[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Wed Dec 21 16:00:55 GMT 2022
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
4e920431 by Moritz Muehlenhoff at 2022-12-21T17:00:32+01:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -529,7 +529,7 @@ CVE-2022-47637
CVE-2022-47636
RESERVED
CVE-2022-47635 (Wildix WMS 6 before 6.02.20221216, WMS 5 before 5.04.20221214, and WMS ...)
- TODO: check
+ NOT-FOR-US: Wildix CMS
CVE-2022-47634
RESERVED
CVE-2022-47633
@@ -649,13 +649,13 @@ CVE-2022-4619 (The Sidebar Widgets by CodeLights plugin for WordPress is vulnera
CVE-2022-4618
RESERVED
CVE-2022-4617 (Cross-site Scripting (XSS) - Reflected in GitHub repository microweber ...)
- TODO: check
+ NOT-FOR-US: microweber
CVE-2022-47579
RESERVED
CVE-2022-47578 (An issue was discovered in the endpoint protection agent in Zoho Manag ...)
- TODO: check
+ NOT-FOR-US: Zoho
CVE-2022-47577 (An issue was discovered in the endpoint protection agent in Zoho Manag ...)
- TODO: check
+ NOT-FOR-US: Zoho
CVE-2022-4616
RESERVED
CVE-2023-22275
@@ -3708,15 +3708,15 @@ CVE-2022-46916
CVE-2022-46915
RESERVED
CVE-2022-46914 (An issue in the firmware update process of TP-LINK TL-WA801N / TL-WA80 ...)
- TODO: check
+ NOT-FOR-US: TP-LINK
CVE-2022-46913
RESERVED
CVE-2022-46912 (An issue in the firmware update process of TP-Link TL-WR841N / TL-WA84 ...)
- TODO: check
+ NOT-FOR-US: TP-LINK
CVE-2022-46911
RESERVED
CVE-2022-46910 (An issue in the firmware update process of TP-Link TL-WA901ND V1 up to ...)
- TODO: check
+ NOT-FOR-US: TP-LINK
CVE-2022-46909
RESERVED
CVE-2022-4429
@@ -4788,7 +4788,7 @@ CVE-2022-46611
CVE-2022-46610
RESERVED
CVE-2022-46609 (Python3-RESTfulAPI commit d9907f14e9e25dcdb54f5b22252b0e9452e3970e and ...)
- TODO: check
+ NOT-FOR-US: backdoored Python3-RESTfulAPI package
CVE-2022-46608
RESERVED
CVE-2022-46607
@@ -5136,21 +5136,21 @@ CVE-2022-46437
CVE-2022-46436
RESERVED
CVE-2022-46435 (An issue in the firmware update process of TP-Link TL-WR941ND V2/V3 up ...)
- TODO: check
+ NOT-FOR-US: TP-LINK
CVE-2022-46434 (An issue in the firmware update process of TP-Link TL-WA7510N v1 v3.12 ...)
- TODO: check
+ NOT-FOR-US: TP-LINK
CVE-2022-46433
RESERVED
CVE-2022-46432 (An exploitable firmware modification vulnerability was discovered on T ...)
- TODO: check
+ NOT-FOR-US: TP-LINK
CVE-2022-46431
RESERVED
CVE-2022-46430 (TP-Link TL-WR740N V1 and V2 v3.12.4 and earlier allows authenticated a ...)
- TODO: check
+ NOT-FOR-US: TP-LINK
CVE-2022-46429
RESERVED
CVE-2022-46428 (TP-Link TL-WR1043ND V1 3.13.15 and earlier allows authenticated attack ...)
- TODO: check
+ NOT-FOR-US: TP-LINK
CVE-2022-46427
RESERVED
CVE-2022-46426
@@ -5158,11 +5158,11 @@ CVE-2022-46426
CVE-2022-46425
RESERVED
CVE-2022-46424 (An exploitable firmware modification vulnerability was discovered on t ...)
- TODO: check
+ NOT-FOR-US: Netgear
CVE-2022-46423 (An exploitable firmware modification vulnerability was discovered on t ...)
- TODO: check
+ NOT-FOR-US: Netgear
CVE-2022-46422 (An issue in Netgear WNR2000 v1 1.2.3.7 and earlier allows authenticate ...)
- TODO: check
+ NOT-FOR-US: Netgear
CVE-2022-43486 (Hidden functionality vulnerability in Buffalo network devices WSR-3200 ...)
NOT-FOR-US: Buffalo network devices
CVE-2022-43466 (Buffalo network devices WSR-3200AX4S firmware Ver. 1.26 and earlier, W ...)
@@ -5190,7 +5190,7 @@ CVE-2022-4289
CVE-2022-4288
RESERVED
CVE-2022-4287 (Authentication bypass in local application lock feature in Devolutions ...)
- TODO: check
+ NOT-FOR-US: Devolutions Remote Desktop Manager
CVE-2022-4286
RESERVED
CVE-2022-4285
@@ -5774,43 +5774,43 @@ CVE-2022-46333 (The admin user interface in Proofpoint Enterprise Protection (PP
CVE-2022-46332 (The Admin Smart Search feature in Proofpoint Enterprise Protection (PP ...)
NOT-FOR-US: Proofpoint
CVE-2022-46328 (Some smartphones have the input validation vulnerability. Successful e ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2022-46327 (Some smartphones have configuration issues. Successful exploitation of ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2022-46326 (Some smartphones have the out-of-bounds write vulnerability. Successfu ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2022-46325 (Some smartphones have the out-of-bounds write vulnerability.Successful ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2022-46324 (Some smartphones have the out-of-bounds write vulnerability. Successfu ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2022-46323 (Some smartphones have the out-of-bounds write vulnerability.Successful ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2022-46322 (Some smartphones have the out-of-bounds write vulnerability. Successfu ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2022-46321 (The Wi-Fi module has a vulnerability in permission verification. Succe ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2022-46320 (The kernel module has an out-of-bounds read vulnerability. Successful ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2022-46319 (Fingerprint calibration has a vulnerability of lacking boundary judgme ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2022-46318 (The HAware module has a function logic error. Successful exploitation ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2022-46317 (The power consumption module has an out-of-bounds read vulnerability. ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2022-46316 (A thread security vulnerability exists in the authentication process. ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2022-46315 (The ProfileSDK has defects introduced in the design process. Successfu ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2022-46314 (The IPC module has defects introduced in the design process. Successfu ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2022-46313 (The sensor privacy module has an authentication vulnerability. Success ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2022-46312 (The application management module has a vulnerability in permission ve ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2022-46311 (The contacts component has a free (undefined) provider vulnerability. ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2022-46310 (The TelephonyProvider module has a vulnerability in obtaining values.S ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2022-46281
RESERVED
CVE-2022-4207 (The Image Hover Effects Ultimate plugin for WordPress is vulnerable to ...)
@@ -5829,7 +5829,7 @@ CVE-2022-4202 (A vulnerability, which was classified as problematic, was found i
- gpac <undetermined>
TODO: check details
CVE-2021-46856 (The multi-screen collaboration module has a path traversal vulnerabili ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2022-46338 (g810-led 0.4.2, a LED configuration tool for Logitech Gx10 keyboards, ...)
{DLA-3217-1}
- g810-led 0.4.2-3 (bug #1024998)
@@ -6363,7 +6363,7 @@ CVE-2022-4148
CVE-2022-4147 (Quarkus CORS filter allows simple GET and POST requests with invalid O ...)
NOT-FOR-US: Quarkus
CVE-2022-46139 (TP-Link TL-WR940N V4 3.16.9 and earlier allows authenticated attackers ...)
- TODO: check
+ NOT-FOR-US: TP-LINK
CVE-2022-46138
RESERVED
CVE-2022-46137 (AeroCMS v0.0.1 is vulnerable to Directory Traversal. The impact is: ob ...)
@@ -6489,7 +6489,7 @@ CVE-2022-46078
CVE-2022-46077
RESERVED
CVE-2022-46076 (D-Link DIR-869 DIR869Ax_FW102B15 is vulnerable to Authentication Bypas ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2022-46075
RESERVED
CVE-2022-46074 (Helmet Store Showroom 1.0 is vulnerable to Cross Site Request Forgery ...)
@@ -6601,7 +6601,7 @@ CVE-2022-46022
CVE-2022-46021
RESERVED
CVE-2022-46020 (WBCE CMS v1.5.4 can implement getshell by modifying the upload file ty ...)
- TODO: check
+ NOT-FOR-US: WBCE CMS
CVE-2022-46019
RESERVED
CVE-2022-46018
@@ -6757,7 +6757,7 @@ CVE-2022-45944
CVE-2022-45943
RESERVED
CVE-2022-45942 (A Remote Code Execution (RCE) vulnerability was found in includes/baij ...)
- TODO: check
+ NOT-FOR-US: baijiacms
CVE-2022-45941
RESERVED
CVE-2022-45940
@@ -10226,7 +10226,7 @@ CVE-2022-44758
CVE-2022-44757
RESERVED
CVE-2022-44756 (Insights for Vulnerability Remediation (IVR) is vulnerable to improper ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2022-44755 (IBM Notes is susceptible to a stack based buffer overflow vulnerabilit ...)
NOT-FOR-US: IBM
CVE-2022-44754 (IBM Domino is susceptible to a stack based buffer overflow vulnerabili ...)
@@ -11532,7 +11532,7 @@ CVE-2022-3848 (The WP User Merger WordPress plugin before 1.5.3 does not properl
CVE-2022-3847 (The Showing URL in QR Code WordPress plugin through 0.0.1 does not hav ...)
NOT-FOR-US: WordPress plugin
CVE-2022-44643 (A vulnerability in the label-based access control of Grafana Labs Graf ...)
- TODO: check
+ NOT-FOR-US: Grafana Labs Grafana Enterprise Metrics
CVE-2022-44642
RESERVED
CVE-2022-44641 (In Linaro Automated Validation Architecture (LAVA) before 2022.11, use ...)
@@ -12105,7 +12105,7 @@ CVE-2022-44490
CVE-2022-44489
RESERVED
CVE-2022-44488 (Adobe Experience Manager version 6.5.14 (and earlier) is affected by a ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2022-44487
RESERVED
CVE-2022-44486
@@ -12133,29 +12133,29 @@ CVE-2022-44476
CVE-2022-44475
RESERVED
CVE-2022-44474 (Adobe Experience Manager version 6.5.14 (and earlier) is affected by a ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2022-44473 (Adobe Experience Manager version 6.5.14 (and earlier) is affected by a ...)
NOT-FOR-US: Adobe
CVE-2022-44472
RESERVED
CVE-2022-44471 (Adobe Experience Manager version 6.5.14 (and earlier) is affected by a ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2022-44470 (Adobe Experience Manager version 6.5.14 (and earlier) is affected by a ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2022-44469 (Adobe Experience Manager version 6.5.14 (and earlier) is affected by a ...)
NOT-FOR-US: Adobe
CVE-2022-44468 (Adobe Experience Manager version 6.5.14 (and earlier) is affected by a ...)
NOT-FOR-US: Adobe
CVE-2022-44467 (Adobe Experience Manager version 6.5.14 (and earlier) is affected by a ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2022-44466 (Adobe Experience Manager version 6.5.14 (and earlier) is affected by a ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2022-44465 (Adobe Experience Manager version 6.5.14 (and earlier) is affected by a ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2022-44464
RESERVED
CVE-2022-44463 (Adobe Experience Manager version 6.5.14 (and earlier) is affected by a ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2022-44462 (Adobe Experience Manager version 6.5.14 (and earlier) is affected by a ...)
NOT-FOR-US: Adobe
CVE-2022-44461
@@ -12916,9 +12916,9 @@ CVE-2022-44111
CVE-2022-44110
RESERVED
CVE-2022-44109 (pdftojson commit 94204bb was discovered to contain a stack overflow vi ...)
- TODO: check
+ NOT-FOR-US: pdftojson
CVE-2022-44108 (pdftojson commit 94204bb was discovered to contain a stack overflow vi ...)
- TODO: check
+ NOT-FOR-US: pdftojson
CVE-2022-44107
RESERVED
CVE-2022-44106
@@ -13195,9 +13195,9 @@ CVE-2022-43984 (Browsershot version 3.57.3 allows an external attacker to remote
CVE-2022-43983 (Browsershot version 3.57.2 allows an external attacker to remotely obt ...)
NOT-FOR-US: Browsershot
CVE-2022-3752 (An unauthorized user could use a specially crafted sequence of Etherne ...)
- TODO: check
+ NOT-FOR-US: Rockwell
CVE-2022-3751 (SQL Injection in GitHub repository owncast/owncast prior to 0.0.13. ...)
- TODO: check
+ NOT-FOR-US: Owncast
CVE-2022-43982 (In Apache Airflow versions prior to 2.4.2, the "Trigger DAG with confi ...)
- airflow <itp> (bug #819700)
CVE-2022-43981
@@ -16889,7 +16889,7 @@ CVE-2022-43291 (Canteen Management System v1.0 was discovered to contain a SQL i
CVE-2022-43290 (Canteen Management System v1.0 was discovered to contain a SQL injecti ...)
NOT-FOR-US: Canteen Management System
CVE-2022-43289 (Deark v.1.6.2 was discovered to contain a stack overflow via the do_pr ...)
- TODO: check
+ NOT-FOR-US: Deark
CVE-2022-43288 (Rukovoditel v3.2.1 was discovered to contain a SQL injection vulnerabi ...)
NOT-FOR-US: Rukovoditel
CVE-2022-43287
@@ -17798,17 +17798,17 @@ CVE-2022-42951
CVE-2022-42950
RESERVED
CVE-2022-42949 (Silverstripe silverstripe/subsites through 2.6.0 has Insecure Permissi ...)
- TODO: check
+ NOT-FOR-US: Silverstripe
CVE-2017-20149 (The Mikrotik RouterOS web server allows memory corruption in releases ...)
NOT-FOR-US: Mikrotik
CVE-2022-42948
RESERVED
CVE-2022-42947 (A maliciously crafted X_B file when parsed through Autodesk Maya 2023 ...)
- TODO: check
+ NOT-FOR-US: Autodesk
CVE-2022-42946 (Parsing a maliciously crafted X_B and PRT file can force Autodesk Maya ...)
- TODO: check
+ NOT-FOR-US: Autodesk
CVE-2022-42945 (DWG TrueViewTM 2023 version has a DLL Search Order Hijacking vulnerabi ...)
- TODO: check
+ NOT-FOR-US: Autodesk
CVE-2022-42944 (A malicious crafted dwf or .pct file when consumed through DesignRevie ...)
NOT-FOR-US: Autodesk
CVE-2022-42943 (A malicious crafted dwf or .pct file when consumed through DesignRevie ...)
@@ -19235,9 +19235,9 @@ CVE-2022-42456
CVE-2022-42455
RESERVED
CVE-2022-42454 (Insights for Vulnerability Remediation (IVR) is vulnerable to man-in-t ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2022-42453 (There are insufficient warnings when a Fixlet is imported by a user. T ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2022-42452
RESERVED
CVE-2022-42451
@@ -19411,13 +19411,13 @@ CVE-2022-42367 (Adobe Experience Manager version 6.5.14 (and earlier) is affecte
CVE-2022-42366 (Adobe Experience Manager version 6.5.14 (and earlier) is affected by a ...)
NOT-FOR-US: Adobe
CVE-2022-42365 (Adobe Experience Manager version 6.5.14 (and earlier) is affected by a ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2022-42364 (Adobe Experience Manager version 6.5.14 (and earlier) is affected by a ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2022-42363
RESERVED
CVE-2022-42362 (Adobe Experience Manager version 6.5.14 (and earlier) is affected by a ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2022-42361
RESERVED
CVE-2022-42360 (Adobe Experience Manager version 6.5.14 (and earlier) is affected by a ...)
@@ -19427,31 +19427,31 @@ CVE-2022-42359
CVE-2022-42358
RESERVED
CVE-2022-42357 (Adobe Experience Manager version 6.5.14 (and earlier) is affected by a ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2022-42356 (Adobe Experience Manager version 6.5.14 (and earlier) is affected by a ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2022-42355
RESERVED
CVE-2022-42354 (Adobe Experience Manager version 6.5.14 (and earlier) is affected by a ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2022-42353
RESERVED
CVE-2022-42352 (Adobe Experience Manager version 6.5.14 (and earlier) is affected by a ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2022-42351 (Adobe Experience Manager version 6.5.14 (and earlier) is affected by a ...)
NOT-FOR-US: Adobe
CVE-2022-42350 (Adobe Experience Manager version 6.5.14 (and earlier) is affected by a ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2022-42349 (Adobe Experience Manager version 6.5.14 (and earlier) is affected by a ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2022-42348 (Adobe Experience Manager version 6.5.14 (and earlier) is affected by a ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2022-42347
RESERVED
CVE-2022-42346 (Adobe Experience Manager version 6.5.14 (and earlier) is affected by a ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2022-42345 (Adobe Experience Manager version 6.5.14 (and earlier) is affected by a ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2022-42344 (Adobe Commerce versions 2.4.3-p2 (and earlier), 2.3.7-p3 (and earlier) ...)
NOT-FOR-US: Adobe
CVE-2022-42343 (Adobe Campaign version 7.3.1 (and earlier) and 8.3.9 (and earlier) are ...)
@@ -20302,7 +20302,7 @@ CVE-2022-42048
CVE-2022-42047
RESERVED
CVE-2022-42046 (WFS, Inc HeavenBurnsRed 2020.3.15.7141260 is vulnerable to Local Privi ...)
- TODO: check
+ NOT-FOR-US: HeavenBurnsRed
CVE-2022-42045
RESERVED
CVE-2022-42044 (The d8s-asns package for Python, as distributed on PyPI, included a po ...)
@@ -20525,11 +20525,11 @@ CVE-2022-41951
CVE-2022-41950 (super-xray is the GUI alternative for vulnerability scanning tool xray ...)
NOT-FOR-US: super-xray
CVE-2022-41949 (DHIS 2 is an open source information system for data capture, manageme ...)
- TODO: check
+ NOT-FOR-US: DHIS
CVE-2022-41948 (DHIS 2 is an open source information system for data capture, manageme ...)
- TODO: check
+ NOT-FOR-US: DHIS
CVE-2022-41947 (DHIS 2 is an open source information system for data capture, manageme ...)
- TODO: check
+ NOT-FOR-US: DHIS
CVE-2022-41946 (pgjdbc is an open source postgresql JDBC Driver. In affected versions ...)
{DLA-3218-1}
- libpgjava 42.5.1-1
@@ -21352,13 +21352,13 @@ CVE-2022-41601 (The phones have the heap overflow, out-of-bounds read, and null
CVE-2022-41600 (The phones have the heap overflow, out-of-bounds read, and null pointe ...)
NOT-FOR-US: Huawei
CVE-2022-41599 (The system service has a vulnerability that causes incorrect return va ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2022-41598 (The phones have the heap overflow, out-of-bounds read, and null pointe ...)
NOT-FOR-US: Huawei
CVE-2022-41597 (The phones have the heap overflow, out-of-bounds read, and null pointe ...)
NOT-FOR-US: Huawei
CVE-2022-41596 (The system tool has inconsistent serialization and deserialization. Su ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2022-41595 (The phones have the heap overflow, out-of-bounds read, and null pointe ...)
NOT-FOR-US: Huawei
CVE-2022-41594 (The phones have the heap overflow, out-of-bounds read, and null pointe ...)
@@ -21368,9 +21368,9 @@ CVE-2022-41593 (The phones have the heap overflow, out-of-bounds read, and null
CVE-2022-41592 (The phones have the heap overflow, out-of-bounds read, and null pointe ...)
NOT-FOR-US: Huawei
CVE-2022-41591 (The backup module has a path traversal vulnerability. Successful explo ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2022-41590 (Some smartphones have authentication-related (including session manage ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2022-41589 (The DFX unwind stack module of the ArkCompiler has a vulnerability in ...)
NOT-FOR-US: Huawei
CVE-2022-41588 (The home screen module has a vulnerability in service logic processing ...)
@@ -21960,7 +21960,7 @@ CVE-2022-41420 (nasm v2.16 was discovered to contain a stack overflow in the Ndi
CVE-2022-41419 (Bento4 v1.6.0-639 was discovered to contain a memory leak via the AP4_ ...)
NOT-FOR-US: Bento4
CVE-2022-41418 (An issue in the component BlogEngine/BlogEngine.NET/AppCode/Api/Upload ...)
- TODO: check
+ NOT-FOR-US: BlogEngine.NET
CVE-2022-41417
RESERVED
CVE-2022-41416 (Online Tours & Travels Management System v1.0 was discovered to co ...)
@@ -22436,7 +22436,7 @@ CVE-2022-3262 (A flaw was found in Openshift. A pod with a DNSPolicy of "Cluster
CVE-2022-3261
RESERVED
CVE-2022-3260 (The response header has not enabled X-FRAME-OPTIONS, Which helps preve ...)
- TODO: check
+ NOT-FOR-US: Openshift
CVE-2022-3259 (Openshift 4.9 does not use HTTP Strict Transport Security (HSTS) which ...)
NOT-FOR-US: Openshift
CVE-2022-3258 (Incorrect Permission Assignment for Critical Resource vulnerability in ...)
@@ -23968,7 +23968,7 @@ CVE-2022-40626 (An unauthenticated user can create a link with reflected Javascr
CVE-2022-40625
RESERVED
CVE-2022-40624 (pfSense pfBlockerNG through 2.1.4_27 allows remote attackers to execut ...)
- TODO: check
+ NOT-FOR-US: pfSense
CVE-2022-40623 (The WAVLINK Quantum D4G (WN531G3) running firmware version M31G3.V5030 ...)
NOT-FOR-US: WAVLINK
CVE-2022-40622 (The WAVLINK Quantum D4G (WN531G3) running firmware version M31G3.V5030 ...)
@@ -24402,9 +24402,9 @@ CVE-2022-40437
CVE-2022-40436
RESERVED
CVE-2022-40435 (Employee Performance Evaluation System v1.0 was discovered to contain ...)
- TODO: check
+ NOT-FOR-US: Employee Performance Evaluation System
CVE-2022-40434 (Softr v2.0 was discovered to be vulnerable to HTML injection via the N ...)
- TODO: check
+ NOT-FOR-US: Softr
CVE-2022-40433
RESERVED
CVE-2022-40432 (The d8s-strings for python, as distributed on PyPI, included a potenti ...)
@@ -24947,7 +24947,7 @@ CVE-2022-36295
CVE-2022-3167 (Improper Restriction of Rendered UI Layers or Frames in GitHub reposit ...)
- rdiffweb <itp> (bug #969974)
CVE-2022-3166 (Rockwell Automation was made aware that the webservers of the Microlog ...)
- TODO: check
+ NOT-FOR-US: Rockwell
CVE-2022-3165 (An integer underflow issue was found in the QEMU VNC server while proc ...)
- qemu 1:7.2+dfsg-1 (bug #1021019)
[bullseye] - qemu <not-affected> (Vulnerable code introduced later)
@@ -25004,7 +25004,7 @@ CVE-2022-3159
CVE-2022-3158 (Rockwell Automation FactoryTalk VantagePoint versions 8.0, 8.10, 8.20, ...)
NOT-FOR-US: Rockwell Automation
CVE-2022-3157 (A vulnerability exists in the Rockwell Automation controllers that all ...)
- TODO: check
+ NOT-FOR-US: Rockwell
CVE-2022-3156
RESERVED
CVE-2022-40175
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4e920431127c41abd4ac0a57854a4e1201adb38d
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4e920431127c41abd4ac0a57854a4e1201adb38d
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221221/856c4958/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list