[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Jun 3 20:00:26 BST 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
3f518319 by Salvatore Bonaccorso at 2022-06-03T21:00:07+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -17,7 +17,7 @@ CVE-2022-32267
CVE-2022-32266
RESERVED
CVE-2022-32265 (qDecoder before 12.1.0 does not ensure that the percent character is f ...)
- TODO: check
+ NOT-FOR-US: qDecoder
CVE-2022-32264
RESERVED
CVE-2022-32263
@@ -3282,7 +3282,7 @@ CVE-2022-31020
CVE-2022-31019
RESERVED
CVE-2022-31018 (Play Framework is a web framework for Java and Scala. A denial of serv ...)
- TODO: check
+ NOT-FOR-US: Play Framework
CVE-2022-31017
RESERVED
CVE-2022-31016
@@ -4997,7 +4997,7 @@ CVE-2022-30466
CVE-2022-30465
RESERVED
CVE-2022-30464 (ChatBot App with Suggestion in PHP/OOP v1.0 is vulnerable to Cross Sit ...)
- TODO: check
+ NOT-FOR-US: ChatBot App with Suggestion in PHP/OOP
CVE-2022-30463 (Automotive Shop Management System v1.0 is vulnerable to SQL Injection ...)
NOT-FOR-US: Automotive Shop Management System
CVE-2022-30462 (Water-billing-management-system v1.0 is affected by: Cross Site Script ...)
@@ -5007,7 +5007,7 @@ CVE-2022-30461 (Water-billing-management-system v1.0 is vulnerable to SQL Inject
CVE-2022-30460 (Simple Social Networking Site v1.0 is vulnerable to Cross Site Scripti ...)
NOT-FOR-US: Simple Social Networking Site
CVE-2022-30459 (ChatBot App with Suggestion in PHP/OOP v1.0 is vulnerable to SQL Injec ...)
- TODO: check
+ NOT-FOR-US: ChatBot App with Suggestion in PHP/OOP
CVE-2022-30458 (Automotive Shop Management System v1.0 is vulnerable to Cross Site Scr ...)
NOT-FOR-US: Automotive Shop Management System
CVE-2022-30457
@@ -5601,19 +5601,19 @@ CVE-2022-30240 (An argument injection vulnerability in the browser-based authent
CVE-2022-30239 (An argument injection vulnerability in the browser-based authenticatio ...)
NOT-FOR-US: Magnitude Simba Amazon Athena JDBC Driver
CVE-2022-30238 (A CWE-287: Improper Authentication vulnerability exists that could all ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2022-30237 (A CWE-311: Missing Encryption of Sensitive Data vulnerability exists t ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2022-30236 (A CWE-669: Incorrect Resource Transfer Between Spheres vulnerability e ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2022-30235 (A CWE-307: Improper Restriction of Excessive Authentication Attempts v ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2022-30234 (A CWE-798: Use of Hard-coded Credentials vulnerability exists that cou ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2022-30233 (A CWE-20: Improper Input Validation vulnerability exists that could al ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2022-30232 (A CWE-20: Improper Input Validation vulnerability exists that could ca ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2022-30231
RESERVED
CVE-2022-30230
@@ -7123,7 +7123,7 @@ CVE-2022-29769
CVE-2022-29768
RESERVED
CVE-2022-29767 (adbyby v2.7 allows external users to make connections via port 8118. T ...)
- TODO: check
+ NOT-FOR-US: adbyby
CVE-2022-29766
RESERVED
CVE-2022-29765
@@ -7383,7 +7383,7 @@ CVE-2022-29639 (TOTOLINK A3100R V4.1.2cu.5050_B20200504 and V4.1.2cu.5247_B20211
CVE-2022-29638 (TOTOLINK A3100R V4.1.2cu.5050_B20200504 and V4.1.2cu.5247_B20211129 we ...)
NOT-FOR-US: TOTOLINK
CVE-2022-29637 (An arbitrary file upload vulnerability in Mindoc v2.1-beta.5 allows at ...)
- TODO: check
+ NOT-FOR-US: Mindoc
CVE-2022-29636
RESERVED
CVE-2022-29635
@@ -7515,7 +7515,7 @@ CVE-2022-29596 (MicroStrategy Enterprise Manager 2022 allows authentication bypa
CVE-2022-29595
RESERVED
CVE-2022-29594 (eG Agent before 7.2 has weak file permissions that enable escalation o ...)
- TODO: check
+ NOT-FOR-US: eG Agent
CVE-2022-29593
RESERVED
CVE-2022-1441 (MP4Box is a component of GPAC-2.0.0, which is a widely-used third-part ...)
@@ -7698,7 +7698,7 @@ CVE-2022-29542
CVE-2022-29541
RESERVED
CVE-2022-29540 (resi-calltrace in RESI Gemini-Net 4.2 is affected by Multiple XSS issu ...)
- TODO: check
+ NOT-FOR-US: RESI Gemini-Net
CVE-2022-29539 (resi-calltrace in RESI Gemini-Net 4.2 is affected by OS Command Inject ...)
NOT-FOR-US: RESI Gemini-Net
CVE-2022-29538 (RESI Gemini-Net Web 4.2 is affected by Improper Access Control in auth ...)
@@ -8082,7 +8082,7 @@ CVE-2022-1387 (The No Future Posts WordPress plugin through 1.4 does not escape
CVE-2022-1386 (The Fusion Builder WordPress plugin before 3.6.2, used in the Avada th ...)
NOT-FOR-US: WordPress plugin
CVE-2022-29405 (In Apache Archiva, any registered user can reset password for any user ...)
- TODO: check
+ NOT-FOR-US: Apache Archiva
CVE-2022-1385 (Mattermost 6.4.x and earlier fails to properly invalidate pending emai ...)
- mattermost-server <itp> (bug #823556)
CVE-2022-1384 (Mattermost version 6.4.x and earlier fails to properly check the plugi ...)
@@ -8950,9 +8950,9 @@ CVE-2022-29087
CVE-2022-29086
RESERVED
CVE-2022-29085 (Dell Unity, Dell UnityVSA, and Dell Unity XT versions prior to 5.2.0.0 ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2022-29084 (Dell Unity, Dell UnityVSA, and Dell Unity XT versions before 5.2.0.0.5 ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2022-29083
RESERVED
CVE-2022-29082 (Dell EMC NetWorker versions 19.1.x, 19.1.0.x, 19.1.1.x, 19.2.x, 19.2.0 ...)
@@ -15143,21 +15143,21 @@ CVE-2021-46709 (phpLiteAdmin through 1.9.8.2 allows XSS via the index.php newRow
CVE-2022-26979
RESERVED
CVE-2022-26978 (Barco Control Room Management Suite web application, which is part of ...)
- TODO: check
+ NOT-FOR-US: Barco Control Room Management Suite
CVE-2022-26977 (Barco Control Room Management Suite web application, which is part of ...)
- TODO: check
+ NOT-FOR-US: Barco Control Room Management Suite
CVE-2022-26976 (Barco Control Room Management Suite web application, which is part of ...)
- TODO: check
+ NOT-FOR-US: Barco Control Room Management Suite
CVE-2022-26975 (Barco Control Room Management Suite web application, which is part of ...)
- TODO: check
+ NOT-FOR-US: Barco Control Room Management Suite
CVE-2022-26974 (Barco Control Room Management Suite web application, which is part of ...)
- TODO: check
+ NOT-FOR-US: Barco Control Room Management Suite
CVE-2022-26973 (Barco Control Room Management Suite web application, which is part of ...)
- TODO: check
+ NOT-FOR-US: Barco Control Room Management Suite
CVE-2022-26972 (Barco Control Room Management Suite web application, which is part of ...)
- TODO: check
+ NOT-FOR-US: Barco Control Room Management Suite
CVE-2022-26971 (Barco Control Room Management Suite web application, which is part of ...)
- TODO: check
+ NOT-FOR-US: Barco Control Room Management Suite
CVE-2022-26970
RESERVED
CVE-2022-26969
@@ -15304,7 +15304,7 @@ CVE-2022-26907 (Azure SDK for .NET Information Disclosure Vulnerability. ...)
CVE-2022-26906
RESERVED
CVE-2022-26905 (Microsoft Edge (Chromium-based) Spoofing Vulnerability. ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-26904 (Windows User Profile Service Elevation of Privilege Vulnerability. ...)
NOT-FOR-US: Microsoft
CVE-2022-26903 (Windows Graphics Component Remote Code Execution Vulnerability. ...)
@@ -15398,13 +15398,13 @@ CVE-2022-26871 (An arbitrary file upload vulnerability in Trend Micro Apex Centr
CVE-2022-26870
RESERVED
CVE-2022-26869 (Dell PowerStore versions 2.0.0.x, 2.0.1.x and 2.1.0.x contains an open ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2022-26868 (Dell EMC PowerStore versions 2.0.0.x, 2.0.1.x, and 2.1.0.x are vulnera ...)
- TODO: check
+ NOT-FOR-US: EMC PowerStore
CVE-2022-26867 (PowerStore SW v2.1.1.0 supports the option to export data to either a ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2022-26866 (Dell PowerStore Versions before v2.1.1.0. contains a Stored Cross-Site ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2022-26865 (Dell Support Assist OS Recovery versions before 5.5.2 contain an Authe ...)
NOT-FOR-US: Dell SupportAssist
CVE-2022-26864
@@ -16352,7 +16352,7 @@ CVE-2022-26498 (An issue was discovered in Asterisk through 19.x. When using STI
NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-29872
NOTE: https://downloads.asterisk.org/pub/security/AST-2022-001.html
CVE-2022-26497 (BigBlueButton Greenlight 2.11.1 allows XSS. A threat actor could have ...)
- TODO: check
+ NOT-FOR-US: BigBlueButton
CVE-2022-26496 (In nbd-server in nbd before 3.24, there is a stack-based buffer overfl ...)
{DSA-5100-1}
- nbd 1:3.24-1 (bug #1006915)
@@ -20147,7 +20147,7 @@ CVE-2022-25165 (An issue was discovered in Amazon AWS VPN Client 2.0.0. A TOCTOU
CVE-2022-25164
RESERVED
CVE-2022-25163 (Improper Input Validation vulnerability in Mitsubishi Electric MELSEC- ...)
- TODO: check
+ NOT-FOR-US: Mitsubishi
CVE-2022-25162 (Improper Input Validation vulnerability in Mitsubishi Electric MELSEC ...)
NOT-FOR-US: Mitsubishi
CVE-2022-25161 (Improper Input Validation vulnerability in Mitsubishi Electric MELSEC ...)
@@ -26886,9 +26886,9 @@ CVE-2022-23239
CVE-2022-23238
RESERVED
CVE-2022-23237 (E-Series SANtricity OS Controller Software 11.x versions through 11.70 ...)
- TODO: check
+ NOT-FOR-US: E-Series SANtricity OS Controller Software
CVE-2022-23236 (E-Series SANtricity OS Controller Software versions 11.40 through 11.7 ...)
- TODO: check
+ NOT-FOR-US: E-Series SANtricity OS Controller Software
CVE-2022-23235
RESERVED
CVE-2022-23234 (SnapCenter versions prior to 4.5 are susceptible to a vulnerability wh ...)
@@ -27767,7 +27767,7 @@ CVE-2022-22979
CVE-2022-22978 (In Spring Security versions 5.5.6 and 5.6.3 and older unsupported vers ...)
TODO: check
CVE-2022-22977 (VMware Tools for Windows(12.0.0, 11.x.y and 10.x.y) contains an XML Ex ...)
- TODO: check
+ NOT-FOR-US: VMware
CVE-2022-22976 (Spring Security versions 5.5.x prior to 5.5.7, 5.6.x prior to 5.6.4, a ...)
TODO: check
CVE-2022-22975 (An issue was discovered in the Pinniped Supervisor with either LADPIde ...)
@@ -29422,9 +29422,9 @@ CVE-2022-22559 (Dell PowerScale OneFS, version 9.3.0, contains a use of a broken
CVE-2022-22558 (Dell PowerEdge Server BIOS contains an Improper SMM communication buff ...)
NOT-FOR-US: Dell
CVE-2022-22557 (PowerStore contains Plain-Text Password Storage Vulnerability in Power ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2022-22556 (Dell PowerStore contains an Uncontrolled Resource Consumption Vulnerab ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2022-22555
RESERVED
CVE-2022-22554 (Dell EMC System Update, version 1.9.2 and prior, contain an Unprotecte ...)
@@ -67002,7 +67002,7 @@ CVE-2021-33617 (Zoho ManageEngine Password Manager Pro before 11.2 11200 allows
CVE-2021-33616 (RSA Archer 6.x through 6.9 SP1 P4 (6.9.1.4) allows stored XSS. ...)
NOT-FOR-US: RSA Archer
CVE-2021-33615 (RSA Archer 6.8.00500.1003 P5 allows Unrestricted Upload of a File with ...)
- TODO: check
+ NOT-FOR-US: RSA Archer
CVE-2021-33620 (Squid before 4.15 and 5.x before 5.0.6 allows remote servers to cause ...)
{DSA-4924-1 DLA-2685-1}
- squid 4.13-10
@@ -117966,9 +117966,9 @@ CVE-2020-26187
CVE-2020-26186 (Dell Inspiron 5675 BIOS versions prior to 1.4.1 contain a UEFI BIOS Ru ...)
NOT-FOR-US: Dell Inspiron 5675 BIOS
CVE-2020-26185 (Dell BSAFE Micro Edition Suite, versions prior to 4.5.1, contain a Buf ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2020-26184 (Dell BSAFE Micro Edition Suite, versions prior to 4.5.1, contain an Im ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2020-26183 (Dell EMC NetWorker versions prior to 19.3.0.2 contain an improper auth ...)
NOT-FOR-US: EMC
CVE-2020-26182 (Dell EMC NetWorker versions prior to 19.3.0.2 contain an incorrect pri ...)
@@ -129893,7 +129893,7 @@ CVE-2020-20973
CVE-2020-20972
RESERVED
CVE-2020-20971 (Cross Site Request Forgery (CSRF) vulnerability in PbootCMS v2.0.3 via ...)
- TODO: check
+ NOT-FOR-US: PbootCMS
CVE-2020-20970
RESERVED
CVE-2020-20969
@@ -205886,11 +205886,11 @@ CVE-2019-12353
CVE-2019-12352
RESERVED
CVE-2019-12351 (An issue was discovered in zzcms 2019. SQL Injection exists in dl/dl_p ...)
- TODO: check
+ NOT-FOR-US: zzcms
CVE-2019-12350 (An issue was discovered in zzcms 2019. SQL Injection exists in dl/dl_d ...)
- TODO: check
+ NOT-FOR-US: zzcms
CVE-2019-12349 (An issue was discovered in zzcms 2019. SQL Injection exists in /admin/ ...)
- TODO: check
+ NOT-FOR-US: zzcms
CVE-2019-12348 (An issue was discovered in zzcms 2019. SQL Injection exists in user/zt ...)
NOT-FOR-US: zzcms
CVE-2019-12347 (In pfSense 2.4.4-p3, a stored XSS vulnerability occurs when attackers ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3f518319c80bffb0864ee3c51216ab6b64263d79
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3f518319c80bffb0864ee3c51216ab6b64263d79
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220603/a52f3bf6/attachment.htm>
More information about the debian-security-tracker-commits
mailing list