[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Aug 24 21:27:30 BST 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
8186dfa6 by Salvatore Bonaccorso at 2022-08-24T22:27:04+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -4198,13 +4198,13 @@ CVE-2022-37183
CVE-2022-37182
RESERVED
CVE-2022-37181 (72crm 9.0 has an Arbitrary file upload vulnerability. ...)
- TODO: check
+ NOT-FOR-US: 72crm
CVE-2022-37180
RESERVED
CVE-2022-37179
RESERVED
CVE-2022-37178 (An issue was discovered in 72crm 9.0. There is a SQL Injection vulnera ...)
- TODO: check
+ NOT-FOR-US: 72crm
CVE-2022-37177
RESERVED
CVE-2022-37176
@@ -4254,7 +4254,7 @@ CVE-2022-37155
CVE-2022-37154
RESERVED
CVE-2022-37153 (An issue was discovered in Artica Proxy 4.30.000000. There is a XSS vu ...)
- TODO: check
+ NOT-FOR-US: Artica Proxy
CVE-2022-37152
RESERVED
CVE-2022-37151
@@ -4680,7 +4680,7 @@ CVE-2022-37010 (In JetBrains IntelliJ IDEA before 2022.2 email address validatio
CVE-2022-37009 (In JetBrains IntelliJ IDEA before 2022.2 local code execution via a Va ...)
- intellij-idea <itp> (bug #747616)
CVE-2022-2569 (The affected device stores sensitive information in cleartext, which m ...)
- TODO: check
+ NOT-FOR-US: ARC Informatique
CVE-2022-2568 (A privilege escalation flaw was found in the Ansible Automation Platfo ...)
NOT-FOR-US: Red Hat Ansible Automation Platform
CVE-2022-2567
@@ -5512,7 +5512,7 @@ CVE-2022-36635
CVE-2022-36634
RESERVED
CVE-2022-36633 (Teleport 9.3.6 is vulnerable to Command injection leading to Remote Co ...)
- TODO: check
+ NOT-FOR-US: Teleport
CVE-2022-36632
RESERVED
CVE-2022-36631
@@ -10051,11 +10051,11 @@ CVE-2022-34847
CVE-2022-34839 (Authentication Bypass vulnerability in CodexShaper's WP OAuth2 Server ...)
NOT-FOR-US: WordPress plugin
CVE-2022-34838 (Storing Passwords in a Recoverable Format vulnerability in ABB Zenon 8 ...)
- TODO: check
+ NOT-FOR-US: ABB Zenon
CVE-2022-34837 (Storing Passwords in a Recoverable Format vulnerability in ABB Zenon 8 ...)
- TODO: check
+ NOT-FOR-US: ABB Zenon
CVE-2022-34836 (Relative Path Traversal vulnerability in ABB Zenon 8.20 allows the use ...)
- TODO: check
+ NOT-FOR-US: ABB Zenon
CVE-2022-34654
RESERVED
CVE-2022-34650 (Multiple Authenticated (contributor or higher user role) Stored Cross- ...)
@@ -10455,7 +10455,7 @@ CVE-2022-34745
CVE-2022-34744
RESERVED
CVE-2022-2234 (An authenticated mySCADA myPRO 8.26.0 user may be able to modify param ...)
- TODO: check
+ NOT-FOR-US: mySCADA myPRO
CVE-2022-2233
RESERVED
CVE-2022-2232
@@ -11095,9 +11095,9 @@ CVE-2022-2206 (Out-of-bounds Read in GitHub repository vim/vim prior to 8.2. ...
NOTE: https://github.com/vim/vim/commit/e178af5a586ea023622d460779fdcabbbfac0908 (v8.2.5160)
NOTE: Crash in CLI tool, no security impact
CVE-2022-34486 (Path traversal vulnerability in PukiWiki versions 1.4.5 to 1.5.3 allow ...)
- TODO: check
+ NOT-FOR-US: PukiWiki
CVE-2022-27637 (Reflected cross-site scripting vulnerability in PukiWiki versions 1.5. ...)
- TODO: check
+ NOT-FOR-US: PukiWiki
CVE-2022-2205
RESERVED
- firefox 103.0-1
@@ -12829,7 +12829,7 @@ CVE-2022-2110
CVE-2022-2109
RESERVED
CVE-2022-33916 (OPC UA .NET Standard Reference Server 1.04.368 allows a remote attacke ...)
- TODO: check
+ NOT-FOR-US: OPC UA .NET Standard Reference Server
CVE-2022-33915 (Versions of the Amazon AWS Apache Log4j hotpatch package before log4j- ...)
NOT-FOR-US: Specific to Amazon AWS Apache Log4j hotpatch package
CVE-2022-33914
@@ -14450,7 +14450,7 @@ CVE-2022-33174 (Power Distribution Units running on Powertek firmware (multiple
CVE-2022-33173 (An algorithm-downgrade issue was discovered in Couchbase Server before ...)
NOT-FOR-US: Couchbase Server
CVE-2022-33172 (de.fac2 1.34 allows bypassing the User Presence protection mechanism w ...)
- TODO: check
+ NOT-FOR-US: de.fac2
CVE-2022-33171 (** DISPUTED ** The findOne function in TypeORM before 0.3.0 can either ...)
NOT-FOR-US: TypeORM
CVE-2022-33170
@@ -14492,11 +14492,11 @@ CVE-2022-33153
CVE-2022-33152
RESERVED
CVE-2022-33149 (A sql injection vulnerability exists in the ObjectYPT functionality of ...)
- TODO: check
+ NOT-FOR-US: WWBN AVideo
CVE-2022-33148 (A sql injection vulnerability exists in the ObjectYPT functionality of ...)
- TODO: check
+ NOT-FOR-US: WWBN AVideo
CVE-2022-33147 (A sql injection vulnerability exists in the ObjectYPT functionality of ...)
- TODO: check
+ NOT-FOR-US: WWBN AVideo
CVE-2022-33140 (The optional ShellUserGroupProvider in Apache NiFi 1.10.0 to 1.16.2 an ...)
NOT-FOR-US: Apache NiFi
CVE-2022-33139 (A vulnerability has been identified in SIMATIC WinCC OA V3.16 (All ver ...)
@@ -14844,23 +14844,23 @@ CVE-2022-32987 (Multiple cross-site scripting (XSS) vulnerabilities in /bsms/?pa
CVE-2022-32986
RESERVED
CVE-2022-32761 (An information disclosure vulnerability exists in the aVideoEncoderRec ...)
- TODO: check
+ NOT-FOR-US: WWBN AVideo
CVE-2022-32760
RESERVED
CVE-2022-32572 (An os command injection vulnerability exists in the aVideoEncoder wget ...)
- TODO: check
+ NOT-FOR-US: WWBN AVideo
CVE-2022-32282 (An improper password check exists in the login functionality of WWBN A ...)
- TODO: check
+ NOT-FOR-US: WWBN AVideo
CVE-2022-30547 (A directory traversal vulnerability exists in the unzipDirectory funct ...)
- TODO: check
+ NOT-FOR-US: WWBN AVideo
CVE-2022-30534 (An OS command injection vulnerability exists in the aVideoEncoder chun ...)
- TODO: check
+ NOT-FOR-US: WWBN AVideo
CVE-2022-29477
RESERVED
CVE-2022-29475
RESERVED
CVE-2022-28710 (An information disclosure vulnerability exists in the chunkFile functi ...)
- TODO: check
+ NOT-FOR-US: WWBN AVideo
CVE-2022-27805
RESERVED
CVE-2022-2072 (The Name Directory WordPress plugin before 1.25.3 does not sanitise an ...)
@@ -15390,23 +15390,23 @@ CVE-2022-32780
CVE-2022-32779
RESERVED
CVE-2022-32778 (An information disclosure vulnerability exists in the cookie functiona ...)
- TODO: check
+ NOT-FOR-US: WWBN AVideo
CVE-2022-32777 (An information disclosure vulnerability exists in the cookie functiona ...)
- TODO: check
+ NOT-FOR-US: WWBN AVideo
CVE-2022-32772 (A cross-site scripting (xss) vulnerability exists in the footer alerts ...)
- TODO: check
+ NOT-FOR-US: WWBN AVideo
CVE-2022-32771 (A cross-site scripting (xss) vulnerability exists in the footer alerts ...)
- TODO: check
+ NOT-FOR-US: WWBN AVideo
CVE-2022-32770 (A cross-site scripting (xss) vulnerability exists in the footer alerts ...)
- TODO: check
+ NOT-FOR-US: WWBN AVideo
CVE-2022-32763
RESERVED
CVE-2022-30690 (A cross-site scripting (xss) vulnerability exists in the image403 func ...)
- TODO: check
+ NOT-FOR-US: WWBN AVideo
CVE-2022-28712 (A cross-site scripting (xss) vulnerability exists in the videoAddNew f ...)
- TODO: check
+ NOT-FOR-US: WWBN AVideo
CVE-2022-26842 (A reflected cross-site scripting (xss) vulnerability exists in the cha ...)
- TODO: check
+ NOT-FOR-US: WWBN AVideo
CVE-2022-2049 (In affected versions of Octopus Deploy it is possible to perform a Reg ...)
NOT-FOR-US: Octopus Deploy
CVE-2022-2048 (In Eclipse Jetty HTTP/2 server implementation, when encountering an in ...)
@@ -15445,9 +15445,9 @@ CVE-2021-46817 (Adobe Media Encoder version 15.4 (and earlier) are affected by a
CVE-2021-46816 (Adobe Premiere Pro version 15.4 (and earlier) are affected by a memory ...)
NOT-FOR-US: Adobe
CVE-2022-32769 (Multiple authentication bypass vulnerabilities exist in the objects id ...)
- TODO: check
+ NOT-FOR-US: WWBN AVideo
CVE-2022-32768 (Multiple authentication bypass vulnerabilities exist in the objects id ...)
- TODO: check
+ NOT-FOR-US: WWBN AVideo
CVE-2022-32759
RESERVED
CVE-2022-32758
@@ -15511,7 +15511,7 @@ CVE-2022-32739 (When Secure::DisableBanner system configuration has been disable
CVE-2022-32573
RESERVED
CVE-2022-30605 (A privilege escalation vulnerability exists in the session id function ...)
- TODO: check
+ NOT-FOR-US: WWBN AVideo
CVE-2022-29886 (An integer overflow vulnerability exists in the way ESTsoft Alyac 2.5. ...)
NOT-FOR-US: ESTsoft Alyac
CVE-2022-29517
@@ -15519,7 +15519,7 @@ CVE-2022-29517
CVE-2022-29511
RESERVED
CVE-2022-29468 (A cross-site request forgery (CSRF) vulnerability exists in WWBN AVide ...)
- TODO: check
+ NOT-FOR-US: WWBN AVideo
CVE-2022-28703
RESERVED
CVE-2022-27498
@@ -16774,7 +16774,7 @@ CVE-2022-1991 (A vulnerability classified as problematic has been found in Fast
CVE-2022-1990 (The Nested Pages WordPress plugin before 3.1.21 does not escape and sa ...)
NOT-FOR-US: WordPress plugin
CVE-2022-1989 (All CODESYS Visualization versions before V4.2.0.0 generate a login di ...)
- TODO: check
+ NOT-FOR-US: CODESYS Visualization
CVE-2022-1988 (Cross-site Scripting (XSS) - Generic in GitHub repository neorazorx/fa ...)
NOT-FOR-US: neorazorx/facturascripts
CVE-2022-32274 (The Transition Scheduler add-on 6.5.0 for Atlassian Jira is prone to s ...)
@@ -23949,7 +23949,7 @@ CVE-2022-1515 (A memory leak was discovered in matio 1.5.21 and earlier in Mat_V
CVE-2022-1514 (Stored XSS via upload plugin functionality in zip format in GitHub rep ...)
NOT-FOR-US: facturascripts
CVE-2022-1513 (A potential vulnerability was reported in Lenovo PCManager prior to ve ...)
- TODO: check
+ NOT-FOR-US: Lenovo
CVE-2022-1512 (The ScrollReveal.js Effects WordPress plugin through 1.2 does not sani ...)
NOT-FOR-US: WordPress plugin
CVE-2022-1511 (Improper Access Control in GitHub repository snipe/snipe-it prior to 5 ...)
@@ -26885,9 +26885,9 @@ CVE-2022-28885
CVE-2022-28884
RESERVED
CVE-2022-28883 (A Denial-of-Service (DoS) vulnerability was discovered in F-Secure &am ...)
- TODO: check
+ NOT-FOR-US: F-Secure & WithSecure products
CVE-2022-28882 (A Denial-of-Service (DoS) vulnerability was discovered in F-Secure &am ...)
- TODO: check
+ NOT-FOR-US: F-Secure & WithSecure products
CVE-2022-28881 (A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atl ...)
NOT-FOR-US: F-Secure
CVE-2022-28880 (A Denial-of-Service vulnerability was discovered in the F-Secure Atlan ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8186dfa6de4a21291cb49ee1ce2bff20829fd2db
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8186dfa6de4a21291cb49ee1ce2bff20829fd2db
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220824/2372d471/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list