[Git][security-tracker-team/security-tracker][master] Process some NFUs
Neil Williams (@codehelp)
codehelp at debian.org
Fri Aug 5 10:34:39 BST 2022
Neil Williams pushed to branch master at Debian Security Tracker / security-tracker
Commits:
83a81e98 by Neil Williams at 2022-08-05T10:29:24+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -3756,9 +3756,9 @@ CVE-2022-35932
CVE-2022-35931
RESERVED
CVE-2022-35930 (PolicyController is a utility used to enforce supply chain policy in K ...)
- TODO: check
+ NOT-FOR-US: sigstore/policy-controller
CVE-2022-35929 (cosign is a container signing and verification utility. In versions pr ...)
- TODO: check
+ NOT-FOR-US: Cosign
CVE-2022-35928 (AES Crypt is a file encryption software for multiple platforms. AES Cr ...)
NOT-FOR-US: AES Crypt
CVE-2022-35927 (Contiki-NG is an open-source, cross-platform operating system for IoT ...)
@@ -3995,7 +3995,7 @@ CVE-2022-35860
CVE-2022-35859
RESERVED
CVE-2022-35858 (The TEE_PopulateTransientObject and __utee_from_attr functions in Sams ...)
- TODO: check
+ NOT-FOR-US: Samsung mTower
CVE-2022-35857 (kvf-admin through 2022-02-12 allows remote attackers to execute arbitr ...)
NOT-FOR-US: kvf-admin
CVE-2022-35856
@@ -5976,7 +5976,7 @@ CVE-2022-34994
CVE-2022-34993 (Totolink A3600R_Firmware V4.1.2cu.5182_B20201102 contains a hard code ...)
NOT-FOR-US: Totolink
CVE-2022-34992 (Luadec v0.9.9 was discovered to contain a heap-buffer overflow via the ...)
- TODO: check
+ NOT-FOR-US: viruscamp/luadec
CVE-2022-34991 (Paymoney v3.3 was discovered to contain multiple reflected cross-site ...)
NOT-FOR-US: Paymoney
CVE-2022-34990
@@ -6020,7 +6020,7 @@ CVE-2022-34972 (So Filter Shop v3.x was discovered to contain multiple blind SQL
CVE-2022-34971 (An arbitrary file upload vulnerability in the Advertising Management m ...)
NOT-FOR-US: Feehi CMS
CVE-2022-34970 (Crow before v1.0+4 was discovered to contain a buffer overflow via the ...)
- TODO: check
+ NOT-FOR-US: CrowCpp
CVE-2022-34969 (PingCAP TiDB v6.1.0 was discovered to contain a NULL pointer dereferen ...)
NOT-FOR-US: pingcap/tidb
CVE-2022-34968 (An issue in the fetch_step function in Percona Server for MySQL v8.0.2 ...)
@@ -16264,7 +16264,7 @@ CVE-2022-31177 (Flask-AppBuilder is an application development framework built o
CVE-2022-31176
RESERVED
CVE-2022-31175 (CKEditor 5 is a JavaScript rich text editor. A cross-site scripting vu ...)
- TODO: check
+ NOT-FOR-US: ckeditor5-{markdown-gfm,html-support,html-embed} CKEditor 5 packages
CVE-2022-31174
RESERVED
CVE-2022-31173 (Juniper is a GraphQL server library for Rust. Affected versions of Jun ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/83a81e989f1269384e7781d719eb53f5210169eb
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/83a81e989f1269384e7781d719eb53f5210169eb
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220805/8635a4dd/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list