Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
e4827cd7 by Moritz Muehlenhoff at 2023-02-28T15:01:49+01:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -4391,7 +4391,7 @@ CVE-2023-25659
CVE-2023-25658
RESERVED
CVE-2023-25657 (Nautobot is a Network Source of Truth and Network Automation
Platform. ...)
- TODO: check
+ NOT-FOR-US: Nautobot
CVE-2023-25656 (notation-go is a collection of libraries for supporting
Notation sign, ...)
NOT-FOR-US: notation-go
CVE-2023-25655
@@ -5739,7 +5739,7 @@ CVE-2023-25159 (Nextcloud Server is the file server
software for Nextcloud, a se
CVE-2023-25158 (GeoTools is an open source Java library that provides tools
for geospa ...)
NOT-FOR-US: GeoTools
CVE-2023-25157 (GeoServer is an open source software server written in Java
that allow ...)
- TODO: check
+ NOT-FOR-US: Geoserver
CVE-2023-25156 (Kiwi TCMS, an open source test management system, does not
impose rate ...)
NOT-FOR-US: Kiwi TCMS
CVE-2023-25155
@@ -8361,7 +8361,7 @@ CVE-2023-24191 (Online Food Ordering System v2 was
discovered to contain a cross
CVE-2023-24190
RESERVED
CVE-2023-24189 (An XML External Entity (XXE) vulnerability in urule v2.1.7
allows atta ...)
- TODO: check
+ NOT-FOR-US: urule
CVE-2023-24188 (ureport v2.2.9 was discovered to contain a directory traversal
vulnera ...)
NOT-FOR-US: ureport
CVE-2023-24187 (An XML External Entity (XXE) vulnerability in ureport v2.2.9
allows at ...)
@@ -11208,7 +11208,7 @@ CVE-2023-23207
CVE-2023-23206
RESERVED
CVE-2023-23205 (An issue was discovered in lib60870 v2.3.2. There is a memory
leak in ...)
- TODO: check
+ NOT-FOR-US: lib60870
CVE-2023-23204
RESERVED
CVE-2023-23203
@@ -20668,7 +20668,7 @@ CVE-2022-46442 (dedecms <=V5.7.102 is vulnerable to
SQL Injection. In sys_ sq
CVE-2022-46441
RESERVED
CVE-2022-46440 (ttftool v0.9.2 was discovered to contain a segmentation
violation via ...)
- TODO: check
+ - swftools <removed>
CVE-2022-46439
RESERVED
CVE-2022-46438 (A cross-site scripting (XSS) vulnerability in the
/admin/article_categ ...)
@@ -49593,7 +49593,7 @@ CVE-2020-36565 (Due to improper sanitization of user
input on Windows, the stati
CVE-2020-36564 (Due to improper validation of caller input, validation is
silently dis ...)
NOT-FOR-US: nosurf
CVE-2020-36563 (XML Digital Signatures generated and validated using this
package use ...)
- TODO: check
+ NOT-FOR-US: go-saml
CVE-2019-25075 (HTML injection combined with path traversal in the Email
service in Gr ...)
NOT-FOR-US: Gravitee API Management
CVE-2019-25074
@@ -49635,11 +49635,11 @@ CVE-2022-2573
CVE-2020-36562 (Due to unchecked type assertions, maliciously crafted messages
can cau ...)
NOT-FOR-US: shiyanhui/dht
CVE-2020-36561 (Due to improper path santization, archives containing relative
file pa ...)
- TODO: check
+ NOT-FOR-US: github.com/yi-ge/unzip
CVE-2020-36560 (Due to improper path santization, archives containing relative
file pa ...)
- TODO: check
+ NOT-FOR-US: github.com/artdarek/unzip
CVE-2020-36559 (Due to improper santization of user input, HTTPEngine.Handle
allows fo ...)
- TODO: check
+ NOT-FOR-US: aah framework
CVE-2019-25072 (Due to support of Gzip compression in request bodies, as well
as a lac ...)
- tendermint-go-common <removed>
CVE-2018-25046 (Due to improper path santization, archives containing relative
file pa ...)
@@ -51651,7 +51651,7 @@ CVE-2022-36233 (Tenda AC9 V15.03.2.13 is vulnerable to
Buffer Overflow via httpd
CVE-2022-36232
RESERVED
CVE-2022-36231 (pdf_info 0.5.3 is vulnerable to Command Execution because the
Ruby cod ...)
- TODO: check
+ NOT-FOR-US: pdf_info gem
CVE-2022-36230
RESERVED
CVE-2022-36229
@@ -55229,11 +55229,11 @@ CVE-2022-2288 (Out-of-bounds Write in GitHub
repository vim/vim prior to 9.0. ..
NOTE: https://huntr.dev/bounties/a71bdcb7-4e9b-4650-ab6a-fe8e3e9852ad/
NOTE:
https://github.com/vim/vim/commit/c6fdb15d423df22e1776844811d082322475e48a
(v9.0.0025)
CVE-2022-34910 (An issue was discovered in the A4N (Aremis 4 Nomad)
application 1.5.0 ...)
- TODO: check
+ NOT-FOR-US: A4N (Aremis 4 Nomad)
CVE-2022-34909 (An issue was discovered in the A4N (Aremis 4 Nomad)
application 1.5.0 ...)
- TODO: check
+ NOT-FOR-US: A4N (Aremis 4 Nomad)
CVE-2022-34908 (An issue was discovered in the A4N (Aremis 4 Nomad)
application 1.5.0 ...)
- TODO: check
+ NOT-FOR-US: A4N (Aremis 4 Nomad)
CVE-2022-34907 (An authentication bypass vulnerability exists in FileWave
before 14.6. ...)
NOT-FOR-US: FileWave
CVE-2022-34906 (A hard-coded cryptographic key is used in FileWave before
14.6.3 and 1 ...)
@@ -57203,7 +57203,7 @@ CVE-2022-2178
CVE-2022-2177 (Kayrasoft product before version 2 has an unauthenticated SQL
Injectio ...)
NOT-FOR-US: Kayrasoft
CVE-2022-2176 (This CVE ID has been rejected or withdrawn by its CVE Numbering
Author ...)
- TODO: check
+ NOT-FOR-US: rejected CVE
CVE-2022-2175 (Buffer Over-read in GitHub repository vim/vim prior to 8.2. ...)
- vim 2:9.0.0135-1 (unimportant)
NOTE: https://huntr.dev/bounties/7f0481c2-8b57-4324-b47c-795d1ea67e55
@@ -60547,7 +60547,7 @@ CVE-2022-32951
CVE-2022-32950
RESERVED
CVE-2022-32949 (This issue was addressed with improved checks. This issue is
fixed in ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2022-32948 (An out-of-bounds read was addressed with improved bounds
checking. Thi ...)
NOT-FOR-US: Apple
CVE-2022-32947 (The issue was addressed with improved memory handling. This
issue is f ...)
@@ -60638,7 +60638,7 @@ CVE-2022-32908 (A memory corruption issue was addressed
with improved input vali
CVE-2022-32907 (This issue was addressed with improved checks. This issue is
fixed in ...)
NOT-FOR-US: Apple
CVE-2022-32906 (This issue was addressed with using HTTPS when sending
information ove ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2022-32905 (This issue was addressed with improved validation of symlinks.
This is ...)
NOT-FOR-US: Apple
CVE-2022-32904 (An access issue was addressed with additional sandbox
restrictions. Th ...)
@@ -60646,11 +60646,11 @@ CVE-2022-32904 (An access issue was addressed with
additional sandbox restrictio
CVE-2022-32903 (A use after free issue was addressed with improved memory
management. ...)
NOT-FOR-US: Apple
CVE-2022-32902 (A logic issue was addressed with improved state management.
This issue ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2022-32901
RESERVED
CVE-2022-32900 (A logic issue was addressed with improved state management.
This issue ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2022-32899 (The issue was addressed with improved memory handling. This
issue is f ...)
NOT-FOR-US: Apple
CVE-2022-32898 (The issue was addressed with improved memory handling. This
issue is f ...)
@@ -60658,7 +60658,7 @@ CVE-2022-32898 (The issue was addressed with improved
memory handling. This issu
CVE-2022-32897
RESERVED
CVE-2022-32896 (This issue was addressed by enabling hardened runtime. This
issue is f ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2022-32895 (A race condition was addressed with improved state handling.
This issu ...)
NOT-FOR-US: Apple
CVE-2022-32894 (An out-of-bounds write issue was addressed with improved
bounds checki ...)
@@ -60752,7 +60752,7 @@ CVE-2022-32857 (This issue was addressed by using HTTPS
when sending information
CVE-2022-32856
RESERVED
CVE-2022-32855 (A logic issue was addressed with improved state management.
This issue ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2022-32854 (This issue was addressed with improved checks. This issue is
fixed in ...)
NOT-FOR-US: Apple
CVE-2022-32853 (An out-of-bounds read issue was addressed with improved input
validati ...)
@@ -60770,11 +60770,11 @@ CVE-2022-32848 (A logic issue was addressed with
improved checks. This issue is
CVE-2022-32847 (This issue was addressed with improved checks. This issue is
fixed in ...)
NOT-FOR-US: Apple
CVE-2022-32846 (A logic issue was addressed with improved state management.
This issue ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2022-32845 (This issue was addressed with improved checks. This issue is
fixed in ...)
NOT-FOR-US: Apple
CVE-2022-32844 (A race condition was addressed with improved state handling.
This issu ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2022-32843 (An out-of-bounds write issue was addressed with improved
bounds checki ...)
NOT-FOR-US: Apple
CVE-2022-32842 (An out-of-bounds read issue was addressed with improved input
validati ...)
@@ -60790,7 +60790,7 @@ CVE-2022-32838 (A logic issue was addressed with
improved state management. This
CVE-2022-32837 (This issue was addressed with improved checks. This issue is
fixed in ...)
NOT-FOR-US: Apple
CVE-2022-32836 (This issue was addressed with improved state management. This
issue is ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2022-32835 (This issue was addressed with improved entitlements. This
issue is fix ...)
NOT-FOR-US: Apple
CVE-2022-32834 (An access issue was addressed with improvements to the
sandbox. This i ...)
@@ -60802,7 +60802,7 @@ CVE-2022-32832 (The issue was addressed with improved
memory handling. This issu
CVE-2022-32831 (An out-of-bounds read was addressed with improved bounds
checking. Thi ...)
NOT-FOR-US: Apple
CVE-2022-32830 (An out-of-bounds read issue was addressed with improved bounds
checkin ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2022-32829 (This issue was addressed with improved checks. This issue is
fixed in ...)
NOT-FOR-US: Apple
CVE-2022-32828 (The issue was addressed with improved memory handling. This
issue is f ...)
@@ -60814,7 +60814,7 @@ CVE-2022-32826 (An authorization issue was addressed
with improved state managem
CVE-2022-32825 (The issue was addressed with improved memory handling. This
issue is f ...)
NOT-FOR-US: Apple
CVE-2022-32824 (The issue was addressed with improved memory handling. This
issue is f ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2022-32823 (A memory initialization issue was addressed with improved
memory handl ...)
NOT-FOR-US: Apple
CVE-2022-32822
@@ -60901,7 +60901,7 @@ CVE-2022-32786 (An issue in the handling of environment
variables was addressed
CVE-2022-32785 (A null pointer dereference was addressed with improved
validation. Thi ...)
NOT-FOR-US: Apple
CVE-2022-32784 (The issue was addressed with improved UI handling. This issue
is fixed ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2022-32783 (A logic issue was addressed with improved checks. This issue
is fixed ...)
NOT-FOR-US: Apple
CVE-2022-32782 (This issue was addressed by enabling hardened runtime. This
issue is f ...)
@@ -61513,7 +61513,7 @@ CVE-2022-32538
CVE-2022-32537 (A vulnerability exists which could allow an unauthorized user
to learn ...)
NOT-FOR-US: Medtronic
CVE-2022-2024 (OS Command Injection in GitHub repository gogs/gogs prior to
0.12.11. ...)
- TODO: check
+ NOT-FOR-US: Go Git Service
CVE-2022-2023 (Incorrect Use of Privileged APIs in GitHub repository
polonel/trudesk ...)
NOT-FOR-US: Trudesk
CVE-2017-20050
@@ -65010,7 +65010,7 @@ CVE-2022-31407
CVE-2022-31406
RESERVED
CVE-2022-31405 (MV iDigital Clinic Enterprise (iDCE) 1.0 stores passwords in
cleartext ...)
- TODO: check
+ NOT-FOR-US: MV iDigital Clinic Enterprise
CVE-2022-31404
RESERVED
CVE-2022-31403 (ITOP v3.0.1 was discovered to contain a cross-site scripting
(XSS) vul ...)
@@ -68316,7 +68316,7 @@ CVE-2022-1609
CVE-2022-1608 (The OnePress Social Locker WordPress plugin through 5.6.2 does
not hav ...)
NOT-FOR-US: WordPress plugin
CVE-2022-1607 (Cross-Site Request Forgery (CSRF) vulnerability in ABB Pulsar
Plus Sys ...)
- TODO: check
+ NOT-FOR-US: ABB
CVE-2022-1606 (Incorrect privilege assignment in M-Files Server versions
before 22.3. ...)
NOT-FOR-US: M-Files Server
CVE-2022-1605 (The Email Users WordPress plugin through 4.8.8 does not have
CSRF chec ...)
@@ -71312,7 +71312,7 @@ CVE-2022-29275 (In UsbCoreDxe, untrusted input may
allow SMRAM or OS memory tamp
CVE-2022-29274
RESERVED
CVE-2022-29273 (pfSense CE through 2.6.0 and pfSense Plus before 22.05 allow
XSS in th ...)
- TODO: check
+ NOT-FOR-US: pfSense
CVE-2022-29272 (In Nagios XI through 5.8.5, an open redirect vulnerability
exists in t ...)
NOT-FOR-US: Nagios XI
CVE-2022-29271 (In Nagios XI through 5.8.5, a read-only Nagios user (due to an
incorre ...)
@@ -78830,7 +78830,7 @@ CVE-2022-26762 (A memory corruption issue was addressed
with improved memory han
CVE-2022-26761 (A memory corruption issue was addressed with improved memory
handling. ...)
NOT-FOR-US: Apple
CVE-2022-26760 (A memory corruption issue was addressed with improved state
management ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2022-26759
RESERVED
CVE-2022-26758
@@ -81109,7 +81109,7 @@ CVE-2022-25857 (The package org.yaml:snakeyaml from 0
and before 1.31 are vulner
CVE-2022-25856 (The package github.com/argoproj/argo-events/sensors/artifacts
before 1 ...)
NOT-FOR-US: github.com/argoproj/argo-events/sensors/artifacts
CVE-2022-25855 (All versions of the package create-choo-app3 are vulnerable to
Command ...)
- TODO: check
+ NOT-FOR-US: create-choo-app3
CVE-2022-25854 (This affects the package @yaireo/tagify before 4.9.8. The
package is u ...)
NOT-FOR-US: Tagify
CVE-2022-25853 (All versions of the package semver-tags are vulnerable to
Command Inje ...)
@@ -81224,7 +81224,7 @@ CVE-2022-25231 (The package node-opcua before 2.74.0
are vulnerable to Denial of
CVE-2022-25171 (The package p4 before 0.0.7 are vulnerable to Command
Injection via th ...)
TODO: check
CVE-2022-24913 (Versions of the package com.fasterxml.util:java-merge-sort
before 1.1. ...)
- TODO: check
+ NOT-FOR-US: com.fasterxml.util:java-merge-sort
CVE-2022-24912 (The package
github.com/runatlantis/atlantis/server/controllers/events ...)
NOT-FOR-US: github.com/runatlantis/atlantis
CVE-2022-24909
@@ -81376,7 +81376,7 @@ CVE-2022-21149 (The package s-cart/s-cart before 6.9;
the package s-cart/core be
CVE-2022-21144 (This affects all versions of package libxmljs. When invoking
the libxm ...)
NOT-FOR-US: Node libxmljs
CVE-2022-21129 (Versions of the package nemo-appium before 0.0.9 are
vulnerable to Com ...)
- TODO: check
+ NOT-FOR-US: nemo-appium
CVE-2022-21126 (The package com.github.samtools:htsjdk before 3.0.1 are
vulnerable to ...)
NOT-FOR-US: com.github.samtools:htsjdk
CVE-2022-21122 (The package metacalc before 0.0.2 are vulnerable to Arbitrary
Code Exe ...)
@@ -89072,7 +89072,7 @@ CVE-2022-23538 (github.com/sylabs/scs-library-client is
the Go client for the Si
CVE-2022-23536 (Cortex provides multi-tenant, long term storage for
Prometheus. A loca ...)
NOT-FOR-US: Cortex (multi-tenant, long term storage for Prometheus)
CVE-2022-23535 (LiteDB is a small, fast and lightweight .NET NoSQL embedded
database. ...)
- TODO: check
+ NOT-FOR-US: LiteDB
CVE-2022-23534
RESERVED
CVE-2022-23533
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e4827cd70320b991da2ba47813c7911444b020d5
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e4827cd70320b991da2ba47813c7911444b020d5
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
