[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Nov 11 20:30:34 GMT 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
2fa71d05 by Salvatore Bonaccorso at 2022-11-11T21:30:03+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -64,23 +64,23 @@ CVE-2022-3952 (A vulnerability has been found in ManyDesigns Portofino 5.3.2 and
CVE-2022-3951
RESERVED
CVE-2022-3950 (A vulnerability, which was classified as problematic, was found in san ...)
- TODO: check
+ NOT-FOR-US: sanluan PublicCMS
CVE-2022-3949 (A vulnerability, which was classified as problematic, has been found i ...)
- TODO: check
+ NOT-FOR-US: Sourcecodester Simple Cashiering System
CVE-2022-3948 (A vulnerability classified as critical was found in eolinker goku_lite ...)
- TODO: check
+ NOT-FOR-US: eolinker goku_lite
CVE-2022-3947 (A vulnerability classified as critical has been found in eolinker goku ...)
- TODO: check
+ NOT-FOR-US: eolinker goku_lite
CVE-2022-3946
RESERVED
CVE-2022-3945 (Improper Restriction of Excessive Authentication Attempts in GitHub re ...)
TODO: check
CVE-2022-3944 (A vulnerability was found in jerryhanjj ERP. It has been declared as c ...)
- TODO: check
+ NOT-FOR-US: jerryhanjj ERP
CVE-2022-3943 (A vulnerability was found in ForU CMS. It has been classified as probl ...)
- TODO: check
+ NOT-FOR-US: ForU CMS
CVE-2022-3942 (A vulnerability was found in SourceCodester Sanitization Management Sy ...)
- TODO: check
+ NOT-FOR-US: SourceCodester Sanitization Management System
CVE-2022-45146
RESERVED
CVE-2022-45145
@@ -12076,7 +12076,7 @@ CVE-2022-40196
CVE-2022-38136
RESERVED
CVE-2022-38099 (Improper input validation in BIOS firmware for some Intel(R) NUC 11 Co ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-3328
RESERVED
CVE-2022-3327 (Missing Authentication for Critical Function in GitHub repository ikus ...)
@@ -22972,13 +22972,13 @@ CVE-2022-2647 (A vulnerability was found in jeecg-boot. It has been declared as
CVE-2022-37397 (An issue was discovered in the YugabyteDB 2.6.1 when using LDAP-based ...)
NOT-FOR-US: YugabyteDB
CVE-2022-37345 (Improper authentication in BIOS firmware[A1] for some Intel(R) NUC Kit ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-37334 (Improper initialization in BIOS firmware for some Intel(R) NUC 11 Pro ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-37327
RESERVED
CVE-2022-36789 (Improper access control in BIOS firmware for some Intel(R) NUC 10 Perf ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-36391
RESERVED
CVE-2022-36339
@@ -22986,9 +22986,9 @@ CVE-2022-36339
CVE-2022-35400
RESERVED
CVE-2022-35276 (Improper access control in BIOS firmware for some Intel(R) NUC 8 Compu ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-34152 (Improper input validation in BIOS firmware for some Intel(R) NUC Board ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-32766
RESERVED
CVE-2022-2646 (A vulnerability, which was classified as problematic, was found in Sou ...)
@@ -24249,7 +24249,7 @@ CVE-2022-36393
CVE-2022-36366
RESERVED
CVE-2022-36349 (Insecure default variable initialization in BIOS firmware for some Int ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-34653
RESERVED
CVE-2022-33145
@@ -25379,17 +25379,17 @@ CVE-2017-20145 (A vulnerability was found in Tecrail Responsive Filemanger up to
CVE-2017-20144 (A vulnerability has been found in Anvsoft PDFMate PDF Converter Pro 1. ...)
NOT-FOR-US: Anvsoft PDFMate PDF Converter Pro
CVE-2022-36400 (Path traversal in the installer software for some Intel(r) NUC Kit Wir ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-36392
RESERVED
CVE-2022-36384 (Unquoted search path in the installer software for some Intel(r) NUC K ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-36382
RESERVED
CVE-2022-36380 (Uncontrolled search path in the installer software for some Intel(r) N ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-36370 (Improper authentication in BIOS firmware for some Intel(R) NUC Boards ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-36283
RESERVED
CVE-2022-34864
@@ -25435,7 +25435,7 @@ CVE-2022-36396
CVE-2022-36395
RESERVED
CVE-2022-36377 (Incorrect default permissions in the installer software for some Intel ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-36374
RESERVED
CVE-2022-36287
@@ -25569,7 +25569,7 @@ CVE-2022-2510 (Cross-site Scripting (XSS) vulnerability in "Extension:ExtendedSe
CVE-2022-36372
RESERVED
CVE-2022-36367 (Incorrect default permissions in the Intel(R) Support Android applicat ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-36364 (Apache Calcite Avatica JDBC driver creates HTTP client instances based ...)
NOT-FOR-US: Apache Calcite
CVE-2022-36298
@@ -27278,7 +27278,7 @@ CVE-2022-2397
CVE-2022-2396 (A vulnerability classified as problematic was found in SourceCodester ...)
NOT-FOR-US: Simple e-Learning System
CVE-2022-35740 (dotCMS before 22.06 allows remote attackers to bypass intended access ...)
- TODO: check
+ NOT-FOR-US: dotCMS
CVE-2022-35739 (PRTG Network Monitor through 22.2.77.2204 does not prevent custom inpu ...)
NOT-FOR-US: PRTG Network Monitor
CVE-2022-35738
@@ -32192,7 +32192,7 @@ CVE-2022-33982
CVE-2022-33976
RESERVED
CVE-2022-33973 (Improper access control in the Intel(R) WAPI Security software for Win ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-33898
RESERVED
CVE-2022-32764
@@ -32330,7 +32330,7 @@ CVE-2022-33950
CVE-2022-33945
RESERVED
CVE-2022-33942 (Protection mechanism failure in the Intel(R) DCM software before versi ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-33902
RESERVED
CVE-2022-33899
@@ -32348,7 +32348,7 @@ CVE-2022-33200
CVE-2022-33188
RESERVED
CVE-2022-33176 (Improper input validation in BIOS firmware for some Intel(R) NUC 11 Pe ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-33143
RESERVED
CVE-2022-33141
@@ -32374,13 +32374,13 @@ CVE-2022-31477
CVE-2022-30704
RESERVED
CVE-2022-30691 (Uncontrolled resource consumption in the Intel(R) Support Android appl ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-30606
RESERVED
CVE-2022-30537
RESERVED
CVE-2022-30297 (Cross-site scripting in the Intel(R) EMA software before version 1.8.0 ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-29924
RESERVED
CVE-2022-29921
@@ -35585,7 +35585,7 @@ CVE-2022-32590 (In wlan, there is a possible use after free due to an incorrect
CVE-2022-32589 (In Wi-Fi driver, there is a possible way to disconnect Wi-Fi due to an ...)
NOT-FOR-US: Mediatek
CVE-2022-32569 (Improper buffer restrictions in BIOS firmware for some Intel(R) NUC M1 ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-32568
RESERVED
CVE-2022-32567 (The Appfire Jira Misc Custom Fields (JMCF) app 2.4.6 for Atlassian Jir ...)
@@ -35625,7 +35625,7 @@ CVE-2022-30944 (Insufficiently protected credentials for Intel(R) AMT and Intel(
CVE-2022-30601 (Insufficiently protected credentials for Intel(R) AMT and Intel(R) Sta ...)
NOT-FOR-US: Intel
CVE-2022-30542 (Improper input validation in the firmware for some Intel(R) Server Boa ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-30539
RESERVED
CVE-2022-29920
@@ -41766,7 +41766,7 @@ CVE-2022-1671 (A NULL pointer dereference flaw was found in rxrpc_preparse_s in
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2083992
NOTE: Fixed by: https://git.kernel.org/linus/ff8376ade4f668130385839cef586a0990f8ef87 (5.18-rc1)
CVE-2022-30548 (Uncontrolled search path element in the Intel(R) Glorp software may al ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-30339
RESERVED
CVE-2022-30338
@@ -41776,11 +41776,11 @@ CVE-2022-30296 (Insufficiently protected credentials in the Intel(R) Datacenter
CVE-2022-29919
RESERVED
CVE-2022-29893 (Improper authentication in firmware for Intel(R) AMT before versions 1 ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-29887
RESERVED
CVE-2022-29515 (Missing release of memory after effective lifetime in firmware for Int ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-29508
RESERVED
CVE-2022-29507 (Insufficiently protected credentials in the Intel(R) Team Blue mobile ...)
@@ -44923,13 +44923,13 @@ CVE-2022-29486 (Improper buffer restrictions in the Hyperscan library maintained
CVE-2022-29469
RESERVED
CVE-2022-29466 (Improper input validation in firmware for Intel(R) SPS before version ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-29262
RESERVED
CVE-2022-28858 (Improper buffer restriction in the firmware for some Intel(R) NUC Lapt ...)
NOT-FOR-US: Intel
CVE-2022-27497 (Null pointer dereference in firmware for Intel(R) AMT before version 1 ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-27493 (Improper initialization in the firmware for some Intel(R) NUC Laptop K ...)
NOT-FOR-US: Intel
CVE-2022-26424
@@ -47179,31 +47179,31 @@ CVE-2022-28665 (A memory corruption vulnerability exists in the httpd unescape f
CVE-2022-28664 (A memory corruption vulnerability exists in the httpd unescape functio ...)
NOT-FOR-US: FreshTomato
CVE-2022-28611 (Improper input validation in some Intel(R) XMM(TM) 7560 Modem software ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-28126 (Improper input validation in some Intel(R) XMM(TM) 7560 Modem software ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-27879
RESERVED
CVE-2022-27876
RESERVED
CVE-2022-27874 (Improper authentication in some Intel(R) XMM(TM) 7560 Modem software b ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-27639 (Incomplete cleanup in some Intel(R) XMM(TM) 7560 Modem software before ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-27638 (Uncontrolled search path element in the Intel(R) Advanced Link Analyze ...)
TODO: check
CVE-2022-27631 (A memory corruption vulnerability exists in the httpd unescape functio ...)
NOT-FOR-US: DD-WRT
CVE-2022-27499 (Premature release of resource during expected lifetime in the Intel(R) ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-27234
RESERVED
CVE-2022-27187 (Uncontrolled search path element in the Intel(R) Quartus Prime Standar ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-27173
RESERVED
CVE-2022-26845 (Improper authentication in firmware for Intel(R) AMT before versions 1 ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-26841
RESERVED
CVE-2022-26837
@@ -47213,25 +47213,25 @@ CVE-2022-26833 (An improper authentication vulnerability exists in the REST API
CVE-2022-26515
RESERVED
CVE-2022-26513 (Out-of-bounds write in some Intel(R) XMM(TM) 7560 Modem software befor ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-26509
RESERVED
CVE-2022-26508 (Improper authentication in the Intel(R) SDP Tool before version 3.0.0 ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-26376 (A memory corruption vulnerability exists in the httpd unescape functio ...)
NOT-FOR-US: Asuswrt
CVE-2022-26369 (Out-of-bounds read in some Intel(R) XMM(TM) 7560 Modem software before ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-26367 (Improper buffer restrictions in some Intel(R) XMM(TM) 7560 Modem softw ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-26341 (Insufficiently protected credentials in software in Intel(R) AMT SDK b ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-26079 (Improper conditions check in some Intel(R) XMM(TM) 7560 Modem software ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-26047 (Improper input validation for some Intel(R) PROSet/Wireless WiFi, Inte ...)
TODO: check
CVE-2022-26045 (Improper buffer restrictions in some Intel(R) XMM(TM) 7560 Modem softw ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-25868
RESERVED
CVE-2022-1284 (heap-use-after-free in GitHub repository radareorg/radare2 prior to 5. ...)
@@ -50752,7 +50752,7 @@ CVE-2022-27501
CVE-2022-27500 (Incorrect default permissions for the Intel(R) Support Android applica ...)
NOT-FOR-US: Intel
CVE-2022-27233 (XML injection in the Intel(R) Quartus Prime Pro and Standard edition s ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-27229
RESERVED
CVE-2022-27183 (The Monitoring Console app configured in Distributed mode allows for a ...)
@@ -50768,7 +50768,7 @@ CVE-2022-26840
CVE-2022-26070 (When handling a mismatched pre-authentication cookie, the application ...)
NOT-FOR-US: Splunk
CVE-2022-26024 (Improper access control in the Intel(R) NUC HDMI Firmware Update Tool ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-26017 (Improper access control in the Intel(R) DSA software for before versio ...)
NOT-FOR-US: Intel
CVE-2022-25841 (Uncontrolled search path elements in the Intel(R) Datacenter Group Eve ...)
@@ -54174,9 +54174,9 @@ CVE-2022-26304
CVE-2022-26131 (Power Line Communications PLC4TRUCKS J2497 trailer receivers are susce ...)
NOT-FOR-US: Power Line Communications PLC4TRUCKS J2497 trailer receivers
CVE-2022-26124 (Improper buffer restrictions in BIOS firmware for some Intel(R) NUC Bo ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-26086 (Uncontrolled search path element in the PresentMon software maintained ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-26083
RESERVED
CVE-2022-26074 (Incomplete cleanup in a firmware subsystem for Intel(R) SPS before ver ...)
@@ -54190,9 +54190,9 @@ CVE-2022-26038
CVE-2022-26037
RESERVED
CVE-2022-26028 (Uncontrolled search path in the Intel(R) VTune(TM) Profiler software b ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-26006 (Improper input validation in the BIOS firmware for some Intel(R) Proce ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-25999 (Uncontrolled search path element in the Intel(R) Enpirion(R) Digital P ...)
NOT-FOR-US: Intel
CVE-2022-25992
@@ -54202,7 +54202,7 @@ CVE-2022-25966 (Improper access control in the Intel(R) Edge Insights for Indust
CVE-2022-25922 (Power Line Communications PLC4TRUCKS J2497 trailer brake controllers i ...)
NOT-FOR-US: Power Line Communications PLC4TRUCKS J2497 trailer brake controllers
CVE-2022-25917 (Uncaught exception in the firmware for some Intel(R) Server Board M50C ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-25909
RESERVED
CVE-2022-25870
@@ -56841,7 +56841,7 @@ CVE-2022-22139 (Uncontrolled search path in the Intel(R) XTU software before ver
CVE-2022-21225 (Improper neutralization in the Intel(R) Data Center Manager software b ...)
NOT-FOR-US: Intel
CVE-2022-21198 (Time-of-check time-of-use race condition in the BIOS firmware for some ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-21183
RESERVED
CVE-2016-20014 (In pam_tacplus.c in pam_tacplus before 1.4.1, pam_sm_acct_mgmt does no ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2fa71d058f4b76aa89072ee9ebfd52520a552946
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2fa71d058f4b76aa89072ee9ebfd52520a552946
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221111/66f044bd/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list