[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Fri Oct 14 10:08:16 BST 2022
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
9804a0ff by Moritz Muehlenhoff at 2022-10-14T11:07:55+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -35,11 +35,11 @@ CVE-2022-3499
CVE-2022-3498
RESERVED
CVE-2022-3497 (A vulnerability was found in SourceCodester Human Resource Management ...)
- TODO: check
+ NOT-FOR-US: SourceCodester
CVE-2022-3496 (A vulnerability was found in SourceCodester Human Resource Management ...)
- TODO: check
+ NOT-FOR-US: SourceCodester
CVE-2022-3495 (A vulnerability has been found in SourceCodester Simple Online Public ...)
- TODO: check
+ NOT-FOR-US: SourceCodester
CVE-2022-3494
RESERVED
CVE-2022-3493 (A vulnerability, which was classified as problematic, has been found i ...)
@@ -365,9 +365,9 @@ CVE-2022-42785
CVE-2022-42784
RESERVED
CVE-2022-3457 (Origin Validation Error in GitHub repository ikus060/rdiffweb prior to ...)
- TODO: check
+ - rdiffweb <itp> (bug #969974)
CVE-2022-3456 (Allocation of Resources Without Limits or Throttling in GitHub reposit ...)
- TODO: check
+ - rdiffweb <itp> (bug #969974)
CVE-2022-3455
RESERVED
CVE-2022-3454
@@ -3347,19 +3347,19 @@ CVE-2022-41541
CVE-2022-41540
RESERVED
CVE-2022-41539 (Wedding Planner v1.0 was discovered to contain an arbitrary file uploa ...)
- TODO: check
+ NOT-FOR-US: Wedding Planner
CVE-2022-41538 (Wedding Planner v1.0 was discovered to contain an arbitrary file uploa ...)
- TODO: check
+ NOT-FOR-US: Wedding Planner
CVE-2022-41537
RESERVED
CVE-2022-41536 (Open Source SACCO Management System v1.0 was discovered to contain a S ...)
- TODO: check
+ NOT-FOR-US: Open Source SACCO Management System
CVE-2022-41535 (Open Source SACCO Management System v1.0 was discovered to contain a S ...)
- TODO: check
+ NOT-FOR-US: Open Source SACCO Management System
CVE-2022-41534 (Online Diagnostic Lab Management System v1.0 was discovered to contain ...)
- TODO: check
+ NOT-FOR-US: Online Diagnostic Lab Management System
CVE-2022-41533 (Online Diagnostic Lab Management System v1.0 was discovered to contain ...)
- TODO: check
+ NOT-FOR-US: Online Diagnostic Lab Management System
CVE-2022-41532 (Open Source SACCO Management System v1.0 was discovered to contain a S ...)
NOT-FOR-US: Open Source SACCO Management System
CVE-2022-41531
@@ -3431,11 +3431,11 @@ CVE-2022-41499
CVE-2022-41498
RESERVED
CVE-2022-41497 (ClipperCMS 1.3.3 was discovered to contain a Server-Side Request Forge ...)
- TODO: check
+ NOT-FOR-US: ClipperCMS
CVE-2022-41496 (iCMS v7.0.16 was discovered to contain a Server-Side Request Forgery ( ...)
- TODO: check
+ NOT-FOR-US: iCMS
CVE-2022-41495 (ClipperCMS 1.3.3 was discovered to contain a Server-Side Request Forge ...)
- TODO: check
+ NOT-FOR-US: ClipperCMS
CVE-2022-41494
RESERVED
CVE-2022-41493
@@ -3646,9 +3646,9 @@ CVE-2022-41393
CVE-2022-41392 (A cross-site scripting (XSS) vulnerability in TotalJS commit 8c2c8909 ...)
NOT-FOR-US: TotalJS CMS
CVE-2022-41391 (OcoMon v4.0 was discovered to contain a SQL injection vulnerability vi ...)
- TODO: check
+ NOT-FOR-US: OcoMon
CVE-2022-41390 (OcoMon v4.0 was discovered to contain a SQL injection vulnerability vi ...)
- TODO: check
+ NOT-FOR-US: OcoMon
CVE-2022-41389
RESERVED
CVE-2022-41388
@@ -8517,13 +8517,13 @@ CVE-2022-39305
CVE-2022-39304
RESERVED
CVE-2022-39303 (Ree6 is a moderation bot. This vulnerability allows manipulation of SQ ...)
- TODO: check
+ NOT-FOR-US: Ree6
CVE-2022-39302 (Ree6 is a moderation bot. This vulnerability would allow other server ...)
- TODO: check
+ NOT-FOR-US: Ree6
CVE-2022-39301
RESERVED
CVE-2022-39300 (node SAML is a SAML 2.0 library based on the SAML implementation of pa ...)
- TODO: check
+ NOT-FOR-US: Node saml
CVE-2022-39299 (Passport-SAML is a SAML 2.0 authentication provider for Passport, the ...)
NOT-FOR-US: Passport-SAML
CVE-2022-39298 (MelisFront is the engine that displays website hosted on Melis Platfor ...)
@@ -8533,7 +8533,7 @@ CVE-2022-39297 (MelisCms provides a full CMS for Melis Platform, including templ
CVE-2022-39296 (MelisAssetManager provides deliveries of Melis Platform's assets locat ...)
NOT-FOR-US: MelisAssetManager
CVE-2022-39295 (Knowage is an open source suite for modern business analytics alternat ...)
- TODO: check
+ NOT-FOR-US: Knowage
CVE-2022-39294
RESERVED
CVE-2022-39293 (Azure RTOS USBX is a high-performance USB host, device, and on-the-go ...)
@@ -8589,7 +8589,7 @@ CVE-2022-39280 (dparse is a parser for Python dependency files. dparse in versio
CVE-2022-39279 (discourse-chat is a plugin for the Discourse message board which adds ...)
NOT-FOR-US: discourse-chat plugin for Discourse
CVE-2022-39278 (Istio is an open platform-independent service mesh that provides traff ...)
- TODO: check
+ NOT-FOR-US: Istio
CVE-2022-39277
RESERVED
CVE-2022-39276
@@ -8721,7 +8721,7 @@ CVE-2022-39231 (Parse Server is an open source backend that can be deployed to a
CVE-2022-39230 (fhir-works-on-aws-authz-smart is an implementation of the authorizatio ...)
NOT-FOR-US: fhir-works-on-aws-authz-smart
CVE-2022-39229 (Grafana is an open source data visualization platform for metrics, log ...)
- TODO: check
+ - grafana <removed>
CVE-2022-39228
RESERVED
CVE-2022-39227 (python-jwt is a module for generating and verifying JSON Web Tokens. V ...)
@@ -8785,7 +8785,7 @@ CVE-2022-39203 (matrix-appservice-irc is an open source Node.js IRC bridge for M
CVE-2022-39202 (matrix-appservice-irc is an open source Node.js IRC bridge for Matrix. ...)
NOT-FOR-US: matrix-appservice-irc
CVE-2022-39201 (Grafana is an open source observability and data visualization platfor ...)
- TODO: check
+ - grafana <removed>
CVE-2022-39200 (Dendrite is a Matrix homeserver written in Go. In affected versions ev ...)
NOT-FOR-US: Dendrite
CVE-2022-39199
@@ -12024,7 +12024,7 @@ CVE-2022-2782
CVE-2022-2781 (In affected versions of Octopus Server it was identified that the same ...)
NOT-FOR-US: Octopus
CVE-2022-2780 (In affected versions of Octopus Server it is possible to use the Git C ...)
- TODO: check
+ NOT-FOR-US: Octopus
CVE-2022-2779 (A vulnerability classified as critical was found in SourceCodester Gas ...)
NOT-FOR-US: SourceCodester Gas Agency Management System
CVE-2022-2778 (In affected versions of Octopus Deploy it is possible to bypass rate l ...)
@@ -13339,7 +13339,7 @@ CVE-2022-37616 (A prototype pollution vulnerability exists in the function copy
CVE-2022-37615
RESERVED
CVE-2022-37614 (Prototype pollution vulnerability in function enable in mockery.js in ...)
- TODO: check
+ NOT-FOR-US: Node mockery
CVE-2022-37613
RESERVED
CVE-2022-37612
@@ -15543,9 +15543,9 @@ CVE-2022-36805
CVE-2022-36804 (Multiple API endpoints in Atlassian Bitbucket Server and Data Center 7 ...)
NOT-FOR-US: Atlassian
CVE-2022-36803 (The MasterUserEdit API in Atlassian Jira Align Server before version 1 ...)
- TODO: check
+ NOT-FOR-US: Atlassian
CVE-2022-36802 (The ManageJiraConnectors API in Atlassian Jira Align before version 10 ...)
- TODO: check
+ NOT-FOR-US: Atlassian
CVE-2022-36801 (Affected versions of Atlassian Jira Server and Data Center allow anony ...)
NOT-FOR-US: Atlassian
CVE-2022-36800 (Affected versions of Atlassian Jira Service Management Server and Data ...)
@@ -17727,7 +17727,7 @@ CVE-2022-35945 (GLPI stands for Gestionnaire Libre de Parc Informatique and is a
- glpi <removed> (unimportant)
NOTE: Only supported behind an authenticated HTTP zone
CVE-2022-35944 (October is a self-hosted Content Management System (CMS) platform base ...)
- TODO: check
+ NOT-FOR-US: October CMS
CVE-2022-35943 (Shield is an authentication and authorization framework for CodeIgnite ...)
- codeigniter <itp> (bug #471583)
CVE-2022-35942 (Improper input validation on the `contains` LoopBack filter may allow ...)
@@ -18576,9 +18576,9 @@ CVE-2022-35614
CVE-2022-35613
RESERVED
CVE-2022-35612 (A cross-site scripting (XSS) vulnerability in MQTTRoute v3.3 and below ...)
- TODO: check
+ NOT-FOR-US: MQTTRoute
CVE-2022-35611 (A Cross-Site Request Forgery (CSRF) in MQTTRoute v3.3 and below allows ...)
- TODO: check
+ NOT-FOR-US: MQTTRoute
CVE-2022-35610
RESERVED
CVE-2022-35609
@@ -19834,11 +19834,11 @@ CVE-2022-35138
CVE-2022-35137 (DGIOT Lightweight industrial IoT v4.5.4 was discovered to contain mult ...)
NOT-FOR-US: DGIOT Lightweight industrial IoT
CVE-2022-35136 (Boodskap IoT Platform v4.4.9-02 allows attackers to make unauthenticat ...)
- TODO: check
+ NOT-FOR-US: Boodskap IoT Platform
CVE-2022-35135 (Boodskap IoT Platform v4.4.9-02 allows attackers to escalate privilege ...)
- TODO: check
+ NOT-FOR-US: Boodskap IoT Platform
CVE-2022-35134 (Boodskap IoT Platform v4.4.9-02 contains a cross-site scripting (XSS) ...)
- TODO: check
+ NOT-FOR-US: Boodskap IoT Platform
CVE-2022-35133 (A cross-site scripting (XSS) vulnerability in CherryTree v0.99.30 allo ...)
- cherrytree <not-affected> (No vulnerable version ever uploaded, introduced in 0.99.44 and fixed in 0.99.45)
NOTE: https://drive.google.com/file/d/1Pidkh2MAQkue81dS7SI-d16Vun_s5tot/view?usp=sharing
@@ -22982,9 +22982,9 @@ CVE-2022-34024 (Barangay Management System v1.0 was discovered to contain an arb
CVE-2022-34023 (Barangay Management System v1.0 was discovered to contain a SQL inject ...)
NOT-FOR-US: Barangay Management System
CVE-2022-34022 (SQL injection vulnerability in ResIOT IOT Platform + LoRaWAN Network S ...)
- TODO: check
+ NOT-FOR-US: ResIOT IOT Platform
CVE-2022-34021 (Multiple Cross Site Scripting (XSS) vulnerabilities in ResIOT IOT Plat ...)
- TODO: check
+ NOT-FOR-US: ResIOT IOT Platform
CVE-2022-34020 (Cross Site Request Forgery (CSRF) vulnerability in ResIOT ResIOT IOT P ...)
NOT-FOR-US: DellResIOT
CVE-2022-34019
@@ -27784,7 +27784,7 @@ CVE-2022-32179
CVE-2022-32178
RESERVED
CVE-2022-32177 (In "Gin-Vue-Admin", versions v2.5.1 through v2.5.3beta are vulnerable ...)
- TODO: check
+ NOT-FOR-US: Gin-Vue-Admin
CVE-2022-32176
RESERVED
CVE-2022-32175 (In AdGuardHome, versions v0.95 through v0.108.0-b.13 are vulnerable to ...)
@@ -30799,7 +30799,7 @@ CVE-2022-31132 (Nextcloud Mail is an email application for the nextcloud persona
CVE-2022-31131 (Nextcloud mail is a Mail app for the Nextcloud home server product. Ve ...)
NOT-FOR-US: Nextcloud Mail app
CVE-2022-31130 (Grafana is an open source observability and data visualization platfor ...)
- TODO: check
+ - grafana <removed>
CVE-2022-31129 (moment is a JavaScript date library for parsing, validating, manipulat ...)
- node-moment 2.29.4+ds-1 (bug #1014845)
[bullseye] - node-moment 2.29.1+ds-2+deb11u2
@@ -30818,7 +30818,7 @@ CVE-2022-31125 (Roxy-wi is an open source web interface for managing Haproxy, Ng
CVE-2022-31124 (openssh_key_parser is an open source Python package providing utilitie ...)
NOT-FOR-US: openssh_key_parser
CVE-2022-31123 (Grafana is an open source observability and data visualization platfor ...)
- TODO: check
+ - grafana <removed>
CVE-2022-31122
RESERVED
CVE-2022-31121 (Hyperledger Fabric is a permissioned distributed ledger framework. In ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9804a0ff7080d556eb84adcb3209b2a7a3df2420
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9804a0ff7080d556eb84adcb3209b2a7a3df2420
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221014/c93d1a8a/attachment.htm>
More information about the debian-security-tracker-commits
mailing list