[Git][security-tracker-team/security-tracker][master] Process some NFUs
Neil Williams (@codehelp)
codehelp at debian.org
Tue May 3 13:19:37 BST 2022
Neil Williams pushed to branch master at Debian Security Tracker / security-tracker
Commits:
99c2a921 by Neil Williams at 2022-05-03T13:19:19+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -11644,7 +11644,7 @@ CVE-2022-25303
CVE-2022-25302
RESERVED
CVE-2022-25301 (All versions of package jsgui-lang-essentials are vulnerable to Protot ...)
- TODO: check
+ NOT-FOR-US: jsgui-lang-essentials
CVE-2022-25300
RESERVED
CVE-2022-25233
@@ -11670,7 +11670,7 @@ CVE-2022-24439
CVE-2022-24438
RESERVED
CVE-2022-24437 (The package git-pull-or-clone before 2.0.2 are vulnerable to Command I ...)
- TODO: check
+ NOT-FOR-US: Node git-pull-or-clone
CVE-2022-24434
RESERVED
CVE-2022-24433 (The package simple-git before 3.3.0 are vulnerable to Command Injectio ...)
@@ -11704,7 +11704,7 @@ CVE-2022-24066 (The package simple-git before 3.5.0 are vulnerable to Command In
CVE-2022-24065
RESERVED
CVE-2022-23923 (All versions of package jailed are vulnerable to Sandbox Bypass via an ...)
- TODO: check
+ NOT-FOR-US: Node jailed
CVE-2022-23920
RESERVED
CVE-2022-23915 (The package weblate from 0 and before 4.11.1 are vulnerable to Remote ...)
@@ -14301,7 +14301,7 @@ CVE-2022-24975 (The --mirror documentation for Git through 2.35.1 does not menti
NOTE: CVE is specifically about --mirror documentation not mentioning the availability
NOTE: of deleted content.
CVE-2022-24974 (Links may not be rewritten according to policy in some specially forma ...)
- TODO: check
+ NOT-FOR-US: Proofpoint email-isolation
CVE-2022-24973
RESERVED
CVE-2022-24972
@@ -14490,7 +14490,7 @@ CVE-2022-24899
CVE-2022-24898 (org.xwiki.commons:xwiki-commons-xml is a common module used by other X ...)
NOT-FOR-US: Xwiki
CVE-2022-24897 (APIs to evaluate content with Velocity is a package for APIs to evalua ...)
- TODO: check
+ NOT-FOR-US: Xwiki
CVE-2022-24896
RESERVED
CVE-2022-24895
@@ -17908,7 +17908,7 @@ CVE-2022-23906 (CMS Made Simple v2.2.15 was discovered to contain a Remote Comma
CVE-2022-23905
RESERVED
CVE-2022-23904 (Rainworx Auctionworx < 3.1R2 is vulnerable to a Cross-Site Request ...)
- TODO: check
+ NOT-FOR-US: Rainworx Auctionworx
CVE-2022-23903 (A Cross Site Scripting (XSS) vulnerability exists in pearadmin pear-ad ...)
NOT-FOR-US: pear-admin-think
CVE-2022-23902 (Tongda2000 v11.10 was discovered to contain a SQL injection vulnerabil ...)
@@ -18812,9 +18812,9 @@ CVE-2022-23725
CVE-2022-23724
RESERVED
CVE-2022-23723 (An MFA bypass vulnerability exists in the PingFederate PingOne MFA Int ...)
- TODO: check
+ NOT-FOR-US: pingidentity
CVE-2022-23722 (When a password reset mechanism is configured to use the Authenticatio ...)
- TODO: check
+ NOT-FOR-US: pingidentity
CVE-2022-23721
RESERVED
CVE-2022-23720
@@ -21040,7 +21040,7 @@ CVE-2022-23067
CVE-2022-23066
RESERVED
CVE-2022-23065 (In Vendure versions 0.1.0-alpha.2 to 1.5.1 are affected by Stored XSS ...)
- TODO: check
+ NOT-FOR-US: Vendure
CVE-2022-23064 (In Snipe-IT, versions v3.0-alpha to v5.3.7 are vulnerable to Host Head ...)
- snipe-it <itp> (bug #1005172)
CVE-2022-23063
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/99c2a921e86fae050b382eecb6c51360b906e1ea
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/99c2a921e86fae050b382eecb6c51360b906e1ea
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220503/82197f7f/attachment.htm>
More information about the debian-security-tracker-commits
mailing list