[Git][security-tracker-team/security-tracker][master] Process several NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Dec 30 16:15:16 GMT 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
c7432fdb by Salvatore Bonaccorso at 2022-12-30T17:14:41+01:00
Process several NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -742,9 +742,9 @@ CVE-2018-25052 (A vulnerability has been found in Catalyst-Plugin-Session up to
CVE-2018-25051 (A vulnerability, which was classified as problematic, was found in JmP ...)
TODO: check
CVE-2018-25050 (A vulnerability, which was classified as problematic, has been found i ...)
- TODO: check
+ NOT-FOR-US: Harvest Chosen
CVE-2017-20150 (A vulnerability was found in challenge website. It has been rated as c ...)
- TODO: check
+ NOT-FOR-US: challenge website
CVE-2022-XXXX [RUSTSEC-2022-0074]
- rust-prettytable-rs <unfixed> (bug #1027282)
NOTE: https://rustsec.org/advisories/RUSTSEC-2022-0074.html
@@ -866,7 +866,7 @@ CVE-2020-36636 (A vulnerability classified as problematic has been found in Open
CVE-2020-36635 (A vulnerability was found in OpenMRS Appointment Scheduling Module up ...)
NOT-FOR-US: OpenMRS
CVE-2019-25091 (A vulnerability classified as problematic has been found in nsupdate.i ...)
- TODO: check
+ NOT-FOR-US: nsupdate.info
CVE-2023-22417
RESERVED
CVE-2023-22416
@@ -1009,11 +1009,11 @@ CVE-2019-25089 (A vulnerability has been found in Morgawr Muon 0.1.1 and classif
CVE-2019-25088 (A vulnerability was found in ytti Oxidized Web. It has been classified ...)
NOT-FOR-US: ytti Oxidized Web
CVE-2019-25087 (A vulnerability was found in RamseyK httpserver. It has been rated as ...)
- TODO: check
+ NOT-FOR-US: RamseyK httpserver
CVE-2019-25086 (A vulnerability was found in IET-OU Open Media Player up to 1.5.0. It ...)
NOT-FOR-US: IET-OU Open Media Player
CVE-2018-25049 (A vulnerability was found in email-existence. It has been rated as pro ...)
- TODO: check
+ NOT-FOR-US: email-existence
CVE-2015-10005 (A vulnerability was found in markdown-it up to 2.x. It has been classi ...)
TODO: check
CVE-2022-47966
@@ -7790,13 +7790,13 @@ CVE-2022-46183
CVE-2022-46182
RESERVED
CVE-2022-46181 (Gotify server is a simple server for sending and receiving messages in ...)
- TODO: check
+ NOT-FOR-US: Gotify server
CVE-2022-46180
RESERVED
CVE-2022-46179 (LiuOS is a small Python project meant to imitate the functions of a re ...)
NOT-FOR-US: LiuOS
CVE-2022-46178 (MeterSphere is a one-stop open source continuous testing platform, cov ...)
- TODO: check
+ NOT-FOR-US: MeterSphere
CVE-2022-46177
RESERVED
CVE-2022-46176
@@ -7809,11 +7809,11 @@ CVE-2022-46175 (JSON5 is an extension to the popular JSON file format that aims
NOTE: https://github.com/json5/json5/issues/199
NOTE: https://github.com/json5/json5/issues/295
CVE-2022-46174 (efs-utils is a set of Utilities for Amazon Elastic File System (EFS). ...)
- TODO: check
+ NOT-FOR-US: AWS efs-utils
CVE-2022-46173 (Elrond-GO is a go implementation for the Elrond Network protocol. Vers ...)
- TODO: check
+ NOT-FOR-US: Elrond go
CVE-2022-46172 (authentik is an open-source Identity provider focused on flexibility a ...)
- TODO: check
+ NOT-FOR-US: authentik
CVE-2022-46171 (Tauri is a framework for building binaries for all major desktop platf ...)
NOT-FOR-US: Tauri
CVE-2022-46170 (CodeIgniter is a PHP full-stack web framework. When an application use ...)
@@ -18334,7 +18334,7 @@ CVE-2022-43365 (IP-COM EW9 V15.11.0.14(9732) was discovered to contain a buffer
CVE-2022-43364 (An access control issue in the password reset page of IP-COM EW9 V15.1 ...)
NOT-FOR-US: IP-COM EW9
CVE-2022-43363 (** DISPUTED ** Telegram Web 15.3.1 allows XSS via a certain payload de ...)
- TODO: check
+ NOT-FOR-US: Telegram Web
CVE-2022-43362 (Senayan Library Management System v9.4.2 was discovered to contain a S ...)
NOT-FOR-US: Senayan Library Management System
CVE-2022-43361 (Senayan Library Management System v9.4.2 was discovered to contain a c ...)
@@ -22116,7 +22116,7 @@ CVE-2022-41969 (Nextcloud Server is an open source personal cloud server. Prior
CVE-2022-41968 (Nextcloud Server is an open source personal cloud server. Prior to ver ...)
- nextcloud-server <itp> (bug #941708)
CVE-2022-41967 (Dragonfly is a Java runtime dependency management library. Dragonfly v ...)
- TODO: check
+ NOT-FOR-US: Dragonfly
CVE-2022-41966 (XStream serializes Java objects to XML and back again. Versions prior ...)
TODO: check
CVE-2022-41965 (Opencast is a free, open-source platform to support the management of ...)
@@ -22567,7 +22567,7 @@ CVE-2022-41702 (The affected product DIAEnergie (versions prior to v1.9.01.002)
CVE-2022-41701 (The affected product DIAEnergie (versions prior to v1.9.01.002) is vul ...)
NOT-FOR-US: DIAEnergie
CVE-2022-41697 (A user enumeration vulnerability exists in the login functionality of ...)
- TODO: check
+ NOT-FOR-US: Ghost CMS
CVE-2022-41688 (Delta Electronics InfraSuite Device Master versions 00.00.01a and prio ...)
NOT-FOR-US: Delta Electronics
CVE-2022-41683
@@ -22575,7 +22575,7 @@ CVE-2022-41683
CVE-2022-41657 (Delta Electronics InfraSuite Device Master Versions 00.00.01a and prio ...)
NOT-FOR-US: Delta Electronics
CVE-2022-41654 (An authentication bypass vulnerability exists in the newsletter subscr ...)
- TODO: check
+ NOT-FOR-US: Ghost CMS
CVE-2022-41653 (Daikin SVMPC1 version 2.1.22 and prior and SVMPC2 version 1.2.3 and pr ...)
NOT-FOR-US: Daikin
CVE-2022-41651 (The affected product DIAEnergie (versions prior to v1.9.01.002) is vul ...)
@@ -23021,7 +23021,7 @@ CVE-2022-41581 (The HW_KEYMASTER module has a vulnerability of not verifying the
CVE-2022-41580 (The HW_KEYMASTER module has a vulnerability of not verifying the data ...)
NOT-FOR-US: Huawei
CVE-2022-41579 (There is an insufficient authentication vulnerability in some Huawei b ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2022-41578 (The MPTCP module has an out-of-bounds write vulnerability.Successful e ...)
NOT-FOR-US: Huawei
CVE-2022-41577 (The kernel server has a vulnerability of not verifying the length of t ...)
@@ -23107,9 +23107,9 @@ CVE-2022-35730 (Cross-Site Request Forgery (CSRF) vulnerability in Oceanwp stick
CVE-2022-34840 (Use of hard-coded credentials vulnerability in multiple Buffalo networ ...)
NOT-FOR-US: Buffalo
CVE-2022-3347 (DNSSEC validation is not performed correctly. An attacker can cause th ...)
- TODO: check
+ NOT-FOR-US: goresolver
CVE-2022-3346 (DNSSEC validation is not performed correctly. An attacker can cause th ...)
- TODO: check
+ NOT-FOR-US: goresolver
CVE-2022-3345
RESERVED
CVE-2022-3344 (A flaw was found in the KVM's AMD nested virtualization (SVM). A malic ...)
@@ -26634,7 +26634,7 @@ CVE-2022-3158 (Rockwell Automation FactoryTalk VantagePoint versions 8.0, 8.10,
CVE-2022-3157 (A vulnerability exists in the Rockwell Automation controllers that all ...)
NOT-FOR-US: Rockwell
CVE-2022-3156 (A remote code execution vulnerability exists in Rockwell Automation St ...)
- TODO: check
+ NOT-FOR-US: Rockwell Automation
CVE-2022-40175
RESERVED
CVE-2022-40174
@@ -27041,7 +27041,7 @@ CVE-2022-40013
CVE-2022-40012
RESERVED
CVE-2022-40011 (Cross Site Scripting (XSS) vulnerability in typora through 1.38 allows ...)
- TODO: check
+ NOT-FOR-US: typora
CVE-2022-40010
RESERVED
CVE-2022-40009 (SWFTools commit 772e55a was discovered to contain a heap-use-after-fre ...)
@@ -27055,7 +27055,7 @@ CVE-2022-40007
CVE-2022-40006
RESERVED
CVE-2022-40005 (Intelbras WiFiber 120AC inMesh before 1-1-220826 allows command inject ...)
- TODO: check
+ NOT-FOR-US: Intelbras WiFiber 120AC inMesh
CVE-2022-40004 (Cross Site Scripting (XSS) vulnerability in Things Board 3.4.1 allows ...)
NOT-FOR-US: Things Board
CVE-2022-40003
@@ -29627,7 +29627,7 @@ CVE-2022-39014 (Under certain conditions SAP BusinessObjects Business Intelligen
CVE-2022-39013 (Under certain conditions an authenticated attacker can get access to O ...)
NOT-FOR-US: SAP
CVE-2022-39012 (Huawei Aslan Children's Watch has an improper input validation vulnera ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2022-39011 (The HISP module has a vulnerability of bypassing the check of the data ...)
NOT-FOR-US: Huawei
CVE-2022-39010 (The HwChrService module has a vulnerability in permission control. Suc ...)
@@ -30869,7 +30869,7 @@ CVE-2022-38600 (Mplayer SVN-r38374-13.0.1 is vulnerable to Memory Leak via vf.c
NOTE: Followup: https://git.ffmpeg.org/gitweb/mplayer.git/commit/48ca1226397974bb2bc53de878411f88a80fe1f8 (r38392)
NOTE: Memory leak in CLI tool, no security impact
CVE-2022-38599 (Teleport v3.2.2, Teleport v3.5.6-rc6, and Teleport v3.6.3-b2 was disco ...)
- TODO: check
+ NOT-FOR-US: Teleport
CVE-2022-38598
RESERVED
CVE-2022-38597
@@ -31117,7 +31117,7 @@ CVE-2022-38490
CVE-2022-38489
RESERVED
CVE-2022-38488 (logrocket-oauth2-example through 2020-05-27 allows SQL injection via t ...)
- TODO: check
+ NOT-FOR-US: logrocket-oauth2-example
CVE-2022-38487
RESERVED
CVE-2022-38486
@@ -32099,27 +32099,27 @@ CVE-2022-38214
CVE-2022-38213
RESERVED
CVE-2022-38212 (Protections against potential Server-Side Request Forgery (SSRF) vulne ...)
- TODO: check
+ NOT-FOR-US: Esri
CVE-2022-38211 (Protections against potential Server-Side Request Forgery (SSRF) vulne ...)
- TODO: check
+ NOT-FOR-US: Esri
CVE-2022-38210 (There is a reflected HTML injection vulnerability in Esri Portal for A ...)
- TODO: check
+ NOT-FOR-US: Esri
CVE-2022-38209 (There is a reflected XSS vulnerability in Esri Portal for ArcGIS versi ...)
- TODO: check
+ NOT-FOR-US: Esri
CVE-2022-38208 (There is an unvalidated redirect vulnerability in Esri Portal for ArcG ...)
- TODO: check
+ NOT-FOR-US: Esri
CVE-2022-38207 (There is a reflected XSS vulnerability in Esri Portal for ArcGIS versi ...)
- TODO: check
+ NOT-FOR-US: Esri
CVE-2022-38206 (There is a reflected XSS vulnerability in Esri Portal for ArcGIS versi ...)
- TODO: check
+ NOT-FOR-US: Esri
CVE-2022-38205 (In some non-default installations of Esri Portal for ArcGIS versions 1 ...)
- TODO: check
+ NOT-FOR-US: Esri
CVE-2022-38204 (There is a reflected XSS vulnerability in Esri Portal for ArcGIS versi ...)
- TODO: check
+ NOT-FOR-US: Esri
CVE-2022-38203 (Protections against potential Server-Side Request Forgery (SSRF) vulne ...)
- TODO: check
+ NOT-FOR-US: Esri
CVE-2022-38202 (There is a path traversal vulnerability in Esri ArcGIS Server versions ...)
- TODO: check
+ NOT-FOR-US: Esri
CVE-2022-38201 (An unvalidated redirect vulnerability exists in Esri Portal for ArcGIS ...)
NOT-FOR-US: Esri Portal for ArcGIS Quick Capture Web Designer
CVE-2022-38200 (A cross site scripting vulnerability exists in some map service config ...)
@@ -35238,7 +35238,7 @@ CVE-2022-2585
NOTE: https://lore.kernel.org/lkml/20220809170751.164716-1-cascardo@canonical.com/T/#u
NOTE: https://www.openwall.com/lists/oss-security/2022/08/09/7
CVE-2022-2584 (The dag-pb codec can panic when decoding invalid blocks. ...)
- TODO: check
+ NOT-FOR-US: go-codec-dagpb
CVE-2022-2583 (A race condition can cause incorrect HTTP request routing. ...)
TODO: check
CVE-2022-2582 (The AWS S3 Crypto SDK sends an unencrypted hash of the plaintext along ...)
@@ -35254,7 +35254,7 @@ CVE-2021-4236 (Web Sockets do not execute any AuthenticateMethod methods which m
CVE-2021-4235 (Due to unbounded alias chasing, a maliciously crafted YAML file can ca ...)
TODO: check
CVE-2020-36569 (Authentication is globally bypassed in github.com/nanobox-io/golang-na ...)
- TODO: check
+ NOT-FOR-US: golang-nanoauth
CVE-2020-36568 (Unsanitized input in the query parser in github.com/revel/revel before ...)
TODO: check
CVE-2020-36567 (Unsanitized input in the default logger in github.com/gin-gonic/gin be ...)
@@ -36138,7 +36138,7 @@ CVE-2022-36666
CVE-2022-36665
RESERVED
CVE-2022-36664 (Password Manager for IIS 2.0 has a cross-site scripting (XSS) vulnerab ...)
- TODO: check
+ NOT-FOR-US: Password Manager for IIS
CVE-2022-36663 (Gluu Oxauth before v4.4.1 allows attackers to execute blind SSRF (Serv ...)
NOT-FOR-US: Gluu Oxauth
CVE-2022-36662
@@ -50536,7 +50536,7 @@ CVE-2022-1837 (A vulnerability was found in Home Clean Services Management Syste
CVE-2022-31470 (An XSS vulnerability in the index_mobile_changepass.hsp reset-password ...)
NOT-FOR-US: Axigen Mobile WebMail
CVE-2022-31469 (OX App Suite through 7.10.6 allows XSS via a deep link, as demonstrate ...)
- TODO: check
+ NOT-FOR-US: OX App Suite
CVE-2022-31468 (OX App Suite through 8.2 allows XSS via an attachment or OX Drive cont ...)
NOT-FOR-US: OX App Suite
CVE-2022-31467 (A DLL hijacking vulnerability in the installed for Quick Heal Total Se ...)
@@ -53429,7 +53429,7 @@ CVE-2022-30521 (The LAN-side Web-Configuration Interface has Stack-based Buffer
CVE-2022-30520
RESERVED
CVE-2022-30519 (XSS in signing form in Reprise Software RLM License Administration v14 ...)
- TODO: check
+ NOT-FOR-US: Reprise Software RLM License Administration
CVE-2022-30518 (ChatBot Application with a Suggestion Feature 1.0 was discovered to co ...)
NOT-FOR-US: ChatBot Application with a Suggestion Feature
CVE-2022-30517 (Mogu blog 5.2 is vulnerable to Cross Site Scripting (XSS). ...)
@@ -54093,7 +54093,7 @@ CVE-2022-30262 (The Emerson ControlWave 'Next Generation' RTUs through 2022-05-0
CVE-2022-30261
RESERVED
CVE-2022-30260 (Emerson DeltaV Distributed Control System (DCS) has insufficient verif ...)
- TODO: check
+ NOT-FOR-US: Emerson DeltaV Distributed Control System (DCS)
CVE-2022-1588
REJECTED
CVE-2022-1587 (An out-of-bounds read vulnerability was discovered in the PCRE2 librar ...)
@@ -55270,9 +55270,9 @@ CVE-2022-29855 (Mitel 6800 and 6900 Series SIP phone devices through 2022-04-27
CVE-2022-29854 (A vulnerability in Mitel 6900 Series IP (MiNet) phones excluding 6970, ...)
NOT-FOR-US: Mitel
CVE-2022-29853 (OX App Suite through 8.2 allows XSS via a certain complex hierarchy th ...)
- TODO: check
+ NOT-FOR-US: OX App Suite
CVE-2022-29852 (OX App Suite through 8.2 allows XSS because BMFreehand10 and image/x-f ...)
- TODO: check
+ NOT-FOR-US: OX App Suite
CVE-2022-29851 (documentconverter in OX App Suite through 7.10.6, in a non-default con ...)
NOT-FOR-US: OX App Suite
CVE-2022-29850 (Various Lexmark products through 2022-04-27 allow an attacker who has ...)
@@ -60031,9 +60031,9 @@ CVE-2022-28231 (Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.30
CVE-2022-28230 (Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (a ...)
NOT-FOR-US: Adobe
CVE-2022-28229 (The hash functionality in userver before 42059b6319661583b3080cab9b595 ...)
- TODO: check
+ NOT-FOR-US: userver
CVE-2022-28228 (Out-of-bounds read was discovered in YDB server. An attacker could con ...)
- TODO: check
+ NOT-FOR-US: YDB server
CVE-2022-28227
RESERVED
CVE-2022-28226 (Local privilege vulnerability in Yandex Browser for Windows prior to 2 ...)
@@ -63875,7 +63875,7 @@ CVE-2022-26971 (Barco Control Room Management Suite web application, which is pa
CVE-2022-26970
RESERVED
CVE-2022-26969 (In Directus before 9.7.0, the default settings of CORS_ORIGIN and CORS ...)
- TODO: check
+ NOT-FOR-US: Directus
CVE-2022-26968
RESERVED
CVE-2022-26967 (GPAC 2.0 allows a heap-based buffer overflow in gf_base64_encode. It c ...)
@@ -63894,7 +63894,7 @@ CVE-2022-26966 (An issue was discovered in the Linux kernel before 5.16.12. driv
CVE-2022-26965 (In Pluck 4.7.16, an admin user can use the theme upload functionality ...)
NOT-FOR-US: Pluck CMS
CVE-2022-26964 (Weak password derivation for export in Devolutions Remote Desktop Mana ...)
- TODO: check
+ NOT-FOR-US: Devolutions Remote Desktop Manager
CVE-2022-26963
RESERVED
CVE-2022-26962
@@ -64886,13 +64886,13 @@ CVE-2022-26584
CVE-2022-26583
RESERVED
CVE-2022-26582 (The systool_server in PAX Technology A930 PayDroid 7.1.1 Virgo V04.4.0 ...)
- TODO: check
+ NOT-FOR-US: PAX Technology A930 PayDroid 7.1.1 Virgo
CVE-2022-26581 (The ADB daemon in PAX Technology A930 PayDroid 7.1.1 Virgo V04.4.02 20 ...)
- TODO: check
+ NOT-FOR-US: PAX Technology A930 PayDroid 7.1.1 Virgo
CVE-2022-26580 (PAX Technology A930 PayDroid 7.1.1 Virgo V04.4.02 20211201 was discove ...)
- TODO: check
+ NOT-FOR-US: PAX Technology A930 PayDroid 7.1.1 Virgo
CVE-2022-26579 (PAX Technology A930 PayDroid 7.1.1 Virgo V04.4.02 20211201 allows root ...)
- TODO: check
+ NOT-FOR-US: PAX Technology A930 PayDroid 7.1.1 Virgo
CVE-2022-26578
RESERVED
CVE-2022-26577
@@ -66645,7 +66645,7 @@ CVE-2022-25895 (All versions of package lite-dev-server are vulnerable to Direct
CVE-2022-25894
RESERVED
CVE-2022-25893 (The package vm2 before 3.9.10 are vulnerable to Arbitrary Code Executi ...)
- TODO: check
+ NOT-FOR-US: Node vm2
CVE-2022-25892 (The package muhammara before 2.6.1, from 3.0.0 and before 3.1.1; all v ...)
NOT-FOR-US: Muhammara Nodejs module
CVE-2022-25891 (The package github.com/containrrr/shoutrrr/pkg/util before 0.6.0 are v ...)
@@ -67556,15 +67556,15 @@ CVE-2022-25632
CVE-2022-25631
RESERVED
CVE-2022-25630 (An authenticated user can embed malicious content with XSS into the ad ...)
- TODO: check
+ NOT-FOR-US: Symantec Messaging Gateway
CVE-2022-25629 (An authenticated user who has the privilege to add/edit annotations on ...)
- TODO: check
+ NOT-FOR-US: Symantec Messaging Gateway
CVE-2022-25628 (An authenticated user can perform XML eXternal Entity injection in Man ...)
- TODO: check
+ NOT-FOR-US: Symantec Identity Manager
CVE-2022-25627 (An authenticated administrator who has physical access to the environm ...)
- TODO: check
+ NOT-FOR-US: Symantec Identity Manager
CVE-2022-25626 (An unauthenticated user can access Identity Manager’s management ...)
- TODO: check
+ NOT-FOR-US: Symantec Identity Manager
CVE-2022-25625 (A malicious unauthorized PAM user can access the administration config ...)
NOT-FOR-US: Symantec
CVE-2022-25624
@@ -72369,15 +72369,15 @@ CVE-2022-24122 (kernel/ucount.c in the Linux kernel 5.14 through 5.16.4, when un
NOTE: https://www.openwall.com/lists/oss-security/2022/01/29/1
NOTE: https://git.kernel.org/linus/f9d87929d451d3e649699d0f1d74f71f77ad38f5
CVE-2022-24120 (Certain General Electric Renewable Energy products store cleartext cre ...)
- TODO: check
+ NOT-FOR-US: General Electric Renewable Energy products
CVE-2022-24119 (Certain General Electric Renewable Energy products have a hidden featu ...)
- TODO: check
+ NOT-FOR-US: General Electric Renewable Energy products
CVE-2022-24118 (Certain General Electric Renewable Energy products allow attackers to ...)
- TODO: check
+ NOT-FOR-US: General Electric Renewable Energy products
CVE-2022-24117 (Certain General Electric Renewable Energy products download firmware w ...)
- TODO: check
+ NOT-FOR-US: General Electric Renewable Energy products
CVE-2022-24116 (Certain General Electric Renewable Energy products have inadequate enc ...)
- TODO: check
+ NOT-FOR-US: General Electric Renewable Energy products
CVE-2022-24115 (Local privilege escalation due to unrestricted loading of unsigned lib ...)
NOT-FOR-US: Acronis
CVE-2022-24114 (Local privilege escalation due to race condition on application startu ...)
@@ -73743,7 +73743,7 @@ CVE-2022-23856 (An issue was discovered in Saviynt Enterprise Identity Cloud (EI
CVE-2022-23855 (An issue was discovered in Saviynt Enterprise Identity Cloud (EIC) 5.5 ...)
NOT-FOR-US: Saviynt Enterprise Identity Cloud (EIC)
CVE-2022-23854 (AVEVA InTouch Access Anywhere versions 2020 R2 and older are vulnerabl ...)
- TODO: check
+ NOT-FOR-US: AVEVA InTouch Access Anywhere
CVE-2022-23853 (The LSP (Language Server Protocol) plugin in KDE Kate before 21.12.2 a ...)
- kate 4:21.12.2-1
[bullseye] - kate <no-dsa> (Minor issue)
@@ -74627,7 +74627,7 @@ CVE-2022-23557 (Tensorflow is an Open Source Machine Learning Framework. An atta
CVE-2022-23556 (CodeIgniter is a PHP full-stack web framework. This vulnerability may ...)
- codeigniter <itp> (bug #471583)
CVE-2022-23555 (authentik is an open-source Identity Provider focused on flexibility a ...)
- TODO: check
+ NOT-FOR-US: authentik
CVE-2022-23554 (Alpine is a scaffolding library in Java. Alpine prior to version 1.10. ...)
TODO: check
CVE-2022-23553 (Alpine is a scaffolding library in Java. Alpine prior to version 1.10. ...)
@@ -74655,11 +74655,11 @@ CVE-2022-23546
CVE-2022-23545
RESERVED
CVE-2022-23544 (MeterSphere is a one-stop open source continuous testing platform, cov ...)
- TODO: check
+ NOT-FOR-US: MeterSphere
CVE-2022-23543 (Silverware Games is a social network where people can play games onlin ...)
- TODO: check
+ NOT-FOR-US: Silverware Games
CVE-2022-23542 (OpenFGA is an authorization/permission engine built for developers and ...)
- TODO: check
+ NOT-FOR-US: OpenFGA
CVE-2022-23541 (jsonwebtoken is an implementation of JSON Web Tokens. Versions `<= ...)
NOT-FOR-US: jsonwebtoken node module
CVE-2022-23540 (In versions `<=8.5.1` of `jsonwebtoken` library, lack of algorithm ...)
@@ -74681,9 +74681,9 @@ CVE-2022-23533
CVE-2022-23532
RESERVED
CVE-2022-23531 (GuardDog is a CLI tool to identify malicious PyPI packages. Versions p ...)
- TODO: check
+ NOT-FOR-US: GuardDog
CVE-2022-23530 (GuardDog is a CLI tool to identify malicious PyPI packages. Versions p ...)
- TODO: check
+ NOT-FOR-US: GuardDog
CVE-2022-23529 (node-jsonwebtoken is a JsonWebToken implementation for node.js. For ve ...)
NOT-FOR-US: jsonwebtoken node module
CVE-2022-23528
@@ -74732,7 +74732,7 @@ CVE-2022-23514 (Loofah is a general library for manipulating and transforming HT
CVE-2022-23513 (Pi-Hole is a network-wide ad blocking via your own Linux hardware, Adm ...)
NOT-FOR-US: Pi-Hole
CVE-2022-23512 (MeterSphere is a one-stop open source continuous testing platform. Ver ...)
- TODO: check
+ NOT-FOR-US: MeterSphere
CVE-2022-23511 (A privilege escalation issue exists within the Amazon CloudWatch Agent ...)
NOT-FOR-US: Amazon CloudWatch Agent
CVE-2022-23510 (cube-js is a headless business intelligence platform. In version 0.31. ...)
@@ -74828,7 +74828,7 @@ CVE-2022-23474 (Editor.js is a block-style editor with clean JSON output. Versio
CVE-2022-23473 (Tuleap is an Open Source Suite to improve management of software devel ...)
NOT-FOR-US: Tuleap
CVE-2022-23472 (Passeo is an open source python password generator. Versions prior to ...)
- TODO: check
+ NOT-FOR-US: Passeo
CVE-2022-23471 (containerd is an open source container runtime. A bug was found in con ...)
- containerd 1.6.12~ds1-1
[bullseye] - containerd 1.4.13~ds1-1~deb11u3
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c7432fdb15f4e80ad340c4b9a1719f3d780c2f12
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c7432fdb15f4e80ad340c4b9a1719f3d780c2f12
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221230/237e4188/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list