[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Mon Jun 20 11:40:25 BST 2022
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
ca6c7bfe by Moritz Muehlenhoff at 2022-06-20T12:39:58+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -282,9 +282,9 @@ CVE-2022-34008
CVE-2022-34007
RESERVED
CVE-2022-34006 (An issue was discovered in TitanFTP (aka Titan FTP) NextGen before 1.2 ...)
- TODO: check
+ NOT-FOR-US: TitanFTP
CVE-2022-34005 (An issue was discovered in TitanFTP (aka Titan FTP) NextGen before 1.2 ...)
- TODO: check
+ NOT-FOR-US: TitanFTP
CVE-2022-34004
RESERVED
CVE-2022-34003
@@ -443,21 +443,21 @@ CVE-2017-20066
CVE-2017-20065
RESERVED
CVE-2017-20064 (A vulnerability was found in Elefant CMS 1.3.12-RC. It has been declar ...)
- TODO: check
+ NOT-FOR-US: Elefant CMS
CVE-2017-20063 (A vulnerability was found in Elefant CMS 1.3.12-RC. It has been classi ...)
- TODO: check
+ NOT-FOR-US: Elefant CMS
CVE-2017-20062 (A vulnerability was found in Elefant CMS 1.3.12-RC and classified as p ...)
- TODO: check
+ NOT-FOR-US: Elefant CMS
CVE-2017-20061 (A vulnerability has been found in Elefant CMS 1.3.12-RC and classified ...)
- TODO: check
+ NOT-FOR-US: Elefant CMS
CVE-2017-20060 (A vulnerability, which was classified as problematic, was found in Ele ...)
- TODO: check
+ NOT-FOR-US: Elefant CMS
CVE-2017-20059 (A vulnerability, which was classified as problematic, has been found i ...)
- TODO: check
+ NOT-FOR-US: Elefant CMS
CVE-2017-20058 (A vulnerability classified as problematic was found in Elefant CMS 1.3 ...)
- TODO: check
+ NOT-FOR-US: Elefant CMS
CVE-2017-20057 (A vulnerability classified as problematic has been found in Elefant CM ...)
- TODO: check
+ NOT-FOR-US: Elefant CMS
CVE-2022-33959
RESERVED
CVE-2022-33958
@@ -691,7 +691,7 @@ CVE-2022-33914
CVE-2022-33913
RESERVED
CVE-2022-33912 (A permission issue affects users that deployed the shipped version of ...)
- TODO: check
+ NOT-FOR-US: Check MK as packaged by upstream
CVE-2022-33911
RESERVED
CVE-2022-33910
@@ -801,7 +801,7 @@ CVE-2022-2100
CVE-2022-2099
RESERVED
CVE-2022-2098 (Weak Password Requirements in GitHub repository kromitgmbh/titra prior ...)
- TODO: check
+ NOT-FOR-US: Titra
CVE-2020-36549 (A vulnerability classified as critical was found in GE Voluson S8. Aff ...)
NOT-FOR-US: GE Healthcare
CVE-2020-36548 (A vulnerability classified as problematic has been found in GE Voluson ...)
@@ -3700,7 +3700,7 @@ CVE-2022-32537
CVE-2022-2024
RESERVED
CVE-2022-2023 (Incorrect Use of Privileged APIs in GitHub repository polonel/trudesk ...)
- TODO: check
+ NOT-FOR-US: Trudesk
CVE-2017-20050 (A vulnerability has been found in AXIS P1204, P3225, P3367, M3045, M30 ...)
NOT-FOR-US: AXIS
CVE-2017-20049 (A vulnerability, which was classified as critical, was found in AXIS P ...)
@@ -7094,7 +7094,7 @@ CVE-2022-31315
CVE-2022-31314
RESERVED
CVE-2022-31313 (api-res-py package in PyPI 0.1 is vulnerable to a code execution backd ...)
- TODO: check
+ NOT-FOR-US: api-res-py
CVE-2022-31312
RESERVED
CVE-2022-31311 (An issue in adm.cgi of WAVLINK AERIAL X 1200M M79X3.V5030.180719 allow ...)
@@ -7672,7 +7672,7 @@ CVE-2022-31085
CVE-2022-31084
RESERVED
CVE-2022-31083 (Parse Server is an open source backend that can be deployed to any inf ...)
- TODO: check
+ NOT-FOR-US: Node parse-server
CVE-2022-31082
RESERVED
CVE-2022-31081
@@ -7696,11 +7696,11 @@ CVE-2022-31073
CVE-2022-31072 (Octokit is a Ruby toolkit for the GitHub API. Versions 4.23.0 and 4.24 ...)
TODO: check
CVE-2022-31071 (Octopoller is a micro gem for polling and retrying. Version 0.2.0 of t ...)
- TODO: check
+ NOT-FOR-US: Octopoller
CVE-2022-31070 (NestJS Proxy is a NestJS module to decorate and proxy calls. Prior to ...)
- TODO: check
+ NOT-FOR-US: NestJS Proxy
CVE-2022-31069 (NestJS Proxy is a NestJS module to decorate and proxy calls. Prior to ...)
- TODO: check
+ NOT-FOR-US: NestJS Proxy
CVE-2022-31068
RESERVED
CVE-2022-31067
@@ -7732,11 +7732,11 @@ CVE-2022-31055 (kCTF is a Kubernetes-based infrastructure for capture the flag (
CVE-2022-31054 (Argo Events is an event-driven workflow automation framework for Kuber ...)
NOT-FOR-US: Argo
CVE-2022-31053 (Biscuit is an authentication and authorization token for microservices ...)
- TODO: check
+ NOT-FOR-US: Biscuit
CVE-2022-31052
RESERVED
CVE-2022-31051 (semantic-release is an open source npm package for automated version m ...)
- TODO: check
+ NOT-FOR-US: Node semantic-release
CVE-2022-31050 (TYPO3 is an open source web content management system. Prior to versio ...)
NOT-FOR-US: Typo3
CVE-2022-31049 (TYPO3 is an open source web content management system. Prior to versio ...)
@@ -7797,9 +7797,9 @@ CVE-2022-31029
CVE-2022-31028 (MinIO is a multi-cloud object storage solution. Starting with version ...)
NOT-FOR-US: MinIO
CVE-2022-31027 (OAuthenticator is an OAuth token library for the JupyerHub login handl ...)
- TODO: check
+ NOT-FOR-US: OAuthenticator
CVE-2022-31026 (Trilogy is a client library for MySQL. When authenticating, a maliciou ...)
- TODO: check
+ NOT-FOR-US: Trilogy
CVE-2022-31025 (Discourse is an open source platform for community discussion. Prior t ...)
NOT-FOR-US: Discourse
CVE-2022-31024 (richdocuments is the repository for NextCloud Collabra, the app for Ne ...)
@@ -7834,7 +7834,7 @@ CVE-2022-31013 (Chat Server is the chat server for Vartalap, an open-source mess
CVE-2022-31012
RESERVED
CVE-2022-31011 (TiDB is an open-source NewSQL database that supports Hybrid Transactio ...)
- TODO: check
+ NOT-FOR-US: TiDB
CVE-2022-31010
RESERVED
CVE-2022-31009
@@ -7867,7 +7867,7 @@ CVE-2022-31001 (Sofia-SIP is an open-source Session Initiation Protocol (SIP) Us
CVE-2022-31000 (solidus_backend is the admin interface for the Solidus e-commerce fram ...)
NOT-FOR-US: Solidus e-commerce framework
CVE-2022-30999 (FriendsofFlarum (FoF) Upload is an extension that handles file uploads ...)
- TODO: check
+ NOT-FOR-US: FriendsofFlarum
CVE-2022-30996
RESERVED
CVE-2022-30995
@@ -7909,7 +7909,7 @@ CVE-2022-30978
CVE-2022-30977
RESERVED
CVE-2022-29496 (A stack-based buffer overflow vulnerability exists in the BlynkConsole ...)
- TODO: check
+ NOT-FOR-US: BlynkConsole
CVE-2022-1796 (Use After Free in GitHub repository vim/vim prior to 8.2.4979. ...)
- vim <unfixed> (unimportant)
NOTE: https://huntr.dev/bounties/f6739b58-49f9-4056-a843-bf76bbc1253e
@@ -8434,7 +8434,7 @@ CVE-2022-30884
CVE-2022-30883
RESERVED
CVE-2022-30882 (pyanxdns package in PyPI version 0.2 is vulnerable to code execution b ...)
- TODO: check
+ NOT-FOR-US: pyanxdns
CVE-2022-30881
RESERVED
CVE-2022-30880
@@ -8740,7 +8740,7 @@ CVE-2022-30762
CVE-2022-30761
RESERVED
CVE-2022-30760 (An Insecure Direct Object Reference (IDOR) issue in fn2Web in ihb eG F ...)
- TODO: check
+ NOT-FOR-US: fn2Web
CVE-2022-30759
RESERVED
CVE-2022-30708 (Webmin through 1.991, when the Authentic theme is used, allows remote ...)
@@ -9400,7 +9400,7 @@ CVE-2022-30522 (If Apache HTTP Server 2.4.53 is configured to do transformations
NOTE: https://github.com/apache/httpd/commit/db47781128e42bd49f55076665b3f6ca4e2bc5e2
NOTE: https://github.com/apache/httpd/commit/96c75bba15b6ce20eb8d34aad717a046c000b233
CVE-2022-1642 (A program using swift-corelibs-foundation is vulnerable to a denial of ...)
- TODO: check
+ NOT-FOR-US: swift-corelibs-foundation
CVE-2022-1641
RESERVED
{DSA-5134-1}
@@ -10085,7 +10085,7 @@ CVE-2022-30287
NOTE: Fixed by: https://github.com/horde/turba/commit/0d1e74802dd2ff8758c5b1dd5323a0101d49897d (v4.2.26)
NOTE: Fixed by: https://github.com/horde/turba/commit/3bccab322af4ae96d5925f0ce9f9af0978af924b (v4.2.26)
CVE-2022-30286 (pyscriptjs (aka PyScript Demonstrator) in PyScript through 2022-05-04 ...)
- TODO: check
+ NOT-FOR-US: pyscriptjs
CVE-2022-30285
RESERVED
CVE-2022-30284 (** DISPUTED ** In the python-libnmap package through 0.7.2 for Python, ...)
@@ -10106,7 +10106,7 @@ CVE-2022-30279 (An issue was discovered in Stormshield Network Security (SNS) 4.
CVE-2022-30278 (A vulnerability in Black Duck Hub’s embedded MadCap Flare docume ...)
NOT-FOR-US: Black Duck Hub
CVE-2022-30277 (BD Synapsys™, versions 4.20, 4.20 SR1, and 4.30, contain an insu ...)
- TODO: check
+ NOT-FOR-US: BD Synapsys
CVE-2022-30276
RESERVED
CVE-2022-30275
@@ -10585,7 +10585,7 @@ CVE-2022-30113
CVE-2022-30112
RESERVED
CVE-2022-30111 (Due to the use of an insecure algorithm for rolling codes in MCK Smart ...)
- TODO: check
+ NOT-FOR-US: MCK Smartlock
CVE-2022-30110 (The file preview functionality in Jirafeau < 4.4.0, which is enable ...)
NOT-FOR-US: Jirafeau
CVE-2022-30109
@@ -10745,7 +10745,7 @@ CVE-2022-30036
CVE-2022-30035
RESERVED
CVE-2022-30034 (Flower, a web UI for the Celery Python RPC framework, all versions as ...)
- TODO: check
+ NOT-FOR-US: Flower
CVE-2022-30033 (Tenda TX9 Pro V22.03.02.10 is vulnerable to Buffer Overflow via the fu ...)
NOT-FOR-US: Tenda
CVE-2022-30032
@@ -11674,7 +11674,7 @@ CVE-2021-46789 (Configuration defects in the secure OS module. Successful exploi
CVE-2021-46788 (Third-party pop-up window coverage vulnerability in the iConnect modul ...)
NOT-FOR-US: Huawei
CVE-2021-46787 (The AMS module has a vulnerability of improper permission control.Succ ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2021-46786 (The audio module has a vulnerability in verifying the parameters passe ...)
NOT-FOR-US: Huawei
CVE-2021-46785 (The Property module has a vulnerability in permission control.This vul ...)
@@ -12021,7 +12021,7 @@ CVE-2022-29622 (An arbitrary file upload vulnerability in formidable v3.1.4 allo
CVE-2022-29621
RESERVED
CVE-2022-29620 (** DISPUTED ** FileZilla v3.59.0 allows attackers to obtain cleartext ...)
- TODO: check
+ NOT-FOR-US: Disputed Filezilla issue
CVE-2022-29619
RESERVED
CVE-2022-29618 (Due to insufficient input validation, SAP NetWeaver Development Infras ...)
@@ -12216,7 +12216,7 @@ CVE-2022-29569
CVE-2022-29568
RESERVED
CVE-2022-29567 (The default configuration of a TreeGrid component uses Object::toStrin ...)
- TODO: check
+ NOT-FOR-US: Vaadin
CVE-2022-29566 (The Bulletproofs 2017/1066 paper mishandles Fiat-Shamir generation bec ...)
NOT-FOR-US: Bulletproofs
CVE-2022-1427 (Out-of-bounds Read in mrb_obj_is_kind_of in in GitHub repository mruby ...)
@@ -13123,7 +13123,7 @@ CVE-2022-29256 (sharp is an application for Node.js image processing. Prior to v
CVE-2022-29255 (Vyper is a Pythonic Smart Contract Language for the ethereum virtual m ...)
NOT-FOR-US: Vyper
CVE-2022-29254 (silverstripe-omnipay is a SilverStripe integration with Omnipay PHP pa ...)
- TODO: check
+ NOT-FOR-US: Silverstripe CMS
CVE-2022-29253 (XWiki Platform is a generic wiki platform offering runtime services fo ...)
NOT-FOR-US: XWiki
CVE-2022-29252 (XWiki Platform Wiki UI Main Wiki is a package for managing subwikis. S ...)
@@ -13146,7 +13146,7 @@ CVE-2022-29246 (Azure RTOS USBX is a USB host, device, and on-the-go (OTG) embed
CVE-2022-29245 (SSH.NET is a Secure Shell (SSH) library for .NET. In versions 2020.0.0 ...)
NOT-FOR-US: SSH.NET
CVE-2022-29244 (npm pack ignores root-level .gitignore and .npmignore file exclusion d ...)
- TODO: check
+ NOT-FOR-US: Node pack
CVE-2022-29243 (Nextcloud Server is the file server software for Nextcloud, a self-hos ...)
- nextcloud-server <itp> (bug #941708)
CVE-2022-29242 (GOST engine is a reference implementation of the Russian GOST crypto a ...)
@@ -13289,7 +13289,7 @@ CVE-2022-29187
CVE-2022-29186 (Rundeck is an open source automation service with a web console, comma ...)
NOT-FOR-US: Rundeck
CVE-2022-29185 (totp-rs is a Rust library that permits the creation of 2FA authentific ...)
- TODO: check
+ NOT-FOR-US: Rust crate totp-rs
CVE-2022-29184 (GoCD is a continuous delivery server. In GoCD versions prior to 22.1.0 ...)
NOT-FOR-US: ThoughtWorks GoCD
CVE-2022-29183 (GoCD is a continuous delivery server. GoCD versions 20.2.0 until 21.4. ...)
@@ -15848,7 +15848,7 @@ CVE-2021-46773
CVE-2021-46772
RESERVED
CVE-2021-46771 (Insufficient validation of addresses in AMD Secure Processor (ASP) fir ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2021-46770
RESERVED
CVE-2021-46769
@@ -15902,7 +15902,7 @@ CVE-2021-46746
CVE-2021-46745
RESERVED
CVE-2021-46744 (An attacker with access to a malicious hypervisor may be able to infer ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2022-28280
RESERVED
CVE-2022-28279 (Adobe Photoshop versions 22.5.6 (and earlier)and 23.2.2 (and earlier) ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ca6c7bfe5cab38ac98259cccaacf6302800eca99
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ca6c7bfe5cab38ac98259cccaacf6302800eca99
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220620/98ee2c33/attachment.htm>
More information about the debian-security-tracker-commits
mailing list