Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: dbc98a9a by Salvatore Bonaccorso at 2022-10-27T22:12:19+02:00 Process some NFUs - - - - - 5b8aef77 by Salvatore Bonaccorso at 2022-10-27T22:12:20+02:00 Add CVE-2022-3363/rdiffweb - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -5175,7 +5175,7 @@ CVE-2022-41986 (Information disclosure vulnerability in Android App 'IIJ SmartKe CVE-2022-41814 RESERVED CVE-2022-41796 (Untrusted search path vulnerability in the installer of Content Transf ...) - TODO: check + NOT-FOR-US: installer of Content Transfer (for Windows) CVE-2022-41789 RESERVED CVE-2022-41611 @@ -6607,7 +6607,7 @@ CVE-2022-3365 CVE-2022-3364 (Allocation of Resources Without Limits or Throttling in GitHub reposit ...) - rdiffweb <itp> (bug #969974) CVE-2022-3363 (Business Logic Errors in GitHub repository ikus060/rdiffweb prior to 2 ...) - TODO: check + - rdiffweb <itp> (bug #969974) CVE-2022-3362 RESERVED CVE-2022-41850 (roccat_report_event in drivers/hid/hid-roccat.c in the Linux kernel th ...) @@ -6680,7 +6680,7 @@ CVE-2022-40967 CVE-2022-40965 RESERVED CVE-2022-40703 (CWE-302 Authentication Bypass by Assumed-Immutable Data in AliveCor Ka ...) - TODO: check + NOT-FOR-US: AliveCor Kardia App CVE-2022-40204 RESERVED CVE-2022-40202 @@ -6869,7 +6869,7 @@ CVE-2022-41713 CVE-2022-41712 RESERVED CVE-2022-41711 (Badaso version 2.6.0 allows an unauthenticated remote attacker to exec ...) - TODO: check + NOT-FOR-US: Badaso CVE-2022-41710 RESERVED CVE-2022-41709 (Markdownify version 1.4.1 allows an external attacker to execute arbit ...) @@ -10482,7 +10482,7 @@ CVE-2022-40240 CVE-2022-40239 RESERVED CVE-2022-40238 (A Remote Code Injection vulnerability exists in CERT software prior to ...) - TODO: check + NOT-FOR-US: CERT software CVE-2022-3169 (A flaw was found in the Linux kernel. A denial of service flaw may occ ...) - linux <unfixed> NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2125341 @@ -12494,15 +12494,15 @@ CVE-2022-39357 (Winter is a free, open-source content management system based on CVE-2022-39356 RESERVED CVE-2022-39355 (Discourse Patreon enables syncronization between Discourse Groups and ...) - TODO: check + NOT-FOR-US: Discourse Patreon CVE-2022-39354 (SputnikVM, also called evm, is a Rust implementation of Ethereum Virtu ...) - TODO: check + NOT-FOR-US: Rust crate evm CVE-2022-39353 RESERVED CVE-2022-39352 RESERVED CVE-2022-39351 (Dependency-Track is a Component Analysis platform that allows organiza ...) - TODO: check + NOT-FOR-US: Dependency-Track CVE-2022-39350 (@dependencytrack/frontend is a Single Page Application (SPA) used in D ...) TODO: check CVE-2022-39349 (The Tasks.org Android app is an open-source app for to-do lists and re ...) @@ -12520,11 +12520,11 @@ CVE-2022-39344 CVE-2022-39343 RESERVED CVE-2022-39342 (OpenFGA is an authorization/permission engine. Versions prior to versi ...) - TODO: check + NOT-FOR-US: OpenFGA CVE-2022-39341 (OpenFGA is an authorization/permission engine. Versions prior to versi ...) - TODO: check + NOT-FOR-US: OpenFGA CVE-2022-39340 (OpenFGA is an authorization/permission engine. Prior to version 0.2.4, ...) - TODO: check + NOT-FOR-US: OpenFGA CVE-2022-39339 RESERVED CVE-2022-39338 @@ -13780,7 +13780,7 @@ CVE-2022-38872 CVE-2022-38871 RESERVED CVE-2022-38870 (Free5gc v3.2.1 is vulnerable to Information disclosure. ...) - TODO: check + NOT-FOR-US: free5GC CVE-2022-38869 RESERVED CVE-2022-38868 @@ -16119,7 +16119,7 @@ CVE-2022-2784 CVE-2022-2783 (In affected versions of Octopus Server it was identified that a sessio ...) NOT-FOR-US: Octopus CVE-2022-2782 (In affected versions of Octopus Server it is possible for a session to ...) - TODO: check + NOT-FOR-US: Octopus Server CVE-2022-2781 (In affected versions of Octopus Server it was identified that the same ...) NOT-FOR-US: Octopus CVE-2022-2780 (In affected versions of Octopus Server it is possible to use the Git C ...) @@ -18616,7 +18616,7 @@ CVE-2022-37204 (Final CMS 5.1.0 is vulnerable to SQL Injection. ...) CVE-2022-37203 (JFinal CMS 5.1.0 is vulnerable to SQL Injection. These interfaces do n ...) NOT-FOR-US: JFinal CMS CVE-2022-37202 (JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/advicefeedb ...) - TODO: check + NOT-FOR-US: JFinal CMS CVE-2022-37201 (JFinal CMS 5.1.0 is vulnerable to SQL Injection. ...) NOT-FOR-US: JFinal CMS CVE-2022-37200 @@ -20355,13 +20355,13 @@ CVE-2022-36456 (TOTOLink A720R V4.1.5cu.532_B20210610 was discovered to contain CVE-2022-36455 (TOTOLink A3600R V4.1.2cu.5182_B20201102 was discovered to contain a co ...) NOT-FOR-US: TOTOLINK CVE-2022-36454 (A vulnerability in the MiCollab Client API of Mitel MiCollab through 9 ...) - TODO: check + NOT-FOR-US: Mitel CVE-2022-36453 (A vulnerability in the MiCollab Client API of Mitel MiCollab 9.1.3 thr ...) - TODO: check + NOT-FOR-US: Mitel CVE-2022-36452 (A vulnerability in the web conferencing component of Mitel MiCollab th ...) - TODO: check + NOT-FOR-US: Mitel CVE-2022-36451 (A vulnerability in the MiCollab Client server component of Mitel MiCol ...) - TODO: check + NOT-FOR-US: Mitel CVE-2022-36450 (Obsidian 0.14.x and 0.15.x before 0.15.5 allows obsidian://hook-get-ad ...) NOT-FOR-US: Obsidian CVE-2022-36449 (An issue was discovered in the Arm Mali GPU Kernel Driver. A non-privi ...) @@ -20667,7 +20667,7 @@ CVE-2022-2509 (A vulnerability found in gnutls. This security flaw happens becau NOTE: https://gitlab.com/gnutls/gnutls/-/issues/1383 (restricted) NOTE: https://gitlab.com/gnutls/gnutls/-/commit/ce37f9eb265dbe9b6d597f5767449e8ee95848e2 CVE-2022-2508 (In affected versions of Octopus Server it is possible to reveal the ex ...) - TODO: check + NOT-FOR-US: Octopus Server CVE-2022-2507 RESERVED CVE-2022-2506 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/42fcc87f70d5d8f0497393cab5202f50747942d0...5b8aef77443a688fef4d7b48a10b421b391d6cf0 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/42fcc87f70d5d8f0497393cab5202f50747942d0...5b8aef77443a688fef4d7b48a10b421b391d6cf0 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits