[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Sun Jun 26 19:52:02 BST 2022
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
74eafcd6 by Moritz Muehlenhoff at 2022-06-26T20:51:38+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -3,7 +3,7 @@ CVE-2022-34493
CVE-2022-34492
RESERVED
CVE-2022-34491 (In the RSS extension for MediaWiki through 1.38.1, when the $wgRSSAllo ...)
- TODO: check
+ NOT-FOR-US: MediaWiki RSS extension
CVE-2022-34490
RESERVED
CVE-2022-2206
@@ -492,13 +492,13 @@ CVE-2022-34299 (There is a heap-based buffer over-read in libdwarf 0.4.0. This i
NOTE: https://github.com/davea42/libdwarf-code/issues/119
NOTE: https://www.prevanders.net/dwarfbug.html#DW202206-001
CVE-2022-34298 (The NT auth module in OpenAM before 14.6.6 allows a "replace Samba use ...)
- TODO: check
+ NOT-FOR-US: OpenAM (different from src:openam)
CVE-2022-34297
RESERVED
CVE-2022-34296 (In Zalando Skipper before 0.13.218, a query predicate could be bypasse ...)
NOT-FOR-US: Zalando Skipper
CVE-2022-34295 (totd before 1.5.3 does not properly randomize mesg IDs. ...)
- TODO: check
+ NOT-FOR-US: totd
CVE-2022-34294
RESERVED
CVE-2022-34293
@@ -3402,7 +3402,7 @@ CVE-2022-33070 (Protobuf-c v1.4.0 was discovered to contain an invalid arithmeti
NOTE: https://github.com/protobuf-c/protobuf-c/issues/506
NOTE: https://github.com/protobuf-c/protobuf-c/pull/508
CVE-2022-33069 (Ethereum Solidity v0.8.14 contains an assertion failure via SMTEncoder ...)
- TODO: check
+ NOT-FOR-US: Ethereum
CVE-2022-33068 (An integer overflow in the component hb-ot-shape-fallback.cc of Harfbu ...)
- harfbuzz <unfixed> (bug #1013673)
[bullseye] - harfbuzz <no-dsa> (Minor issue)
@@ -3555,7 +3555,7 @@ CVE-2022-32998 (The cryptoasset-data-downloader package in PyPI v1.0.0 to v1.0.1
CVE-2022-32997 (The RootInteractive package in PyPI v0.0.5 to v0.0.19b0 was discovered ...)
NOT-FOR-US: RootInteractive package in PyPI
CVE-2022-32996 (The django-navbar-client package of v0.9.50 to v1.0.1 was discovered t ...)
- TODO: check
+ NOT-FOR-US: django-navbar-client
CVE-2022-32995
RESERVED
CVE-2022-32994
@@ -3703,9 +3703,9 @@ CVE-2022-32976
CVE-2022-32975
RESERVED
CVE-2022-32974 (An authenticated attacker could read arbitrary files from the underlyi ...)
- TODO: check
+ NOT-FOR-US: Nessus
CVE-2022-32973 (An authenticated attacker could create an audit file that bypasses Pow ...)
- TODO: check
+ NOT-FOR-US: Nessus
CVE-2022-32972
RESERVED
CVE-2022-32969
@@ -4555,11 +4555,11 @@ CVE-2022-32556
CVE-2022-32555
RESERVED
CVE-2022-32554 (Pure Storage FlashArray products running Purity//FA 6.2.0 - 6.2.3, 6.1 ...)
- TODO: check
+ NOT-FOR-US: Pure Storage FlashArray
CVE-2022-32553 (Pure Storage FlashArray products running Purity//FA 6.2.0 - 6.2.3, 6.1 ...)
- TODO: check
+ NOT-FOR-US: Pure Storage FlashArray
CVE-2022-32552 (Pure Storage FlashArray products running Purity//FA 6.2.0 - 6.2.3, 6.1 ...)
- TODO: check
+ NOT-FOR-US: Pure Storage FlashArray
CVE-2022-30944
RESERVED
CVE-2022-30601
@@ -6674,7 +6674,7 @@ CVE-2022-31789
CVE-2022-31788 (IdeaLMS 2022 allows SQL injection via the IdeaLMS/ChatRoom/ClassAccess ...)
NOT-FOR-US: IdeaLMS
CVE-2022-31787 (IdeaTMS 2022 is vulnerable to SQL Injection via the PATH_INFO ...)
- TODO: check
+ NOT-FOR-US: IdeaLMS
CVE-2022-31786 (IdeaLMS 2022 allows reflected Cross Site Scripting (XSS) via the IdeaL ...)
NOT-FOR-US: IdeaLMS
CVE-2022-31785
@@ -9116,23 +9116,23 @@ CVE-2022-1749 (The WPMK Ajax Finder WordPress plugin is vulnerable to Cross-Site
CVE-2022-1748
RESERVED
CVE-2022-1747 (The authentication mechanism used by voters to activate a voting sessi ...)
- TODO: check
+ NOT-FOR-US: Dominion
CVE-2022-1746 (The authentication mechanism used by poll workers to administer voting ...)
- TODO: check
+ NOT-FOR-US: Dominion
CVE-2022-1745 (The authentication mechanism used by technicians on the tested version ...)
- TODO: check
+ NOT-FOR-US: Dominion
CVE-2022-1744 (Applications on the tested version of Dominion Voting Systems ImageCas ...)
- TODO: check
+ NOT-FOR-US: Dominion
CVE-2022-1743 (The tested version of Dominion Voting System ImageCast X can be manipu ...)
- TODO: check
+ NOT-FOR-US: Dominion
CVE-2022-1742 (The tested version of Dominion Voting Systems ImageCast X allows for r ...)
- TODO: check
+ NOT-FOR-US: Dominion
CVE-2022-1741 (The tested version of Dominion Voting Systems ImageCast X has a Termin ...)
- TODO: check
+ NOT-FOR-US: Dominion
CVE-2022-1740 (The tested version of Dominion Voting Systems ImageCast X’s on-s ...)
- TODO: check
+ NOT-FOR-US: Dominion
CVE-2022-1739 (The tested version of Dominion Voting Systems ImageCast X does not val ...)
- TODO: check
+ NOT-FOR-US: Dominion
CVE-2022-1738
RESERVED
CVE-2022-1737
@@ -10308,11 +10308,11 @@ CVE-2022-1670 (When generating a user invitation code in Octopus Server, the val
CVE-2022-1669 (A buffer overflow vulnerability has been detected in the firewall func ...)
NOT-FOR-US: Circutor
CVE-2022-1668 (Weak default root user credentials allow remote attackers to easily ob ...)
- TODO: check
+ NOT-FOR-US: Secheron SEPCOS
CVE-2022-1667 (Client-side JavaScript controls may be bypassed by directly running a ...)
- TODO: check
+ NOT-FOR-US: Secheron SEPCOS
CVE-2022-1666 (The default password for the web application’s root user (the ve ...)
- TODO: check
+ NOT-FOR-US: Secheron SEPCOS
CVE-2022-1665 (A set of pre-production kernel packages of Red Hat Enterprise Linux fo ...)
NOT-FOR-US: pre-production kernel packages of Red Hat Enterprise Linux for IBM Power architecture
CVE-2022-1664 (Dpkg::Source::Archive in dpkg, the Debian package management system, b ...)
@@ -11777,7 +11777,7 @@ CVE-2022-30030
CVE-2022-30029
RESERVED
CVE-2022-30028 (Dradis Professional Edition before 4.3.0 allows attackers to change an ...)
- TODO: check
+ NOT-FOR-US: Dradis
CVE-2022-30027
RESERVED
CVE-2022-30026
@@ -12004,7 +12004,7 @@ CVE-2022-29933 (Craft CMS through 3.7.36 allows a remote unauthenticated attacke
CVE-2022-29932 (The HTTP Server in PRIMEUR SPAZIO 2.5.1.954 (File Transfer) allows an ...)
NOT-FOR-US: PRIMEUR
CVE-2022-29931 (Raytion 7.2.0 allows reflected Cross-site Scripting (XSS). ...)
- TODO: check
+ NOT-FOR-US: Raytion
CVE-2022-29930 (SHA1 implementation in JetBrains Ktor Native 2.0.0 was returning the s ...)
NOT-FOR-US: JetBrains Ktor
CVE-2022-29929 (In JetBrains TeamCity before 2022.04 potential XSS via Referrer header ...)
@@ -12234,24 +12234,24 @@ CVE-2022-26051
CVE-2022-1525
RESERVED
CVE-2022-1524 (LRM version 2.4 and lower does not implement TLS encryption. A malicio ...)
- TODO: check
+ NOT-FOR-US: LRM
CVE-2022-1523
RESERVED
CVE-2022-1522
RESERVED
CVE-2022-1521 (LRM does not implement authentication or authorization by default. A m ...)
- TODO: check
+ NOT-FOR-US: LRM
CVE-2022-1520
RESERVED
{DSA-5141-1 DLA-3020-1}
- thunderbird 1:91.9.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-18/#CVE-2022-1520
CVE-2022-1519 (LRM does not restrict the types of files that can be uploaded to the a ...)
- TODO: check
+ NOT-FOR-US: LRM
CVE-2022-1518 (LRM contains a directory traversal vulnerability that can allow a mali ...)
- TODO: check
+ NOT-FOR-US: LRM
CVE-2022-1517 (LRM utilizes elevated privileges. An unauthenticated malicious actor c ...)
- TODO: check
+ NOT-FOR-US: LRM
CVE-2022-1516 (A NULL pointer dereference flaw was found in the Linux kernel’s ...)
{DSA-5127-1}
- linux 5.17.3-1 (unimportant)
@@ -13215,7 +13215,7 @@ CVE-2022-29582 (In the Linux kernel before 5.17.3, fs/io_uring.c has a use-after
NOTE: https://www.openwall.com/lists/oss-security/2022/04/22/4
NOTE: https://git.kernel.org/linus/e677edbcabee849bfdd43f1602bccbecf736a646
CVE-2022-29578 (Meridian Cooperative Utility Software versions 22.02 and 22.03 allows ...)
- TODO: check
+ NOT-FOR-US: Meridian Cooperative Utility Software
CVE-2022-29577 (OWASP AntiSamy before 1.6.7 allows XSS via HTML tag smuggling on STYLE ...)
- libowasp-antisamy-java <not-affected> (Incomplete fix for CVE-2022-28367 not applied)
NOTE: https://github.com/nahsra/antisamy/commit/32e273507da0e964b58c50fd8a4c94c9d9363af0 (v1.6.7)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/74eafcd6ec3fb6ddb328b86c6b4571026f7277eb
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/74eafcd6ec3fb6ddb328b86c6b4571026f7277eb
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220626/37dfdcdb/attachment.htm>
More information about the debian-security-tracker-commits
mailing list