[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Sun Nov 6 14:01:40 GMT 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
a8046100 by Salvatore Bonaccorso at 2022-11-06T15:00:25+01:00
Process NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -5570,7 +5570,7 @@ CVE-2022-3677
CVE-2022-3676 (In Eclipse Openj9 before version 0.35.0, interface calls can be inline ...)
NOT-FOR-US: Eclipse Openj9
CVE-2022-3675 (Fedora CoreOS supports setting a GRUB bootloader password using a Buta ...)
- TODO: check
+ NOT-FOR-US: Fedora CoreOS grub-password feature
CVE-2022-3674 (A vulnerability has been found in SourceCodester Sanitization Manageme ...)
NOT-FOR-US: SourceCodester Sanitization Management System
CVE-2022-3673 (A vulnerability, which was classified as problematic, was found in Sou ...)
@@ -8191,7 +8191,7 @@ CVE-2022-42745 (CandidATS version 3.0.0 allows an external attacker to read arbi
CVE-2022-42744 (CandidATS version 3.0.0 allows an external attacker to perform CRUD op ...)
NOT-FOR-US: CandidATS
CVE-2022-42743 (deep-parse-json version 1.0.2 allows an external attacker to edit or a ...)
- TODO: check
+ NOT-FOR-US: deep-parse-json Nodejs module
CVE-2022-42742
RESERVED
CVE-2022-42741
@@ -10639,15 +10639,15 @@ CVE-2022-41715 (Programs which compile regular expressions from untrusted source
NOTE: https://github.com/golang/go/commit/645abfe529dc325e16daa17210640c2907d1c17a (go1.19.2)
NOTE: https://github.com/golang/go/commit/e9017c2416ad0ef642f5e0c2eab2dbf3cba4d997 (go1.18.7)
CVE-2022-41714 (fastest-json-copy version 1.0.1 allows an external attacker to edit or ...)
- TODO: check
+ NOT-FOR-US: fastest-json-copy Nodejs module
CVE-2022-41713 (deep-object-diff version 1.1.0 allows an external attacker to edit or ...)
- TODO: check
+ NOT-FOR-US: deep-object-diff Nodejs module
CVE-2022-41712
RESERVED
CVE-2022-41711 (Badaso version 2.6.0 allows an unauthenticated remote attacker to exec ...)
NOT-FOR-US: Badaso
CVE-2022-41710 (Markdownify version 1.4.1 allows an external attacker to remotely obta ...)
- TODO: check
+ NOT-FOR-US: Markdownify
CVE-2022-41709 (Markdownify version 1.4.1 allows an external attacker to execute arbit ...)
NOT-FOR-US: Markdownify
CVE-2022-41708 (Relatedcode's Messenger version 7bcd20b allows an authenticated extern ...)
@@ -12801,7 +12801,7 @@ CVE-2022-40841
CVE-2022-40840 (ndk design NdkAdvancedCustomizationFields 3.5.0 is vulnerable to Cross ...)
TODO: check
CVE-2022-40839 (A SQL injection vulnerability in the height and width parameter in Ndk ...)
- TODO: check
+ NOT-FOR-US: NdkAdvancedCustomizationFields
CVE-2022-40838
RESERVED
CVE-2022-40837
@@ -14181,7 +14181,7 @@ CVE-2022-40278 (An issue was discovered in Samsung TizenRT through 3.0_GBM (and
CVE-2022-40277 (Joplin version 2.8.8 allows an external attacker to execute arbitrary ...)
NOT-FOR-US: Joplin
CVE-2022-40276 (Zettlr version 2.3.0 allows an external attacker to remotely obtain ar ...)
- TODO: check
+ NOT-FOR-US: Zettlr
CVE-2022-40275
RESERVED
CVE-2022-40274 (Gridea version 0.9.3 allows an external attacker to execute arbitrary ...)
@@ -16223,7 +16223,7 @@ CVE-2022-39383
CVE-2022-39382 (Keystone is a headless CMS for Node.js — built with GraphQL and ...)
NOT-FOR-US: Keystone CMS
CVE-2022-39381 (Muhammara is a node module with c/cpp bindings to modify PDF with js f ...)
- TODO: check
+ NOT-FOR-US: Muhammara Nodejs module
CVE-2022-39380
RESERVED
CVE-2022-39379 (Fluentd collects events from various data sources and writes them to f ...)
@@ -16314,7 +16314,7 @@ CVE-2022-39346
CVE-2022-39345 (Gin-vue-admin is a backstage management system based on vue and gin, w ...)
NOT-FOR-US: Gin-vue-admin
CVE-2022-39344 (Azure RTOS USBX is a USB host, device, and on-the-go (OTG) embedded st ...)
- TODO: check
+ NOT-FOR-US: Azure RTOS USBX
CVE-2022-39343
RESERVED
CVE-2022-39342 (OpenFGA is an authorization/permission engine. Versions prior to versi ...)
@@ -16350,7 +16350,7 @@ CVE-2022-39328
CVE-2022-39327 (Azure CLI is the command-line interface for Microsoft Azure. In versio ...)
TODO: check
CVE-2022-39326 (kartverket/github-workflows are shared reusable workflows for GitHub A ...)
- TODO: check
+ NOT-FOR-US: kartverket/github-workflows
CVE-2022-39325
RESERVED
CVE-2022-39324
@@ -16360,7 +16360,7 @@ CVE-2022-39323 (GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is
NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-cp6q-9p4x-8hr9
NOTE: Only supported behind an authenticated HTTP zone
CVE-2022-39322 (@keystone-6/core is a core package for Keystone 6, a content managemen ...)
- TODO: check
+ NOT-FOR-US: Keystone CMS
CVE-2022-39321 (GitHub Actions Runner is the application that runs a job from a GitHub ...)
TODO: check
CVE-2022-39320
@@ -16402,7 +16402,7 @@ CVE-2022-39303 (Ree6 is a moderation bot. This vulnerability allows manipulation
CVE-2022-39302 (Ree6 is a moderation bot. This vulnerability would allow other server ...)
NOT-FOR-US: Ree6
CVE-2022-39301 (sra-admin is a background rights management system that separates the ...)
- TODO: check
+ NOT-FOR-US: sra-admin
CVE-2022-39300 (node SAML is a SAML 2.0 library based on the SAML implementation of pa ...)
NOT-FOR-US: Node saml
CVE-2022-39299 (Passport-SAML is a SAML 2.0 authentication provider for Passport, the ...)
@@ -17218,7 +17218,7 @@ CVE-2022-33941 (PowerCMS XMLRPC API provided by Alfasado Inc. contains a command
CVE-2022-3060 (Improper control of a resource identifier in Error Tracking in GitLab ...)
- gitlab <unfixed>
CVE-2022-3059 (The application was vulnerable to multiple instances of SQL injection ...)
- TODO: check
+ NOT-FOR-US: Schoolbox
CVE-2022-3058 (Use after free in Sign-In Flow in Google Chrome prior to 105.0.5195.52 ...)
{DSA-5223-1}
- chromium 105.0.5195.52-1
@@ -17830,7 +17830,7 @@ CVE-2022-3025 (The Bitcoin / Altcoin Faucet WordPress plugin through 1.6.0 does
CVE-2022-3024 (The Simple Bitcoin Faucets WordPress plugin through 1.7.0 does not hav ...)
NOT-FOR-US: WordPress plugin
CVE-2022-3023 (Use of Externally-Controlled Format String in GitHub repository pingca ...)
- TODO: check
+ NOT-FOR-US: pingcap/tidb
CVE-2022-3022
REJECTED
CVE-2022-3021 (The Slickr Flickr WordPress plugin through 2.8.1 does not sanitise and ...)
@@ -19838,7 +19838,7 @@ CVE-2022-38183 (In Gitea before 1.16.9, it was possible for users to add existin
CVE-2022-38182
RESERVED
CVE-2022-38181 (An Arm product family through 2022-08-12 mail GPU kernel driver allows ...)
- TODO: check
+ NOT-FOR-US: ARM Mali GPU driver
CVE-2022-2809 (A vulnerability in bmcweb of OpenBMC Project allows user to cause deni ...)
NOT-FOR-US: OpenBMC
CVE-2022-38180 (In JetBrains Ktor before 2.1.0 the wrong authentication provider could ...)
@@ -21235,11 +21235,11 @@ CVE-2022-37625
CVE-2022-37624
RESERVED
CVE-2022-37623 (Prototype pollution vulnerability in function resolveShims in resolve- ...)
- TODO: check
+ NOT-FOR-US: browserify-shim
CVE-2022-37622
RESERVED
CVE-2022-37621 (Prototype pollution vulnerability in function resolveShims in resolve- ...)
- TODO: check
+ NOT-FOR-US: browserify-shim
CVE-2022-37620 (A Regular Expression Denial of Service (ReDoS) flaw was found in kanga ...)
TODO: check
CVE-2022-37619
@@ -21281,7 +21281,7 @@ CVE-2022-37605
CVE-2022-37604
RESERVED
CVE-2022-37603 (A Regular expression denial of service (ReDoS) flaw was found in Funct ...)
- TODO: check
+ NOT-FOR-US: loader-utils
CVE-2022-37602 (Prototype pollution vulnerability in karma-runner grunt-karma 4.0.1 vi ...)
TODO: check
CVE-2022-37601 (Prototype pollution vulnerability in function parseQuery in parseQuery ...)
@@ -25790,33 +25790,33 @@ CVE-2022-35889
CVE-2022-35888 (Ampere Altra and Ampere Altra Max devices through 2022-07-15 allow att ...)
NOT-FOR-US: Ampere Altra and Ampere Altra Max devices
CVE-2022-35887 (Four format string injection vulnerabilities exist in the web interfac ...)
- TODO: check
+ NOT-FOR-US: Abode
CVE-2022-35886 (Four format string injection vulnerabilities exist in the web interfac ...)
- TODO: check
+ NOT-FOR-US: Abode
CVE-2022-35885 (Four format string injection vulnerabilities exist in the web interfac ...)
- TODO: check
+ NOT-FOR-US: Abode
CVE-2022-35884 (Four format string injection vulnerabilities exist in the web interfac ...)
- TODO: check
+ NOT-FOR-US: Abode
CVE-2022-35881 (Four format string injection vulnerabilities exist in the UPnP logging ...)
- TODO: check
+ NOT-FOR-US: Abode
CVE-2022-35880 (Four format string injection vulnerabilities exist in the UPnP logging ...)
- TODO: check
+ NOT-FOR-US: Abode
CVE-2022-35879 (Four format string injection vulnerabilities exist in the UPnP logging ...)
- TODO: check
+ NOT-FOR-US: Abode
CVE-2022-35878 (Four format string injection vulnerabilities exist in the UPnP logging ...)
- TODO: check
+ NOT-FOR-US: Abode
CVE-2022-33938 (A format string injection vulnerability exists in the ghome_process_co ...)
- TODO: check
+ NOT-FOR-US: Abode
CVE-2022-35877 (Four format string injection vulnerabilities exist in the XCMD testWif ...)
- TODO: check
+ NOT-FOR-US: Abode
CVE-2022-35876 (Four format string injection vulnerabilities exist in the XCMD testWif ...)
- TODO: check
+ NOT-FOR-US: Abode
CVE-2022-35875 (Four format string injection vulnerabilities exist in the XCMD testWif ...)
- TODO: check
+ NOT-FOR-US: Abode
CVE-2022-35874 (Four format string injection vulnerabilities exist in the XCMD testWif ...)
- TODO: check
+ NOT-FOR-US: Abode
CVE-2022-35244 (A format string injection vulnerability exists in the XCMD getVarHA fu ...)
- TODO: check
+ NOT-FOR-US: Abode
CVE-2022-2446
RESERVED
CVE-2022-2445
@@ -25958,7 +25958,7 @@ CVE-2022-35853
CVE-2022-35852
RESERVED
CVE-2022-35851 (An improper neutralization of input during web page generation vulnera ...)
- TODO: check
+ NOT-FOR-US: FortiGuard
CVE-2022-35850
RESERVED
CVE-2022-35849
@@ -25976,7 +25976,7 @@ CVE-2022-35844 (An improper neutralization of special elements used in an OS com
CVE-2022-35843
RESERVED
CVE-2022-35842 (An exposure of sensitive information to an unauthorized actor vulnerab ...)
- TODO: check
+ NOT-FOR-US: FortiGuard
CVE-2022-35841 (Windows Enterprise App Management Service Remote Code Execution Vulner ...)
NOT-FOR-US: Microsoft
CVE-2022-35840 (Microsoft OLE DB Provider for SQL Server Remote Code Execution Vulnera ...)
@@ -26200,7 +26200,7 @@ CVE-2022-2396 (A vulnerability classified as problematic was found in SourceCode
CVE-2022-35740
RESERVED
CVE-2022-35739 (PRTG Network Monitor through 22.2.77.2204 does not prevent custom inpu ...)
- TODO: check
+ NOT-FOR-US: PRTG Network Monitor
CVE-2022-35738
RESERVED
CVE-2022-35737 (SQLite 1.0.12 through 3.39.x before 3.39.2 sometimes allows an array-b ...)
@@ -27405,15 +27405,15 @@ CVE-2022-35279 ("IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, 18.0.0.2,
CVE-2022-35278 (In Apache ActiveMQ Artemis prior to 2.24.0, an attacker could show mal ...)
NOT-FOR-US: Apache ActiveMQ Artemis
CVE-2022-34850 (An OS command injection vulnerability exists in the web_server /action ...)
- TODO: check
+ NOT-FOR-US: Robustel R1510
CVE-2022-34845 (A firmware update vulnerability exists in the sysupgrade functionality ...)
- TODO: check
+ NOT-FOR-US: Robustel R1510
CVE-2022-33975
RESERVED
CVE-2022-33897 (A directory traversal vulnerability exists in the web_server /ajax/rem ...)
- TODO: check
+ NOT-FOR-US: Robustel R1510
CVE-2022-33150 (An OS command injection vulnerability exists in the js_package install ...)
- TODO: check
+ NOT-FOR-US: Robustel R1510
CVE-2022-2339 (With this SSRF vulnerability, an attacker can reach internal addresses ...)
NOT-FOR-US: nocodb
CVE-2022-2338 (Softing Secure Integration Server V1.22 is vulnerable to authenticatio ...)
@@ -27431,27 +27431,27 @@ CVE-2022-2333 (If an attacker manages to trick a valid user into loading a malic
CVE-2022-2332 (A local unprivileged attacker may escalate to administrator privileges ...)
NOT-FOR-US: Honeywell
CVE-2022-35271 (A denial of service vulnerability exists in the web_server hashFirst f ...)
- TODO: check
+ NOT-FOR-US: Robustel R1510
CVE-2022-35270 (A denial of service vulnerability exists in the web_server hashFirst f ...)
- TODO: check
+ NOT-FOR-US: Robustel R1510
CVE-2022-35269 (A denial of service vulnerability exists in the web_server hashFirst f ...)
- TODO: check
+ NOT-FOR-US: Robustel R1510
CVE-2022-35268 (A denial of service vulnerability exists in the web_server hashFirst f ...)
- TODO: check
+ NOT-FOR-US: Robustel R1510
CVE-2022-35267 (A denial of service vulnerability exists in the web_server hashFirst f ...)
- TODO: check
+ NOT-FOR-US: Robustel R1510
CVE-2022-35266 (A denial of service vulnerability exists in the web_server hashFirst f ...)
- TODO: check
+ NOT-FOR-US: Robustel R1510
CVE-2022-35265 (A denial of service vulnerability exists in the web_server hashFirst f ...)
- TODO: check
+ NOT-FOR-US: Robustel R1510
CVE-2022-35264 (A denial of service vulnerability exists in the web_server hashFirst f ...)
- TODO: check
+ NOT-FOR-US: Robustel R1510
CVE-2022-35263 (A denial of service vulnerability exists in the web_server hashFirst f ...)
- TODO: check
+ NOT-FOR-US: Robustel R1510
CVE-2022-35262 (A denial of service vulnerability exists in the web_server hashFirst f ...)
- TODO: check
+ NOT-FOR-US: Robustel R1510
CVE-2022-35261 (A denial of service vulnerability exists in the web_server hashFirst f ...)
- TODO: check
+ NOT-FOR-US: Robustel R1510
CVE-2022-35260 [.netrc parser out-of-bounds access]
RESERVED
- curl 7.86.0-1
@@ -27507,7 +27507,7 @@ CVE-2022-35246 (A NoSQL-Injection information disclosure vulnerability vulnerabi
CVE-2022-34866 (Passage Drive versions v1.4.0 to v1.5.1.0 and Passage Drive for Box ve ...)
NOT-FOR-US: Passage Drive
CVE-2022-32765 (An OS command injection vulnerability exists in the sysupgrade command ...)
- TODO: check
+ NOT-FOR-US: Robustel R1510
CVE-2022-2331
RESERVED
CVE-2022-2330 (Improper Restriction of XML External Entity Reference vulnerability in ...)
@@ -28725,7 +28725,7 @@ CVE-2022-27235 (Multiple Broken Access Control vulnerabilities in Social Share B
CVE-2022-26366
RESERVED
CVE-2022-25952 (Cross-Site Request Forgery (CSRF) vulnerability in Keywordrush Content ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-2276 (The WP Edit Menu WordPress plugin before 1.5.0 does not have authorisa ...)
NOT-FOR-US: WordPress plugin
CVE-2022-2275 (The WP Edit Menu WordPress plugin before 1.5.0 does not have CSRF in a ...)
@@ -30375,7 +30375,7 @@ CVE-2022-2169 (The Loading Page with Loading Screen WordPress plugin before 1.0.
CVE-2022-2168 (The Download Manager WordPress plugin before 3.2.44 does not escape a ...)
NOT-FOR-US: WordPress plugin
CVE-2022-2167 (The Newspaper WordPress theme before 12 does not sanitise a parameter ...)
- TODO: check
+ NOT-FOR-US: WordPress theme
CVE-2022-34270
RESERVED
CVE-2022-34269
@@ -31573,7 +31573,7 @@ CVE-2022-33879 (The initial fixes in CVE-2022-30126 and CVE-2022-30973 for regex
[buster] - tika <no-dsa> (Minor issue)
NOTE: https://www.openwall.com/lists/oss-security/2022/06/27/5
CVE-2022-33878 (An exposure of sensitive information to an unauthorized actor vulnerab ...)
- TODO: check
+ NOT-FOR-US: FortiGuard
CVE-2022-33877
RESERVED
CVE-2022-33876
@@ -31589,7 +31589,7 @@ CVE-2022-33872 (An improper neutralization of special elements used in an OS Com
CVE-2022-33871
RESERVED
CVE-2022-33870 (An improper neutralization of special elements used in an OS command v ...)
- TODO: check
+ NOT-FOR-US: FortiGuard
CVE-2022-33869
RESERVED
CVE-2022-2100 (The Page Generator WordPress plugin before 1.6.5 does not sanitise and ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a8046100a9267936f328219682b51c0916ac9580
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a8046100a9267936f328219682b51c0916ac9580
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221106/afbbea19/attachment.htm>
More information about the debian-security-tracker-commits
mailing list