diff options
| author | Moritz Muehlenhoff <jmm@debian.org> | 2022-02-17 16:37:34 +0100 |
|---|---|---|
| committer | Moritz Muehlenhoff <jmm@debian.org> | 2022-02-17 16:37:34 +0100 |
| commit | 24b917cbbb7f0472dc8ec3890c5d9e40091a80f5 (patch) | |
| tree | dbbdbed7f283a07a37951e6116d266f2abcc31f4 | |
| parent | 30009f89558db286256f7f92dad5768640061e58 (diff) | |
unzip issues clarified
mruby n/a
NFUs
| -rw-r--r-- | data/CVE/list.2022 | 27 |
1 files changed, 15 insertions, 12 deletions
diff --git a/data/CVE/list.2022 b/data/CVE/list.2022 index 79ba7af55a..2855ae48d1 100644 --- a/data/CVE/list.2022 +++ b/data/CVE/list.2022 @@ -260,7 +260,9 @@ CVE-2022-22985 CVE-2022-21146 RESERVED CVE-2022-0623 (Out-of-bounds Read in Homebrew mruby prior to 3.2. ...) - TODO: check + - mruby <not-affected> (Vulnerable code introduced later) + NOTE: https://github.com/mruby/mruby/commit/ff3a5ebed6ffbe3e70481531cfb969b497aa73ad + NOTE: https://huntr.dev/bounties/5b908ac7-d8f1-4fcd-9355-85df565f7580 CVE-2022-0622 (Generation of Error Message Containing Sensitive Information in Packag ...) NOT-FOR-US: snipe-it CVE-2022-0621 @@ -296,9 +298,11 @@ CVE-2022-0616 CVE-2022-0615 RESERVED CVE-2022-0614 (Use of Out-of-range Pointer Offset in Homebrew mruby prior to 3.2. ...) - TODO: check + - mruby <not-affected> (Vulnerable code introduced later) + NOTE: https://huntr.dev/bounties/a980ce4d-c359-4425-92c4-e844c0055879 + NOTE: https://github.com/mruby/mruby/commit/ff3a5ebed6ffbe3e70481531cfb969b497aa73ad CVE-2022-0613 (Authorization Bypass Through User-Controlled Key in NPM urijs prior to ...) - TODO: check + NOT-FOR-US: Node urijs CVE-2022-25212 (A cross-site request forgery (CSRF) vulnerability in Jenkins SWAMP Plu ...) NOT-FOR-US: Jenkins plugin CVE-2022-25211 (A missing permission check in Jenkins SWAMP Plugin 1.2.6 and earlier a ...) @@ -822,15 +826,15 @@ CVE-2022-24987 CVE-2022-24986 RESERVED CVE-2022-24985 (Forms generated by JQueryForm.com before 2022-02-05 allows a remote au ...) - TODO: check + NOT-FOR-US: JQueryForm.com CVE-2022-24984 (Forms generated by JQueryForm.com before 2022-02-05 (if file-upload ca ...) - TODO: check + NOT-FOR-US: JQueryForm.com CVE-2022-24983 (Forms generated by JQueryForm.com before 2022-02-05 allow remote attac ...) - TODO: check + NOT-FOR-US: JQueryForm.com CVE-2022-24982 (Forms generated by JQueryForm.com before 2022-02-05 allows a remote au ...) - TODO: check + NOT-FOR-US: JQueryForm.com CVE-2022-24981 (A reflected cross-site scripting (XSS) vulnerability in forms generate ...) - TODO: check + NOT-FOR-US: JQueryForm.com CVE-2022-0586 (Infinite loop in RTMPT protocol dissector in Wireshark 3.6.0 to 3.6.1 ...) - wireshark <unfixed> [bullseye] - wireshark <no-dsa> (Minor issue) @@ -1649,13 +1653,12 @@ CVE-2022-0532 (An incorrect sysctls validation vulnerability was found in CRI-O CVE-2022-0531 RESERVED CVE-2022-0530 (A flaw was found in unzip 6.0. The vulnerability occurs during the con ...) - - unzip <undetermined> + - unzip <unfixed> NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2051395 - TODO: clarify details + NOTE: Crash in CLI tool, no security impact CVE-2022-0529 (A flaw was found in unzip 6.0. The vulnerability occurs during the con ...) - - unzip <undetermined> + - unzip <unfixed> NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2051402 - TODO: clarify details CVE-2022-24668 (A program using swift-nio-http2 is vulnerable to a denial of service a ...) NOT-FOR-US: swift-nio-http2 CVE-2022-24667 (A program using swift-nio-http2 is vulnerable to a denial of service a ...) |