[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Sat Aug 6 09:39:34 BST 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
4c4fed1d by Salvatore Bonaccorso at 2022-08-06T10:32:00+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -59,7 +59,7 @@ CVE-2022-37433
CVE-2022-37432
RESERVED
CVE-2022-2675 (Using off-the-shelf commodity hardware, the Unitree Go 1 robotics plat ...)
- TODO: check
+ NOT-FOR-US: Unitree Go 1 robotics platform
CVE-2022-2674 (A vulnerability was found in SourceCodester Best Fee Management System ...)
NOT-FOR-US: SourceCodester
CVE-2022-2673 (A vulnerability was found in Rigatur Online Booking and Hotel Manageme ...)
@@ -123,7 +123,7 @@ CVE-2022-37400
CVE-2022-37399
RESERVED
CVE-2022-37398 (A stack-based buffer overflow vulnerability was found inside ADM when ...)
- TODO: check
+ NOT-FOR-US: ASUSTOR Data Master (ADM)
CVE-2022-36350
RESERVED
CVE-2022-2667 (A vulnerability was found in SourceCodester Loan Management System and ...)
@@ -5704,9 +5704,9 @@ CVE-2022-35165
CVE-2022-35164
RESERVED
CVE-2022-35163 (Complete Online Job Search System v1.0 was discovered to contain a cro ...)
- TODO: check
+ NOT-FOR-US: Complete Online Job Search System
CVE-2022-35162 (Complete Online Job Search System v1.0 was discovered to contain a cro ...)
- TODO: check
+ NOT-FOR-US: Complete Online Job Search System
CVE-2022-35161 (GVRET Stable Release as of Aug 15, 2015 was discovered to contain a bu ...)
NOT-FOR-US: GVRET
CVE-2022-35160
@@ -11867,7 +11867,7 @@ CVE-2022-32573
CVE-2022-30605
RESERVED
CVE-2022-29886 (An integer overflow vulnerability exists in the way ESTsoft Alyac 2.5. ...)
- TODO: check
+ NOT-FOR-US: ESTsoft Alyac
CVE-2022-29517
RESERVED
CVE-2022-29511
@@ -12326,7 +12326,7 @@ CVE-2022-32545 (A vulnerability was found in ImageMagick, causing an outside the
NOTE: https://github.com/ImageMagick/ImageMagick/commit/9c9a84cec4ab28ee0b57c2b9266d6fbe68183512 (7.1.0-28)
NOTE: https://github.com/ImageMagick/ImageMagick6/commit/450949ed017f009b399c937cf362f0058eacc5fa (6.9.12-43)
CVE-2022-32543 (An integer overflow vulnerability exists in the way ESTsoft Alyac 2.5. ...)
- TODO: check
+ NOT-FOR-US: ESTsoft Alyac
CVE-2022-32542
RESERVED
CVE-2022-32541
@@ -13115,7 +13115,7 @@ CVE-2022-31472 (Browse restriction bypass vulnerability in Cabinet of Cybozu Gar
CVE-2022-29521
RESERVED
CVE-2022-29465 (An out-of-bounds write vulnerability exists in the PSD Header processi ...)
- TODO: check
+ NOT-FOR-US: Accusoft ImageGear
CVE-2022-25958
RESERVED
CVE-2022-1993 (Path Traversal in GitHub repository gogs/gogs prior to 0.12.9. ...)
@@ -15098,7 +15098,7 @@ CVE-2022-1878
CVE-2022-1877
RESERVED
CVE-2022-31618 (NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manag ...)
- TODO: check
+ NOT-FOR-US: NVIDIA
CVE-2022-31617
RESERVED
CVE-2022-31616
@@ -15124,7 +15124,7 @@ CVE-2022-31615
[bullseye] - nvidia-graphics-drivers-tesla-470 <no-dsa> (Non-free not supported)
- nvidia-graphics-drivers-tesla-510 <unfixed> (bug #1016621)
CVE-2022-31614 (NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manag ...)
- TODO: check
+ NOT-FOR-US: NVIDIA
CVE-2022-31613
RESERVED
CVE-2022-31612
@@ -15134,7 +15134,7 @@ CVE-2022-31611
CVE-2022-31610
RESERVED
CVE-2022-31609 (NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manag ...)
- TODO: check
+ NOT-FOR-US: NVIDIA
CVE-2022-31608
RESERVED
- nvidia-graphics-drivers <unfixed> (bug #1016614)
@@ -22661,7 +22661,7 @@ CVE-2022-29073
CVE-2022-29072 (** DISPUTED ** 7-Zip through 21.07 on Windows allows privilege escalat ...)
NOT-FOR-US: 7-Zip on Windows
CVE-2022-29071 (This advisory documents an internally found vulnerability in the on pr ...)
- TODO: check
+ NOT-FOR-US: Arista
CVE-2022-29070
RESERVED
CVE-2022-29069
@@ -23202,7 +23202,7 @@ CVE-2022-28882
CVE-2022-28881
RESERVED
CVE-2022-28880 (A Denial-of-Service vulnerability was discovered in the F-Secure Atlan ...)
- TODO: check
+ NOT-FOR-US: F-Secure
CVE-2022-28879 (A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atl ...)
NOT-FOR-US: F-Secure
CVE-2022-28878 (A Denial-of-Service vulnerability was discovered in the F-Secure Atlan ...)
@@ -23629,9 +23629,9 @@ CVE-2022-28668 (This vulnerability allows remote attackers to execute arbitrary
CVE-2022-28667
RESERVED
CVE-2022-28665 (A memory corruption vulnerability exists in the httpd unescape functio ...)
- TODO: check
+ NOT-FOR-US: FreshTomato
CVE-2022-28664 (A memory corruption vulnerability exists in the httpd unescape functio ...)
- TODO: check
+ NOT-FOR-US: FreshTomato
CVE-2022-28611
RESERVED
CVE-2022-28126
@@ -23647,7 +23647,7 @@ CVE-2022-27639
CVE-2022-27638
RESERVED
CVE-2022-27631 (A memory corruption vulnerability exists in the httpd unescape functio ...)
- TODO: check
+ NOT-FOR-US: DD-WRT
CVE-2022-27499
RESERVED
CVE-2022-27234
@@ -23673,7 +23673,7 @@ CVE-2022-26509
CVE-2022-26508
RESERVED
CVE-2022-26376 (A memory corruption vulnerability exists in the httpd unescape functio ...)
- TODO: check
+ NOT-FOR-US: Asuswrt
CVE-2022-26369
RESERVED
CVE-2022-26367
@@ -26491,17 +26491,17 @@ CVE-2022-27784 (Adobe After Effects versions 22.2.1 (and earlier) and 18.4.5 (an
CVE-2022-27783 (Adobe After Effects versions 22.2.1 (and earlier) and 18.4.5 (and earl ...)
NOT-FOR-US: Adobe
CVE-2022-27660 (A denial of service vulnerability exists in the confctl_set_guest_wlan ...)
- TODO: check
+ NOT-FOR-US: TCL LinkHub Mesh Wi-Fi
CVE-2022-27633 (An information disclosure vulnerability exists in the confctl_get_gues ...)
- TODO: check
+ NOT-FOR-US: TCL LinkHub Mesh Wifi
CVE-2022-27630 (An information disclosure vulnerability exists in the confctl_get_mast ...)
- TODO: check
+ NOT-FOR-US: TCL LinkHub Mesh Wi-Fi
CVE-2022-27185 (A denial of service vulnerability exists in the confctl_set_master_wla ...)
- TODO: check
+ NOT-FOR-US: TCL LinkHub Mesh Wifi
CVE-2022-27178 (A denial of service vulnerability exists in the confctl_set_wan_cfg fu ...)
- TODO: check
+ NOT-FOR-US: TCL LinkHub Mesh Wi-Fi
CVE-2022-26346 (A denial of service vulnerability exists in the ucloud_del_node functi ...)
- TODO: check
+ NOT-FOR-US: TCL LinkHub Mesh Wi-Fi
CVE-2022-1060
RESERVED
CVE-2022-27782 (libcurl would reuse a previously created connection even when a TLS or ...)
@@ -27116,7 +27116,7 @@ CVE-2022-27536 (Certificate.Verify in crypto/x509 in Go 1.18.x before 1.18.1 can
NOTE: https://groups.google.com/g/golang-announce/c/oecdBNLOml8
NOTE: https://go.dev/issue/51759
CVE-2022-27535 (Kaspersky VPN Secure Connection for Windows version up to 21.5 was vul ...)
- TODO: check
+ NOT-FOR-US: Kaspersky VPN Secure Connection for Windows
CVE-2022-27534 (Kaspersky Anti-Virus products for home and Kaspersky Endpoint Security ...)
NOT-FOR-US: Kaspersky
CVE-2022-27533
@@ -29272,7 +29272,7 @@ CVE-2022-26425
CVE-2022-26421
RESERVED
CVE-2022-26342 (A buffer overflow vulnerability exists in the confsrv ucloud_set_node_ ...)
- TODO: check
+ NOT-FOR-US: TCL LinkHub Mesh Wi-Fi
CVE-2022-26076
RESERVED
CVE-2022-26062
@@ -29282,9 +29282,9 @@ CVE-2022-26052
CVE-2022-26032
RESERVED
CVE-2022-26009 (A stack-based buffer overflow vulnerability exists in the confsrv uclo ...)
- TODO: check
+ NOT-FOR-US: TCL LinkHub Mesh Wi-Fi
CVE-2022-25996 (A stack-based buffer overflow vulnerability exists in the confsrv addT ...)
- TODO: check
+ NOT-FOR-US: TCL LinkHub Mesh Wi-Fi
CVE-2022-25987
RESERVED
CVE-2022-25915 (Improper access control vulnerability in ELECOM LAN routers (WRC-1167G ...)
@@ -37602,55 +37602,55 @@ CVE-2022-24031 (An issue was discovered in NvmExpressDxe in Insyde InsydeH2O wit
CVE-2022-24030 (An issue was discovered in AhciBusDxe in Insyde InsydeH2O with kernel ...)
NOT-FOR-US: Insyde
CVE-2022-24029 (A buffer overflow vulnerability exists in the GetValue functionality o ...)
- TODO: check
+ NOT-FOR-US: TCL LinkHub Mesh Wi-Fi
CVE-2022-24028 (A buffer overflow vulnerability exists in the GetValue functionality o ...)
- TODO: check
+ NOT-FOR-US: TCL LinkHub Mesh Wi-Fi
CVE-2022-24027 (A buffer overflow vulnerability exists in the GetValue functionality o ...)
- TODO: check
+ NOT-FOR-US: TCL LinkHub Mesh Wi-Fi
CVE-2022-24026 (A buffer overflow vulnerability exists in the GetValue functionality o ...)
- TODO: check
+ NOT-FOR-US: TCL LinkHub Mesh Wi-Fi
CVE-2022-24025 (A buffer overflow vulnerability exists in the GetValue functionality o ...)
- TODO: check
+ NOT-FOR-US: TCL LinkHub Mesh Wi-Fi
CVE-2022-24024 (A buffer overflow vulnerability exists in the GetValue functionality o ...)
- TODO: check
+ NOT-FOR-US: TCL LinkHub Mesh Wi-Fi
CVE-2022-24023 (A buffer overflow vulnerability exists in the GetValue functionality o ...)
- TODO: check
+ NOT-FOR-US: TCL LinkHub Mesh Wi-Fi
CVE-2022-24022 (A buffer overflow vulnerability exists in the GetValue functionality o ...)
- TODO: check
+ NOT-FOR-US: TCL LinkHub Mesh Wi-Fi
CVE-2022-24021 (A buffer overflow vulnerability exists in the GetValue functionality o ...)
- TODO: check
+ NOT-FOR-US: TCL LinkHub Mesh Wi-Fi
CVE-2022-24020 (A buffer overflow vulnerability exists in the GetValue functionality o ...)
- TODO: check
+ NOT-FOR-US: TCL LinkHub Mesh Wi-Fi
CVE-2022-24019 (A buffer overflow vulnerability exists in the GetValue functionality o ...)
- TODO: check
+ NOT-FOR-US: TCL LinkHub Mesh Wi-Fi
CVE-2022-24018 (A buffer overflow vulnerability exists in the GetValue functionality o ...)
- TODO: check
+ NOT-FOR-US: TCL LinkHub Mesh Wi-Fi
CVE-2022-24017 (A buffer overflow vulnerability exists in the GetValue functionality o ...)
- TODO: check
+ NOT-FOR-US: TCL LinkHub Mesh Wi-Fi
CVE-2022-24016 (A buffer overflow vulnerability exists in the GetValue functionality o ...)
- TODO: check
+ NOT-FOR-US: TCL LinkHub Mesh Wi-Fi
CVE-2022-24015 (A buffer overflow vulnerability exists in the GetValue functionality o ...)
- TODO: check
+ NOT-FOR-US: TCL LinkHub Mesh Wi-Fi
CVE-2022-24014 (A buffer overflow vulnerability exists in the GetValue functionality o ...)
- TODO: check
+ NOT-FOR-US: TCL LinkHub Mesh Wi-Fi
CVE-2022-24013 (A buffer overflow vulnerability exists in the GetValue functionality o ...)
- TODO: check
+ NOT-FOR-US: TCL LinkHub Mesh Wi-Fi
CVE-2022-24012 (A buffer overflow vulnerability exists in the GetValue functionality o ...)
- TODO: check
+ NOT-FOR-US: TCL LinkHub Mesh Wi-Fi
CVE-2022-24011 (A buffer overflow vulnerability exists in the GetValue functionality o ...)
- TODO: check
+ NOT-FOR-US: TCL LinkHub Mesh Wi-Fi
CVE-2022-24010 (A buffer overflow vulnerability exists in the GetValue functionality o ...)
- TODO: check
+ NOT-FOR-US: TCL LinkHub Mesh Wi-Fi
CVE-2022-24009 (A buffer overflow vulnerability exists in the GetValue functionality o ...)
- TODO: check
+ NOT-FOR-US: TCL LinkHub Mesh Wi-Fi
CVE-2022-24008 (A buffer overflow vulnerability exists in the GetValue functionality o ...)
- TODO: check
+ NOT-FOR-US: TCL LinkHub Mesh Wi-Fi
CVE-2022-24007 (A buffer overflow vulnerability exists in the GetValue functionality o ...)
- TODO: check
+ NOT-FOR-US: TCL LinkHub Mesh Wi-Fi
CVE-2022-24006 (A buffer overflow vulnerability exists in the GetValue functionality o ...)
- TODO: check
+ NOT-FOR-US: TCL LinkHub Mesh Wi-Fi
CVE-2022-24005 (A buffer overflow vulnerability exists in the GetValue functionality o ...)
- TODO: check
+ NOT-FOR-US: TCL LinkHub Mesh Wi-Fi
CVE-2022-0387 (Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat ...)
NOT-FOR-US: livehelperchat
CVE-2022-0386 (A post-auth SQL injection vulnerability in the Mail Manager potentiall ...)
@@ -37912,7 +37912,7 @@ CVE-2022-23975 (Cross-Site Request Forgery (CSRF) in Access Demo Importer <=
CVE-2022-23974 (In 0.9.3 or older versions of Apache Pinot segment upload path allowed ...)
NOT-FOR-US: Apache Pinot
CVE-2022-23103 (A stack-based buffer overflow vulnerability exists in the confsrv conf ...)
- TODO: check
+ NOT-FOR-US: TCL LinkHub Mesh Wi-Fi
CVE-2022-0383 (The WP Review Slider WordPress plugin before 11.0 does not sanitise an ...)
NOT-FOR-US: WordPress plugin
CVE-2022-0382 (An information leak flaw was found due to uninitialized memory in the ...)
@@ -38161,19 +38161,19 @@ CVE-2022-23925 (Potential vulnerabilities have been identified in the system BIO
CVE-2022-23924 (Potential vulnerabilities have been identified in the system BIOS of c ...)
NOT-FOR-US: HP
CVE-2022-23919 (A stack-based buffer overflow vulnerability exists in the confsrv set_ ...)
- TODO: check
+ NOT-FOR-US: TCL LinkHub Mesh Wi-Fi
CVE-2022-23918 (A stack-based buffer overflow vulnerability exists in the confsrv set_ ...)
- TODO: check
+ NOT-FOR-US: TCL LinkHub Mesh Wi-Fi
CVE-2022-23399 (A stack-based buffer overflow vulnerability exists in the confsrv set_ ...)
- TODO: check
+ NOT-FOR-US: TCL LinkHub Mesh Wi-Fi
CVE-2022-22144 (A hard-coded password vulnerability exists in the libcommonprod.so pro ...)
- TODO: check
+ NOT-FOR-US: TCL LinkHub Mesh Wi-Fi
CVE-2022-22140 (An os command injection vulnerability exists in the confsrv ucloud_add ...)
- TODO: check
+ NOT-FOR-US: TCL LinkHub Mesh Wi-Fi
CVE-2022-21201 (A stack-based buffer overflow vulnerability exists in the confers uclo ...)
- TODO: check
+ NOT-FOR-US: TCL LinkHub Mesh Wi-Fi
CVE-2022-21178 (An os command injection vulnerability exists in the confsrv ucloud_add ...)
- TODO: check
+ NOT-FOR-US: TCL LinkHub Mesh Wi-Fi
CVE-2022-0355 (Exposure of Sensitive Information to an Unauthorized Actor in NPM simp ...)
NOT-FOR-US: simple-get nodejs module
CVE-2022-0354 (A vulnerability was reported in Lenovo System Update that could allow ...)
@@ -94714,7 +94714,7 @@ CVE-2021-28513
CVE-2021-28512
RESERVED
CVE-2021-28511 (This advisory documents the impact of an internally found vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: Arista
CVE-2021-28510
RESERVED
CVE-2021-28509 (This advisory documents the impact of an internally found vulnerabilit ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4c4fed1ddf5b6aea32b02ad8483975eb45673c6d
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4c4fed1ddf5b6aea32b02ad8483975eb45673c6d
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220806/164e1672/attachment.htm>
More information about the debian-security-tracker-commits
mailing list