[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Fri Aug 5 22:32:40 BST 2022
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
0ddbe86b by Moritz Mühlenhoff at 2022-08-05T23:28:29+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -15,13 +15,13 @@ CVE-2022-37432
CVE-2022-2675
RESERVED
CVE-2022-2674 (A vulnerability was found in SourceCodester Best Fee Management System ...)
- TODO: check
+ NOT-FOR-US: SourceCodester
CVE-2022-2673 (A vulnerability was found in Rigatur Online Booking and Hotel Manageme ...)
- TODO: check
+ NOT-FOR-US: Rigatur Online Booking and Hotel Management System
CVE-2022-2672 (A vulnerability was found in SourceCodester Garage Management System. ...)
- TODO: check
+ NOT-FOR-US: SourceCodester
CVE-2022-2671 (A vulnerability was found in SourceCodester Garage Management System a ...)
- TODO: check
+ NOT-FOR-US: SourceCodester
CVE-2022-2670
RESERVED
CVE-2022-2669
@@ -81,13 +81,13 @@ CVE-2022-37398
CVE-2022-36350
RESERVED
CVE-2022-2667 (A vulnerability was found in SourceCodester Loan Management System and ...)
- TODO: check
+ NOT-FOR-US: SourceCodester
CVE-2022-2666
RESERVED
CVE-2022-2665 (A vulnerability classified as critical was found in SourceCodester Sim ...)
- TODO: check
+ NOT-FOR-US: SourceCodester
CVE-2022-2664 (A vulnerability classified as critical has been found in Private Cloud ...)
- TODO: check
+ NOT-FOR-US: Private Cloud Management Platform
CVE-2020-36591
RESERVED
CVE-2020-36590
@@ -335,7 +335,7 @@ CVE-2022-2628
CVE-2022-2627
RESERVED
CVE-2022-2626 (Incorrect Privilege Assignment in GitHub repository hestiacp/hestiacp ...)
- TODO: check
+ NOT-FOR-US: Hestia Control Panel
CVE-2022-37348
RESERVED
CVE-2022-37347
@@ -1631,29 +1631,29 @@ CVE-2022-36842
CVE-2022-36841
RESERVED
CVE-2022-36840 (DLL hijacking vulnerability in Samsung Update Setup prior to version 2 ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-36839 (SQL injection vulnerability via IAPService in Samsung Checkout prior t ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-36838 (Implicit Intent hijacking vulnerability in Galaxy Wearable prior to ve ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-36837 (Intent redirection vulnerability using implicit intent in Samsung emai ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-36836 (Unprotected provider vulnerability in Charm by Samsung prior to versio ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-36835 (Implicit Intent hijacking vulnerability in Samsung Internet Browser pr ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-36834 (Exposure of Sensitive Information vulnerability in Game Launcher prior ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-36833 (Improper Privilege Management vulnerability in Game Optimizing Service ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-36832 (Improper access control vulnerability in WebApp in Cameralyzer prior t ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-36831 (Path traversal vulnerability in UriFileUtils of Samsung Notes prior to ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-36830 (PendingIntent hijacking vulnerability in cancelAlarmManager in Charm b ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-36829 (PendingIntent hijacking vulnerability in releaseAlarm in Charm by Sams ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-36828
RESERVED
CVE-2022-36827
@@ -2614,7 +2614,7 @@ CVE-2022-36343 (Authenticated (author or higher user role) Stored Cross-Site Scr
CVE-2022-36341
RESERVED
CVE-2022-36296 (Broken Authentication vulnerability in JumpDEMAND Inc. ActiveDEMAND pl ...)
- TODO: check
+ NOT-FOR-US: JumpDEMAND
CVE-2022-36292
RESERVED
CVE-2022-36288
@@ -2622,7 +2622,7 @@ CVE-2022-36288
CVE-2022-36285
RESERVED
CVE-2022-36284 (Authenticated IDOR vulnerability in StoreApps Affiliate For WooCommerc ...)
- TODO: check
+ NOT-FOR-US: WooCommerce addon
CVE-2022-36282
RESERVED
CVE-2022-35882 (Authenticated (author or higher user role) Stored Cross-Site Scripting ...)
@@ -2650,7 +2650,7 @@ CVE-2022-33969 (Authenticated WordPress Options Change vulnerability in Biplob A
CVE-2022-33943 (Authenticated (contributor or higher user role) Cross-Site Scripting ( ...)
NOT-FOR-US: WordPress plugin
CVE-2022-33201 (Cross-Site Request Forgery (CSRF) vulnerability in MailerLite – ...)
- TODO: check
+ NOT-FOR-US: MailerLite
CVE-2022-33142
RESERVED
CVE-2022-2515
@@ -3770,7 +3770,7 @@ CVE-2022-35938
CVE-2022-35937
RESERVED
CVE-2022-35936 (Ethermint is an Ethereum library. In Ethermint running versions before ...)
- TODO: check
+ NOT-FOR-US: Ethermint
CVE-2022-35935
RESERVED
CVE-2022-35934
@@ -6648,9 +6648,9 @@ CVE-2022-34771
CVE-2022-34770
RESERVED
CVE-2022-34769 (Michlol - rashim web interface Insecure direct object references (IDOR ...)
- TODO: check
+ NOT-FOR-US: Michlol
CVE-2022-34768 (Supersmart.me - Walk Through Performing unauthorized actions on other ...)
- TODO: check
+ NOT-FOR-US: Supersmart.me
CVE-2022-34767 (Web page which "wizardpwd.asp" ALLNET Router model WR0500AC is prone t ...)
NOT-FOR-US: ALLNET
CVE-2022-34766
@@ -9610,47 +9610,47 @@ CVE-2022-2086 (A vulnerability, which was classified as critical, has been found
CVE-2022-33735
RESERVED
CVE-2022-33734 (Sensitive information exposure in onCharacteristicChanged in Charm by ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-33733 (Sensitive information exposure in onCharacteristicRead in Charm by Sam ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-33732 (Improper access control vulnerability in Samsung Dex for PC prior to S ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-33731 (Improper access control vulnerability in DesktopSystemUI prior to SMR ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-33730 (Heap-based buffer overflow vulnerability in Samsung Dex for PC prior t ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-33729 (Improper restriction of broadcasting Intent in ConfirmConnectActivity ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-33728 (Exposure of sensitive information in Bluetooth prior to SMR Aug-2022 R ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-33727 (A vulnerable code in onCreate of SecDevicePickerDialog prior to SMR Au ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-33726 (Unprotected dynamic receiver in Samsung Galaxy Friends prior to SMR Au ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-33725 (A vulnerability using PendingIntent in Knox VPN prior to SMR Aug-2022 ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-33724 (Exposure of Sensitive Information in Samsung Dialer application?prior ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-33723 (A vulnerable code in onCreate of BluetoothScanDialog prior to SMR Aug- ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-33722 (Implicit Intent hijacking vulnerability in Smart View prior to SMR Aug ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-33721 (A vulnerability using PendingIntent in DeX for PC prior to SMR Aug-202 ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-33720 (Improper authentication vulnerability in AppLock prior to SMR Aug-2022 ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-33719 (Improper input validation in baseband prior to SMR Aug-2022 Release 1 ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-33718 (An improper access control vulnerability in Wi-Fi Service prior to SMR ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-33717 (A missing input validation before memory read in SEM TA prior to SMR A ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-33716 (An absence of variable initialization in ICCC TA prior to SMR Aug-2022 ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-33715 (Improper access control and path traversal vulnerability in LauncherPr ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-33714 (Improper access control vulnerability in SemWifiApBroadcastReceiver pr ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-33713 (Implicit Intent hijacking vulnerability in Samsung Cloud prior to vers ...)
NOT-FOR-US: Samsung
CVE-2022-33712 (Intent redirection vulnerability using implict intent in Camera prior ...)
@@ -12219,7 +12219,7 @@ CVE-2022-28666 (Broken Access Control vulnerability in YIKES Inc. Custom Product
CVE-2022-28612 (Improper Access Control vulnerability leading to multiple Authenticate ...)
NOT-FOR-US: WordPress plugin
CVE-2022-25649 (Multiple Improper Access Control vulnerabilities in StoreApps Affiliat ...)
- TODO: check
+ NOT-FOR-US: WooCommerce addon
CVE-2022-2035 (A reflected cross-site scripting (XSS) vulnerability exists in the pla ...)
NOT-FOR-US: SCORM Engine
CVE-2022-2034
@@ -14849,25 +14849,25 @@ CVE-2022-31667
CVE-2022-31666
RESERVED
CVE-2022-31665 (VMware Workspace ONE Access, Identity Manager and vRealize Automation ...)
- TODO: check
+ NOT-FOR-US: VMware
CVE-2022-31664 (VMware Workspace ONE Access, Identity Manager and vRealize Automation ...)
- TODO: check
+ NOT-FOR-US: VMware
CVE-2022-31663 (VMware Workspace ONE Access, Identity Manager and vRealize Automation ...)
- TODO: check
+ NOT-FOR-US: VMware
CVE-2022-31662 (VMware Workspace ONE Access, Identity Manager, Connectors and vRealize ...)
- TODO: check
+ NOT-FOR-US: VMware
CVE-2022-31661 (VMware Workspace ONE Access, Identity Manager and vRealize Automation ...)
- TODO: check
+ NOT-FOR-US: VMware
CVE-2022-31660 (VMware Workspace ONE Access, Identity Manager and vRealize Automation ...)
- TODO: check
+ NOT-FOR-US: VMware
CVE-2022-31659 (VMware Workspace ONE Access and Identity Manager contain a remote code ...)
- TODO: check
+ NOT-FOR-US: VMware
CVE-2022-31658 (VMware Workspace ONE Access, Identity Manager and vRealize Automation ...)
- TODO: check
+ NOT-FOR-US: VMware
CVE-2022-31657 (VMware Workspace ONE Access and Identity Manager contain a URL injecti ...)
- TODO: check
+ NOT-FOR-US: VMware
CVE-2022-31656 (VMware Workspace ONE Access, Identity Manager and vRealize Automation ...)
- TODO: check
+ NOT-FOR-US: VMware
CVE-2022-31655 (VMware vRealize Log Insight in versions prior to 8.8.2 contain a store ...)
NOT-FOR-US: VMware
CVE-2022-31654 (VMware vRealize Log Insight in versions prior to 8.8.2 contain a store ...)
@@ -17935,7 +17935,7 @@ CVE-2022-1705
NOTE: https://github.com/golang/go/commit/222ee24a0046ae61679f4d97967e3b4058a3b90e (go1.18.4)
NOTE: https://github.com/golang/go/commit/d13431c37ab62f9755f705731536ff74e7165b08 (go1.17.12)
CVE-2022-1704 (Due to an XML external entity reference, the software parses XML in th ...)
- TODO: check
+ NOT-FOR-US: Ignition
CVE-2022-1703 (Improper neutralization of special elements in the SonicWall SSL-VPN S ...)
NOT-FOR-US: SonicWall
CVE-2022-1702 (SonicWall SMA1000 series firmware 12.4.0, 12.4.1-02965 and earlier ver ...)
@@ -35525,17 +35525,17 @@ CVE-2022-0529 (A flaw was found in Unzip. The vulnerability occurs during the co
NOTE: https://github.com/ByteHackr/unzip_poc
NOTE: Unclear status, checking with upstream
CVE-2021-46681 (A XSS vulnerability exist in Pandora FMS version 756 and below, that a ...)
- TODO: check
+ NOT-FOR-US: Pandora FMS
CVE-2021-46680 (A XSS vulnerability exist in Pandora FMS version 756 and below, that a ...)
- TODO: check
+ NOT-FOR-US: Pandora FMS
CVE-2021-46679 (A XSS vulnerability exist in Pandora FMS version 756 and below, that a ...)
- TODO: check
+ NOT-FOR-US: Pandora FMS
CVE-2021-46678 (A XSS vulnerability exist in Pandora FMS version 756 and below, that a ...)
- TODO: check
+ NOT-FOR-US: Pandora FMS
CVE-2021-46677 (A XSS vulnerability exist in Pandora FMS version 756 and below, that a ...)
- TODO: check
+ NOT-FOR-US: Pandora FMS
CVE-2021-46676 (A XSS vulnerability exist in Pandora FMS version 756 and below, that a ...)
- TODO: check
+ NOT-FOR-US: Pandora FMS
CVE-2022-24668 (A program using swift-nio-http2 is vulnerable to a denial of service a ...)
NOT-FOR-US: swift-nio-http2
CVE-2022-24667 (A program using swift-nio-http2 is vulnerable to a denial of service a ...)
@@ -43962,7 +43962,7 @@ CVE-2022-22301 (An improper neutralization of special elements used in an OS Com
CVE-2022-22300 (A improper handling of insufficient permissions or privileges in Forti ...)
NOT-FOR-US: FortiGuard
CVE-2022-22299 (A format string vulnerability [CWE-134] in the command line interprete ...)
- TODO: check
+ NOT-FOR-US: FortiNet
CVE-2022-22298
RESERVED
CVE-2022-22297
@@ -73273,7 +73273,7 @@ CVE-2021-36863
CVE-2021-36862
RESERVED
CVE-2021-36861 (Cross-Site Request Forgery (CSRF) vulnerability in Rich Reviews by Sta ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-36860
RESERVED
CVE-2021-36859
@@ -96468,7 +96468,7 @@ CVE-2021-27799 (ean_leading_zeroes in backend/upcean.c in Zint Barcode Generator
NOTE: https://sourceforge.net/p/zint/tickets/218/
NOTE: https://sourceforge.net/p/zint/code/ci/7f8c8114f31c09a986597e0ba63a49f96150368a/
CVE-2021-27798 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability in Brocade Fabric OS v ...)
- TODO: check
+ NOT-FOR-US: Brocade
CVE-2021-27797 (Brocade Fabric OS before Brocade Fabric OS v8.2.1c, v8.1.2h, and all v ...)
NOT-FOR-US: Brocade
CVE-2021-27796 (A vulnerability in Brocade Fabric OS versions before Brocade Fabric OS ...)
@@ -194651,7 +194651,7 @@ CVE-2020-1756
CVE-2020-1755
RESERVED
CVE-2020-1754 (In Moodle before 3.8.2, 3.7.5, 3.6.9 and 3.5.11, users viewing the gra ...)
- TODO: check
+ - moodle <removed>
CVE-2020-1753 (A security flaw was found in Ansible Engine, all Ansible 2.7.x version ...)
{DSA-4950-1}
- ansible 2.9.16+dfsg-1
@@ -194925,7 +194925,7 @@ CVE-2020-1693 (A flaw was found in Spacewalk up to version 2.9 where it was vuln
CVE-2020-1692 (Moodle before version 3.7.2 is vulnerable to information exposure of s ...)
- moodle <removed>
CVE-2020-1691 (In Moodle 3.8, messages required extra sanitizing before updating the ...)
- TODO: check
+ - moodle <removed>
CVE-2020-1690 (An improper authorization flaw was discovered in openstack-selinux's a ...)
NOT-FOR-US: openstack-selinux
CVE-2019-19364 (A weak malicious user can escalate its privilege whenever CatalystProd ...)
@@ -381280,7 +381280,7 @@ CVE-2016-3099 (mod_ns in Red Hat Enterprise Linux Desktop 7, Red Hat Enterprise
[wheezy] - libapache2-mod-nss <not-affected> (Vulnerability introduced in 1.0.11)
NOTE: Introduced in https://git.fedorahosted.org/cgit/mod_nss.git/commit/?id=2d1650900f4d47dc43400d826c0f7e1a7c5229b8 (1.10.11)
CVE-2016-3098 (Cross-site request forgery (CSRF) vulnerability in administrate 0.1.4 ...)
- TODO: check
+ NOT-FOR-US: administrate
CVE-2016-3097 (Cross-site scripting (XSS) vulnerability in spacewalk-java in Red Hat ...)
NOT-FOR-US: spacewalk-java
CVE-2016-3096 (The create_script function in the lxc_container module in Ansible befo ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0ddbe86b3a7aebdc102967e83c999fd458fa9825
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0ddbe86b3a7aebdc102967e83c999fd458fa9825
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220805/dacdf781/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list