Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
1c1aa1f2 by Salvatore Bonaccorso at 2022-06-07T09:21:43+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -4785,7 +4785,7 @@ CVE-2022-30708 (Webmin through 1.991, when the Authentic
theme is used, allows r
CVE-2022-1717
RESERVED
CVE-2022-1716 (Keep My Notes v1.80.147 allows an attacker with physical access
to the ...)
- TODO: check
+ NOT-FOR-US: Keep My Notes
CVE-2022-30703
RESERVED
CVE-2022-30702
@@ -7707,7 +7707,7 @@ CVE-2022-29786
CVE-2022-29785
RESERVED
CVE-2022-29784 (PublicCMS V4.0.202204.a and below contains an information leak
via the ...)
- TODO: check
+ NOT-FOR-US: PublicCMS
CVE-2022-29783
RESERVED
CVE-2022-29782
@@ -7719,7 +7719,7 @@ CVE-2022-29780 (Nginx NJS v0.7.2 was discovered to
contain a segmentation violat
CVE-2022-29779 (Nginx NJS v0.7.2 was discovered to contain a segmentation
violation in ...)
NOT-FOR-US: njs
CVE-2022-29778 (** UNSUPPORTED WHEN ASSIGNED ** D-Link DIR-890L 1.20b01 allows
attacke ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2022-29777 (Onlyoffice Document Server v6.0.0 and below and Core 6.1.0.26
and belo ...)
NOT-FOR-US: Onlyoffice Document Server
CVE-2022-29776 (Onlyoffice Document Server v6.0.0 and below and Core 6.1.0.26
and belo ...)
@@ -7729,13 +7729,13 @@ CVE-2022-29775
CVE-2022-29774
RESERVED
CVE-2022-29773 (An access control issue in aleksis/core/util/auth_helpers.py:
ClientPr ...)
- TODO: check
+ NOT-FOR-US: AlekSIS
CVE-2022-29772
RESERVED
CVE-2022-29771
RESERVED
CVE-2022-29770 (XXL-Job v2.3.0 was discovered to contain a stored cross-site
scripting ...)
- TODO: check
+ NOT-FOR-US: XXL-Job
CVE-2022-29769
RESERVED
CVE-2022-29768
@@ -8261,13 +8261,13 @@ CVE-2022-1426 (An issue has been discovered in GitLab
affecting all versions sta
CVE-2022-1425 (The WPQA Builder Plugin WordPress plugin before 5.2, used as a
compani ...)
NOT-FOR-US: WordPress plugin
CVE-2022-1424 (The Ask me WordPress theme before 6.8.2 does not perform CSRF
checks f ...)
- TODO: check
+ NOT-FOR-US: WordPress theme
CVE-2022-1423 (Improper access control in the CI/CD cache mechanism in GitLab
CE/EE a ...)
TODO: check
CVE-2022-1422 (The Discy WordPress theme before 5.2 does not check for CSRF
tokens in ...)
- TODO: check
+ NOT-FOR-US: WordPress theme
CVE-2022-1421 (The Discy WordPress theme before 5.2 lacks CSRF checks in some
AJAX ac ...)
- TODO: check
+ NOT-FOR-US: WordPress theme
CVE-2022-1420 (Use of Out-of-range Pointer Offset in GitHub repository vim/vim
prior ...)
- vim 2:8.2.4793-1
[bullseye] - vim <no-dsa> (Minor issue)
@@ -10741,7 +10741,7 @@ CVE-2022-1243 (CRHTLF can lead to invalid protocol
extraction potentially leadin
CVE-2022-1242
RESERVED
CVE-2022-1241 (The Ask me WordPress theme before 6.8.2 does not properly
sanitise and ...)
- TODO: check
+ NOT-FOR-US: WordPress theme
CVE-2022-28796 (jbd2_journal_wait_updates in fs/jbd2/transaction.c in the
Linux kernel ...)
- linux <not-affected> (Vulnerable code not present)
NOTE:
https:/git.kernel.org/linus/cc16eecae687912238ee6efbff71ad31e2bc414e (5.18-rc1)
@@ -18157,7 +18157,7 @@ CVE-2022-26136
CVE-2022-26135
RESERVED
CVE-2022-26134 (In affected versions of Confluence Server and Data Center, an
OGNL inj ...)
- TODO: check
+ NOT-FOR-US: Atlassian Confluence Server and Data Center
CVE-2022-26133 (SharedSecretClusterAuthenticator in Atlassian Bitbucket Data
Center ve ...)
NOT-FOR-US: Atlassian Bitbucket Data Center
CVE-2022-26132
@@ -41465,7 +41465,7 @@ CVE-2021-43273 (An Out-of-bounds Read vulnerability
exists in the DGN file readi
CVE-2021-43272 (An improper handling of exceptional conditions vulnerability
exists in ...)
NOT-FOR-US: Open Design Alliance ODA Viewer
CVE-2021-43271 (Riverbed AppResponse 11.8.0, 11.8.5, 11.8.5a, 11.9.0, 11.9.0a,
11.10.0 ...)
- TODO: check
+ NOT-FOR-US: Riverbed AppResponse
CVE-2021-43270 (Datalust Seq.App.EmailPlus (aka seq-app-htmlemail)
3.1.0-dev-00148, 3. ...)
NOT-FOR-US: Datalust Seq.App.HtmlEmail (aka Seq.App.EmailPlus)
CVE-2021-43269 (In Code42 app before 8.8.0, eval injection allows an attacker
to chang ...)
@@ -46302,7 +46302,7 @@ CVE-2021-42247
CVE-2021-42246
RESERVED
CVE-2021-42245 (FlatCore-CMS 2.0.9 has a cross-site scripting (XSS)
vulnerability in p ...)
- TODO: check
+ NOT-FOR-US: FlatCore-CMS
CVE-2021-42244 (A cross-site scripting (XSS) vulnerability in PaquitoSoftware
Notimoo ...)
NOT-FOR-US: PaquitoSoftware Notimoo
CVE-2021-42243
@@ -66506,7 +66506,7 @@ CVE-2021-34081 (OS Command Injection vulnerability in
bbultman gitsome through 0
CVE-2021-34080 (OS Command Injection vulnerability in es128 ssl-utils 1.0.0
for Node.j ...)
TODO: check
CVE-2021-34079 (OS Command injection vulnerability in Mintzo Docker-Tester
through 1.2 ...)
- TODO: check
+ NOT-FOR-US: Mintzo Docker-Tester
CVE-2021-34078 (lifion-verify-dependencies through 1.1.0 is vulnerable to OS
command i ...)
TODO: check
CVE-2021-34077
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1c1aa1f2ac5505f6ea7fc98ac63568262d7dc6bd
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1c1aa1f2ac5505f6ea7fc98ac63568262d7dc6bd
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
