[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Dec 13 21:12:57 GMT 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
214336c4 by Salvatore Bonaccorso at 2022-12-13T22:12:29+01:00
Process NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -5139,7 +5139,7 @@ CVE-2022-45486
CVE-2022-45485
RESERVED
CVE-2022-45484 (A vulnerability has been identified in JT2Go (All versions), Teamcente ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2022-4105 (A stored XSS in a kiwi Test Plan can run malicious javascript which co ...)
NOT-FOR-US: kiwi Test Plan
CVE-2022-4104 (A loop with an unreachable exit condition can be triggered by passing ...)
@@ -5155,7 +5155,7 @@ CVE-2022-4100
CVE-2022-4099
RESERVED
CVE-2022-4098 (Multiple Wiesemann&Theis products of the ComServer Series are pron ...)
- TODO: check
+ NOT-FOR-US: Wiesemann&Theis products of ComServer Series
CVE-2022-4097 (The All-In-One Security (AIOS) WordPress plugin before 5.0.8 is suscep ...)
NOT-FOR-US: WordPress plugin
CVE-2022-4096 (Server-Side Request Forgery (SSRF) in GitHub repository appsmithorg/ap ...)
@@ -6126,7 +6126,7 @@ CVE-2022-45277
CVE-2022-45276 (An issue in the /index/user/user_edit.html component of YJCMS v1.0.9 a ...)
NOT-FOR-US: YJCMS
CVE-2022-45275 (An arbitrary file upload vulnerability in /queuing/admin/ajax.php?acti ...)
- TODO: check
+ NOT-FOR-US: Dynamic Transaction Queuing System
CVE-2022-45274
RESERVED
CVE-2022-45273
@@ -6220,9 +6220,9 @@ CVE-2022-45230
CVE-2022-45229
RESERVED
CVE-2022-45228 (Dragino Lora LG01 18ed40 IoT v4.3.4 was discovered to contain a Cross- ...)
- TODO: check
+ NOT-FOR-US: Dragino Lora LG01 18ed40 IoT
CVE-2022-45227 (The web portal of Dragino Lora LG01 18ed40 IoT v4.3.4 has the director ...)
- TODO: check
+ NOT-FOR-US: Dragino Lora LG01 18ed40 IoT
CVE-2022-45226
RESERVED
CVE-2022-45225 (Book Store Management System v1.0 was discovered to contain a cross-si ...)
@@ -6635,7 +6635,7 @@ CVE-2022-41808
CVE-2022-41659
RESERVED
CVE-2022-3921 (The Listingo WordPress theme before 3.2.7 does not validate files to b ...)
- TODO: check
+ NOT-FOR-US: Listingo WordPress theme
CVE-2022-3920 (HashiCorp Consul and Consul Enterprise 1.13.0 up to 1.13.3 do not filt ...)
- consul <undetermined>
NOTE: https://discuss.hashicorp.com/t/hcsec-2022-28-consul-cluster-peering-leaks-imported-nodes-services-information/46946
@@ -6891,7 +6891,7 @@ CVE-2022-3885 (Use after free in V8 in Google Chrome prior to 107.0.5304.106 all
CVE-2022-3884
RESERVED
CVE-2022-45044 (A vulnerability has been identified in SIPROTEC 5 6MD85 devices (CPU v ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2022-3883 (The Block Bad Bots and Stop Bad Bots Crawlers and Spiders and Anti Spa ...)
NOT-FOR-US: WordPress plugin
CVE-2022-3882 (The Memory Usage, Memory Limit, PHP and Server Memory Health Check and ...)
@@ -6952,7 +6952,7 @@ CVE-2022-45030
CVE-2022-45029
RESERVED
CVE-2022-45028 (A cross-site scripting (XSS) vulnerability in Arris NVG443B 9.3.0h3d36 ...)
- TODO: check
+ NOT-FOR-US: Arris
CVE-2022-45027
RESERVED
CVE-2022-45026 (An issue in Markdown Preview Enhanced v0.6.5 and v0.19.6 for VSCode an ...)
@@ -6998,7 +6998,7 @@ CVE-2022-45007
CVE-2022-45006
RESERVED
CVE-2022-45005 (IP-COM EW9 V15.11.0.14(9732) was discovered to contain a command injec ...)
- TODO: check
+ NOT-FOR-US: IP-COM EW9
CVE-2022-45004
RESERVED
CVE-2022-45003
@@ -7625,7 +7625,7 @@ CVE-2022-44749 (A directory traversal vulnerability in the ZIP archive extractio
CVE-2022-44748 (A directory traversal vulnerability in the ZIP archive extraction rout ...)
NOT-FOR-US: KNIME
CVE-2022-44731 (A vulnerability has been identified in SIMATIC WinCC OA V3.15 (All ver ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2022-44730
RESERVED
CVE-2022-44729
@@ -8678,59 +8678,59 @@ CVE-2023-20904
CVE-2022-44714
RESERVED
CVE-2022-44713 (Microsoft Outlook for Mac Spoofing Vulnerability. ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-44712
RESERVED
CVE-2022-44711
RESERVED
CVE-2022-44710 (DirectX Graphics Kernel Elevation of Privilege Vulnerability. ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-44709
RESERVED
CVE-2022-44708 (Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-44707 (Windows Kernel Denial of Service Vulnerability. ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-44706
RESERVED
CVE-2022-44705
RESERVED
CVE-2022-44704 (Microsoft Windows Sysmon Elevation of Privilege Vulnerability. ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-44703
RESERVED
CVE-2022-44702 (Windows Terminal Remote Code Execution Vulnerability. ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-44701
RESERVED
CVE-2022-44700
RESERVED
CVE-2022-44699 (Azure Network Watcher Agent Security Feature Bypass Vulnerability. ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-44698 (Windows SmartScreen Security Feature Bypass Vulnerability. ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-44697 (Windows Graphics Component Elevation of Privilege Vulnerability. This ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-44696 (Microsoft Office Visio Remote Code Execution Vulnerability. This CVE I ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-44695 (Microsoft Office Visio Remote Code Execution Vulnerability. This CVE I ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-44694 (Microsoft Office Visio Remote Code Execution Vulnerability. This CVE I ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-44693 (Microsoft SharePoint Server Remote Code Execution Vulnerability. This ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-44692 (Microsoft Office Graphics Remote Code Execution Vulnerability. This CV ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-44691 (Microsoft Office OneNote Remote Code Execution Vulnerability. ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-44690 (Microsoft SharePoint Server Remote Code Execution Vulnerability. This ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-44689 (Windows Subsystem for Linux (WSL2) Kernel Elevation of Privilege Vulne ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-44688 (Microsoft Edge (Chromium-based) Spoofing Vulnerability. ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-44687 (Raw Image Extension Remote Code Execution Vulnerability. ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-44686
RESERVED
CVE-2022-44685
@@ -8738,41 +8738,41 @@ CVE-2022-44685
CVE-2022-44684
RESERVED
CVE-2022-44683 (Windows Kernel Elevation of Privilege Vulnerability. ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-44682 (Windows Hyper-V Denial of Service Vulnerability. ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-44681 (Windows Print Spooler Elevation of Privilege Vulnerability. This CVE I ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-44680 (Windows Graphics Component Elevation of Privilege Vulnerability. This ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-44679 (Windows Graphics Component Information Disclosure Vulnerability. This ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-44678 (Windows Print Spooler Elevation of Privilege Vulnerability. This CVE I ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-44677 (Windows Projected File System Elevation of Privilege Vulnerability. ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-44676 (Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-44675 (Windows Bluetooth Driver Elevation of Privilege Vulnerability. ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-44674 (Windows Bluetooth Driver Information Disclosure Vulnerability. ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-44673 (Windows Client Server Run-Time Subsystem (CSRSS) Elevation of Privileg ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-44672
RESERVED
CVE-2022-44671 (Windows Graphics Component Elevation of Privilege Vulnerability. This ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-44670 (Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-44669 (Windows Error Reporting Elevation of Privilege Vulnerability. ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-44668 (Windows Media Remote Code Execution Vulnerability. This CVE ID is uniq ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-44667 (Windows Media Remote Code Execution Vulnerability. This CVE ID is uniq ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-44666 (Windows Contacts Remote Code Execution Vulnerability. ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-44665
RESERVED
CVE-2022-3855
@@ -8864,7 +8864,7 @@ CVE-2022-44637 (Redmine before 4.2.9 and 5.0.x before 5.0.4 allows persistent XS
- redmine <unfixed> (bug #1026048)
NOTE: https://www.redmine.org/projects/redmine/wiki/Security_Advisories
CVE-2022-44636 (The Samsung TV (2021 and 2022 model) smart remote control allows attac ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-3846 (The Workreap WordPress theme before 2.6.3 has a vulnerability with the ...)
NOT-FOR-US: WordPress theme
CVE-2022-3845 (A vulnerability has been found in phpipam and classified as problemati ...)
@@ -9164,7 +9164,7 @@ CVE-2022-44577
CVE-2022-44576 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Agen ...)
NOT-FOR-US: WordPress plugin
CVE-2022-44575 (A vulnerability has been identified in PLM Help Server V4.2 (All versi ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2022-44574
RESERVED
CVE-2022-44573
@@ -9834,7 +9834,7 @@ CVE-2022-44305
CVE-2022-44304
RESERVED
CVE-2022-44303 (Resque Scheduler version 1.27.4 is vulnerable to Cross-site scripting ...)
- TODO: check
+ NOT-FOR-US: Resque Scheduler
CVE-2022-44302
RESERVED
CVE-2022-44301
@@ -12914,11 +12914,11 @@ CVE-2022-43726
CVE-2022-43725
RESERVED
CVE-2022-43724 (A vulnerability has been identified in SICAM PAS/PQS (All versions < ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2022-43723 (A vulnerability has been identified in SICAM PAS/PQS (All versions < ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2022-43722 (A vulnerability has been identified in SICAM PAS/PQS (All versions < ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2022-43721
RESERVED
CVE-2022-43720
@@ -13456,7 +13456,7 @@ CVE-2022-43519
CVE-2022-43518 (An authenticated path traversal vulnerability exists in the Aruba Edge ...)
NOT-FOR-US: Aruba
CVE-2022-43517 (A vulnerability has been identified in Simcenter STAR-CCM+ (All versio ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2022-43516 (A Firewall Rule which allows all incoming TCP connections to all progr ...)
TODO: check
CVE-2022-43515 (Zabbix Frontend provides a feature that allows admins to maintain the ...)
@@ -15315,7 +15315,7 @@ CVE-2022-3487
CVE-2022-3486 (An open redirect vulnerability in GitLab EE/CE affecting all versions ...)
- gitlab <unfixed>
CVE-2022-3485 (In IFM Moneo Appliance with version up to 1.9.3 an unauthenticated rem ...)
- TODO: check
+ NOT-FOR-US: IFM Moneo Appliance
CVE-2022-3484 (The WPB Show Core WordPress plugin through TODO does not sanitise and ...)
NOT-FOR-US: WordPress plugin
CVE-2022-3483 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/214336c41d9273e1d27459d482abb9c0247fcae5
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/214336c41d9273e1d27459d482abb9c0247fcae5
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221213/4c34ff50/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list