[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Mon Jul 25 22:11:56 BST 2022
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
4606f138 by Moritz Muehlenhoff at 2022-07-25T23:11:35+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -619,7 +619,7 @@ CVE-2022-36452
CVE-2022-36451
RESERVED
CVE-2022-36450 (Obsidian 0.14.x and 0.15.x before 0.15.5 allows obsidian://hook-get-ad ...)
- TODO: check
+ NOT-FOR-US: Obsidian
CVE-2022-36449
RESERVED
CVE-2022-36448
@@ -627,11 +627,11 @@ CVE-2022-36448
CVE-2022-36447
RESERVED
CVE-2022-36446 (software/apt-lib.pl in Webmin before 1.997 lacks HTML escaping for a U ...)
- TODO: check
+ - webmin <removed>
CVE-2022-36445
RESERVED
CVE-2022-36444 (An issue was discovered in Atos Unify OpenScape SBC 9 and 10 before 10 ...)
- TODO: check
+ NOT-FOR-US: Atos Unify OpenScape SBC
CVE-2022-36443
RESERVED
CVE-2022-36442
@@ -720,7 +720,7 @@ CVE-2022-34859
CVE-2022-33963
RESERVED
CVE-2022-2523 (Cross-site Scripting (XSS) - Reflected in GitHub repository beancount/ ...)
- TODO: check
+ NOT-FOR-US: Fava
CVE-2022-36381
RESERVED
CVE-2022-36293
@@ -843,7 +843,7 @@ CVE-2022-34154
CVE-2022-33970
RESERVED
CVE-2022-33969 (Authenticated WordPress Options Change vulnerability in Biplob Adhikar ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-33943
RESERVED
CVE-2022-33201
@@ -853,7 +853,7 @@ CVE-2022-33142
CVE-2022-2515
RESERVED
CVE-2022-2514 (The time and filter parameters in Fava prior to v1.22 are vulnerable t ...)
- TODO: check
+ NOT-FOR-US: Fava
CVE-2022-2513
RESERVED
CVE-2022-2512
@@ -3455,9 +3455,9 @@ CVE-2022-2343 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to
CVE-2022-2342 (Cross-site Scripting (XSS) - Stored in GitHub repository outline/outli ...)
NOT-FOR-US: outline
CVE-2022-2341 (The Simple Page Transition WordPress plugin through 1.4.1 does not san ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-2340 (The W-DALIL WordPress plugin through 2.0 does not sanitise and escape ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-35299
RESERVED
CVE-2022-35298
@@ -3481,15 +3481,15 @@ CVE-2022-35290
CVE-2022-35289
RESERVED
CVE-2022-35288 (IBM Security Verify Information Queue 10.0.2 could allow a user to obt ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2022-35287 (IBM Security Verify Information Queue 10.0.2 contains hard-coded crede ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2022-35286
RESERVED
CVE-2022-35285 (IBM Security Verify Information Queue 10.0.2 is vulnerable to cross-si ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2022-35284 (IBM Security Verify Information Queue 10.0.2 could disclose sensitive ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2022-35283 (IBM Security Verify Information Queue 10.0.2 could allow an authentica ...)
NOT-FOR-US: IBM
CVE-2022-35282
@@ -4192,15 +4192,15 @@ CVE-2022-34967
CVE-2022-34966
RESERVED
CVE-2022-34965 (OpenTeknik LLC OSSN OPEN SOURCE SOCIAL NETWORK v6.3 LTS was discovered ...)
- TODO: check
+ NOT-FOR-US: OpenTeknik
CVE-2022-34964 (OpenTeknik LLC OSSN OPEN SOURCE SOCIAL NETWORK v6.3 LTS was discovered ...)
- TODO: check
+ NOT-FOR-US: OpenTeknik
CVE-2022-34963 (OpenTeknik LLC OSSN OPEN SOURCE SOCIAL NETWORK v6.3 LTS was discovered ...)
- TODO: check
+ NOT-FOR-US: OpenTeknik
CVE-2022-34962 (OpenTeknik LLC OSSN OPEN SOURCE SOCIAL NETWORK v6.3 LTS was discovered ...)
- TODO: check
+ NOT-FOR-US: OpenTeknik
CVE-2022-34961 (OpenTeknik LLC OSSN OPEN SOURCE SOCIAL NETWORK v6.3 LTS was discovered ...)
- TODO: check
+ NOT-FOR-US: OpenTeknik
CVE-2022-34960
RESERVED
CVE-2022-34959
@@ -4318,7 +4318,7 @@ CVE-2022-2301 (Buffer Over-read in GitHub repository hpjansson/chafa prior to 1.
CVE-2022-2300 (Cross-site Scripting (XSS) - Stored in GitHub repository microweber/mi ...)
NOT-FOR-US: microweber
CVE-2022-2299 (The Allow SVG Files WordPress plugin through 1.1 does not sanitise upl ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-2298 (A vulnerability has been found in SourceCodester Clinics Patient Manag ...)
NOT-FOR-US: Clinics Patient Management System
CVE-2022-2297 (A vulnerability, which was classified as critical, was found in Source ...)
@@ -4553,7 +4553,7 @@ CVE-2022-34148
CVE-2022-33974
RESERVED
CVE-2022-33965 (Multiple Unauthenticated SQL Injection (SQLi) vulnerabilities in Osama ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-33961
RESERVED
CVE-2022-33960 (Multiple Authenticated (subscriber or higher user role) SQL Injection ...)
@@ -4888,9 +4888,9 @@ CVE-2022-2242
CVE-2022-2241
RESERVED
CVE-2022-2240 (The Request a Quote WordPress plugin through 2.3.7 does not validate u ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-2239 (The Request a Quote WordPress plugin through 2.3.7 does not sanitise a ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-2238
RESERVED
NOT-FOR-US: Red Hat Advanced Cluster Management for Kubernetes 2 / Stolostron
@@ -5126,7 +5126,7 @@ CVE-2022-2220
RESERVED
NOT-FOR-US: OpenShift
CVE-2022-2219 (The Unyson WordPress plugin before 2.7.27 does not sanitise and escape ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-2218 (Cross-site Scripting (XSS) - Stored in GitHub repository ionicabizau/p ...)
NOT-FOR-US: Node parse-url
CVE-2022-2217 (Cross-site Scripting (XSS) - Generic in GitHub repository ionicabizau/ ...)
@@ -5981,7 +5981,7 @@ CVE-2022-34348
CVE-2022-2190
RESERVED
CVE-2022-2189 (The WP Video Lightbox WordPress plugin before 1.9.5 does not escape th ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-2188
RESERVED
CVE-2022-2187 (The Contact Form 7 Captcha WordPress plugin before 0.1.2 does not esca ...)
@@ -6567,7 +6567,7 @@ CVE-2022-2133 (The OAuth Single Sign On WordPress plugin before 6.22.6 doesn't v
CVE-2022-2132
RESERVED
CVE-2022-2131 (OpenKM Community Edition in its 6.3.10 version and before was using XM ...)
- TODO: check
+ NOT-FOR-US: OpenKM
CVE-2022-2130 (Cross-site Scripting (XSS) - Reflected in GitHub repository microweber ...)
NOT-FOR-US: microweber
CVE-2022-XXXX [vlc issues fixed in 3.0.13]
@@ -7270,7 +7270,7 @@ CVE-2022-2117 (The GiveWP plugin for WordPress is vulnerable to Sensitive Inform
CVE-2022-2116
RESERVED
CVE-2022-2115 (The Popup Anything WordPress plugin before 2.1.7 does not sanitise and ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-2114 (The Data Tables Generator by Supsystic WordPress plugin before 1.10.20 ...)
NOT-FOR-US: WordPress plugin
CVE-2022-2113 (Cross-site Scripting (XSS) - Stored in GitHub repository inventree/inv ...)
@@ -9312,9 +9312,9 @@ CVE-2022-28710
CVE-2022-27805
RESERVED
CVE-2022-2072 (The Name Directory WordPress plugin before 1.25.3 does not sanitise an ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-2071 (The Name Directory WordPress plugin before 1.25.4 does not have CSRF c ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-2070
RESERVED
CVE-2022-2069
@@ -9346,7 +9346,7 @@ CVE-2022-2061 (Heap-based Buffer Overflow in GitHub repository hpjansson/chafa p
CVE-2022-2060 (Cross-site Scripting (XSS) - Stored in GitHub repository dolibarr/doli ...)
- dolibarr <removed>
CVE-2022-2059 (In Pandora FMS v7.0NG.761 and below, in the agent creation section, th ...)
- TODO: check
+ NOT-FOR-US: Pandora FMS
CVE-2021-46820 (Arbitrary File Deletion vulnerability in XOS-Shop xos_shop_system 1.0. ...)
NOT-FOR-US: XOS-Shop
CVE-2020-36546
@@ -10340,7 +10340,7 @@ CVE-2022-2034
CVE-2022-2033
RESERVED
CVE-2022-2032 (In Pandora FMS v7.0NG.761 and below, in the file manager section, the ...)
- TODO: check
+ NOT-FOR-US: Pandora FMS
CVE-2022-2031
RESERVED
CVE-2022-2030 (A directory traversal vulnerability caused by specific character seque ...)
@@ -17578,7 +17578,7 @@ CVE-2022-30115 (Using its HSTS support, curl can be instructed to use HTTPS dire
NOTE: Introduced by: https://github.com/curl/curl/commit/b27ad8e1d3e68eb3214fcbb398ca436873aa7c67 (curl-7_82_0)
NOTE: Fixed by: https://github.com/curl/curl/commit/fae6fea209a2d4db1582f608bd8cc8000721733a (curl-7_83_1)
CVE-2022-1551 (The SP Project & Document Manager WordPress plugin through 4.57 us ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-1550
REJECTED
CVE-2022-1549 (The WP Athletics WordPress plugin through 1.1.7 does not sanitize para ...)
@@ -18102,7 +18102,7 @@ CVE-2022-1541 (The Video Slider WordPress plugin before 1.4.8 does not sanitize
CVE-2022-1540
RESERVED
CVE-2022-1539 (The Exports and Reports WordPress plugin before 0.9.2 does not sanitiz ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-1538
RESERVED
CVE-2022-1537 (file.copy operations in GruntJS are vulnerable to a TOCTOU race condit ...)
@@ -18874,7 +18874,7 @@ CVE-2022-29711 (LibreNMS v22.3.0 was discovered to contain a cross-site scriptin
CVE-2022-29710 (A cross-site scripting (XSS) vulnerability in uploadConfirm.php of Lim ...)
- limesurvey <itp> (bug #472802)
CVE-2022-29709 (CommuniLink Internet Limited CLink Office v2.0 was discovered to conta ...)
- TODO: check
+ NOT-FOR-US: CommuniLink Internet Limited CLink Office
CVE-2022-29708
RESERVED
CVE-2022-29707
@@ -27362,7 +27362,7 @@ CVE-2022-0901 (The Ad Inserter Free and Pro WordPress plugins before 2.7.12 do n
CVE-2022-0900 (A Stored Cross-Site Scripting (XSS) vulnerability in DivvyDrive's "aci ...)
NOT-FOR-US: DivvyDrive
CVE-2022-0899 (The Header Footer Code Manager WordPress plugin before 1.1.24 does not ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-0898 (The IgniteUp WordPress plugin through 3.4.1 does not sanitise and esca ...)
NOT-FOR-US: WordPress plugin
CVE-2022-0897 (A flaw was found in the libvirt nwfilter driver. The virNWFilterObjLis ...)
@@ -29890,7 +29890,7 @@ CVE-2022-21810
CVE-2022-21803 (This affects the package nconf before 0.11.4. When using the memory en ...)
NOT-FOR-US: node nconf
CVE-2022-21802 (The package grapesjs before 0.19.5 are vulnerable to Cross-site Script ...)
- TODO: check
+ NOT-FOR-US: grapejs
CVE-2022-21797
RESERVED
CVE-2022-21235 (The package github.com/masterminds/vcs before 1.13.3 are vulnerable to ...)
@@ -32018,7 +32018,7 @@ CVE-2022-0596 (Business Logic Errors in Packagist microweber/microweber prior to
CVE-2022-0595 (The Drag and Drop Multiple File Upload WordPress plugin before 1.3.6.3 ...)
NOT-FOR-US: WordPress plugin
CVE-2022-0594 (The Professional Social Sharing Buttons, Icons & Related Posts Wor ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-0593 (The Login with phone number WordPress plugin before 1.3.7 includes a f ...)
NOT-FOR-US: WordPress plugin
CVE-2022-0592 (The MapSVG WordPress plugin before 6.2.20 does not validate and escape ...)
@@ -32368,7 +32368,7 @@ CVE-2022-24994
CVE-2022-24993
RESERVED
CVE-2022-24992 (A vulnerability in the component process.php of QR Code Generator v5.2 ...)
- TODO: check
+ NOT-FOR-US: QR Code Generator
CVE-2022-24991
RESERVED
CVE-2022-24990
@@ -35401,7 +35401,7 @@ CVE-2022-24085
CVE-2022-24084
RESERVED
CVE-2022-24083 (Password authentication bypass vulnerability for local accounts can be ...)
- TODO: check
+ NOT-FOR-US: Pega
CVE-2022-24082 (If an on-premise installation of the Pega Platform is configured with ...)
NOT-FOR-US: Pega Platform
CVE-2022-24081
@@ -62545,9 +62545,9 @@ CVE-2021-40338 (Hitachi Energy LinkOne product, has a vulnerability due to a web
CVE-2021-40337 (Cross-site Scripting (XSS) vulnerability in Hitachi Energy LinkOne all ...)
NOT-FOR-US: Hitachi
CVE-2021-40336 (A vulnerability exists in the http web interface where the web interfa ...)
- TODO: check
+ NOT-FOR-US: Hitachi
CVE-2021-40335 (A vulnerability exists in the HTTP web interface where the web interfa ...)
- TODO: check
+ NOT-FOR-US: Hitachi
CVE-2021-40334 (Missing Handler vulnerability in the proprietary management protocol ( ...)
NOT-FOR-US: Hitachi
CVE-2021-40333 (Weak Password Requirements vulnerability in Hitachi Energy FOX61x, XCM ...)
@@ -104950,7 +104950,7 @@ CVE-2021-23453
CVE-2021-23452 (This affects all versions of package x-assign. The global proto object ...)
NOT-FOR-US: x-assign JS
CVE-2021-23451 (The package otp-generator before 3.0.0 are vulnerable to Insecure Rand ...)
- TODO: check
+ NOT-FOR-US: Node otp-generator
CVE-2021-23450 (All versions of package dojo are vulnerable to Prototype Pollution via ...)
- dojo <unfixed> (bug #1014785)
[bullseye] - dojo <no-dsa> (Minor issue)
@@ -105100,7 +105100,7 @@ CVE-2021-23399 (This affects all versions of package wincred. If attacker-contro
CVE-2021-23398 (All versions of package react-bootstrap-table are vulnerable to Cross- ...)
NOT-FOR-US: react-bootstrap-table
CVE-2021-23397 (All versions of package @ianwalter/merge are vulnerable to Prototype P ...)
- TODO: check
+ NOT-FOR-US: Node @ianwalter/merge
CVE-2021-23396 (All versions of package lutils are vulnerable to Prototype Pollution v ...)
NOT-FOR-US: Node lutils
CVE-2021-23395 (This affects all versions of package nedb. The library could be tricke ...)
@@ -105156,7 +105156,7 @@ CVE-2021-23375 (This affects all versions of package psnode. If attacker-control
CVE-2021-23374 (This affects all versions of package ps-visitor. If attacker-controlle ...)
NOT-FOR-US: Node ps-visitor
CVE-2021-23373 (All versions of package set-deep-prop are vulnerable to Prototype Poll ...)
- TODO: check
+ NOT-FOR-US: Node set-deep-prop
CVE-2021-23372 (All versions of package mongo-express are vulnerable to Denial of Serv ...)
NOT-FOR-US: mongo-express
CVE-2021-23371 (This affects the package chrono-node before 2.2.4. It hangs on a date- ...)
@@ -122195,7 +122195,7 @@ CVE-2020-28473 (The package bottle from 0 and before 0.12.19 are vulnerable to W
CVE-2020-28472 (This affects the package @aws-sdk/shared-ini-file-loader before 1.0.0- ...)
NOT-FOR-US: aws-sdk-js
CVE-2020-28471 (This affects the package properties-reader before 2.2.0. ...)
- TODO: check
+ NOT-FOR-US: Node properties-reader
CVE-2020-28470 (This affects the package @scullyio/scully before 1.0.9. The transfer s ...)
NOT-FOR-US: scully
CVE-2020-28469 (This affects the package glob-parent before 5.1.2. The enclosure regex ...)
@@ -122224,13 +122224,13 @@ CVE-2020-28463 (All versions of package reportlab are vulnerable to Server-side
NOTE: Starting in 3.5.55 trustedSchemes and trustedHosts rl_config variables are introduced
NOTE: which can be used to mitigate the issue, treating this as the fixed version
CVE-2020-28462 (This affects all versions of package ion-parser. If an attacker submit ...)
- TODO: check
+ NOT-FOR-US: Node ion-parser
CVE-2020-28461 (This affects the package js-ini before 1.3.0. If an attacker submits a ...)
- TODO: check
+ NOT-FOR-US: Node js-ini
CVE-2020-28460 (This affects the package multi-ini before 2.1.2. It is possible to pol ...)
NOT-FOR-US: Node multi-ini
CVE-2020-28459 (This affects all versions of package markdown-it-decorate. An attacker ...)
- TODO: check
+ NOT-FOR-US: Node markdown-it-decorate
CVE-2020-28458 (All versions of package datatables.net are vulnerable to Prototype Pol ...)
NOT-FOR-US: Node datatables.net
CVE-2020-28457 (This affects the package s-cart/core before 4.4. The search functional ...)
@@ -122238,7 +122238,7 @@ CVE-2020-28457 (This affects the package s-cart/core before 4.4. The search func
CVE-2020-28456 (The package s-cart/core before 4.4 are vulnerable to Cross-site Script ...)
NOT-FOR-US: s-cart/core
CVE-2020-28455 (This affects all versions of package markdown-it-toc. The title of the ...)
- TODO: check
+ NOT-FOR-US: Node markdown-it-toc
CVE-2020-28454
RESERVED
CVE-2020-28453
@@ -122254,31 +122254,31 @@ CVE-2020-28449 (This affects all versions of package decal. The vulnerability is
CVE-2020-28448 (This affects the package multi-ini before 2.1.1. It is possible to pol ...)
NOT-FOR-US: Node multi-ini
CVE-2020-28447 (This affects all versions of package xopen. The injection point is loc ...)
- TODO: check
+ NOT-FOR-US: Node xopen
CVE-2020-28446 (The package ntesseract before 0.2.9 are vulnerable to Command Injectio ...)
- TODO: check
+ NOT-FOR-US: Node ntesseract
CVE-2020-28445 (This affects all versions of package npm-help. The injection point is ...)
- TODO: check
+ NOT-FOR-US: Node npm-help
CVE-2020-28444
RESERVED
CVE-2020-28443 (This affects all versions of package sonar-wrapper. The injection poin ...)
- TODO: check
+ NOT-FOR-US: Node sonar-wrapper
CVE-2020-28442 (All versions of package js-data are vulnerable to Prototype Pollution ...)
NOT-FOR-US: Node js-data
CVE-2020-28441 (This affects the package conf-cfg-ini before 1.2.2. If an attacker sub ...)
- TODO: check
+ NOT-FOR-US: Node conf-cfg-ini
CVE-2020-28440 (All versions of package corenlp-js-interface are vulnerable to Command ...)
NOT-FOR-US: corenlp-js-interface
CVE-2020-28439 (This affects all versions of package corenlp-js-prefab. The injection ...)
NOT-FOR-US: corenlp-js-prefab
CVE-2020-28438 (This affects all versions of package deferred-exec. The injection poin ...)
- TODO: check
+ NOT-FOR-US: Node deferred-exec
CVE-2020-28437
RESERVED
CVE-2020-28436 (This affects all versions of package google-cloudstorage-commands. ...)
- TODO: check
+ NOT-FOR-US: Node google-cloudstorage-commands
CVE-2020-28435 (This affects all versions of package ffmpeg-sdk. The injection point i ...)
- TODO: check
+ NOT-FOR-US: Node ffmpeg-sdk
CVE-2020-28434
RESERVED
CVE-2020-28433
@@ -122304,7 +122304,7 @@ CVE-2020-28424
CVE-2020-28423
RESERVED
CVE-2020-28422 (All versions of package git-archive are vulnerable to Command Injectio ...)
- TODO: check
+ NOT-FOR-US: Node git-archive
CVE-2020-28421 (CA Unified Infrastructure Management 20.1 and earlier contains a vulne ...)
NOT-FOR-US: CA Unified Infrastructure Management
CVE-2020-28420
@@ -176141,7 +176141,7 @@ CVE-2020-7680 (docsify prior to 4.11.4 is susceptible to Cross-site Scripting (X
CVE-2020-7679 (In all versions of package casperjs, the mergeObjects utility function ...)
NOT-FOR-US: Node casperjs
CVE-2020-7678 (This affects all versions of package node-import. The "params" argumen ...)
- TODO: check
+ NOT-FOR-US: Node node-import
CVE-2020-7677 (This affects the package thenify before 3.3.1. The name argument provi ...)
TODO: check
CVE-2020-7676 (angular.js prior to 1.8.0 allows cross site scripting. The regex-based ...)
@@ -176216,7 +176216,7 @@ CVE-2020-7651 (All versions of snyk-broker before 4.79.0 are vulnerable to Arbit
CVE-2020-7650 (All versions of snyk-broker after 4.72.0 including and before 4.73.1 a ...)
NOT-FOR-US: snyk-broker
CVE-2020-7649 (This affects the package snyk-broker before 4.73.0. It allows arbitrar ...)
- TODO: check
+ NOT-FOR-US: snyk-broker
CVE-2020-7648 (All versions of snyk-broker before 4.72.2 are vulnerable to Arbitrary ...)
NOT-FOR-US: snyk-broker
CVE-2020-7647 (All versions before 1.6.7 and all versions after 2.0.0 inclusive and b ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4606f13875fffb23c910bba82904b8d22aaf9e3d
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4606f13875fffb23c910bba82904b8d22aaf9e3d
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220725/14b2dfa7/attachment.htm>
More information about the debian-security-tracker-commits
mailing list