[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Oct 7 07:46:52 BST 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
ad1a1edf by Salvatore Bonaccorso at 2022-10-07T08:41:20+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -7366,7 +7366,7 @@ CVE-2022-39277
CVE-2022-39276
RESERVED
CVE-2022-39275 (Saleor is a headless, GraphQL commerce platform. In affected versions ...)
- TODO: check
+ NOT-FOR-US: Saleor
CVE-2022-39274 (LoRaMac-node is a reference implementation and documentation of a LoRa ...)
TODO: check
CVE-2022-39273 (FlyteAdmin is the control plane for the data processing platform Flyte ...)
@@ -7376,7 +7376,7 @@ CVE-2022-39272
CVE-2022-39271
RESERVED
CVE-2022-39270 (DiscoTOC is a Discourse theme component that generates a table of cont ...)
- TODO: check
+ NOT-FOR-US: DiscoTOC Discourse theme
CVE-2022-39269 (PJSIP is a free and open source multimedia communication library writt ...)
TODO: check
CVE-2022-39268 (### Impact In a CSRF attack, an innocent end user is tricked by an att ...)
@@ -8779,7 +8779,7 @@ CVE-2022-3004 (Cross-site Scripting (XSS) - Stored in GitHub repository yetiforc
CVE-2022-3003
RESERVED
CVE-2022-3002 (Cross-site Scripting (XSS) - Stored in GitHub repository yetiforcecomp ...)
- TODO: check
+ NOT-FOR-US: yetiforcecrm
CVE-2022-3001 (This vulnerability exists in Milesight Video Management Systems (VMS), ...)
NOT-FOR-US: Milesight Video Management Systems (VMS)
CVE-2022-3000 (Cross-site Scripting (XSS) - Stored in GitHub repository yetiforcecomp ...)
@@ -8996,7 +8996,7 @@ CVE-2022-2977 (A flaw was found in the Linux kernel implementation of proxied vi
CVE-2022-2976
RESERVED
CVE-2022-2975 (A vulnerability related to weak permissions was detected in Avaya Aura ...)
- TODO: check
+ NOT-FOR-US: Avaya
CVE-2022-2974
RESERVED
CVE-2020-36601 (Out-of-bounds write vulnerability in the kernel modules. Successful ex ...)
@@ -10771,11 +10771,11 @@ CVE-2022-2785 (There exists an arbitrary memory read within the Linux Kernel BPF
CVE-2022-2784
RESERVED
CVE-2022-2783 (In affected versions of Octopus Server it was identified that a sessio ...)
- TODO: check
+ NOT-FOR-US: Octopus
CVE-2022-2782
RESERVED
CVE-2022-2781 (In affected versions of Octopus Server it was identified that the same ...)
- TODO: check
+ NOT-FOR-US: Octopus
CVE-2022-2780
RESERVED
CVE-2022-2779 (A vulnerability classified as critical was found in SourceCodester Gas ...)
@@ -11474,7 +11474,7 @@ CVE-2022-37890
CVE-2022-37889
RESERVED
CVE-2022-37888 (There are buffer overflow vulnerabilities in multiple underlying servi ...)
- TODO: check
+ NOT-FOR-US: Aruba
CVE-2022-37887
RESERVED
CVE-2022-37886
@@ -12748,7 +12748,7 @@ CVE-2022-2639 (An integer coercion error was found in the openvswitch kernel mod
CVE-2022-2638 (The Export All URLs WordPress plugin before 4.4 does not validate the ...)
NOT-FOR-US: WordPress plugin
CVE-2022-2637 (Incorrect Privilege Assignment vulnerability in Hitachi Storage Plug-i ...)
- TODO: check
+ NOT-FOR-US: Hitachi
CVE-2022-2636 (Improper Input Validation in GitHub repository hestiacp/hestiacp prior ...)
NOT-FOR-US: Hestia Control Panel
CVE-2022-2635 (The Autoptimize WordPress plugin before 3.1.1 does not sanitise and es ...)
@@ -14802,7 +14802,7 @@ CVE-2022-36553 (Hytec Inter HWL-2511-SS v1.05 and below was discovered to contai
CVE-2022-36552 (Tenda AC6(AC1200) v5.0 Firmware v02.03.01.114 and below contains an is ...)
NOT-FOR-US: Tenda
CVE-2022-36551 (A Server Side Request Forgery (SSRF) in the Data Import module in Hear ...)
- TODO: check
+ NOT-FOR-US: Heartex
CVE-2022-36550
RESERVED
CVE-2022-36549
@@ -22224,21 +22224,21 @@ CVE-2022-33891 (The Apache Spark UI offers the possibility to enable ACLs via th
CVE-2022-33890 (A maliciously crafted PCT or DWF file when consumed through DesignRevi ...)
TODO: check
CVE-2022-33889 (A maliciously crafted GIF or JPEG files when parsed through Autodesk D ...)
- TODO: check
+ NOT-FOR-US: Autodesk
CVE-2022-33888 (A malicious crafted Dwg2Spd file when processed through Autodesk DWG a ...)
- TODO: check
+ NOT-FOR-US: Autodesk
CVE-2022-33887 (A maliciously crafted PDF file when parsed through Autodesk AutoCAD 20 ...)
- TODO: check
+ NOT-FOR-US: Autodesk
CVE-2022-33886 (A maliciously crafted MODEL and SLDPRT file can be used to write beyon ...)
- TODO: check
+ NOT-FOR-US: Autodesk
CVE-2022-33885 (A maliciously crafted X_B, CATIA, and PDF file when parsed through Aut ...)
- TODO: check
+ NOT-FOR-US: Autodesk
CVE-2022-33884 (Parsing a maliciously crafted X_B file can force Autodesk AutoCAD 2023 ...)
- TODO: check
+ NOT-FOR-US: Autodesk
CVE-2022-33883 (A malicious crafted file consumed through Moldflow Synergy, Moldflow A ...)
- TODO: check
+ NOT-FOR-US: Autodesk
CVE-2022-33882 (Under certain conditions, an attacker could create an unintended spher ...)
- TODO: check
+ NOT-FOR-US: Autodesk
CVE-2022-33881 (Parsing a maliciously crafted PRT file can force Autodesk AutoCAD 2023 ...)
NOT-FOR-US: Autodesk
CVE-2022-33311 (Browse restriction bypass vulnerability in Address Book of Cybozu Offi ...)
@@ -26522,11 +26522,11 @@ CVE-2022-32175
CVE-2022-32174
RESERVED
CVE-2022-32173 (In OrchardCore rc1-11259 to v1.2.2 vulnerable to HTML injection, allow ...)
- TODO: check
+ NOT-FOR-US: Orchard CMS
CVE-2022-32172 (In Zinc, versions v0.1.9 through v0.3.1 are vulnerable to Stored Cross ...)
- TODO: check
+ NOT-FOR-US: ZincSearch
CVE-2022-32171 (In Zinc, versions v0.1.9 through v0.3.1 are vulnerable to Stored Cross ...)
- TODO: check
+ NOT-FOR-US: ZincSearch
CVE-2022-32170 (The “Bytebase” application does not restrict low privilege ...)
TODO: check
CVE-2022-32169 (The “Bytebase” application does not restrict low privilege ...)
@@ -44030,17 +44030,17 @@ CVE-2022-26242
CVE-2022-26241
RESERVED
CVE-2022-26240 (The default privileges for the running service Normand Message Buffer ...)
- TODO: check
+ NOT-FOR-US: Beckman Coulter Remisol Advance
CVE-2022-26239 (The default privileges for the running service Normand License Manager ...)
- TODO: check
+ NOT-FOR-US: Beckman Coulter Remisol Advance
CVE-2022-26238
RESERVED
CVE-2022-26237 (The default privileges for the running service Normand Viewer Service ...)
- TODO: check
+ NOT-FOR-US: Beckman Coulter Remisol Advance
CVE-2022-26236
RESERVED
CVE-2022-26235 (A vulnerability was discovered in the Remisol Advance v2.0.12.1 and be ...)
- TODO: check
+ NOT-FOR-US: Beckman Coulter Remisol Advance
CVE-2022-26234
RESERVED
CVE-2022-26233 (Barco Control Room Management through Suite 2.9 Build 0275 was discove ...)
@@ -52273,11 +52273,11 @@ CVE-2022-23770
CVE-2022-23769
RESERVED
CVE-2022-23768 (This Vulnerability in NIS-HAP11AC is caused by an exposed external por ...)
- TODO: check
+ NOT-FOR-US: NIS-HAP11AC
CVE-2022-23767 (This vulnerability of SecureGate is SQL-Injection using login without ...)
NOT-FOR-US: SecureGate
CVE-2022-23766 (An improper input validation vulnerability leading to arbitrary file e ...)
- TODO: check
+ NOT-FOR-US: BigFileAgent
CVE-2022-23765 (This vulnerability occured by sending a malicious POST request to a sp ...)
NOT-FOR-US: ipTIME NAS product
CVE-2022-23764 (The vulnerability causing from insufficient verification procedures fo ...)
@@ -77360,7 +77360,7 @@ CVE-2021-40558
CVE-2021-40557
RESERVED
CVE-2021-40556 (A stack overflow vulnerability exists in the httpd service in ASUS RT- ...)
- TODO: check
+ NOT-FOR-US: ASUS
CVE-2021-40555
RESERVED
CVE-2021-40554
@@ -109975,7 +109975,7 @@ CVE-2021-27776
CVE-2021-27775
RESERVED
CVE-2021-27774 (User input included in error response, which could be used in a phishi ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2021-27773 (This vulnerability allows users to execute a clickjacking attack in th ...)
NOT-FOR-US: HCL
CVE-2021-27772 (Users are able to read group conversations without actively taking par ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ad1a1edf875c2ab22cc2c214b8ff81f84fd87661
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ad1a1edf875c2ab22cc2c214b8ff81f84fd87661
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221007/d47cb7e5/attachment.htm>
More information about the debian-security-tracker-commits
mailing list