[Git][security-tracker-team/security-tracker][master] Process several NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Oct 11 22:05:55 BST 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
a7f3932d by Salvatore Bonaccorso at 2022-10-11T23:05:36+02:00
Process several NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -175,9 +175,9 @@ CVE-2022-3455
CVE-2022-3454
RESERVED
CVE-2022-3453 (A vulnerability was found in SourceCodester Book Store Management Syst ...)
- TODO: check
+ NOT-FOR-US: SourceCodester Book Store Management System
CVE-2022-3452 (A vulnerability was found in SourceCodester Book Store Management Syst ...)
- TODO: check
+ NOT-FOR-US: SourceCodester Book Store Management System
CVE-2022-42783
RESERVED
CVE-2022-42782
@@ -313,7 +313,7 @@ CVE-2022-3439
CVE-2022-3438 (Open Redirect in GitHub repository ikus060/rdiffweb prior to 2.5.0a4. ...)
- rdiffweb <itp> (bug #969974)
CVE-2022-42731 (mfa/FIDO2.py in django-mfa2 before 2.5.1 and 2.6.x before 2.6.1 allows ...)
- TODO: check
+ NOT-FOR-US: django-mfa2
CVE-2022-42730
RESERVED
CVE-2022-42729
@@ -1409,13 +1409,13 @@ CVE-2022-42240
CVE-2022-42239
RESERVED
CVE-2022-42238 (A Vertical Privilege Escalation issue in Merchandise Online Store v.1. ...)
- TODO: check
+ NOT-FOR-US: Merchandise Online Store
CVE-2022-42237
RESERVED
CVE-2022-42236 (A Stored XSS issue in Merchandise Online Store v.1.0 allows to injecti ...)
- TODO: check
+ NOT-FOR-US: Merchandise Online Store
CVE-2022-42235 (A Stored XSS issue in Student Clearance System v.1.0 allows the inject ...)
- TODO: check
+ NOT-FOR-US: Student Clearance System
CVE-2022-42234
RESERVED
CVE-2022-42233
@@ -1425,9 +1425,9 @@ CVE-2022-42232
CVE-2022-42231
RESERVED
CVE-2022-42230 (Simple Cold Storage Management System v1.0 is vulnerable to SQL Inject ...)
- TODO: check
+ NOT-FOR-US: Simple Cold Storage Management System
CVE-2022-42229 (Wedding Planner v1.0 is vulnerable to Arbitrary code execution via pac ...)
- TODO: check
+ NOT-FOR-US: Wedding Planner
CVE-2022-42228
RESERVED
CVE-2022-42227
@@ -1817,7 +1817,7 @@ CVE-2022-42036
CVE-2022-42035
RESERVED
CVE-2022-42034 (Wedding Planner v1.0 is vulnerable to arbitrary code execution via use ...)
- TODO: check
+ NOT-FOR-US: Wedding Planner
CVE-2022-42033
RESERVED
CVE-2022-42032
@@ -2682,7 +2682,7 @@ CVE-2022-41667
CVE-2022-41666
RESERVED
CVE-2022-41665 (A vulnerability has been identified in SICAM P850 (All versions < V ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2022-41664
RESERVED
CVE-2022-41663
@@ -3437,7 +3437,7 @@ CVE-2022-41378 (Online Pet Shop We App v1.0 was discovered to contain a SQL inje
CVE-2022-41377 (Online Pet Shop We App v1.0 was discovered to contain a SQL injection ...)
NOT-FOR-US: Online Pet Shop We App
CVE-2022-41376 (Metro UI v4.4.0 to v4.5.0 was discovered to contain a reflected cross- ...)
- TODO: check
+ NOT-FOR-US: Metro UI
CVE-2022-41375
RESERVED
CVE-2022-41374
@@ -4207,11 +4207,11 @@ CVE-2022-41085
CVE-2022-41084
RESERVED
CVE-2022-41083 (Visual Studio Code Elevation of Privilege Vulnerability. ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-41082 (Microsoft Exchange Server Remote Code Execution Vulnerability. ...)
NOT-FOR-US: Microsoft
CVE-2022-41081 (Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulner ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-41080
RESERVED
CVE-2022-41079
@@ -4287,9 +4287,9 @@ CVE-2022-41045
CVE-2022-41044
RESERVED
CVE-2022-41043 (Microsoft Office Information Disclosure Vulnerability. ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-41042 (Visual Studio Code Information Disclosure Vulnerability. ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-41041
RESERVED
CVE-2022-41040 (Microsoft Exchange Server Elevation of Privilege Vulnerability. ...)
@@ -4297,21 +4297,21 @@ CVE-2022-41040 (Microsoft Exchange Server Elevation of Privilege Vulnerability.
CVE-2022-41039
RESERVED
CVE-2022-41038 (Microsoft SharePoint Server Remote Code Execution Vulnerability. This ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-41037 (Microsoft SharePoint Server Remote Code Execution Vulnerability. This ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-41036 (Microsoft SharePoint Server Remote Code Execution Vulnerability. This ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-41035 (Microsoft Edge (Chromium-based) Spoofing Vulnerability. ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-41034 (Visual Studio Code Remote Code Execution Vulnerability. ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-41033 (Windows COM+ Event System Service Elevation of Privilege Vulnerability ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-41032 (NuGet Client Elevation of Privilege Vulnerability. ...)
TODO: check
CVE-2022-41031 (Microsoft Word Remote Code Execution Vulnerability. ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-40129
RESERVED
CVE-2022-41030
@@ -5137,7 +5137,7 @@ CVE-2022-36404
CVE-2022-35238 (Unauthenticated Plugin Settings Change vulnerability in Awesome Filter ...)
NOT-FOR-US: WordPress plugin
CVE-2022-33978 (Reflected Cross-Site Scripting (XSS) vulnerability FontMeister plugin ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-3216 (A vulnerability has been found in Nintendo Game Boy Color and classifi ...)
NOT-FOR-US: Nintendo Game Boy Color
CVE-2022-3215 (NIOHTTP1 and projects using it for generating HTTP responses can be su ...)
@@ -5247,7 +5247,7 @@ CVE-2022-40635 (Improper Control of Dynamically-Managed Code Resources vulnerabi
CVE-2022-40634 (Improper Control of Dynamically-Managed Code Resources vulnerability i ...)
NOT-FOR-US: Crafter Studio of Crafter CMS
CVE-2022-40631 (A vulnerability has been identified in SCALANCE X200-4P IRT (All versi ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2022-38097
RESERVED
CVE-2022-37332
@@ -6213,9 +6213,9 @@ CVE-2022-40229
CVE-2022-40228
RESERVED
CVE-2022-40227 (A vulnerability has been identified in SIMATIC HMI Comfort Panels (inc ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2022-40226 (A vulnerability has been identified in SICAM P850 (All versions < V ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2022-40225
RESERVED
CVE-2022-40200
@@ -6313,19 +6313,19 @@ CVE-2022-40184
CVE-2022-40183
RESERVED
CVE-2022-40182 (A vulnerability has been identified in Desigo PXM30-1 (All versions &l ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2022-40181 (A vulnerability has been identified in Desigo PXM30-1 (All versions &l ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2022-40180 (A vulnerability has been identified in Desigo PXM30-1 (All versions &l ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2022-40179 (A vulnerability has been identified in Desigo PXM30-1 (All versions &l ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2022-40178 (A vulnerability has been identified in Desigo PXM30-1 (All versions &l ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2022-40177 (A vulnerability has been identified in Desigo PXM30-1 (All versions &l ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2022-40176 (A vulnerability has been identified in Desigo PXM30-1 (All versions &l ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2022-3162
RESERVED
CVE-2022-3161
@@ -6402,7 +6402,7 @@ CVE-2022-40149 (Those using Jettison to parse untrusted XML or JSON data may be
CVE-2022-40148
RESERVED
CVE-2022-40147 (A vulnerability has been identified in Industrial Edge Management (All ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2022-40146 (Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XM ...)
- batik 1.15+dfsg-1 (bug #1020589)
[bullseye] - batik <no-dsa> (Minor issue)
@@ -6662,7 +6662,7 @@ CVE-2022-40049
CVE-2022-40048 (Flatpress v1.2.1 was discovered to contain a remote code execution (RC ...)
NOT-FOR-US: Flatpress
CVE-2022-40047 (Flatpress v1.2.1 was discovered to contain a reflected cross-site scri ...)
- TODO: check
+ NOT-FOR-US: Flatpress
CVE-2022-40046
RESERVED
CVE-2022-40045
@@ -10736,7 +10736,7 @@ CVE-2022-2909 (A vulnerability was found in SourceCodester Simple and Nice Shopp
CVE-2022-38466 (A vulnerability has been identified in CoreShield One-Way Gateway (OWG ...)
NOT-FOR-US: CoreShield One-Way Gateway (OWG)
CVE-2022-38465 (A vulnerability has been identified in SIMATIC Drive Controller family ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2022-38089 (Stored cross-site scripting vulnerability in Exment ((PHP8) exceedone/ ...)
NOT-FOR-US: Exment
CVE-2022-38080 (Reflected cross-site scripting vulnerability in Exment ((PHP8) exceedo ...)
@@ -11160,7 +11160,7 @@ CVE-2022-38373
CVE-2022-38372
RESERVED
CVE-2022-38371 (A vulnerability has been identified in Nucleus NET (All versions), Nuc ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2022-38370 (Apache IoTDB grafana-connector version 0.13.0 contains an interface wi ...)
NOT-FOR-US: Apache IoTDB
CVE-2022-38369 (Apache IoTDB version 0.13.0 is vulnerable by session id attack. Users ...)
@@ -12135,71 +12135,71 @@ CVE-2022-2727 (A vulnerability was found in SourceCodester Gym Management System
CVE-2022-2726 (A vulnerability classified as critical has been found in SEMCMS. This ...)
NOT-FOR-US: SEMCMS
CVE-2022-38053 (Microsoft SharePoint Server Remote Code Execution Vulnerability. This ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-38052
RESERVED
CVE-2022-38051 (Windows Graphics Component Elevation of Privilege Vulnerability. This ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-38050 (Win32k Elevation of Privilege Vulnerability. ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-38049 (Microsoft Office Graphics Remote Code Execution Vulnerability. ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-38048 (Microsoft Office Remote Code Execution Vulnerability. ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-38047 (Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulner ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-38046 (Web Account Manager Information Disclosure Vulnerability. ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-38045 (Server Service Remote Protocol Elevation of Privilege Vulnerability. ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-38044 (Windows CD-ROM File System Driver Remote Code Execution Vulnerability. ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-38043 (Windows Security Support Provider Interface Information Disclosure Vul ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-38042 (Active Directory Domain Services Elevation of Privilege Vulnerability. ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-38041 (Windows Secure Channel Denial of Service Vulnerability. ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-38040 (Microsoft ODBC Driver Remote Code Execution Vulnerability. ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-38039 (Windows Kernel Elevation of Privilege Vulnerability. This CVE ID is un ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-38038 (Windows Kernel Elevation of Privilege Vulnerability. This CVE ID is un ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-38037 (Windows Kernel Elevation of Privilege Vulnerability. This CVE ID is un ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-38036 (Internet Key Exchange (IKE) Protocol Denial of Service Vulnerability. ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-38035
RESERVED
CVE-2022-38034 (Windows Workstation Service Elevation of Privilege Vulnerability. ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-38033 (Windows Server Remotely Accessible Registry Keys Information Disclosur ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-38032 (Windows Portable Device Enumerator Service Security Feature Bypass Vul ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-38031 (Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vu ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-38030 (Windows USB Serial Driver Information Disclosure Vulnerability. ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-38029 (Windows ALPC Elevation of Privilege Vulnerability. ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-38028 (Windows Print Spooler Elevation of Privilege Vulnerability. ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-38027 (Windows Storage Elevation of Privilege Vulnerability. ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-38026 (Windows DHCP Client Information Disclosure Vulnerability. ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-38025 (Windows Distributed File System (DFS) Information Disclosure Vulnerabi ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-38024
RESERVED
CVE-2022-38023
RESERVED
CVE-2022-38022 (Windows Kernel Elevation of Privilege Vulnerability. This CVE ID is un ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-38021 (Connected User Experiences and Telemetry Elevation of Privilege Vulner ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-38020 (Visual Studio Code Elevation of Privilege Vulnerability. ...)
NOT-FOR-US: Microsoft
CVE-2022-38019 (AV1 Video Extension Remote Code Execution Vulnerability. ...)
@@ -12207,9 +12207,9 @@ CVE-2022-38019 (AV1 Video Extension Remote Code Execution Vulnerability. ...)
CVE-2022-38018
RESERVED
CVE-2022-38017 (StorSimple 8000 Series Elevation of Privilege Vulnerability. ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-38016 (Windows Local Security Authority (LSA) Elevation of Privilege Vulnerab ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-38015
RESERVED
CVE-2022-38014
@@ -12235,83 +12235,83 @@ CVE-2022-38005 (Windows Print Spooler Elevation of Privilege Vulnerability. ...)
CVE-2022-38004 (Windows Fax Service Remote Code Execution Vulnerability. ...)
NOT-FOR-US: Microsoft
CVE-2022-38003 (Windows Resilient File System Elevation of Privilege. ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-38002
RESERVED
CVE-2022-38001 (Microsoft Office Spoofing Vulnerability. ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-38000 (Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulner ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-37999 (Windows Group Policy Preference Client Elevation of Privilege Vulnerab ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-37998 (Windows Local Session Manager (LSM) Denial of Service Vulnerability. T ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-37997 (Windows Graphics Component Elevation of Privilege Vulnerability. This ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-37996 (Windows Kernel Memory Information Disclosure Vulnerability. ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-37995 (Windows Kernel Elevation of Privilege Vulnerability. This CVE ID is un ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-37994 (Windows Group Policy Preference Client Elevation of Privilege Vulnerab ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-37993 (Windows Group Policy Preference Client Elevation of Privilege Vulnerab ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-37992
RESERVED
CVE-2022-37991 (Windows Kernel Elevation of Privilege Vulnerability. This CVE ID is un ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-37990 (Windows Kernel Elevation of Privilege Vulnerability. This CVE ID is un ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-37989 (Windows Client Server Run-time Subsystem (CSRSS) Elevation of Privileg ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-37988 (Windows Kernel Elevation of Privilege Vulnerability. This CVE ID is un ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-37987 (Windows Client Server Run-time Subsystem (CSRSS) Elevation of Privileg ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-37986 (Windows Win32k Elevation of Privilege Vulnerability. ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-37985 (Windows Graphics Component Information Disclosure Vulnerability. ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-37984 (Windows WLAN Service Elevation of Privilege Vulnerability. ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-37983 (Microsoft DWM Core Library Elevation of Privilege Vulnerability. ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-37982 (Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vu ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-37981 (Windows Event Logging Service Denial of Service Vulnerability. ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-37980 (Windows DHCP Client Elevation of Privilege Vulnerability. ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-37979 (Windows Hyper-V Elevation of Privilege Vulnerability. ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-37978 (Windows Active Directory Certificate Services Security Feature Bypass. ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-37977 (Local Security Authority Subsystem Service (LSASS) Denial of Service V ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-37976 (Active Directory Certificate Services Elevation of Privilege Vulnerabi ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-37975 (Windows Group Policy Elevation of Privilege Vulnerability. ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-37974 (Windows Mixed Reality Developer Tools Information Disclosure Vulnerabi ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-37973 (Windows Local Session Manager (LSM) Denial of Service Vulnerability. T ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-37972 (Microsoft Endpoint Configuration Manager Spoofing Vulnerability. ...)
NOT-FOR-US: Microsoft
CVE-2022-37971 (Microsoft Windows Defender Elevation of Privilege Vulnerability. ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-37970 (Windows DWM Core Library Elevation of Privilege Vulnerability. ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-37969 (Windows Common Log File System Driver Elevation of Privilege Vulnerabi ...)
NOT-FOR-US: Microsoft
CVE-2022-37968 (Azure Arc-enabled Kubernetes cluster Connect Elevation of Privilege Vu ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-37967
RESERVED
CVE-2022-37966
RESERVED
CVE-2022-37965 (Windows Point-to-Point Tunneling Protocol Denial of Service Vulnerabil ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-37964 (Windows Kernel Elevation of Privilege Vulnerability. This CVE ID is un ...)
NOT-FOR-US: Microsoft
CVE-2022-37963 (Microsoft Office Visio Remote Code Execution Vulnerability. This CVE I ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a7f3932d4eeef02081d3d92b6b8678bc6bd33595
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a7f3932d4eeef02081d3d92b6b8678bc6bd33595
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221011/52fb7c0e/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list