[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Tue Jul 26 21:23:49 BST 2022
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
b581402a by Moritz Muehlenhoff at 2022-07-26T22:23:29+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -813,7 +813,7 @@ CVE-2022-36414 (There is an elevation of privilege breakout vulnerability in the
CVE-2022-36413
RESERVED
CVE-2022-36412 (In Zoho ManageEngine SupportCenter Plus before 11023, V3 API requests ...)
- TODO: check
+ NOT-FOR-US: Zoho
CVE-2022-36411
RESERVED
CVE-2022-36410
@@ -876,7 +876,7 @@ CVE-2022-36379
CVE-2022-36378
RESERVED
CVE-2022-36375 (Authenticated (high role user) WordPress Options Change vulnerability ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-36371
RESERVED
CVE-2022-36357
@@ -1185,7 +1185,7 @@ CVE-2022-36301
CVE-2022-36300
RESERVED
CVE-2022-30706 (Open redirect vulnerability in Booked versions prior to 3.3 allows a r ...)
- TODO: check
+ NOT-FOR-US: Booked
CVE-2022-2476 (A null pointer dereference bug was found in wavpack-5.4.0 The results ...)
- wavpack <unfixed> (bug #1015790)
[bullseye] - wavpack <no-dsa> (Minor issue)
@@ -1513,7 +1513,7 @@ CVE-2022-36163
CVE-2022-36162
RESERVED
CVE-2022-36161 (Orange Station 1.0 was discovered to contain a SQL injection vulnerabi ...)
- TODO: check
+ NOT-FOR-US: Orange Station
CVE-2022-36160
RESERVED
CVE-2022-36159
@@ -2193,15 +2193,15 @@ CVE-2022-2416
CVE-2022-2415
RESERVED
CVE-2022-35873 (This vulnerability allows remote attackers to execute arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: Ignition
CVE-2022-35872 (This vulnerability allows remote attackers to execute arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: Ignition
CVE-2022-35871 (This vulnerability allows remote attackers to execute arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: Ignition
CVE-2022-35870 (This vulnerability allows remote attackers to execute arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: Ignition
CVE-2022-35869 (This vulnerability allows remote attackers to bypass authentication on ...)
- TODO: check
+ NOT-FOR-US: Ignition
CVE-2022-35868
RESERVED
CVE-2022-35867
@@ -2731,7 +2731,7 @@ CVE-2022-35641
CVE-2022-35640
RESERVED
CVE-2022-35639 (IBM Sterling Partner Engagement Manager 6.1, 6.2, and Cloud 22.2 do no ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2022-35638
RESERVED
CVE-2022-35637
@@ -3564,7 +3564,7 @@ CVE-2022-35288 (IBM Security Verify Information Queue 10.0.2 could allow a user
CVE-2022-35287 (IBM Security Verify Information Queue 10.0.2 contains hard-coded crede ...)
NOT-FOR-US: IBM
CVE-2022-35286 (IBM Security Verify Information Queue 10.0.2 is vulnerable to cross-si ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2022-35285 (IBM Security Verify Information Queue 10.0.2 is vulnerable to cross-si ...)
NOT-FOR-US: IBM
CVE-2022-35284 (IBM Security Verify Information Queue 10.0.2 could disclose sensitive ...)
@@ -3940,7 +3940,7 @@ CVE-2022-35133
CVE-2022-35132
RESERVED
CVE-2022-35131 (Joplin v2.8.8 allows attackers to execute arbitrary commands via a cra ...)
- TODO: check
+ NOT-FOR-US: Joplin
CVE-2022-35130
RESERVED
CVE-2022-35129
@@ -4220,13 +4220,13 @@ CVE-2022-34993
CVE-2022-34992
RESERVED
CVE-2022-34991 (Paymoney v3.3 was discovered to contain multiple reflected cross-site ...)
- TODO: check
+ NOT-FOR-US: Paymoney
CVE-2022-34990
RESERVED
CVE-2022-34989 (Fruits Bazar v1.0 was discovered to contain a SQL injection vulnerabil ...)
- TODO: check
+ NOT-FOR-US: PaymoneyFruits Bazar
CVE-2022-34988 (Inout Blockchain AltExchanger v1.2.1 was discovered to contain a cross ...)
- TODO: check
+ NOT-FOR-US: Inout Blockchain AltExchanger
CVE-2022-34987
RESERVED
CVE-2022-34986
@@ -4270,7 +4270,7 @@ CVE-2022-34968
CVE-2022-34967
RESERVED
CVE-2022-34966 (OpenTeknik LLC OSSN OPEN SOURCE SOCIAL NETWORK v6.3 LTS was discovered ...)
- TODO: check
+ NOT-FOR-US: OpenTeknik
CVE-2022-34965 (OpenTeknik LLC OSSN OPEN SOURCE SOCIAL NETWORK v6.3 LTS was discovered ...)
NOT-FOR-US: OpenTeknik
CVE-2022-34964 (OpenTeknik LLC OSSN OPEN SOURCE SOCIAL NETWORK v6.3 LTS was discovered ...)
@@ -4467,9 +4467,9 @@ CVE-2022-34909
CVE-2022-34908
RESERVED
CVE-2022-34907 (An authentication bypass vulnerability exists in FileWave before 14.6. ...)
- TODO: check
+ NOT-FOR-US: FileWave
CVE-2022-34906 (A hard-coded cryptographic key is used in FileWave before 14.6.3 and 1 ...)
- TODO: check
+ NOT-FOR-US: FileWave
CVE-2022-34905
RESERVED
CVE-2022-34904
@@ -5195,7 +5195,7 @@ CVE-2022-34661
CVE-2022-34660
RESERVED
CVE-2022-2225 (By using warp-cli subcommands (disable-ethernet, disable-wifi), it was ...)
- TODO: check
+ NOT-FOR-US: Cloudflare Warp
CVE-2022-2224 (The WordPress plugin Gallery for Social Photo is vulnerable to Cross-S ...)
NOT-FOR-US: WordPress plugin
CVE-2022-2223 (The WordPress plugin Image Slider is vulnerable to Cross-Site Request ...)
@@ -5422,21 +5422,21 @@ CVE-2022-34579
CVE-2022-34578
RESERVED
CVE-2022-34577 (A vulnerability in adm.cgi of WAVLINK WN535 G3 M35G3R.V5030.180927 all ...)
- TODO: check
+ NOT-FOR-US: Wavlink
CVE-2022-34576 (A vulnerability in /cgi-bin/ExportAllSettings.sh of WAVLINK WN535 G3 M ...)
- TODO: check
+ NOT-FOR-US: Wavlink
CVE-2022-34575 (An access control issue in Wavlink WiFi-Repeater RPTA2-77W.M4300.01.GD ...)
- TODO: check
+ NOT-FOR-US: Wavlink
CVE-2022-34574 (An access control issue in Wavlink WiFi-Repeater RPTA2-77W.M4300.01.GD ...)
- TODO: check
+ NOT-FOR-US: Wavlink
CVE-2022-34573 (An access control issue in Wavlink WiFi-Repeater RPTA2-77W.M4300.01.GD ...)
- TODO: check
+ NOT-FOR-US: Wavlink
CVE-2022-34572 (An access control issue in Wavlink WiFi-Repeater RPTA2-77W.M4300.01.GD ...)
- TODO: check
+ NOT-FOR-US: Wavlink
CVE-2022-34571 (An access control issue in Wavlink WiFi-Repeater RPTA2-77W.M4300.01.GD ...)
- TODO: check
+ NOT-FOR-US: Wavlink
CVE-2022-34570 (WAVLINK WN579 X3 M79X3.V5030.191012/M79X3.V5030.191012 contains an inf ...)
- TODO: check
+ NOT-FOR-US: Wavlink
CVE-2022-34569
RESERVED
CVE-2022-34568
@@ -6815,7 +6815,7 @@ CVE-2022-34069
CVE-2022-34068
RESERVED
CVE-2022-34067 (Warehouse Management System v1.0 was discovered to contain a SQL injec ...)
- TODO: check
+ NOT-FOR-US: Warehouse Management System
CVE-2022-34066 (The Texercise package in PyPI v0.0.1 to v0.0.12 was discovered to cont ...)
NOT-FOR-US: Texercise package in PyPI
CVE-2022-34065 (The Rondolu-YT-Concate package in PyPI v0.1.0 was discovered to contai ...)
@@ -12299,7 +12299,7 @@ CVE-2022-31881
CVE-2022-31880
RESERVED
CVE-2022-31879 (Online Fire Reporting System 1.0 is vulnerable to SQL Injection via th ...)
- TODO: check
+ NOT-FOR-US: Online Fire Reporting System
CVE-2022-31878
RESERVED
CVE-2022-31877
@@ -16454,7 +16454,7 @@ CVE-2022-1649 (Null pointer dereference in libr/bin/format/mach0/mach0.c in rada
NOTE: https://huntr.dev/bounties/c07e4918-cf86-4d2e-8969-5fb63575b449
NOTE: https://github.com/radareorg/radare2/commit/a5aafb99c3965259c84ddcf45a91144bf7eb4cf1
CVE-2022-1648 (Pandora FMS v7.0NG.760 and below allows a relative path traversal in F ...)
- TODO: check
+ NOT-FOR-US: Pandora FMS
CVE-2022-1647 (The FormCraft WordPress plugin before 1.2.6 does not sanitise and esca ...)
NOT-FOR-US: WordPress plugin
CVE-2022-30526 (A privilege escalation vulnerability was identified in the CLI command ...)
@@ -25037,9 +25037,9 @@ CVE-2022-1043 [Linux Kernel io_uring Use-After-Free Privilege Escalation Vulnera
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1997328
NOTE: https://git.kernel.org/linus/a30f895ad3239f45012e860d4f94c1a388b36d14 (5.14-rc7)
CVE-2022-1042 (In Zephyr bluetooth mesh core stack, an out-of-bound write vulnerabili ...)
- TODO: check
+ NOT-FOR-US: Zyphyr
CVE-2022-1041 (In Zephyr bluetooth mesh core stack, an out-of-bound write vulnerabili ...)
- TODO: check
+ NOT-FOR-US: Zyphyr
CVE-2022-27635
RESERVED
CVE-2022-27626
@@ -39655,9 +39655,9 @@ CVE-2022-23002
CVE-2022-23001
RESERVED
CVE-2022-23000 (The Western Digital My Cloud Web App [https://os5.mycloud.com/] uses a ...)
- TODO: check
+ NOT-FOR-US: Western Digital
CVE-2022-22999 (Western Digital My Cloud devices are vulnerable to a cross side script ...)
- TODO: check
+ NOT-FOR-US: Western Digital
CVE-2022-22998 (Implemented protections on AWS credentials that were not properly prot ...)
NOT-FOR-US: Western Digital
CVE-2022-22997 (Addressed a remote code execution vulnerability by resolving a command ...)
@@ -41035,7 +41035,7 @@ CVE-2022-22688 (Improper neutralization of special elements used in a command ('
CVE-2022-22687 (Buffer copy without checking size of input ('Classic Buffer Overflow') ...)
NOT-FOR-US: Synology DiskStation Manager
CVE-2022-22686 (Cross-Site Request Forgery (CSRF) vulnerability in webapi component in ...)
- TODO: check
+ NOT-FOR-US: Synology
CVE-2022-22685
RESERVED
CVE-2022-22684
@@ -41859,7 +41859,7 @@ CVE-2022-22414 (IBM Robotic Process Automation 21.0.2 could allow a local user t
CVE-2022-22413 (IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 is vulnerabl ...)
NOT-FOR-US: IBM
CVE-2022-22412 (IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 could allow ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2022-22411
RESERVED
CVE-2022-22410 (IBM Watson Query with Cloud Pak for Data as a Service could allow an a ...)
@@ -50063,7 +50063,7 @@ CVE-2022-21643 (USOC is an open source CMS with a focus on simplicity. In affect
CVE-2022-21642 (Discourse is an open source platform for community discussion. In affe ...)
NOT-FOR-US: Discourse
CVE-2021-43959 (Affected versions of Atlassian Jira Service Management Server and Data ...)
- TODO: check
+ NOT-FOR-US: Atlassian
CVE-2021-43958 (Various rest resources in Fisheye and Crucible before version 4.8.9 al ...)
NOT-FOR-US: Atlassian
CVE-2021-43957 (Affected versions of Atlassian Fisheye & Crucible allowed remote a ...)
@@ -89772,7 +89772,7 @@ CVE-2020-36292
CVE-2020-36291
RESERVED
CVE-2020-36290 (The Livesearch macro in Confluence Server and Data Center before versi ...)
- TODO: check
+ NOT-FOR-US: Atlassian
CVE-2020-36289 (Affected versions of Atlassian Jira Server and Data Center allow an un ...)
NOT-FOR-US: Atlassian
CVE-2020-36288 (The issue navigation and search view in Jira Server and Data Center be ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b581402a4a5201adde9f329d41055a681b33a87a
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b581402a4a5201adde9f329d41055a681b33a87a
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220726/3727775d/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list