[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Sat Jul 23 19:00:37 BST 2022
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
38d0fa6b by Moritz Muehlenhoff at 2022-07-23T20:00:17+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,7 +1,7 @@
CVE-2022-36415 (A DLL hijacking vulnerability exists in the uninstaller in Scooter Bey ...)
- TODO: check
+ NOT-FOR-US: Scooter Beyond Compare
CVE-2022-36414 (There is an elevation of privilege breakout vulnerability in the Windo ...)
- TODO: check
+ NOT-FOR-US: Scooter Beyond Compare
CVE-2022-36413
RESERVED
CVE-2022-36412
@@ -13,7 +13,7 @@ CVE-2022-36410
CVE-2022-36409
RESERVED
CVE-2022-36408 (PrestaShop 1.6.0.10 through 1.7.x before 1.7.8.2 allows remote attacke ...)
- TODO: check
+ NOT-FOR-US: PrestaShop
CVE-2022-36398
RESERVED
CVE-2022-36396
@@ -35,7 +35,7 @@ CVE-2022-34153
CVE-2022-34147
RESERVED
CVE-2022-31137 (Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Kee ...)
- TODO: check
+ NOT-FOR-US: Roxy-WI
CVE-2022-2522
RESERVED
CVE-2022-2521
@@ -3430,11 +3430,11 @@ CVE-2022-34985
CVE-2022-34984
RESERVED
CVE-2022-34983 (The scu-captcha package in PyPI v0.0.1 to v0.0.4 included a code execu ...)
- TODO: check
+ NOT-FOR-US: scu-captchaC
CVE-2022-34982 (The eziod package in PyPI before v0.0.1 included a code execution back ...)
- TODO: check
+ NOT-FOR-US: eziod
CVE-2022-34981 (The PyCrowdTangle package in PyPI before v0.0.1 included a code execut ...)
- TODO: check
+ NOT-FOR-US: PyCrowdTangle
CVE-2022-34980
RESERVED
CVE-2022-34979
@@ -4750,7 +4750,7 @@ CVE-2022-34511
CVE-2022-34510
RESERVED
CVE-2022-34509 (The wikifaces package in PyPI v1.0 included a code execution backdoor ...)
- TODO: check
+ NOT-FOR-US: wikifaces
CVE-2022-34508
RESERVED
CVE-2022-34507
@@ -4766,9 +4766,9 @@ CVE-2022-34503 (QPDF v8.4.2 was discovered to contain a heap buffer overflow via
CVE-2022-34502 (Radare2 v5.7.0 was discovered to contain a heap buffer overflow via th ...)
TODO: check
CVE-2022-34501 (The bin-collection package in PyPI before v0.1 included a code executi ...)
- TODO: check
+ NOT-FOR-US: bin-collection
CVE-2022-34500 (The bin-collect package in PyPI before v0.1 included a code execution ...)
- TODO: check
+ NOT-FOR-US: bin-collect
CVE-2022-34499
RESERVED
CVE-2022-34498
@@ -5906,13 +5906,13 @@ CVE-2022-34117
CVE-2022-34116
RESERVED
CVE-2022-34115 (Dataease v1.11.1 was discovered to contain a SQL injection vulnerabili ...)
- TODO: check
+ NOT-FOR-US: Dataease
CVE-2022-34114 (Dataease v1.11.1 was discovered to contain a SQL injection vulnerabili ...)
- TODO: check
+ NOT-FOR-US: Dataease
CVE-2022-34113 (An issue in the component /api/plugin/upload of Dataease v1.11.1 allow ...)
- TODO: check
+ NOT-FOR-US: Dataease
CVE-2022-34112 (An access control issue in the component /api/plugin/uninstall Dataeas ...)
- TODO: check
+ NOT-FOR-US: Dataease
CVE-2022-34111
RESERVED
CVE-2022-34110
@@ -12759,57 +12759,57 @@ CVE-2022-31538 (The joaopedro-fg/mp-m08-interface repository through 2020-12-10
CVE-2022-31537 (The jmcginty15/Solar-system-simulator repository through 2021-07-26 on ...)
NOT-FOR-US: jmcginty15/Solar-system-simulator
CVE-2022-31536 (The jaygarza1982/ytdl-sync repository through 2021-01-02 on GitHub all ...)
- TODO: check
+ NOT-FOR-US: jaygarza1982/ytdl-sync
CVE-2022-31535 (The freefood89/Fishtank repository through 2015-06-24 on GitHub allows ...)
- TODO: check
+ NOT-FOR-US: freefood89/Fishtank
CVE-2022-31534 (The echoleegroup/PythonWeb repository through 2018-10-31 on GitHub all ...)
- TODO: check
+ NOT-FOR-US: echoleegroup/PythonWeb
CVE-2022-31533 (The decentraminds/umbral repository through 2020-01-15 on GitHub allow ...)
- TODO: check
+ NOT-FOR-US: decentraminds/umbral
CVE-2022-31532 (The dankolbman/travel_blahg repository through 2016-01-16 on GitHub al ...)
- TODO: check
+ NOT-FOR-US: dankolbman/travel_blahg
CVE-2022-31531 (The dainst/cilantro repository through 0.0.4 on GitHub allows absolute ...)
- TODO: check
+ NOT-FOR-US: dainst/cilantro
CVE-2022-31530 (The csm-aut/csm repository through 3.5 on GitHub allows absolute path ...)
- TODO: check
+ NOT-FOR-US: csm-aut/csm
CVE-2022-31529 (The cinemaproject/monorepo repository through 2021-03-03 on GitHub all ...)
- TODO: check
+ NOT-FOR-US: cinemaproject/monorepo
CVE-2022-31528 (The bonn-activity-maps/bam_annotation_tool repository through 2021-08- ...)
- TODO: check
+ NOT-FOR-US: bonn-activity-maps/bam_annotation_tool
CVE-2022-31527 (The Wildog/flask-file-server repository through 2020-02-20 on GitHub a ...)
- TODO: check
+ NOT-FOR-US: Wildog/flask-file-server
CVE-2022-31526 (The ThundeRatz/ThunderDocs repository through 2020-05-01 on GitHub all ...)
- TODO: check
+ NOT-FOR-US: ThundeRatz/ThunderDocs
CVE-2022-31525 (The SummaLabs/DLS repository through 0.1.0 on GitHub allows absolute p ...)
- TODO: check
+ NOT-FOR-US: SummaLabs/DLS
CVE-2022-31524 (The PureStorage-OpenConnect/swagger repository through 1.1.5 on GitHub ...)
- TODO: check
+ NOT-FOR-US: PureStorage-OpenConnect/swagger
CVE-2022-31523 (The PaddlePaddle/Anakin repository through 0.1.1 on GitHub allows abso ...)
- TODO: check
+ NOT-FOR-US: PaddlePaddle/Anakin
CVE-2022-31522 (The NotVinay/karaokey repository through 2019-12-11 on GitHub allows a ...)
- TODO: check
+ NOT-FOR-US: NotVinay/karaokey
CVE-2022-31521 (The Niyaz-Mohamed/mosaic repository through 1.0.0 on GitHub allows abs ...)
- TODO: check
+ NOT-FOR-US: Niyaz-Mohamed/mosaic
CVE-2022-31520 (The Luxas98/logstash-management-api repository through 2020-05-04 on G ...)
- TODO: check
+ NOT-FOR-US: Luxas98/logstash-management-api
CVE-2022-31519 (The Lukasavicus/WindMill repository through 1.0 on GitHub allows absol ...)
- TODO: check
+ NOT-FOR-US: Lukasavicus/WindMill
CVE-2022-31518 (The JustAnotherSoftwareDeveloper/Python-Recipe-Database repository thr ...)
- TODO: check
+ NOT-FOR-US: JustAnotherSoftwareDeveloper/Python-Recipe-Database
CVE-2022-31517 (The HolgerGraef/MSM repository through 2021-04-20 on GitHub allows abs ...)
- TODO: check
+ NOT-FOR-US: HolgerGraef/MSM
CVE-2022-31516 (The Harveyzyh/Python repository through 2022-05-04 on GitHub allows ab ...)
- TODO: check
+ NOT-FOR-US: Harveyzyh/Python
CVE-2022-31515 (The Delor4/CarceresBE repository through 1.0 on GitHub allows absolute ...)
- TODO: check
+ NOT-FOR-US: Delor4/CarceresBE
CVE-2022-31514 (The Caoyongqi912/Fan_Platform repository through 2021-04-20 on GitHub ...)
- TODO: check
+ NOT-FOR-US: Caoyongqi912/Fan_Platform
CVE-2022-31513 (The BolunHan/Krypton repository through 2021-06-03 on GitHub allows ab ...)
- TODO: check
+ NOT-FOR-US: BolunHan/Krypton
CVE-2022-31512 (The Atom02/flask-mvc repository through 2020-09-14 on GitHub allows ab ...)
- TODO: check
+ NOT-FOR-US: Atom02/flask-mvc
CVE-2022-31511 (The AFDudley/equanimity repository through 2014-04-23 on GitHub allows ...)
- TODO: check
+ NOT-FOR-US: AFDudley/equanimity
CVE-2022-31510 (The sergeKashkin/Simple-RAT repository before 2022-05-03 on GitHub all ...)
TODO: check
CVE-2022-31509 (The iedadata/usap-dc-website repository through 1.0.1 on GitHub allows ...)
@@ -13629,7 +13629,7 @@ CVE-2022-31164 (Tovy is a a staff management system for Roblox groups. A vulnera
CVE-2022-31163 (TZInfo is a Ruby library that provides access to time zone data and al ...)
TODO: check
CVE-2022-31162 (Slack Morphism is an async client library for Rust. Prior to 0.41.0, i ...)
- TODO: check
+ NOT-FOR-US: Slack Morphism
CVE-2022-31161 (Roxy-WI is a Web interface for managing HAProxy, Nginx and Keepalived ...)
NOT-FOR-US: Roxy-WI
CVE-2022-31160 (jQuery UI is a curated set of user interface interactions, effects, wi ...)
@@ -13677,7 +13677,7 @@ CVE-2022-31142 (@fastify/bearer-auth is a Fastify plugin to require bearer Autho
CVE-2022-31141
RESERVED
CVE-2022-31140 (Valinor is a PHP library that helps to map any input into a strongly-t ...)
- TODO: check
+ NOT-FOR-US: Valinor (different from src:valinor)
CVE-2022-31139 (UnsafeAccessor (UA) is a bridge to access jdk.internal.misc.Unsafe &am ...)
NOT-FOR-US: UnsafeAccessor
CVE-2022-31138 (mailcow is a mailserver suite. Prior to mailcow-dockerized version 202 ...)
@@ -13712,7 +13712,7 @@ CVE-2022-31126 (Roxy-wi is an open source web interface for managing Haproxy, Ng
CVE-2022-31125 (Roxy-wi is an open source web interface for managing Haproxy, Nginx, A ...)
NOT-FOR-US: Roxy-wi
CVE-2022-31124 (openssh_key_parser is an open source Python package providing utilitie ...)
- TODO: check
+ NOT-FOR-US: openssh_key_parser
CVE-2022-31123
RESERVED
CVE-2022-31122
@@ -13738,7 +13738,7 @@ CVE-2022-31116 (UltraJSON is a fast JSON encoder and decoder written in pure C w
NOTE: https://github.com/ultrajson/ultrajson/security/advisories/GHSA-wpqr-jcpx-745r
NOTE: https://github.com/ultrajson/ultrajson/commit/67ec07183342589d602e0fcf7bb1ff3e19272687 (5.4.0)
CVE-2022-31115 (opensearch-ruby is a community-driven, open source fork of elasticsear ...)
- TODO: check
+ NOT-FOR-US: opensearch-ruby
CVE-2022-31114
RESERVED
CVE-2022-31113 (Canarytokens is an open source tool which helps track activity and act ...)
@@ -15191,7 +15191,7 @@ CVE-2022-30629
CVE-2022-30628 (It was possible to download all receipts without authentication. Must ...)
NOT-FOR-US: Supersmart.me
CVE-2022-30627 (This vulnerability affects all of the company's products that also inc ...)
- TODO: check
+ NOT-FOR-US: Chcnav
CVE-2022-30626 (Browsing the path: http://ip/wifi_ap_pata_get.cmd, will show in the na ...)
TODO: check
CVE-2022-30625 (Directory listing is a web server function that displays the directory ...)
@@ -15350,7 +15350,7 @@ CVE-2022-30593
CVE-2022-30592 (liblsquic/lsquic_qenc_hdl.c in LiteSpeed QUIC (aka LSQUIC) before 3.1. ...)
NOT-FOR-US: LiteSpeed QUIC (aka LSQUIC)
CVE-2022-30591 (** DISPUTED ** quic-go through 0.27.0 allows remote attackers to cause ...)
- TODO: check
+ NOT-FOR-US: quic-go
CVE-2022-30590
RESERVED
CVE-2022-30589
@@ -15619,7 +15619,7 @@ CVE-2022-1648
CVE-2022-1647 (The FormCraft WordPress plugin before 1.2.6 does not sanitise and esca ...)
NOT-FOR-US: WordPress plugin
CVE-2022-30526 (A privilege escalation vulnerability was identified in the CLI command ...)
- TODO: check
+ NOT-FOR-US: Zyxel
CVE-2022-30525 (A OS command injection vulnerability in the CGI program of Zyxel USG F ...)
NOT-FOR-US: Zyxel
CVE-2022-1646 (The Simple Real Estate Pack WordPress plugin through 1.4.8 does not sa ...)
@@ -17156,7 +17156,6 @@ CVE-2022-29971 (An argument injection vulnerability in the browser-based authent
CVE-2022-29970 (Sinatra before 2.2.0 does not validate that the expanded path matches ...)
- ruby-sinatra <unfixed> (bug #1014717)
NOTE: https://github.com/sinatra/sinatra/commit/462c3ca1db53ed3cfc394cf5948e9c948ad1c10e (v2.2.0)
- TODO: check where issue is introduced
CVE-2022-29969 (The RSS extension before 2022-04-29 for MediaWiki allows XSS via an rs ...)
NOT-FOR-US: RSS extension for MediaWiki
CVE-2022-29968 (An issue was discovered in the Linux kernel through 5.17.5. io_rw_init ...)
@@ -17603,7 +17602,7 @@ CVE-2022-29836
CVE-2022-29835
RESERVED
CVE-2022-29834 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
- TODO: check
+ NOT-FOR-US: ICONICS
CVE-2022-29833
RESERVED
CVE-2022-29832
@@ -24671,7 +24670,7 @@ CVE-2022-27436 (A cross-site scripting (XSS) vulnerability in /public/admin/inde
CVE-2022-27435 (An unrestricted file upload at /public/admin/index.php?add_product of ...)
NOT-FOR-US: ashymuzuro/Full-Ecommece-Website
CVE-2022-27434 (UNIT4 TETA Mobile Edition (ME) before 29.5.HF17 was discovered to cont ...)
- TODO: check
+ NOT-FOR-US: UNIT4
CVE-2022-27433
RESERVED
CVE-2022-27432 (A Cross-Site Request Forgery (CSRF) in Pluck CMS v4.7.15 allows attack ...)
@@ -29047,7 +29046,7 @@ CVE-2022-25324 (All versions of package bignum are vulnerable to Denial of Servi
CVE-2022-25304
RESERVED
CVE-2022-25303 (The package whoogle-search before 0.7.2 are vulnerable to Cross-site S ...)
- TODO: check
+ NOT-FOR-US: whoogle-search
CVE-2022-25302
RESERVED
CVE-2022-25301 (All versions of package jsgui-lang-essentials are vulnerable to Protot ...)
@@ -37026,7 +37025,7 @@ CVE-2022-23440 (A use of hard-coded cryptographic key vulnerability [CWE-321] in
CVE-2022-23439
RESERVED
CVE-2022-23438 (An improper neutralization of input during web page generation ('Cross ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2022-23437 (There's a vulnerability within the Apache Xerces Java (XercesJ) XML pa ...)
- libxerces2-java <unfixed>
[bullseye] - libxerces2-java <postponed> (revisit when/if fix is complete)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/38d0fa6b818c5d814198f95ed5d32c2fb3d15db4
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/38d0fa6b818c5d814198f95ed5d32c2fb3d15db4
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220723/8086aa13/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list