[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Thu Jul 21 14:37:01 BST 2022
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
8e7d2b2d by Moritz Muehlenhoff at 2022-07-21T15:36:06+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -71,9 +71,9 @@ CVE-2022-36324
CVE-2022-36323
RESERVED
CVE-2022-36322 (In JetBrains TeamCity before 2022.04.2 build parameter injection was p ...)
- TODO: check
+ NOT-FOR-US: JetBrains TeamCity
CVE-2022-36321 (In JetBrains TeamCity before 2022.04.2 the private SSH key could be wr ...)
- TODO: check
+ NOT-FOR-US: JetBrains TeamCity
CVE-2022-36320
RESERVED
CVE-2022-36319
@@ -97,19 +97,19 @@ CVE-2022-2494
CVE-2022-2493
RESERVED
CVE-2022-2492 (A vulnerability was found in SourceCodester Library Management System ...)
- TODO: check
+ NOT-FOR-US: SourceCodester
CVE-2022-2491 (A vulnerability has been found in SourceCodester Library Management Sy ...)
- TODO: check
+ NOT-FOR-US: SourceCodester
CVE-2022-2490 (A vulnerability classified as critical has been found in SourceCodeste ...)
- TODO: check
+ NOT-FOR-US: SourceCodester
CVE-2022-2489 (A vulnerability was found in SourceCodester Simple E-Learning System 1 ...)
- TODO: check
+ NOT-FOR-US: SourceCodester
CVE-2022-2488 (A vulnerability was found in WAVLINK WN535K2 and WN535K3 and classifie ...)
- TODO: check
+ NOT-FOR-US: WAVLINK
CVE-2022-2487 (A vulnerability has been found in WAVLINK WN535K2 and WN535K3 and clas ...)
- TODO: check
+ NOT-FOR-US: WAVLINK
CVE-2022-2486 (A vulnerability, which was classified as critical, was found in WAVLIN ...)
- TODO: check
+ NOT-FOR-US: WAVLINK
CVE-2021-46828 (In libtirpc before 1.3.3rc1, remote attackers could exhaust the file d ...)
TODO: check
CVE-2022-36312
@@ -1914,7 +1914,7 @@ CVE-2022-35571
CVE-2022-35570
RESERVED
CVE-2022-35569 (Blogifier v3.0 was discovered to contain an arbitrary file upload vuln ...)
- TODO: check
+ NOT-FOR-US: Blogifier
CVE-2022-35568
RESERVED
CVE-2022-35567
@@ -2662,7 +2662,7 @@ CVE-2022-35247
CVE-2022-35246
RESERVED
CVE-2022-34866 (Passage Drive versions v1.4.0 to v1.5.1.0 and Passage Drive for Box ve ...)
- TODO: check
+ NOT-FOR-US: Passage Drive
CVE-2022-32765
RESERVED
CVE-2022-2331
@@ -4351,29 +4351,29 @@ CVE-2022-34612
CVE-2022-34611
RESERVED
CVE-2022-34610 (H3C Magic R200 R200V200R004L02 was discovered to contain a stack overf ...)
- TODO: check
+ NOT-FOR-US: H3C Magic
CVE-2022-34609 (H3C Magic R200 R200V200R004L02 was discovered to contain a stack overf ...)
- TODO: check
+ NOT-FOR-US: H3C Magic
CVE-2022-34608 (H3C Magic R200 R200V200R004L02 was discovered to contain a stack overf ...)
- TODO: check
+ NOT-FOR-US: H3C Magic
CVE-2022-34607 (H3C Magic R200 R200V200R004L02 was discovered to contain a stack overf ...)
- TODO: check
+ NOT-FOR-US: H3C Magic
CVE-2022-34606 (H3C Magic R200 R200V200R004L02 was discovered to contain a stack overf ...)
- TODO: check
+ NOT-FOR-US: H3C Magic
CVE-2022-34605 (H3C Magic R200 R200V200R004L02 was discovered to contain a stack overf ...)
- TODO: check
+ NOT-FOR-US: H3C Magic
CVE-2022-34604 (H3C Magic R200 R200V200R004L02 was discovered to contain a stack overf ...)
- TODO: check
+ NOT-FOR-US: H3C Magic
CVE-2022-34603 (H3C Magic R200 R200V200R004L02 was discovered to contain a stack overf ...)
- TODO: check
+ NOT-FOR-US: H3C Magic
CVE-2022-34602 (H3C Magic R200 R200V200R004L02 was discovered to contain a stack overf ...)
- TODO: check
+ NOT-FOR-US: H3C Magic
CVE-2022-34601 (H3C Magic R200 R200V200R004L02 was discovered to contain a stack overf ...)
- TODO: check
+ NOT-FOR-US: H3C Magic
CVE-2022-34600 (H3C Magic R200 R200V200R004L02 was discovered to contain a stack overf ...)
- TODO: check
+ NOT-FOR-US: H3C Magic
CVE-2022-34599 (H3C Magic R200 R200V200R004L02 was discovered to contain a stack overf ...)
- TODO: check
+ NOT-FOR-US: H3C Magic
CVE-2022-34598 (The udpserver in H3C Magic R100 V200R004 and V100R005 has the 9034 por ...)
NOT-FOR-US: udpserver in H3C Magic R100 V200R004 and V100R005
CVE-2022-34597 (Tenda AX1806 v1.0.0.1 was discovered to contain a command injection vu ...)
@@ -4391,15 +4391,15 @@ CVE-2022-34592 (Wavlink WL-WN575A3 RPT75A3.V4300.201217 was discovered to contai
CVE-2022-34591
RESERVED
CVE-2022-34590 (Hospital Management System v1.0 was discovered to contain a SQL inject ...)
- TODO: check
+ NOT-FOR-US: Hospital Management System
CVE-2022-34589
RESERVED
CVE-2022-34588 (itsourcecode Advanced School Management System v1.0 is vulnerable to S ...)
- TODO: check
+ NOT-FOR-US: itsourcecode Advanced School Management System
CVE-2022-34587
RESERVED
CVE-2022-34586 (itsourcecode Advanced School Management System v1.0 is vulnerable to S ...)
- TODO: check
+ NOT-FOR-US: itsourcecode Advanced School Management System
CVE-2022-34585
RESERVED
CVE-2022-34584
@@ -4663,9 +4663,9 @@ CVE-2017-20099 (A vulnerability was found in Analytics Stats Counter Statistics
CVE-2017-20098 (A vulnerability was found in Admin Custom Login Plugin 2.4.5.2. It has ...)
NOT-FOR-US: WordPress plugin
CVE-2022-34150 (The main MiCODUS MV720 GPS tracker web server has an authenticated ins ...)
- TODO: check
+ NOT-FOR-US: MiCODUS
CVE-2022-33944 (The main MiCODUS MV720 GPS tracker web server has an authenticated ins ...)
- TODO: check
+ NOT-FOR-US: MiCODUS
CVE-2022-2203
RESERVED
CVE-2022-2202
@@ -4682,7 +4682,7 @@ CVE-2022-2200
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-25/#CVE-2022-2200
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-26/#CVE-2022-2200
CVE-2022-2199 (The main MiCODUS MV720 GPS tracker web server has a reflected cross-si ...)
- TODO: check
+ NOT-FOR-US: MiCODUS
CVE-2022-34485
RESERVED
- firefox 102.0-1
@@ -5002,7 +5002,7 @@ CVE-2022-34369
CVE-2022-34368
RESERVED
CVE-2022-34367 (Dell EMC Data Protection Central versions 19.1, 19.2, 19.3, 19.4, 19.5 ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2022-34366
RESERVED
CVE-2022-34365
@@ -5251,7 +5251,7 @@ CVE-2022-34271
CVE-2022-2180
RESERVED
CVE-2022-2179 (The X-Frame-Options header in Rockwell Automation MicroLogix 1100/1400 ...)
- TODO: check
+ NOT-FOR-US: Rockwell
CVE-2022-2178
RESERVED
CVE-2022-2177
@@ -5613,7 +5613,7 @@ CVE-2022-2143
CVE-2022-2142
RESERVED
CVE-2022-2141 (SMS-based GPS commands can be executed by MiCODUS MV720 GPS tracker wi ...)
- TODO: check
+ NOT-FOR-US: MiCODUS
CVE-2022-2140 (Elcomplus SmartICS v2.3.4.0 does not neutralize user-controllable inpu ...)
NOT-FOR-US: Elcomplus SmartICS
CVE-2022-2139
@@ -5836,21 +5836,21 @@ CVE-2022-34051
CVE-2022-34050
RESERVED
CVE-2022-34049 (An access control issue in Wavlink WN530HG4 M30HG4.V5030.191116 allows ...)
- TODO: check
+ NOT-FOR-US: WAVLINK
CVE-2022-34048 (Wavlink WN533A8 M33A8.V5030.190716 was discovered to contain a reflect ...)
- TODO: check
+ NOT-FOR-US: WAVLINK
CVE-2022-34047 (An access control issue in Wavlink WN530HG4 M30HG4.V5030.191116 allows ...)
- TODO: check
+ NOT-FOR-US: WAVLINK
CVE-2022-34046 (An access control issue in Wavlink WN533A8 M33A8.V5030.190716 allows a ...)
- TODO: check
+ NOT-FOR-US: WAVLINK
CVE-2022-34045 (Wavlink WN530HG4 M30HG4.V5030.191116 was discovered to contain a hardc ...)
- TODO: check
+ NOT-FOR-US: WAVLINK
CVE-2022-34044
RESERVED
CVE-2022-34043 (Incorrect permissions for the folder C:\ProgramData\NoMachine\var\unin ...)
NOT-FOR-US: NoMachine Windows builds
CVE-2022-34042 (Barangay Management System v1.0 was discovered to contain a SQL inject ...)
- TODO: check
+ NOT-FOR-US: Barangay Management System
CVE-2022-34041
RESERVED
CVE-2022-34040
@@ -6316,7 +6316,7 @@ CVE-2022-33925
CVE-2022-33924
RESERVED
CVE-2022-33923 (Dell PowerStore, versions prior to 3.0.0.0, contains an OS Command Inj ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2022-33922
RESERVED
CVE-2022-33921
@@ -6431,7 +6431,7 @@ CVE-2022-25986
CVE-2022-2108 (The plugin Wbcom Designs – BuddyPress Group Reviews for WordPres ...)
NOT-FOR-US: WordPress plugin
CVE-2022-2107 (The MiCODUS MV720 GPS tracker API server has an authentication mechani ...)
- TODO: check
+ NOT-FOR-US: MiCODUS
CVE-2022-2106 (Elcomplus SmartICS v2.3.4.0 does not validate the filenames sufficient ...)
NOT-FOR-US: Elcomplus SmartICS
CVE-2022-2105 (Client-side JavaScript controls may be bypassed to change user credent ...)
@@ -7644,17 +7644,17 @@ CVE-2022-33322
CVE-2022-33321
RESERVED
CVE-2022-33320 (Deserialization of Untrusted Data vulnerability in ICONICS GENESIS64 v ...)
- TODO: check
+ NOT-FOR-US: ICONICS
CVE-2022-33319 (Out-of-bounds Read vulnerability in ICONICS GENESIS64 versions 10.97.1 ...)
- TODO: check
+ NOT-FOR-US: ICONICS
CVE-2022-33318 (Deserialization of Untrusted Data vulnerability in ICONICS GENESIS64 v ...)
- TODO: check
+ NOT-FOR-US: ICONICS
CVE-2022-33317 (Inclusion of Functionality from Untrusted Control Sphere vulnerability ...)
- TODO: check
+ NOT-FOR-US: ICONICS
CVE-2022-33316 (Deserialization of Untrusted Data vulnerability in ICONICS GENESIS64 v ...)
- TODO: check
+ NOT-FOR-US: ICONICS
CVE-2022-33315 (Deserialization of Untrusted Data vulnerability in ICONICS GENESIS64 v ...)
- TODO: check
+ NOT-FOR-US: ICONICS
CVE-2022-33314 (Multiple command injection vulnerabilities exist in the web_server act ...)
NOT-FOR-US: Robustel R1510
CVE-2022-33313 (Multiple command injection vulnerabilities exist in the web_server act ...)
@@ -9386,7 +9386,7 @@ CVE-2022-30536
CVE-2022-30337
RESERVED
CVE-2022-29923 (Authenticated (admin or higher user role) Reflected Cross-Site Scripti ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-28700
RESERVED
CVE-2022-28666
@@ -9621,7 +9621,7 @@ CVE-2022-2002
CVE-2022-2001 (The DX Share Selection plugin for WordPress is vulnerable to Cross-Sit ...)
NOT-FOR-US: WordPress plugin
CVE-2022-32498 (Dell EMC PowerStore, Versions prior to v3.0.0.0 contain a DLL Hijackin ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2022-32497
RESERVED
CVE-2022-32496
@@ -12473,15 +12473,15 @@ CVE-2022-31572 (The ceee-vip/cockybook repository through 2015-04-16 on GitHub a
CVE-2022-31571 (The akashtalole/python-flask-restful-api repository through 2019-09-16 ...)
NOT-FOR-US: akashtalole/python-flask-restful-api
CVE-2022-31570 (The adriankoczuruek/ceneo-web-scrapper repository through 2021-03-15 o ...)
- TODO: check
+ NOT-FOR-US: adriankoczuruek/ceneo-web-scrapper
CVE-2022-31569
REJECTED
CVE-2022-31568 (The Rexians/rex-web repository through 2022-06-05 on GitHub allows abs ...)
- TODO: check
+ NOT-FOR-US: Rexians/rex-web
CVE-2022-31567 (The DSABenchmark/DSAB repository through 2.1 on GitHub allows absolute ...)
- TODO: check
+ NOT-FOR-US: DSABenchmark/DSAB
CVE-2022-31566 (The DSAB-local/DSAB repository through 2019-02-18 on GitHub allows abs ...)
- TODO: check
+ NOT-FOR-US: DSAB-local/DSAB
CVE-2022-31565 (The yogson/syrabond repository through 2020-05-25 on GitHub allows abs ...)
TODO: check
CVE-2022-31564 (The woduq1414/munhak-moa repository before 2022-05-03 on GitHub allows ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8e7d2b2d48611ebce2baeece433b389d22961e39
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8e7d2b2d48611ebce2baeece433b389d22961e39
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220721/af9b13a4/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list