[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) jmm at debian.org
Thu Jul 28 22:25:10 BST 2022 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
260041ef by Moritz Muehlenhoff at 2022-07-28T23:24:48+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -19,7 +19,7 @@ CVE-2022-2566
 CVE-2022-2565
 	RESERVED
 CVE-2022-2564 (Prototype Pollution in GitHub repository automattic/mongoose prior to  ...)
-	TODO: check
+	NOT-FOR-US: Mongoose
 CVE-2022-2563
 	RESERVED
 CVE-2022-37008
@@ -1409,7 +1409,7 @@ CVE-2022-36284
 CVE-2022-36282
 	RESERVED
 CVE-2022-35882 (Authenticated (author or higher user role) Stored Cross-Site Scripting ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-34868
 	RESERVED
 CVE-2022-34867
@@ -14761,7 +14761,7 @@ CVE-2022-31241
 CVE-2022-31240
 	RESERVED
 CVE-2022-1805 (When connecting to Amazon Workspaces, the SHA256 presented by AWS conn ...)
-	TODO: check
+	NOT-FOR-US: Tera2
 CVE-2022-1804
 	RESERVED
 CVE-2022-1803 (Improper Restriction of Rendered UI Layers or Frames in GitHub reposit ...)
@@ -17518,21 +17518,21 @@ CVE-2022-1616 (Use after free in append_command in GitHub repository vim/vim pri
 	NOTE: https://huntr.dev/bounties/40f1d75f-fb2f-4281-b585-a41017f217e2
 	NOTE: https://github.com/vim/vim/commit/d88934406c5375d88f8f1b65331c9f0cab68cc6c (v8.2.4895)
 CVE-2022-30320 (Saia Burgess Controls (SBC) PCD through 2022-05-06 uses a Broken or Ri ...)
-	TODO: check
+	NOT-FOR-US: Saia Burgess Controls
 CVE-2022-30319 (Saia Burgess Controls (SBC) PCD through 2022-05-06 allows Authenticati ...)
-	TODO: check
+	NOT-FOR-US: Saia Burgess Controls
 CVE-2022-30318
 	RESERVED
 CVE-2022-30317
 	RESERVED
 CVE-2022-30316 (Honeywell Experion PKS Safety Manager 5.02 has Insufficient Verificati ...)
-	TODO: check
+	NOT-FOR-US: Honeywell
 CVE-2022-30315 (Honeywell Experion PKS Safety Manager (SM and FSC) through 2022-05-06  ...)
-	TODO: check
+	NOT-FOR-US: Honeywell
 CVE-2022-30314 (Honeywell Experion PKS Safety Manager 5.02 uses Hard-coded Credentials ...)
-	TODO: check
+	NOT-FOR-US: Honeywell
 CVE-2022-30313 (Honeywell Experion PKS Safety Manager through 2022-05-06 has Missing A ...)
-	TODO: check
+	NOT-FOR-US: Honeywell
 CVE-2022-30312
 	RESERVED
 CVE-2022-30311 (In Festo Controller CECC-X-M1 product family in multiple versions, the ...)
@@ -25535,13 +25535,13 @@ CVE-2022-27616
 CVE-2022-27615 (Improper limitation of a pathname to a restricted directory ('Path Tra ...)
 	NOT-FOR-US: Synology
 CVE-2022-27614 (Exposure of sensitive information to an unauthorized actor vulnerabili ...)
-	TODO: check
+	NOT-FOR-US: Synology
 CVE-2022-27613 (Improper neutralization of special elements used in an SQL command ('S ...)
-	TODO: check
+	NOT-FOR-US: Synology
 CVE-2022-27612 (Buffer copy without checking size of input ('Classic Buffer Overflow') ...)
-	TODO: check
+	NOT-FOR-US: Synology
 CVE-2022-27611 (Improper limitation of a pathname to a restricted directory ('Path Tra ...)
-	TODO: check
+	NOT-FOR-US: Synology
 CVE-2022-27610 (Improper limitation of a pathname to a restricted directory ('Path Tra ...)
 	NOT-FOR-US: Synology
 CVE-2022-27609 (Forcepoint One Endpoint prior to version 22.01 installed on Microsoft  ...)
@@ -25748,7 +25748,7 @@ CVE-2022-27511 (Corruption of the system by a remote, unauthenticated user. The
 CVE-2022-27510
 	RESERVED
 CVE-2022-27509 (Unauthenticated redirection to a malicious website ...)
-	TODO: check
+	NOT-FOR-US: Citrix
 CVE-2022-27508
 	RESERVED
 CVE-2022-27507
@@ -41517,11 +41517,11 @@ CVE-2022-22687 (Buffer copy without checking size of input ('Classic Buffer Over
 CVE-2022-22686 (Cross-Site Request Forgery (CSRF) vulnerability in webapi component in ...)
 	NOT-FOR-US: Synology
 CVE-2022-22685 (Improper limitation of a pathname to a restricted directory ('Path Tra ...)
-	TODO: check
+	NOT-FOR-US: Synology
 CVE-2022-22684 (Improper neutralization of special elements used in an OS command ('OS ...)
-	TODO: check
+	NOT-FOR-US: Synology
 CVE-2022-22683 (Buffer copy without checking size of input ('Classic Buffer Overflow') ...)
-	TODO: check
+	NOT-FOR-US: Synology
 CVE-2022-22682 (Improper neutralization of input during web page generation ('Cross-si ...)
 	NOT-FOR-US: Synology
 CVE-2022-22681 (Session fixation vulnerability in access control management in Synolog ...)
@@ -107544,27 +107544,27 @@ CVE-2021-22652 (Access to the Advantech iView versions prior to v5.7.03.6112 con
 CVE-2021-22651 (When loading a specially crafted file, Luxion KeyShot versions prior t ...)
 	NOT-FOR-US: Luxion
 CVE-2021-22650 (An attacker may use TWinSoft and a malicious source project file (TPG) ...)
-	TODO: check
+	NOT-FOR-US: TWinSoft
 CVE-2021-22649 (Luxion KeyShot versions prior to 10.1, Luxion KeyShot Viewer versions  ...)
 	NOT-FOR-US: Luxion KeyShot
 CVE-2021-22648 (Ovarro TBox proprietary Modbus file access functions allow attackers t ...)
-	TODO: check
+	NOT-FOR-US: Ovarro TBox
 CVE-2021-22647 (Luxion KeyShot versions prior to 10.1, Luxion KeyShot Viewer versions  ...)
 	NOT-FOR-US: Luxion KeyShot
 CVE-2021-22646 (The “ipk” package containing the configuration created by  ...)
-	TODO: check
+	NOT-FOR-US: Ovarro TBox
 CVE-2021-22645 (Luxion KeyShot versions prior to 10.1, Luxion KeyShot Viewer versions  ...)
 	NOT-FOR-US: Luxion KeyShot
 CVE-2021-22644 (Ovarro TBox TWinSoft uses the custom hardcoded user “TWinSoft&#8 ...)
-	TODO: check
+	NOT-FOR-US: Ovarro TBox
 CVE-2021-22643 (Luxion KeyShot versions prior to 10.1, Luxion KeyShot Viewer versions  ...)
 	NOT-FOR-US: Luxion KeyShot
 CVE-2021-22642 (An attacker could use specially crafted invalid Modbus frames to crash ...)
-	TODO: check
+	NOT-FOR-US: Ovarro
 CVE-2021-22641 (A heap-based buffer overflow issue has been identified in the way the  ...)
 	NOT-FOR-US: Fuji Electric
 CVE-2021-22640 (An attacker can decrypt the Ovarro TBox login password by communicatio ...)
-	TODO: check
+	NOT-FOR-US: Ovarro TBox
 CVE-2021-22639 (An uninitialized pointer issue has been identified in the way the appl ...)
 	NOT-FOR-US: Fuji Electric
 CVE-2021-22638 (Fatek FvDesigner Version 1.5.76 and prior is vulnerable to an out-of-b ...)
@@ -374479,7 +374479,7 @@ CVE-2016-4992 (389 Directory Server in Red Hat Enterprise Linux Desktop 6 throug
 	[jessie] - 389-ds-base <no-dsa> (Minor issue)
 	NOTE: http://directory.fedoraproject.org/docs/389ds/releases/release-1-3-5-13.html
 CVE-2016-4991 (Input passed to the Pdf() function is shell escaped and passed to chil ...)
-	TODO: check
+	NOT-FOR-US: Node nodepdf
 CVE-2016-4990
 	REJECTED
 CVE-2016-4989 (setroubleshoot allows local users to bypass an intended container prot ...)
@@ -376299,9 +376299,9 @@ CVE-2016-4428 (Cross-site scripting (XSS) vulnerability in OpenStack Dashboard (
 	- horizon 3:9.0.1-2 (bug #828967)
 	NOTE: https://bugs.launchpad.net/bugs/1567673
 CVE-2016-4427 (In zulip before 1.3.12, deactivated users could access messages if SSO ...)
-	TODO: check
+	NOT-FOR-US: Zulip
 CVE-2016-4426 (In zulip before 1.3.12, bot API keys were accessible to other users in ...)
-	TODO: check
+	NOT-FOR-US: Zulip
 CVE-2016-4424
 	RESERVED
 CVE-2016-4423 (The attemptAuthentication function in Component/Security/Http/Firewall ...)
@@ -383243,9 +383243,9 @@ CVE-2016-2140 (The libvirt driver in OpenStack Compute (Nova) before 2015.1.4 (k
 	[wheezy] - nova <no-dsa> (Minor issue)
 	NOTE: Affects: <=2015.1.3, >=12.0.0 <=12.0.2
 CVE-2016-2139 (In kippo-graph before version 1.5.1, there is a cross-site scripting v ...)
-	TODO: check
+	NOT-FOR-US: kippo-graph
 CVE-2016-2138 (In kippo-graph before version 1.5.1, there is a cross-site scripting v ...)
-	TODO: check
+	NOT-FOR-US: kippo-graph
 CVE-2016-2137
 	REJECTED
 CVE-2016-2136
@@ -388162,7 +388162,7 @@ CVE-2016-0797 (Multiple integer overflows in OpenSSL 1.0.1 before 1.0.1s and 1.0
 	NOTE: https://www.openssl.org/news/secadv/20160301.txt
 	NOTE: Fixed in master in https://git.openssl.org/?p=openssl.git;a=commit;h=99ba9fd02fd481eb971023a3a0a251a37eb87e4c
 CVE-2016-0796 (WordPress Plugin mb.miniAudioPlayer-an HTML5 audio player for your mp3 ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2016-0795 (LibreOffice before 5.0.5 allows remote attackers to cause a denial of  ...)
 	{DSA-3482-1}
 	- libreoffice 1:5.0.5~rc1-1



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/260041ef6c4eef917e57517f043b198d21b165a2

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/260041ef6c4eef917e57517f043b198d21b165a2
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220728/b1ec50ce/attachment.htm>

More information about the debian-security-tracker-commits mailing list