Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits: 38d0fa6b by Moritz Muehlenhoff at 2022-07-23T20:00:17+02:00 NFUs - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,7 +1,7 @@ CVE-2022-36415 (A DLL hijacking vulnerability exists in the uninstaller in Scooter Bey ...) - TODO: check + NOT-FOR-US: Scooter Beyond Compare CVE-2022-36414 (There is an elevation of privilege breakout vulnerability in the Windo ...) - TODO: check + NOT-FOR-US: Scooter Beyond Compare CVE-2022-36413 RESERVED CVE-2022-36412 @@ -13,7 +13,7 @@ CVE-2022-36410 CVE-2022-36409 RESERVED CVE-2022-36408 (PrestaShop 1.6.0.10 through 1.7.x before 1.7.8.2 allows remote attacke ...) - TODO: check + NOT-FOR-US: PrestaShop CVE-2022-36398 RESERVED CVE-2022-36396 @@ -35,7 +35,7 @@ CVE-2022-34153 CVE-2022-34147 RESERVED CVE-2022-31137 (Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Kee ...) - TODO: check + NOT-FOR-US: Roxy-WI CVE-2022-2522 RESERVED CVE-2022-2521 @@ -3430,11 +3430,11 @@ CVE-2022-34985 CVE-2022-34984 RESERVED CVE-2022-34983 (The scu-captcha package in PyPI v0.0.1 to v0.0.4 included a code execu ...) - TODO: check + NOT-FOR-US: scu-captchaC CVE-2022-34982 (The eziod package in PyPI before v0.0.1 included a code execution back ...) - TODO: check + NOT-FOR-US: eziod CVE-2022-34981 (The PyCrowdTangle package in PyPI before v0.0.1 included a code execut ...) - TODO: check + NOT-FOR-US: PyCrowdTangle CVE-2022-34980 RESERVED CVE-2022-34979 @@ -4750,7 +4750,7 @@ CVE-2022-34511 CVE-2022-34510 RESERVED CVE-2022-34509 (The wikifaces package in PyPI v1.0 included a code execution backdoor ...) - TODO: check + NOT-FOR-US: wikifaces CVE-2022-34508 RESERVED CVE-2022-34507 @@ -4766,9 +4766,9 @@ CVE-2022-34503 (QPDF v8.4.2 was discovered to contain a heap buffer overflow via CVE-2022-34502 (Radare2 v5.7.0 was discovered to contain a heap buffer overflow via th ...) TODO: check CVE-2022-34501 (The bin-collection package in PyPI before v0.1 included a code executi ...) - TODO: check + NOT-FOR-US: bin-collection CVE-2022-34500 (The bin-collect package in PyPI before v0.1 included a code execution ...) - TODO: check + NOT-FOR-US: bin-collect CVE-2022-34499 RESERVED CVE-2022-34498 @@ -5906,13 +5906,13 @@ CVE-2022-34117 CVE-2022-34116 RESERVED CVE-2022-34115 (Dataease v1.11.1 was discovered to contain a SQL injection vulnerabili ...) - TODO: check + NOT-FOR-US: Dataease CVE-2022-34114 (Dataease v1.11.1 was discovered to contain a SQL injection vulnerabili ...) - TODO: check + NOT-FOR-US: Dataease CVE-2022-34113 (An issue in the component /api/plugin/upload of Dataease v1.11.1 allow ...) - TODO: check + NOT-FOR-US: Dataease CVE-2022-34112 (An access control issue in the component /api/plugin/uninstall Dataeas ...) - TODO: check + NOT-FOR-US: Dataease CVE-2022-34111 RESERVED CVE-2022-34110 @@ -12759,57 +12759,57 @@ CVE-2022-31538 (The joaopedro-fg/mp-m08-interface repository through 2020-12-10 CVE-2022-31537 (The jmcginty15/Solar-system-simulator repository through 2021-07-26 on ...) NOT-FOR-US: jmcginty15/Solar-system-simulator CVE-2022-31536 (The jaygarza1982/ytdl-sync repository through 2021-01-02 on GitHub all ...) - TODO: check + NOT-FOR-US: jaygarza1982/ytdl-sync CVE-2022-31535 (The freefood89/Fishtank repository through 2015-06-24 on GitHub allows ...) - TODO: check + NOT-FOR-US: freefood89/Fishtank CVE-2022-31534 (The echoleegroup/PythonWeb repository through 2018-10-31 on GitHub all ...) - TODO: check + NOT-FOR-US: echoleegroup/PythonWeb CVE-2022-31533 (The decentraminds/umbral repository through 2020-01-15 on GitHub allow ...) - TODO: check + NOT-FOR-US: decentraminds/umbral CVE-2022-31532 (The dankolbman/travel_blahg repository through 2016-01-16 on GitHub al ...) - TODO: check + NOT-FOR-US: dankolbman/travel_blahg CVE-2022-31531 (The dainst/cilantro repository through 0.0.4 on GitHub allows absolute ...) - TODO: check + NOT-FOR-US: dainst/cilantro CVE-2022-31530 (The csm-aut/csm repository through 3.5 on GitHub allows absolute path ...) - TODO: check + NOT-FOR-US: csm-aut/csm CVE-2022-31529 (The cinemaproject/monorepo repository through 2021-03-03 on GitHub all ...) - TODO: check + NOT-FOR-US: cinemaproject/monorepo CVE-2022-31528 (The bonn-activity-maps/bam_annotation_tool repository through 2021-08- ...) - TODO: check + NOT-FOR-US: bonn-activity-maps/bam_annotation_tool CVE-2022-31527 (The Wildog/flask-file-server repository through 2020-02-20 on GitHub a ...) - TODO: check + NOT-FOR-US: Wildog/flask-file-server CVE-2022-31526 (The ThundeRatz/ThunderDocs repository through 2020-05-01 on GitHub all ...) - TODO: check + NOT-FOR-US: ThundeRatz/ThunderDocs CVE-2022-31525 (The SummaLabs/DLS repository through 0.1.0 on GitHub allows absolute p ...) - TODO: check + NOT-FOR-US: SummaLabs/DLS CVE-2022-31524 (The PureStorage-OpenConnect/swagger repository through 1.1.5 on GitHub ...) - TODO: check + NOT-FOR-US: PureStorage-OpenConnect/swagger CVE-2022-31523 (The PaddlePaddle/Anakin repository through 0.1.1 on GitHub allows abso ...) - TODO: check + NOT-FOR-US: PaddlePaddle/Anakin CVE-2022-31522 (The NotVinay/karaokey repository through 2019-12-11 on GitHub allows a ...) - TODO: check + NOT-FOR-US: NotVinay/karaokey CVE-2022-31521 (The Niyaz-Mohamed/mosaic repository through 1.0.0 on GitHub allows abs ...) - TODO: check + NOT-FOR-US: Niyaz-Mohamed/mosaic CVE-2022-31520 (The Luxas98/logstash-management-api repository through 2020-05-04 on G ...) - TODO: check + NOT-FOR-US: Luxas98/logstash-management-api CVE-2022-31519 (The Lukasavicus/WindMill repository through 1.0 on GitHub allows absol ...) - TODO: check + NOT-FOR-US: Lukasavicus/WindMill CVE-2022-31518 (The JustAnotherSoftwareDeveloper/Python-Recipe-Database repository thr ...) - TODO: check + NOT-FOR-US: JustAnotherSoftwareDeveloper/Python-Recipe-Database CVE-2022-31517 (The HolgerGraef/MSM repository through 2021-04-20 on GitHub allows abs ...) - TODO: check + NOT-FOR-US: HolgerGraef/MSM CVE-2022-31516 (The Harveyzyh/Python repository through 2022-05-04 on GitHub allows ab ...) - TODO: check + NOT-FOR-US: Harveyzyh/Python CVE-2022-31515 (The Delor4/CarceresBE repository through 1.0 on GitHub allows absolute ...) - TODO: check + NOT-FOR-US: Delor4/CarceresBE CVE-2022-31514 (The Caoyongqi912/Fan_Platform repository through 2021-04-20 on GitHub ...) - TODO: check + NOT-FOR-US: Caoyongqi912/Fan_Platform CVE-2022-31513 (The BolunHan/Krypton repository through 2021-06-03 on GitHub allows ab ...) - TODO: check + NOT-FOR-US: BolunHan/Krypton CVE-2022-31512 (The Atom02/flask-mvc repository through 2020-09-14 on GitHub allows ab ...) - TODO: check + NOT-FOR-US: Atom02/flask-mvc CVE-2022-31511 (The AFDudley/equanimity repository through 2014-04-23 on GitHub allows ...) - TODO: check + NOT-FOR-US: AFDudley/equanimity CVE-2022-31510 (The sergeKashkin/Simple-RAT repository before 2022-05-03 on GitHub all ...) TODO: check CVE-2022-31509 (The iedadata/usap-dc-website repository through 1.0.1 on GitHub allows ...) @@ -13629,7 +13629,7 @@ CVE-2022-31164 (Tovy is a a staff management system for Roblox groups. A vulnera CVE-2022-31163 (TZInfo is a Ruby library that provides access to time zone data and al ...) TODO: check CVE-2022-31162 (Slack Morphism is an async client library for Rust. Prior to 0.41.0, i ...) - TODO: check + NOT-FOR-US: Slack Morphism CVE-2022-31161 (Roxy-WI is a Web interface for managing HAProxy, Nginx and Keepalived ...) NOT-FOR-US: Roxy-WI CVE-2022-31160 (jQuery UI is a curated set of user interface interactions, effects, wi ...) @@ -13677,7 +13677,7 @@ CVE-2022-31142 (@fastify/bearer-auth is a Fastify plugin to require bearer Autho CVE-2022-31141 RESERVED CVE-2022-31140 (Valinor is a PHP library that helps to map any input into a strongly-t ...) - TODO: check + NOT-FOR-US: Valinor (different from src:valinor) CVE-2022-31139 (UnsafeAccessor (UA) is a bridge to access jdk.internal.misc.Unsafe &am ...) NOT-FOR-US: UnsafeAccessor CVE-2022-31138 (mailcow is a mailserver suite. Prior to mailcow-dockerized version 202 ...) @@ -13712,7 +13712,7 @@ CVE-2022-31126 (Roxy-wi is an open source web interface for managing Haproxy, Ng CVE-2022-31125 (Roxy-wi is an open source web interface for managing Haproxy, Nginx, A ...) NOT-FOR-US: Roxy-wi CVE-2022-31124 (openssh_key_parser is an open source Python package providing utilitie ...) - TODO: check + NOT-FOR-US: openssh_key_parser CVE-2022-31123 RESERVED CVE-2022-31122 @@ -13738,7 +13738,7 @@ CVE-2022-31116 (UltraJSON is a fast JSON encoder and decoder written in pure C w NOTE: https://github.com/ultrajson/ultrajson/security/advisories/GHSA-wpqr-jcpx-745r NOTE: https://github.com/ultrajson/ultrajson/commit/67ec07183342589d602e0fcf7bb1ff3e19272687 (5.4.0) CVE-2022-31115 (opensearch-ruby is a community-driven, open source fork of elasticsear ...) - TODO: check + NOT-FOR-US: opensearch-ruby CVE-2022-31114 RESERVED CVE-2022-31113 (Canarytokens is an open source tool which helps track activity and act ...) @@ -15191,7 +15191,7 @@ CVE-2022-30629 CVE-2022-30628 (It was possible to download all receipts without authentication. Must ...) NOT-FOR-US: Supersmart.me CVE-2022-30627 (This vulnerability affects all of the company's products that also inc ...) - TODO: check + NOT-FOR-US: Chcnav CVE-2022-30626 (Browsing the path: http://ip/wifi_ap_pata_get.cmd, will show in the na ...) TODO: check CVE-2022-30625 (Directory listing is a web server function that displays the directory ...) @@ -15350,7 +15350,7 @@ CVE-2022-30593 CVE-2022-30592 (liblsquic/lsquic_qenc_hdl.c in LiteSpeed QUIC (aka LSQUIC) before 3.1. ...) NOT-FOR-US: LiteSpeed QUIC (aka LSQUIC) CVE-2022-30591 (** DISPUTED ** quic-go through 0.27.0 allows remote attackers to cause ...) - TODO: check + NOT-FOR-US: quic-go CVE-2022-30590 RESERVED CVE-2022-30589 @@ -15619,7 +15619,7 @@ CVE-2022-1648 CVE-2022-1647 (The FormCraft WordPress plugin before 1.2.6 does not sanitise and esca ...) NOT-FOR-US: WordPress plugin CVE-2022-30526 (A privilege escalation vulnerability was identified in the CLI command ...) - TODO: check + NOT-FOR-US: Zyxel CVE-2022-30525 (A OS command injection vulnerability in the CGI program of Zyxel USG F ...) NOT-FOR-US: Zyxel CVE-2022-1646 (The Simple Real Estate Pack WordPress plugin through 1.4.8 does not sa ...) @@ -17156,7 +17156,6 @@ CVE-2022-29971 (An argument injection vulnerability in the browser-based authent CVE-2022-29970 (Sinatra before 2.2.0 does not validate that the expanded path matches ...) - ruby-sinatra <unfixed> (bug #1014717) NOTE: https://github.com/sinatra/sinatra/commit/462c3ca1db53ed3cfc394cf5948e9c948ad1c10e (v2.2.0) - TODO: check where issue is introduced CVE-2022-29969 (The RSS extension before 2022-04-29 for MediaWiki allows XSS via an rs ...) NOT-FOR-US: RSS extension for MediaWiki CVE-2022-29968 (An issue was discovered in the Linux kernel through 5.17.5. io_rw_init ...) @@ -17603,7 +17602,7 @@ CVE-2022-29836 CVE-2022-29835 RESERVED CVE-2022-29834 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...) - TODO: check + NOT-FOR-US: ICONICS CVE-2022-29833 RESERVED CVE-2022-29832 @@ -24671,7 +24670,7 @@ CVE-2022-27436 (A cross-site scripting (XSS) vulnerability in /public/admin/inde CVE-2022-27435 (An unrestricted file upload at /public/admin/index.php?add_product of ...) NOT-FOR-US: ashymuzuro/Full-Ecommece-Website CVE-2022-27434 (UNIT4 TETA Mobile Edition (ME) before 29.5.HF17 was discovered to cont ...) - TODO: check + NOT-FOR-US: UNIT4 CVE-2022-27433 RESERVED CVE-2022-27432 (A Cross-Site Request Forgery (CSRF) in Pluck CMS v4.7.15 allows attack ...) @@ -29047,7 +29046,7 @@ CVE-2022-25324 (All versions of package bignum are vulnerable to Denial of Servi CVE-2022-25304 RESERVED CVE-2022-25303 (The package whoogle-search before 0.7.2 are vulnerable to Cross-site S ...) - TODO: check + NOT-FOR-US: whoogle-search CVE-2022-25302 RESERVED CVE-2022-25301 (All versions of package jsgui-lang-essentials are vulnerable to Protot ...) @@ -37026,7 +37025,7 @@ CVE-2022-23440 (A use of hard-coded cryptographic key vulnerability [CWE-321] in CVE-2022-23439 RESERVED CVE-2022-23438 (An improper neutralization of input during web page generation ('Cross ...) - TODO: check + NOT-FOR-US: Fortinet CVE-2022-23437 (There's a vulnerability within the Apache Xerces Java (XercesJ) XML pa ...) - libxerces2-java <unfixed> [bullseye] - libxerces2-java <postponed> (revisit when/if fix is complete) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/38d0fa6b818c5d814198f95ed5d32c2fb3d15db4 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/38d0fa6b818c5d814198f95ed5d32c2fb3d15db4 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits