[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Aug 10 09:22:37 BST 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
28f413a9 by Salvatore Bonaccorso at 2022-08-10T10:22:06+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -6382,7 +6382,7 @@ CVE-2022-35493 (A Cross-site scripting (XSS) vulnerability in json search parse
CVE-2022-35492
RESERVED
CVE-2022-35491 (TOTOLINK A3002RU V3.0.0-B20220304.1804 has a hardcoded password for ro ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2022-35490 (Zammad 5.2.0 is vulnerable to privilege escalation. Zammad has a preve ...)
- zammad <itp> (bug #841355)
CVE-2022-35489 (In Zammad 5.2.0, customers who have secondary organizations assigned w ...)
@@ -6512,7 +6512,7 @@ CVE-2022-35428
CVE-2022-35427
RESERVED
CVE-2022-35426 (UCMS 1.6 is vulnerable to arbitrary file upload via ucms/sadmin/file P ...)
- TODO: check
+ NOT-FOR-US: UCMS
CVE-2022-35425
RESERVED
CVE-2022-35424
@@ -8407,49 +8407,49 @@ CVE-2022-34719
CVE-2022-34718
RESERVED
CVE-2022-34717 (Microsoft Office Remote Code Execution Vulnerability. ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-34716 (.NET Spoofing Vulnerability. ...)
TODO: check
CVE-2022-34715 (Windows Network File System Remote Code Execution Vulnerability. ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-34714 (Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-34713 (Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-34712 (Windows Defender Credential Guard Information Disclosure Vulnerability ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-34711
RESERVED
CVE-2022-34710 (Windows Defender Credential Guard Information Disclosure Vulnerability ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-34709 (Windows Defender Credential Guard Security Feature Bypass Vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-34708 (Windows Kernel Information Disclosure Vulnerability. This CVE ID is un ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-34707 (Windows Kernel Elevation of Privilege Vulnerability. This CVE ID is un ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-34706 (Windows Local Security Authority (LSA) Elevation of Privilege Vulnerab ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-34705 (Windows Defender Credential Guard Elevation of Privilege Vulnerability ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-34704 (Windows Defender Credential Guard Information Disclosure Vulnerability ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-34703 (Windows Partition Management Driver Elevation of Privilege Vulnerabili ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-34702 (Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-34701 (Windows Secure Socket Tunneling Protocol (SSTP) Denial of Service Vuln ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-34700
RESERVED
CVE-2022-34699 (Windows Win32k Elevation of Privilege Vulnerability. ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-34698
RESERVED
CVE-2022-34697
RESERVED
CVE-2022-34696 (Windows Hyper-V Remote Code Execution Vulnerability. ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-34695
RESERVED
CVE-2022-34694
@@ -8457,21 +8457,21 @@ CVE-2022-34694
CVE-2022-34693
RESERVED
CVE-2022-34692 (Microsoft Exchange Information Disclosure Vulnerability. This CVE ID i ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-34691 (Active Directory Domain Services Elevation of Privilege Vulnerability. ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-34690 (Windows Fax Service Elevation of Privilege Vulnerability. ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-34689
RESERVED
CVE-2022-34688
RESERVED
CVE-2022-34687 (Azure RTOS GUIX Studio Remote Code Execution Vulnerability. This CVE I ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-34686 (Azure RTOS GUIX Studio Information Disclosure Vulnerability. This CVE ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-34685 (Azure RTOS GUIX Studio Information Disclosure Vulnerability. This CVE ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-34684
RESERVED
CVE-2022-34683
@@ -11287,7 +11287,7 @@ CVE-2022-33672 (Azure Site Recovery Elevation of Privilege Vulnerability. This C
CVE-2022-33671 (Azure Site Recovery Elevation of Privilege Vulnerability. This CVE ID ...)
NOT-FOR-US: Microsoft
CVE-2022-33670 (Windows Partition Management Driver Elevation of Privilege Vulnerabili ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-33669 (Azure Site Recovery Elevation of Privilege Vulnerability. This CVE ID ...)
NOT-FOR-US: Microsoft
CVE-2022-33668 (Azure Site Recovery Elevation of Privilege Vulnerability. This CVE ID ...)
@@ -11329,13 +11329,13 @@ CVE-2022-33651 (Azure Site Recovery Elevation of Privilege Vulnerability. This C
CVE-2022-33650 (Azure Site Recovery Elevation of Privilege Vulnerability. This CVE ID ...)
NOT-FOR-US: Microsoft
CVE-2022-33649 (Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability. ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-33648 (Microsoft Excel Remote Code Execution Vulnerability. ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-33647
RESERVED
CVE-2022-33646 (Azure Batch Node Agent Elevation of Privilege Vulnerability. ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-33645
RESERVED
CVE-2022-33644 (Xbox Live Save Service Elevation of Privilege Vulnerability. ...)
@@ -11347,7 +11347,7 @@ CVE-2022-33642 (Azure Site Recovery Elevation of Privilege Vulnerability. This C
CVE-2022-33641 (Azure Site Recovery Elevation of Privilege Vulnerability. This CVE ID ...)
NOT-FOR-US: Microsoft
CVE-2022-33640 (System Center Operations Manager: Open Management Infrastructure (OMI) ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-33639 (Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. ...)
NOT-FOR-US: Microsoft
CVE-2022-33638 (Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. ...)
@@ -11355,7 +11355,7 @@ CVE-2022-33638 (Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerabi
CVE-2022-33637 (Microsoft Defender for Endpoint Tampering Vulnerability. ...)
NOT-FOR-US: Microsoft
CVE-2022-33636 (Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability. ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-33635
RESERVED
CVE-2022-33634
@@ -11365,7 +11365,7 @@ CVE-2022-33633 (Skype for Business and Lync Remote Code Execution Vulnerability.
CVE-2022-33632 (Microsoft Office Security Feature Bypass Vulnerability. ...)
NOT-FOR-US: Microsoft
CVE-2022-33631 (Microsoft Excel Security Feature Bypass Vulnerability. ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-33630
RESERVED
CVE-2022-33629
@@ -16398,13 +16398,13 @@ CVE-2022-31677
CVE-2022-31676
RESERVED
CVE-2022-31675 (VMware vRealize Operations contains an authentication bypass vulnerabi ...)
- TODO: check
+ NOT-FOR-US: VMware
CVE-2022-31674 (VMware vRealize Operations contains an information disclosure vulnerab ...)
- TODO: check
+ NOT-FOR-US: VMware
CVE-2022-31673 (VMware vRealize Operations contains an information disclosure vulnerab ...)
- TODO: check
+ NOT-FOR-US: VMware
CVE-2022-31672 (VMware vRealize Operations contains a privilege escalation vulnerabili ...)
- TODO: check
+ NOT-FOR-US: VMware
CVE-2022-31671
RESERVED
CVE-2022-31670
@@ -20859,13 +20859,13 @@ CVE-2022-30199
CVE-2022-30198
RESERVED
CVE-2022-30197 (Windows Kernel Information Disclosure Vulnerability. This CVE ID is un ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-30196
RESERVED
CVE-2022-30195
RESERVED
CVE-2022-30194 (Windows WebBrowser Control Remote Code Execution Vulnerability. ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-30193 (AV1 Video Extension Remote Code Execution Vulnerability. This CVE ID i ...)
NOT-FOR-US: Microsoft
CVE-2022-30192 (Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. ...)
@@ -20901,9 +20901,9 @@ CVE-2022-30178 (Azure RTOS GUIX Studio Remote Code Execution Vulnerability. This
CVE-2022-30177 (Azure RTOS GUIX Studio Remote Code Execution Vulnerability. This CVE I ...)
NOT-FOR-US: Microsoft
CVE-2022-30176 (Azure RTOS GUIX Studio Remote Code Execution Vulnerability. This CVE I ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-30175 (Azure RTOS GUIX Studio Remote Code Execution Vulnerability. This CVE I ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-30174 (Microsoft Office Remote Code Execution Vulnerability. ...)
NOT-FOR-US: Microsoft
CVE-2022-30173 (Microsoft Excel Remote Code Execution Vulnerability. ...)
@@ -20965,7 +20965,7 @@ CVE-2022-30146 (Windows Lightweight Directory Access Protocol (LDAP) Remote Code
CVE-2022-30145 (Windows Encrypting File System (EFS) Remote Code Execution Vulnerabili ...)
NOT-FOR-US: Microsoft
CVE-2022-30144 (Windows Bluetooth Service Remote Code Execution Vulnerability. ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-30143 (Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execu ...)
NOT-FOR-US: Microsoft
CVE-2022-30142 (Windows File History Remote Code Execution Vulnerability. ...)
@@ -20985,9 +20985,9 @@ CVE-2022-30136 (Windows Network File System Remote Code Execution Vulnerability.
CVE-2022-30135 (Windows Media Center Elevation of Privilege Vulnerability. ...)
NOT-FOR-US: Microsoft
CVE-2022-30134 (Microsoft Exchange Information Disclosure Vulnerability. This CVE ID i ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-30133 (Windows Point-to-Point Protocol (PPP) Remote Code Execution Vulnerabil ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-30132 (Windows Container Manager Service Elevation of Privilege Vulnerability ...)
NOT-FOR-US: Microsoft
CVE-2022-30131 (Windows Container Isolation FS Filter Driver Elevation of Privilege Vu ...)
@@ -24117,7 +24117,7 @@ CVE-2022-29085 (Dell Unity, Dell UnityVSA, and Dell Unity XT versions prior to 5
CVE-2022-29084 (Dell Unity, Dell UnityVSA, and Dell Unity XT versions before 5.2.0.0.5 ...)
NOT-FOR-US: Dell
CVE-2022-29083 (Prior Dell BIOS versions contain an Improper Authentication vulnerabil ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2022-29082 (Dell EMC NetWorker versions 19.1.x, 19.1.0.x, 19.1.1.x, 19.2.x, 19.2.0 ...)
NOT-FOR-US: EMC
CVE-2022-1332 (One of the API in Mattermost version 6.4.1 and earlier fails to proper ...)
@@ -37479,7 +37479,7 @@ CVE-2022-24518 (Azure Site Recovery Elevation of Privilege Vulnerability. This C
CVE-2022-24517 (Azure Site Recovery Remote Code Execution Vulnerability. This CVE ID i ...)
NOT-FOR-US: Microsoft
CVE-2022-24516 (Microsoft Exchange Server Elevation of Privilege Vulnerability. This C ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-24515 (Azure Site Recovery Elevation of Privilege Vulnerability. This CVE ID ...)
NOT-FOR-US: Microsoft
CVE-2022-24514
@@ -37557,7 +37557,7 @@ CVE-2022-24479 (Connected User Experiences and Telemetry Elevation of Privilege
CVE-2022-24478
RESERVED
CVE-2022-24477 (Microsoft Exchange Server Elevation of Privilege Vulnerability. This C ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-24476
RESERVED
CVE-2022-24475 (Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. ...)
@@ -43141,7 +43141,7 @@ CVE-2021-4204 [eBPF Improper Input Validation Vulnerability]
[stretch] - linux <not-affected> (Vulnerable code introduced later)
NOTE: https://www.openwall.com/lists/oss-security/2022/01/11/4
CVE-2022-22983 (VMware Workstation (16.x prior to 16.2.4) contains an unprotected stor ...)
- TODO: check
+ NOT-FOR-US: VMware
CVE-2022-22982 (The vCenter Server contains a server-side request forgery (SSRF) vulne ...)
NOT-FOR-US: VMWare
CVE-2022-22981
@@ -48851,9 +48851,9 @@ CVE-2022-21982
CVE-2022-21981 (Windows Common Log File System Driver Elevation of Privilege Vulnerabi ...)
NOT-FOR-US: Microsoft
CVE-2022-21980 (Microsoft Exchange Server Elevation of Privilege Vulnerability. This C ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-21979 (Microsoft Exchange Information Disclosure Vulnerability. This CVE ID i ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-21978 (Microsoft Exchange Server Elevation of Privilege Vulnerability. ...)
NOT-FOR-US: Microsoft
CVE-2022-21977 (Media Foundation Information Disclosure Vulnerability. This CVE ID is ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/28f413a9bc2c93ddd9ba215e11f130215510c797
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/28f413a9bc2c93ddd9ba215e11f130215510c797
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220810/5f8d2f42/attachment.htm>
More information about the debian-security-tracker-commits
mailing list