Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
51fcfe2e by Moritz Muehlenhoff at 2022-10-15T19:33:48+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -30614,7 +30614,7 @@ CVE-2022-31254
CVE-2022-31253
RESERVED
CVE-2022-31252 (A Incorrect Authorization vulnerability in chkstat of SUSE
Linux Enter ...)
- TODO: check
+ NOT-FOR-US: OpenSUSE
CVE-2022-31251 (A Incorrect Default Permissions vulnerability in the packaging
of the ...)
- slurm-wlm <not-affected> (SUSE specific packaging issue)
CVE-2022-31250 (A UNIX Symbolic Link (Symlink) Following vulnerability in
keylime of o ...)
@@ -36715,7 +36715,7 @@ CVE-2022-29241 (Jupyter Server provides the backend
(i.e. the core services, API
[bullseye] - jupyter-server <no-dsa> (Minor issue)
NOTE:
https://github.com/jupyter-server/jupyter_server/security/advisories/GHSA-q874-g24w-4q9g
CVE-2022-29240 (Scylla is a real-time big data database that is API-compatible
with Ap ...)
- TODO: check
+ NOT-FOR-US: Scylla
CVE-2022-29239
RESERVED
CVE-2022-29238 (Jupyter Notebook is a web-based notebook environment for
interactive c ...)
@@ -46233,7 +46233,7 @@ CVE-2022-25875 (The package svelte before 3.49.0 are
vulnerable to Cross-site Sc
CVE-2022-25874
RESERVED
CVE-2022-25873 (The package vuetify from 2.0.0-beta.4 and before 2.6.10 are
vulnerable ...)
- TODO: check
+ NOT-FOR-US: Node vuetify
CVE-2022-25872 (All versions of package fast-string-search are vulnerable to
Out-of-bo ...)
NOT-FOR-US: Node fast-string-search
CVE-2022-25871 (All versions of package querymen are vulnerable to Prototype
Pollution ...)
@@ -46315,7 +46315,7 @@ CVE-2022-25767 (All versions of package
com.bstek.ureport:ureport2-console are v
CVE-2022-25766 (The package ungit before 1.5.20 are vulnerable to Remote Code
Executio ...)
NOT-FOR-US: NodeJS ungit
CVE-2022-25765 (The package pdfkit from 0.0.0 are vulnerable to Command
Injection wher ...)
- TODO: check
+ NOT-FOR-US: Node pdfkit
CVE-2022-25764
RESERVED
CVE-2022-25761 (The package open62541/open62541 before 1.2.5, from 1.3-rc1 and
before ...)
@@ -132256,7 +132256,7 @@ CVE-2021-20032 (SonicWall Analytics 2.5 On-Prem is
vulnerable to Java Debug Wire
CVE-2021-20031 (A Host Header Redirection vulnerability in SonicOS potentially
allows ...)
NOT-FOR-US: SonicWall
CVE-2021-20030 (SonicWall GMS is vulnerable to file path manipulation
resulting that a ...)
- TODO: check
+ NOT-FOR-US: SonicWall
CVE-2021-20029
RESERVED
CVE-2021-20028 (** UNSUPPORTED WHEN ASSIGNED ** Improper neutralization of a
SQL Comma ...)
@@ -273062,9 +273062,9 @@ CVE-2018-18449 (EmpireCMS 7.5 allows CSRF for adding
a user account via an enews
CVE-2018-18448
RESERVED
CVE-2018-18447 (dotPDN Paint.NET before 4.1.2 allows Deserialization of
Untrusted Data ...)
- TODO: check
+ NOT-FOR-US: dotPDN
CVE-2018-18446 (dotPDN Paint.NET before 4.1.2 allows Deserialization of
Untrusted Data ...)
- TODO: check
+ NOT-FOR-US: dotPDN
CVE-2018-18444 (makeMultiView.cpp in exrmultiview in OpenEXR 2.3.0 has an
out-of-bound ...)
{DSA-4755-1 DLA-2358-1}
- openexr 2.5.3-2 (unimportant)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/51fcfe2e0792c762321e3fcab6fedb6b262d2303
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/51fcfe2e0792c762321e3fcab6fedb6b262d2303
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
