Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits: e4827cd7 by Moritz Muehlenhoff at 2023-02-28T15:01:49+01:00 NFUs - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -4391,7 +4391,7 @@ CVE-2023-25659 CVE-2023-25658 RESERVED CVE-2023-25657 (Nautobot is a Network Source of Truth and Network Automation Platform. ...) - TODO: check + NOT-FOR-US: Nautobot CVE-2023-25656 (notation-go is a collection of libraries for supporting Notation sign, ...) NOT-FOR-US: notation-go CVE-2023-25655 @@ -5739,7 +5739,7 @@ CVE-2023-25159 (Nextcloud Server is the file server software for Nextcloud, a se CVE-2023-25158 (GeoTools is an open source Java library that provides tools for geospa ...) NOT-FOR-US: GeoTools CVE-2023-25157 (GeoServer is an open source software server written in Java that allow ...) - TODO: check + NOT-FOR-US: Geoserver CVE-2023-25156 (Kiwi TCMS, an open source test management system, does not impose rate ...) NOT-FOR-US: Kiwi TCMS CVE-2023-25155 @@ -8361,7 +8361,7 @@ CVE-2023-24191 (Online Food Ordering System v2 was discovered to contain a cross CVE-2023-24190 RESERVED CVE-2023-24189 (An XML External Entity (XXE) vulnerability in urule v2.1.7 allows atta ...) - TODO: check + NOT-FOR-US: urule CVE-2023-24188 (ureport v2.2.9 was discovered to contain a directory traversal vulnera ...) NOT-FOR-US: ureport CVE-2023-24187 (An XML External Entity (XXE) vulnerability in ureport v2.2.9 allows at ...) @@ -11208,7 +11208,7 @@ CVE-2023-23207 CVE-2023-23206 RESERVED CVE-2023-23205 (An issue was discovered in lib60870 v2.3.2. There is a memory leak in ...) - TODO: check + NOT-FOR-US: lib60870 CVE-2023-23204 RESERVED CVE-2023-23203 @@ -20668,7 +20668,7 @@ CVE-2022-46442 (dedecms <=V5.7.102 is vulnerable to SQL Injection. In sys_ sq CVE-2022-46441 RESERVED CVE-2022-46440 (ttftool v0.9.2 was discovered to contain a segmentation violation via ...) - TODO: check + - swftools <removed> CVE-2022-46439 RESERVED CVE-2022-46438 (A cross-site scripting (XSS) vulnerability in the /admin/article_categ ...) @@ -49593,7 +49593,7 @@ CVE-2020-36565 (Due to improper sanitization of user input on Windows, the stati CVE-2020-36564 (Due to improper validation of caller input, validation is silently dis ...) NOT-FOR-US: nosurf CVE-2020-36563 (XML Digital Signatures generated and validated using this package use ...) - TODO: check + NOT-FOR-US: go-saml CVE-2019-25075 (HTML injection combined with path traversal in the Email service in Gr ...) NOT-FOR-US: Gravitee API Management CVE-2019-25074 @@ -49635,11 +49635,11 @@ CVE-2022-2573 CVE-2020-36562 (Due to unchecked type assertions, maliciously crafted messages can cau ...) NOT-FOR-US: shiyanhui/dht CVE-2020-36561 (Due to improper path santization, archives containing relative file pa ...) - TODO: check + NOT-FOR-US: github.com/yi-ge/unzip CVE-2020-36560 (Due to improper path santization, archives containing relative file pa ...) - TODO: check + NOT-FOR-US: github.com/artdarek/unzip CVE-2020-36559 (Due to improper santization of user input, HTTPEngine.Handle allows fo ...) - TODO: check + NOT-FOR-US: aah framework CVE-2019-25072 (Due to support of Gzip compression in request bodies, as well as a lac ...) - tendermint-go-common <removed> CVE-2018-25046 (Due to improper path santization, archives containing relative file pa ...) @@ -51651,7 +51651,7 @@ CVE-2022-36233 (Tenda AC9 V15.03.2.13 is vulnerable to Buffer Overflow via httpd CVE-2022-36232 RESERVED CVE-2022-36231 (pdf_info 0.5.3 is vulnerable to Command Execution because the Ruby cod ...) - TODO: check + NOT-FOR-US: pdf_info gem CVE-2022-36230 RESERVED CVE-2022-36229 @@ -55229,11 +55229,11 @@ CVE-2022-2288 (Out-of-bounds Write in GitHub repository vim/vim prior to 9.0. .. NOTE: https://huntr.dev/bounties/a71bdcb7-4e9b-4650-ab6a-fe8e3e9852ad/ NOTE: https://github.com/vim/vim/commit/c6fdb15d423df22e1776844811d082322475e48a (v9.0.0025) CVE-2022-34910 (An issue was discovered in the A4N (Aremis 4 Nomad) application 1.5.0 ...) - TODO: check + NOT-FOR-US: A4N (Aremis 4 Nomad) CVE-2022-34909 (An issue was discovered in the A4N (Aremis 4 Nomad) application 1.5.0 ...) - TODO: check + NOT-FOR-US: A4N (Aremis 4 Nomad) CVE-2022-34908 (An issue was discovered in the A4N (Aremis 4 Nomad) application 1.5.0 ...) - TODO: check + NOT-FOR-US: A4N (Aremis 4 Nomad) CVE-2022-34907 (An authentication bypass vulnerability exists in FileWave before 14.6. ...) NOT-FOR-US: FileWave CVE-2022-34906 (A hard-coded cryptographic key is used in FileWave before 14.6.3 and 1 ...) @@ -57203,7 +57203,7 @@ CVE-2022-2178 CVE-2022-2177 (Kayrasoft product before version 2 has an unauthenticated SQL Injectio ...) NOT-FOR-US: Kayrasoft CVE-2022-2176 (This CVE ID has been rejected or withdrawn by its CVE Numbering Author ...) - TODO: check + NOT-FOR-US: rejected CVE CVE-2022-2175 (Buffer Over-read in GitHub repository vim/vim prior to 8.2. ...) - vim 2:9.0.0135-1 (unimportant) NOTE: https://huntr.dev/bounties/7f0481c2-8b57-4324-b47c-795d1ea67e55 @@ -60547,7 +60547,7 @@ CVE-2022-32951 CVE-2022-32950 RESERVED CVE-2022-32949 (This issue was addressed with improved checks. This issue is fixed in ...) - TODO: check + NOT-FOR-US: Apple CVE-2022-32948 (An out-of-bounds read was addressed with improved bounds checking. Thi ...) NOT-FOR-US: Apple CVE-2022-32947 (The issue was addressed with improved memory handling. This issue is f ...) @@ -60638,7 +60638,7 @@ CVE-2022-32908 (A memory corruption issue was addressed with improved input vali CVE-2022-32907 (This issue was addressed with improved checks. This issue is fixed in ...) NOT-FOR-US: Apple CVE-2022-32906 (This issue was addressed with using HTTPS when sending information ove ...) - TODO: check + NOT-FOR-US: Apple CVE-2022-32905 (This issue was addressed with improved validation of symlinks. This is ...) NOT-FOR-US: Apple CVE-2022-32904 (An access issue was addressed with additional sandbox restrictions. Th ...) @@ -60646,11 +60646,11 @@ CVE-2022-32904 (An access issue was addressed with additional sandbox restrictio CVE-2022-32903 (A use after free issue was addressed with improved memory management. ...) NOT-FOR-US: Apple CVE-2022-32902 (A logic issue was addressed with improved state management. This issue ...) - TODO: check + NOT-FOR-US: Apple CVE-2022-32901 RESERVED CVE-2022-32900 (A logic issue was addressed with improved state management. This issue ...) - TODO: check + NOT-FOR-US: Apple CVE-2022-32899 (The issue was addressed with improved memory handling. This issue is f ...) NOT-FOR-US: Apple CVE-2022-32898 (The issue was addressed with improved memory handling. This issue is f ...) @@ -60658,7 +60658,7 @@ CVE-2022-32898 (The issue was addressed with improved memory handling. This issu CVE-2022-32897 RESERVED CVE-2022-32896 (This issue was addressed by enabling hardened runtime. This issue is f ...) - TODO: check + NOT-FOR-US: Apple CVE-2022-32895 (A race condition was addressed with improved state handling. This issu ...) NOT-FOR-US: Apple CVE-2022-32894 (An out-of-bounds write issue was addressed with improved bounds checki ...) @@ -60752,7 +60752,7 @@ CVE-2022-32857 (This issue was addressed by using HTTPS when sending information CVE-2022-32856 RESERVED CVE-2022-32855 (A logic issue was addressed with improved state management. This issue ...) - TODO: check + NOT-FOR-US: Apple CVE-2022-32854 (This issue was addressed with improved checks. This issue is fixed in ...) NOT-FOR-US: Apple CVE-2022-32853 (An out-of-bounds read issue was addressed with improved input validati ...) @@ -60770,11 +60770,11 @@ CVE-2022-32848 (A logic issue was addressed with improved checks. This issue is CVE-2022-32847 (This issue was addressed with improved checks. This issue is fixed in ...) NOT-FOR-US: Apple CVE-2022-32846 (A logic issue was addressed with improved state management. This issue ...) - TODO: check + NOT-FOR-US: Apple CVE-2022-32845 (This issue was addressed with improved checks. This issue is fixed in ...) NOT-FOR-US: Apple CVE-2022-32844 (A race condition was addressed with improved state handling. This issu ...) - TODO: check + NOT-FOR-US: Apple CVE-2022-32843 (An out-of-bounds write issue was addressed with improved bounds checki ...) NOT-FOR-US: Apple CVE-2022-32842 (An out-of-bounds read issue was addressed with improved input validati ...) @@ -60790,7 +60790,7 @@ CVE-2022-32838 (A logic issue was addressed with improved state management. This CVE-2022-32837 (This issue was addressed with improved checks. This issue is fixed in ...) NOT-FOR-US: Apple CVE-2022-32836 (This issue was addressed with improved state management. This issue is ...) - TODO: check + NOT-FOR-US: Apple CVE-2022-32835 (This issue was addressed with improved entitlements. This issue is fix ...) NOT-FOR-US: Apple CVE-2022-32834 (An access issue was addressed with improvements to the sandbox. This i ...) @@ -60802,7 +60802,7 @@ CVE-2022-32832 (The issue was addressed with improved memory handling. This issu CVE-2022-32831 (An out-of-bounds read was addressed with improved bounds checking. Thi ...) NOT-FOR-US: Apple CVE-2022-32830 (An out-of-bounds read issue was addressed with improved bounds checkin ...) - TODO: check + NOT-FOR-US: Apple CVE-2022-32829 (This issue was addressed with improved checks. This issue is fixed in ...) NOT-FOR-US: Apple CVE-2022-32828 (The issue was addressed with improved memory handling. This issue is f ...) @@ -60814,7 +60814,7 @@ CVE-2022-32826 (An authorization issue was addressed with improved state managem CVE-2022-32825 (The issue was addressed with improved memory handling. This issue is f ...) NOT-FOR-US: Apple CVE-2022-32824 (The issue was addressed with improved memory handling. This issue is f ...) - TODO: check + NOT-FOR-US: Apple CVE-2022-32823 (A memory initialization issue was addressed with improved memory handl ...) NOT-FOR-US: Apple CVE-2022-32822 @@ -60901,7 +60901,7 @@ CVE-2022-32786 (An issue in the handling of environment variables was addressed CVE-2022-32785 (A null pointer dereference was addressed with improved validation. Thi ...) NOT-FOR-US: Apple CVE-2022-32784 (The issue was addressed with improved UI handling. This issue is fixed ...) - TODO: check + NOT-FOR-US: Apple CVE-2022-32783 (A logic issue was addressed with improved checks. This issue is fixed ...) NOT-FOR-US: Apple CVE-2022-32782 (This issue was addressed by enabling hardened runtime. This issue is f ...) @@ -61513,7 +61513,7 @@ CVE-2022-32538 CVE-2022-32537 (A vulnerability exists which could allow an unauthorized user to learn ...) NOT-FOR-US: Medtronic CVE-2022-2024 (OS Command Injection in GitHub repository gogs/gogs prior to 0.12.11. ...) - TODO: check + NOT-FOR-US: Go Git Service CVE-2022-2023 (Incorrect Use of Privileged APIs in GitHub repository polonel/trudesk ...) NOT-FOR-US: Trudesk CVE-2017-20050 @@ -65010,7 +65010,7 @@ CVE-2022-31407 CVE-2022-31406 RESERVED CVE-2022-31405 (MV iDigital Clinic Enterprise (iDCE) 1.0 stores passwords in cleartext ...) - TODO: check + NOT-FOR-US: MV iDigital Clinic Enterprise CVE-2022-31404 RESERVED CVE-2022-31403 (ITOP v3.0.1 was discovered to contain a cross-site scripting (XSS) vul ...) @@ -68316,7 +68316,7 @@ CVE-2022-1609 CVE-2022-1608 (The OnePress Social Locker WordPress plugin through 5.6.2 does not hav ...) NOT-FOR-US: WordPress plugin CVE-2022-1607 (Cross-Site Request Forgery (CSRF) vulnerability in ABB Pulsar Plus Sys ...) - TODO: check + NOT-FOR-US: ABB CVE-2022-1606 (Incorrect privilege assignment in M-Files Server versions before 22.3. ...) NOT-FOR-US: M-Files Server CVE-2022-1605 (The Email Users WordPress plugin through 4.8.8 does not have CSRF chec ...) @@ -71312,7 +71312,7 @@ CVE-2022-29275 (In UsbCoreDxe, untrusted input may allow SMRAM or OS memory tamp CVE-2022-29274 RESERVED CVE-2022-29273 (pfSense CE through 2.6.0 and pfSense Plus before 22.05 allow XSS in th ...) - TODO: check + NOT-FOR-US: pfSense CVE-2022-29272 (In Nagios XI through 5.8.5, an open redirect vulnerability exists in t ...) NOT-FOR-US: Nagios XI CVE-2022-29271 (In Nagios XI through 5.8.5, a read-only Nagios user (due to an incorre ...) @@ -78830,7 +78830,7 @@ CVE-2022-26762 (A memory corruption issue was addressed with improved memory han CVE-2022-26761 (A memory corruption issue was addressed with improved memory handling. ...) NOT-FOR-US: Apple CVE-2022-26760 (A memory corruption issue was addressed with improved state management ...) - TODO: check + NOT-FOR-US: Apple CVE-2022-26759 RESERVED CVE-2022-26758 @@ -81109,7 +81109,7 @@ CVE-2022-25857 (The package org.yaml:snakeyaml from 0 and before 1.31 are vulner CVE-2022-25856 (The package github.com/argoproj/argo-events/sensors/artifacts before 1 ...) NOT-FOR-US: github.com/argoproj/argo-events/sensors/artifacts CVE-2022-25855 (All versions of the package create-choo-app3 are vulnerable to Command ...) - TODO: check + NOT-FOR-US: create-choo-app3 CVE-2022-25854 (This affects the package @yaireo/tagify before 4.9.8. The package is u ...) NOT-FOR-US: Tagify CVE-2022-25853 (All versions of the package semver-tags are vulnerable to Command Inje ...) @@ -81224,7 +81224,7 @@ CVE-2022-25231 (The package node-opcua before 2.74.0 are vulnerable to Denial of CVE-2022-25171 (The package p4 before 0.0.7 are vulnerable to Command Injection via th ...) TODO: check CVE-2022-24913 (Versions of the package com.fasterxml.util:java-merge-sort before 1.1. ...) - TODO: check + NOT-FOR-US: com.fasterxml.util:java-merge-sort CVE-2022-24912 (The package github.com/runatlantis/atlantis/server/controllers/events ...) NOT-FOR-US: github.com/runatlantis/atlantis CVE-2022-24909 @@ -81376,7 +81376,7 @@ CVE-2022-21149 (The package s-cart/s-cart before 6.9; the package s-cart/core be CVE-2022-21144 (This affects all versions of package libxmljs. When invoking the libxm ...) NOT-FOR-US: Node libxmljs CVE-2022-21129 (Versions of the package nemo-appium before 0.0.9 are vulnerable to Com ...) - TODO: check + NOT-FOR-US: nemo-appium CVE-2022-21126 (The package com.github.samtools:htsjdk before 3.0.1 are vulnerable to ...) NOT-FOR-US: com.github.samtools:htsjdk CVE-2022-21122 (The package metacalc before 0.0.2 are vulnerable to Arbitrary Code Exe ...) @@ -89072,7 +89072,7 @@ CVE-2022-23538 (github.com/sylabs/scs-library-client is the Go client for the Si CVE-2022-23536 (Cortex provides multi-tenant, long term storage for Prometheus. A loca ...) NOT-FOR-US: Cortex (multi-tenant, long term storage for Prometheus) CVE-2022-23535 (LiteDB is a small, fast and lightweight .NET NoSQL embedded database. ...) - TODO: check + NOT-FOR-US: LiteDB CVE-2022-23534 RESERVED CVE-2022-23533 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e4827cd70320b991da2ba47813c7911444b020d5 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e4827cd70320b991da2ba47813c7911444b020d5 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits