Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
2f4eb004 by Moritz Muehlenhoff at 2022-09-12T16:42:29+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -824,7 +824,7 @@ CVE-2022-40134
CVE-2022-40127
RESERVED
CVE-2022-38972 (Cross-site scripting vulnerability in Movable Type plugin
A-Form versi ...)
- TODO: check
+ NOT-FOR-US: Movable Type plugin
CVE-2022-3142
RESERVED
CVE-2022-3141
@@ -8418,7 +8418,7 @@ CVE-2022-37186 [Session destroyed on portal but still
valid on handlers]
NOTE: https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2758
NOTE:
https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/59c781b393947663ad3bf26bad0581413dd6fae4
(v2.0.15)
CVE-2022-37185 (SQL injection vulnerability exists in the school information
query int ...)
- TODO: check
+ NOT-FOR-US: EMS system of the Office of the Thai Basic Education
Commission
CVE-2022-37184 (The application manage_website.php on Garage Management System
1.0 is ...)
NOT-FOR-US: Garage Management System
CVE-2022-37183 (Piwigo 12.3.0 is vulnerable to Cross Site Scripting (XSS) via
/search/ ...)
@@ -9539,7 +9539,7 @@ CVE-2022-36738
CVE-2022-36737
RESERVED
CVE-2022-36736 (** DISPUTED ** Jitsi-2.10.5550 was discovered to contain a
vulnerabili ...)
- TODO: check
+ NOT-FOR-US: Disputed Jitsi issue
CVE-2022-36735 (Library Management System v1.0 was discovered to contain a SQL
injecti ...)
NOT-FOR-US: Library Management System
CVE-2022-36734 (Library Management System v1.0 was discovered to contain a SQL
injecti ...)
@@ -10811,17 +10811,17 @@ CVE-2022-36261 (An arbitrary file deletion
vulnerability was discovered in taocm
CVE-2022-36260
RESERVED
CVE-2022-36259 (A SQL injection vulnerability in ConnectionFactory.java in
sazanrjb In ...)
- TODO: check
+ NOT-FOR-US: sazanrjb InventoryManagementSystem
CVE-2022-36258 (A SQL injection vulnerability in CustomerDAO.java in sazanrjb
Inventor ...)
- TODO: check
+ NOT-FOR-US: sazanrjb InventoryManagementSystem
CVE-2022-36257 (A SQL injection vulnerability in UserDAO.java in sazanrjb
InventoryMan ...)
- TODO: check
+ NOT-FOR-US: sazanrjb InventoryManagementSystem
CVE-2022-36256 (A SQL injection vulnerability in Stocks.java in sazanrjb
InventoryMana ...)
- TODO: check
+ NOT-FOR-US: sazanrjb InventoryManagementSystem
CVE-2022-36255 (A SQL injection vulnerability in SupplierDAO.java in sazanrjb
Inventor ...)
- TODO: check
+ NOT-FOR-US: sazanrjb InventoryManagementSystem
CVE-2022-36254 (Multiple persistent cross-site scripting (XSS) vulnerabilities
in inde ...)
- TODO: check
+ NOT-FOR-US: tramyardg Hotel Management System
CVE-2022-36253
RESERVED
CVE-2022-36252
@@ -11193,7 +11193,7 @@ CVE-2022-36112
CVE-2022-36111
RESERVED
CVE-2022-36110 (Netmaker makes networks with WireGuard. Prior to version
0.15.1, Impro ...)
- TODO: check
+ NOT-FOR-US: Netmaker
CVE-2022-36109 (Moby is an open-source project created by Docker to enable
software co ...)
- docker.io <unfixed>
[bullseye] - docker.io <no-dsa> (Minor issue)
@@ -11251,15 +11251,15 @@ CVE-2022-36087 (OAuthLib is an implementation of the
OAuth request-signing logic
NOTE: Fixed by:
https://github.com/oauthlib/oauthlib/commit/5d85c61998692643dd9d17e05d2646e06ce391e8
TODO: double-check, the fix has not landed in 3.2.1 actually
CVE-2022-36086 (linked_list_allocator is an allocator usable for no_std
systems. Prior ...)
- TODO: check
+ NOT-FOR-US: linked_list_allocator
CVE-2022-36085 (Open Policy Agent (OPA) is an open source, general-purpose
policy engi ...)
NOT-FOR-US: Open Policy Agent (OPA)
CVE-2022-36084 (cruddl is software for creating a GraphQL API for a database,
using th ...)
- TODO: check
+ NOT-FOR-US: cruddl
CVE-2022-36083 (JOSE is "JSON Web Almost Everything" - JWA, JWS, JWE, JWT,
JWK, JWKS w ...)
TODO: check
CVE-2022-36082 (mangadex-downloader is a command-line tool to download manga
from Mang ...)
- TODO: check
+ NOT-FOR-US: mangadex-downloader
CVE-2022-36081 (Wikmd is a file based wiki that uses markdown. Prior to
version 1.7.1, ...)
NOT-FOR-US: Wikmd
CVE-2022-36080 (Wikmd is a file based wiki that uses markdown. Prior to
version 1.7.1, ...)
@@ -12061,7 +12061,7 @@ CVE-2022-35743
CVE-2022-35742
RESERVED
CVE-2022-2402 (The vulnerability in the driver dlpfde.sys enables a user
logged into ...)
- TODO: check
+ NOT-FOR-US: ESET
CVE-2022-2401 (Unrestricted information disclosure of all users in Mattermost
version ...)
- mattermost-server <itp> (bug #823556)
CVE-2022-2400 (External Control of File Name or Path in GitHub repository
dompdf/domp ...)
@@ -16512,11 +16512,11 @@ CVE-2022-34112 (An access control issue in the
component /api/plugin/uninstall D
CVE-2022-34111
RESERVED
CVE-2022-34110 (An issue in Micro-Star International MSI Feature Navigator
v1.0.1808.0 ...)
- TODO: check
+ NOT-FOR-US: Micro-Star
CVE-2022-34109 (An issue in Micro-Star International MSI Feature Navigator
v1.0.1808.0 ...)
- TODO: check
+ NOT-FOR-US: Micro-Star
CVE-2022-34108 (An issue in the Feature Navigator of Micro-Star International
MSI Feat ...)
- TODO: check
+ NOT-FOR-US: Micro-Star
CVE-2022-34107
RESERVED
CVE-2022-34106
@@ -21132,7 +21132,7 @@ CVE-2022-32266
CVE-2022-32265 (qDecoder before 12.1.0 does not ensure that the percent
character is f ...)
NOT-FOR-US: qDecoder
CVE-2022-32264 (** UNSUPPORTED WHEN ASSIGNED ** sys/netinet/tcp_timer.h in
FreeBSD bef ...)
- TODO: check
+ NOT-FOR-US: FreeBSD
CVE-2022-32263 (Pexip Infinity before 28.1 allows remote attackers to trigger
a softwa ...)
NOT-FOR-US: Pexip Infinity
CVE-2022-32262 (A vulnerability has been identified in SINEMA Remote Connect
Server (A ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2f4eb0041c4c7259ea2eedd4343a2a47d88ee2f9
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2f4eb0041c4c7259ea2eedd4343a2a47d88ee2f9
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
