[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Mon Jul 4 21:40:40 BST 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
d0dad1d2 by Salvatore Bonaccorso at 2022-07-04T22:40:13+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -4536,7 +4536,7 @@ CVE-2022-33173
CVE-2022-33172
RESERVED
CVE-2022-33171 (** DISPUTED ** The findOne function in TypeORM before 0.3.0 can either ...)
- TODO: check
+ NOT-FOR-US: TypeORM
CVE-2022-33170
RESERVED
CVE-2022-33169
@@ -4832,11 +4832,11 @@ CVE-2022-33025 (LibreDWG v0.12.4.4608 was discovered to contain a heap-use-after
CVE-2022-33024 (There is an Assertion `int decode_preR13_entities(BITCODE_RL, BITCODE_ ...)
- libredwg <itp> (bug #595191)
CVE-2022-33023 (CVA6 commit 909d85a gives incorrect permission to use special multipli ...)
- TODO: check
+ NOT-FOR-US: CVA6
CVE-2022-33022
RESERVED
CVE-2022-33021 (CVA6 commit 909d85a accesses invalid memory when reading the value of ...)
- TODO: check
+ NOT-FOR-US: CVA6
CVE-2022-33020
RESERVED
CVE-2022-33019
@@ -4910,7 +4910,7 @@ CVE-2022-32990 (An issue in gimp_layer_invalidate_boundary of GNOME GIMP 2.10.30
CVE-2022-32989
RESERVED
CVE-2022-32988 (Cross Site Scripting (XSS) vulnerability in router Asus DSL-N14U-B1 1. ...)
- TODO: check
+ NOT-FOR-US: Asus
CVE-2022-32987 (Multiple cross-site scripting (XSS) vulnerabilities in /bsms/?page=man ...)
NOT-FOR-US: Simple Bakery Shop Management System
CVE-2022-32986
@@ -13630,7 +13630,7 @@ CVE-2022-29898 (On various RAD-ISM-900-EN-* devices by PHOENIX CONTACT an admin
CVE-2022-29897 (On various RAD-ISM-900-EN-* devices by PHOENIX CONTACT an admin user c ...)
NOT-FOR-US: RAD-ISM-900-EN
CVE-2022-29892 (Improper input validation vulnerability in Space of Cybozu Garoon 4.0. ...)
- TODO: check
+ NOT-FOR-US: Cybozu
CVE-2022-29885 (The documentation of Apache Tomcat 10.1.0-M1 to 10.1.0-M14, 10.0.0-M1 ...)
- tomcat9 9.0.63-1
[bullseye] - tomcat9 <postponed> (Minor issue)
@@ -13668,33 +13668,33 @@ CVE-2022-29872 (A vulnerability has been identified in SICAM P850 (All versions
CVE-2022-29518 (Screen Creator Advance2, HMI GC-A2 series, and Real time remote monito ...)
NOT-FOR-US: Koyo Screen Creator Advance2
CVE-2022-29513 (Cross-site scripting vulnerability in Scheduler of Cybozu Garoon 4.10. ...)
- TODO: check
+ NOT-FOR-US: Cybozu
CVE-2022-29484 (Operation restriction bypass vulnerability in Space of Cybozu Garoon 4 ...)
- TODO: check
+ NOT-FOR-US: Cybozu
CVE-2022-29471 (Browse restriction bypass vulnerability in Bulletin of Cybozu Garoon a ...)
- TODO: check
+ NOT-FOR-US: Cybozu
CVE-2022-29467 (Address information disclosure vulnerability in Cybozu Garoon 4.2.0 to ...)
- TODO: check
+ NOT-FOR-US: Cybozu
CVE-2022-28718 (Operation restriction bypass vulnerability in Bulletin of Cybozu Garoo ...)
- TODO: check
+ NOT-FOR-US: Cybozu
CVE-2022-28713 (Improper authentication vulnerability in Scheduler of Cybozu Garoon 4. ...)
- TODO: check
+ NOT-FOR-US: Cybozu
CVE-2022-28692 (Improper input validation vulnerability in Scheduler of Cybozu Garoon ...)
- TODO: check
+ NOT-FOR-US: Cybozu
CVE-2022-27807 (Improper input validation vulnerability in Link of Cybozu Garoon 4.0.0 ...)
- TODO: check
+ NOT-FOR-US: Cybozu
CVE-2022-27803 (Improper input validation vulnerability in Space of Cybozu Garoon 4.0. ...)
- TODO: check
+ NOT-FOR-US: Cybozu
CVE-2022-27661 (Operation restriction bypass vulnerability in Workflow of Cybozu Garoo ...)
- TODO: check
+ NOT-FOR-US: Cybozu
CVE-2022-27627 (Cross-site scripting vulnerability in Organization's Information of Cy ...)
- TODO: check
+ NOT-FOR-US: Cybozu
CVE-2022-26368 (Browse restriction bypass and operation restriction bypass vulnerabili ...)
- TODO: check
+ NOT-FOR-US: Cybozu
CVE-2022-26054 (Operation restriction bypass vulnerability in Link of Cybozu Garoon 4. ...)
- TODO: check
+ NOT-FOR-US: Cybozu
CVE-2022-26051 (Operation restriction bypass vulnerability in Portal of Cybozu Garoon ...)
- TODO: check
+ NOT-FOR-US: Cybozu
CVE-2022-1525
RESERVED
CVE-2022-1524 (LRM version 2.4 and lower does not implement TLS encryption. A malicio ...)
@@ -18690,7 +18690,7 @@ CVE-2022-28201 [mediawiki: Title::newMainPage() goes into an infinite recursion
NOTE: https://phabricator.wikimedia.org/T297571
NOTE: https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/YJNXKPV5Z56NSUQ4G3SXPDUIZG5EQ7UR/
CVE-2022-28200 (NVIDIA DGX A100 contains a vulnerability in SBIOS in the BiosCfgTool, ...)
- TODO: check
+ NOT-FOR-US: NVIDIA
CVE-2022-28199
RESERVED
CVE-2022-28198 (NVIDIA Omniverse Nucleus and Cache contain a vulnerability in its conf ...)
@@ -19639,7 +19639,7 @@ CVE-2022-27906 (Mendelson OFTP2 before 1.1 b43 is affected by directory traversa
CVE-2022-27905 (In ControlUp Real-Time Agent before 8.6, an unquoted path can result i ...)
NOT-FOR-US: ControlUp Real-Time Agent
CVE-2022-27904 (The Automox Agent installation package before 37 on macOS allows an un ...)
- TODO: check
+ NOT-FOR-US: Automox Agent installation package on macOS
CVE-2022-27903 (An OS Command Injection vulnerability in the configuration parser of E ...)
NOT-FOR-US: EVE-NG Professional
CVE-2022-27902
@@ -24732,7 +24732,7 @@ CVE-2022-26137
CVE-2022-26136
RESERVED
CVE-2022-26135 (A vulnerability in Mobile Plugin for Jira Data Center and Server allow ...)
- TODO: check
+ NOT-FOR-US: Atlassian
CVE-2022-26134 (In affected versions of Confluence Server and Data Center, an OGNL inj ...)
NOT-FOR-US: Atlassian Confluence Server and Data Center
CVE-2022-26133 (SharedSecretClusterAuthenticator in Atlassian Bitbucket Data Center ve ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d0dad1d21d7bab29c25d4d68395c2724cf2fe1b2
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d0dad1d21d7bab29c25d4d68395c2724cf2fe1b2
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220704/1fb19f2c/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list