[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Nov 23 20:49:26 GMT 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
96b89fb1 by Salvatore Bonaccorso at 2022-11-23T21:45:43+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -995,7 +995,7 @@ CVE-2022-4055 (When xdg-mail is configured to use thunderbird for mailto URLs, i
CVE-2022-4054
RESERVED
CVE-2022-45462 (Alarm instance management has command injection when there is a specif ...)
- TODO: check
+ NOT-FOR-US: Apache DolphinScheduler
CVE-2022-45461 (The Java Admin Console in Veritas NetBackup through 10.1 and related V ...)
NOT-FOR-US: Veritas NetBackup
CVE-2022-45460
@@ -5515,11 +5515,11 @@ CVE-2022-44282
CVE-2022-44281
RESERVED
CVE-2022-44280 (Automotive Shop Management System v1.0 is vulnerable to Delete any fil ...)
- TODO: check
+ NOT-FOR-US: Automotive Shop Management System
CVE-2022-44279
RESERVED
CVE-2022-44278 (Sanitization Management System v1.0 is vulnerable to SQL Injection via ...)
- TODO: check
+ NOT-FOR-US: Sanitization Management System
CVE-2022-44277
RESERVED
CVE-2022-44276
@@ -5555,29 +5555,29 @@ CVE-2022-44262
CVE-2022-44261
RESERVED
CVE-2022-44260 (TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a post-authentication b ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2022-44259 (TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a post-authentication b ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2022-44258 (TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a post-authentication b ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2022-44257 (TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a post-authentication b ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2022-44256 (TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a post-authentication b ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2022-44255 (TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a pre-authentication bu ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2022-44254 (TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a post-authentication b ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2022-44253 (TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a post-authentication b ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2022-44252 (TOTOLINK NR1800X V9.1.0u.6279_B20210910 contains a command injection v ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2022-44251 (TOTOLINK NR1800X V9.1.0u.6279_B20210910 contains a command injection v ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2022-44250 (TOTOLINK NR1800X V9.1.0u.6279_B20210910 contains a command injection v ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2022-44249 (TOTOLINK NR1800X V9.1.0u.6279_B20210910 contains a command injection v ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2022-44248
RESERVED
CVE-2022-44247
@@ -5797,7 +5797,7 @@ CVE-2022-44141
CVE-2022-44140
RESERVED
CVE-2022-44139 (Apartment Visitor Management System v1.0 is vulnerable to SQL Injectio ...)
- TODO: check
+ NOT-FOR-US: Apartment Visitor Management System
CVE-2022-44138
RESERVED
CVE-2022-44137
@@ -13264,9 +13264,9 @@ CVE-2022-41930
CVE-2022-41929 (org.xwiki.platform:xwiki-platform-oldcore is missing authorization in ...)
TODO: check
CVE-2022-41928 (XWiki Platform vulnerable to Improper Neutralization of Directives in ...)
- TODO: check
+ NOT-FOR-US: XWiki
CVE-2022-41927 (XWiki Platform is vulnerable to Cross-Site Request Forgery (CSRF) that ...)
- TODO: check
+ NOT-FOR-US: XWiki
CVE-2022-41926
RESERVED
CVE-2022-41925 (A vulnerability identified in the Tailscale client allows a malicious ...)
@@ -16151,9 +16151,9 @@ CVE-2022-40774 (An issue was discovered in Bento4 through 1.6.0-639. There is a
CVE-2022-40773 (Zoho ManageEngine ServiceDesk Plus MSP before 10609 and SupportCenter ...)
NOT-FOR-US: Zoho ManageEngine
CVE-2022-40772 (Zoho ManageEngine ServiceDesk Plus versions 13010 and prior are vulner ...)
- TODO: check
+ NOT-FOR-US: Zoho ManageEngine
CVE-2022-40771 (Zoho ManageEngine ServiceDesk Plus versions 13010 and prior are vulner ...)
- TODO: check
+ NOT-FOR-US: Zoho ManageEngine
CVE-2022-40770 (Zoho ManageEngine ServiceDesk Plus versions 13010 and prior are vulner ...)
NOT-FOR-US: Zoho ManageEngine
CVE-2022-40769 (profanity through 1.60 has only four billion possible RNG initializati ...)
@@ -23415,11 +23415,11 @@ CVE-2022-38150 (In Varnish Cache 7.0.0, 7.0.1, 7.0.2, and 7.1.0, it is possible
NOTE: Fixed by: https://github.com/varnishcache/varnish-cache/commit/c5fd097e5cce8b461c6443af02b3448baef2491d (master)
NOTE: Fixed by: https://github.com/varnishcache/varnish-cache/commit/19544fdc6649bd294f25314d9f609b4979b1fe48 (varnish-7.1.1)
CVE-2022-38115 (Insecure method vulnerability in which allowed HTTP methods are disclo ...)
- TODO: check
+ NOT-FOR-US: Solarwinds
CVE-2022-38114 (This vulnerability occurs when a web server fails to correctly process ...)
- TODO: check
+ NOT-FOR-US: Solarwinds
CVE-2022-38113 (This vulnerability discloses build and services versions in the server ...)
- TODO: check
+ NOT-FOR-US: Solarwinds
CVE-2022-38112
RESERVED
CVE-2022-38111
@@ -25035,9 +25035,9 @@ CVE-2022-37434 (zlib through 1.2.12 has a heap-based buffer over-read or buffer
CVE-2022-37431 (** DISPUTED ** A Reflected Cross-site scripting (XSS) issue was discov ...)
NOT-FOR-US: dotCMS
CVE-2022-37430 (Silverstripe silverstripe/framework through 4.11 allows XSS vulnerabil ...)
- TODO: check
+ NOT-FOR-US: SilverStripe CMS
CVE-2022-37429 (Silverstripe silverstripe/framework through 4.11 allows XSS (issue 1 o ...)
- TODO: check
+ NOT-FOR-US: SilverStripe CMS
CVE-2022-37428 (PowerDNS Recursor up to and including 4.5.9, 4.6.2 and 4.7.1, when pro ...)
- pdns-recursor 4.7.2-1
[bullseye] - pdns-recursor <no-dsa> (Minor issue)
@@ -25057,7 +25057,7 @@ CVE-2022-37423 (Neo4j APOC (Awesome Procedures on Cypher) before 4.3.0.7 and 4.x
CVE-2022-37422 (Payara through 5.2022.2 allows directory traversal without authenticat ...)
NOT-FOR-US: Payara
CVE-2022-37421 (Silverstripe silverstripe/cms through 4.11.0 allows XSS. ...)
- TODO: check
+ NOT-FOR-US: SilverStripe CMS
CVE-2022-37420
RESERVED
CVE-2022-37419
@@ -25525,7 +25525,7 @@ CVE-2022-37303
CVE-2022-37302 (A CWE-119: Improper Restriction of Operations within the Bounds of a M ...)
NOT-FOR-US: EcoStruxure Control Expert
CVE-2022-37301 (A CWE-191: Integer Underflow (Wrap or Wraparound) vulnerability exists ...)
- TODO: check
+ NOT-FOR-US: Modicon
CVE-2022-37300 (A CWE-640: Weak Password Recovery Mechanism for Forgotten Password vul ...)
NOT-FOR-US: EcoStruxure Control Expert, EcoStruxure Process Expert, and Modicon Controllers M580 and M340
CVE-2022-2601
@@ -27859,7 +27859,7 @@ CVE-2022-36342
CVE-2022-36338 (An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5. ...)
NOT-FOR-US: Insyde
CVE-2022-36337 (An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5. ...)
- TODO: check
+ NOT-FOR-US: Insyde
CVE-2022-36336 (A link following vulnerability in the scanning function of Trend Micro ...)
NOT-FOR-US: Trend Micro
CVE-2022-36297
@@ -30059,9 +30059,9 @@ CVE-2022-35503
CVE-2022-35502
RESERVED
CVE-2022-35501 (Stored Cross-site Scripting in Amasty Blog Pro 2.10.4 and 2.10.4 creat ...)
- TODO: check
+ NOT-FOR-US: Amasty Blog Pro
CVE-2022-35500 (Amasty Blog 2.10.3 is vulnerable to Cross Site Scripting (XSS) via lea ...)
- TODO: check
+ NOT-FOR-US: Amasty Blog
CVE-2022-35499
RESERVED
CVE-2022-35498
@@ -79976,7 +79976,7 @@ CVE-2021-43559 (A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3
CVE-2021-43558 (A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, ...)
- moodle <removed>
CVE-2021-3942 (Certain HP Print products and Digital Sending products may be vulnerab ...)
- TODO: check
+ NOT-FOR-US: HP
CVE-2021-43557 (The uri-block plugin in Apache APISIX before 2.10.2 uses $request_uri ...)
NOT-FOR-US: Apache Apisix
CVE-2021-3941 (In ImfChromaticities.cpp routine RGBtoXYZ(), there are some division o ...)
@@ -80858,7 +80858,7 @@ CVE-2021-43260
CVE-2021-43259
RESERVED
CVE-2021-43258 (CartView.php in ChurchInfo 1.3.0 allows attackers to achieve remote co ...)
- TODO: check
+ NOT-FOR-US: ChurchInfo
CVE-2021-43257 (Lack of Neutralization of Formula Elements in the CSV API of MantisBT ...)
- mantis <removed>
CVE-2021-3923
@@ -103316,7 +103316,7 @@ CVE-2021-35286
CVE-2021-35285
RESERVED
CVE-2021-35284 (SQL Injection vulnerability in function get_user in login_manager.php ...)
- TODO: check
+ NOT-FOR-US: rizalafani cms-php
CVE-2021-35283 (SQL Injection vulnerability in product_admin.php in atoms183 CMS 1.0, ...)
NOT-FOR-US: atoms183 CMS
CVE-2021-35282
@@ -164586,29 +164586,29 @@ CVE-2020-23595
CVE-2020-23594
RESERVED
CVE-2020-23593 (A vulnerability in OPTILINK OP-XT71000N Hardware Version: V2.2, Firmwa ...)
- TODO: check
+ NOT-FOR-US: OPTILINK
CVE-2020-23592 (A vulnerability in OPTILINK OP-XT71000N Hardware Version: V2.2 , Firmw ...)
- TODO: check
+ NOT-FOR-US: OPTILINK
CVE-2020-23591 (A vulnerability in OPTILINK OP-XT71000N Hardware Version: V2.2 , Firmw ...)
- TODO: check
+ NOT-FOR-US: OPTILINK
CVE-2020-23590 (A vulnerability in Optilink OP-XT71000N Hardware version: V2.2 , Firmw ...)
- TODO: check
+ NOT-FOR-US: OPTILINK
CVE-2020-23589 (A vulnerability in OPTILINK OP-XT71000N Hardware Version: V2.2 , Firmw ...)
- TODO: check
+ NOT-FOR-US: OPTILINK
CVE-2020-23588 (A vulnerability in OPTILINK OP-XT71000N Hardware Version: V2.2 , Firmw ...)
- TODO: check
+ NOT-FOR-US: OPTILINK
CVE-2020-23587 (A vulnerability found in the OPTILINK OP-XT71000N Hardware Version: V2 ...)
- TODO: check
+ NOT-FOR-US: OPTILINK
CVE-2020-23586 (A vulnerability found in OPTILINK OP-XT71000N Hardware Version: V2.2 , ...)
- TODO: check
+ NOT-FOR-US: OPTILINK
CVE-2020-23585 (A remote attacker can conduct a cross-site request forgery (CSRF) atta ...)
- TODO: check
+ NOT-FOR-US: OPTILINK
CVE-2020-23584 (Unauthenticated remote code execution in OPTILINK OP-XT71000N, Hardwar ...)
- TODO: check
+ NOT-FOR-US: OPTILINK
CVE-2020-23583 (OPTILINK OP-XT71000N V2.2 is vulnerable to Remote Code Execution. The ...)
- TODO: check
+ NOT-FOR-US: OPTILINK
CVE-2020-23582 (A vulnerability in the "/admin/wlmultipleap.asp" of optilink OP-XT7100 ...)
- TODO: check
+ NOT-FOR-US: OPTILINK
CVE-2020-23581
RESERVED
CVE-2020-23580 (Remote Code Execution vulnerability in PbootCMS 2.0.8 in the message b ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/96b89fb17db441f7daf889531808fc6ae90ecc93
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/96b89fb17db441f7daf889531808fc6ae90ecc93
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221123/bb688721/attachment.htm>
More information about the debian-security-tracker-commits
mailing list