Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
9804a0ff by Moritz Muehlenhoff at 2022-10-14T11:07:55+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -35,11 +35,11 @@ CVE-2022-3499
CVE-2022-3498
RESERVED
CVE-2022-3497 (A vulnerability was found in SourceCodester Human Resource
Management ...)
- TODO: check
+ NOT-FOR-US: SourceCodester
CVE-2022-3496 (A vulnerability was found in SourceCodester Human Resource
Management ...)
- TODO: check
+ NOT-FOR-US: SourceCodester
CVE-2022-3495 (A vulnerability has been found in SourceCodester Simple Online
Public ...)
- TODO: check
+ NOT-FOR-US: SourceCodester
CVE-2022-3494
RESERVED
CVE-2022-3493 (A vulnerability, which was classified as problematic, has been
found i ...)
@@ -365,9 +365,9 @@ CVE-2022-42785
CVE-2022-42784
RESERVED
CVE-2022-3457 (Origin Validation Error in GitHub repository ikus060/rdiffweb
prior to ...)
- TODO: check
+ - rdiffweb <itp> (bug #969974)
CVE-2022-3456 (Allocation of Resources Without Limits or Throttling in GitHub
reposit ...)
- TODO: check
+ - rdiffweb <itp> (bug #969974)
CVE-2022-3455
RESERVED
CVE-2022-3454
@@ -3347,19 +3347,19 @@ CVE-2022-41541
CVE-2022-41540
RESERVED
CVE-2022-41539 (Wedding Planner v1.0 was discovered to contain an arbitrary
file uploa ...)
- TODO: check
+ NOT-FOR-US: Wedding Planner
CVE-2022-41538 (Wedding Planner v1.0 was discovered to contain an arbitrary
file uploa ...)
- TODO: check
+ NOT-FOR-US: Wedding Planner
CVE-2022-41537
RESERVED
CVE-2022-41536 (Open Source SACCO Management System v1.0 was discovered to
contain a S ...)
- TODO: check
+ NOT-FOR-US: Open Source SACCO Management System
CVE-2022-41535 (Open Source SACCO Management System v1.0 was discovered to
contain a S ...)
- TODO: check
+ NOT-FOR-US: Open Source SACCO Management System
CVE-2022-41534 (Online Diagnostic Lab Management System v1.0 was discovered to
contain ...)
- TODO: check
+ NOT-FOR-US: Online Diagnostic Lab Management System
CVE-2022-41533 (Online Diagnostic Lab Management System v1.0 was discovered to
contain ...)
- TODO: check
+ NOT-FOR-US: Online Diagnostic Lab Management System
CVE-2022-41532 (Open Source SACCO Management System v1.0 was discovered to
contain a S ...)
NOT-FOR-US: Open Source SACCO Management System
CVE-2022-41531
@@ -3431,11 +3431,11 @@ CVE-2022-41499
CVE-2022-41498
RESERVED
CVE-2022-41497 (ClipperCMS 1.3.3 was discovered to contain a Server-Side
Request Forge ...)
- TODO: check
+ NOT-FOR-US: ClipperCMS
CVE-2022-41496 (iCMS v7.0.16 was discovered to contain a Server-Side Request
Forgery ( ...)
- TODO: check
+ NOT-FOR-US: iCMS
CVE-2022-41495 (ClipperCMS 1.3.3 was discovered to contain a Server-Side
Request Forge ...)
- TODO: check
+ NOT-FOR-US: ClipperCMS
CVE-2022-41494
RESERVED
CVE-2022-41493
@@ -3646,9 +3646,9 @@ CVE-2022-41393
CVE-2022-41392 (A cross-site scripting (XSS) vulnerability in TotalJS commit
8c2c8909 ...)
NOT-FOR-US: TotalJS CMS
CVE-2022-41391 (OcoMon v4.0 was discovered to contain a SQL injection
vulnerability vi ...)
- TODO: check
+ NOT-FOR-US: OcoMon
CVE-2022-41390 (OcoMon v4.0 was discovered to contain a SQL injection
vulnerability vi ...)
- TODO: check
+ NOT-FOR-US: OcoMon
CVE-2022-41389
RESERVED
CVE-2022-41388
@@ -8517,13 +8517,13 @@ CVE-2022-39305
CVE-2022-39304
RESERVED
CVE-2022-39303 (Ree6 is a moderation bot. This vulnerability allows
manipulation of SQ ...)
- TODO: check
+ NOT-FOR-US: Ree6
CVE-2022-39302 (Ree6 is a moderation bot. This vulnerability would allow other
server ...)
- TODO: check
+ NOT-FOR-US: Ree6
CVE-2022-39301
RESERVED
CVE-2022-39300 (node SAML is a SAML 2.0 library based on the SAML
implementation of pa ...)
- TODO: check
+ NOT-FOR-US: Node saml
CVE-2022-39299 (Passport-SAML is a SAML 2.0 authentication provider for
Passport, the ...)
NOT-FOR-US: Passport-SAML
CVE-2022-39298 (MelisFront is the engine that displays website hosted on Melis
Platfor ...)
@@ -8533,7 +8533,7 @@ CVE-2022-39297 (MelisCms provides a full CMS for Melis
Platform, including templ
CVE-2022-39296 (MelisAssetManager provides deliveries of Melis Platform's
assets locat ...)
NOT-FOR-US: MelisAssetManager
CVE-2022-39295 (Knowage is an open source suite for modern business analytics
alternat ...)
- TODO: check
+ NOT-FOR-US: Knowage
CVE-2022-39294
RESERVED
CVE-2022-39293 (Azure RTOS USBX is a high-performance USB host, device, and
on-the-go ...)
@@ -8589,7 +8589,7 @@ CVE-2022-39280 (dparse is a parser for Python dependency
files. dparse in versio
CVE-2022-39279 (discourse-chat is a plugin for the Discourse message board
which adds ...)
NOT-FOR-US: discourse-chat plugin for Discourse
CVE-2022-39278 (Istio is an open platform-independent service mesh that
provides traff ...)
- TODO: check
+ NOT-FOR-US: Istio
CVE-2022-39277
RESERVED
CVE-2022-39276
@@ -8721,7 +8721,7 @@ CVE-2022-39231 (Parse Server is an open source backend
that can be deployed to a
CVE-2022-39230 (fhir-works-on-aws-authz-smart is an implementation of the
authorizatio ...)
NOT-FOR-US: fhir-works-on-aws-authz-smart
CVE-2022-39229 (Grafana is an open source data visualization platform for
metrics, log ...)
- TODO: check
+ - grafana <removed>
CVE-2022-39228
RESERVED
CVE-2022-39227 (python-jwt is a module for generating and verifying JSON Web
Tokens. V ...)
@@ -8785,7 +8785,7 @@ CVE-2022-39203 (matrix-appservice-irc is an open source
Node.js IRC bridge for M
CVE-2022-39202 (matrix-appservice-irc is an open source Node.js IRC bridge for
Matrix. ...)
NOT-FOR-US: matrix-appservice-irc
CVE-2022-39201 (Grafana is an open source observability and data visualization
platfor ...)
- TODO: check
+ - grafana <removed>
CVE-2022-39200 (Dendrite is a Matrix homeserver written in Go. In affected
versions ev ...)
NOT-FOR-US: Dendrite
CVE-2022-39199
@@ -12024,7 +12024,7 @@ CVE-2022-2782
CVE-2022-2781 (In affected versions of Octopus Server it was identified that
the same ...)
NOT-FOR-US: Octopus
CVE-2022-2780 (In affected versions of Octopus Server it is possible to use
the Git C ...)
- TODO: check
+ NOT-FOR-US: Octopus
CVE-2022-2779 (A vulnerability classified as critical was found in
SourceCodester Gas ...)
NOT-FOR-US: SourceCodester Gas Agency Management System
CVE-2022-2778 (In affected versions of Octopus Deploy it is possible to bypass
rate l ...)
@@ -13339,7 +13339,7 @@ CVE-2022-37616 (A prototype pollution vulnerability
exists in the function copy
CVE-2022-37615
RESERVED
CVE-2022-37614 (Prototype pollution vulnerability in function enable in
mockery.js in ...)
- TODO: check
+ NOT-FOR-US: Node mockery
CVE-2022-37613
RESERVED
CVE-2022-37612
@@ -15543,9 +15543,9 @@ CVE-2022-36805
CVE-2022-36804 (Multiple API endpoints in Atlassian Bitbucket Server and Data
Center 7 ...)
NOT-FOR-US: Atlassian
CVE-2022-36803 (The MasterUserEdit API in Atlassian Jira Align Server before
version 1 ...)
- TODO: check
+ NOT-FOR-US: Atlassian
CVE-2022-36802 (The ManageJiraConnectors API in Atlassian Jira Align before
version 10 ...)
- TODO: check
+ NOT-FOR-US: Atlassian
CVE-2022-36801 (Affected versions of Atlassian Jira Server and Data Center
allow anony ...)
NOT-FOR-US: Atlassian
CVE-2022-36800 (Affected versions of Atlassian Jira Service Management Server
and Data ...)
@@ -17727,7 +17727,7 @@ CVE-2022-35945 (GLPI stands for Gestionnaire Libre de
Parc Informatique and is a
- glpi <removed> (unimportant)
NOTE: Only supported behind an authenticated HTTP zone
CVE-2022-35944 (October is a self-hosted Content Management System (CMS)
platform base ...)
- TODO: check
+ NOT-FOR-US: October CMS
CVE-2022-35943 (Shield is an authentication and authorization framework for
CodeIgnite ...)
- codeigniter <itp> (bug #471583)
CVE-2022-35942 (Improper input validation on the `contains` LoopBack filter
may allow ...)
@@ -18576,9 +18576,9 @@ CVE-2022-35614
CVE-2022-35613
RESERVED
CVE-2022-35612 (A cross-site scripting (XSS) vulnerability in MQTTRoute v3.3
and below ...)
- TODO: check
+ NOT-FOR-US: MQTTRoute
CVE-2022-35611 (A Cross-Site Request Forgery (CSRF) in MQTTRoute v3.3 and
below allows ...)
- TODO: check
+ NOT-FOR-US: MQTTRoute
CVE-2022-35610
RESERVED
CVE-2022-35609
@@ -19834,11 +19834,11 @@ CVE-2022-35138
CVE-2022-35137 (DGIOT Lightweight industrial IoT v4.5.4 was discovered to
contain mult ...)
NOT-FOR-US: DGIOT Lightweight industrial IoT
CVE-2022-35136 (Boodskap IoT Platform v4.4.9-02 allows attackers to make
unauthenticat ...)
- TODO: check
+ NOT-FOR-US: Boodskap IoT Platform
CVE-2022-35135 (Boodskap IoT Platform v4.4.9-02 allows attackers to escalate
privilege ...)
- TODO: check
+ NOT-FOR-US: Boodskap IoT Platform
CVE-2022-35134 (Boodskap IoT Platform v4.4.9-02 contains a cross-site
scripting (XSS) ...)
- TODO: check
+ NOT-FOR-US: Boodskap IoT Platform
CVE-2022-35133 (A cross-site scripting (XSS) vulnerability in CherryTree
v0.99.30 allo ...)
- cherrytree <not-affected> (No vulnerable version ever uploaded,
introduced in 0.99.44 and fixed in 0.99.45)
NOTE:
https://drive.google.com/file/d/1Pidkh2MAQkue81dS7SI-d16Vun_s5tot/view?usp=sharing
@@ -22982,9 +22982,9 @@ CVE-2022-34024 (Barangay Management System v1.0 was
discovered to contain an arb
CVE-2022-34023 (Barangay Management System v1.0 was discovered to contain a
SQL inject ...)
NOT-FOR-US: Barangay Management System
CVE-2022-34022 (SQL injection vulnerability in ResIOT IOT Platform + LoRaWAN
Network S ...)
- TODO: check
+ NOT-FOR-US: ResIOT IOT Platform
CVE-2022-34021 (Multiple Cross Site Scripting (XSS) vulnerabilities in ResIOT
IOT Plat ...)
- TODO: check
+ NOT-FOR-US: ResIOT IOT Platform
CVE-2022-34020 (Cross Site Request Forgery (CSRF) vulnerability in ResIOT
ResIOT IOT P ...)
NOT-FOR-US: DellResIOT
CVE-2022-34019
@@ -27784,7 +27784,7 @@ CVE-2022-32179
CVE-2022-32178
RESERVED
CVE-2022-32177 (In "Gin-Vue-Admin", versions v2.5.1 through v2.5.3beta are
vulnerable ...)
- TODO: check
+ NOT-FOR-US: Gin-Vue-Admin
CVE-2022-32176
RESERVED
CVE-2022-32175 (In AdGuardHome, versions v0.95 through v0.108.0-b.13 are
vulnerable to ...)
@@ -30799,7 +30799,7 @@ CVE-2022-31132 (Nextcloud Mail is an email application
for the nextcloud persona
CVE-2022-31131 (Nextcloud mail is a Mail app for the Nextcloud home server
product. Ve ...)
NOT-FOR-US: Nextcloud Mail app
CVE-2022-31130 (Grafana is an open source observability and data visualization
platfor ...)
- TODO: check
+ - grafana <removed>
CVE-2022-31129 (moment is a JavaScript date library for parsing, validating,
manipulat ...)
- node-moment 2.29.4+ds-1 (bug #1014845)
[bullseye] - node-moment 2.29.1+ds-2+deb11u2
@@ -30818,7 +30818,7 @@ CVE-2022-31125 (Roxy-wi is an open source web interface
for managing Haproxy, Ng
CVE-2022-31124 (openssh_key_parser is an open source Python package providing
utilitie ...)
NOT-FOR-US: openssh_key_parser
CVE-2022-31123 (Grafana is an open source observability and data visualization
platfor ...)
- TODO: check
+ - grafana <removed>
CVE-2022-31122
RESERVED
CVE-2022-31121 (Hyperledger Fabric is a permissioned distributed ledger
framework. In ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9804a0ff7080d556eb84adcb3209b2a7a3df2420
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9804a0ff7080d556eb84adcb3209b2a7a3df2420
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
