[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Wed Mar 2 15:59:10 GMT 2022
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
58b3c42f by Moritz Muehlenhoff at 2022-03-02T16:58:44+01:00
NFUs
new scrapy issue
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -602,7 +602,7 @@ CVE-2022-0778
CVE-2022-0777 (Weak Password Recovery Mechanism for Forgotten Password in GitHub repo ...)
NOT-FOR-US: microweber
CVE-2022-0776 (Cross-site Scripting (XSS) - DOM in GitHub repository hakimel/reveal.j ...)
- TODO: check
+ NOT-FOR-US: hakimel/reveal.js
CVE-2022-0775
RESERVED
CVE-2022-0774
@@ -618,7 +618,7 @@ CVE-2022-0770
CVE-2022-0769
RESERVED
CVE-2022-0768 (Server-Side Request Forgery (SSRF) in GitHub repository rudloff/alltub ...)
- TODO: check
+ NOT-FOR-US: rudloff/alltube
CVE-2022-26149 (MODX Revolution through 2.8.3-pl allows remote authenticated administr ...)
NOT-FOR-US: MODX Revolution
CVE-2022-26148
@@ -1352,7 +1352,7 @@ CVE-2022-25815
CVE-2022-25814
RESERVED
CVE-2022-0743 (Cross-site Scripting (XSS) - Stored in GitHub repository getgrav/grav ...)
- TODO: check
+ NOT-FOR-US: Grav CMS
CVE-2019-25058 (An issue was discovered in USBGuard before 1.1.0. On systems with the ...)
- usbguard <unfixed>
NOTE: https://github.com/USBGuard/usbguard/issues/273
@@ -3483,9 +3483,9 @@ CVE-2022-25025
CVE-2022-25024
RESERVED
CVE-2022-25023 (Audio File commit 004065d was discovered to contain a heap-buffer over ...)
- TODO: check
+ NOT-FOR-US: AudioFile (different from src:audiofile)
CVE-2022-25022 (A cross-site scripting (XSS) vulnerability in Htmly v2.8.1 allows atta ...)
- TODO: check
+ NOT-FOR-US: Htmly
CVE-2022-25021
RESERVED
CVE-2022-25020 (A cross-site scripting (XSS) vulnerability in Pluxml v5.8.7 allows att ...)
@@ -3509,11 +3509,11 @@ CVE-2022-25014 (Ice Hrm 30.0.0.OS was discovered to contain a reflected cross-si
CVE-2022-25013 (Ice Hrm 30.0.0.OS was discovered to contain multiple reflected cross-s ...)
NOT-FOR-US: Ice Hrm
CVE-2022-25012 (Argus Surveillance DVR v4.0 employs weak password encryption. ...)
- TODO: check
+ NOT-FOR-US: Argus Surveillance DVR
CVE-2022-25011
RESERVED
CVE-2022-25010 (The component /rootfs in RageFile of Stepmania v5.1b2 and below allows ...)
- TODO: check
+ NOT-FOR-US: StepMania
CVE-2022-25009
RESERVED
CVE-2022-25008
@@ -3642,7 +3642,9 @@ CVE-2022-24976 (Atheme IRC Services before 7.2.12, when used in conjunction with
NOTE: https://www.openwall.com/lists/oss-security/2022/01/30/4
NOTE: https://github.com/atheme/atheme/commit/4e664c75d0b280a052eb8b5e81aa41944e593c52
CVE-2022-0577 (Exposure of Sensitive Information to an Unauthorized Actor in GitHub r ...)
- TODO: check
+ - python-scrapy <unfixed>
+ NOTE: https://huntr.dev/bounties/3da527b1-2348-4f69-9e88-2e11a96ac585
+ NOTE: https://github.com/scrapy/scrapy/commit/8ce01b3b76d4634f55067d6cfdf632ec70ba304a
CVE-2022-0576 (Cross-site Scripting (XSS) - Generic in Packagist librenms/librenms pr ...)
NOT-FOR-US: LibreNMS
CVE-2022-0575 (Cross-site Scripting (XSS) - Stored in Packagist librenms/librenms pri ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/58b3c42f357a6328893f7dcacdd247d7e083e34b
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/58b3c42f357a6328893f7dcacdd247d7e083e34b
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220302/2e0e32cf/attachment.htm>
More information about the debian-security-tracker-commits
mailing list