[Git][security-tracker-team/security-tracker][master] Process some NFUs
Neil Williams (@codehelp)
codehelp at debian.org
Fri May 13 09:24:07 BST 2022
Neil Williams pushed to branch master at Debian Security Tracker / security-tracker
Commits:
c1fab697 by Neil Williams at 2022-05-13T09:23:37+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -8602,13 +8602,13 @@ CVE-2022-27655 (When a user opens a manipulated Universal 3D (.u3d, 3difr.x3d) r
CVE-2022-27654 (When a user opens a manipulated Photoshop Document (.psd, 2d.x3d) rece ...)
NOT-FOR-US: SAP
CVE-2022-26518 (An OS command injection vulnerability exists in the console infactory_ ...)
- TODO: check
+ NOT-FOR-US: InHand Networks InRouter302
CVE-2022-26422
RESERVED
CVE-2022-26420 (An OS command injection vulnerability exists in the console infactory_ ...)
- TODO: check
+ NOT-FOR-US: InHand Networks InRouter302
CVE-2022-26075 (An OS command injection vulnerability exists in the console infactory_ ...)
- TODO: check
+ NOT-FOR-US: InHand Networks InRouter302
CVE-2022-1056 (Out-of-bounds Read error in tiffcrop in libtiff 4.3.0 allows attackers ...)
- tiff <unfixed> (unimportant)
NOTE: https://gitlab.com/libtiff/libtiff/-/issues/391
@@ -10082,7 +10082,7 @@ CVE-2022-27166
CVE-2022-26511 (WPS Presentation 11.8.0.5745 insecurely load d3dx9_41.dll when opening ...)
NOT-FOR-US: WPS Presentation
CVE-2022-26510 (A firmware update vulnerability exists in the iburn firmware checks fu ...)
- TODO: check
+ NOT-FOR-US: InHand Networks InRouter302
CVE-2022-26303
RESERVED
CVE-2022-26082
@@ -11079,11 +11079,11 @@ CVE-2022-0907 (Unchecked Return Value to NULL Pointer Dereference in tiffcrop in
NOTE: https://gitlab.com/libtiff/libtiff/-/merge_requests/314
NOTE: https://gitlab.com/libtiff/libtiff/-/commit/40b00cfb32256d377608b4d4cd30fac338d0a0bc
CVE-2022-26782 (Multiple improper input validation vulnerabilities exists in the libnv ...)
- TODO: check
+ NOT-FOR-US: InHand Networks InRouter302
CVE-2022-26781 (Multiple improper input validation vulnerabilities exists in the libnv ...)
- TODO: check
+ NOT-FOR-US: InHand Networks InRouter302
CVE-2022-26780 (Multiple improper input validation vulnerabilities exists in the libnv ...)
- TODO: check
+ NOT-FOR-US: InHand Networks InRouter302
CVE-2022-26779 (Apache CloudStack prior to 4.16.1.0 used insecure random number genera ...)
NOT-FOR-US: Apache CloudStack
CVE-2022-0906 (Unrestricted file upload leads to stored XSS in GitHub repository micr ...)
@@ -12996,7 +12996,7 @@ CVE-2022-26118
CVE-2022-26117
RESERVED
CVE-2022-26116 (Multiple improper neutralization of special elements used in SQL comma ...)
- TODO: check
+ NOT-FOR-US: Fortiguard FortiNAC
CVE-2022-26115
RESERVED
CVE-2022-26114
@@ -13006,13 +13006,13 @@ CVE-2022-26113
CVE-2022-26112
RESERVED
CVE-2022-26042 (An OS command injection vulnerability exists in the daretools binary f ...)
- TODO: check
+ NOT-FOR-US: InHand Networks InRouter302
CVE-2022-26007 (An OS command injection vulnerability exists in the console factory fu ...)
- TODO: check
+ NOT-FOR-US: InHand Networks InRouter302
CVE-2022-26002 (A stack-based buffer overflow vulnerability exists in the console fact ...)
- TODO: check
+ NOT-FOR-US: InHand Networks InRouter302
CVE-2022-25995 (A command execution vulnerability exists in the console inhand functio ...)
- TODO: check
+ NOT-FOR-US: InHand Networks InRouter302
CVE-2022-0765 (The Loco Translate WordPress plugin before 2.6.1 does not properly rem ...)
NOT-FOR-US: WordPress plugin
CVE-2022-0764 (Arbitrary Command Injection in GitHub repository strapi/strapi prior t ...)
@@ -13089,7 +13089,7 @@ CVE-2022-0759 (A flaw was found in all versions of kubeclient up to (but not inc
NOTE: https://github.com/ManageIQ/kubeclient/issues/555
NOTE: https://github.com/ManageIQ/kubeclient/pull/556
CVE-2022-26085 (An OS command injection vulnerability exists in the httpd wlscan_ASP f ...)
- TODO: check
+ NOT-FOR-US: InHand Networks InRouter302
CVE-2022-26068 (This affects the package pistacheio/pistache before 0.0.3.20220425. It ...)
- pistache <itp> (bug #929593)
CVE-2022-26066
@@ -14060,11 +14060,11 @@ CVE-2022-25651
CVE-2022-25650 (A vulnerability has been identified in Mendix Applications using Mendi ...)
NOT-FOR-US: Siemens
CVE-2022-25172 (An information disclosure vulnerability exists in the web interface se ...)
- TODO: check
+ NOT-FOR-US: InHand Networks InRouter302
CVE-2022-25170 (The affected product is vulnerable to a stack-based buffer overflow wh ...)
NOT-FOR-US: FATEK Automation
CVE-2022-24910 (A buffer overflow vulnerability exists in the httpd parse_ping_result ...)
- TODO: check
+ NOT-FOR-US: InHand Networks InRouter302
CVE-2022-23985 (The affected product is vulnerable to an out-of-bounds write while pro ...)
NOT-FOR-US: FATEK Automation
CVE-2022-21809 (A file write vulnerability exists in the httpd upload.cgi functionalit ...)
@@ -17369,7 +17369,7 @@ CVE-2022-24585 (A stored cross-site scripting (XSS) vulnerability in the compone
- pluxml <unfixed> (bug #1008264)
NOTE: https://github.com/Nguyen-Trung-Kien/CVE/blob/main/CVE-2022-24585/CVE-2022-24585.pdf
CVE-2022-24584 (Incorrect access control in Yubico OTP functionality of the YubiKey ha ...)
- TODO: check
+ NOT-FOR-US: yubico.com
CVE-2022-24583
RESERVED
CVE-2022-24582 (Accounting Journal Management 1.0 is vulnerable to XSS-PHPSESSID-Hijac ...)
@@ -17618,7 +17618,7 @@ CVE-2022-24468 (Azure Site Recovery Remote Code Execution Vulnerability. This CV
CVE-2022-24467 (Azure Site Recovery Remote Code Execution Vulnerability. This CVE ID i ...)
NOT-FOR-US: Microsoft
CVE-2022-24466 (Windows Hyper-V Security Feature Bypass Vulnerability. ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-24465 (Microsoft Intune Portal for iOS Security Feature Bypass Vulnerability. ...)
NOT-FOR-US: Microsoft
CVE-2022-24464 (.NET and Visual Studio Denial of Service Vulnerability. ...)
@@ -18396,7 +18396,9 @@ CVE-2022-24274
CVE-2022-24273
RESERVED
CVE-2022-24272 (An authenticated user may trigger an invariant assertion during comman ...)
- TODO: check
+ - mongodb <removed>
+ [stretch] - mongodb <end-of-life> (https://lists.debian.org/debian-lts/2020/11/msg00058.html)
+ NOTE: https://jira.mongodb.org/browse/SERVER-63968
CVE-2022-23400 (A stack-based buffer overflow vulnerability exists in the IGXMPXMLPars ...)
NOT-FOR-US: Accusoft ImageGear
CVE-2022-0435 (A stack overflow flaw was found in the Linux kernel's TIPC protocol fu ...)
@@ -18923,13 +18925,13 @@ CVE-2022-24106
CVE-2022-24105 (Adobe Photoshop versions 22.5.6 (and earlier)and 23.2.2 (and earlier) ...)
NOT-FOR-US: Adobe
CVE-2022-24104 (Acrobat Reader DC versions 20.001.20085 (and earlier), 20.005.3031x (a ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2022-24103 (Acrobat Reader DC versions 20.001.20085 (and earlier), 20.005.3031x (a ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2022-24102 (Acrobat Reader DC versions 20.001.20085 (and earlier), 20.005.3031x (a ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2022-24101 (Acrobat Reader DC versions 20.001.20085 (and earlier), 20.005.3031x (a ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2022-24100
RESERVED
CVE-2022-24099 (Adobe Photoshop versions 22.5.6 (and earlier)and 23.2.2 (and earlier) ...)
@@ -20623,7 +20625,7 @@ CVE-2022-23745
CVE-2022-23744
RESERVED
CVE-2022-23743 (Check Point ZoneAlarm before version 15.8.200.19118 allows a local act ...)
- TODO: check
+ NOT-FOR-US: Check Point ZoneAlarm
CVE-2022-23742 (Check Point Endpoint Security Client for Windows versions earlier than ...)
TODO: check
CVE-2022-23741
@@ -21677,7 +21679,7 @@ CVE-2022-23334
CVE-2022-23333
RESERVED
CVE-2022-23332 (Command injection vulnerability in Manual Ping Form (Web UI) in Shenzh ...)
- TODO: check
+ NOT-FOR-US: Ejoin Information Technology
CVE-2022-23331 (In DataEase v1.6.1, an authenticated user can gain unauthorized access ...)
NOT-FOR-US: DataEase
CVE-2022-23330 (A remote code execution (RCE) vulnerability in HelloWorldAddonControll ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c1fab697e7935a39ff6f788381a296ec8e910ef0
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c1fab697e7935a39ff6f788381a296ec8e910ef0
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220513/1c46a688/attachment.htm>
More information about the debian-security-tracker-commits
mailing list