[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Fri Nov 18 11:45:44 GMT 2022
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
70ed362b by Moritz Muehlenhoff at 2022-11-18T12:45:21+01:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -10902,7 +10902,7 @@ CVE-2022-42535
CVE-2022-42534
RESERVED
CVE-2022-42533 (In shared_metadata_init of SharedMetadata.cpp, there is a possible out ...)
- TODO: check
+ NOT-FOR-US: Google Pixel
CVE-2022-42532
RESERVED
CVE-2022-42531
@@ -12308,13 +12308,13 @@ CVE-2022-41922
CVE-2022-41921
RESERVED
CVE-2022-41920 (Lancet is a general utility library for the go programming language. A ...)
- TODO: check
+ NOT-FOR-US: Lancet
CVE-2022-41919
RESERVED
CVE-2022-41918 (OpenSearch is a community-driven, open source fork of Elasticsearch an ...)
- TODO: check
+ NOT-FOR-US: OpenSearch
CVE-2022-41917 (OpenSearch is a community-driven, open source fork of Elasticsearch an ...)
- TODO: check
+ NOT-FOR-US: OpenSearch
CVE-2022-41916 (Heimdal is an implementation of ASN.1/DER, PKIX, and Kerberos. Version ...)
- heimdal <unfixed> (bug #1024187)
NOTE: https://github.com/heimdal/heimdal/security/advisories/GHSA-mgqr-gvh6-23cx
@@ -13109,7 +13109,7 @@ CVE-2022-41570 (An issue was discovered in EyesOfNetwork (EON) through 5.3.11. U
CVE-2022-41569
RESERVED
CVE-2022-41315 (Auth. Stored Cross-Site Scripting (XSS) vulnerability in Ezoic plugin ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-41155
RESERVED
CVE-2022-41136 (Cross-Site Request Forgery (CSRF) vulnerability leading to Stored Cros ...)
@@ -13119,7 +13119,7 @@ CVE-2022-41135
CVE-2022-41134
RESERVED
CVE-2022-41132 (Unauthenticated Plugin Settings Change Leading To Stored XSS Vulnerabi ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-40975
RESERVED
CVE-2022-40966
@@ -13133,7 +13133,7 @@ CVE-2022-40699
CVE-2022-40697
RESERVED
CVE-2022-40694 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in News ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-40311 (Auth. (admin+) Stored Cross-Site Scripting (XSS) in Fatcat Apps Analyt ...)
NOT-FOR-US: WordPress plugin
CVE-2022-40218
@@ -13145,7 +13145,7 @@ CVE-2022-40209
CVE-2022-40203
RESERVED
CVE-2022-40192 (Cross-Site Request Forgery (CSRF) vulnerability in wpForo Forum plugin ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-40130
RESERVED
CVE-2022-40128 (Cross-Site Request Forgery (CSRF) vulnerability in Advanced Order Expo ...)
@@ -15430,7 +15430,7 @@ CVE-2022-38974
CVE-2022-38468
RESERVED
CVE-2022-38461 (Broken Access Control vulnerability in WPML Multilingual CMS premium p ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-38454 (Cross-Site Request Forgery (CSRF) vulnerability in Kraken.io Image Opt ...)
NOT-FOR-US: WordPress plugin
CVE-2022-38104 (Auth. WordPress Options Change (siteurl, users_can_register, default_r ...)
@@ -16552,7 +16552,7 @@ CVE-2022-40226 (A vulnerability has been identified in SICAM P850 (All versions
CVE-2022-40225
REJECTED
CVE-2022-40200 (Auth. (subscriber+) Arbitrary File Upload vulnerability in wpForo Foru ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-40198
RESERVED
CVE-2022-40197
@@ -18459,7 +18459,7 @@ CVE-2022-39391
CVE-2022-39390
REJECTED
CVE-2022-39389 (Lightning Network Daemon (lnd) is an implementation of a lightning bit ...)
- TODO: check
+ NOT-FOR-US: Lightning Network Daemon
CVE-2022-39388 (Istio is an open platform to connect, manage, and secure microservices ...)
NOT-FOR-US: Istio
CVE-2022-39387 (XWiki OIDC has various tools to manipulate OpenID Connect protocol in ...)
@@ -19030,13 +19030,13 @@ CVE-2022-39183
CVE-2022-39182
RESERVED
CVE-2022-39181 (GLPI - Reports plugin for GLPI Reflected Cross-Site-Scripting (RXSS). ...)
- TODO: check
+ NOT-FOR-US: GLPI plugin
CVE-2022-39180 (College Management System v1.0 - SQL Injection (SQLi). By inserting SQ ...)
- TODO: check
+ NOT-FOR-US: College Management System
CVE-2022-39179 (College Management System v1.0 - Authenticated remote code execution. ...)
- TODO: check
+ NOT-FOR-US: College Management System
CVE-2022-39178 (Webvendome - Webvendome Internal Server IP Disclosure. Send GET Reques ...)
- TODO: check
+ NOT-FOR-US: Webvendome
CVE-2022-39177 (BlueZ before 5.59 allows physically proximate attackers to cause a den ...)
{DLA-3157-1}
- bluez 5.61-1
@@ -19098,7 +19098,7 @@ CVE-2022-3092
CVE-2022-3091
RESERVED
CVE-2022-3090 (Red Lion Controls Crimson 3.0 versions 707.000 and prior, Crimson 3.1 ...)
- TODO: check
+ NOT-FOR-US: Red Lion Controls Crimson
CVE-2022-3089
RESERVED
CVE-2022-3088
@@ -22288,7 +22288,7 @@ CVE-2022-38167 (The Nintex Workflow plugin 5.2.2.30 for SharePoint allows XSS. .
CVE-2022-38166
RESERVED
CVE-2022-38165 (WithSecure through 2022-08-10 allows attackers to cause a denial of se ...)
- TODO: check
+ NOT-FOR-US: WithSecure
CVE-2022-38164 (WithSecure through 2022-08-10 allows attackers to cause a denial of se ...)
NOT-FOR-US: WithSecure
CVE-2022-38163 (A Drag and Drop spoof vulnerability was discovered in F-Secure SAFE Br ...)
@@ -25538,7 +25538,7 @@ CVE-2022-36926
CVE-2022-36925
RESERVED
CVE-2022-36924 (The Zoom Rooms Installer for Windows prior to 5.12.6 contains a local ...)
- TODO: check
+ NOT-FOR-US: Zoom
CVE-2022-36923 (Zoho ManageEngine OpManager, OpManager Plus, OpManager MSP, Network Co ...)
NOT-FOR-US: Zoho ManageEngine
CVE-2022-2556 (The Mailchimp for WooCommerce WordPress plugin before 2.7.2 has an AJA ...)
@@ -25820,15 +25820,15 @@ CVE-2022-2548
CVE-2022-2547 (A crafted HTTP packet without a content-type header can create a denia ...)
NOT-FOR-US: Softing Industrial Automation
CVE-2022-36787 (Webvendome - Webvendome SQL Injection. SQL Injection in the Parameter ...)
- TODO: check
+ NOT-FOR-US: Webvendome
CVE-2022-36786 (DLINK - DSL-224 Post-auth PCE. DLINK router has an interface where you ...)
- TODO: check
+ NOT-FOR-US: DLINK
CVE-2022-36785 (D-Link – G integrated Access Device4 Information Disclosure & ...)
- TODO: check
+ NOT-FOR-US: DLINK
CVE-2022-36784 (Elsight – Elsight Halo Remote Code Execution (RCE) Elsight Halo ...)
- TODO: check
+ NOT-FOR-US: Elsight
CVE-2022-36783 (AlgoSec – FireFlow Reflected Cross-Site-Scripting (RXSS) A malic ...)
- TODO: check
+ NOT-FOR-US: AlgoSec
CVE-2022-36782 (Pal Electronics Systems - Pal Gate Authorization Errors. The vulnerabi ...)
NOT-FOR-US: Pal Electronics Systems
CVE-2022-36781 (WiseConnect - ScreenConnect Session Code Bypass. An attacker would hav ...)
@@ -26732,7 +26732,7 @@ CVE-2022-36375 (Authenticated (high role user) WordPress Options Change vulnerab
CVE-2022-36371
RESERVED
CVE-2022-36357 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in ULTIMATE ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-36346 (Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in Max Foun ...)
NOT-FOR-US: WordPress plugin
CVE-2022-36344 (An unquoted search path vulnerability exists in 'JustSystems JUST Onli ...)
@@ -27817,7 +27817,7 @@ CVE-2022-36024 (py-cord is a an API wrapper for Discord written in Python. Bots
CVE-2022-36023 (Hyperledger Fabric is an enterprise-grade permissioned distributed led ...)
NOT-FOR-US: Hyperledger Fabric
CVE-2022-36022 (Deeplearning4J is a suite of tools for deploying and training deep lea ...)
- TODO: check
+ NOT-FOR-US: Deeplearning4J
CVE-2022-36021
RESERVED
CVE-2022-36020 (The typo3/html-sanitizer package is an HTML sanitizer, written in PHP, ...)
@@ -28834,7 +28834,7 @@ CVE-2022-35615
CVE-2022-35614
RESERVED
CVE-2022-35613 (Konker v2.3.9 was to discovered to contain a Cross-Site Request Forger ...)
- TODO: check
+ NOT-FOR-US: Konker
CVE-2022-35612 (A cross-site scripting (XSS) vulnerability in MQTTRoute v3.3 and below ...)
NOT-FOR-US: MQTTRoute
CVE-2022-35611 (A Cross-Site Request Forgery (CSRF) in MQTTRoute v3.3 and below allows ...)
@@ -46154,7 +46154,7 @@ CVE-2022-29510
CVE-2022-29505 (Due to build misconfiguration in openssl dependency, LINE for Windows ...)
NOT-FOR-US: LINE for Windows
CVE-2022-29486 (Improper buffer restrictions in the Hyperscan library maintained by In ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-29469
RESERVED
CVE-2022-29466 (Improper input validation in firmware for Intel(R) SPS before version ...)
@@ -48210,11 +48210,11 @@ CVE-2022-28770 (Due to insufficient input validation, SAPUI5 library(vbm) - vers
CVE-2022-28769
RESERVED
CVE-2022-28768 (The Zoom Client for Meetings Installer for macOS (Standard and for IT ...)
- TODO: check
+ NOT-FOR-US: Zoom
CVE-2022-28767
RESERVED
CVE-2022-28766 (Windows 32-bit versions of the Zoom Client for Meetings before 5.12.6 ...)
- TODO: check
+ NOT-FOR-US: Zoom
CVE-2022-28765
RESERVED
CVE-2022-28764 (The Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Wind ...)
@@ -48407,7 +48407,7 @@ CVE-2022-28669 (This vulnerability allows remote attackers to execute arbitrary
CVE-2022-28668 (This vulnerability allows remote attackers to execute arbitrary code o ...)
NOT-FOR-US: Sante DICOM Viewer
CVE-2022-28667 (Out-of-bounds write for some Intel(R) PROSet/Wireless WiFi software be ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-28665 (A memory corruption vulnerability exists in the httpd unescape functio ...)
NOT-FOR-US: FreshTomato
CVE-2022-28664 (A memory corruption vulnerability exists in the httpd unescape functio ...)
@@ -48425,7 +48425,7 @@ CVE-2022-27874 (Improper authentication in some Intel(R) XMM(TM) 7560 Modem soft
CVE-2022-27639 (Incomplete cleanup in some Intel(R) XMM(TM) 7560 Modem software before ...)
NOT-FOR-US: Intel
CVE-2022-27638 (Uncontrolled search path element in the Intel(R) Advanced Link Analyze ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-27631 (A memory corruption vulnerability exists in the httpd unescape functio ...)
NOT-FOR-US: DD-WRT
CVE-2022-27499 (Premature release of resource during expected lifetime in the Intel(R) ...)
@@ -51561,9 +51561,9 @@ CVE-2022-27676
CVE-2022-27675
RESERVED
CVE-2022-27674 (Insufficient validation in the IOCTL input/output buffer in AMD μ ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2022-27673 (Insufficient access controls in the AMD Link Android app may potential ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2022-27672
RESERVED
CVE-2022-27671 (A CSRF token visible in the URL may possibly lead to information discl ...)
@@ -59422,7 +59422,7 @@ CVE-2022-24941
CVE-2022-24940
RESERVED
CVE-2022-24939 (A malformed packet containing an invalid destination address, causes a ...)
- TODO: check
+ NOT-FOR-US: Ember ZNet
CVE-2022-24938 (A malformed packet causes a stack overflow in the Ember ZNet stack. Th ...)
NOT-FOR-US: Ember ZNet
CVE-2022-24937 (Improper Restriction of Operations within the Bounds of a Memory Buffe ...)
@@ -62417,7 +62417,7 @@ CVE-2022-24038
CVE-2022-24037
RESERVED
CVE-2022-24036 (Karmasis informatics solutions Infraskope Security Event Manager produ ...)
- TODO: check
+ NOT-FOR-US: Karmasis
CVE-2022-23921 (Exploitation of this vulnerability may result in local privilege escal ...)
NOT-FOR-US: GE
CVE-2022-22987 (The affected product has a hardcoded private key available inside the ...)
@@ -63640,7 +63640,7 @@ CVE-2022-23833 (An issue was discovered in MultiPartParser in Django 2.2 before
CVE-2022-23832
RESERVED
CVE-2022-23831 (Insufficient validation of the IOCTL input buffer in AMD μProf ma ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2022-23830
RESERVED
CVE-2022-23829
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/70ed362ba98133a273982d452a3972be37ae9c8d
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/70ed362ba98133a273982d452a3972be37ae9c8d
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221118/69260448/attachment.htm>
More information about the debian-security-tracker-commits
mailing list