[Git][security-tracker-team/security-tracker][master] new zoneminder issues

Mon, 21 Nov 2022 04:55:51 -0800 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
6a51411d by Moritz Muehlenhoff at 2022-11-21T13:55:14+01:00
new zoneminder issues
new potential otrs/znuny issue

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -19545,7 +19545,7 @@ CVE-2022-39054 (Cowell enterprise travel management 
system has insufficient filt
 CVE-2022-39053 (Heimavista Rpage has insufficient filtering for platform web 
URL. An u ...)
        NOT-FOR-US: Heimavista Rpage
 CVE-2022-39052 (An external attacker is able to send a specially crafted email 
(with m ...)
-       TODO: check
+       - znuny <undetermined>
 CVE-2022-39051 (Attacker might be able to execute malicious Perl code in the 
Template  ...)
        NOT-FOR-US: OTRS
        NOTE: Could possibly affect Znuny, we'll let their security team figure 
it out
@@ -42572,9 +42572,13 @@ CVE-2022-30771 (Initialization function in PnpSmm 
could lead to SMRAM corruption
 CVE-2022-30770 (Terminalfour versions 8.3.7, 8.3.x versions prior to version 
8.3.8 and ...)
        NOT-FOR-US: Terminalfour
 CVE-2022-30769 (Session fixation exists in ZoneMinder through 1.36.12 as an 
attacker c ...)
-       TODO: check
+       - zoneminder <unfixed> (unimportant)
+       NOTE: 
https://medium.com/@dk50u1/session-fixation-in-zoneminder-up-to-v1-36-12-3c850b1fbbf3
+       NOTE: Only supported for trusted users/behind auth, see 
README.debian.security
 CVE-2022-30768 (A Stored Cross Site Scripting (XSS) issue in ZoneMinder 
1.36.12 allows ...)
-       TODO: check
+       - zoneminder <unfixed> (unimportant)
+       NOTE: 
https://medium.com/@dk50u1/stored-xss-in-zoneminder-up-to-v1-36-12-f26b4bb68c31
+       NOTE: Only supported for trusted users/behind auth, see 
README.debian.security
 CVE-2022-30767 (nfs_lookup_reply in net/nfs.c in Das U-Boot through 2022.04 
(and throu ...)
        [experimental] - u-boot 2022.07~rc4+dfsg-1
        - u-boot 2022.07+dfsg-1 (bug #1014471)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6a51411d4d617313b53ef26bbdaf2bf3ca54ed7c

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6a51411d4d617313b53ef26bbdaf2bf3ca54ed7c
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to