Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
7a759aab by Moritz Muehlenhoff at 2023-02-20T17:23:09+01:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -46581,7 +46581,7 @@ CVE-2020-36565 (Due to improper sanitization of user
input on Windows, the stati
NOTE:
https://github.com/labstack/echo/commit/4422e3b66b9fd498ed1ae1d0242d660d0ed3faaa
NOTE: https://pkg.go.dev/vuln/GO-2021-0051
CVE-2020-36564 (Due to improper validation of caller input, validation is
silently dis ...)
- TODO: check
+ NOT-FOR-US: nosurf
CVE-2020-36563 (XML Digital Signatures generated and validated using this
package use ...)
TODO: check
CVE-2019-25075 (HTML injection combined with path traversal in the Email
service in Gr ...)
@@ -46623,7 +46623,7 @@ CVE-2022-2574 (The Meks Easy Social Share WordPress
plugin before 1.2.8 does not
CVE-2022-2573
RESERVED
CVE-2020-36562 (Due to unchecked type assertions, maliciously crafted messages
can cau ...)
- TODO: check
+ NOT-FOR-US: shiyanhui/dht
CVE-2020-36561 (Due to improper path santization, archives containing relative
file pa ...)
TODO: check
CVE-2020-36560 (Due to improper path santization, archives containing relative
file pa ...)
@@ -58194,7 +58194,7 @@ CVE-2022-32667
CVE-2022-32666
RESERVED
CVE-2022-32665 (In Boa, there is a possible command injection due to improper
input va ...)
- TODO: check
+ NOT-FOR-US: MediaTek
CVE-2022-32664 (In Config Manager, there is a possible command injection due
to improp ...)
NOT-FOR-US: MediaTek
CVE-2022-32663 (In Wi-Fi driver, there is a possible system crash due to null
pointer ...)
@@ -77953,17 +77953,17 @@ CVE-2022-25914 (The package
com.google.cloud.tools:jib-core before 0.22.0 are vu
CVE-2022-25913
RESERVED
CVE-2022-25912 (The package simple-git before 3.15.0 are vulnerable to Remote
Code Exe ...)
- TODO: check
+ NOT-FOR-US: Node simple-git
CVE-2022-25911
RESERVED
CVE-2022-25910
RESERVED
CVE-2022-25908 (All versions of the package create-choo-electron are
vulnerable to Com ...)
- TODO: check
+ NOT-FOR-US: create-choo-electron stability
CVE-2022-25907 (The package ts-deepmerge before 2.0.2 are vulnerable to
Prototype Poll ...)
NOT-FOR-US: voodoocreation/ts-deepmerge
CVE-2022-25906 (All versions of the package is-http2 are vulnerable to Command
Injecti ...)
- TODO: check
+ NOT-FOR-US: Node is-http2
CVE-2022-25904 (All versions of package safe-eval are vulnerable to Prototype
Pollutio ...)
TODO: check
CVE-2022-25903 (The package opcua from 0.0.0 are vulnerable to Denial of
Service (DoS) ...)
@@ -77986,9 +77986,9 @@ CVE-2022-25896 (This affects the package passport
before 0.6.0. When a user logs
NOTE: https://github.com/jaredhanson/passport/pull/900
NOTE: https://snyk.io/vuln/SNYK-JS-PASSPORT-2840631
CVE-2022-25895 (All versions of package lite-dev-server are vulnerable to
Directory Tr ...)
- TODO: check
+ NOT-FOR-US: Node lite-dev-server
CVE-2022-25894 (All versions of the package com.bstek.uflo:uflo-core are
vulnerable to ...)
- TODO: check
+ NOT-FOR-US: com.bstek.uflo:uflo-core
CVE-2022-25893 (The package vm2 before 3.9.10 are vulnerable to Arbitrary Code
Executi ...)
NOT-FOR-US: Node vm2
CVE-2022-25892 (The package muhammara before 2.6.1, from 3.0.0 and before
3.1.1; all v ...)
@@ -81842,7 +81842,7 @@ CVE-2022-0554 (Use of Out-of-range Pointer Offset in
GitHub repository vim/vim p
NOTE:
https://github.com/vim/vim/commit/e3537aec2f8d6470010547af28dcbd83d41461b8
(v8.2.4327)
NOTE: Crash in CLI tool, no security impact
CVE-2022-0553 (There is no check to see if slot 0 is being uploaded from the
device t ...)
- TODO: check
+ NOT-FOR-US: Zephyr
CVE-2022-0552 (A flaw was found in the original fix for the netty-codec-http
CVE-2021 ...)
NOT-FOR-US: Red Hat OpenShift Logging elasticsearch6 container
CVE-2022-24699
@@ -86165,11 +86165,11 @@ CVE-2022-23489
CVE-2022-23488 (BigBlueButton is an open source web conferencing system.
Versions prio ...)
NOT-FOR-US: BigBlueButton
CVE-2022-23487 (js-libp2p is the official javascript Implementation of libp2p
networki ...)
- TODO: check
+ NOT-FOR-US: js-libp2p
CVE-2022-23486 (libp2p-rust is the official rust language Implementation of
the libp2p ...)
- TODO: check
+ NOT-FOR-US: libp2p-rust
CVE-2022-23485 (Sentry is an error tracking and performance monitoring
platform. In ve ...)
- TODO: check
+ NOT-FOR-US: Sentry
CVE-2022-23484 (xrdp is an open source project which provides a graphical
login to rem ...)
- xrdp 0.9.21.1-1 (bug #1025879)
NOTE:
https://github.com/neutrinolabs/xrdp/security/advisories/GHSA-rqfx-5fv8-q9c6
@@ -86203,7 +86203,7 @@ CVE-2022-23476 (Nokogiri is an open source XML and HTML
library for the Ruby pro
CVE-2022-23475 (daloRADIUS is an open source RADIUS web management
application. daloRa ...)
NOT-FOR-US: daloRADIUS
CVE-2022-23474 (Editor.js is a block-style editor with clean JSON output.
Versions pri ...)
- TODO: check
+ NOT-FOR-US: Editor.js
CVE-2022-23473 (Tuleap is an Open Source Suite to improve management of
software devel ...)
NOT-FOR-US: Tuleap
CVE-2022-23472 (Passeo is an open source python password generator. Versions
prior to ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7a759aab7446d5cbb028e769823a65195be3b63a
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7a759aab7446d5cbb028e769823a65195be3b63a
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
