Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
cfd15d6c by Moritz Muehlenhoff at 2022-09-05T10:18:07+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -84,7 +84,7 @@ CVE-2022-3120
CVE-2022-3119
RESERVED
CVE-2022-3118 (A vulnerability was found in Sourcecodehero ERP System Project.
It has ...)
- NOT-FOR-US: qSourcecodehero ERP System Project
+ NOT-FOR-US: Sourcecodehero ERP System Project
CVE-2022-39808
RESERVED
CVE-2022-39807
@@ -8016,7 +8016,7 @@ CVE-2022-36749 (RPi-Jukebox-RFID v2.3.0 was discovered to
contain a command inje
CVE-2022-36748 (PicUploader v2.6.3 was discovered to contain a cross-site
scripting (X ...)
NOT-FOR-US: PicUploader
CVE-2022-36747 (Razor v0.8.0 was discovered to contain a cross-site scripting
(XSS) vu ...)
- TODO: check
+ NOT-FOR-US: Cobub Razor
CVE-2022-36746 (LibreNMS v22.6.0 was discovered to contain a cross-site
scripting (XSS ...)
NOT-FOR-US: LibreNMS
CVE-2022-36745 (LibreNMS v22.6.0 was discovered to contain a cross-site
scripting (XSS ...)
@@ -8235,7 +8235,6 @@ CVE-2022-36640 (** DISPUTED ** influxData influxDB before
v1.8.10 contains no au
- influxdb <unfixed> (unimportant)
NOTE: If InfluxDB is deployed on publicly accessible endpoint, it is
recommended
NOTE: to enable authentication.
- TODO: check, research on fixing commits in 1.8.10
CVE-2022-36639 (A stored cross-site scripting (XSS) vulnerability in
/client.php of Ga ...)
NOT-FOR-US: Garage Management System
CVE-2022-36638 (An access control issue in the component print.php of Garage
Managemen ...)
@@ -8327,7 +8326,7 @@ CVE-2022-36596
CVE-2022-36595
RESERVED
CVE-2022-36594 (Mapper v4.0.0 to v4.2.0 was discovered to contain a SQL
injection vuln ...)
- TODO: check
+ NOT-FOR-US: MyBatis Mapper
CVE-2022-36593 (kkFileView v4.0.0 was discovered to contain an arbitrary file
deletion ...)
NOT-FOR-US: kkFileView
CVE-2022-36592
@@ -8473,7 +8472,7 @@ CVE-2022-36523 (D-Link Go-RT-AC750 GORTAC750_revA_v101b03
& GO-RT-AC750_revB
CVE-2022-36522 (Mikrotik RouterOs through stable v6.48.3 was discovered to
contain an ...)
NOT-FOR-US: Mikrotik
CVE-2022-36521 (Insecure permissions in cskefu v7.0.1 allows unauthenticated
attackers ...)
- TODO: check
+ NOT-FOR-US: cskefu
CVE-2022-36520 (H3C GR-1200W MiniGRW1A0V100R006 was discovered to contain a
stack over ...)
NOT-FOR-US: H3C
CVE-2022-36519 (H3C GR-1200W MiniGRW1A0V100R006 was discovered to contain a
stack over ...)
@@ -9825,7 +9824,7 @@ CVE-2022-36048 (Zulip is an open-source team
collaboration tool with topic-based
CVE-2022-36047
RESERVED
CVE-2022-36046 (Next.js is a React framework that can provide building blocks
to creat ...)
- TODO: check
+ NOT-FOR-US: Next.js
CVE-2022-36045 (NodeBB Forum Software is powered by Node.js and supports
either Redis, ...)
NOT-FOR-US: NodeBB
CVE-2022-36044
@@ -9845,11 +9844,11 @@ CVE-2022-36038
CVE-2022-36037 (kirby is a content management system (CMS) that adapts to many
differe ...)
NOT-FOR-US: Kirby CMS
CVE-2022-36036 (mdx-mermaid provides plug and play access to Mermaid in MDX.
There is ...)
- TODO: check
+ NOT-FOR-US: mdx-mermaid
CVE-2022-36035 (Flux is a tool for keeping Kubernetes clusters in sync with
sources of ...)
NOT-FOR-US: Flux
CVE-2022-36034 (nitrado.js is a type safe wrapper for the Nitrado API.
Possible ReDoS ...)
- TODO: check
+ NOT-FOR-US: nitrado.js
CVE-2022-36033 (jsoup is a Java HTML parser, built for HTML editing, cleaning,
scrapin ...)
- jsoup 1.15.3-1 (bug #1018931)
[bullseye] - jsoup <no-dsa> (Minor issue, preserveRelativeLinks option
is disabled by default)
@@ -38074,7 +38073,7 @@ CVE-2022-25924
CVE-2022-25923
RESERVED
CVE-2022-25921 (All versions of package morgan-json are vulnerable to
Arbitrary Code E ...)
- TODO: check
+ NOT-FOR-US: Node morgan-json
CVE-2022-25919
RESERVED
CVE-2022-25918
@@ -38100,7 +38099,7 @@ CVE-2022-25906
CVE-2022-25904
RESERVED
CVE-2022-25903 (The package opcua from 0.0.0 are vulnerable to Denial of
Service (DoS) ...)
- TODO: check
+ NOT-FOR-US: Rust crate opcua
CVE-2022-25902
RESERVED
CVE-2022-25901
@@ -38131,7 +38130,7 @@ CVE-2022-25891 (The package
github.com/containrrr/shoutrrr/pkg/util before 0.6.0
CVE-2022-25890
RESERVED
CVE-2022-25888 (The package opcua from 0.0.0 are vulnerable to Denial of
Service (DoS) ...)
- TODO: check
+ NOT-FOR-US: Rust crate opcua
CVE-2022-25887 (The package sanitize-html before 2.7.1 are vulnerable to
Regular Expre ...)
TODO: check
CVE-2022-25886
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cfd15d6c2facea0d8e7980452cb7d7f104f3f412
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cfd15d6c2facea0d8e7980452cb7d7f104f3f412
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
