Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits: 4aa100be by Moritz Muehlenhoff at 2022-02-04T09:27:16+01:00 NFUs - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -262,7 +262,7 @@ CVE-2022-0473 CVE-2022-24308 RESERVED CVE-2022-24307 (Mastodon before 3.3.2 and 3.4.x before 3.4.6 has incorrect access cont ...) - TODO: check + NOT-FOR-US: Mastodon CVE-2022-24306 RESERVED CVE-2022-24305 @@ -529,7 +529,7 @@ CVE-2022-0433 [missing initialization in bloom filter map in kernel/bpf/bloom_fi NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2048259 NOTE: Fixed by: https://git.kernel.org/linus/3ccdcee28415c4226de05438b4d89eb5514edf73 (5.17-rc1) CVE-2022-0432 (Prototype Pollution in GitHub repository mastodon/mastodon prior to 3. ...) - TODO: check + NOT-FOR-US: Mastodon CVE-2022-0431 RESERVED CVE-2022-0430 @@ -874,7 +874,7 @@ CVE-2022-24125 CVE-2022-24124 (The query API in Casdoor before 1.13.1 has a SQL injection vulnerabili ...) NOT-FOR-US: Casdoor CVE-2022-24123 (MarkText through 0.16.3 does not sanitize the input of a mermaid block ...) - TODO: check + NOT-FOR-US: MarkText CVE-2022-24121 (SQL Injection vulnerability discovered in Unified Office Total Connect ...) NOT-FOR-US: Unified Office CVE-2021-46660 (Signiant Manager+Agents before 15.1 allows XML External Entity (XXE) a ...) @@ -963,7 +963,7 @@ CVE-2022-0403 CVE-2022-0402 RESERVED CVE-2022-0401 (Path Traversal in NPM w-zip prior to 1.0.12. ...) - TODO: check + NOT-FOR-US: Node w-zip CVE-2022-0400 [Out of bounds read in the smc protocol stack] RESERVED - linux <unfixed> @@ -2831,9 +2831,9 @@ CVE-2022-23605 CVE-2022-23604 RESERVED CVE-2022-23603 (iTunesRPC-Remastered is a discord rich presence application for use wi ...) - TODO: check + NOT-FOR-US: iTunesRPC-Remastered CVE-2022-23602 (Nimforum is a lightweight alternative to Discourse written in Nim. In ...) - TODO: check + NOT-FOR-US: Nimforum CVE-2022-23601 (Symfony is a PHP framework for web and console applications and a set ...) - symfony <not-affected> (Vulnerable code not present; no Debian released version contained the vulnerable code) NOTE: https://symfony.com/blog/cve-2022-23601-csrf-token-missing-in-forms @@ -11522,11 +11522,11 @@ CVE-2021-44884 CVE-2021-44883 RESERVED CVE-2021-44882 (D-Link device DIR_878_FW1.30B08_Hotfix_02 was discovered to contain a ...) - TODO: check + NOT-FOR-US: D-Link CVE-2021-44881 (D-Link device DIR_882 DIR_882_FW1.30B06_Hotfix_02 was discovered to co ...) - TODO: check + NOT-FOR-US: D-Link CVE-2021-44880 (D-Link devices DIR_878 DIR_878_FW1.30B08_Hotfix_02 and DIR_882 DIR_882 ...) - TODO: check + NOT-FOR-US: D-Link CVE-2021-44879 RESERVED CVE-2021-44878 (Pac4j v5.1 and earlier allows (by default) clients to accept and succe ...) @@ -11554,7 +11554,7 @@ CVE-2021-44868 CVE-2021-44867 RESERVED CVE-2021-44866 (An issue was discovered in Online-Movie-Ticket-Booking-System 1.0. The ...) - TODO: check + NOT-FOR-US: Online-Movie-Ticket-Booking-System CVE-2021-44865 RESERVED CVE-2021-44864 @@ -13392,9 +13392,9 @@ CVE-2021-44249 (Online Motorcycle (Bike) Rental System 1.0 is vulnerable to a Bl CVE-2021-44248 RESERVED CVE-2021-44247 (Totolink devices A3100R v4.1.2cu.5050_B20200504, A830R v5.9c.4729_B201 ...) - TODO: check + NOT-FOR-US: Totolink CVE-2021-44246 (Totolink devices A3100R v4.1.2cu.5050_B20200504, A830R v5.9c.4729_B201 ...) - TODO: check + NOT-FOR-US: Totolink CVE-2021-44245 (An SQL Injection vulnerability exists in Courcecodester COVID 19 Testi ...) NOT-FOR-US: Sourcecodester COVID 19 Testing Management System (CTMS) CVE-2021-44244 (An SQL Injection vulnerabiity exists in Sourcecodester Logistic Hub Pa ...) @@ -14494,7 +14494,7 @@ CVE-2022-21712 CVE-2022-21711 (elfspirit is an ELF static analysis and injection framework that parse ...) NOT-FOR-US: elfspirit CVE-2022-21710 (ShortDescription is a MediaWiki extension that provides local short de ...) - TODO: check + NOT-FOR-US: ShortDescription MediaWiki extension CVE-2022-21709 RESERVED CVE-2022-21708 (graphql-go is a GraphQL server with a focus on ease of use. In version ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4aa100be6ac2ae9b8c0afabf69aa48976fd6ff76 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4aa100be6ac2ae9b8c0afabf69aa48976fd6ff76 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits