Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
5c46b102 by Moritz Mühlenhoff at 2022-06-20T10:07:55+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -2380,7 +2380,7 @@ CVE-2017-20054 (A vulnerability was found in XYZScripts
Contact Form Manager Plu
CVE-2017-20053 (A vulnerability was found in XYZScripts Contact Form Manager
Plugin. I ...)
NOT-FOR-US: XYZScripts Contact Form Manager Plugin
CVE-2017-20052 (A vulnerability classified as problematic was found in Python
2.7.13. ...)
- TODO: check
+ NOT-FOR-US: pgadmin on Windows
CVE-2022-2058
RESERVED
CVE-2022-2057
@@ -4519,7 +4519,7 @@ CVE-2022-32153 (Splunk Enterprise peers in Splunk
Enterprise versions before 9.0
CVE-2022-32152 (Splunk Enterprise peers in Splunk Enterprise versions before
9.0 and S ...)
NOT-FOR-US: Splunk Enterprise
CVE-2022-32151 (The httplib and urllib Python libraries that Splunk shipped
with Splun ...)
- TODO: check
+ NOT-FOR-US: Splunk
CVE-2022-32150
RESERVED
CVE-2022-32149
@@ -4563,7 +4563,7 @@ CVE-2022-1960
CVE-2022-1959
RESERVED
CVE-2022-1958 (A vulnerability classified as critical has been found in
FileCloud. Af ...)
- TODO: check
+ NOT-FOR-US: FileCloud
CVE-2022-1957
RESERVED
CVE-2022-1956
@@ -5948,7 +5948,7 @@ CVE-2022-31620 (In libjpeg before 1.64,
BitStream<false>::Get in bitstream
NOTE:
https://github.com/thorfdbg/libjpeg/commit/ef4a29a62ab48b8dc235f4af52cfd6319eda9a6a
NOTE: Crash in CLI tool, no security impact
CVE-2022-30533 (Cross-site scripting vulnerability in Modern Events Calendar
Lite vers ...)
- TODO: check
+ NOT-FOR-US: Modern Events Calendar Lite
CVE-2022-1893 (Exposure of Sensitive Information to an Unauthorized Actor in
GitHub r ...)
NOT-FOR-US: Trudesk
CVE-2022-1892
@@ -6947,7 +6947,7 @@ CVE-2022-1815 (Exposure of Sensitive Information to an
Unauthorized Actor in Git
CVE-2022-1814 (The WP Admin Style WordPress plugin through 0.1.2 does not
sanitise an ...)
NOT-FOR-US: WordPress plugin
CVE-2022-30549 (Out-of-bounds read vulnerability exists in V-Server v4.0.11.0
and earl ...)
- TODO: check
+ NOT-FOR-US: Fuji
CVE-2022-29524 (Out-of-bounds write vulnerability exists in V-Server v4.0.11.0
and ear ...)
NOT-FOR-US: Fuji
CVE-2022-29506 (Out-of-bounds read vulnerability exist in the simulator module
contain ...)
@@ -7017,7 +7017,7 @@ CVE-2022-1807
CVE-2022-1806 (Cross-site Scripting (XSS) - Reflected in GitHub repository
rtxteam/rt ...)
NOT-FOR-US: RTX
CVE-2022-31246 (paymentrequest.py in Electrum before 4.2.2 allows a file://
URL in the ...)
- TODO: check
+ NOT-FOR-US: Electrum
CVE-2022-31245 (mailcow before 2022-05d allows a remote authenticated user to
inject O ...)
NOT-FOR-US: mailcow
CVE-2022-31244
@@ -7429,7 +7429,7 @@ CVE-2022-31057
CVE-2022-31056
RESERVED
CVE-2022-31055 (kCTF is a Kubernetes-based infrastructure for capture the flag
(CTF) c ...)
- TODO: check
+ NOT-FOR-US: KCTF
CVE-2022-31054 (Argo Events is an event-driven workflow automation framework
for Kuber ...)
NOT-FOR-US: Argo
CVE-2022-31053 (Biscuit is an authentication and authorization token for
microservices ...)
@@ -7439,19 +7439,19 @@ CVE-2022-31052
CVE-2022-31051 (semantic-release is an open source npm package for automated
version m ...)
TODO: check
CVE-2022-31050 (TYPO3 is an open source web content management system. Prior
to versio ...)
- TODO: check
+ NOT-FOR-US: Typo3
CVE-2022-31049 (TYPO3 is an open source web content management system. Prior
to versio ...)
- TODO: check
+ NOT-FOR-US: Typo3
CVE-2022-31048 (TYPO3 is an open source web content management system. Prior
to versio ...)
- TODO: check
+ NOT-FOR-US: Typo3
CVE-2022-31047 (TYPO3 is an open source web content management system. Prior
to versio ...)
- TODO: check
+ NOT-FOR-US: Typo3
CVE-2022-31046 (TYPO3 is an open source web content management system. Prior
to versio ...)
- TODO: check
+ NOT-FOR-US: Typo3
CVE-2022-31045 (Istio is an open platform to connect, manage, and secure
microservices ...)
NOT-FOR-US: Istio
CVE-2022-31044 (Rundeck is an open source automation service with a web
console, comma ...)
- TODO: check
+ NOT-FOR-US: Rundesk
CVE-2022-31043 (Guzzle is an open source PHP HTTP client. In affected versions
`Author ...)
- guzzle 7.4.4-1 (bug #1012821)
NOTE:
https://github.com/guzzle/guzzle/security/advisories/GHSA-w248-ffj2-4v5q
@@ -7504,9 +7504,9 @@ CVE-2022-31026 (Trilogy is a client library for MySQL.
When authenticating, a ma
CVE-2022-31025 (Discourse is an open source platform for community discussion.
Prior t ...)
NOT-FOR-US: Discourse
CVE-2022-31024 (richdocuments is the repository for NextCloud Collabra, the
app for Ne ...)
- TODO: check
+ NOT-FOR-US: richdocuments
CVE-2022-31023 (Play Framework is a web framework for Java and Scala. Verions
prior to ...)
- TODO: check
+ NOT-FOR-US: Play Framework
CVE-2022-31022 (Bleve is a text indexing library for go. Bleve includes HTTP
utilities ...)
TODO: check
CVE-2022-31021
@@ -8102,7 +8102,7 @@ CVE-2022-30901
CVE-2022-30900
RESERVED
CVE-2022-30899 (A Cross Site Scripting vulnerabilty exists in PartKeepr 1.4.0
via the ...)
- TODO: check
+ NOT-FOR-US: PartKeepr
CVE-2022-30898 (A Cross-site request forgery (CSRF) vulnerability in Cscms
music porta ...)
NOT-FOR-US: Cscms music portal system
CVE-2022-30897
@@ -8932,7 +8932,7 @@ CVE-2022-30552 (Das U-Boot 2022.01 has a Buffer Overflow.
...)
NOTE:
https://research.nccgroup.com/2022/06/03/technical-advisory-multiple-vulnerabilities-in-u-boot-cve-2022-30790-cve-2022-30552/
NOTE: Fixed by:
https://source.denx.de/u-boot/u-boot/-/commit/b85d130ea0cac152c21ec38ac9417b31d41b5552
(v2022.07-rc4)
CVE-2022-30551 (OPC UA Legacy Java Stack 2022-04-01 allows a remote attacker
to cause ...)
- TODO: check
+ NOT-FOR-US: OPC UA Legacy Java Stack
CVE-2022-30550
RESERVED
CVE-2022-1677
@@ -9038,9 +9038,9 @@ CVE-2022-1659 (Vulnerable versions of the JupiterX Core
(<= 2.0.6) plugin reg
CVE-2022-1658 (Vulnerable versions of the Jupiter Theme (<= 6.10.1) allow
arbitrar ...)
NOT-FOR-US: Jupiter Theme
CVE-2022-1657 (Vulnerable versions of the Jupiter (<= 6.10.1) and JupiterX
(<= ...)
- TODO: check
+ NOT-FOR-US: Jupiter Theme
CVE-2022-1656 (Vulnerable versions of the JupiterX Theme (<=2.0.6) allow
any logge ...)
- TODO: check
+ NOT-FOR-US: JupiterX Theme
CVE-2022-1655
RESERVED
- horizon <unfixed>
@@ -10417,7 +10417,7 @@ CVE-2022-30051
CVE-2022-30050 (Gnuboard 5.55 and 5.56 is vulnerable to Cross Site Scripting
(XSS) via ...)
NOT-FOR-US: Gnuboard
CVE-2022-30049 (A Server-Side Request Forgery (SSRF) in Rebuild v2.8.3 allows
attacker ...)
- TODO: check
+ NOT-FOR-US: Rebuild
CVE-2022-30048 (Mingsoft MCMS 5.2.7 was discovered to contain a SQL injection
vulnerab ...)
NOT-FOR-US: Mingsoft MCMS
CVE-2022-30047 (Mingsoft MCMS v5.2.7 was discovered to contain a SQL injection
vulnera ...)
@@ -10652,7 +10652,7 @@ CVE-2022-29950 (** DISPUTED ** Experian Hunter 1.16
allows remote authenticated
CVE-2022-29949
RESERVED
CVE-2022-29948 (Due to an insecure design, the Lepin EP-KP001 flash drive
through KP00 ...)
- TODO: check
+ NOT-FOR-US: Lepin
CVE-2022-29947 (Woodpecker before 0.15.1 allows XSS via build logs because
web/src/com ...)
- woodpecker <itp> (bug #1008934)
CVE-2022-29946
@@ -10962,15 +10962,15 @@ CVE-2022-29868 (1Password for Mac 7.2.4 through 7.9.x
before 7.9.3 is vulnerable
CVE-2022-29867
RESERVED
CVE-2022-29866 (OPC UA .NET Standard Stack 1.04.368 allows a remote attacker
to exhaus ...)
- TODO: check
+ NOT-FOR-US: OPC UA .NET Standard Stack
CVE-2022-29865 (OPC UA .NET Standard Stack allows a remote attacker to bypass
the appl ...)
- TODO: check
+ NOT-FOR-US: OPC UA .NET Standard Stack
CVE-2022-29864 (OPC UA .NET Standard Stack 1.04.368 allows a remote attacker
to cause ...)
- TODO: check
+ NOT-FOR-US: OPC UA .NET Standard Stack
CVE-2022-29863 (OPC UA .NET Standard Stack 1.04.368 allows remote attacker to
cause a ...)
- TODO: check
+ NOT-FOR-US: OPC UA .NET Standard Stack
CVE-2022-29862 (An infinite loop in OPC UA .NET Standard Stack 1.04.368 allows
a remot ...)
- TODO: check
+ NOT-FOR-US: OPC UA .NET Standard Stack
CVE-2022-29861
RESERVED
CVE-2022-29860
@@ -12819,7 +12819,7 @@ CVE-2022-29259
CVE-2022-29258 (XWiki Platform Filter UI provides a generic user interface to
convert ...)
NOT-FOR-US: XWiki
CVE-2022-29257 (Electron is a framework for writing cross-platform desktop
application ...)
- TODO: check
+ - electron <itp> (bug #842420)
CVE-2022-29256 (sharp is an application for Node.js image processing. Prior to
version ...)
NOT-FOR-US: lovell/sharp
CVE-2022-29255 (Vyper is a Pythonic Smart Contract Language for the ethereum
virtual m ...)
@@ -12842,7 +12842,7 @@ CVE-2022-29248 (Guzzle is a PHP HTTP client. Guzzle
prior to versions 6.5.6 and
- guzzle 7.4.4-1 (bug #1011636)
NOTE:
https://github.com/guzzle/guzzle/security/advisories/GHSA-cwmx-hcrq-mhc3
CVE-2022-29247 (Electron is a framework for writing cross-platform desktop
application ...)
- TODO: check
+ - electron <itp> (bug #842420)
CVE-2022-29246 (Azure RTOS USBX is a USB host, device, and on-the-go (OTG)
embedded st ...)
NOT-FOR-US: Microsoft
CVE-2022-29245 (SSH.NET is a Secure Shell (SSH) library for .NET. In versions
2020.0.0 ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5c46b102730293ed7b42ccfda85293b92109d205
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5c46b102730293ed7b42ccfda85293b92109d205
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
