[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Sun Oct 23 16:42:03 BST 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
61331769 by Salvatore Bonaccorso at 2022-10-23T17:41:39+02:00
Process NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -3740,7 +3740,7 @@ CVE-2022-42178
CVE-2022-42177
RESERVED
CVE-2022-42176 (In PCTechSoft PCSecure V5.0.8.xw, use of Hard-coded Credentials in con ...)
- TODO: check
+ NOT-FOR-US: PCTechSoft PCSecure
CVE-2022-42175
RESERVED
CVE-2022-42174
@@ -4810,9 +4810,9 @@ CVE-2022-41710
CVE-2022-41709 (Markdownify version 1.4.1 allows an external attacker to execute arbit ...)
TODO: check
CVE-2022-41708 (Relatedcode's Messenger version 7bcd20b allows an authenticated extern ...)
- TODO: check
+ NOT-FOR-US: Relatedcode's Messenger
CVE-2022-41707 (Relatedcode's Messenger version 7bcd20b allows an authenticated extern ...)
- TODO: check
+ NOT-FOR-US: Relatedcode's Messenger
CVE-2022-41706
RESERVED
CVE-2022-41705
@@ -4923,7 +4923,7 @@ CVE-2022-41643
CVE-2022-41640
RESERVED
CVE-2022-41638 (Auth. Stored Cross-Site Scripting (XSS) in Pop-Up Chop Chop plugin < ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-41635
RESERVED
CVE-2022-41634
@@ -5050,7 +5050,7 @@ CVE-2022-40697
CVE-2022-40694
RESERVED
CVE-2022-40311 (Auth. (admin+) Stored Cross-Site Scripting (XSS) in Fatcat Apps Analyt ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-40218
RESERVED
CVE-2022-40216
@@ -5452,7 +5452,7 @@ CVE-2022-41481 (Tenda AC1200 US_AC6V2.0RTL_V15.03.06.51_multi_TDE01 was discover
CVE-2022-41480 (Tenda AC1200 US_AC6V2.0RTL_V15.03.06.51_multi_TDE01 was discovered to ...)
NOT-FOR-US: Tenda
CVE-2022-41479 (The DevExpress Resource Handler (ASPxHttpHandlerModule) in DevExpress ...)
- TODO: check
+ NOT-FOR-US: DevExpress
CVE-2022-41478
RESERVED
CVE-2022-41477 (A security issue was discovered in WeBid <=1.2.2. A Server-Side Req ...)
@@ -5582,7 +5582,7 @@ CVE-2022-41417
CVE-2022-41416 (Online Tours & Travels Management System v1.0 was discovered to co ...)
NOT-FOR-US: Online Tours & Travels Management System
CVE-2022-41415 (Acer Altos W2000h-W570h F4 R01.03.0018 was discovered to contain a sta ...)
- TODO: check
+ NOT-FOR-US: Acer
CVE-2022-41414 (An insecure default in the component auth.login.prompt.enabled of Life ...)
NOT-FOR-US: Liferay
CVE-2022-41413
@@ -5697,7 +5697,7 @@ CVE-2022-41360
CVE-2022-41359
RESERVED
CVE-2022-41358 (A stored cross-site scripting (XSS) vulnerability in Garage Management ...)
- TODO: check
+ NOT-FOR-US: Garage Management System
CVE-2022-41357
RESERVED
CVE-2022-41356
@@ -5916,9 +5916,9 @@ CVE-2022-3265
CVE-2022-3264
RESERVED
CVE-2022-41310 (A malicious crafted .dwf or .pct file when consumed through DesignRevi ...)
- TODO: check
+ NOT-FOR-US: Autodesk
CVE-2022-41309 (A malicious crafted .dwf or .pct file when consumed through DesignRevi ...)
- TODO: check
+ NOT-FOR-US: Autodesk
CVE-2022-41308 (A maliciously crafted PKT file when consumed through SubassemblyCompos ...)
NOT-FOR-US: Autodesk
CVE-2022-41307 (A maliciously crafted PKT file when consumed through SubassemblyCompos ...)
@@ -6867,9 +6867,9 @@ CVE-2022-40887 (SourceCodester Best Student Result Management System 1.0 is vuln
CVE-2022-40886 (DedeCMS 5.7.98 has a file upload vulnerability in the background. ...)
NOT-FOR-US: DedeCMS
CVE-2022-40885 (Bento4 v1.6.0-639 has a memory allocation issue that can cause denial ...)
- TODO: check
+ NOT-FOR-US: Bento4
CVE-2022-40884 (Bento4 1.6.0 has memory leaks via the mp4fragment. ...)
- TODO: check
+ NOT-FOR-US: Bento4
CVE-2022-40883
RESERVED
CVE-2022-40882
@@ -7346,7 +7346,7 @@ CVE-2022-38461
CVE-2022-38454 (Cross-Site Request Forgery (CSRF) vulnerability in Kraken.io Image Opt ...)
NOT-FOR-US: WordPress plugin
CVE-2022-38104 (Auth. WordPress Options Change (siteurl, users_can_register, default_r ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-38079 (Cross-Site Request Forgery (CSRF) vulnerability Backup Scheduler plugi ...)
NOT-FOR-US: WordPress plugin
CVE-2022-38074
@@ -10731,7 +10731,7 @@ CVE-2022-39235
CVE-2022-39234
RESERVED
CVE-2022-39233 (Tuleap is a Free & Open Source Suite to improve management of soft ...)
- TODO: check
+ NOT-FOR-US: Tuleap
CVE-2022-39232 (Discourse is an open source discussion platform. Starting with version ...)
NOT-FOR-US: Discourse
CVE-2022-39231 (Parse Server is an open source backend that can be deployed to any inf ...)
@@ -14251,9 +14251,9 @@ CVE-2022-38110
CVE-2022-38109
RESERVED
CVE-2022-38108 (SolarWinds Platform was susceptible to the Deserialization of Untruste ...)
- TODO: check
+ NOT-FOR-US: SolarWinds
CVE-2022-38107 (Sensitive information could be displayed when a detailed technical err ...)
- TODO: check
+ NOT-FOR-US: SolarWinds
CVE-2022-38106
RESERVED
CVE-2022-38093 (Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in All in O ...)
@@ -16334,7 +16334,7 @@ CVE-2022-2593 (The Better Search Replace WordPress plugin before 1.4.1 does not
CVE-2022-37299 (An issue was discovered in Shirne CMS 1.2.0. There is a Path Traversal ...)
NOT-FOR-US: Shirne CMS
CVE-2022-37298 (Shinken Solutions Shinken Monitoring Version 2.4.3 affected is vulnera ...)
- TODO: check
+ NOT-FOR-US: Shinken Solutions Shinken Monitoring
CVE-2022-37297
RESERVED
CVE-2022-37296
@@ -17167,7 +17167,7 @@ CVE-2022-36968 (In Progress WS_FTP Server prior to version 8.7.3, forms within t
CVE-2022-36967 (In Progress WS_FTP Server prior to version 8.7.3, multiple reflected c ...)
NOT-FOR-US: Progress WS_FTP Server
CVE-2022-36966 (Users with Node Management rights were able to view and edit all nodes ...)
- TODO: check
+ NOT-FOR-US: SolarWinds
CVE-2022-36965 (Insufficient sanitization of inputs in QoE application input field cou ...)
NOT-FOR-US: Solarwinds
CVE-2022-36964
@@ -17183,9 +17183,9 @@ CVE-2022-36960
CVE-2022-36959
RESERVED
CVE-2022-36958 (SolarWinds Platform was susceptible to the Deserialization of Untruste ...)
- TODO: check
+ NOT-FOR-US: SolarWinds
CVE-2022-36957 (SolarWinds Platform was susceptible to the Deserialization of Untruste ...)
- TODO: check
+ NOT-FOR-US: SolarWinds
CVE-2022-36956 (In Veritas NetBackup, the NetBackup Client allows arbitrary command ex ...)
NOT-FOR-US: Veritas
CVE-2022-36955 (In Veritas NetBackup, an attacker with unprivileged local access to a ...)
@@ -19326,7 +19326,7 @@ CVE-2022-36123 (The Linux kernel before 5.18.13 lacks a certain clear operation
NOTE: https://github.com/sickcodes/security/blob/master/advisories/SICK-2022-128.md
NOTE: https://sick.codes/sick-2022-128
CVE-2022-36122 (The Automox Agent before 40 on Windows incorrectly sets permissions on ...)
- TODO: check
+ NOT-FOR-US: Automox
CVE-2022-36121 (An issue was discovered in Blue Prism Enterprise 6.0 through 7.01. In ...)
NOT-FOR-US: Blue Prism Enterprise
CVE-2022-36120 (An issue was discovered in Blue Prism Enterprise 6.0 through 7.01. In ...)
@@ -20002,7 +20002,7 @@ CVE-2022-35862
CVE-2022-35861 (pyenv 1.2.24 through 2.3.2 allows local users to gain privileges via a ...)
- pyenv <itp> (bug #978149)
CVE-2022-35860 (Missing AES encryption in Corsair K63 Wireless 3.1.3 allows physically ...)
- TODO: check
+ NOT-FOR-US: Corsair
CVE-2022-35859
RESERVED
CVE-2022-35858 (The TEE_PopulateTransientObject and __utee_from_attr functions in Sams ...)
@@ -23996,11 +23996,11 @@ CVE-2022-34441
CVE-2022-34440
RESERVED
CVE-2022-34439 (Dell PowerScale OneFS, versions 8.2.0.x-9.4.0.x contain allocation of ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2022-34438 (Dell PowerScale OneFS, versions 8.2.x-9.4.0.x, contain a privilege con ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2022-34437 (Dell PowerScale OneFS, versions 8.2.2-9.3.0, contain an OS command inj ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2022-34436
RESERVED
CVE-2022-34435
@@ -27342,7 +27342,7 @@ CVE-2022-33079
CVE-2022-33078
RESERVED
CVE-2022-33077 (An access control issue in nopcommerce v4.50.2 allows attackers to arb ...)
- TODO: check
+ NOT-FOR-US: nopcommerce
CVE-2022-33076
RESERVED
CVE-2022-33075 (A stored cross-site scripting (XSS) vulnerability in the Add Classific ...)
@@ -27575,7 +27575,7 @@ CVE-2022-2071 (The Name Directory WordPress plugin before 1.25.4 does not have C
CVE-2022-2070 (In Grandstream GSD3710 in its 1.0.11.13 version, it's possible to over ...)
NOT-FOR-US: Grandstream
CVE-2022-2069 (The APDFL.dll in Siemens JT2Go prior to V13.3.0.5 and Siemens Teamcent ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2022-2068 (In addition to the c_rehash shell command injection identified in CVE- ...)
{DSA-5169-1}
- openssl 3.0.4-1
@@ -32248,7 +32248,7 @@ CVE-2022-31368
CVE-2022-31367 (Strapi before 3.6.10 and 4.x before 4.1.10 mishandles hidden attribute ...)
NOT-FOR-US: Strapi
CVE-2022-31366 (An arbitrary file upload vulnerability in the apiImportLabs function i ...)
- TODO: check
+ NOT-FOR-US: EVE-NG
CVE-2022-31365
RESERVED
CVE-2022-31364
@@ -32605,7 +32605,7 @@ CVE-2022-1802
CVE-2020-36522
RESERVED
CVE-2022-31239 (Dell PowerScale OneFS, versions 9.0.0 up to and including 9.1.0.19, 9. ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2022-31238 (Dell PowerScale OneFS, versions 9.0.0 up to and including 9.1.0.19, 9. ...)
NOT-FOR-US: Dell
CVE-2022-31237 (Dell PowerScale OneFS, versions 9.2.0 up to and including 9.2.1.12 and ...)
@@ -33508,7 +33508,7 @@ CVE-2022-1740 (The tested version of Dominion Voting Systems ImageCast X’s
CVE-2022-1739 (The tested version of Dominion Voting Systems ImageCast X does not val ...)
NOT-FOR-US: Dominion
CVE-2022-1738 (Fuji Electric D300win prior to version 3.7.1.17 is vulnerable to an ou ...)
- TODO: check
+ NOT-FOR-US: Fuji Electric
CVE-2022-1737 (Pyramid Solutions' affected products, the Developer and DLL kits for E ...)
NOT-FOR-US: Pyramid Solutions
CVE-2013-10001 (A vulnerability was found in HTC One/Sense 4.x. It has been rated as p ...)
@@ -36713,7 +36713,7 @@ CVE-2022-1525 (The Cognex 3D-A1000 Dimensioning System in firmware version 1.0.3
CVE-2022-1524 (LRM version 2.4 and lower does not implement TLS encryption. A malicio ...)
NOT-FOR-US: LRM
CVE-2022-1523 (Fuji Electric D300win prior to version 3.7.1.17 is vulnerable to a wri ...)
- TODO: check
+ NOT-FOR-US: Fuji Electric
CVE-2022-1522 (The Cognex 3D-A1000 Dimensioning System in firmware version 1.0.3 (335 ...)
NOT-FOR-US: Cognex 3D-A1000 Dimensioning System
CVE-2022-1521 (LRM does not implement authentication or authorization by default. A m ...)
@@ -37842,7 +37842,7 @@ CVE-2022-1416 (Missing sanitization of data in Pipeline error messages in GitLab
CVE-2022-1415
RESERVED
CVE-2022-1414 (3scale API Management 2 does not perform adequate sanitation for user ...)
- TODO: check
+ NOT-FOR-US: 3scale API Management
CVE-2022-1413 (Missing input masking in GitLab CE/EE affecting all versions starting ...)
- gitlab <unfixed>
CVE-2022-1412 (The Log WP_Mail WordPress plugin through 0.1 saves sent email in a pub ...)
@@ -42788,9 +42788,9 @@ CVE-2022-1073 (A vulnerability was found in Automatic Question Paper Generator 1
CVE-2022-1072
REJECTED
CVE-2022-27494 (Aethon TUG Home Base Server versions prior to version 24 are affected ...)
- TODO: check
+ NOT-FOR-US: Aethon TUG Home Base Server
CVE-2022-26423 (Aethon TUG Home Base Server versions prior to version 24 are affected ...)
- TODO: check
+ NOT-FOR-US: Aethon TUG Home Base Server
CVE-2022-1071 (User after free in mrb_vm_exec in GitHub repository mruby/mruby prior ...)
- mruby <unfixed> (bug #1014968)
[bullseye] - mruby <no-dsa> (Minor issue)
@@ -42798,7 +42798,7 @@ CVE-2022-1071 (User after free in mrb_vm_exec in GitHub repository mruby/mruby p
NOTE: https://huntr.dev/bounties/6597ece9-07af-415b-809b-919ce0a17cf3
NOTE: https://github.com/mruby/mruby/commit/aaa28a508903041dd7399d4159a8ace9766b022f
CVE-2022-1070 (Aethon TUG Home Base Server versions prior to version 24 are affected ...)
- TODO: check
+ NOT-FOR-US: Aethon TUG Home Base Server
CVE-2022-1069 (A crafted HTTP packet with a large content-length header can create a ...)
NOT-FOR-US: Softing Industrial Automation
CVE-2022-1068 (Modbus Tools Modbus Slave (versions 7.4.2 and prior) is vulnerable to ...)
@@ -42846,7 +42846,7 @@ CVE-2022-27845 (Authenticated (admin or higher user role) Stored Cross-Site Scri
CVE-2022-27844 (Arbitrary File Read vulnerability in WPvivid Team Migration, Backup, S ...)
NOT-FOR-US: WordPress plugin
CVE-2022-1066 (Aethon TUG Home Base Server versions prior to version 24 are affected ...)
- TODO: check
+ NOT-FOR-US: Aethon TUG Home Base Server
CVE-2022-1065 (A vulnerability within the authentication process of Abacus ERP allows ...)
NOT-FOR-US: Abacus ERP
CVE-2022-1064 (SQL injection through marking blog comments on bulk as spam in GitHub ...)
@@ -43285,7 +43285,7 @@ CVE-2022-27668 (Depending on the configuration of the route permission table in
CVE-2022-27667 (Under certain conditions, SAP BusinessObjects Business Intelligence pl ...)
NOT-FOR-US: SAP
CVE-2022-1059 (Aethon TUG Home Base Server versions prior to version 24 are affected ...)
- TODO: check
+ NOT-FOR-US: Aethon TUG Home Base Server
CVE-2022-1058 (Open Redirect on login in GitHub repository go-gitea/gitea prior to 1. ...)
- gitea <removed>
CVE-2022-1057 (The Pricing Deals for WooCommerce WordPress plugin through 2.0.2.02 do ...)
@@ -43437,11 +43437,11 @@ CVE-2022-1041 (In Zephyr bluetooth mesh core stack, an out-of-bound write vulner
CVE-2022-27635
RESERVED
CVE-2022-27626 (A vulnerability regarding concurrent execution using shared resource w ...)
- TODO: check
+ NOT-FOR-US: Synology
CVE-2022-27625 (A vulnerability regarding improper restriction of operations within th ...)
- TODO: check
+ NOT-FOR-US: Synology
CVE-2022-27624 (A vulnerability regarding improper restriction of operations within th ...)
- TODO: check
+ NOT-FOR-US: Synology
CVE-2022-27623
RESERVED
CVE-2022-27622
@@ -45400,7 +45400,7 @@ CVE-2022-26955
CVE-2022-0937 (Stored xss in showdoc through file upload in GitHub repository star7th ...)
NOT-FOR-US: ShowDoc
CVE-2022-26954 (Multiple open redirect vulnerabilities in NopCommerce 4.10 through 4.5 ...)
- TODO: check
+ NOT-FOR-US: NopCommerce
CVE-2022-26953 (Digi Passport Firmware through 1.5.1,1 is affected by a buffer overflo ...)
NOT-FOR-US: Digi Passport Firmware
CVE-2022-26952 (Digi Passport Firmware through 1.5.1,1 is affected by a buffer overflo ...)
@@ -45597,7 +45597,7 @@ CVE-2022-26872
CVE-2022-26871 (An arbitrary file upload vulnerability in Trend Micro Apex Central cou ...)
NOT-FOR-US: Trend Micro
CVE-2022-26870 (Dell PowerStore versions 2.1.0.x contain an Authentication bypass vuln ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2022-26869 (Dell PowerStore versions 2.0.0.x, 2.0.1.x and 2.1.0.x contains an open ...)
NOT-FOR-US: Dell
CVE-2022-26868 (Dell EMC PowerStore versions 2.0.0.x, 2.0.1.x, and 2.1.0.x are vulnera ...)
@@ -48914,7 +48914,7 @@ CVE-2022-25668 (Memory corruption in video driver due to double free while parsi
CVE-2022-25667
RESERVED
CVE-2022-25666 (Memory corruption due to use after free in service while trying to acc ...)
- TODO: check
+ NOT-FOR-US: Snapdragon
CVE-2022-25665 (Information disclosure due to buffer over read in kernel in Snapdragon ...)
NOT-FOR-US: Snapdragon
CVE-2022-25664 (Information disclosure due to exposure of information while GPU reads ...)
@@ -57299,7 +57299,7 @@ CVE-2022-23243
CVE-2022-23242 (TeamViewer Linux versions before 15.28 do not properly execute a delet ...)
NOT-FOR-US: TeamViewer
CVE-2022-23241 (Clustered Data ONTAP versions 9.11.1 through 9.11.1P2 with SnapLock co ...)
- TODO: check
+ NOT-FOR-US: Clustered Data ONTAP
CVE-2022-23240
RESERVED
CVE-2022-23239
@@ -98877,7 +98877,7 @@ CVE-2021-33233
CVE-2021-33232
RESERVED
CVE-2021-33231 (Cross Site Scripting (XSS) vulnerability in New equipment page in Easy ...)
- TODO: check
+ NOT-FOR-US: EasyVista Service Manager
CVE-2021-33230
RESERVED
CVE-2021-33229
@@ -180501,7 +180501,7 @@ CVE-2020-12746 (An issue was discovered on Samsung mobile devices with O(8.X), P
CVE-2020-12745 (An issue was discovered on Samsung mobile devices with Q(10.0) softwar ...)
NOT-FOR-US: Samsung mobile devices
CVE-2020-12744 (The MSI installer in Verint Desktop Resources 15.2 allows an unprivile ...)
- TODO: check
+ NOT-FOR-US: Verint Desktop Resources
CVE-2020-12743 (An issue was discovered in Gazie 7.32. A successful installation does ...)
NOT-FOR-US: Gazie
CVE-2020-12742 (The iubenda-cookie-law-solution plugin before 2.3.5 for WordPress does ...)
@@ -191002,7 +191002,7 @@ CVE-2020-9287 (An Unsafe Search Path vulnerability in FortiClient EMS online ins
CVE-2020-9286 (An improper authorization vulnerability in FortiADC may allow a remote ...)
NOT-FOR-US: Fortiguard
CVE-2020-9285 (Some versions of Sonos One (1st and 2nd generation) allow partial or f ...)
- TODO: check
+ NOT-FOR-US: Sonos One
CVE-2020-9284
RESERVED
CVE-2020-9283 (golang.org/x/crypto before v0.0.0-20200220183623-bac4c82f6975 for Go a ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/613317691ea3e4acaa3ad632610178c84f284ad3
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/613317691ea3e4acaa3ad632610178c84f284ad3
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221023/d455e4c5/attachment.htm>
More information about the debian-security-tracker-commits
mailing list