[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Jun 17 13:31:32 BST 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
bab4bfb0 by Salvatore Bonaccorso at 2022-06-17T14:31:16+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -3677,15 +3677,15 @@ CVE-2019-25066 (A vulnerability has been found in ajenti 2.1.31 and classified a
CVE-2019-25065 (A vulnerability was found in OpenNetAdmin 18.1.1. It has been rated as ...)
NOT-FOR-US: OpenNetAdmin
CVE-2018-25044 (A vulnerability, which was classified as critical, has been found in u ...)
- TODO: check
+ NOT-FOR-US: uTorrent
CVE-2018-25043 (A vulnerability classified as critical was found in uTorrent. This vul ...)
- TODO: check
+ NOT-FOR-US: uTorrent
CVE-2018-25042 (A vulnerability classified as critical has been found in uTorrent. Thi ...)
- TODO: check
+ NOT-FOR-US: uTorrent
CVE-2018-25041 (A vulnerability was found in uTorrent. It has been rated as critical. ...)
- TODO: check
+ NOT-FOR-US: uTorrent
CVE-2018-25040 (A vulnerability was found in uTorrent Web. It has been declared as cri ...)
- TODO: check
+ NOT-FOR-US: uTorrent
CVE-2018-25039 (A vulnerability was found in Thomson TCW710 ST5D.10.05. It has been de ...)
NOT-FOR-US: Thomson TCW710
CVE-2018-25038 (A vulnerability was found in Thomson TCW710 ST5D.10.05. It has been cl ...)
@@ -6102,7 +6102,7 @@ CVE-2022-31466 (Time of Check - Time of Use (TOCTOU) vulnerability in Quick Heal
CVE-2022-31465 (A vulnerability has been identified in Xpedition Designer (All version ...)
NOT-FOR-US: Siemens
CVE-2022-31464 (Insecure permissions configuration in Adaware Protect v1.2.439.4251 al ...)
- TODO: check
+ NOT-FOR-US: Adaware
CVE-2022-31463 (Owl Labs Meeting Owl 5.2.0.15 does not require a password for Bluetoot ...)
NOT-FOR-US: Owl Labs Meeting Owl
CVE-2022-31462 (Owl Labs Meeting Owl 5.2.0.15 allows attackers to control the device v ...)
@@ -6428,19 +6428,19 @@ CVE-2022-31303
CVE-2022-31302
RESERVED
CVE-2022-31301 (Haraj v3.7 was discovered to contain a stored cross-site scripting (XS ...)
- TODO: check
+ NOT-FOR-US: Haraj
CVE-2022-31300 (A cross-site scripting vulnerability in the DM Section component of Ha ...)
- TODO: check
+ NOT-FOR-US: Haraj
CVE-2022-31299 (Haraj v3.7 was discovered to contain a reflected cross-site scripting ...)
- TODO: check
+ NOT-FOR-US: Haraj
CVE-2022-31298 (A cross-site scripting vulnerability in the ads comment section of Har ...)
- TODO: check
+ NOT-FOR-US: Haraj
CVE-2022-31297
RESERVED
CVE-2022-31296
RESERVED
CVE-2022-31295 (An issue in the delete_post() function of Online Discussion Forum Site ...)
- TODO: check
+ NOT-FOR-US: Online Discussion Forum Site
CVE-2022-31294 (An issue in the save_users() function of Online Discussion Forum Site ...)
NOT-FOR-US: Online Discussion Forum Site
CVE-2022-31293
@@ -9216,15 +9216,15 @@ CVE-2022-30331
CVE-2022-30330 (In the KeepKey firmware before 7.3.2, the bootloader can be exploited ...)
NOT-FOR-US: KeepKey firmware
CVE-2022-30329 (An issue was found on TRENDnet TEW-831DR 1.0 601.130.1.1356 devices. A ...)
- TODO: check
+ NOT-FOR-US: TRENDnet
CVE-2022-30328 (An issue was found on TRENDnet TEW-831DR 1.0 601.130.1.1356 devices. T ...)
- TODO: check
+ NOT-FOR-US: TRENDnet
CVE-2022-30327 (An issue was found on TRENDnet TEW-831DR 1.0 601.130.1.1356 devices. T ...)
- TODO: check
+ NOT-FOR-US: TRENDnet
CVE-2022-30326 (An issue was found on TRENDnet TEW-831DR 1.0 601.130.1.1356 devices. T ...)
- TODO: check
+ NOT-FOR-US: TRENDnet
CVE-2022-30325 (An issue was found on TRENDnet TEW-831DR 1.0 601.130.1.1356 devices. T ...)
- TODO: check
+ NOT-FOR-US: TRENDnet
CVE-2022-30324 (HashiCorp Nomad and Nomad Enterprise version 0.2.0 up to 1.3.0 were im ...)
TODO: check
CVE-2022-30323 (HashiCorp go-getter through 2.0.2 does not safely perform downloads (i ...)
@@ -11885,13 +11885,13 @@ CVE-2022-29455 (DOM-based Reflected Cross-Site Scripting (XSS) vulnerability in
CVE-2022-29454
RESERVED
CVE-2022-29453 (Cross-Site Request Forgery (CSRF) vulnerability in API KEY for Google ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-29452 (Authenticated (editor or higher user role) Stored Cross-Site Scripting ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-29451 (Cross-Site Request Forgery (CSRF) leading to Arbitrary File Upload vul ...)
NOT-FOR-US: WordPress plugin
CVE-2022-29450 (Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in Admin Ma ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-29449 (Authenticated (contributor or higher user role) Stored Cross-Site Scri ...)
NOT-FOR-US: WordPress plugin
CVE-2022-29448 (Authenticated (admin or higher user role) Local File Inclusion (LFI) v ...)
@@ -11905,7 +11905,7 @@ CVE-2022-29445 (Authenticated (administrator or higher role) Local File Inclusio
CVE-2022-29444 (Plugin Settings Change leading to Cross-Site Scripting (XSS) vulnerabi ...)
NOT-FOR-US: WordPress plugin
CVE-2022-29443 (Multiple Authenticated (contributor or higher user role) Stored Cross- ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-29442 (Authenticated (subscriber or higher user role) Stored Cross-Site Scrip ...)
NOT-FOR-US: WordPress plugin
CVE-2022-29441 (Cross-Site Request Forgery (CSRF) vulnerability in Private Messages Fo ...)
@@ -12736,7 +12736,7 @@ CVE-2022-29151 (Windows Cluster Shared Volume (CSV) Elevation of Privilege Vulne
CVE-2022-29150 (Windows Cluster Shared Volume (CSV) Elevation of Privilege Vulnerabili ...)
NOT-FOR-US: Microsoft
CVE-2022-29149 (Azure Open Management Infrastructure (OMI) Elevation of Privilege Vuln ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-29148 (Visual Studio Remote Code Execution Vulnerability. ...)
NOT-FOR-US: Microsoft
CVE-2022-29147
@@ -12748,7 +12748,7 @@ CVE-2022-29145 (.NET and Visual Studio Denial of Service Vulnerability. This CVE
CVE-2022-29144
RESERVED
CVE-2022-29143 (Microsoft SQL Server Remote Code Execution Vulnerability. ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-29142 (Windows Kernel Elevation of Privilege Vulnerability. This CVE ID is un ...)
NOT-FOR-US: Microsoft
CVE-2022-29141 (Windows LDAP Remote Code Execution Vulnerability. This CVE ID is uniqu ...)
@@ -12796,7 +12796,7 @@ CVE-2022-29121 (Windows WLAN AutoConfig Service Denial of Service Vulnerability.
CVE-2022-29120 (Windows Clustered Shared Volume Information Disclosure Vulnerability. ...)
NOT-FOR-US: Microsoft
CVE-2022-29119 (HEVC Video Extensions Remote Code Execution Vulnerability. This CVE ID ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-29118
RESERVED
CVE-2022-29117 (.NET and Visual Studio Denial of Service Vulnerability. This CVE ID is ...)
@@ -12812,7 +12812,7 @@ CVE-2022-29113 (Windows Digital Media Receiver Elevation of Privilege Vulnerabil
CVE-2022-29112 (Windows Graphics Component Information Disclosure Vulnerability. This ...)
NOT-FOR-US: Microsoft
CVE-2022-29111 (HEVC Video Extensions Remote Code Execution Vulnerability. This CVE ID ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-29110 (Microsoft Excel Remote Code Execution Vulnerability. This CVE ID is un ...)
NOT-FOR-US: Microsoft
CVE-2022-29109 (Microsoft Excel Remote Code Execution Vulnerability. This CVE ID is un ...)
@@ -13542,29 +13542,29 @@ CVE-2022-28852
CVE-2022-28851
RESERVED
CVE-2022-28850 (Adobe Bridge version 12.0.1 (and earlier versions) is affected by an o ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2022-28849 (Adobe Bridge version 12.0.1 (and earlier versions) is affected by a Us ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2022-28848 (Adobe Bridge version 12.0.1 (and earlier versions) is affected by an o ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2022-28847 (Adobe Bridge version 12.0.1 (and earlier versions) is affected by an o ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2022-28846 (Adobe Bridge version 12.0.1 (and earlier versions) is affected by an o ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2022-28845 (Adobe Bridge version 12.0.1 (and earlier versions) is affected by an o ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2022-28844 (Adobe Bridge version 12.0.1 (and earlier versions) is affected by an o ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2022-28843 (Adobe Bridge version 12.0.1 (and earlier versions) is affected by an o ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2022-28842 (Adobe Bridge version 12.0.1 (and earlier versions) is affected by a Us ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2022-28841 (Adobe Bridge version 12.0.1 (and earlier versions) is affected by an o ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2022-28840 (Adobe Bridge version 12.0.1 (and earlier versions) is affected by an o ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2022-28839 (Adobe Bridge version 12.0.1 (and earlier versions) is affected by an o ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2022-28838 (Acrobat Acrobat Pro DC version 22.001.2011x (and earlier), 20.005.3033 ...)
NOT-FOR-US: Adobe
CVE-2022-28837 (Acrobat Pro DC version 22.001.2011x (and earlier), 20.005.3033x (and e ...)
@@ -13750,7 +13750,7 @@ CVE-2022-28751
CVE-2022-28750
RESERVED
CVE-2022-28749 (Zooms On-Premise Meeting Connector MMR before version 4.8.113.20220526 ...)
- TODO: check
+ NOT-FOR-US: Zoom
CVE-2022-28748
RESERVED
CVE-2022-28747
@@ -15316,9 +15316,9 @@ CVE-2022-28228
CVE-2022-28227
RESERVED
CVE-2022-28226 (Local privilege vulnerability in Yandex Browser for Windows prior to 2 ...)
- TODO: check
+ NOT-FOR-US: Yandex Browser
CVE-2022-28225 (Local privilege vulnerability in Yandex Browser for Windows prior to 2 ...)
- TODO: check
+ NOT-FOR-US: Yandex Browser
CVE-2022-28224 (Clusters using Calico (version 3.22.1 and below), Calico Enterprise (v ...)
TODO: check
CVE-2022-1191 (SSRF on index.php/cobrowse/proxycss/ in GitHub repository livehelperch ...)
@@ -16592,7 +16592,7 @@ CVE-2022-27861
CVE-2022-27860 (Cross-Site Request Forgery (CSRF) leading to Cross-Site Scripting (XSS ...)
NOT-FOR-US: WordPress plugin
CVE-2022-27859 (Multiple Authenticated (contributor or higher user role) Stored Cross- ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-27858
RESERVED
CVE-2022-27857
@@ -17386,9 +17386,9 @@ CVE-2022-27534 (Kaspersky Anti-Virus products for home and Kaspersky Endpoint Se
CVE-2022-27533
RESERVED
CVE-2022-27532 (A maliciously crafted TIF file in Autodesk 3ds Max 2022 and 2021 can b ...)
- TODO: check
+ NOT-FOR-US: Autodesk
CVE-2022-27531 (A maliciously crafted TIF file can be forced to read beyond allocated ...)
- TODO: check
+ NOT-FOR-US: Autodesk
CVE-2022-27530 (A maliciously crafted TIF or PICT file in Autodesk AutoCAD 2022, 2021, ...)
NOT-FOR-US: Autodesk
CVE-2022-27529 (A maliciously crafted PICT, BMP, PSD or TIF file in Autodesk AutoCAD 2 ...)
@@ -17426,9 +17426,9 @@ CVE-2022-27514
CVE-2022-27513
RESERVED
CVE-2022-27512 (Temporary disruption of the ADM license service. The impact of this in ...)
- TODO: check
+ NOT-FOR-US: Citrix
CVE-2022-27511 (Corruption of the system by a remote, unauthenticated user. The impact ...)
- TODO: check
+ NOT-FOR-US: Citrix
CVE-2022-27510
RESERVED
CVE-2022-27509
@@ -18334,11 +18334,11 @@ CVE-2022-0990 (Server-Side Request Forgery (SSRF) in GitHub repository janeczku/
CVE-2020-36519 (Mimecast Email Security before 2020-01-10 allows any admin to spoof an ...)
NOT-FOR-US: Mimecast Email Security
CVE-2022-27221 (A vulnerability has been identified in SINEMA Remote Connect Server (A ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2022-27220 (A vulnerability has been identified in SINEMA Remote Connect Server (A ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2022-27219 (A vulnerability has been identified in SINEMA Remote Connect Server (A ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2022-27194 (A vulnerability has been identified in SIMATIC PCS neo (Administration ...)
NOT-FOR-US: Siemens
CVE-2022-0989 (An unprivileged user could use the functionality of the NS WooCommerce ...)
@@ -20378,7 +20378,7 @@ CVE-2022-0865 (Reachable Assertion in tiffcp in libtiff 4.3.0 allows attackers t
NOTE: https://gitlab.com/libtiff/libtiff/-/merge_requests/306
NOTE: https://gitlab.com/libtiff/libtiff/-/commit/a1c933dabd0e1c54a412f3f84ae0aa58115c6067
CVE-2022-26476 (A vulnerability has been identified in Spectrum Power 4 (All versions ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2022-26475
RESERVED
CVE-2022-26474
@@ -21230,7 +21230,7 @@ CVE-2022-26175
CVE-2022-26174 (A remote code execution (RCE) vulnerability in Beekeeper Studio v3.2.0 ...)
NOT-FOR-US: Beekeeper Studio
CVE-2022-26173 (JForum v2.8.0 was discovered to contain a Cross-Site Request Forgery ( ...)
- TODO: check
+ NOT-FOR-US: JForum2
CVE-2022-26172
RESERVED
CVE-2022-26171 (Bank Management System v1.o was discovered to contain a SQL injection ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bab4bfb0b4f99890dce21b0c385a055ce66addbe
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bab4bfb0b4f99890dce21b0c385a055ce66addbe
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220617/4eb7790c/attachment.htm>
More information about the debian-security-tracker-commits
mailing list