[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Tue Feb 28 14:02:05 GMT 2023
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
e4827cd7 by Moritz Muehlenhoff at 2023-02-28T15:01:49+01:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -4391,7 +4391,7 @@ CVE-2023-25659
CVE-2023-25658
RESERVED
CVE-2023-25657 (Nautobot is a Network Source of Truth and Network Automation Platform. ...)
- TODO: check
+ NOT-FOR-US: Nautobot
CVE-2023-25656 (notation-go is a collection of libraries for supporting Notation sign, ...)
NOT-FOR-US: notation-go
CVE-2023-25655
@@ -5739,7 +5739,7 @@ CVE-2023-25159 (Nextcloud Server is the file server software for Nextcloud, a se
CVE-2023-25158 (GeoTools is an open source Java library that provides tools for geospa ...)
NOT-FOR-US: GeoTools
CVE-2023-25157 (GeoServer is an open source software server written in Java that allow ...)
- TODO: check
+ NOT-FOR-US: Geoserver
CVE-2023-25156 (Kiwi TCMS, an open source test management system, does not impose rate ...)
NOT-FOR-US: Kiwi TCMS
CVE-2023-25155
@@ -8361,7 +8361,7 @@ CVE-2023-24191 (Online Food Ordering System v2 was discovered to contain a cross
CVE-2023-24190
RESERVED
CVE-2023-24189 (An XML External Entity (XXE) vulnerability in urule v2.1.7 allows atta ...)
- TODO: check
+ NOT-FOR-US: urule
CVE-2023-24188 (ureport v2.2.9 was discovered to contain a directory traversal vulnera ...)
NOT-FOR-US: ureport
CVE-2023-24187 (An XML External Entity (XXE) vulnerability in ureport v2.2.9 allows at ...)
@@ -11208,7 +11208,7 @@ CVE-2023-23207
CVE-2023-23206
RESERVED
CVE-2023-23205 (An issue was discovered in lib60870 v2.3.2. There is a memory leak in ...)
- TODO: check
+ NOT-FOR-US: lib60870
CVE-2023-23204
RESERVED
CVE-2023-23203
@@ -20668,7 +20668,7 @@ CVE-2022-46442 (dedecms <=V5.7.102 is vulnerable to SQL Injection. In sys_ sq
CVE-2022-46441
RESERVED
CVE-2022-46440 (ttftool v0.9.2 was discovered to contain a segmentation violation via ...)
- TODO: check
+ - swftools <removed>
CVE-2022-46439
RESERVED
CVE-2022-46438 (A cross-site scripting (XSS) vulnerability in the /admin/article_categ ...)
@@ -49593,7 +49593,7 @@ CVE-2020-36565 (Due to improper sanitization of user input on Windows, the stati
CVE-2020-36564 (Due to improper validation of caller input, validation is silently dis ...)
NOT-FOR-US: nosurf
CVE-2020-36563 (XML Digital Signatures generated and validated using this package use ...)
- TODO: check
+ NOT-FOR-US: go-saml
CVE-2019-25075 (HTML injection combined with path traversal in the Email service in Gr ...)
NOT-FOR-US: Gravitee API Management
CVE-2019-25074
@@ -49635,11 +49635,11 @@ CVE-2022-2573
CVE-2020-36562 (Due to unchecked type assertions, maliciously crafted messages can cau ...)
NOT-FOR-US: shiyanhui/dht
CVE-2020-36561 (Due to improper path santization, archives containing relative file pa ...)
- TODO: check
+ NOT-FOR-US: github.com/yi-ge/unzip
CVE-2020-36560 (Due to improper path santization, archives containing relative file pa ...)
- TODO: check
+ NOT-FOR-US: github.com/artdarek/unzip
CVE-2020-36559 (Due to improper santization of user input, HTTPEngine.Handle allows fo ...)
- TODO: check
+ NOT-FOR-US: aah framework
CVE-2019-25072 (Due to support of Gzip compression in request bodies, as well as a lac ...)
- tendermint-go-common <removed>
CVE-2018-25046 (Due to improper path santization, archives containing relative file pa ...)
@@ -51651,7 +51651,7 @@ CVE-2022-36233 (Tenda AC9 V15.03.2.13 is vulnerable to Buffer Overflow via httpd
CVE-2022-36232
RESERVED
CVE-2022-36231 (pdf_info 0.5.3 is vulnerable to Command Execution because the Ruby cod ...)
- TODO: check
+ NOT-FOR-US: pdf_info gem
CVE-2022-36230
RESERVED
CVE-2022-36229
@@ -55229,11 +55229,11 @@ CVE-2022-2288 (Out-of-bounds Write in GitHub repository vim/vim prior to 9.0. ..
NOTE: https://huntr.dev/bounties/a71bdcb7-4e9b-4650-ab6a-fe8e3e9852ad/
NOTE: https://github.com/vim/vim/commit/c6fdb15d423df22e1776844811d082322475e48a (v9.0.0025)
CVE-2022-34910 (An issue was discovered in the A4N (Aremis 4 Nomad) application 1.5.0 ...)
- TODO: check
+ NOT-FOR-US: A4N (Aremis 4 Nomad)
CVE-2022-34909 (An issue was discovered in the A4N (Aremis 4 Nomad) application 1.5.0 ...)
- TODO: check
+ NOT-FOR-US: A4N (Aremis 4 Nomad)
CVE-2022-34908 (An issue was discovered in the A4N (Aremis 4 Nomad) application 1.5.0 ...)
- TODO: check
+ NOT-FOR-US: A4N (Aremis 4 Nomad)
CVE-2022-34907 (An authentication bypass vulnerability exists in FileWave before 14.6. ...)
NOT-FOR-US: FileWave
CVE-2022-34906 (A hard-coded cryptographic key is used in FileWave before 14.6.3 and 1 ...)
@@ -57203,7 +57203,7 @@ CVE-2022-2178
CVE-2022-2177 (Kayrasoft product before version 2 has an unauthenticated SQL Injectio ...)
NOT-FOR-US: Kayrasoft
CVE-2022-2176 (This CVE ID has been rejected or withdrawn by its CVE Numbering Author ...)
- TODO: check
+ NOT-FOR-US: rejected CVE
CVE-2022-2175 (Buffer Over-read in GitHub repository vim/vim prior to 8.2. ...)
- vim 2:9.0.0135-1 (unimportant)
NOTE: https://huntr.dev/bounties/7f0481c2-8b57-4324-b47c-795d1ea67e55
@@ -60547,7 +60547,7 @@ CVE-2022-32951
CVE-2022-32950
RESERVED
CVE-2022-32949 (This issue was addressed with improved checks. This issue is fixed in ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2022-32948 (An out-of-bounds read was addressed with improved bounds checking. Thi ...)
NOT-FOR-US: Apple
CVE-2022-32947 (The issue was addressed with improved memory handling. This issue is f ...)
@@ -60638,7 +60638,7 @@ CVE-2022-32908 (A memory corruption issue was addressed with improved input vali
CVE-2022-32907 (This issue was addressed with improved checks. This issue is fixed in ...)
NOT-FOR-US: Apple
CVE-2022-32906 (This issue was addressed with using HTTPS when sending information ove ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2022-32905 (This issue was addressed with improved validation of symlinks. This is ...)
NOT-FOR-US: Apple
CVE-2022-32904 (An access issue was addressed with additional sandbox restrictions. Th ...)
@@ -60646,11 +60646,11 @@ CVE-2022-32904 (An access issue was addressed with additional sandbox restrictio
CVE-2022-32903 (A use after free issue was addressed with improved memory management. ...)
NOT-FOR-US: Apple
CVE-2022-32902 (A logic issue was addressed with improved state management. This issue ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2022-32901
RESERVED
CVE-2022-32900 (A logic issue was addressed with improved state management. This issue ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2022-32899 (The issue was addressed with improved memory handling. This issue is f ...)
NOT-FOR-US: Apple
CVE-2022-32898 (The issue was addressed with improved memory handling. This issue is f ...)
@@ -60658,7 +60658,7 @@ CVE-2022-32898 (The issue was addressed with improved memory handling. This issu
CVE-2022-32897
RESERVED
CVE-2022-32896 (This issue was addressed by enabling hardened runtime. This issue is f ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2022-32895 (A race condition was addressed with improved state handling. This issu ...)
NOT-FOR-US: Apple
CVE-2022-32894 (An out-of-bounds write issue was addressed with improved bounds checki ...)
@@ -60752,7 +60752,7 @@ CVE-2022-32857 (This issue was addressed by using HTTPS when sending information
CVE-2022-32856
RESERVED
CVE-2022-32855 (A logic issue was addressed with improved state management. This issue ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2022-32854 (This issue was addressed with improved checks. This issue is fixed in ...)
NOT-FOR-US: Apple
CVE-2022-32853 (An out-of-bounds read issue was addressed with improved input validati ...)
@@ -60770,11 +60770,11 @@ CVE-2022-32848 (A logic issue was addressed with improved checks. This issue is
CVE-2022-32847 (This issue was addressed with improved checks. This issue is fixed in ...)
NOT-FOR-US: Apple
CVE-2022-32846 (A logic issue was addressed with improved state management. This issue ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2022-32845 (This issue was addressed with improved checks. This issue is fixed in ...)
NOT-FOR-US: Apple
CVE-2022-32844 (A race condition was addressed with improved state handling. This issu ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2022-32843 (An out-of-bounds write issue was addressed with improved bounds checki ...)
NOT-FOR-US: Apple
CVE-2022-32842 (An out-of-bounds read issue was addressed with improved input validati ...)
@@ -60790,7 +60790,7 @@ CVE-2022-32838 (A logic issue was addressed with improved state management. This
CVE-2022-32837 (This issue was addressed with improved checks. This issue is fixed in ...)
NOT-FOR-US: Apple
CVE-2022-32836 (This issue was addressed with improved state management. This issue is ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2022-32835 (This issue was addressed with improved entitlements. This issue is fix ...)
NOT-FOR-US: Apple
CVE-2022-32834 (An access issue was addressed with improvements to the sandbox. This i ...)
@@ -60802,7 +60802,7 @@ CVE-2022-32832 (The issue was addressed with improved memory handling. This issu
CVE-2022-32831 (An out-of-bounds read was addressed with improved bounds checking. Thi ...)
NOT-FOR-US: Apple
CVE-2022-32830 (An out-of-bounds read issue was addressed with improved bounds checkin ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2022-32829 (This issue was addressed with improved checks. This issue is fixed in ...)
NOT-FOR-US: Apple
CVE-2022-32828 (The issue was addressed with improved memory handling. This issue is f ...)
@@ -60814,7 +60814,7 @@ CVE-2022-32826 (An authorization issue was addressed with improved state managem
CVE-2022-32825 (The issue was addressed with improved memory handling. This issue is f ...)
NOT-FOR-US: Apple
CVE-2022-32824 (The issue was addressed with improved memory handling. This issue is f ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2022-32823 (A memory initialization issue was addressed with improved memory handl ...)
NOT-FOR-US: Apple
CVE-2022-32822
@@ -60901,7 +60901,7 @@ CVE-2022-32786 (An issue in the handling of environment variables was addressed
CVE-2022-32785 (A null pointer dereference was addressed with improved validation. Thi ...)
NOT-FOR-US: Apple
CVE-2022-32784 (The issue was addressed with improved UI handling. This issue is fixed ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2022-32783 (A logic issue was addressed with improved checks. This issue is fixed ...)
NOT-FOR-US: Apple
CVE-2022-32782 (This issue was addressed by enabling hardened runtime. This issue is f ...)
@@ -61513,7 +61513,7 @@ CVE-2022-32538
CVE-2022-32537 (A vulnerability exists which could allow an unauthorized user to learn ...)
NOT-FOR-US: Medtronic
CVE-2022-2024 (OS Command Injection in GitHub repository gogs/gogs prior to 0.12.11. ...)
- TODO: check
+ NOT-FOR-US: Go Git Service
CVE-2022-2023 (Incorrect Use of Privileged APIs in GitHub repository polonel/trudesk ...)
NOT-FOR-US: Trudesk
CVE-2017-20050
@@ -65010,7 +65010,7 @@ CVE-2022-31407
CVE-2022-31406
RESERVED
CVE-2022-31405 (MV iDigital Clinic Enterprise (iDCE) 1.0 stores passwords in cleartext ...)
- TODO: check
+ NOT-FOR-US: MV iDigital Clinic Enterprise
CVE-2022-31404
RESERVED
CVE-2022-31403 (ITOP v3.0.1 was discovered to contain a cross-site scripting (XSS) vul ...)
@@ -68316,7 +68316,7 @@ CVE-2022-1609
CVE-2022-1608 (The OnePress Social Locker WordPress plugin through 5.6.2 does not hav ...)
NOT-FOR-US: WordPress plugin
CVE-2022-1607 (Cross-Site Request Forgery (CSRF) vulnerability in ABB Pulsar Plus Sys ...)
- TODO: check
+ NOT-FOR-US: ABB
CVE-2022-1606 (Incorrect privilege assignment in M-Files Server versions before 22.3. ...)
NOT-FOR-US: M-Files Server
CVE-2022-1605 (The Email Users WordPress plugin through 4.8.8 does not have CSRF chec ...)
@@ -71312,7 +71312,7 @@ CVE-2022-29275 (In UsbCoreDxe, untrusted input may allow SMRAM or OS memory tamp
CVE-2022-29274
RESERVED
CVE-2022-29273 (pfSense CE through 2.6.0 and pfSense Plus before 22.05 allow XSS in th ...)
- TODO: check
+ NOT-FOR-US: pfSense
CVE-2022-29272 (In Nagios XI through 5.8.5, an open redirect vulnerability exists in t ...)
NOT-FOR-US: Nagios XI
CVE-2022-29271 (In Nagios XI through 5.8.5, a read-only Nagios user (due to an incorre ...)
@@ -78830,7 +78830,7 @@ CVE-2022-26762 (A memory corruption issue was addressed with improved memory han
CVE-2022-26761 (A memory corruption issue was addressed with improved memory handling. ...)
NOT-FOR-US: Apple
CVE-2022-26760 (A memory corruption issue was addressed with improved state management ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2022-26759
RESERVED
CVE-2022-26758
@@ -81109,7 +81109,7 @@ CVE-2022-25857 (The package org.yaml:snakeyaml from 0 and before 1.31 are vulner
CVE-2022-25856 (The package github.com/argoproj/argo-events/sensors/artifacts before 1 ...)
NOT-FOR-US: github.com/argoproj/argo-events/sensors/artifacts
CVE-2022-25855 (All versions of the package create-choo-app3 are vulnerable to Command ...)
- TODO: check
+ NOT-FOR-US: create-choo-app3
CVE-2022-25854 (This affects the package @yaireo/tagify before 4.9.8. The package is u ...)
NOT-FOR-US: Tagify
CVE-2022-25853 (All versions of the package semver-tags are vulnerable to Command Inje ...)
@@ -81224,7 +81224,7 @@ CVE-2022-25231 (The package node-opcua before 2.74.0 are vulnerable to Denial of
CVE-2022-25171 (The package p4 before 0.0.7 are vulnerable to Command Injection via th ...)
TODO: check
CVE-2022-24913 (Versions of the package com.fasterxml.util:java-merge-sort before 1.1. ...)
- TODO: check
+ NOT-FOR-US: com.fasterxml.util:java-merge-sort
CVE-2022-24912 (The package github.com/runatlantis/atlantis/server/controllers/events ...)
NOT-FOR-US: github.com/runatlantis/atlantis
CVE-2022-24909
@@ -81376,7 +81376,7 @@ CVE-2022-21149 (The package s-cart/s-cart before 6.9; the package s-cart/core be
CVE-2022-21144 (This affects all versions of package libxmljs. When invoking the libxm ...)
NOT-FOR-US: Node libxmljs
CVE-2022-21129 (Versions of the package nemo-appium before 0.0.9 are vulnerable to Com ...)
- TODO: check
+ NOT-FOR-US: nemo-appium
CVE-2022-21126 (The package com.github.samtools:htsjdk before 3.0.1 are vulnerable to ...)
NOT-FOR-US: com.github.samtools:htsjdk
CVE-2022-21122 (The package metacalc before 0.0.2 are vulnerable to Arbitrary Code Exe ...)
@@ -89072,7 +89072,7 @@ CVE-2022-23538 (github.com/sylabs/scs-library-client is the Go client for the Si
CVE-2022-23536 (Cortex provides multi-tenant, long term storage for Prometheus. A loca ...)
NOT-FOR-US: Cortex (multi-tenant, long term storage for Prometheus)
CVE-2022-23535 (LiteDB is a small, fast and lightweight .NET NoSQL embedded database. ...)
- TODO: check
+ NOT-FOR-US: LiteDB
CVE-2022-23534
RESERVED
CVE-2022-23533
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e4827cd70320b991da2ba47813c7911444b020d5
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e4827cd70320b991da2ba47813c7911444b020d5
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230228/82417ca0/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list