[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Oct 20 22:34:33 BST 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
84f78b73 by Salvatore Bonaccorso at 2022-10-20T23:33:50+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -2483,7 +2483,7 @@ CVE-2022-3423 (Denial of Service in GitHub repository nocodb/nocodb prior to 0.9
CVE-2022-3422 (Account Takeover :: when see the info i can see the hash pass i can cr ...)
NOT-FOR-US: ToolJet
CVE-2022-3421 (An attacker can pre-create the `/Applications/Google\ Drive.app/Conten ...)
- TODO: check
+ NOT-FOR-US: Drive for Desktop MacOS
CVE-2022-3420
RESERVED
CVE-2022-3419
@@ -4710,7 +4710,7 @@ CVE-2022-41544 (GetSimple CMS v3.3.16 was discovered to contain a remote code ex
CVE-2022-41543
RESERVED
CVE-2022-41542 (devhub 0.102.0 was discovered to contain a broken session control. ...)
- TODO: check
+ NOT-FOR-US: devhub
CVE-2022-41541 (TP-Link AX10v1 V1_211117 allows attackers to execute a replay attack b ...)
NOT-FOR-US: TP-Link
CVE-2022-41540 (The web app client of TP-Link AX10v1 V1_211117 uses hard-coded cryptog ...)
@@ -4932,7 +4932,7 @@ CVE-2022-41433
CVE-2022-41432
RESERVED
CVE-2022-41431 (xzs v3.8.0 was discovered to contain a cross-site scripting (XSS) vuln ...)
- TODO: check
+ NOT-FOR-US: xzs
CVE-2022-41430 (Bento4 v1.6.0-639 was discovered to contain a heap overflow via the AP ...)
NOT-FOR-US: Bento4
CVE-2022-41429 (Bento4 v1.6.0-639 was discovered to contain a heap overflow via the AP ...)
@@ -8262,7 +8262,7 @@ CVE-2022-40057
CVE-2022-40056
RESERVED
CVE-2022-40055 (An issue in GX Group GPON ONT Titanium 2122A T2122-V1.26EXL allows att ...)
- TODO: check
+ NOT-FOR-US: GX Group GPON ONT Titanium 2122A T2122-V1.26EXL
CVE-2022-40054
RESERVED
CVE-2022-40053
@@ -9661,7 +9661,7 @@ CVE-2022-39421 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virt
CVE-2022-39420 (Vulnerability in the Oracle Transportation Management product of Oracl ...)
NOT-FOR-US: Oracle
CVE-2022-39419 (Vulnerability in the Java VM component of Oracle Database Server. Supp ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2022-39418
RESERVED
CVE-2022-39417 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...)
@@ -27104,7 +27104,7 @@ CVE-2022-2053 (When a POST request comes through AJP and the request exceeds the
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2095862
NOTE: https://github.com/undertow-io/undertow/commit/10ad8964162162ce6d441e951cb9efcdaa585916
CVE-2022-2052 (Multiple Trumpf Products in multiple versions use default privileged W ...)
- TODO: check
+ NOT-FOR-US: TRUMPF
CVE-2022-2051
RESERVED
CVE-2022-2050 (The WP-Paginate WordPress plugin before 2.1.9 does not escape one of i ...)
@@ -48128,7 +48128,7 @@ CVE-2022-25752 (A vulnerability has been identified in SCALANCE X302-7 EEC (230V
CVE-2022-25751 (A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCA ...)
NOT-FOR-US: Siemens SCALANCE
CVE-2022-25750 (Memory corruption in BTHOST due to double free while music playback an ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2022-25749
RESERVED
CVE-2022-25748
@@ -55008,11 +55008,11 @@ CVE-2022-23772 (Rat.SetString in math/big in Go before 1.16.14 and 1.17.x before
NOTE: https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ
NOTE: https://github.com/golang/go/commit/539d430efb5043cc6a2d4d4fcd2866b11717039a (go1.17.7)
CVE-2022-23771 (This vulnerability occurs in user accounts creation and deleteion rela ...)
- TODO: check
+ NOT-FOR-US: IPTIME NAS products
CVE-2022-23770 (This vulnerability could allow a remote attacker to execute remote com ...)
- TODO: check
+ NOT-FOR-US: Smart Wing CMS
CVE-2022-23769 (Remote code execution vulnerability due to insufficient user privilege ...)
- TODO: check
+ NOT-FOR-US: reverseWall-MDS
CVE-2022-23768 (This Vulnerability in NIS-HAP11AC is caused by an exposed external por ...)
NOT-FOR-US: NIS-HAP11AC
CVE-2022-23767 (This vulnerability of SecureGate is SQL-Injection using login without ...)
@@ -62192,7 +62192,7 @@ CVE-2022-22221 (An Improper Neutralization of Special Elements vulnerability in
CVE-2022-22220 (A Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in R ...)
NOT-FOR-US: Juniper
CVE-2022-22219 (Due to the Improper Handling of an Unexpected Data Type in the process ...)
- TODO: check
+ NOT-FOR-US: Juniper
CVE-2022-22218 (On SRX Series devices, an Improper Check for Unusual or Exceptional Co ...)
NOT-FOR-US: Juniper
CVE-2022-22217 (An Improper Check for Unusual or Exceptional Conditions vulnerability ...)
@@ -62369,7 +62369,7 @@ CVE-2022-22130
CVE-2022-22129
RESERVED
CVE-2022-22128 (Tableau discovered a path traversal vulnerability affecting Tableau Se ...)
- TODO: check
+ NOT-FOR-US: Tableau Server Administration Agent
CVE-2022-22127 (Tableau is aware of a broken access control vulnerability present in T ...)
NOT-FOR-US: Tableau Server
CVE-2022-22126 (Openmct versions 1.3.0 to 1.7.7 are vulnerable against stored XSS via ...)
@@ -68487,27 +68487,27 @@ CVE-2022-21641 (Vulnerability in the MySQL Server product of Oracle MySQL (compo
CVE-2022-21640 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- mysql-8.0 <unfixed>
CVE-2022-21639 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2022-21638 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- mysql-8.0 8.0.30-1
CVE-2022-21637 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- mysql-8.0 <unfixed>
CVE-2022-21636 (Vulnerability in the Oracle Applications Framework product of Oracle E ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2022-21635 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- mysql-8.0 8.0.30-1
CVE-2022-21634 (Vulnerability in the Oracle GraalVM Enterprise Edition product of Orac ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2022-21633 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- mysql-8.0 <unfixed>
CVE-2022-21632 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- mysql-8.0 <unfixed>
CVE-2022-21631 (Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2022-21630 (Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2022-21629 (Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2022-21628 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...)
- openjdk-8 <unfixed>
- openjdk-11 11.0.17+8-1
@@ -68528,9 +68528,9 @@ CVE-2022-21624 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise E
[bullseye] - openjdk-11 <postponed> (Minor issue, fix along with next CPU)
- openjdk-17 <unfixed>
CVE-2022-21623 (Vulnerability in the Enterprise Manager Base Platform product of Oracl ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2022-21622 (Vulnerability in the Oracle SOA Suite product of Oracle Fusion Middlew ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2022-21621 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
- virtualbox 6.1.40-dfsg-1
NOTE: https://www.oracle.com/security-alerts/cpuoct2022.html#AppendixOVIR
@@ -68547,65 +68547,65 @@ CVE-2022-21618 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise E
CVE-2022-21617 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- mysql-8.0 <unfixed>
CVE-2022-21616 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2022-21615 (Vulnerability in the Oracle Enterprise Data Quality product of Oracle ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2022-21614 (Vulnerability in the Oracle Enterprise Data Quality product of Oracle ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2022-21613 (Vulnerability in the Oracle Enterprise Data Quality product of Oracle ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2022-21612 (Vulnerability in the Oracle Enterprise Data Quality product of Oracle ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2022-21611 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- mysql-8.0 <unfixed>
CVE-2022-21610 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2022-21609 (Vulnerability in the Oracle Business Intelligence Enterprise Edition p ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2022-21608 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- mysql-8.0 <unfixed>
CVE-2022-21607 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- mysql-8.0 8.0.29-1
CVE-2022-21606 (Vulnerability in the Oracle Services for Microsoft Transaction Server ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2022-21605 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- mysql-8.0 8.0.29-1
CVE-2022-21604 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- mysql-8.0 <unfixed>
CVE-2022-21603 (Vulnerability in the Oracle Database - Sharding component of Oracle Da ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2022-21602 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2022-21601 (Vulnerability in the Oracle Communications Billing and Revenue Managem ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2022-21600 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- mysql-8.0 8.0.28-1
CVE-2022-21599 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- mysql-8.0 <unfixed>
CVE-2022-21598 (Vulnerability in the Siebel Core - DB Deployment and Configuration pro ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2022-21597 (Vulnerability in the Oracle GraalVM Enterprise Edition product of Orac ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2022-21596 (Vulnerability in the Oracle Database - Advanced Queuing component of O ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2022-21595 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- mysql-8.0 8.0.28-1
CVE-2022-21594 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- mysql-8.0 <unfixed>
CVE-2022-21593 (Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middl ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2022-21592 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- mysql-8.0 8.0.30-1
CVE-2022-21591 (Vulnerability in the Oracle Transportation Management product of Oracl ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2022-21590 (Vulnerability in the Oracle BI Publisher product of Oracle Fusion Midd ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2022-21589 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- mysql-8.0 <not-affected> (Fixed before initial uplod to Debian)
CVE-2022-21588
RESERVED
CVE-2022-21587 (Vulnerability in the Oracle Web Applications Desktop Integrator produc ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2022-21586 (Vulnerability in the Oracle Banking Trade Finance product of Oracle Fi ...)
NOT-FOR-US: Oracle
CVE-2022-21585 (Vulnerability in the Oracle Banking Trade Finance product of Oracle Fi ...)
@@ -74087,7 +74087,7 @@ CVE-2022-20466
CVE-2022-20465
RESERVED
CVE-2022-20464 (In various functions of ap_input_processor.c, there is a possible way ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2022-20463
RESERVED
CVE-2022-20462
@@ -74242,7 +74242,7 @@ CVE-2022-20399 (In the SEPolicy configuration of system apps, there is a possibl
CVE-2022-20398 (In addOrUpdateNetwork of WifiServiceImpl.java, there is a possible way ...)
NOT-FOR-US: Android
CVE-2022-20397 (In SitRilClient_OnResponse of SitRilSe.cpp, there is a possible out of ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2022-20396 (In SettingsActivity.java, there is a possible way to make a device dis ...)
NOT-FOR-US: Android
CVE-2022-20395 (In checkAccess of MediaProvider.java, there is a possible file deletio ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/84f78b7379d9bdbb26840f8c07e48c7d9ac25faf
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/84f78b7379d9bdbb26840f8c07e48c7d9ac25faf
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221020/c058bf83/attachment.htm>
More information about the debian-security-tracker-commits
mailing list