[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Thu Oct 13 12:39:10 BST 2022
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
1c3e2197 by Moritz Muehlenhoff at 2022-10-13T13:38:49+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -11,15 +11,15 @@ CVE-2022-42902 (In Linaro Automated Validation Architecture (LAVA) before 2022.1
NOTE: https://git.lavasoftware.org/lava/lava/-/merge_requests/1834
NOTE: https://git.lavasoftware.org/lava/lava/-/commit/e66b74cd6c175ff8826b8f3431740963be228b52?merge_request_iid=1834
CVE-2022-42901 (Bentley MicroStation and MicroStation-based applications may be affect ...)
- TODO: check
+ NOT-FOR-US: Bentley
CVE-2022-42900 (Bentley MicroStation and MicroStation-based applications may be affect ...)
- TODO: check
+ NOT-FOR-US: Bentley
CVE-2022-42899 (Bentley MicroStation and MicroStation-based applications may be affect ...)
- TODO: check
+ NOT-FOR-US: Bentley
CVE-2022-42898
RESERVED
CVE-2022-42897 (Array Networks AG/vxAG with ArrayOS AG before 9.4.0.469 allows unauthe ...)
- TODO: check
+ NOT-FOR-US: Array Networks
CVE-2022-3478
RESERVED
CVE-2022-42906 (powerline-gitstatus (aka Powerline Gitstatus) before 1.3.2 allows arbi ...)
@@ -49,13 +49,13 @@ CVE-2022-3475
CVE-2022-3474
RESERVED
CVE-2022-3473 (A vulnerability classified as critical has been found in SourceCodeste ...)
- TODO: check
+ NOT-FOR-US: SourceCodester
CVE-2022-3472 (A vulnerability was found in SourceCodester Human Resource Management ...)
- TODO: check
+ NOT-FOR-US: SourceCodester
CVE-2022-3471 (A vulnerability was found in SourceCodester Human Resource Management ...)
- TODO: check
+ NOT-FOR-US: SourceCodester
CVE-2022-3470 (A vulnerability was found in SourceCodester Human Resource Management ...)
- TODO: check
+ NOT-FOR-US: SourceCodester
CVE-2022-3469
RESERVED
CVE-2022-3468
@@ -3631,13 +3631,13 @@ CVE-2022-41353
CVE-2022-41352 (An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15 and 9.0. ...)
NOT-FOR-US: Zimbra
CVE-2022-41351 (In Zimbra Collaboration Suite (ZCS) 8.8.15, at the URL /h/calendar, on ...)
- TODO: check
+ NOT-FOR-US: Zimbra
CVE-2022-41350 (In Zimbra Collaboration Suite (ZCS) 8.8.15, /h/search?action=voicemail ...)
- TODO: check
+ NOT-FOR-US: Zimbra
CVE-2022-41349 (In Zimbra Collaboration Suite (ZCS) 8.8.15, the URL at /h/compose acce ...)
- TODO: check
+ NOT-FOR-US: Zimbra
CVE-2022-41348 (An issue was discovered in Zimbra Collaboration (ZCS) 9.0. XSS can occ ...)
- TODO: check
+ NOT-FOR-US: Zimbra
CVE-2022-41347 (An issue was discovered in Zimbra Collaboration (ZCS) 8.8.x and 9.x (e ...)
NOT-FOR-US: Zimbra
CVE-2022-41346
@@ -3758,7 +3758,7 @@ CVE-2022-41320 (Veritas System Recovery (VSR) versions 18 and 21 store a network
CVE-2022-41319 (A Reflected Cross-Site Scripting (XSS) vulnerability affects the Verit ...)
NOT-FOR-US: Veritas
CVE-2022-41316 (HashiCorp Vault and Vault Enterprise’s TLS certificate auth meth ...)
- TODO: check
+ NOT-FOR-US: HashiCorp Vault and Vault Enterprise
CVE-2022-3281
RESERVED
CVE-2022-3280
@@ -6455,7 +6455,7 @@ CVE-2022-40188 (Knot Resolver before 5.5.3 allows remote attackers to cause a de
NOTE: https://github.com/CZ-NIC/knot-resolver/commit/f6577a20e493c7fbdac124d7544bf1846b084185 (v5.5.3)
NOTE: https://www.knot-resolver.cz/2022-09-21-knot-resolver-5.5.3.html
CVE-2022-40187 (Foresight GC3 Launch Monitor 1.3.15.68 ships with a Target Communicati ...)
- TODO: check
+ NOT-FOR-US: Foresight GC3 Launch Monitor
CVE-2022-40186 (An issue was discovered in HashiCorp Vault and Vault Enterprise before ...)
NOT-FOR-US: HashiCorp Vault and Vault Enterprise
CVE-2022-40185
@@ -8430,11 +8430,11 @@ CVE-2022-39301
CVE-2022-39300
RESERVED
CVE-2022-39299 (Passport-SAML is a SAML 2.0 authentication provider for Passport, the ...)
- TODO: check
+ NOT-FOR-US: Passport-SAML
CVE-2022-39298 (MelisFront is the engine that displays website hosted on Melis Platfor ...)
- TODO: check
+ NOT-FOR-US: MelisFront
CVE-2022-39297 (MelisCms provides a full CMS for Melis Platform, including templating ...)
- TODO: check
+ NOT-FOR-US: MelisCms
CVE-2022-39296 (MelisAssetManager provides deliveries of Melis Platform's assets locat ...)
NOT-FOR-US: MelisAssetManager
CVE-2022-39295
@@ -11411,7 +11411,7 @@ CVE-2022-38363
CVE-2022-2829 (Cross-site Scripting (XSS) - Stored in GitHub repository yetiforcecomp ...)
NOT-FOR-US: yetiforcecrm
CVE-2022-2828 (In affected versions of Octopus Server it is possible to reveal inform ...)
- TODO: check
+ NOT-FOR-US: Octopus Server
CVE-2022-2827
RESERVED
CVE-2022-2826
@@ -21924,9 +21924,9 @@ CVE-2022-34393
CVE-2022-34392
RESERVED
CVE-2022-34391 (Dell Client BIOS Versions prior to the remediated version contain an i ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2022-34390 (Dell BIOS contains a use of uninitialized variable vulnerability. A lo ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2022-34389
RESERVED
CVE-2022-34388
@@ -22884,7 +22884,7 @@ CVE-2022-34022
CVE-2022-34021
RESERVED
CVE-2022-34020 (Cross Site Request Forgery (CSRF) vulnerability in ResIOT ResIOT IOT P ...)
- TODO: check
+ NOT-FOR-US: DellResIOT
CVE-2022-34019
RESERVED
CVE-2022-34018
@@ -23286,7 +23286,7 @@ CVE-2014-125002 (A vulnerability was found in FFmpeg 2.0. It has been classified
- ffmpeg <not-affected> (Fixed before re-introduction to Debian as src:ffmpeg)
NOTE: Fixed by: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=f1caaa1c61310beba705957e6366f0392a0b005b (n2.2-rc1)
CVE-2022-33937 (Dell GeoDrive, Versions 1.0 - 2.2, contain a Path Traversal Vulnerabil ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2022-33936 (Cloud Mobility for Dell EMC Storage, 1.3.0.XXX contains a RCE vulnerab ...)
NOT-FOR-US: EMC
CVE-2022-33935 (Dell EMC Data Protection Advisor versions 19.6 and earlier, contains a ...)
@@ -23316,15 +23316,15 @@ CVE-2022-33924 (Dell Wyse Management Suite 3.6.1 and below contains an Improper
CVE-2022-33923 (Dell PowerStore, versions prior to 3.0.0.0, contains an OS Command Inj ...)
NOT-FOR-US: Dell
CVE-2022-33922 (Dell GeoDrive, versions prior to 2.2, contains Insecure File and Folde ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2022-33921 (Dell GeoDrive, versions prior to 2.2, contains Multiple DLL Hijacking ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2022-33920 (Dell GeoDrive, versions prior to 2.2, contains an Unquoted File Path v ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2022-33919 (Dell GeoDrive, versions 2.1 - 2.2, contains an information disclosure ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2022-33918 (Dell GeoDrive, Versions 2.1 - 2.2, contains an information disclosure ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2022-33917 (An issue was discovered in the Arm Mali GPU Kernel Driver (Valhall r29 ...)
NOT-FOR-US: ARM Mali
CVE-2022-2117 (The GiveWP plugin for WordPress is vulnerable to Sensitive Information ...)
@@ -26689,27 +26689,27 @@ CVE-2022-32495
CVE-2022-32494
RESERVED
CVE-2022-32493 (Dell BIOS contains an Stack-Based Buffer Overflow vulnerability. A loc ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2022-32492 (Dell BIOS contains an improper input validation vulnerability. A local ...)
NOT-FOR-US: Dell
CVE-2022-32491 (Dell Client BIOS contains a Buffer Overflow vulnerability. A local aut ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2022-32490
RESERVED
CVE-2022-32489 (Dell BIOS contains an improper input validation vulnerability. A local ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2022-32488 (Dell BIOS contains an improper input validation vulnerability. A local ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2022-32487 (Dell BIOS contains an improper input validation vulnerability. A local ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2022-32486 (Dell BIOS contains an improper input validation vulnerability. A local ...)
NOT-FOR-US: Dell
CVE-2022-32485 (Dell BIOS contains an improper input validation vulnerability. A local ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2022-32484 (Dell BIOS contains an improper input validation vulnerability. A local ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2022-32483 (Dell BIOS contains an improper input validation vulnerability. A local ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2022-32482
RESERVED
CVE-2022-32481 (Dell PowerProtect Cyber Recovery, versions prior to 19.11, contain a p ...)
@@ -27696,13 +27696,13 @@ CVE-2022-32172 (In Zinc, versions v0.1.9 through v0.3.1 are vulnerable to Stored
CVE-2022-32171 (In Zinc, versions v0.1.9 through v0.3.1 are vulnerable to Stored Cross ...)
NOT-FOR-US: ZincSearch
CVE-2022-32170 (The “Bytebase” application does not restrict low privilege ...)
- TODO: check
+ NOT-FOR-US: Bytebase
CVE-2022-32169 (The “Bytebase” application does not restrict low privilege ...)
- TODO: check
+ NOT-FOR-US: Bytebase
CVE-2022-32168 (Notepad++ versions 8.4.1 and before are vulnerable to DLL hijacking wh ...)
- TODO: check
+ NOT-FOR-US: Notepad++
CVE-2022-32167 (Cloudreve versions v1.0.0 through v3.5.3 are vulnerable to Stored Cros ...)
- TODO: check
+ NOT-FOR-US: Cloudreve
CVE-2022-32166 (In ovs versions v0.90.0 through v2.5.0 are vulnerable to heap buffer o ...)
- openvswitch 2.13.0+dfsg1-1
NOTE: https://github.com/openvswitch/ovs/commit/2ed6505555cdcb46f9b1f0329d1491b75290fc73 (v2.12.0)
@@ -29100,7 +29100,7 @@ CVE-2022-31681 (VMware ESXi contains a null-pointer deference vulnerability. A m
CVE-2022-31680 (The vCenter Server contains an unsafe deserialisation vulnerability in ...)
NOT-FOR-US: VMware
CVE-2022-31679 (Applications that allow HTTP PATCH access to resources exposed by Spri ...)
- TODO: check
+ NOT-FOR-US: VMware
CVE-2022-31678
RESERVED
CVE-2022-31677 (An Insufficient Session Expiration issue was discovered in the Pinnipe ...)
@@ -30450,7 +30450,7 @@ CVE-2022-31230 (Dell PowerScale OneFS, versions 8.2.x-9.2.x, contain broken or r
CVE-2022-31229 (Dell PowerScale OneFS, 8.2.x through 9.3.0.x, contain an error message ...)
NOT-FOR-US: Dell
CVE-2022-31228 (Dell EMC XtremIO versions prior to X2 6.4.0-22 contain a bruteforce vu ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2022-31227
RESERVED
CVE-2022-31226 (Dell BIOS versions contain a Stack-based Buffer Overflow vulnerability ...)
@@ -37676,7 +37676,7 @@ CVE-2022-28804
CVE-2022-28803 (In SilverStripe Framework through 2022-04-07, Stored XSS can occur in ...)
NOT-FOR-US: Silverstripe CMS
CVE-2022-28802 (Code by Zapier before 2022-08-17 allowed intra-account privilege escal ...)
- TODO: check
+ NOT-FOR-US: Zapier
CVE-2022-28801
RESERVED
CVE-2022-28800
@@ -46196,7 +46196,7 @@ CVE-2022-24376 (All versions of package git-promise are vulnerable to Command In
CVE-2022-24375 (The package node-opcua before 2.74.0 are vulnerable to Denial of Servi ...)
NOT-FOR-US: node-opcua/node-opcua
CVE-2022-24373 (The package react-native-reanimated before 3.0.0-rc.1 are vulnerable t ...)
- TODO: check
+ NOT-FOR-US: react-native-reanimated
CVE-2022-24298 (All versions of package freeopcua/freeopcua are vulnerable to Denial o ...)
NOT-FOR-US: FreeOpcUa/freeopcua
CVE-2022-24279 (The package madlib-object-utils before 0.1.8 are vulnerable to Prototy ...)
@@ -53554,7 +53554,7 @@ CVE-2022-23718 (PingID Windows Login prior to 2.8 uses known vulnerable componen
CVE-2022-23717 (PingID Windows Login prior to 2.8 is vulnerable to a denial of service ...)
NOT-FOR-US: PingID Integration for Windows Login
CVE-2022-23716 (A flaw was discovered in ECE before 3.1.1 that could lead to the discl ...)
- TODO: check
+ NOT-FOR-US: Elastic Cloud Enterprise
CVE-2022-23715 (A flaw was discovered in ECE before 3.4.0 that might lead to the discl ...)
NOT-FOR-US: Elastic Cloud Enterprise
CVE-2022-23714 (A local privilege escalation (LPE) issue was discovered in the ransomw ...)
@@ -54116,13 +54116,13 @@ CVE-2022-23466
CVE-2022-23465
RESERVED
CVE-2022-23464 (Nepxion Discovery is a solution for Spring Cloud. Discovery is vulnera ...)
- TODO: check
+ NOT-FOR-US: Nepxion
CVE-2022-23463 (Nepxion Discovery is a solution for Spring Cloud. Discover is vulnerab ...)
- TODO: check
+ NOT-FOR-US: Nepxion
CVE-2022-23462
RESERVED
CVE-2022-23461 (Jodit Editor is a WYSIWYG editor written in pure TypeScript without th ...)
- TODO: check
+ NOT-FOR-US: Jodit Editor
CVE-2022-23460 (Jsonxx or Json++ is a JSON parser, writer and reader written in C++. I ...)
TODO: check - numerous jsonxx repositories exist on github
NOTE: https://github.com/advisories/GHSA-h8mv-q3c4-8hw2
@@ -54130,7 +54130,7 @@ CVE-2022-23459 (Jsonxx or Json++ is a JSON parser, writer and reader written in
TODO: check - numerous jsonxx repositories exist on github
NOTE: https://github.com/advisories/GHSA-8662-6hf9-cr47
CVE-2022-23458 (Toast UI Grid is a component to display and edit data. Versions prior ...)
- TODO: check
+ NOT-FOR-US: Toast UI Grid
CVE-2022-23457 (ESAPI (The OWASP Enterprise Security API) is a free, open source, web ...)
- libowasp-esapi-java 2.4.0.0-1 (bug #1010339)
[bullseye] - libowasp-esapi-java <no-dsa> (Minor issue)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1c3e219774f53ecddcd3769888810929ba781dc8
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1c3e219774f53ecddcd3769888810929ba781dc8
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221013/26c12b50/attachment.htm>
More information about the debian-security-tracker-commits
mailing list