[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Fri Mar 25 16:22:22 GMT 2022
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
eced0d7b by Moritz Muehlenhoff at 2022-03-25T17:21:42+01:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -117,7 +117,7 @@ CVE-2022-27822
CVE-2022-27821
RESERVED
CVE-2022-27820 (OWASP Zed Attack Proxy (ZAP) through w2022-03-21 does not verify the T ...)
- TODO: check
+ NOT-FOR-US: OWASP Zed Attack Proxy
CVE-2022-27819
RESERVED
CVE-2022-27818
@@ -1442,7 +1442,8 @@ CVE-2022-1006
CVE-2022-1005
RESERVED
CVE-2022-1004 (Accounted time is shown in the Ticket Detail View (External Interface) ...)
- TODO: check
+ NOT-FOR-US: OTRS
+ NOTE: Issue is listed as specific to 7.x and 8.x, so won't affect Znuny which forked from 6.x
CVE-2022-1003 (One of the API in Mattermost version 6.3.0 and earlier fails to proper ...)
- mattermost-server <itp> (bug #823556)
CVE-2022-1002 (Mattermost 6.3.0 and earlier fails to properly sanitize the HTML conte ...)
@@ -1450,7 +1451,7 @@ CVE-2022-1002 (Mattermost 6.3.0 and earlier fails to properly sanitize the HTML
CVE-2022-1001
RESERVED
CVE-2022-1000 (Path Traversal in GitHub repository prasathmani/tinyfilemanager prior ...)
- TODO: check
+ NOT-FOR-US: prasathmani/tinyfilemanager
CVE-2022-27228 (In the vote (aka "Polls, Votes") module before 21.0.100 of Bitrix Site ...)
NOT-FOR-US: Bitrix Site Manager
CVE-2022-27227
@@ -1590,7 +1591,7 @@ CVE-2022-27196 (Jenkins Favorite Plugin 2.4.0 and earlier does not escape the na
CVE-2022-27195 (Jenkins Parameterized Trigger Plugin 2.43 and earlier captures environ ...)
NOT-FOR-US: Jenkins plugin
CVE-2022-27193 (CVRF-CSAF-Converter before 1.0.0-rc2 resolves XML External Entities (X ...)
- TODO: check
+ NOT-FOR-US: CVRF-CSAF-Converter
CVE-2022-27192 (The Reporting module in Aseco Lietuva document management system DVS A ...)
NOT-FOR-US: Aseco
CVE-2022-27191 (golang.org/x/crypto/ssh before 0.0.0-20220314234659-1baeb1ce4c0b in Go ...)
@@ -3990,7 +3991,7 @@ CVE-2022-26306
CVE-2022-26305
RESERVED
CVE-2022-26301 (TuziCMS v2.0.6 was discovered to contain a SQL injection vulnerability ...)
- TODO: check
+ NOT-FOR-US: TuziCMS
CVE-2022-26300 (EOS v2.1.0 was discovered to contain a heap-buffer-overflow via the fu ...)
NOT-FOR-US: EOS
CVE-2022-26299
@@ -4034,7 +4035,7 @@ CVE-2022-26281
CVE-2022-26280
RESERVED
CVE-2022-26279 (EyouCMS v1.5.5 was discovered to have no access control in the compone ...)
- TODO: check
+ NOT-FOR-US: EyouCMS
CVE-2022-26278
RESERVED
CVE-2022-26277
@@ -4048,7 +4049,7 @@ CVE-2022-26274
CVE-2022-26273
RESERVED
CVE-2022-26272 (A remote code execution (RCE) vulnerability in Ionize v1.0.8.1 allows ...)
- TODO: check
+ NOT-FOR-US: Ionize CMS
CVE-2022-26271
RESERVED
CVE-2022-26270
@@ -4094,7 +4095,7 @@ CVE-2022-26251
CVE-2022-26250
RESERVED
CVE-2022-26249 (Survey King v0.3.0 does not filter data properly when exporting excel ...)
- TODO: check
+ NOT-FOR-US: Survey King
CVE-2022-26248
RESERVED
CVE-2022-26247 (TMS v2.28.0 contains an insecure permissions vulnerability via the com ...)
@@ -4980,7 +4981,7 @@ CVE-2022-25842
CVE-2022-25840
RESERVED
CVE-2022-25839 (The package url-js before 2.1.0 are vulnerable to Improper Input Valid ...)
- TODO: check
+ NOT-FOR-US: Node url-js
CVE-2022-25767
RESERVED
CVE-2022-25766 (The package ungit before 1.5.20 are vulnerable to Remote Code Executio ...)
@@ -5008,7 +5009,7 @@ CVE-2022-25645
CVE-2022-25644
RESERVED
CVE-2022-25354 (The package set-in before 2.0.3 are vulnerable to Prototype Pollution ...)
- TODO: check
+ NOT-FOR-US: Node set-in
CVE-2022-25353
RESERVED
CVE-2022-25352 (The package libnested before 1.5.2 are vulnerable to Prototype Polluti ...)
@@ -5098,7 +5099,7 @@ CVE-2022-23920
CVE-2022-23915 (The package weblate from 0 and before 4.11.1 are vulnerable to Remote ...)
- weblate <itp> (bug #745661)
CVE-2022-23812 (This affects the package node-ipc from 10.1.1 and before 10.1.3. This ...)
- TODO: check
+ NOT-FOR-US: Node ipc
CVE-2022-23811
RESERVED
CVE-2022-22984
@@ -5132,7 +5133,7 @@ CVE-2022-21223
CVE-2022-21222
RESERVED
CVE-2022-21221 (The package github.com/valyala/fasthttp before 1.34.0 are vulnerable t ...)
- TODO: check
+ NOT-FOR-US: github.com/valyala/fasthttp
CVE-2022-21213
RESERVED
CVE-2022-21211
@@ -5150,7 +5151,7 @@ CVE-2022-21190
CVE-2022-21189
RESERVED
CVE-2022-21187 (The package libvcs before 0.11.1 are vulnerable to Command Injection v ...)
- TODO: check
+ NOT-FOR-US: libvcs
CVE-2022-21186
RESERVED
CVE-2022-21169
@@ -5160,7 +5161,7 @@ CVE-2022-21167
CVE-2022-21165
RESERVED
CVE-2022-21164 (The package node-lmdb before 0.9.7 are vulnerable to Denial of Service ...)
- TODO: check
+ NOT-FOR-US: Node lmdb
CVE-2022-21149
RESERVED
CVE-2022-21144
@@ -5898,9 +5899,9 @@ CVE-2022-25578 (taocms v3.0.2 allows attackers to execute code injection via arb
CVE-2022-25577
RESERVED
CVE-2022-25576 (Anchor CMS v0.12.7 was discovered to contain a Cross-Site Request Forg ...)
- TODO: check
+ NOT-FOR-US: Anchor CMS
CVE-2022-25575 (Multiple cross-site scripting (XSS) vulnerabilities in Parking Managem ...)
- TODO: check
+ NOT-FOR-US: Parking Management System
CVE-2022-25574
RESERVED
CVE-2022-25573
@@ -5908,7 +5909,7 @@ CVE-2022-25573
CVE-2022-25572
RESERVED
CVE-2022-25571 (Bluedon Information Security Technologies Co.,Ltd Internet Access Dete ...)
- TODO: check
+ NOT-FOR-US: Bluedon
CVE-2022-25570 (In Click Studios (SA) Pty Ltd Passwordstate 9435, users with access to ...)
NOT-FOR-US: Passwordstate
CVE-2022-25569
@@ -6643,7 +6644,7 @@ CVE-2022-25298 (This affects the package sprinfall/webcc before 0.3.0. It is pos
CVE-2022-25297 (This affects the package drogonframework/drogon before 1.7.5. The unsa ...)
NOT-FOR-US: drogon
CVE-2022-25296 (The package bodymen from 0.0.0 are vulnerable to Prototype Pollution v ...)
- TODO: check
+ NOT-FOR-US: Node bodymen
CVE-2022-25295
RESERVED
CVE-2022-25294 (Proofpoint Insider Threat Management Agent for Windows relies on an in ...)
@@ -8083,9 +8084,9 @@ CVE-2022-24784
CVE-2022-24783
RESERVED
CVE-2022-24782 (Discourse is an open source discussion platform. Versions 2.8.2 and pr ...)
- TODO: check
+ NOT-FOR-US: Discourse
CVE-2022-24781 (Geon is a board game based on solving questions about the Pythagorean ...)
- TODO: check
+ NOT-FOR-US: Geon
CVE-2022-24780
RESERVED
CVE-2022-24779
@@ -8095,7 +8096,7 @@ CVE-2022-24778
CVE-2022-24777
RESERVED
CVE-2022-24776 (Flask-AppBuilder is an application development framework, built on top ...)
- TODO: check
+ - flask-appbuilder <itp> (bug #998029)
CVE-2022-24775 (guzzlehttp/psr7 is a PSR-7 HTTP message library. Versions prior to 1.8 ...)
- php-guzzlehttp-psr7 <unfixed> (bug #1008236)
NOTE: https://github.com/guzzle/psr7/security/advisories/GHSA-q7rv-6hp3-vh96
@@ -8145,7 +8146,7 @@ CVE-2022-24764 (PJSIP is a free and open source multimedia communication library
CVE-2022-24763
RESERVED
CVE-2022-24762 (sysend.js is a library that allows a user to send messages between pag ...)
- TODO: check
+ NOT-FOR-US: sysend.js
CVE-2022-24761 (Waitress is a Web Server Gateway Interface server for Python 2 and 3. ...)
- waitress <unfixed> (bug #1008013)
NOTE: https://github.com/Pylons/waitress/security/advisories/GHSA-4f7p-27jc-3c36
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/eced0d7bb753036e6a24dec19e9db5bfafa0c359
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/eced0d7bb753036e6a24dec19e9db5bfafa0c359
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220325/e6fd3772/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list