[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) jmm at debian.org
Mon Jun 20 09:08:21 BST 2022 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
5c46b102 by Moritz Mühlenhoff at 2022-06-20T10:07:55+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -2380,7 +2380,7 @@ CVE-2017-20054 (A vulnerability was found in XYZScripts Contact Form Manager Plu
 CVE-2017-20053 (A vulnerability was found in XYZScripts Contact Form Manager Plugin. I ...)
 	NOT-FOR-US: XYZScripts Contact Form Manager Plugin
 CVE-2017-20052 (A vulnerability classified as problematic was found in Python 2.7.13.  ...)
-	TODO: check
+	NOT-FOR-US: pgadmin on Windows
 CVE-2022-2058
 	RESERVED
 CVE-2022-2057
@@ -4519,7 +4519,7 @@ CVE-2022-32153 (Splunk Enterprise peers in Splunk Enterprise versions before 9.0
 CVE-2022-32152 (Splunk Enterprise peers in Splunk Enterprise versions before 9.0 and S ...)
 	NOT-FOR-US: Splunk Enterprise
 CVE-2022-32151 (The httplib and urllib Python libraries that Splunk shipped with Splun ...)
-	TODO: check
+	NOT-FOR-US: Splunk
 CVE-2022-32150
 	RESERVED
 CVE-2022-32149
@@ -4563,7 +4563,7 @@ CVE-2022-1960
 CVE-2022-1959
 	RESERVED
 CVE-2022-1958 (A vulnerability classified as critical has been found in FileCloud. Af ...)
-	TODO: check
+	NOT-FOR-US: FileCloud
 CVE-2022-1957
 	RESERVED
 CVE-2022-1956
@@ -5948,7 +5948,7 @@ CVE-2022-31620 (In libjpeg before 1.64, BitStream<false>::Get in bitstream
 	NOTE: https://github.com/thorfdbg/libjpeg/commit/ef4a29a62ab48b8dc235f4af52cfd6319eda9a6a
 	NOTE: Crash in CLI tool, no security impact
 CVE-2022-30533 (Cross-site scripting vulnerability in Modern Events Calendar Lite vers ...)
-	TODO: check
+	NOT-FOR-US: Modern Events Calendar Lite
 CVE-2022-1893 (Exposure of Sensitive Information to an Unauthorized Actor in GitHub r ...)
 	NOT-FOR-US: Trudesk
 CVE-2022-1892
@@ -6947,7 +6947,7 @@ CVE-2022-1815 (Exposure of Sensitive Information to an Unauthorized Actor in Git
 CVE-2022-1814 (The WP Admin Style WordPress plugin through 0.1.2 does not sanitise an ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-30549 (Out-of-bounds read vulnerability exists in V-Server v4.0.11.0 and earl ...)
-	TODO: check
+	NOT-FOR-US: Fuji
 CVE-2022-29524 (Out-of-bounds write vulnerability exists in V-Server v4.0.11.0 and ear ...)
 	NOT-FOR-US: Fuji
 CVE-2022-29506 (Out-of-bounds read vulnerability exist in the simulator module contain ...)
@@ -7017,7 +7017,7 @@ CVE-2022-1807
 CVE-2022-1806 (Cross-site Scripting (XSS) - Reflected in GitHub repository rtxteam/rt ...)
 	NOT-FOR-US: RTX
 CVE-2022-31246 (paymentrequest.py in Electrum before 4.2.2 allows a file:// URL in the ...)
-	TODO: check
+	NOT-FOR-US: Electrum
 CVE-2022-31245 (mailcow before 2022-05d allows a remote authenticated user to inject O ...)
 	NOT-FOR-US: mailcow
 CVE-2022-31244
@@ -7429,7 +7429,7 @@ CVE-2022-31057
 CVE-2022-31056
 	RESERVED
 CVE-2022-31055 (kCTF is a Kubernetes-based infrastructure for capture the flag (CTF) c ...)
-	TODO: check
+	NOT-FOR-US: KCTF
 CVE-2022-31054 (Argo Events is an event-driven workflow automation framework for Kuber ...)
 	NOT-FOR-US: Argo
 CVE-2022-31053 (Biscuit is an authentication and authorization token for microservices ...)
@@ -7439,19 +7439,19 @@ CVE-2022-31052
 CVE-2022-31051 (semantic-release is an open source npm package for automated version m ...)
 	TODO: check
 CVE-2022-31050 (TYPO3 is an open source web content management system. Prior to versio ...)
-	TODO: check
+	NOT-FOR-US: Typo3
 CVE-2022-31049 (TYPO3 is an open source web content management system. Prior to versio ...)
-	TODO: check
+	NOT-FOR-US: Typo3
 CVE-2022-31048 (TYPO3 is an open source web content management system. Prior to versio ...)
-	TODO: check
+	NOT-FOR-US: Typo3
 CVE-2022-31047 (TYPO3 is an open source web content management system. Prior to versio ...)
-	TODO: check
+	NOT-FOR-US: Typo3
 CVE-2022-31046 (TYPO3 is an open source web content management system. Prior to versio ...)
-	TODO: check
+	NOT-FOR-US: Typo3
 CVE-2022-31045 (Istio is an open platform to connect, manage, and secure microservices ...)
 	NOT-FOR-US: Istio
 CVE-2022-31044 (Rundeck is an open source automation service with a web console, comma ...)
-	TODO: check
+	NOT-FOR-US: Rundesk
 CVE-2022-31043 (Guzzle is an open source PHP HTTP client. In affected versions `Author ...)
 	- guzzle 7.4.4-1 (bug #1012821)
 	NOTE: https://github.com/guzzle/guzzle/security/advisories/GHSA-w248-ffj2-4v5q
@@ -7504,9 +7504,9 @@ CVE-2022-31026 (Trilogy is a client library for MySQL. When authenticating, a ma
 CVE-2022-31025 (Discourse is an open source platform for community discussion. Prior t ...)
 	NOT-FOR-US: Discourse
 CVE-2022-31024 (richdocuments is the repository for NextCloud Collabra, the app for Ne ...)
-	TODO: check
+	NOT-FOR-US: richdocuments
 CVE-2022-31023 (Play Framework is a web framework for Java and Scala. Verions prior to ...)
-	TODO: check
+	NOT-FOR-US: Play Framework
 CVE-2022-31022 (Bleve is a text indexing library for go. Bleve includes HTTP utilities ...)
 	TODO: check
 CVE-2022-31021
@@ -8102,7 +8102,7 @@ CVE-2022-30901
 CVE-2022-30900
 	RESERVED
 CVE-2022-30899 (A Cross Site Scripting vulnerabilty exists in PartKeepr 1.4.0 via the  ...)
-	TODO: check
+	NOT-FOR-US: PartKeepr
 CVE-2022-30898 (A Cross-site request forgery (CSRF) vulnerability in Cscms music porta ...)
 	NOT-FOR-US: Cscms music portal system
 CVE-2022-30897
@@ -8932,7 +8932,7 @@ CVE-2022-30552 (Das U-Boot 2022.01 has a Buffer Overflow. ...)
 	NOTE: https://research.nccgroup.com/2022/06/03/technical-advisory-multiple-vulnerabilities-in-u-boot-cve-2022-30790-cve-2022-30552/
 	NOTE: Fixed by: https://source.denx.de/u-boot/u-boot/-/commit/b85d130ea0cac152c21ec38ac9417b31d41b5552 (v2022.07-rc4)
 CVE-2022-30551 (OPC UA Legacy Java Stack 2022-04-01 allows a remote attacker to cause  ...)
-	TODO: check
+	NOT-FOR-US: OPC UA Legacy Java Stack
 CVE-2022-30550
 	RESERVED
 CVE-2022-1677
@@ -9038,9 +9038,9 @@ CVE-2022-1659 (Vulnerable versions of the JupiterX Core (<= 2.0.6) plugin reg
 CVE-2022-1658 (Vulnerable versions of the Jupiter Theme (<= 6.10.1) allow arbitrar ...)
 	NOT-FOR-US: Jupiter Theme
 CVE-2022-1657 (Vulnerable versions of the Jupiter (<= 6.10.1) and JupiterX (<=  ...)
-	TODO: check
+	NOT-FOR-US: Jupiter Theme
 CVE-2022-1656 (Vulnerable versions of the JupiterX Theme (<=2.0.6) allow any logge ...)
-	TODO: check
+	NOT-FOR-US: JupiterX Theme
 CVE-2022-1655
 	RESERVED
 	- horizon <unfixed>
@@ -10417,7 +10417,7 @@ CVE-2022-30051
 CVE-2022-30050 (Gnuboard 5.55 and 5.56 is vulnerable to Cross Site Scripting (XSS) via ...)
 	NOT-FOR-US: Gnuboard
 CVE-2022-30049 (A Server-Side Request Forgery (SSRF) in Rebuild v2.8.3 allows attacker ...)
-	TODO: check
+	NOT-FOR-US: Rebuild
 CVE-2022-30048 (Mingsoft MCMS 5.2.7 was discovered to contain a SQL injection vulnerab ...)
 	NOT-FOR-US: Mingsoft MCMS
 CVE-2022-30047 (Mingsoft MCMS v5.2.7 was discovered to contain a SQL injection vulnera ...)
@@ -10652,7 +10652,7 @@ CVE-2022-29950 (** DISPUTED ** Experian Hunter 1.16 allows remote authenticated
 CVE-2022-29949
 	RESERVED
 CVE-2022-29948 (Due to an insecure design, the Lepin EP-KP001 flash drive through KP00 ...)
-	TODO: check
+	NOT-FOR-US: Lepin
 CVE-2022-29947 (Woodpecker before 0.15.1 allows XSS via build logs because web/src/com ...)
 	- woodpecker <itp> (bug #1008934)
 CVE-2022-29946
@@ -10962,15 +10962,15 @@ CVE-2022-29868 (1Password for Mac 7.2.4 through 7.9.x before 7.9.3 is vulnerable
 CVE-2022-29867
 	RESERVED
 CVE-2022-29866 (OPC UA .NET Standard Stack 1.04.368 allows a remote attacker to exhaus ...)
-	TODO: check
+	NOT-FOR-US: OPC UA .NET Standard Stack
 CVE-2022-29865 (OPC UA .NET Standard Stack allows a remote attacker to bypass the appl ...)
-	TODO: check
+	NOT-FOR-US: OPC UA .NET Standard Stack
 CVE-2022-29864 (OPC UA .NET Standard Stack 1.04.368 allows a remote attacker to cause  ...)
-	TODO: check
+	NOT-FOR-US: OPC UA .NET Standard Stack
 CVE-2022-29863 (OPC UA .NET Standard Stack 1.04.368 allows remote attacker to cause a  ...)
-	TODO: check
+	NOT-FOR-US: OPC UA .NET Standard Stack
 CVE-2022-29862 (An infinite loop in OPC UA .NET Standard Stack 1.04.368 allows a remot ...)
-	TODO: check
+	NOT-FOR-US: OPC UA .NET Standard Stack
 CVE-2022-29861
 	RESERVED
 CVE-2022-29860
@@ -12819,7 +12819,7 @@ CVE-2022-29259
 CVE-2022-29258 (XWiki Platform Filter UI provides a generic user interface to convert  ...)
 	NOT-FOR-US: XWiki
 CVE-2022-29257 (Electron is a framework for writing cross-platform desktop application ...)
-	TODO: check
+	- electron <itp> (bug #842420)
 CVE-2022-29256 (sharp is an application for Node.js image processing. Prior to version ...)
 	NOT-FOR-US: lovell/sharp
 CVE-2022-29255 (Vyper is a Pythonic Smart Contract Language for the ethereum virtual m ...)
@@ -12842,7 +12842,7 @@ CVE-2022-29248 (Guzzle is a PHP HTTP client. Guzzle prior to versions 6.5.6 and
 	- guzzle 7.4.4-1 (bug #1011636)
 	NOTE: https://github.com/guzzle/guzzle/security/advisories/GHSA-cwmx-hcrq-mhc3
 CVE-2022-29247 (Electron is a framework for writing cross-platform desktop application ...)
-	TODO: check
+	- electron <itp> (bug #842420)
 CVE-2022-29246 (Azure RTOS USBX is a USB host, device, and on-the-go (OTG) embedded st ...)
 	NOT-FOR-US: Microsoft
 CVE-2022-29245 (SSH.NET is a Secure Shell (SSH) library for .NET. In versions 2020.0.0 ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5c46b102730293ed7b42ccfda85293b92109d205

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5c46b102730293ed7b42ccfda85293b92109d205
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220620/3a1328b8/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list