[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Aug 19 09:41:17 BST 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
9d1f1119 by Salvatore Bonaccorso at 2022-08-19T10:40:47+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -4020,7 +4020,7 @@ CVE-2022-36949 (In Veritas NetBackup OpsCenter, an attacker with local access to
CVE-2022-36948 (In Veritas NetBackup OpsCenter, a DOM XSS attack can occur. This affec ...)
NOT-FOR-US: Veritas
CVE-2022-36947 (Unsafe Parsing of a PNG tRNS chunk in FastStone Image Viewer through 7 ...)
- TODO: check
+ NOT-FOR-US: FastStone Image Viewer
CVE-2022-36946 (nfqnl_mangle in net/netfilter/nfnetlink_queue.c in the Linux kernel th ...)
{DSA-5207-1}
- linux 5.18.16-1
@@ -4524,21 +4524,21 @@ CVE-2022-36731
CVE-2022-36730
RESERVED
CVE-2022-36729 (Library Management System v1.0 was discovered to contain a SQL injecti ...)
- TODO: check
+ NOT-FOR-US: Library Management System
CVE-2022-36728 (Library Management System v1.0 was discovered to contain a SQL injecti ...)
- TODO: check
+ NOT-FOR-US: Library Management System
CVE-2022-36727 (Library Management System v1.0 was discovered to contain a SQL injecti ...)
- TODO: check
+ NOT-FOR-US: Library Management System
CVE-2022-36726
RESERVED
CVE-2022-36725 (Library Management System v1.0 was discovered to contain a SQL injecti ...)
- TODO: check
+ NOT-FOR-US: Library Management System
CVE-2022-36724
RESERVED
CVE-2022-36723
RESERVED
CVE-2022-36722 (Library Management System v1.0 was discovered to contain a SQL injecti ...)
- TODO: check
+ NOT-FOR-US: Library Management System
CVE-2022-36721
RESERVED
CVE-2022-36720
@@ -6386,7 +6386,7 @@ CVE-2022-35978 (Minetest is a free open-source voxel game engine with easy moddi
CVE-2022-35977
RESERVED
CVE-2022-35976 (The GitOps Tools Extension for VSCode relies on kubeconfigs in order t ...)
- TODO: check
+ NOT-FOR-US: GitOps Tools Extension for VSCode
CVE-2022-35975 (The GitOps Tools Extension for VSCode can make it easier to manage Flu ...)
NOT-FOR-US: GitOps Tools Extension for VSCode
CVE-2022-35974
@@ -8264,9 +8264,9 @@ CVE-2022-35215
CVE-2022-35214
RESERVED
CVE-2022-35213 (Ecommerce-CodeIgniter-Bootstrap before commit 56465f was discovered to ...)
- TODO: check
+ NOT-FOR-US: Ecommerce-CodeIgniter-Bootstrap
CVE-2022-35212 (osCommerce2 before v2.3.4.1 was discovered to contain a cross-site scr ...)
- TODO: check
+ NOT-FOR-US: osCommerce2
CVE-2022-35211
RESERVED
CVE-2022-35210
@@ -8282,7 +8282,7 @@ CVE-2022-35206
CVE-2022-35205
RESERVED
CVE-2022-35204 (Vitejs Vite before v2.9.13 was discovered to allow attackers to perfor ...)
- TODO: check
+ NOT-FOR-US: Vitejs Vite
CVE-2022-35203
RESERVED
CVE-2022-35202
@@ -8356,7 +8356,7 @@ CVE-2022-35169 (SAP BusinessObjects Business Intelligence Platform (LCM) - versi
CVE-2022-35168 (Due to improper input sanitization of XML input in SAP Business One - ...)
NOT-FOR-US: SAP
CVE-2022-35167 (Printix Cloud Print Management v1.3.1149.0 for Windows was discovered ...)
- TODO: check
+ NOT-FOR-US: Printix Cloud Print Management
CVE-2022-35166 (libjpeg commit 842c7ba was discovered to contain an infinite loop via ...)
- libjpeg <unfixed>
NOTE: https://github.com/thorfdbg/libjpeg/issues/7
@@ -8993,7 +8993,7 @@ CVE-2022-34854
CVE-2022-34841
RESERVED
CVE-2022-34488 (Improper buffer restrictions in the firmware for some Intel(R) NUC Lap ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-34346
RESERVED
CVE-2022-33972
@@ -9772,7 +9772,7 @@ CVE-2022-34647
CVE-2022-34646
RESERVED
CVE-2022-34345 (Improper input validation in the firmware for some Intel(R) NUC Laptop ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-34157
RESERVED
CVE-2022-33964
@@ -9784,7 +9784,7 @@ CVE-2022-33190
CVE-2022-32971
RESERVED
CVE-2022-32579 (Improper initialization in the firmware for some Intel(R) NUC Laptop K ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-31476
RESERVED
CVE-2022-30692
@@ -11685,7 +11685,7 @@ CVE-2022-33894
CVE-2022-33892
RESERVED
CVE-2022-33209 (Improper input validation in the firmware for some Intel(R) NUC Laptop ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-33200
RESERVED
CVE-2022-33188
@@ -14924,9 +14924,9 @@ CVE-2022-32553 (Pure Storage FlashArray products running Purity//FA 6.2.0 - 6.2.
CVE-2022-32552 (Pure Storage FlashArray products running Purity//FA 6.2.0 - 6.2.3, 6.1 ...)
NOT-FOR-US: Pure Storage FlashArray
CVE-2022-30944 (Insufficiently protected credentials for Intel(R) AMT and Intel(R) Sta ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-30601 (Insufficiently protected credentials for Intel(R) AMT and Intel(R) Sta ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-30542
RESERVED
CVE-2022-30539
@@ -14940,7 +14940,7 @@ CVE-2022-29523
CVE-2022-28699
RESERVED
CVE-2022-28697 (Improper access control in firmware for Intel(R) AMT and Intel(R) Stan ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-2036 (Cross-site Scripting (XSS) - Stored in GitHub repository francoisjacqu ...)
NOT-FOR-US: francoisjacquet/rosariosis
CVE-2022-32551 (Zoho ManageEngine ServiceDesk Plus MSP before 10604 allows path traver ...)
@@ -20984,7 +20984,7 @@ CVE-2022-30339
CVE-2022-30338
RESERVED
CVE-2022-30296 (Insufficiently protected credentials in the Intel(R) Datacenter Group ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-29919
RESERVED
CVE-2022-29893
@@ -20996,7 +20996,7 @@ CVE-2022-29515
CVE-2022-29508
RESERVED
CVE-2022-29507 (Insufficiently protected credentials in the Intel(R) Team Blue mobile ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-29478
RESERVED
CVE-2022-29470
@@ -21010,9 +21010,9 @@ CVE-2022-27877
CVE-2022-27808
RESERVED
CVE-2022-26844 (Insufficiently protected credentials in the installation binaries for ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-26374 (Uncontrolled search path in the installation binaries for Intel(R) SEA ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-26373 (Non-transparent sharing of return predictor targets between contexts i ...)
{DSA-5207-1}
- linux 5.18.16-1
@@ -21020,7 +21020,7 @@ CVE-2022-26373 (Non-transparent sharing of return predictor targets between cont
NOTE: https://git.kernel.org/linus/2b1299322016731d56807aa49254a5ea3080b6b3
NOTE: https://git.kernel.org/linus/ba6e31af2be96c4d0536f2152ed6f7b6c11bca47
CVE-2022-26344 (Incorrect default permissions in the installation binaries for Intel(R ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-25976
RESERVED
CVE-2022-1670 (When generating a user invitation code in Octopus Server, the validity ...)
@@ -24130,11 +24130,11 @@ CVE-2022-29466
CVE-2022-29262
RESERVED
CVE-2022-28858 (Improper buffer restriction in the firmware for some Intel(R) NUC Lapt ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-27497
RESERVED
CVE-2022-27493 (Improper initialization in the firmware for some Intel(R) NUC Laptop K ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-26424
RESERVED
CVE-2022-25899 (Authentication bypass for the Open AMT Cloud Toolkit software maintain ...)
@@ -26189,7 +26189,7 @@ CVE-2022-28759
CVE-2022-28758
RESERVED
CVE-2022-28757 (The Zoom Client for Meetings for macOS (Standard and for IT Admin) sta ...)
- TODO: check
+ NOT-FOR-US: Zoom
CVE-2022-28756 (The Zoom Client for Meetings for macOS (Standard and for IT Admin) sta ...)
NOT-FOR-US: Zoom
CVE-2022-28755 (The Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Wind ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9d1f111915fe89cde49fc7b6aa38e8b3123ed821
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9d1f111915fe89cde49fc7b6aa38e8b3123ed821
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220819/1e3a4106/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list