Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits: 51fcfe2e by Moritz Muehlenhoff at 2022-10-15T19:33:48+02:00 NFUs - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -30614,7 +30614,7 @@ CVE-2022-31254 CVE-2022-31253 RESERVED CVE-2022-31252 (A Incorrect Authorization vulnerability in chkstat of SUSE Linux Enter ...) - TODO: check + NOT-FOR-US: OpenSUSE CVE-2022-31251 (A Incorrect Default Permissions vulnerability in the packaging of the ...) - slurm-wlm <not-affected> (SUSE specific packaging issue) CVE-2022-31250 (A UNIX Symbolic Link (Symlink) Following vulnerability in keylime of o ...) @@ -36715,7 +36715,7 @@ CVE-2022-29241 (Jupyter Server provides the backend (i.e. the core services, API [bullseye] - jupyter-server <no-dsa> (Minor issue) NOTE: https://github.com/jupyter-server/jupyter_server/security/advisories/GHSA-q874-g24w-4q9g CVE-2022-29240 (Scylla is a real-time big data database that is API-compatible with Ap ...) - TODO: check + NOT-FOR-US: Scylla CVE-2022-29239 RESERVED CVE-2022-29238 (Jupyter Notebook is a web-based notebook environment for interactive c ...) @@ -46233,7 +46233,7 @@ CVE-2022-25875 (The package svelte before 3.49.0 are vulnerable to Cross-site Sc CVE-2022-25874 RESERVED CVE-2022-25873 (The package vuetify from 2.0.0-beta.4 and before 2.6.10 are vulnerable ...) - TODO: check + NOT-FOR-US: Node vuetify CVE-2022-25872 (All versions of package fast-string-search are vulnerable to Out-of-bo ...) NOT-FOR-US: Node fast-string-search CVE-2022-25871 (All versions of package querymen are vulnerable to Prototype Pollution ...) @@ -46315,7 +46315,7 @@ CVE-2022-25767 (All versions of package com.bstek.ureport:ureport2-console are v CVE-2022-25766 (The package ungit before 1.5.20 are vulnerable to Remote Code Executio ...) NOT-FOR-US: NodeJS ungit CVE-2022-25765 (The package pdfkit from 0.0.0 are vulnerable to Command Injection wher ...) - TODO: check + NOT-FOR-US: Node pdfkit CVE-2022-25764 RESERVED CVE-2022-25761 (The package open62541/open62541 before 1.2.5, from 1.3-rc1 and before ...) @@ -132256,7 +132256,7 @@ CVE-2021-20032 (SonicWall Analytics 2.5 On-Prem is vulnerable to Java Debug Wire CVE-2021-20031 (A Host Header Redirection vulnerability in SonicOS potentially allows ...) NOT-FOR-US: SonicWall CVE-2021-20030 (SonicWall GMS is vulnerable to file path manipulation resulting that a ...) - TODO: check + NOT-FOR-US: SonicWall CVE-2021-20029 RESERVED CVE-2021-20028 (** UNSUPPORTED WHEN ASSIGNED ** Improper neutralization of a SQL Comma ...) @@ -273062,9 +273062,9 @@ CVE-2018-18449 (EmpireCMS 7.5 allows CSRF for adding a user account via an enews CVE-2018-18448 RESERVED CVE-2018-18447 (dotPDN Paint.NET before 4.1.2 allows Deserialization of Untrusted Data ...) - TODO: check + NOT-FOR-US: dotPDN CVE-2018-18446 (dotPDN Paint.NET before 4.1.2 allows Deserialization of Untrusted Data ...) - TODO: check + NOT-FOR-US: dotPDN CVE-2018-18444 (makeMultiView.cpp in exrmultiview in OpenEXR 2.3.0 has an out-of-bound ...) {DSA-4755-1 DLA-2358-1} - openexr 2.5.3-2 (unimportant) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/51fcfe2e0792c762321e3fcab6fedb6b262d2303 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/51fcfe2e0792c762321e3fcab6fedb6b262d2303 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits