Neil Williams pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
da6a56e0 by Neil Williams at 2022-08-16T11:14:41+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -139,9 +139,9 @@ CVE-2022-2823
CVE-2022-2822 (An attacker can freely brute force username and password and
can takeo ...)
- octoprint <itp> (bug #718591)
CVE-2022-2821 (Missing Critical Step in Authentication in GitHub repository
namelessm ...)
- TODO: check
+ NOT-FOR-US: NamelessMC/Nameless
CVE-2022-2820 (Improper Access Control in GitHub repository
namelessmc/nameless prior ...)
- TODO: check
+ NOT-FOR-US: NamelessMC/Nameless
CVE-2022-2819 (Heap-based Buffer Overflow in GitHub repository vim/vim prior
to 9.0.0 ...)
- vim <unfixed>
NOTE: https://huntr.dev/bounties/0a9bd71e-66b8-4eb1-9566-7dfd9b097e59
@@ -36809,13 +36809,13 @@ CVE-2022-24953 (The Crypt_GPG extension before 1.6.7
for PHP does not prevent ad
[bullseye] - php-crypt-gpg 1.6.4-2+deb11u1
NOTE:
https://github.com/pear/Crypt_GPG/commit/74c8f989cefbe0887274b461dc56197e121bfd04
(v1.6.7)
CVE-2022-24952 (Several denial of service vulnerabilities exist in Eternal
Terminal pr ...)
- TODO: check
+ - et <itp> (bug #861635)
CVE-2022-24951 (A race condition exists in Eternal Terminal prior to version
6.2.0 whi ...)
- TODO: check
+ - et <itp> (bug #861635)
CVE-2022-24950 (A race condition exists in Eternal Terminal prior to version
6.2.0 tha ...)
- TODO: check
+ - et <itp> (bug #861635)
CVE-2022-24949 (A privilege escalation to root exists in Eternal Terminal
prior to ver ...)
- TODO: check
+ - et <itp> (bug #861635)
CVE-2022-24948 (A carefully crafted user preferences for submission could
trigger an X ...)
- jspwiki <removed>
CVE-2022-24947 (Apache JSPWiki user preferences form is vulnerable to CSRF
attacks, wh ...)
@@ -37906,7 +37906,7 @@ CVE-2022-24656 (HexoEditor 1.1.8 is affected by Cross
Site Scripting (XSS). By p
CVE-2022-24655 (A stack overflow vulnerability exists in the upnpd service in
Netgear ...)
NOT-FOR-US: Netgear
CVE-2022-24654 (Authenticated stored cross-site scripting (XSS) vulnerability
in "Fiel ...)
- TODO: check
+ NOT-FOR-US: Intelbras ATA 200
CVE-2022-24653
RESERVED
CVE-2022-24652 (sentcms 4.0.x allows remote attackers to cause arbitrary file
uploads ...)
@@ -140624,7 +140624,7 @@ CVE-2020-23624
CVE-2020-23623
RESERVED
CVE-2020-23622 (** UNSUPPORTED WHEN ASSIGNED ** An issue in the UPnP protocol
in 4thli ...)
- TODO: check
+ NOT-FOR-US: 4thline/cling
CVE-2020-23621 (The Java Remote Management Interface of all versions of SVI MS
Managem ...)
NOT-FOR-US: Squire Remote Management Interface
CVE-2020-23620 (The Java Remote Management Interface of all versions of
Orlansoft ERP ...)
@@ -144906,9 +144906,9 @@ CVE-2020-21644
CVE-2020-21643
RESERVED
CVE-2020-21642 (Directory Traversal vulnerability ZDBQAREFSUBDIR parameter in
/zropuse ...)
- TODO: check
+ NOT-FOR-US: ManageEngine Analytics Plus
CVE-2020-21641 (Out-of-Band XML External Entity (OOB-XXE) vulnerability in
Zoho Manage ...)
- TODO: check
+ NOT-FOR-US: ManageEngine Analytics Plus
CVE-2020-21640
RESERVED
CVE-2020-21639 (Ruijie RG-UAC 6000-E50 commit 9071227 was discovered to
contain a cros ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/da6a56e06a488b68b0f5582d7859f7a83d38489c
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/da6a56e06a488b68b0f5582d7859f7a83d38489c
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
