[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Thu Aug 18 23:05:25 BST 2022
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
a563d910 by Moritz Mühlenhoff at 2022-08-19T00:04:37+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -39,7 +39,7 @@ CVE-2022-2878
CVE-2022-2877
RESERVED
CVE-2022-2876 (A vulnerability, which was classified as critical, was found in Source ...)
- TODO: check
+ NOT-FOR-US: SourceCodester
CVE-2022-XXXX [freeciv modpack installer buffer overflow]
- freeciv <unfixed> (bug #1017579)
[bullseye] - freeciv <no-dsa> (Minor issue)
@@ -80,7 +80,7 @@ CVE-2022-38382
CVE-2022-38105
RESERVED
CVE-2022-2870 (A vulnerability was found in laravel 5.1 and classified as problematic ...)
- TODO: check
+ NOTE: Additional misreport for laravel, likely to be rejected
CVE-2022-2869 (libtiff's tiffcrop tool has a uint32_t underflow which leads to out of ...)
- tiff 4.4.0~rc1-1
NOTE: https://gitlab.com/libtiff/libtiff/-/issues/352
@@ -599,7 +599,7 @@ CVE-2022-2811 (A vulnerability classified as problematic has been found in Sourc
CVE-2022-2810
RESERVED
CVE-2022-38216 (An integer overflow exists in Mapbox's closed source gl-native library ...)
- TODO: check
+ NOT-FOR-US: Mapbox
CVE-2022-38215
RESERVED
CVE-2022-38214
@@ -836,7 +836,7 @@ CVE-2022-38152
CVE-2022-38151
RESERVED
CVE-2022-38149 (HashiCorp Consul Template through 0.29.1 inserts Sensitive Information ...)
- TODO: check
+ NOT-FOR-US: Consul Template
CVE-2022-38148
RESERVED
CVE-2022-38147
@@ -2501,7 +2501,7 @@ CVE-2022-37424
CVE-2022-37423 (Neo4j APOC (Awesome Procedures on Cypher) before 4.3.0.7 and 4.x befor ...)
NOT-FOR-US: Neo4j APOC (Awesome Procedures on Cypher)
CVE-2022-37422 (Payara through 5.2022.2 allows directory traversal without authenticat ...)
- TODO: check
+ NOT-FOR-US: Payara
CVE-2022-37421
RESERVED
CVE-2022-37420
@@ -3462,13 +3462,13 @@ CVE-2022-37065
CVE-2022-37064
RESERVED
CVE-2022-37063 (All FLIR AX8 thermal sensor cameras versions up to and including 1.46. ...)
- TODO: check
+ NOT-FOR-US: FLIR AX8
CVE-2022-37062 (All FLIR AX8 thermal sensor cameras version up to and including 1.46.1 ...)
- TODO: check
+ NOT-FOR-US: FLIR AX8
CVE-2022-37061 (All FLIR AX8 thermal sensor cameras version up to and including 1.46.1 ...)
- TODO: check
+ NOT-FOR-US: FLIR AX8
CVE-2022-37060 (FLIR AX8 thermal sensor cameras version up to and including 1.46.16 is ...)
- TODO: check
+ NOT-FOR-US: FLIR AX8
CVE-2022-37059
RESERVED
CVE-2022-37058
@@ -3559,7 +3559,7 @@ CVE-2022-37027
CVE-2022-37026
RESERVED
CVE-2022-37025 (An improper privilege management vulnerability in McAfee Security Scan ...)
- TODO: check
+ NOT-FOR-US: McAfee
CVE-2022-37024 (Zoho ManageEngine OpManager, OpManager Plus, OpManager MSP, Network Co ...)
NOT-FOR-US: Zoho ManageEngine
CVE-2022-2588
@@ -4742,7 +4742,7 @@ CVE-2022-36532
CVE-2022-36531
RESERVED
CVE-2022-36530 (An issue was discovered in rageframe2 2.6.37. There is a XSS vulnerabi ...)
- TODO: check
+ NOT-FOR-US: rageframe
CVE-2022-36529
RESERVED
CVE-2022-36528
@@ -5094,7 +5094,7 @@ CVE-2022-36357
CVE-2022-36346
RESERVED
CVE-2022-36344 (An unquoted search path vulnerability exists in 'JustSystems JUST Onli ...)
- TODO: check
+ NOT-FOR-US: JustSystems
CVE-2022-36343 (Authenticated (author or higher user role) Stored Cross-Site Scripting ...)
NOT-FOR-US: WordPress plugin
CVE-2022-36341
@@ -6108,9 +6108,9 @@ CVE-2022-36026
CVE-2022-36025
RESERVED
CVE-2022-36024 (A fork of discord.py py-cord is a modern, easy to use, feature-rich, a ...)
- TODO: check
+ NOT-FOR-US: py-cord
CVE-2022-36023 (Hyperledger Fabric is an enterprise-grade permissioned distributed led ...)
- TODO: check
+ NOT-FOR-US: Hyperledger Fabric
CVE-2022-36022
RESERVED
CVE-2022-36021
@@ -6136,7 +6136,7 @@ CVE-2022-36012
CVE-2022-36011
RESERVED
CVE-2022-36010 (This library allows strings to be parsed as functions and stored as a ...)
- TODO: check
+ NOT-FOR-US: oxyno-zeta
CVE-2022-36009
RESERVED
CVE-2022-36008
@@ -6208,7 +6208,7 @@ CVE-2022-35977
CVE-2022-35976
RESERVED
CVE-2022-35975 (The GitOps Tools Extension for VSCode can make it easier to manage Flu ...)
- TODO: check
+ NOT-FOR-US: GitOps Tools Extension for VSCode
CVE-2022-35974
RESERVED
CVE-2022-35973
@@ -8114,7 +8114,7 @@ CVE-2022-35200
CVE-2022-35199
RESERVED
CVE-2022-35198 (Contract Management System v2.0 contains a weak default password which ...)
- TODO: check
+ NOT-FOR-US: Contract Management System
CVE-2022-35197
RESERVED
CVE-2022-35196
@@ -8160,11 +8160,11 @@ CVE-2022-35177
CVE-2022-35176
RESERVED
CVE-2022-35175 (Barangay Management System v1.0 was discovered to contain a SQL inject ...)
- TODO: check
+ NOT-FOR-US: Barangay
CVE-2022-35174 (A stored cross-site scripting (XSS) vulnerability in Kirby's Starterki ...)
- TODO: check
+ NOT-FOR-US: Kirby
CVE-2022-35173 (An issue was discovered in Nginx NJS v0.7.5. The JUMP offset for a bre ...)
- TODO: check
+ NOT-FOR-US: Nginx NJS
CVE-2022-35172 (SAP NetWeaver Enterprise Portal - versions 7.10, 7.11, 7.20, 7.30, 7.3 ...)
NOT-FOR-US: SAP
CVE-2022-35171 (When a user opens manipulated JPEG 2000 (.jp2, jp2k.x3d) files receive ...)
@@ -11763,29 +11763,29 @@ CVE-2022-33882
CVE-2022-33881 (Parsing a maliciously crafted PRT file can force Autodesk AutoCAD 2023 ...)
NOT-FOR-US: Autodesk
CVE-2022-33311 (Browse restriction bypass vulnerability in Address Book of Cybozu Offi ...)
- TODO: check
+ NOT-FOR-US: Cybozu
CVE-2022-33151 (Cross-site scripting vulnerability in the specific parameters of Cyboz ...)
- TODO: check
+ NOT-FOR-US: Cybozu
CVE-2022-32583 (Operation restriction bypass vulnerability in Scheduler of Cybozu Offi ...)
- TODO: check
+ NOT-FOR-US: Cybozu
CVE-2022-32544 (Operation restriction bypass vulnerability in Project of Cybozu Office ...)
- TODO: check
+ NOT-FOR-US: Cybozu
CVE-2022-32453 (HTTP header injection vulnerability in Cybozu Office 10.0.0 to 10.8.5 ...)
- TODO: check
+ NOT-FOR-US: Cybozu
CVE-2022-32283 (Browse restriction bypass vulnerability in Cabinet of Cybozu Office 10 ...)
- TODO: check
+ NOT-FOR-US: Cybozu
CVE-2022-30693 (Information disclosure vulnerability in the system configuration of Cy ...)
- TODO: check
+ NOT-FOR-US: Cybozu
CVE-2022-30604 (Cross-site scripting vulnerability in the specific parameters of Cyboz ...)
- TODO: check
+ NOT-FOR-US: Cybozu
CVE-2022-29891 (Browse restriction bypass vulnerability in Custom Ap of Cybozu Office ...)
- TODO: check
+ NOT-FOR-US: Cybozu
CVE-2022-29487 (Cross-site scripting vulnerability in Cybozu Office 10.0.0 to 10.8.5 a ...)
- TODO: check
+ NOT-FOR-US: Cybozu
CVE-2022-28715 (Cross-site scripting vulnerability in the specific parameters of Cyboz ...)
- TODO: check
+ NOT-FOR-US: Cybozu
CVE-2022-25986 (Browse restriction bypass vulnerability in Scheduler of Cybozu Office ...)
- TODO: check
+ NOT-FOR-US: Cybozu
CVE-2022-2108 (The plugin Wbcom Designs – BuddyPress Group Reviews for WordPres ...)
NOT-FOR-US: WordPress plugin
CVE-2022-2107 (The MiCODUS MV720 GPS tracker API server has an authentication mechani ...)
@@ -23839,9 +23839,9 @@ CVE-2022-29552
CVE-2022-29551
RESERVED
CVE-2022-29550 (** DISPUTED ** An issue was discovered in Qualys Cloud Agent 4.8.0-49. ...)
- TODO: check
+ NOT-FOR-US: Qualys
CVE-2022-29549 (An issue was discovered in Qualys Cloud Agent 4.8.0-49. It executes pr ...)
- TODO: check
+ NOT-FOR-US: Qualys
CVE-2022-29548 (A reflected XSS issue exists in the Management Console of several WSO2 ...)
NOT-FOR-US: WSO2
CVE-2022-29547 (The CreateRedirect extension before 2022-04-14 for MediaWiki does not ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a563d910b526db46fffa2c988fc37deb1d28c791
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a563d910b526db46fffa2c988fc37deb1d28c791
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220818/b5b03124/attachment.htm>
More information about the debian-security-tracker-commits
mailing list