA myPRO
CVE-2021-43988 (The affected product is vulnerable to a network-based attack
by threat ...)
- TODO: check
+ NOT-FOR-US: FANUC Roboguide
CVE-2021-43987 (An additional, nondocumented administrative account exists in
mySCADA ...)
NOT-FOR-US: mySCADA myPRO
CVE-2021-43986 (The setup program for the affected product configures its
files and fo ...)
@@ -29639,7 +29639,7 @@ CVE-2021-43935 (The impacted products, when configured
to use SSO, are affected
CVE-2021-43934
RESERVED
CVE-2021-43933 (The affected product is vulnerable to a network-based attack
by threat ...)
- TODO: check
+ NOT-FOR-US: FANUC Roboguide
CVE-2021-43932
RESERVED
CVE-2021-43931 (The authentication algorithm of the WebHMI portal is sound,
but the im ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/df0de439f37129c72e52072217cab93fc1640092
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/df0de439f37129c72e52072217cab93fc1640092
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
