Neil Williams pushed to branch master at Debian Security Tracker / security-tracker
Commits: da6a56e0 by Neil Williams at 2022-08-16T11:14:41+01:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -139,9 +139,9 @@ CVE-2022-2823 CVE-2022-2822 (An attacker can freely brute force username and password and can takeo ...) - octoprint <itp> (bug #718591) CVE-2022-2821 (Missing Critical Step in Authentication in GitHub repository namelessm ...) - TODO: check + NOT-FOR-US: NamelessMC/Nameless CVE-2022-2820 (Improper Access Control in GitHub repository namelessmc/nameless prior ...) - TODO: check + NOT-FOR-US: NamelessMC/Nameless CVE-2022-2819 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0 ...) - vim <unfixed> NOTE: https://huntr.dev/bounties/0a9bd71e-66b8-4eb1-9566-7dfd9b097e59 @@ -36809,13 +36809,13 @@ CVE-2022-24953 (The Crypt_GPG extension before 1.6.7 for PHP does not prevent ad [bullseye] - php-crypt-gpg 1.6.4-2+deb11u1 NOTE: https://github.com/pear/Crypt_GPG/commit/74c8f989cefbe0887274b461dc56197e121bfd04 (v1.6.7) CVE-2022-24952 (Several denial of service vulnerabilities exist in Eternal Terminal pr ...) - TODO: check + - et <itp> (bug #861635) CVE-2022-24951 (A race condition exists in Eternal Terminal prior to version 6.2.0 whi ...) - TODO: check + - et <itp> (bug #861635) CVE-2022-24950 (A race condition exists in Eternal Terminal prior to version 6.2.0 tha ...) - TODO: check + - et <itp> (bug #861635) CVE-2022-24949 (A privilege escalation to root exists in Eternal Terminal prior to ver ...) - TODO: check + - et <itp> (bug #861635) CVE-2022-24948 (A carefully crafted user preferences for submission could trigger an X ...) - jspwiki <removed> CVE-2022-24947 (Apache JSPWiki user preferences form is vulnerable to CSRF attacks, wh ...) @@ -37906,7 +37906,7 @@ CVE-2022-24656 (HexoEditor 1.1.8 is affected by Cross Site Scripting (XSS). By p CVE-2022-24655 (A stack overflow vulnerability exists in the upnpd service in Netgear ...) NOT-FOR-US: Netgear CVE-2022-24654 (Authenticated stored cross-site scripting (XSS) vulnerability in "Fiel ...) - TODO: check + NOT-FOR-US: Intelbras ATA 200 CVE-2022-24653 RESERVED CVE-2022-24652 (sentcms 4.0.x allows remote attackers to cause arbitrary file uploads ...) @@ -140624,7 +140624,7 @@ CVE-2020-23624 CVE-2020-23623 RESERVED CVE-2020-23622 (** UNSUPPORTED WHEN ASSIGNED ** An issue in the UPnP protocol in 4thli ...) - TODO: check + NOT-FOR-US: 4thline/cling CVE-2020-23621 (The Java Remote Management Interface of all versions of SVI MS Managem ...) NOT-FOR-US: Squire Remote Management Interface CVE-2020-23620 (The Java Remote Management Interface of all versions of Orlansoft ERP ...) @@ -144906,9 +144906,9 @@ CVE-2020-21644 CVE-2020-21643 RESERVED CVE-2020-21642 (Directory Traversal vulnerability ZDBQAREFSUBDIR parameter in /zropuse ...) - TODO: check + NOT-FOR-US: ManageEngine Analytics Plus CVE-2020-21641 (Out-of-Band XML External Entity (OOB-XXE) vulnerability in Zoho Manage ...) - TODO: check + NOT-FOR-US: ManageEngine Analytics Plus CVE-2020-21640 RESERVED CVE-2020-21639 (Ruijie RG-UAC 6000-E50 commit 9071227 was discovered to contain a cros ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/da6a56e06a488b68b0f5582d7859f7a83d38489c -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/da6a56e06a488b68b0f5582d7859f7a83d38489c You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits