[Git][security-tracker-team/security-tracker][master] Process new octoprint issues

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed Sep 21 21:52:51 BST 2022 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
f8dfc231 by Salvatore Bonaccorso at 2022-09-21T22:52:16+02:00
Process new octoprint issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -5164,7 +5164,7 @@ CVE-2022-39049 (An attacker who is logged into OTRS as an admin user may manipul
 CVE-2022-3069
 	RESERVED
 CVE-2022-3068 (Improper Privilege Management in GitHub repository octoprint/octoprint ...)
-	TODO: check
+	- octoprint <itp> (bug #718591)
 CVE-2022-39048
 	RESERVED
 CVE-2022-39046 (An issue was discovered in the GNU C Library (glibc) 2.36. When the sy ...)
@@ -7154,7 +7154,7 @@ CVE-2022-2889 (Use After Free in GitHub repository vim/vim prior to 9.0.0225. ..
 	NOTE: https://huntr.dev/bounties/d1ac9817-825d-49ce-b514-1d5b12b6bdaa
 	NOTE: https://github.com/vim/vim/commit/91c7cbfe31bbef57d5fcf7d76989fc159f73ef15 (v9.0.0225)
 CVE-2022-2888 (If an attacker comes into the possession of a victim's OctoPrint sessi ...)
-	TODO: check
+	- octoprint <itp> (bug #718591)
 CVE-2022-2887 (The WP Server Health Stats WordPress plugin before 1.7.0 does not esca ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-2886 (A vulnerability, which was classified as critical, was found in Larave ...)
@@ -7210,7 +7210,7 @@ CVE-2022-2873 (An out-of-bounds memory access flaw was found in the Linux kernel
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2119048
 	NOTE: https://lore.kernel.org/lkml/20220729093451.551672-1-zheyuma97@gmail.com/T/
 CVE-2022-2872 (Unrestricted Upload of File with Dangerous Type in GitHub repository o ...)
-	TODO: check
+	- octoprint <itp> (bug #718591)
 CVE-2022-2871 (Cross-site Scripting (XSS) - Stored in GitHub repository notrinos/notr ...)
 	NOT-FOR-US: NotrinosERP
 CVE-2022-38391
@@ -71349,7 +71349,7 @@ CVE-2021-41732 (** DISPUTED ** An issue was discovered in zeek version 4.1.0. Th
 	NOTE: https://github.com/zeek/zeek/issues/1798
 	NOTE: Disputed validitity of the security issue
 CVE-2021-41731 (Cross Site Scripting (XSS vulnerability exists in )Sourcecodester News ...)
-	TODO: check
+	NOT-FOR-US: Sourcecodester News247 News Magazine (CMS)
 CVE-2021-41730
 	RESERVED
 CVE-2021-41729 (BaiCloud-cms v2.5.7 is affected by an arbitrary file deletion vulnerab ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f8dfc231496eb1e1baad90c1642cc81dd1a6566f

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f8dfc231496eb1e1baad90c1642cc81dd1a6566f
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220921/0b0b5bfa/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list