[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Oct 7 21:33:13 BST 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
ad0a77a3 by Salvatore Bonaccorso at 2022-10-07T22:32:24+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -71,7 +71,7 @@ CVE-2022-3424
CVE-2022-3423 (Denial of Service in GitHub repository nocodb/nocodb prior to 0.92.0. ...)
TODO: check
CVE-2022-3422 (Account Takeover :: when see the info i can see the hash pass i can cr ...)
- TODO: check
+ NOT-FOR-US: ToolJet
CVE-2022-3421
RESERVED
CVE-2022-3420
@@ -885,7 +885,7 @@ CVE-2022-42094
CVE-2022-42093
RESERVED
CVE-2022-42092 (Backdrop CMS 1.22.0 has Unrestricted File Upload vulnerability via 'th ...)
- TODO: check
+ NOT-FOR-US: Backdrop CMS
CVE-2022-42091
RESERVED
CVE-2022-42090
@@ -919,11 +919,11 @@ CVE-2022-42077
CVE-2022-42076
RESERVED
CVE-2022-42075 (Wedding Planner v1.0 is vulnerable to has arbitrary code execution. ...)
- TODO: check
+ NOT-FOR-US: Wedding Planner
CVE-2022-42074 (Online Diagnostic Lab Management System v1.0 is vulnerable to SQL Inje ...)
- TODO: check
+ NOT-FOR-US: Online Diagnostic Lab Management System
CVE-2022-42073 (Online Diagnostic Lab Management System v1.0 is vulnerable to SQL Inje ...)
- TODO: check
+ NOT-FOR-US: Online Diagnostic Lab Management System
CVE-2022-42072
RESERVED
CVE-2022-42071
@@ -2338,13 +2338,13 @@ CVE-2022-41517 (TOTOLINK NR1800X V9.1.0u.6279_B20210910 was discovered to contai
CVE-2022-41516
RESERVED
CVE-2022-41515 (Open Source SACCO Management System v1.0 was discovered to contain a S ...)
- TODO: check
+ NOT-FOR-US: Open Source SACCO Management System
CVE-2022-41514 (Open Source SACCO Management System v1.0 was discovered to contain a S ...)
- TODO: check
+ NOT-FOR-US: Open Source SACCO Management System
CVE-2022-41513 (Online Diagnostic Lab Management System v1.0 was discovered to contain ...)
- TODO: check
+ NOT-FOR-US: Online Diagnostic Lab Management System
CVE-2022-41512 (An arbitrary file upload vulnerability in the component /php_action/ed ...)
- TODO: check
+ NOT-FOR-US: Online Diagnostic Lab Management System
CVE-2022-41511
RESERVED
CVE-2022-41510
@@ -2542,7 +2542,7 @@ CVE-2022-41416
CVE-2022-41415
RESERVED
CVE-2022-41414 (An insecure default in the component auth.login.prompt.enabled of Life ...)
- TODO: check
+ NOT-FOR-US: Liferay
CVE-2022-41413
RESERVED
CVE-2022-41412
@@ -2586,7 +2586,7 @@ CVE-2022-41394
CVE-2022-41393
RESERVED
CVE-2022-41392 (A cross-site scripting (XSS) vulnerability in TotalJS commit 8c2c8909 ...)
- TODO: check
+ NOT-FOR-US: TotalJS CMS
CVE-2022-41391
RESERVED
CVE-2022-41390
@@ -2612,11 +2612,11 @@ CVE-2022-41381
CVE-2022-41380
RESERVED
CVE-2022-41379 (An arbitrary file upload vulnerability in the component /leave_system/ ...)
- TODO: check
+ NOT-FOR-US: Online Leave Management System
CVE-2022-41378 (Online Pet Shop We App v1.0 was discovered to contain a SQL injection ...)
- TODO: check
+ NOT-FOR-US: Online Pet Shop We App
CVE-2022-41377 (Online Pet Shop We App v1.0 was discovered to contain a SQL injection ...)
- TODO: check
+ NOT-FOR-US: Online Pet Shop We App
CVE-2022-41376
RESERVED
CVE-2022-41375
@@ -3843,7 +3843,7 @@ CVE-2022-40874
CVE-2022-40873
RESERVED
CVE-2022-40872 (An SQL injection vulnerability issue was discovered in Sourcecodester ...)
- TODO: check
+ NOT-FOR-US: Sourcecodester Simple E-Learning System
CVE-2022-40871
RESERVED
CVE-2022-40870
@@ -6191,69 +6191,69 @@ CVE-2022-39880
CVE-2022-39879
RESERVED
CVE-2022-39878 (Improper access control vulnerability in Samsung Checkout prior to ver ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-39877 (Improper access control vulnerability in ProfileSharingAccount in Grou ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-39876 (Insertion of Sensitive Information into Log in PushRegIdUpdateClient o ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-39875 (Improper component protection vulnerability in Samsung Account prior t ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-39874 (Sensitive log information leakage vulnerability in Samsung Account pri ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-39873 (Improper authorization vulnerability in Samsung Internet prior to vers ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-39872 (Improper restriction of broadcasting Intent in ShareLive prior to vers ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-39871 (Improper access control vulnerability cloudNotificationManager.java in ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-39870 (Improper access control vulnerability in cloudNotificationManager.java ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-39869 (Improper access control vulnerability in cloudNotificationManager.java ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-39868 (Improper access control vulnerability in GedSamsungAccount.kt SmartThi ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-39867 (Improper access control vulnerability in cloudNotificationManager.java ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-39866 (Improper access control vulnerability in RegisteredEventMediator.kt Sm ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-39865 (Improper access control vulnerability in ContentsSharingActivity.java ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-39864 (Improper access control vulnerability in WifiSetupLaunchHelper in Smar ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-39863 (Intent redirection vulnerability in Samsung Account prior to version 1 ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-39862 (Improper authorization in Dynamic Lockscreen prior to SMR Sep-2022 Rel ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-39861 (Unprotected Receiver in AtBroadcastReceiver in FactoryCamera prior to ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-39860 (Improper access control vulnerability in QuickShare prior to version 1 ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-39859 (Implicit intent hijacking vulnerability in UPHelper library prior to v ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-39858 (Path traversal vulnerability in AtBroadcastReceiver in FactoryCamera p ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-39857 (Improper access control vulnerability in CameraTestActivity in Factory ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-39856 (Improper access control vulnerability in imsservice application prior ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-39855 (Improper access control vulnerability in FACM application prior to SMR ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-39854 (Improper protection in IOMMU prior to SMR Oct-2022 Release 1 allows un ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-39853 (A use after free vulnerability in perf-mgr driver prior to SMR Oct-202 ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-39852 (A heap-based overflow vulnerability in makeContactAGIF in libagifencod ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-39851 (Improper access control vulnerability in CocktailBarService prior to S ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-39850 (Improper access control in mum_container_policy service prior to SMR O ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-39849 (Improper access control in knox_vpn_policy service prior to SMR Oct-20 ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-39848 (Exposure of sensitive information in AT_Distributor prior to SMR Oct-2 ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-39847 (Use after free vulnerability in set_nft_pid and signal_handler functio ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-39846 (DLL hijacking vulnerability in Smart Switch PC prior to version 4.3.22 ...)
NOT-FOR-US: Samstung
CVE-2022-39845 (Improper validation of integrity check vulnerability in Samsung Kies p ...)
@@ -7484,7 +7484,7 @@ CVE-2022-39282
CVE-2022-39281
RESERVED
CVE-2022-39280 (dparse is a parser for Python dependency files. dparse in versions bef ...)
- TODO: check
+ NOT-FOR-US: dparse (parser for Python dependency files)
CVE-2022-39279 (discourse-chat is a plugin for the Discourse message board which adds ...)
NOT-FOR-US: discourse-chat plugin for Discourse
CVE-2022-39278
@@ -7508,7 +7508,7 @@ CVE-2022-39270 (DiscoTOC is a Discourse theme component that generates a table o
CVE-2022-39269 (PJSIP is a free and open source multimedia communication library writt ...)
TODO: check
CVE-2022-39268 (### Impact In a CSRF attack, an innocent end user is tricked by an att ...)
- TODO: check
+ NOT-FOR-US: orchest/orchest
CVE-2022-39267
RESERVED
CVE-2022-39266 (isolated-vm is a library for nodejs which gives the user access to v8' ...)
@@ -7586,7 +7586,7 @@ CVE-2022-39240 (MyGraph is a permission management system. Versions prior to 1.0
CVE-2022-39239 (netlify-ipx is an on-Demand image optimization for Netlify using ipx. ...)
TODO: check
CVE-2022-39238 (Arvados is an open source platform for managing and analyzing biomedic ...)
- TODO: check
+ NOT-FOR-US: Arvados
CVE-2022-39237 (syslabs/sif is the Singularity Image Format (SIF) reference implementa ...)
TODO: check
CVE-2022-39236 (Matrix Javascript SDK is the Matrix Client-Server SDK for JavaScript. ...)
@@ -8429,11 +8429,11 @@ CVE-2022-38936 (An issue has been found in PBC through 2022-8-27. A SEGV issue d
CVE-2022-38935
RESERVED
CVE-2022-38934 (readelf in ToaruOS 2.0.1 has some arbitrary address read vulnerabiliti ...)
- TODO: check
+ NOT-FOR-US: readelf in ToaruOS
CVE-2022-38933
RESERVED
CVE-2022-38932 (readelf in ToaruOS 2.0.1 has a global overflow allowing RCE when parsi ...)
- TODO: check
+ NOT-FOR-US: readelf in ToaruOS
CVE-2022-38931 (A Server-Side Request Forgery (SSRF) in fetch_net_file_upload function ...)
NOT-FOR-US: baijiacms
CVE-2022-38930
@@ -11584,29 +11584,29 @@ CVE-2022-37898
CVE-2022-37897
RESERVED
CVE-2022-37896 (A vulnerability in the Aruba InstantOS and ArubaOS 10 web management i ...)
- TODO: check
+ NOT-FOR-US: Aruba
CVE-2022-37895 (An unauthenticated Denial of Service (DoS) vulnerability exists in the ...)
- TODO: check
+ NOT-FOR-US: Aruba
CVE-2022-37894 (An unauthenticated Denial of Service (DoS) vulnerability exists in the ...)
- TODO: check
+ NOT-FOR-US: Aruba
CVE-2022-37893 (An authenticated command injection vulnerability exists in the Aruba I ...)
- TODO: check
+ NOT-FOR-US: Aruba
CVE-2022-37892 (A vulnerability in the Aruba InstantOS and ArubaOS 10 web management i ...)
- TODO: check
+ NOT-FOR-US: Aruba
CVE-2022-37891 (Unauthenticated buffer overflow vulnerabilities exist within the Aruba ...)
- TODO: check
+ NOT-FOR-US: Aruba
CVE-2022-37890 (Unauthenticated buffer overflow vulnerabilities exist within the Aruba ...)
- TODO: check
+ NOT-FOR-US: Aruba
CVE-2022-37889 (There are buffer overflow vulnerabilities in multiple underlying servi ...)
- TODO: check
+ NOT-FOR-US: Aruba
CVE-2022-37888 (There are buffer overflow vulnerabilities in multiple underlying servi ...)
NOT-FOR-US: Aruba
CVE-2022-37887 (There are buffer overflow vulnerabilities in multiple underlying servi ...)
- TODO: check
+ NOT-FOR-US: Aruba
CVE-2022-37886 (There are buffer overflow vulnerabilities in multiple underlying servi ...)
- TODO: check
+ NOT-FOR-US: Aruba
CVE-2022-37885 (There are buffer overflow vulnerabilities in multiple underlying servi ...)
- TODO: check
+ NOT-FOR-US: Aruba
CVE-2022-37884 (A vulnerability exists in the ClearPass Policy Manager Guest User Inte ...)
NOT-FOR-US: Aruba
CVE-2022-37883 (Vulnerabilities in the ClearPass Policy Manager web-based management i ...)
@@ -14283,7 +14283,7 @@ CVE-2022-36870 (Pending Intent hijacking vulnerability in MTransferNotificationM
CVE-2022-36869 (Improper access control vulnerability in ContactsDumpActivity of?Conta ...)
NOT-FOR-US: Samsung
CVE-2022-36868 (Improper restriction of broadcasting Intent in MouseNKeyHidDevice prio ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-36867 (Improper access control vulnerability in Editor Lite prior to version ...)
NOT-FOR-US: Samsung
CVE-2022-36866 (Improper access control vulnerability in Broadcaster in Group Sharing ...)
@@ -18445,7 +18445,7 @@ CVE-2022-35232
CVE-2022-35231
RESERVED
CVE-2022-33896 (A buffer underflow vulnerability exists in the way Hword of Hancom Off ...)
- TODO: check
+ NOT-FOR-US: Hancom Office
CVE-2022-2325 (The Invitation Based Registrations WordPress plugin through 2.2.84 doe ...)
NOT-FOR-US: WordPress plugin
CVE-2022-2324 (Improperly Implemented Security Check vulnerability in the SonicWall H ...)
@@ -22348,7 +22348,7 @@ CVE-2022-33903 (Tor 0.4.7.x before 0.4.7.8 allows a denial of service via the we
CVE-2022-33891 (The Apache Spark UI offers the possibility to enable ACLs via the conf ...)
- apache-spark <itp> (bug #802194)
CVE-2022-33890 (A maliciously crafted PCT or DWF file when consumed through DesignRevi ...)
- TODO: check
+ NOT-FOR-US: Autodesk
CVE-2022-33889 (A maliciously crafted GIF or JPEG files when parsed through Autodesk D ...)
NOT-FOR-US: Autodesk
CVE-2022-33888 (A malicious crafted Dwg2Spd file when processed through Autodesk DWG a ...)
@@ -25320,15 +25320,15 @@ CVE-2022-32595
CVE-2022-32594
RESERVED
CVE-2022-32593 (In vowe, there is a possible out of bounds write due to a missing boun ...)
- TODO: check
+ NOT-FOR-US: Mediatek
CVE-2022-32592 (In cpu dvfs, there is a possible out of bounds write due to a missing ...)
- TODO: check
+ NOT-FOR-US: Mediatek
CVE-2022-32591 (In ril, there is a possible system crash due to an incorrect bounds ch ...)
- TODO: check
+ NOT-FOR-US: Mediatek
CVE-2022-32590 (In wlan, there is a possible use after free due to an incorrect status ...)
- TODO: check
+ NOT-FOR-US: Mediatek
CVE-2022-32589 (In Wi-Fi driver, there is a possible way to disconnect Wi-Fi due to an ...)
- TODO: check
+ NOT-FOR-US: Mediatek
CVE-2022-32569
RESERVED
CVE-2022-32568
@@ -43429,15 +43429,15 @@ CVE-2022-0865 (Reachable Assertion in tiffcp in libtiff 4.3.0 allows attackers t
CVE-2022-26476 (A vulnerability has been identified in Spectrum Power 4 (All versions ...)
NOT-FOR-US: Siemens
CVE-2022-26475 (In wlan, there is a possible out of bounds write due to a missing boun ...)
- TODO: check
+ NOT-FOR-US: Mediatek
CVE-2022-26474 (In sensorhub, there is a possible out of bounds write due to an incorr ...)
- TODO: check
+ NOT-FOR-US: Mediatek
CVE-2022-26473 (In vdec fmt, there is a possible use after free due to improper lockin ...)
- TODO: check
+ NOT-FOR-US: Mediatek
CVE-2022-26472 (In ims, there is a possible escalation of privilege due to a parcel fo ...)
- TODO: check
+ NOT-FOR-US: Mediatek
CVE-2022-26471 (In telephony, there is a possible escalation of privilege due to a par ...)
- TODO: check
+ NOT-FOR-US: Mediatek
CVE-2022-26470 (In aie, there is a possible out of bounds write due to an incorrect bo ...)
NOT-FOR-US: Mediatek
CVE-2022-26469 (In MtkEmail, there is a possible escalation of privilege due to fragme ...)
@@ -43475,7 +43475,7 @@ CVE-2022-26454 (In teei, there is a possible memory corruption due to an integer
CVE-2022-26453 (In teei, there is a possible memory corruption due to a use after free ...)
NOT-FOR-US: Mediatek
CVE-2022-26452 (In isp, there is a possible use after free due to improper locking. Th ...)
- TODO: check
+ NOT-FOR-US: Mediatek
CVE-2022-26451 (In ged, there is a possible use after free due to improper locking. Th ...)
NOT-FOR-US: Mediatek
CVE-2022-26450 (In apusys, there is a possible use after free due to a race condition. ...)
@@ -44164,11 +44164,11 @@ CVE-2022-26240 (The default privileges for the running service Normand Message B
CVE-2022-26239 (The default privileges for the running service Normand License Manager ...)
NOT-FOR-US: Beckman Coulter Remisol Advance
CVE-2022-26238 (The default privileges for the running service Normand Service Manager ...)
- TODO: check
+ NOT-FOR-US: Beckman Coulter Remisol Advance
CVE-2022-26237 (The default privileges for the running service Normand Viewer Service ...)
NOT-FOR-US: Beckman Coulter Remisol Advance
CVE-2022-26236 (The default privileges for the running service Normand Remisol Advance ...)
- TODO: check
+ NOT-FOR-US: Beckman Coulter Remisol Advance
CVE-2022-26235 (A vulnerability was discovered in the Remisol Advance v2.0.12.1 and be ...)
NOT-FOR-US: Beckman Coulter Remisol Advance
CVE-2022-26234
@@ -61115,7 +61115,7 @@ CVE-2022-21938 (Under certain circumstances, a vulnerability in Metasys ADS/ADX/
CVE-2022-21937 (Under certain circumstances, a vulnerability in Metasys ADS/ADX/OAS 10 ...)
NOT-FOR-US: Metasys
CVE-2022-21936 (On Metasys ADX Server version 12.0 running MVE, an Active Directory us ...)
- TODO: check
+ NOT-FOR-US: Metasys ADX Server
CVE-2022-21935 (A vulnerability in Metasys ADS/ADX/OAS 10 versions prior to 10.1.5 and ...)
NOT-FOR-US: Metasys
CVE-2022-21934 (Under certain circumstances an authenticated user could lock other use ...)
@@ -78500,15 +78500,15 @@ CVE-2021-40168
CVE-2021-40167 (A malicious crafted dwf or .pct file when consumed through DesignRevie ...)
NOT-FOR-US: Autodesk
CVE-2021-40166 (A maliciously crafted PNG file in Autodesk Image Processing component ...)
- TODO: check
+ NOT-FOR-US: Autodesk
CVE-2021-40165 (A maliciously crafted TIFF, PICT, TGA, or RLC file in Autodesk Image P ...)
- TODO: check
+ NOT-FOR-US: Autodesk
CVE-2021-40164 (A heap-based buffer overflow could occur while parsing TIFF, PICT, TGA ...)
- TODO: check
+ NOT-FOR-US: Autodesk
CVE-2021-40163 (A Memory Corruption vulnerability may lead to code execution through m ...)
- TODO: check
+ NOT-FOR-US: Autodesk
CVE-2021-40162 (A maliciously crafted TIF, PICT, TGA, or RLC files in Autodesk Image P ...)
- TODO: check
+ NOT-FOR-US: Autodesk
CVE-2021-40161 (A Memory Corruption vulnerability may lead to code execution through m ...)
NOT-FOR-US: Autodesk
CVE-2021-40160 (PDFTron prior to 9.0.7 version may be forced to read beyond allocated ...)
@@ -168703,7 +168703,7 @@ CVE-2020-15857
CVE-2020-15856
RESERVED
CVE-2020-15855 (Two cross-site scripting vulnerabilities were fixed in Bodhi 5.6.1. ...)
- TODO: check
+ NOT-FOR-US: Bodhi
CVE-2020-15854
RESERVED
CVE-2020-15853
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ad0a77a3d51b1cb68f3ba4900d905a060a319d73
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ad0a77a3d51b1cb68f3ba4900d905a060a319d73
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221007/c72cea40/attachment.htm>
More information about the debian-security-tracker-commits
mailing list