[Git][security-tracker-team/security-tracker][master] Process several NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Apr 15 09:30:05 BST 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
4d4fec58 by Salvatore Bonaccorso at 2022-04-15T10:29:36+02:00
Process several NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1355,7 +1355,7 @@ CVE-2022-28721
CVE-2022-28720
RESERVED
CVE-2022-28711 (A memory corruption vulnerability exists in the cgi.c unescape functio ...)
- TODO: check
+ NOT-FOR-US: ArduPilot APWeb
CVE-2022-28709
RESERVED
CVE-2022-28698
@@ -1526,9 +1526,9 @@ CVE-2022-1259
CVE-2022-1258 (A blind SQL injection vulnerability in the ePolicy Orchestrator (ePO) ...)
NOT-FOR-US: McAfee
CVE-2022-1257 (Insecure storage of sensitive information vulnerability in MA for Linu ...)
- TODO: check
+ NOT-FOR-US: McAfee
CVE-2022-1256 (A local privilege escalation vulnerability in MA for Windows prior to ...)
- TODO: check
+ NOT-FOR-US: McAfee
CVE-2022-1255
RESERVED
CVE-2022-1254
@@ -1566,11 +1566,11 @@ CVE-2022-28796 (jbd2_journal_wait_updates in fs/jbd2/transaction.c in the Linux
- linux <not-affected> (Vulnerable code not present)
NOTE: https:/git.kernel.org/linus/cc16eecae687912238ee6efbff71ad31e2bc414e (5.18-rc1)
CVE-2022-28663 (A vulnerability has been identified in Simcenter Femap (All versions & ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2022-28662 (A vulnerability has been identified in Simcenter Femap (All versions & ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2022-28661 (A vulnerability has been identified in Simcenter Femap (All versions & ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2022-1271
RESERVED
{DLA-2977-1 DLA-2976-1}
@@ -1900,13 +1900,13 @@ CVE-2022-28546
CVE-2022-28545
RESERVED
CVE-2022-28544 (Path traversal vulnerability in unzip method of InstallAgentCommonHelp ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-28543 (Path traversal vulnerability in Samsung Flow prior to version 4.8.07.4 ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-28542 (Improper sanitization of incoming intent in Galaxy Store prior to vers ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-28541 (Uncontrolled search path element vulnerability in Samsung Update prior ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-28540
RESERVED
CVE-2022-28539
@@ -2194,9 +2194,9 @@ CVE-2022-28399
CVE-2022-28398
RESERVED
CVE-2022-28397 (An arbitrary file upload vulnerability in the file upload module of Gh ...)
- TODO: check
+ NOT-FOR-US: Ghost CMS
CVE-2022-28396 (Apostrophe v3.16.1 was discovered to contain a remote code execution ( ...)
- TODO: check
+ NOT-FOR-US: Apostrophe CMS
CVE-2022-28395
RESERVED
CVE-2022-28394
@@ -2465,9 +2465,9 @@ CVE-2022-28301
CVE-2022-28300
RESERVED
CVE-2022-27188 (OS command injection vulnerability exists in CENTUM VP R4.01.00 to R4. ...)
- TODO: check
+ NOT-FOR-US: CENTUM
CVE-2022-26034 (Improper authentication vulnerability in the communication protocol pr ...)
- TODO: check
+ NOT-FOR-US: CENTUM
CVE-2022-1200
RESERVED
CVE-2021-4225
@@ -3620,7 +3620,7 @@ CVE-2022-27954
CVE-2022-27953
RESERVED
CVE-2022-27952 (An arbitrary file upload vulnerability in the file upload module of Pa ...)
- TODO: check
+ NOT-FOR-US: PayloadCMS
CVE-2022-27951
RESERVED
CVE-2022-27950 (In drivers/hid/hid-elo.c in the Linux kernel before 5.16.11, a memory ...)
@@ -3961,9 +3961,9 @@ CVE-2022-27849
CVE-2022-27848 (Authenticated (admin+ user) Stored Cross-Site Scripting (XSS) in Moder ...)
NOT-FOR-US: WordPress plugin
CVE-2022-27847 (Cross-Site Request Forgery (CSRF) vulnerability in Yooslider Yoo Slide ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-27846 (Cross-Site Request Forgery (CSRF) vulnerability in Yooslider Yoo Slide ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-27845 (Authenticated (admin or higher user role) Stored Cross-Site Scripting ...)
NOT-FOR-US: WordPress plugin
CVE-2022-27844 (Arbitrary File Read vulnerability in WPvivid Team Migration, Backup, S ...)
@@ -3996,49 +3996,49 @@ CVE-2018-25032 (zlib before 1.2.12 allows memory corruption when deflating (i.e.
CVE-2022-27843 (DLL hijacking vulnerability in Kies prior to version 2.6.4.22014_2 all ...)
TODO: check
CVE-2022-27842 (DLL hijacking vulnerability in Smart Switch PC prior to version 4.2.22 ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-27841 (Improper exception handling in Samsung Pass prior to version 3.7.07.5 ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-27840 (Improper access control vulnerability in SamsungRecovery prior to vers ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-27839 (Improper authentication vulnerability in SecretMode in Samsung Interne ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-27838 (Improper access control vulnerability in FactoryCamera prior to versio ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-27837 (A vulnerability using PendingIntent in Accessibility prior to version ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-27836 (Improper access control and path traversal vulnerability in StroageMan ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-27835 (Improper boundary check in UWB firmware prior to SMR Apr-2022 Release ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-27834 (Use after free vulnerability in dsp_context_unload_graph function of D ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-27833 (Improper input validation in DSP driver prior to SMR Apr-2022 Release ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-27832 (Improper boundary check in media.extractor library prior to SMR Apr-20 ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-27831 (Improper boundary check in sflvd_rdbuf_bits of libsflvextractor prior ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-27830 (Improper validation vulnerability in SemBlurInfo prior to SMR Apr-2022 ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-27829 (Improper validation vulnerability in VerifyCredentialResponse prior to ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-27828 (Improper validation vulnerability in MediaMonitorEvent prior to SMR Ap ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-27827 (Improper validation vulnerability in MediaMonitorDimension prior to SM ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-27826 (Improper validation vulnerability in SemSuspendDialogInfo prior to SMR ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-27825 (Improper size check in sapefd_parse_meta_HEADER function of libsapeext ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-27824 (Improper size check of in sapefd_parse_meta_DESCRIPTION function of li ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-27823 (Improper size check in sapefd_parse_meta_HEADER_old function of libsap ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-27822 (Information exposure vulnerability in ril property setting prior to SM ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-27821 (Improper boundary check in Quram Agif library prior to SMR Apr-2022 Re ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-27820 (OWASP Zed Attack Proxy (ZAP) through w2022-03-21 does not verify the T ...)
- zaproxy <itp> (bug #897142)
CVE-2022-27819 (SWHKD 1.1.5 allows unsafe parsing via the -c option. An information le ...)
@@ -4046,13 +4046,13 @@ CVE-2022-27819 (SWHKD 1.1.5 allows unsafe parsing via the -c option. An informat
CVE-2022-27818 (SWHKD 1.1.5 unsafely uses the /tmp/swhkd.sock pathname. There can be a ...)
NOT-FOR-US: SWHKD
CVE-2022-27817 (SWHKD 1.1.5 consumes the keyboard events of unintended users. This cou ...)
- TODO: check
+ NOT-FOR-US: SWHKD
CVE-2022-27816 (SWHKD 1.1.5 unsafely uses the /tmp/swhks.pid pathname. There can be da ...)
NOT-FOR-US: SWHKD
CVE-2022-27815 (SWHKD 1.1.5 unsafely uses the /tmp/swhkd.pid pathname. There can be an ...)
NOT-FOR-US: SWHKD
CVE-2022-27814 (SWHKD 1.1.5 allows arbitrary file-existence tests via the -c option. ...)
- TODO: check
+ NOT-FOR-US: SWHKD
CVE-2022-27813
RESERVED
CVE-2022-27812
@@ -4343,7 +4343,7 @@ CVE-2022-27673
CVE-2022-27672
RESERVED
CVE-2022-27671 (A CSRF token visible in the URL may possibly lead to information discl ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2022-27670 (SAP SQL Anywhere - version 17.0, allows an authenticated attacker to p ...)
NOT-FOR-US: SAP
CVE-2022-27669 (An unauthenticated user can use functions of XML Data Archiving Servic ...)
@@ -4595,25 +4595,25 @@ CVE-2022-27578 (An attacker can perform a privilege escalation through the SICK
CVE-2022-27577 (The vulnerability in the MSC800 in all versions before 4.15 allows for ...)
TODO: check
CVE-2022-27576 (Information exposure vulnerability in Samsung DeX Home prior to SMR Ap ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-27575 (Information exposure vulnerability in One UI Home prior to SMR April-2 ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-27574 (Improper input validation vulnerability in parser_iloc and sheifd_find ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-27573 (Improper input validation vulnerability in parser_infe and sheifd_find ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-27572 (Heap-based buffer overflow vulnerability in parser_ipma function of li ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-27571 (Heap-based buffer overflow vulnerability in sheifd_get_info_image func ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-27570 (Heap-based buffer overflow vulnerability in parser_single_iref functio ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-27569 (Heap-based buffer overflow vulnerability in parser_infe function in li ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-27568 (Heap-based buffer overflow vulnerability in parser_iloc function in li ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-27567 (Null pointer dereference vulnerability in parser_hvcC function of libs ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-27566
RESERVED
CVE-2022-27565
@@ -4695,7 +4695,7 @@ CVE-2022-27530
CVE-2022-27529
RESERVED
CVE-2022-27528 (A maliciously crafted DWFX and SKP files in Autodesk Navisworks 2022 c ...)
- TODO: check
+ NOT-FOR-US: Autodesk
CVE-2022-27527
RESERVED
CVE-2022-27526
@@ -4703,9 +4703,9 @@ CVE-2022-27526
CVE-2022-27525
RESERVED
CVE-2022-27524 (An out-of-bounds read can be exploited in Autodesk TrueView 2022 may l ...)
- TODO: check
+ NOT-FOR-US: Autodesk
CVE-2022-27523 (A buffer over-read can be exploited in Autodesk TrueView 2022 may lead ...)
- TODO: check
+ NOT-FOR-US: Autodesk
CVE-2022-27522
RESERVED
CVE-2022-27521
@@ -4739,13 +4739,13 @@ CVE-2022-27508
CVE-2022-27507
RESERVED
CVE-2022-27506 (Hard-coded credentials allow administrators to access the shell via th ...)
- TODO: check
+ NOT-FOR-US: Citrix
CVE-2022-27505 (Reflected cross site scripting (XSS) ...)
- TODO: check
+ NOT-FOR-US: Citrix
CVE-2022-27504
RESERVED
CVE-2022-27503 (Cross-site Scripting (XSS) vulnerability in Citrix StoreFront affects ...)
- TODO: check
+ NOT-FOR-US: Citrix
CVE-2022-27502
RESERVED
CVE-2022-27501
@@ -4805,9 +4805,9 @@ CVE-2022-27482
CVE-2022-27481 (A vulnerability has been identified in SCALANCE W1788-1 M12 (All versi ...)
NOT-FOR-US: Siemens SCALANCE
CVE-2022-27480 (A vulnerability has been identified in SICAM A8000 CP-8031 (All versio ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2022-27479 (Apache Superset before 1.4.2 is vulnerable to SQL injection in chart d ...)
- TODO: check
+ NOT-FOR-US: Apache Superset
CVE-2022-27478
RESERVED
CVE-2022-27477 (Newbee-Mall v1.0.0 was discovered to contain an arbitrary file upload ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4d4fec58a12960e51ee5a89bbf11a96401bc4bc3
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4d4fec58a12960e51ee5a89bbf11a96401bc4bc3
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220415/8b323f3e/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list