[Git][security-tracker-team/security-tracker][master] Process several NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Sep 7 20:15:54 BST 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
59a6f38c by Salvatore Bonaccorso at 2022-09-07T21:15:27+02:00
Process several NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -4161,7 +4161,7 @@ CVE-2022-2903
CVE-2022-2902
RESERVED
CVE-2022-2901 (Improper Authorization in GitHub repository chatwoot/chatwoot prior to ...)
- TODO: check
+ NOT-FOR-US: chatwoot
CVE-2022-2900
RESERVED
CVE-2022-38464
@@ -5070,7 +5070,7 @@ CVE-2022-2796 (Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/
CVE-2022-2795
RESERVED
CVE-2022-38176 (An issue was discovered in YSoft SAFEQ 6 before 6.0.72. Incorrect priv ...)
- TODO: check
+ NOT-FOR-US: YSoft
CVE-2022-38175
RESERVED
CVE-2022-38174
@@ -5890,7 +5890,7 @@ CVE-2022-2716 (The Beaver Builder – WordPress Page Builder for WordPress i
CVE-2022-2715 (A vulnerability has been found in SourceCodester Employee Management S ...)
NOT-FOR-US: SourceCodester Employee Management System
CVE-2022-2714 (Improper Handling of Length Parameter Inconsistency in GitHub reposito ...)
- TODO: check
+ NOT-FOR-US: francoisjacquet/rosariosis
CVE-2022-2713 (Insufficient Session Expiration in GitHub repository cockpit-hq/cockpi ...)
NOT-FOR-US: Cockpit-HQ/Cockpit
CVE-2022-2712
@@ -6089,7 +6089,7 @@ CVE-2022-37773
CVE-2022-37772
RESERVED
CVE-2022-37771 (IObit Malware Fighter v9.2 for Microsoft Windows lacks tamper protecti ...)
- TODO: check
+ NOT-FOR-US: IObit Malware Fighter
CVE-2022-37770 (libjpeg commit 281daa9 was discovered to contain a segmentation fault ...)
- libjpeg <unfixed> (unimportant)
NOTE: https://github.com/thorfdbg/libjpeg/issues/79
@@ -7482,7 +7482,7 @@ CVE-2022-37255
CVE-2022-37254 (DolphinPHP 1.5.1 is vulnerable to Cross Site Scripting (XSS) via Backg ...)
NOT-FOR-US: DolphinPHP
CVE-2022-37253 (Persistent cross-site scripting (XSS) in Crime Reporting System 1.0 al ...)
- TODO: check
+ NOT-FOR-US: Crime Reporting System
CVE-2022-37252
RESERVED
CVE-2022-37251
@@ -8871,7 +8871,7 @@ CVE-2022-36672 (Novel-Plus v3.6.2 was discovered to contain a hard-coded JWT key
CVE-2022-36671 (Novel-Plus v3.6.2 was discovered to contain an arbitrary file download ...)
NOT-FOR-US: Novel-Plus
CVE-2022-36670 (PCProtect Endpoint prior to v5.17.470 for Microsoft Windows lacks tamp ...)
- TODO: check
+ NOT-FOR-US: PCProtect Endpoint
CVE-2022-36669
RESERVED
CVE-2022-36668
@@ -8885,7 +8885,7 @@ CVE-2022-36665
CVE-2022-36664
RESERVED
CVE-2022-36663 (Gluu Oxauth before v4.4.1 allows attackers to execute blind SSRF (Serv ...)
- TODO: check
+ NOT-FOR-US: Gluu Oxauth
CVE-2022-36662
RESERVED
CVE-2022-36661
@@ -10469,7 +10469,7 @@ CVE-2022-36074
CVE-2022-36073
RESERVED
CVE-2022-36072 (SilverwareGames.io is a social network for users to play video games o ...)
- TODO: check
+ NOT-FOR-US: SilverwareGames.io
CVE-2022-36071 (SFTPGo is configurable SFTP server with optional HTTP/S, FTP/S and Web ...)
NOT-FOR-US: SFTPGo
CVE-2022-36070
@@ -10483,9 +10483,9 @@ CVE-2022-36067 (vm2 is a sandbox that can run untrusted code with whitelisted No
CVE-2022-36066
RESERVED
CVE-2022-36065 (GrowthBook is an open-source platform for feature flagging and A/B tes ...)
- TODO: check
+ NOT-FOR-US: GrowthBook
CVE-2022-36064 (Shescape is a shell escape package for JavaScript. An Inefficient Regu ...)
- TODO: check
+ NOT-FOR-US: Shescape
CVE-2022-36063
RESERVED
CVE-2022-36062
@@ -10507,7 +10507,7 @@ CVE-2022-36059
CVE-2022-36058 (Elrond go is the go implementation for the Elrond Network protocol. In ...)
TODO: check
CVE-2022-36057 (Discourse-Chat is an asynchronous messaging plugin for the Discourse o ...)
- TODO: check
+ NOT-FOR-US: Discourse-Chat
CVE-2022-36056
RESERVED
CVE-2022-36055 (Helm is a tool for managing Charts. Charts are packages of pre-configu ...)
@@ -10533,19 +10533,19 @@ CVE-2022-36046 (Next.js is a React framework that can provide building blocks to
CVE-2022-36045 (NodeBB Forum Software is powered by Node.js and supports either Redis, ...)
NOT-FOR-US: NodeBB
CVE-2022-36044 (Rizin is a UNIX-like reverse engineering framework and command-line to ...)
- TODO: check
+ NOT-FOR-US: Rizin
CVE-2022-36043 (Rizin is a UNIX-like reverse engineering framework and command-line to ...)
- TODO: check
+ NOT-FOR-US: Rizin
CVE-2022-36042 (Rizin is a UNIX-like reverse engineering framework and command-line to ...)
- TODO: check
+ NOT-FOR-US: Rizin
CVE-2022-36041 (Rizin is a UNIX-like reverse engineering framework and command-line to ...)
- TODO: check
+ NOT-FOR-US: Rizin
CVE-2022-36040 (Rizin is a UNIX-like reverse engineering framework and command-line to ...)
- TODO: check
+ NOT-FOR-US: Rizin
CVE-2022-36039 (Rizin is a UNIX-like reverse engineering framework and command-line to ...)
- TODO: check
+ NOT-FOR-US: Rizin
CVE-2022-36038 (CircuitVerse is an open-source platform which allows users to construc ...)
- TODO: check
+ NOT-FOR-US: CircuitVerse
CVE-2022-36037 (kirby is a content management system (CMS) that adapts to many differe ...)
NOT-FOR-US: Kirby CMS
CVE-2022-36036 (mdx-mermaid provides plug and play access to Mermaid in MDX. There is ...)
@@ -10561,7 +10561,7 @@ CVE-2022-36033 (jsoup is a Java HTML parser, built for HTML editing, cleaning, s
NOTE: https://github.com/jhy/jsoup/security/advisories/GHSA-gp7f-rwcx-9369
NOTE: https://github.com/jhy/jsoup/commit/4ea768d96b3d232e63edef9594766d44597b3882 (jsoup-1.15.3)
CVE-2022-36032 (ReactPHP HTTP is a streaming HTTP client and server implementation for ...)
- TODO: check
+ NOT-FOR-US: ReactPHP HTTP
CVE-2022-36031 (Directus is a free and open-source data platform for headless content ...)
NOT-FOR-US: Directus
CVE-2022-36030 (Project-nexus is a general-purpose blog website framework. Affected ve ...)
@@ -10771,7 +10771,7 @@ CVE-2022-35933 (This package is a PrestaShop module that allows users to post re
CVE-2022-35932 (Nextcloud Talk is a video and audio conferencing app for Nextcloud. Pr ...)
NOT-FOR-US: Nextcloud Talk
CVE-2022-35931 (Nextcloud Password Policy is an app that enables a Nextcloud server ad ...)
- TODO: check
+ NOT-FOR-US: Nextcloud Password Policy
CVE-2022-35930 (PolicyController is a utility used to enforce supply chain policy in K ...)
NOT-FOR-US: sigstore/policy-controller
CVE-2022-35929 (cosign is a container signing and verification utility. In versions pr ...)
@@ -10807,7 +10807,7 @@ CVE-2022-35915 (OpenZeppelin Contracts is a library for secure smart contract de
CVE-2022-35914
RESERVED
CVE-2022-35913 (Samourai Wallet Stonewallx2 0.99.98e allows a denial of service via a ...)
- TODO: check
+ NOT-FOR-US: Samourai Wallet Stonewallx2
CVE-2022-35912 (In grails-databinding in Grails before 3.3.15, 4.x before 4.1.1, 5.x b ...)
- grails <itp> (bug #473213)
CVE-2022-35911 (** DISPUTED ** On Patlite NH-FB series devices through 1.46, remote at ...)
@@ -20270,7 +20270,7 @@ CVE-2022-32278 (XFCE 4.16 allows attackers to execute arbitrary code because xdg
- exo 4.16.4-1 (bug #1013129)
NOTE: https://gitlab.xfce.org/xfce/exo/-/commit/c71c04ff5882b2866a0d8506fb460d4ef796de9f (exo-4.16.4)
CVE-2022-32277 (Squiz Matrix CMS 6.20 is vulnerable to an Insecure Direct Object Refer ...)
- TODO: check
+ NOT-FOR-US: Squiz Matrix CMS
CVE-2022-32276 (** DISPUTED ** Grafana 8.4.3 allows unauthenticated access via (for ex ...)
- grafana <removed>
CVE-2022-32275 (Grafana 8.4.3 allows reading files via (for example) a /dashboard/snap ...)
@@ -21628,13 +21628,13 @@ CVE-2022-1926 (Integer Overflow or Wraparound in GitHub repository polonel/trude
CVE-2022-31793 (do_request in request.c in muhttpd before 1.1.7 allows remote attacker ...)
NOT-FOR-US: Arris
CVE-2022-31792 (A stored cross-site scripting (XSS) vulnerability exists in the manage ...)
- TODO: check
+ NOT-FOR-US: WatchGuard Firebox and XTM appliances
CVE-2022-31791 (WatchGuard Firebox and XTM appliances allow a local attacker (that has ...)
- TODO: check
+ NOT-FOR-US: WatchGuard Firebox and XTM appliances
CVE-2022-31790 (WatchGuard Firebox and XTM appliances allow an unauthenticated remote ...)
NOT-FOR-US: WatchGuard Firebox and XTM appliances
CVE-2022-31789 (An integer overflow in WatchGuard Firebox and XTM appliances allows an ...)
- TODO: check
+ NOT-FOR-US: WatchGuard Firebox and XTM appliances
CVE-2022-31788 (IdeaLMS 2022 allows SQL injection via the IdeaLMS/ChatRoom/ClassAccess ...)
NOT-FOR-US: IdeaLMS
CVE-2022-31787 (IdeaTMS 2022 is vulnerable to SQL Injection via the PATH_INFO ...)
@@ -26112,7 +26112,7 @@ CVE-2022-30333 (RARLAB UnRAR before 6.12 on Linux and UNIX allows directory trav
CVE-2022-30332
RESERVED
CVE-2022-30331 (** DISPUTED ** The User-Defined Functions (UDF) feature in TigerGraph ...)
- TODO: check
+ NOT-FOR-US: TigerGraph
CVE-2022-30330 (In the KeepKey firmware before 7.3.2,Flaws in the supervisor interface ...)
NOT-FOR-US: KeepKey firmware
CVE-2022-30329 (An issue was found on TRENDnet TEW-831DR 1.0 601.130.1.1356 devices. A ...)
@@ -27467,13 +27467,13 @@ CVE-2022-26054 (Operation restriction bypass vulnerability in Link of Cybozu Gar
CVE-2022-26051 (Operation restriction bypass vulnerability in Portal of Cybozu Garoon ...)
NOT-FOR-US: Cybozu
CVE-2022-1525 (The Cognex 3D-A1000 Dimensioning System in firmware version 1.0.3 (335 ...)
- TODO: check
+ NOT-FOR-US: Cognex 3D-A1000 Dimensioning System
CVE-2022-1524 (LRM version 2.4 and lower does not implement TLS encryption. A malicio ...)
NOT-FOR-US: LRM
CVE-2022-1523
RESERVED
CVE-2022-1522 (The Cognex 3D-A1000 Dimensioning System in firmware version 1.0.3 (335 ...)
- TODO: check
+ NOT-FOR-US: Cognex 3D-A1000 Dimensioning System
CVE-2022-1521 (LRM does not implement authentication or authorization by default. A m ...)
NOT-FOR-US: LRM
CVE-2022-1520
@@ -29273,7 +29273,7 @@ CVE-2022-1370 (Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) h
CVE-2022-1369 (Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a ...)
NOT-FOR-US: Delta Electronics
CVE-2022-1368 (The Cognex 3D-A1000 Dimensioning System in firmware version 1.0.3 (335 ...)
- TODO: check
+ NOT-FOR-US: Cognex 3D-A1000 Dimensioning System
CVE-2022-1367 (Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a ...)
NOT-FOR-US: Delta Electronics
CVE-2022-1366 (Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a ...)
@@ -36344,13 +36344,13 @@ CVE-2022-26863 (Prior Dell BIOS versions contain an Input Validation vulnerabili
CVE-2022-26862 (Prior Dell BIOS versions contain an Input Validation vulnerability. A ...)
NOT-FOR-US: Dell
CVE-2022-26861 (Dell BIOS versions contain an Insecure Automated Optimization vulnerab ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2022-26860 (Dell BIOS versions contain a stack-based buffer overflow vulnerability ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2022-26859 (Dell BIOS contains a race condition vulnerability. A local attacker co ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2022-26858 (Dell BIOS versions contain an Improper Authentication vulnerability. A ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2022-26857 (Dell OpenManage Enterprise Versions 3.8.3 and prior contain an imprope ...)
NOT-FOR-US: Dell OpenManage Enterprise
CVE-2022-26856 (Dell EMC Repository Manager version 3.4.0 contains a plain-text passwo ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/59a6f38ceeed85e2c73519c5b98c52e0818e665c
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/59a6f38ceeed85e2c73519c5b98c52e0818e665c
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220907/713daad5/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list