[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Dec 9 09:48:40 GMT 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
8e63ca8b by Salvatore Bonaccorso at 2022-12-09T10:48:13+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -401,9 +401,9 @@ CVE-2022-46744
CVE-2022-46743
RESERVED
CVE-2022-46742 (Code injection in paddle.audio.functional.get_window in PaddlePaddle 2 ...)
- TODO: check
+ NOT-FOR-US: PaddlePaddle
CVE-2022-46741 (Out-of-bounds read in gather_tree in PaddlePaddle before 2.4. ...)
- TODO: check
+ NOT-FOR-US: PaddlePaddle
CVE-2022-46740
RESERVED
CVE-2022-46728
@@ -1113,7 +1113,7 @@ CVE-2022-4292 (Use After Free in GitHub repository vim/vim prior to 9.0.0882. ..
NOTE: https://github.com/vim/vim/commit/c3d27ada14acd02db357f2d16347acc22cb17e93 (v9.0.0882)
NOTE: Crash in CLI tool, no security impact
CVE-2022-4291 (The aswjsflt.dll library from Avast Antivirus windows contained a pote ...)
- TODO: check
+ NOT-FOR-US: Avast Antivirus
CVE-2022-4290
RESERVED
CVE-2022-4289
@@ -1503,7 +1503,7 @@ CVE-2023-21525
CVE-2023-21524
RESERVED
CVE-2022-4261 (Rapid7 Nexpose and InsightVM versions prior to 6.6.172 failed to relia ...)
- TODO: check
+ NOT-FOR-US: Rapid7 Nexpose and InsightVM
CVE-2022-4260
RESERVED
CVE-2022-4259
@@ -1672,9 +1672,9 @@ CVE-2022-46335
CVE-2022-46334
RESERVED
CVE-2022-46333 (The admin user interface in Proofpoint Enterprise Protection (PPS/PoD) ...)
- TODO: check
+ NOT-FOR-US: Proofpoint
CVE-2022-46332 (The Admin Smart Search feature in Proofpoint Enterprise Protection (PP ...)
- TODO: check
+ NOT-FOR-US: Proofpoint
CVE-2022-46328
RESERVED
CVE-2022-46327
@@ -2154,7 +2154,7 @@ CVE-2022-46160
CVE-2022-46159 (Discourse is an open-source discussion platform. In version 2.8.13 and ...)
NOT-FOR-US: Discourse
CVE-2022-46158 (PrestaShop is an open-source e-commerce solution. Versions prior to 1. ...)
- TODO: check
+ NOT-FOR-US: PrestaShop
CVE-2022-46157
RESERVED
CVE-2022-46156 (The Synthetic Monitoring Agent for Grafana's Synthetic Monitoring appl ...)
@@ -2203,11 +2203,11 @@ CVE-2022-46141
CVE-2022-46140
RESERVED
CVE-2022-44620 (Improper authentication vulnerability in UDR-JA1604/UDR-JA1608/UDR-JA1 ...)
- TODO: check
+ NOT-FOR-US: UDR-JA1604/UDR-JA1608/UDR-JA1616 firmware
CVE-2022-44606 (OS command injection vulnerability in UDR-JA1604/UDR-JA1608/UDR-JA1616 ...)
- TODO: check
+ NOT-FOR-US: UDR-JA1604/UDR-JA1608/UDR-JA1616 firmware
CVE-2022-43464 (Hidden functionality vulnerability in UDR-JA1604/UDR-JA1608/UDR-JA1616 ...)
- TODO: check
+ NOT-FOR-US: UDR-JA1604/UDR-JA1608/UDR-JA1616 firmware
CVE-2022-4171
RESERVED
CVE-2022-4170
@@ -2731,7 +2731,7 @@ CVE-2022-4145
RESERVED
NOT-FOR-US: OpenShift
CVE-2022-45910 (Improper neutralization of special elements used in an LDAP query ('LD ...)
- TODO: check
+ NOT-FOR-US: Apache ManifoldCF
CVE-2022-45909 (drachtio-server 0.8.18 has a heap-based buffer over-read via a long Re ...)
NOT-FOR-US: drachtio-server
CVE-2022-45908 (In PaddlePaddle before 2.4, paddle.audio.functional.get_window is vuln ...)
@@ -2819,7 +2819,7 @@ CVE-2022-45884 (An issue was discovered in the Linux kernel through 6.0.9. drive
CVE-2022-45883
RESERVED
CVE-2022-45877 (OpenHarmony-v3.1.4 and prior versions had an vulnerability. PIN code i ...)
- TODO: check
+ NOT-FOR-US: OpenHarmony
CVE-2022-45875
RESERVED
CVE-2022-45874
@@ -2827,13 +2827,13 @@ CVE-2022-45874
CVE-2022-45126
RESERVED
CVE-2022-45118 (OpenHarmony-v3.1.2 and prior versions had a vulnerability that telepho ...)
- TODO: check
+ NOT-FOR-US: OpenHarmony
CVE-2022-44455 (The appspawn and nwebspawn services within OpenHarmony-v3.1.2 and prio ...)
- TODO: check
+ NOT-FOR-US: OpenHarmony
CVE-2022-43662
RESERVED
CVE-2022-41802 (Kernel subsystem within OpenHarmony-v3.1.4 and prior versions in kerne ...)
- TODO: check
+ NOT-FOR-US: OpenHarmony
CVE-2022-4138
RESERVED
CVE-2022-4137
@@ -4013,9 +4013,9 @@ CVE-2022-4012 (A vulnerability classified as critical has been found in Hospital
CVE-2022-4011 (A vulnerability was found in Simple History Plugin. It has been rated ...)
NOT-FOR-US: Simple History Plugin
CVE-2022-43468 (External initialization of trusted variables or data stores vulnerabil ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-41783 (tdpServer of TP-Link RE300 V1 improperly processes its input, which ma ...)
- TODO: check
+ NOT-FOR-US: TP-Link
CVE-2022-4010
RESERVED
CVE-2022-4009
@@ -4535,7 +4535,7 @@ CVE-2022-45361
CVE-2022-45360
RESERVED
CVE-2022-45359 (Unauth. Arbitrary File Upload vulnerability in YITH WooCommerce Gift C ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-45358
RESERVED
CVE-2022-45357
@@ -4819,7 +4819,7 @@ CVE-2022-45219
CVE-2022-45218 (Human Resource Management System v1.0.0 was discovered to contain a cr ...)
NOT-FOR-US: Human Resource Management System
CVE-2022-45217 (A cross-site scripting (XSS) vulnerability in Book Store Management Sy ...)
- TODO: check
+ NOT-FOR-US: Book Store Management System
CVE-2022-45216
RESERVED
CVE-2022-45215 (A cross-site scripting (XSS) vulnerability in Book Store Management Sy ...)
@@ -4891,7 +4891,7 @@ CVE-2022-3981
CVE-2022-3980 (An XML External Entity (XEE) vulnerability allows server-side request ...)
NOT-FOR-US: Sophos
CVE-2022-37406 (Cross-site scripting vulnerability in Aficio SP 4210N firmware version ...)
- TODO: check
+ NOT-FOR-US: Aficio SP 4210N firmware
CVE-2022-45199 (Pillow before 9.3.0 allows denial of service via SAMPLESPERPIXEL. ...)
- pillow <unfixed> (bug #1024512)
[bullseye] - pillow <not-affected> (Vulnerable code not present, introduced in 9.2.0)
@@ -5563,11 +5563,11 @@ CVE-2022-45012 (A cross-site scripting (XSS) vulnerability in the Modify Page mo
CVE-2022-45011
RESERVED
CVE-2022-45010 (Simple Phone Book/Directory Web App v1.0 was discovered to contain a S ...)
- TODO: check
+ NOT-FOR-US: Simple Phone Book/Directory Web App
CVE-2022-45009 (Online Leave Management System v1.0 was discovered to contain an arbit ...)
- TODO: check
+ NOT-FOR-US: Online Leave Management System
CVE-2022-45008 (Online Leave Management System v1.0 was discovered to contain a stored ...)
- TODO: check
+ NOT-FOR-US: Online Leave Management System
CVE-2022-45007
RESERVED
CVE-2022-45006
@@ -8228,7 +8228,7 @@ CVE-2022-44395
CVE-2022-44394
RESERVED
CVE-2022-44393 (Sanitization Management System v1.0 is vulnerable to SQL Injection via ...)
- TODO: check
+ NOT-FOR-US: Sanitization Management System
CVE-2022-44392
RESERVED
CVE-2022-44391
@@ -8292,7 +8292,7 @@ CVE-2022-44363 (Tenda i21 V1.0.0.14(4656) is vulnerable to Buffer Overflow via /
CVE-2022-44362 (Tenda i21 V1.0.0.14(4656) is vulnerable to Buffer Overflow via /goform ...)
NOT-FOR-US: Tenda
CVE-2022-44361 (An issue was discovered in ZZCMS 2022. There is a cross-site scripting ...)
- TODO: check
+ NOT-FOR-US: ZZCMS
CVE-2022-44360
RESERVED
CVE-2022-44359
@@ -8312,7 +8312,7 @@ CVE-2022-44353
CVE-2022-44352
RESERVED
CVE-2022-44351 (Skycaiji v2.5.1 was discovered to contain a deserialization vulnerabil ...)
- TODO: check
+ NOT-FOR-US: Skycaiji
CVE-2022-44350
RESERVED
CVE-2022-44349
@@ -8708,7 +8708,7 @@ CVE-2022-44155
CVE-2022-44154
RESERVED
CVE-2022-44153 (Rapid Software LLC Rapid SCADA 5.8.4 is vulnerable to Cross Site Scrip ...)
- TODO: check
+ NOT-FOR-US: Rapid Software LLC Rapid SCADA
CVE-2022-44152
RESERVED
CVE-2022-44151 (Simple Inventory Management System v1.0 is vulnerable to SQL Injection ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8e63ca8b7beb63ab8014d431f726c5ff569871de
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8e63ca8b7beb63ab8014d431f726c5ff569871de
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221209/b0fde4b9/attachment.htm>
More information about the debian-security-tracker-commits
mailing list