[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Oct 19 08:45:04 BST 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
dd140d90 by Salvatore Bonaccorso at 2022-10-19T09:44:33+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -2873,7 +2873,7 @@ CVE-2022-42239
CVE-2022-42238 (A Vertical Privilege Escalation issue in Merchandise Online Store v.1. ...)
NOT-FOR-US: Merchandise Online Store
CVE-2022-42237 (A SQL Injection issue in Merchandise Online Store v.1.0 allows an atta ...)
- TODO: check
+ NOT-FOR-US: Merchandise Online Store
CVE-2022-42236 (A Stored XSS issue in Merchandise Online Store v.1.0 allows to injecti ...)
NOT-FOR-US: Merchandise Online Store
CVE-2022-42235 (A Stored XSS issue in Student Clearance System v.1.0 allows the inject ...)
@@ -2905,7 +2905,7 @@ CVE-2022-42223
CVE-2022-42222
RESERVED
CVE-2022-42221 (Netgear R6220 v1.1.0.114_1.0.1 suffers from Incorrect Access Control, ...)
- TODO: check
+ NOT-FOR-US: Netgear
CVE-2022-42220
RESERVED
CVE-2022-42219
@@ -2943,7 +2943,7 @@ CVE-2022-42204
CVE-2022-42203
RESERVED
CVE-2022-42202 (TP-Link TL-WR841N 8.0 4.17.16 Build 120201 Rel.54750n is vulnerable to ...)
- TODO: check
+ NOT-FOR-US: TP-Link
CVE-2022-42201
RESERVED
CVE-2022-42200
@@ -3039,7 +3039,7 @@ CVE-2022-42156 (D-Link COVR 1200,1203 v1.08 was discovered to contain a command
CVE-2022-42155
RESERVED
CVE-2022-42154 (An arbitrary file upload vulnerability in the component /apiadmin/uplo ...)
- TODO: check
+ NOT-FOR-US: 74cmsSE
CVE-2022-42153
RESERVED
CVE-2022-42152
@@ -3049,11 +3049,11 @@ CVE-2022-42151
CVE-2022-42150
RESERVED
CVE-2022-42149 (kkFileView 4.0 is vulnerable to Server-side request forgery (SSRF) via ...)
- TODO: check
+ NOT-FOR-US: kkFileView
CVE-2022-42148
RESERVED
CVE-2022-42147 (kkFileView 4.0 is vulnerable to Cross Site Scripting (XSS) via control ...)
- TODO: check
+ NOT-FOR-US: kkFileView
CVE-2022-42146
RESERVED
CVE-2022-42145
@@ -3061,9 +3061,9 @@ CVE-2022-42145
CVE-2022-42144
RESERVED
CVE-2022-42143 (Open Source SACCO Management System v1.0 is vulnerable to SQL Injectio ...)
- TODO: check
+ NOT-FOR-US: Open Source SACCO Management System
CVE-2022-42142 (Online Tours & Travels Management System v1.0 is vulnerable to Arb ...)
- TODO: check
+ NOT-FOR-US: Online Tours & Travels Management System
CVE-2022-42141
RESERVED
CVE-2022-42140
@@ -3289,7 +3289,7 @@ CVE-2022-42031
CVE-2022-42030
RESERVED
CVE-2022-42029 (Chamilo 1.11.16 is affected by an authenticated local file inclusion v ...)
- TODO: check
+ NOT-FOR-US: Chamilo LMS
CVE-2022-42028
RESERVED
CVE-2022-42027
@@ -3392,7 +3392,7 @@ CVE-2022-3384
CVE-2022-3383
RESERVED
CVE-2022-3382 (HIWIN Robot System Software version 3.3.21.9869 does not properly addr ...)
- TODO: check
+ NOT-FOR-US: HIWIN Robot System Software
CVE-2022-41983
RESERVED
CVE-2022-41976
@@ -3715,7 +3715,7 @@ CVE-2022-3370
CVE-2022-3369
RESERVED
CVE-2022-3368 (A vulnerability within the Software Updater functionality of Avira Sec ...)
- TODO: check
+ NOT-FOR-US: Avira
CVE-2021-46844
RESERVED
CVE-2021-46843
@@ -4354,9 +4354,9 @@ CVE-2022-3341
CVE-2022-3340
RESERVED
CVE-2022-3339 (A reflected cross-site scripting (XSS) vulnerability in ePO prior to 5 ...)
- TODO: check
+ NOT-FOR-US: Trellix ePolicy Orchestrator
CVE-2022-3338 (An External XML entity (XXE) vulnerability in ePO prior to 5.10 Update ...)
- TODO: check
+ NOT-FOR-US: Trellix ePolicy Orchestrator
CVE-2022-3337
RESERVED
CVE-2022-3336
@@ -4380,7 +4380,7 @@ CVE-2022-30544
CVE-2022-27628
RESERVED
CVE-2022-26375 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Mamm ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-46840 (The HW_KEYMASTER module has an out-of-bounds access vulnerability in p ...)
NOT-FOR-US: Huawei
CVE-2021-46839 (The HW_KEYMASTER module has a vulnerability of missing bounds check on ...)
@@ -4570,21 +4570,21 @@ CVE-2022-41546
CVE-2022-41545
RESERVED
CVE-2022-41544 (GetSimple CMS v3.3.16 was discovered to contain a remote code executio ...)
- TODO: check
+ NOT-FOR-US: GetSimple CMS
CVE-2022-41543
RESERVED
CVE-2022-41542 (devhub 0.102.0 was discovered to contain a broken session control. ...)
TODO: check
CVE-2022-41541 (TP-Link AX10v1 V1_211117 allows attackers to execute a replay attack b ...)
- TODO: check
+ NOT-FOR-US: TP-Link
CVE-2022-41540 (The web app client of TP-Link AX10v1 V1_211117 uses hard-coded cryptog ...)
- TODO: check
+ NOT-FOR-US: TP-Link
CVE-2022-41539 (Wedding Planner v1.0 was discovered to contain an arbitrary file uploa ...)
NOT-FOR-US: Wedding Planner
CVE-2022-41538 (Wedding Planner v1.0 was discovered to contain an arbitrary file uploa ...)
NOT-FOR-US: Wedding Planner
CVE-2022-41537 (Online Tours & Travels Management System v1.0 was discovered to co ...)
- TODO: check
+ NOT-FOR-US: Online Tours & Travels Management System
CVE-2022-41536 (Open Source SACCO Management System v1.0 was discovered to contain a S ...)
NOT-FOR-US: Open Source SACCO Management System
CVE-2022-41535 (Open Source SACCO Management System v1.0 was discovered to contain a S ...)
@@ -4650,7 +4650,7 @@ CVE-2022-41506
CVE-2022-41505
RESERVED
CVE-2022-41504 (An arbitrary file upload vulnerability in the component /php_action/ed ...)
- TODO: check
+ NOT-FOR-US: Billing System Project
CVE-2022-41503
RESERVED
CVE-2022-41502
@@ -4662,7 +4662,7 @@ CVE-2022-41500
CVE-2022-41499
RESERVED
CVE-2022-41498 (Billing System Project v1.0 was discovered to contain a SQL injection ...)
- TODO: check
+ NOT-FOR-US: Billing System Project
CVE-2022-41497 (ClipperCMS 1.3.3 was discovered to contain a Server-Side Request Forge ...)
NOT-FOR-US: ClipperCMS
CVE-2022-41496 (iCMS v7.0.16 was discovered to contain a Server-Side Request Forgery ( ...)
@@ -4714,9 +4714,9 @@ CVE-2022-41474 (RPCMS v3.0.2 was discovered to contain a Cross-Site Request Forg
CVE-2022-41473 (RPCMS v3.0.2 was discovered to contain a reflected cross-site scriptin ...)
NOT-FOR-US: RPCMS
CVE-2022-41472 (74cmsSE v3.12.0 was discovered to contain a cross-site scripting (XSS) ...)
- TODO: check
+ NOT-FOR-US: 74cmsSE
CVE-2022-41471 (74cmsSE v3.12.0 allows authenticated attackers with low-level privileg ...)
- TODO: check
+ NOT-FOR-US: 74cmsSE
CVE-2022-41470
RESERVED
CVE-2022-41469
@@ -5083,7 +5083,7 @@ CVE-2022-41319 (A Reflected Cross-Site Scripting (XSS) vulnerability affects the
CVE-2022-41316 (HashiCorp Vault and Vault Enterprise’s TLS certificate auth meth ...)
NOT-FOR-US: HashiCorp Vault and Vault Enterprise
CVE-2022-3281 (WAGO Series PFC100/PFC200, Series Touch Panel 600, Compact Controller ...)
- TODO: check
+ NOT-FOR-US: WAGO
CVE-2022-3280
RESERVED
CVE-2022-3279 (An unhandled exception in job log parsing in GitLab CE/EE affecting al ...)
@@ -5537,7 +5537,7 @@ CVE-2022-41222 (mm/mremap.c in the Linux kernel before 5.13.3 has a use-after-fr
NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=2347
NOTE: https://git.kernel.org/linus/97113eb39fa7972722ff490b947d8af023e1f6a2 (5.14-rc1)
CVE-2022-41139 (MITRE CALDERA 4.1.0 allows stored XSS via app.contact.gist (aka the gi ...)
- TODO: check
+ NOT-FOR-US: MITRE CALDERA
CVE-2022-41138 (In Zutty before 0.13, DECRQSS in text written to the terminal can achi ...)
- zutty 0.13.0.20220910.112547+dfsg1-1
NOTE: https://github.com/tomszilagyi/zutty/commit/bde7458c60a7bafe08bbeaafbf861eb865edfa38 (0.13)
@@ -6107,7 +6107,7 @@ CVE-2022-40891
CVE-2022-40890 (A vulnerability in /src/amf/amf-context.c in Open5GS 2.4.10 and earlie ...)
NOT-FOR-US: Open5GS
CVE-2022-40889 (Phpok 6.1 has a deserialization vulnerability via framework/phpok_call ...)
- TODO: check
+ NOT-FOR-US: Phpok
CVE-2022-40888
RESERVED
CVE-2022-40887 (SourceCodester Best Student Result Management System 1.0 is vulnerable ...)
@@ -6536,7 +6536,7 @@ CVE-2022-40705 (** UNSUPPORTED WHEN ASSIGNED ** An Improper Restriction of XML E
CVE-2022-40696
RESERVED
CVE-2022-40684 (An authentication bypass using an alternate path or channel [CWE-288] ...)
- TODO: check
+ NOT-FOR-US: FortiGuard
CVE-2022-40683
RESERVED
CVE-2022-40682
@@ -6864,9 +6864,9 @@ CVE-2022-3183
CVE-2022-3182 (Improper Access Control vulnerability in the Duo SMS two-factor of Dev ...)
NOT-FOR-US: Devolutions Remote Desktop Manager
CVE-2022-40606 (MITRE CALDERA before 4.1.0 allows XSS in the Operations tab and/or Deb ...)
- TODO: check
+ NOT-FOR-US: MITRE CALDERA
CVE-2022-40605 (MITRE CALDERA before 4.1.0 allows XSS in the Operations tab and/or Deb ...)
- TODO: check
+ NOT-FOR-US: MITRE CALDERA
CVE-2022-40604 (In Apache Airflow 2.3.0 through 2.3.4, part of a url was unnecessarily ...)
- airflow <itp> (bug #819700)
CVE-2022-40603
@@ -7809,7 +7809,7 @@ CVE-2022-3160
CVE-2022-3159
RESERVED
CVE-2022-3158 (Rockwell Automation FactoryTalk VantagePoint versions 8.0, 8.10, 8.20, ...)
- TODO: check
+ NOT-FOR-US: Rockwell Automation
CVE-2022-3157
RESERVED
CVE-2022-3156
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dd140d90099595a67fb0a76f018ef90d0658d8e2
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dd140d90099595a67fb0a76f018ef90d0658d8e2
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221019/5356d1b5/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list