[Git][security-tracker-team/security-tracker][master] new zoneminder issues

Moritz Muehlenhoff (@jmm) jmm at debian.org
Mon Nov 21 12:55:44 GMT 2022 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
6a51411d by Moritz Muehlenhoff at 2022-11-21T13:55:14+01:00
new zoneminder issues
new potential otrs/znuny issue

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -19545,7 +19545,7 @@ CVE-2022-39054 (Cowell enterprise travel management system has insufficient filt
 CVE-2022-39053 (Heimavista Rpage has insufficient filtering for platform web URL. An u ...)
 	NOT-FOR-US: Heimavista Rpage
 CVE-2022-39052 (An external attacker is able to send a specially crafted email (with m ...)
-	TODO: check
+	- znuny <undetermined>
 CVE-2022-39051 (Attacker might be able to execute malicious Perl code in the Template  ...)
 	NOT-FOR-US: OTRS
 	NOTE: Could possibly affect Znuny, we'll let their security team figure it out
@@ -42572,9 +42572,13 @@ CVE-2022-30771 (Initialization function in PnpSmm could lead to SMRAM corruption
 CVE-2022-30770 (Terminalfour versions 8.3.7, 8.3.x versions prior to version 8.3.8 and ...)
 	NOT-FOR-US: Terminalfour
 CVE-2022-30769 (Session fixation exists in ZoneMinder through 1.36.12 as an attacker c ...)
-	TODO: check
+	- zoneminder <unfixed> (unimportant)
+	NOTE: https://medium.com/@dk50u1/session-fixation-in-zoneminder-up-to-v1-36-12-3c850b1fbbf3
+	NOTE: Only supported for trusted users/behind auth, see README.debian.security
 CVE-2022-30768 (A Stored Cross Site Scripting (XSS) issue in ZoneMinder 1.36.12 allows ...)
-	TODO: check
+	- zoneminder <unfixed> (unimportant)
+	NOTE: https://medium.com/@dk50u1/stored-xss-in-zoneminder-up-to-v1-36-12-f26b4bb68c31
+	NOTE: Only supported for trusted users/behind auth, see README.debian.security
 CVE-2022-30767 (nfs_lookup_reply in net/nfs.c in Das U-Boot through 2022.04 (and throu ...)
 	[experimental] - u-boot 2022.07~rc4+dfsg-1
 	- u-boot 2022.07+dfsg-1 (bug #1014471)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6a51411d4d617313b53ef26bbdaf2bf3ca54ed7c

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6a51411d4d617313b53ef26bbdaf2bf3ca54ed7c
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221121/0b6cd5a4/attachment.htm>

More information about the debian-security-tracker-commits mailing list