[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Mon Nov 21 11:47:01 GMT 2022
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
6ca0332c by Moritz Muehlenhoff at 2022-11-21T12:46:34+01:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,5 +1,5 @@
CVE-2022-4096 (Server-Side Request Forgery (SSRF) in GitHub repository appsmithorg/ap ...)
- TODO: check
+ NOT-FOR-US: appsmith
CVE-2022-4095
RESERVED
CVE-2022-4094
@@ -63,7 +63,7 @@ CVE-2022-4068 (A user is able to enable their own account if it was disabled by
CVE-2022-4067 (Cross-site Scripting (XSS) - Stored in GitHub repository librenms/libr ...)
NOT-FOR-US: LibreNMS
CVE-2022-4066 (A vulnerability was found in davidmoreno onion. It has been rated as p ...)
- TODO: check
+ - libonion <itp> (bug #744119)
CVE-2022-4065 (A vulnerability was found in cbeust testng. It has been declared as cr ...)
TODO: check
CVE-2022-4064 (A vulnerability was found in Dalli. It has been classified as problema ...)
@@ -12405,9 +12405,9 @@ CVE-2022-41941
CVE-2022-41940
RESERVED
CVE-2022-41939 (knative.dev/func is is a client library and CLI enabling the developme ...)
- TODO: check
+ NOT-FOR-US: knative.dev/func
CVE-2022-41938 (Flarum is an open source discussion platform. Flarum's page title syst ...)
- TODO: check
+ NOT-FOR-US: Flarum
CVE-2022-41937
RESERVED
CVE-2022-41936
@@ -13135,13 +13135,13 @@ CVE-2022-41660 (A vulnerability has been identified in JT2Go (All versions <
CVE-2022-41656
RESERVED
CVE-2022-41655 (Auth. (subscriber+) Sensitive Data Exposure vulnerability in Phone Ord ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-41650
RESERVED
CVE-2022-41647
RESERVED
CVE-2022-41643 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Acce ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-41640
RESERVED
CVE-2022-41638 (Auth. Stored Cross-Site Scripting (XSS) in Pop-Up Chop Chop plugin < ...)
@@ -20020,7 +20020,7 @@ CVE-2022-38873
CVE-2022-38872
RESERVED
CVE-2022-38871 (In Free5gc v3.0.5, the AMF breaks due to malformed NAS messages. ...)
- TODO: check
+ NOT-FOR-US: free5GC
CVE-2022-38870 (Free5gc v3.2.1 is vulnerable to Information disclosure. ...)
NOT-FOR-US: free5GC
CVE-2022-38869
@@ -21582,7 +21582,7 @@ CVE-2022-2885 (Cross-site Scripting (XSS) - Stored in GitHub repository yetiforc
CVE-2022-38396
RESERVED
CVE-2022-38395 (HP Support Assistant uses HP Performance Tune-up as a diagnostic tool. ...)
- TODO: check
+ NOT-FOR-US: HP
CVE-2022-38393
RESERVED
CVE-2022-2884 (A vulnerability in GitLab CE/EE affecting all versions from 11.3.4 pri ...)
@@ -22343,7 +22343,7 @@ CVE-2022-38171 (Xpdf prior to version 4.04 contains an integer overflow in the J
NOTE: This is CVE-2021-30860 in Apple CoreGraphics and CVE-2022-38171 in xpdf
NOTE: https://gist.github.com/zmanion/b2ed0d1a0cec163ecd07d5e3d9740dc6
CVE-2022-2794 (Certain HP PageWide Pro Printers may be vulnerable to a potential deni ...)
- TODO: check
+ NOT-FOR-US: HP
CVE-2022-2793 (Emerson Electric's Proficy Machine Edition Version 9.00 and prior is v ...)
NOT-FOR-US: Emerson
CVE-2022-2792 (Emerson Electric's Proficy Machine Edition Version 9.00 and prior is v ...)
@@ -24930,7 +24930,7 @@ CVE-2022-37199 (JFinal CMS 5.1.0 is vulnerable to SQL Injection via /jfinal_cms/
CVE-2022-37198
RESERVED
CVE-2022-37197 (IOBit IOTransfer V4 is vulnerable to Unquoted Service Path. ...)
- TODO: check
+ NOT-FOR-US: IOBit
CVE-2022-37196
RESERVED
CVE-2022-37195
@@ -31257,7 +31257,7 @@ CVE-2022-34829 (Zoho ManageEngine ADSelfService Plus before 6203 allows a denial
CVE-2022-34828
RESERVED
CVE-2022-34827 (Carel Boss Mini 1.5.0 has Improper Access Control. ...)
- TODO: check
+ NOT-FOR-US: Carel Boss Mini
CVE-2022-34826 (In Couchbase Server 7.1.x before 7.1.1, an encrypted Private Key passp ...)
NOT-FOR-US: Couchbase Server
CVE-2022-34825 (Uncontrolled Search Path Element in CLUSTERPRO X 5.0 for Windows and e ...)
@@ -39681,7 +39681,7 @@ CVE-2022-31696
CVE-2022-31695
RESERVED
CVE-2022-31694 (InstallBuilder Qt installers built with versions previous to 22.10 try ...)
- TODO: check
+ NOT-FOR-US: InstallBuilder Qt installers
CVE-2022-31693
RESERVED
CVE-2022-31692 (Spring Security, versions 5.7 prior to 5.7.5 and 5.6 prior to 5.6.9 co ...)
@@ -39972,9 +39972,9 @@ CVE-2022-1877
CVE-2022-31618 (NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manag ...)
NOT-FOR-US: NVIDIA
CVE-2022-31617 (NVIDIA GPU Display Driver for Windows contains a vulnerability in the ...)
- TODO: check
+ NOT-FOR-US: NVIDIA drivers for Windows
CVE-2022-31616 (NVIDIA GPU Display Driver for Windows contains a vulnerability in the ...)
- TODO: check
+ NOT-FOR-US: NVIDIA drivers for Windows
CVE-2022-31615 (NVIDIA GPU Display Driver for Linux contains a vulnerability in the ke ...)
- nvidia-graphics-drivers 470.141.03-1 (bug #1016614)
[bullseye] - nvidia-graphics-drivers 470.141.03-1~deb11u1
@@ -39997,13 +39997,13 @@ CVE-2022-31615 (NVIDIA GPU Display Driver for Linux contains a vulnerability in
CVE-2022-31614 (NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manag ...)
NOT-FOR-US: NVIDIA
CVE-2022-31613 (NVIDIA GPU Display Driver for Windows contains a vulnerability in the ...)
- TODO: check
+ NOT-FOR-US: NVIDIA drivers for Windows
CVE-2022-31612 (NVIDIA GPU Display Driver for Windows contains a vulnerability in the ...)
- TODO: check
+ NOT-FOR-US: NVIDIA drivers for Windows
CVE-2022-31611
RESERVED
CVE-2022-31610 (NVIDIA GPU Display Driver for Windows contains a vulnerability in the ...)
- TODO: check
+ NOT-FOR-US: NVIDIA drivers for Windows
CVE-2022-31609 (NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manag ...)
NOT-FOR-US: NVIDIA
CVE-2022-31608 (NVIDIA GPU Display Driver for Linux contains a vulnerability in an opt ...)
@@ -40045,7 +40045,7 @@ CVE-2022-31607 (NVIDIA GPU Display Driver for Linux contains a vulnerability in
[bullseye] - nvidia-graphics-drivers-tesla-470 470.141.03-1~deb11u1
- nvidia-graphics-drivers-tesla-510 510.85.02-1 (bug #1016621)
CVE-2022-31606 (NVIDIA GPU Display Driver for Windows contains a vulnerability in the ...)
- TODO: check
+ NOT-FOR-US: NVIDIA drivers for Windows
CVE-2022-31605 (NVFLARE, versions prior to 2.1.2, contains a vulnerability in its util ...)
NOT-FOR-US: NVFLARE
CVE-2022-31604 (NVFLARE, versions prior to 2.1.2, contains a vulnerability in its PKI ...)
@@ -63961,7 +63961,7 @@ CVE-2022-0326 (NULL Pointer Dereference in Homebrew mruby prior to 3.2. ...)
CVE-2022-0325
RESERVED
CVE-2022-0324 (There is a vulnerability in DHCPv6 packet parsing code that could be e ...)
- TODO: check
+ NOT-FOR-US: SONiC
CVE-2021-46402
RESERVED
CVE-2022-23792
@@ -80329,9 +80329,9 @@ CVE-2022-20952
CVE-2022-20951 (A vulnerability in the web-based management interface of Cisco BroadWo ...)
NOT-FOR-US: Cisco
CVE-2022-20950 (A vulnerability in the interaction of SIP and Snort 3 for Cisco Firepo ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2022-20949 (A vulnerability in the management web server of Cisco Firepower Threat ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2022-20948
RESERVED
CVE-2022-20947 (A vulnerability in dynamic access policies (DAP) functionality of Cisc ...)
@@ -80343,29 +80343,29 @@ CVE-2022-20945 (A vulnerability in the 802.11 association frame validation of Ci
CVE-2022-20944 (A vulnerability in the software image verification functionality of Ci ...)
NOT-FOR-US: Cisco
CVE-2022-20943 (Multiple vulnerabilities in the Server Message Block Version 2 (SMB2) ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2022-20942 (A vulnerability in the web-based management interface of Cisco Email S ...)
NOT-FOR-US: Cisco
CVE-2022-20941 (A vulnerability in the web-based management interface of Cisco Firepow ...)
NOT-FOR-US: Cisco
CVE-2022-20940 (A vulnerability in the TLS handler of Cisco Firepower Threat Defense ( ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2022-20939
RESERVED
CVE-2022-20938 (A vulnerability in the module import function of the administrative in ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2022-20937 (A vulnerability in a feature that monitors RADIUS requests on Cisco Id ...)
NOT-FOR-US: Cisco
CVE-2022-20936 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2022-20935 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2022-20934 (A vulnerability in the CLI of Cisco Firepower Threat Defense (FTD) Sof ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2022-20933 (A vulnerability in the Cisco AnyConnect VPN server of Cisco Meraki MX ...)
NOT-FOR-US: Cisco
CVE-2022-20932 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2022-20931
RESERVED
CVE-2022-20930 (A vulnerability in the CLI of Cisco SD-WAN Software could allow an aut ...)
@@ -80373,19 +80373,19 @@ CVE-2022-20930 (A vulnerability in the CLI of Cisco SD-WAN Software could allow
CVE-2022-20929
RESERVED
CVE-2022-20928 (A vulnerability in the authentication and authorization flows for VPN ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2022-20927 (A vulnerability in the SSL/TLS client of Cisco Adaptive Security Appli ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2022-20926 (A vulnerability in the web management interface of the Cisco Firepower ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2022-20925 (A vulnerability in the web management interface of the Cisco Firepower ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2022-20924 (A vulnerability in the Simple Network Management Protocol (SNMP) featu ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2022-20923 (A vulnerability in the IPSec VPN Server authentication functionality o ...)
NOT-FOR-US: Cisco
CVE-2022-20922 (Multiple vulnerabilities in the Server Message Block Version 2 (SMB2) ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2022-20921 (A vulnerability in the API implementation of Cisco ACI Multi-Site Orch ...)
NOT-FOR-US: Cisco
CVE-2022-20920 (A vulnerability in the SSH implementation of Cisco IOS Software and Ci ...)
@@ -80393,7 +80393,7 @@ CVE-2022-20920 (A vulnerability in the SSH implementation of Cisco IOS Software
CVE-2022-20919 (A vulnerability in the processing of malformed Common Industrial Proto ...)
NOT-FOR-US: Cisco
CVE-2022-20918 (A vulnerability in the Simple Network Management Protocol (SNMP) acces ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2022-20917
RESERVED
CVE-2022-20916 (A vulnerability in the web-based management interface of Cisco IoT Con ...)
@@ -80419,7 +80419,7 @@ CVE-2022-20907 (Multiple vulnerabilities in Cisco Nexus Dashboard could allow an
CVE-2022-20906 (Multiple vulnerabilities in Cisco Nexus Dashboard could allow an authe ...)
NOT-FOR-US: Cisco
CVE-2022-20905 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2022-20904 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
NOT-FOR-US: Cisco
CVE-2022-20903 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
@@ -80485,7 +80485,7 @@ CVE-2022-20874 (Multiple vulnerabilities in the web-based management interface o
CVE-2022-20873 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
NOT-FOR-US: Cisco
CVE-2022-20872 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2022-20871
RESERVED
CVE-2022-20870 (A vulnerability in the egress MPLS packet processing function of Cisco ...)
@@ -80521,7 +80521,7 @@ CVE-2022-20856 (A vulnerability in the processing of Control and Provisioning of
CVE-2022-20855 (A vulnerability in the self-healing functionality of Cisco IOS XE Soft ...)
NOT-FOR-US: Cisco
CVE-2022-20854 (A vulnerability in the processing of SSH connections of Cisco Firepowe ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2022-20853
RESERVED
CVE-2022-20852 (Multiple vulnerabilities in the web interface of Cisco Webex Meetings ...)
@@ -80543,31 +80543,31 @@ CVE-2022-20845
CVE-2022-20844 (A vulnerability in authentication mechanism of Cisco Software-Defined ...)
NOT-FOR-US: Cisco
CVE-2022-20843 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2022-20842 (Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, ...)
NOT-FOR-US: Cisco
CVE-2022-20841 (Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, ...)
NOT-FOR-US: Cisco
CVE-2022-20840 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2022-20839 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2022-20838 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2022-20837 (A vulnerability in the DNS application layer gateway (ALG) functionali ...)
NOT-FOR-US: Cisco
CVE-2022-20836 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2022-20835 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2022-20834 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2022-20833 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2022-20832 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2022-20831 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2022-20830 (A vulnerability in authentication mechanism of Cisco Software-Defined ...)
NOT-FOR-US: Cisco
CVE-2022-20829 (A vulnerability in the packaging of Cisco Adaptive Security Device Man ...)
@@ -80577,7 +80577,7 @@ CVE-2022-20828 (A vulnerability in the CLI parser of Cisco FirePOWER Software fo
CVE-2022-20827 (Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, ...)
NOT-FOR-US: Cisco
CVE-2022-20826 (A vulnerability in the secure boot implementation of Cisco Secure Fire ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2022-20825 (A vulnerability in the web-based management interface of Cisco Small B ...)
NOT-FOR-US: Cisco
CVE-2022-20824 (A vulnerability in the Cisco Discovery Protocol feature of Cisco FXOS ...)
@@ -83179,9 +83179,9 @@ CVE-2022-20462 (In phNxpNciHal_write_unlocked of phNxpNciHal.cc, there is a poss
CVE-2022-20461
RESERVED
CVE-2022-20460 (In (TBD) mprot_unmap? of (TBD), there is a possible way to corrupt the ...)
- TODO: check
+ NOT-FOR-US: Google Pixel
CVE-2022-20459 (In (TBD) of (TBD), there is a possible way to redirect code execution ...)
- TODO: check
+ NOT-FOR-US: Google Pixel
CVE-2022-20458
RESERVED
CVE-2022-20457 (In getMountModeInternal of StorageManagerService.java, there is a poss ...)
@@ -83243,9 +83243,9 @@ CVE-2022-20430 (There is an missing authorization issue in the system service. S
CVE-2022-20429 (In CarSettings of app packages, there is a possible permission bypass ...)
NOT-FOR-US: Android
CVE-2022-20428 (In (TBD) of (TBD), there is a possible out of bounds write due to a mi ...)
- TODO: check
+ NOT-FOR-US: Google Pixel
CVE-2022-20427 (In (TBD) of (TBD), there is a possible way to corrupt memory due to im ...)
- TODO: check
+ NOT-FOR-US: Google Pixel
CVE-2022-20426 (In multiple functions of many files, there is a possible obstruction o ...)
NOT-FOR-US: Android
CVE-2022-20425 (In addAutomaticZenRule of ZenModeHelper.java, there is a possible perm ...)
@@ -89998,7 +89998,7 @@ CVE-2021-40274
CVE-2021-40273
RESERVED
CVE-2021-40272 (OP5 Monitor 8.3.1, 8.3.2, and OP5 8.3.3 are vulnerable to Cross Site S ...)
- TODO: check
+ NOT-FOR-US: OP5 Monitor
CVE-2021-40271
RESERVED
CVE-2021-40270
@@ -93499,9 +93499,9 @@ CVE-2021-38830
CVE-2021-38829
RESERVED
CVE-2021-38828 (Xiongmai Camera XM-JPR2-LX V4.02.R12.A6420987.10002.147502.00000 is vu ...)
- TODO: check
+ NOT-FOR-US: Xiongmai
CVE-2021-38827 (Xiongmai Camera XM-JPR2-LX V4.02.R12.A6420987.10002.147502.00000 is vu ...)
- TODO: check
+ NOT-FOR-US: Xiongmai
CVE-2021-38826
RESERVED
CVE-2021-38825
@@ -93517,7 +93517,7 @@ CVE-2021-38821
CVE-2021-38820
RESERVED
CVE-2021-38819 (A SQL injection vulnerability exits on the Simple Image Gallery System ...)
- TODO: check
+ NOT-FOR-US: Simple Image Gallery System
CVE-2021-38818
RESERVED
CVE-2021-38817
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6ca0332c980f020da14b38b8fffeb215b5c8385f
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6ca0332c980f020da14b38b8fffeb215b5c8385f
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221121/540ea687/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list