[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Tue Jul 19 16:18:19 BST 2022
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
b54910e6 by Moritz Muehlenhoff at 2022-07-19T17:17:59+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1025,7 +1025,7 @@ CVE-2022-35863
CVE-2022-35862
RESERVED
CVE-2022-35861 (pyenv 1.2.24 through 2.3.2 allows local users to gain privileges via a ...)
- TODO: check
+ NOT-FOR-US: pyenv
CVE-2022-35860
RESERVED
CVE-2022-35859
@@ -3211,7 +3211,7 @@ CVE-2022-34915
CVE-2022-34914 (Webswing before 22.1.3 allows X-Forwarded-For header injection. The cl ...)
NOT-FOR-US: Webswing
CVE-2022-34913 (** DISPUTED ** md2roff 1.7 has a stack-based buffer overflow via a Mar ...)
- TODO: check
+ NOT-FOR-US: md2roff
CVE-2022-34912 (An issue was discovered in MediaWiki before 1.37.3 and 1.38.x before 1 ...)
- mediawiki 1:1.35.7-1
[bullseye] - mediawiki <postponed> (Minor issue, fix along with next security release)
@@ -5644,17 +5644,17 @@ CVE-2022-34034
CVE-2022-34033 (HTMLDoc v1.9.15 was discovered to contain a heap overflow via (write_h ...)
TODO: check
CVE-2022-34032 (Nginx NJS v0.7.5 was discovered to contain a segmentation violation in ...)
- TODO: check
+ NOT-FOR-US: njs
CVE-2022-34031 (Nginx NJS v0.7.5 was discovered to contain a segmentation violation vi ...)
- TODO: check
+ NOT-FOR-US: njs
CVE-2022-34030 (Nginx NJS v0.7.5 was discovered to contain a segmentation violation vi ...)
- TODO: check
+ NOT-FOR-US: njs
CVE-2022-34029 (Nginx NJS v0.7.4 was discovered to contain an out-of-bounds read via n ...)
- TODO: check
+ NOT-FOR-US: njs
CVE-2022-34028 (Nginx NJS v0.7.5 was discovered to contain a segmentation violation vi ...)
- TODO: check
+ NOT-FOR-US: njs
CVE-2022-34027 (Nginx NJS v0.7.4 was discovered to contain a segmentation violation vi ...)
- TODO: check
+ NOT-FOR-US: njs
CVE-2022-34026
RESERVED
CVE-2022-34025
@@ -9849,7 +9849,7 @@ CVE-2022-32292
CVE-2022-32291 (In Real Player through 20.1.0.312, attackers can execute arbitrary cod ...)
NOT-FOR-US: Real Player
CVE-2022-32290 (The client in Northern.tech Mender 3.2.0, 3.2.1, and 3.2.2 has Incorre ...)
- TODO: check
+ NOT-FOR-US: Northern.tech Mender
CVE-2017-20040 (A vulnerability was found in SICUNET Access Controller 0.32-05z. It ha ...)
NOT-FOR-US: SICUNET Access Controller
CVE-2017-20039 (A vulnerability was found in SICUNET Access Controller 0.32-05z. It ha ...)
@@ -10044,7 +10044,7 @@ CVE-2022-32265 (qDecoder before 12.1.0 does not ensure that the percent characte
CVE-2022-32264
RESERVED
CVE-2022-32263 (Pexip Infinity before 28.1 allows remote attackers to trigger a softwa ...)
- TODO: check
+ NOT-FOR-US: Pexip Infinity
CVE-2022-32262 (A vulnerability has been identified in SINEMA Remote Connect Server (A ...)
NOT-FOR-US: Siemens
CVE-2022-32261 (A vulnerability has been identified in SINEMA Remote Connect Server (A ...)
@@ -10150,7 +10150,7 @@ CVE-2022-32227
CVE-2022-32226
RESERVED
CVE-2022-32225 (A reflected DOM-Based XSS vulnerability has been discovered in the Hel ...)
- TODO: check
+ NOT-FOR-US: Veeam
CVE-2022-32224
RESERVED
CVE-2022-32223 (Node.js is vulnerable to Hijack Execution Flow: DLL Hijacking under ce ...)
@@ -10535,7 +10535,7 @@ CVE-2022-32116
CVE-2022-32115 (An issue in the isSVG() function of Known v1.2.2+2020061101 allows att ...)
NOT-FOR-US: Known
CVE-2022-32114 (An unrestricted file upload vulnerability in the Add New Assets functi ...)
- TODO: check
+ NOT-FOR-US: Strapi
CVE-2022-32113
RESERVED
CVE-2022-32112
@@ -10651,7 +10651,7 @@ CVE-2022-32076
CVE-2022-32075
RESERVED
CVE-2022-32074 (A stored cross-site scripting (XSS) vulnerability in the component aud ...)
- TODO: check
+ NOT-FOR-US: osTicket-plugins
CVE-2022-32073 (WolfSSH v1.4.7 was discovered to contain an integer overflow via the f ...)
- wolfssh <itp> (bug #983449)
CVE-2022-32072
@@ -10669,7 +10669,7 @@ CVE-2022-32067
CVE-2022-32066
RESERVED
CVE-2022-32065 (An arbitrary file upload vulnerability in the background management mo ...)
- TODO: check
+ NOT-FOR-US: RuoYi
CVE-2022-32064
RESERVED
CVE-2022-32063
@@ -11297,7 +11297,7 @@ CVE-2022-31795 (An issue was discovered on Fujitsu ETERNUS CentricStor CS8000 (C
CVE-2022-31794 (An issue was discovered on Fujitsu ETERNUS CentricStor CS8000 (Control ...)
NOT-FOR-US: Fujitsu
CVE-2022-1933 (The CDI WordPress plugin before 5.1.9 does not sanitise and escape a p ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-1932
RESERVED
CVE-2022-31799 (Bottle before 0.12.20 mishandles errors during early request binding. ...)
@@ -11414,7 +11414,7 @@ CVE-2022-1914 (The Clean-Contact WordPress plugin through 1.6 does not have CSRF
CVE-2022-1913 (The Add Post URL WordPress plugin through 2.1.0 does not have CSRF che ...)
NOT-FOR-US: WordPress plugin
CVE-2022-1912 (The Button Widget Smartsoft plugin for WordPress is vulnerable to Cros ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-1911
RESERVED
CVE-2022-1910 (The Shortcodes and extra features for Phlox WordPress plugin before 2. ...)
@@ -12206,17 +12206,17 @@ CVE-2022-31590 (SAP PowerDesigner Proxy - version 16.7, allows an attacker with
CVE-2022-31589 (Due to improper authorization check, business users who are using Isra ...)
NOT-FOR-US: SAP
CVE-2022-31588 (The zippies/testplatform repository through 2016-07-19 on GitHub allow ...)
- TODO: check
+ NOT-FOR-US: zippies/testplatform
CVE-2022-31587 (The yuriyouzhou/KG-fashion-chatbot repository through 2018-05-22 on Gi ...)
- TODO: check
+ NOT-FOR-US: yuriyouzhou/KG-fashion-chatbot
CVE-2022-31586 (The unizar-30226-2019-06/ChangePop-Back repository through 2019-06-04 ...)
- TODO: check
+ NOT-FOR-US: unizar-30226-2019-06/ChangePop-Back
CVE-2022-31585 (The umeshpatil-dev/Home__internet repository through 2020-08-28 on Git ...)
- TODO: check
+ NOT-FOR-US: umeshpatil-dev/Home__internet
CVE-2022-31584 (The stonethree/s3label repository through 2019-08-14 on GitHub allows ...)
- TODO: check
+ NOT-FOR-US: stonethree/s3label
CVE-2022-31583 (The sravaniboinepelli/AutomatedQuizEval repository through 2020-04-27 ...)
- TODO: check
+ NOT-FOR-US: sravaniboinepelli/AutomatedQuizEval
CVE-2022-31582 (The shaolo1/VideoServer repository through 2019-09-21 on GitHub allows ...)
TODO: check
CVE-2022-31581 (The scorelab/OpenMF repository before 2022-05-03 on GitHub allows abso ...)
@@ -12939,7 +12939,7 @@ CVE-2022-1809 (Access of Uninitialized Pointer in GitHub repository radareorg/ra
NOTE: https://huntr.dev/bounties/0730a95e-c485-4ff2-9a5d-bb3abfda0b17
NOTE: https://github.com/radareorg/radare2/commit/919e3ac1a13f753c73e7a8e8d8bb4a143218732d
CVE-2022-31260 (In Montala ResourceSpace through 9.8 before r19636, csv_export_results ...)
- TODO: check
+ NOT-FOR-US: Montala ResourceSpace
CVE-2022-31259 (The route lookup process in beego through 1.12.4 and 2.x through 2.0.2 ...)
NOT-FOR-US: Beego
CVE-2022-31258 (In Checkmk before 1.6.0p29, 2.x before 2.0.0p25, and 2.1.x before 2.1. ...)
@@ -12947,7 +12947,7 @@ CVE-2022-31258 (In Checkmk before 1.6.0p29, 2.x before 2.0.0p25, and 2.1.x befor
CVE-2022-1808 (Execution with Unnecessary Privileges in GitHub repository polonel/tru ...)
NOT-FOR-US: Trudesk
CVE-2022-31257 (A vulnerability has been identified in Mendix Applications using Mendi ...)
- TODO: check
+ NOT-FOR-US: Mendix
CVE-2022-31256
RESERVED
CVE-2022-31255
@@ -13074,20 +13074,19 @@ CVE-2022-31213 (An issue was discovered in dbus-broker before 31. Multiple NULL
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2094722
NOTE: "CHANGES WITH 30:" mention: Fix NULL-derefs in the XML configuration parser. Empty XML tags could
NOTE: have caused NULL-derefs before.
- TODO: Isolate upstream commit.
CVE-2022-31212 (An issue was discovered in dbus-broker before 31. It depends on c-uitl ...)
- dbus-broker 30-1 (bug #1013343)
[bullseye] - dbus-broker 26-1+deb11u1
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2094718
NOTE: Fixed by: https://github.com/c-util/c-shquote/commit/7fd15f8e272136955f7ffc37df29fbca9ddceca1 (v1.0.0)
CVE-2022-31211 (An issue was discovered in Infiray IRAY-A8Z3 1.0.957. There is a blank ...)
- TODO: check
+ NOT-FOR-US: Infiray
CVE-2022-31210 (An issue was discovered in Infiray IRAY-A8Z3 1.0.957. The binary file ...)
- TODO: check
+ NOT-FOR-US: Infiray
CVE-2022-31209 (An issue was discovered in Infiray IRAY-A8Z3 1.0.957. The firmware con ...)
- TODO: check
+ NOT-FOR-US: Infiray
CVE-2022-31208 (An issue was discovered in Infiray IRAY-A8Z3 1.0.957. The webserver co ...)
- TODO: check
+ NOT-FOR-US: Infiray
CVE-2022-31207
RESERVED
CVE-2022-31206
@@ -13099,9 +13098,9 @@ CVE-2022-31204
CVE-2022-31203
RESERVED
CVE-2022-31202 (The export function in SoftGuard Web (SGW) before 5.1.5 allows directo ...)
- TODO: check
+ NOT-FOR-US: SoftGuard Web
CVE-2022-31201 (SoftGuard Web (SGW) before 5.1.5 allows HTML injection. ...)
- TODO: check
+ NOT-FOR-US: SoftGuard Web
CVE-2022-31200
RESERVED
CVE-2022-31199
@@ -13183,11 +13182,11 @@ CVE-2022-31163
CVE-2022-31162
RESERVED
CVE-2022-31161 (Roxy-WI is a Web interface for managing HAProxy, Nginx and Keepalived ...)
- TODO: check
+ NOT-FOR-US: Roxy-WI
CVE-2022-31160
RESERVED
CVE-2022-31159 (The AWS SDK for Java enables Java developers to work with Amazon Web S ...)
- TODO: check
+ NOT-FOR-US: AWS SDK for Java
CVE-2022-31158 (LTI 1.3 Tool Library is a library used for building IMS-certified LTI ...)
TODO: check
CVE-2022-31157 (LTI 1.3 Tool Library is a library used for building IMS-certified LTI ...)
@@ -13399,21 +13398,21 @@ CVE-2022-31081 (HTTP::Daemon is a simple http server class written in perl. Vers
NOTE: Fixed by: https://github.com/libwww-perl/HTTP-Daemon/commit/8dc5269d59e2d5d9eb1647d82c449ccd880f7fd0
NOTE: Testcase: https://github.com/libwww-perl/HTTP-Daemon/commit/faebad54455c2c2919e234202362570925fb99d1
CVE-2022-31080 (KubeEdge is an open source system for extending native containerized a ...)
- TODO: check
+ NOT-FOR-US: KubeEdge
CVE-2022-31079 (KubeEdge is an open source system for extending native containerized a ...)
- TODO: check
+ NOT-FOR-US: KubeEdge
CVE-2022-31078 (KubeEdge is an open source system for extending native containerized a ...)
- TODO: check
+ NOT-FOR-US: KubeEdge
CVE-2022-31077 (KubeEdge is built upon Kubernetes and extends native containerized app ...)
NOT-FOR-US: KubeEdge
CVE-2022-31076 (KubeEdge is built upon Kubernetes and extends native containerized app ...)
NOT-FOR-US: KubeEdge
CVE-2022-31075 (KubeEdge is an open source system for extending native containerized a ...)
- TODO: check
+ NOT-FOR-US: KubeEdge
CVE-2022-31074 (KubeEdge is an open source system for extending native containerized a ...)
- TODO: check
+ NOT-FOR-US: KubeEdge
CVE-2022-31073 (KubeEdge is an open source system for extending native containerized a ...)
- TODO: check
+ NOT-FOR-US: KubeEdge
CVE-2022-31072 (Octokit is a Ruby toolkit for the GitHub API. Versions 4.23.0 and 4.24 ...)
- ruby-octokit <not-affected> (No vulnerable version was uploaded to the archive)
NOTE: https://github.com/octokit/octokit.rb/security/advisories/GHSA-g28x-pgr3-qqx6
@@ -13526,7 +13525,7 @@ CVE-2022-31030 (containerd is an open source container runtime. A bug was found
- containerd 1.6.6~ds1-1
NOTE: https://github.com/containerd/containerd/security/advisories/GHSA-5ffw-gxpp-mxpf
CVE-2022-31029 (AdminLTE is a Pi-hole Dashboard for stats and configuration. In affect ...)
- TODO: check
+ NOT-FOR-US: AdminLTE
CVE-2022-31028 (MinIO is a multi-cloud object storage solution. Starting with version ...)
NOT-FOR-US: MinIO
CVE-2022-31027 (OAuthenticator is an OAuth token library for the JupyerHub login handl ...)
@@ -13568,7 +13567,7 @@ CVE-2022-31014 (Nextcloud server is an open source personal cloud server. Affect
CVE-2022-31013 (Chat Server is the chat server for Vartalap, an open-source messaging ...)
NOT-FOR-US: chat server for Vartalap
CVE-2022-31012 (Git for Windows is a fork of Git that contains Windows-specific patche ...)
- TODO: check
+ NOT-FOR-US: Git for Windows
CVE-2022-31011 (TiDB is an open-source NewSQL database that supports Hybrid Transactio ...)
NOT-FOR-US: TiDB
CVE-2022-31010
@@ -13633,9 +13632,9 @@ CVE-2022-30984
CVE-2022-30983
RESERVED
CVE-2022-30982 (An issue was discovered in Gentics CMS before 5.43.1. There is stored ...)
- TODO: check
+ NOT-FOR-US: Gentics CMS
CVE-2022-30981 (An issue was discovered in Gentics CMS before 5.43.1. By uploading a m ...)
- TODO: check
+ NOT-FOR-US: Gentics CMS
CVE-2022-30980
RESERVED
CVE-2022-30979
@@ -13882,7 +13881,7 @@ CVE-2022-30940
CVE-2022-30939
RESERVED
CVE-2022-30938 (A vulnerability has been identified in EN100 Ethernet module DNP3 IP v ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2022-30937 (A vulnerability has been identified in EN100 Ethernet module DNP3 IP v ...)
NOT-FOR-US: Siemens
CVE-2022-30792 (In CmpChannelServer of CODESYS V3 in multiple versions an uncontrolled ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b54910e6703b2420c0b04796b8c06a6ceb68862b
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b54910e6703b2420c0b04796b8c06a6ceb68862b
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220719/ad67b84b/attachment.htm>
More information about the debian-security-tracker-commits
mailing list