[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Sat Sep 10 08:55:44 BST 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
cec9608a by Salvatore Bonaccorso at 2022-09-10T09:55:04+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -2628,7 +2628,7 @@ CVE-2022-39121
CVE-2022-39120
RESERVED
CVE-2022-39119 (In network service, there is a missing permission check. This could le ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-39118
RESERVED
CVE-2022-39117
@@ -4097,7 +4097,7 @@ CVE-2022-38641
CVE-2022-38640
RESERVED
CVE-2022-38639 (A cross-site scripting (XSS) vulnerability in Markdown-Nice v1.8.22 al ...)
- TODO: check
+ NOT-FOR-US: Markdown-Nice
CVE-2022-38638
RESERVED
CVE-2022-38637
@@ -4399,7 +4399,7 @@ CVE-2022-38495
CVE-2022-38078 (Movable Type XMLRPC API provided by Six Apart Ltd. contains a command ...)
- movabletype-opensource <removed>
CVE-2022-2925 (Cross-site Scripting (XSS) - Stored in GitHub repository appwrite/appw ...)
- TODO: check
+ NOT-FOR-US: appwrite
CVE-2022-2924
RESERVED
CVE-2022-2923 (NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.024 ...)
@@ -5240,11 +5240,11 @@ CVE-2022-38271
CVE-2022-38270
RESERVED
CVE-2022-38269 (School Activity Updates with SMS Notification v1.0 was discovered to c ...)
- TODO: check
+ NOT-FOR-US: School Activity Updates with SMS Notification
CVE-2022-38268 (School Activity Updates with SMS Notification v1.0 was discovered to c ...)
- TODO: check
+ NOT-FOR-US: School Activity Updates with SMS Notification
CVE-2022-38267 (School Activity Updates with SMS Notification v1.0 was discovered to c ...)
- TODO: check
+ NOT-FOR-US: School Activity Updates with SMS Notification
CVE-2022-38266
RESERVED
CVE-2022-38265 (Apartment Visitor Management System v1.0 was discovered to contain a S ...)
@@ -5266,7 +5266,7 @@ CVE-2022-38258 (A local file inclusion (LFI) vulnerability in D-Link DIR 819 v1.
CVE-2022-38257
RESERVED
CVE-2022-38256 (TastyIgniter v3.5.0 was discovered to contain a cross-site scripting ( ...)
- TODO: check
+ NOT-FOR-US: TastyIgniter
CVE-2022-38255 (Interview Management System v1.0 was discovered to contain a SQL injec ...)
NOT-FOR-US: Interview Management System
CVE-2022-38254 (Nagios XI before v5.8.7 was discovered to contain a cross-site scripti ...)
@@ -5624,7 +5624,7 @@ CVE-2022-38133 (In JetBrains TeamCity before 2022.04.3 the private SSH key could
CVE-2022-38132 (Command injection vulnerability in Linksys MR8300 router while Registr ...)
NOT-FOR-US: Linksys
CVE-2022-38131 (RStudio Connect is affected by an Open Redirect issue. The vulnerabili ...)
- TODO: check
+ NOT-FOR-US: RStudio Connect
CVE-2022-38130 (The com.keysight.tentacle.config.ResourceManager.smsRestoreDatabaseZip ...)
NOT-FOR-US: Keysight Sensor Management Server
CVE-2022-38129 (A path traversal vulnerability exists in the com.keysight.tentacle.lic ...)
@@ -6326,7 +6326,7 @@ CVE-2022-37859
CVE-2022-37858
RESERVED
CVE-2022-37857 (bilde2910 Hauk v1.6.1 requires a hardcoded password which by default i ...)
- TODO: check
+ NOT-FOR-US: bilde2910 Hauk
CVE-2022-37856
RESERVED
CVE-2022-37855
@@ -8072,7 +8072,7 @@ CVE-2022-37166
CVE-2022-37165
RESERVED
CVE-2022-37164 (Inoda OnTrack v3.4 employs a weak password policy which allows attacke ...)
- TODO: check
+ NOT-FOR-US: Inoda OnTrack
CVE-2022-37163 (Bminusl IHateToBudget v1.5.7 employs a weak password policy which allo ...)
NOT-FOR-US: Bminusl IHateToBudget
CVE-2022-37162 (Claroline 13.5.7 and prior is vulnerable to Cross Site Scripting (XSS) ...)
@@ -8860,81 +8860,81 @@ CVE-2022-36879 (An issue was discovered in the Linux kernel through 5.18.14. xfr
- linux 5.18.16-1
NOTE: https://git.kernel.org/linus/f85daf0e725358be78dfd208dea5fd665d8cb901 (v5.19-rc8)
CVE-2022-36878 (Exposure of Sensitive Information in Find My Mobile prior to version 7 ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-36877 (Exposure of Sensitive Information in FaqSymptomCardViewModel in Samsun ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-36876 (Improper authorization in UPI payment in Samsung Pass prior to version ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-36875 (Improper restriction of broadcasting Intent in SaWebViewRelayActivity ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-36874 (Improper Handling of Insufficient Permissions or Privileges vulnerabil ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-36873 (Improper restriction of broadcasting Intent in GalaxyStoreBridgePageLi ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-36872 (Pending Intent hijacking vulnerability in SpayNotification in Samsung ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-36871 (Pending Intent hijacking vulnerability in NotiCenterUtils in Samsung P ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-36870 (Pending Intent hijacking vulnerability in MTransferNotificationManager ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-36869 (Improper access control vulnerability in ContactsDumpActivity of?Conta ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-36868
RESERVED
CVE-2022-36867 (Improper access control vulnerability in Editor Lite prior to version ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-36866 (Improper access control vulnerability in Broadcaster in Group Sharing ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-36865 (Improper access control in Group Sharing prior to versions 13.0.6.15 i ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-36864 (Improper access control and intent redirection in Samsung Email prior ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-36863 (A heap-based overflow vulnerability in GetCorrectDbLanguageTypeEsPKc f ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-36862 (A heap-based overflow vulnerability in HWR::EngineCJK::Impl::Construct ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-36861 (Custom permission misuse vulnerability in SystemUI prior to SMR Sep-20 ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-36860 (A heap-based overflow vulnerability in LoadEnvironment function in lib ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-36859 (Improper input validation vulnerability in SmartTagPlugin prior to ver ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-36858 (A heap-based overflow vulnerability in GetCorrectDbLanguageTypeEsPKc() ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-36857 (Improper Authorization vulnerability in Photo Editor prior to SMR Sep- ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-36856 (Improper access control vulnerability in Telecom application prior to ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-36855 (A use after free vulnerability in iva_ctl driver prior to SMR Sep-2022 ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-36854 (Out of bound read in libapexjni.media.samsung.so prior to SMR Sep-2022 ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-36853 (Intent redirection in Photo Editor prior to SMR Sep-2022 Release 1 all ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-36852 (Improper Authorization vulnerability in Video Editor prior to SMR Sep- ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-36851 (Improper access control vulnerability in Samsung pass prior to version ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-36850 (Path traversal vulnerability in CallBGProvider prior to SMR Sep-2022 R ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-36849 (Use after free vulnerability in sdp_mm_set_process_sensitive function ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-36848 (Improper Authorization vulnerability in setDualDARPolicyCmd prior to S ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-36847 (Use after free vulnerability in mtp_send_signal function of MTP driver ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-36846 (A heap-based overflow vulnerability in ConstructDictionary function in ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-36845 (A heap-based overflow vulnerability in MHW_RECOG_LIB_INFO function in ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-36844 (A heap-based overflow vulnerability in HWR::EngJudgeModel::Construct() ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-36843 (A heap-based overflow vulnerability in MHW_RECOG_LIB_INFO function in ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-36842 (A heap-based overflow vulnerability in prepareRecogLibrary function in ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-36841 (A heap-based overflow vulnerability in PrepareRecogLibrary_Part functi ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-36840 (DLL hijacking vulnerability in Samsung Update Setup prior to version 2 ...)
NOT-FOR-US: Samsung
CVE-2022-36839 (SQL injection vulnerability via IAPService in Samsung Checkout prior t ...)
@@ -9393,7 +9393,7 @@ CVE-2022-36619 (In D-link DIR-816 A2_v1.10CNB04.img,the network can be reset wit
CVE-2022-36618
RESERVED
CVE-2022-36617 (Arq Backup 7.19.5.0 and below stores backup encryption passwords using ...)
- TODO: check
+ NOT-FOR-US: Arq Backup
CVE-2022-36616 (TOTOLINK A810R V4.1.2cu.5182_B20201026 and V5.9c.4050_B20190424 was di ...)
NOT-FOR-US: TOTOLINK
CVE-2022-36615 (TOTOLINK A3000RU V4.1.2cu.5185_B20201128 was discovered to contain a h ...)
@@ -9770,7 +9770,7 @@ CVE-2022-2530
CVE-2022-2529
RESERVED
CVE-2022-2528 (In affected versions of Octopus Deploy it is possible to upload a pack ...)
- TODO: check
+ NOT-FOR-US: Octopus Deploy
CVE-2022-36439
RESERVED
CVE-2022-36438
@@ -10824,19 +10824,19 @@ CVE-2022-36102
CVE-2022-36101
RESERVED
CVE-2022-36100 (XWiki Platform Applications Tag and XWiki Platform Tag UI are tag appl ...)
- TODO: check
+ NOT-FOR-US: XWiki
CVE-2022-36099 (XWiki Platform Wiki UI Main Wiki is software for managing subwikis on ...)
- TODO: check
+ NOT-FOR-US: XWiki
CVE-2022-36098 (XWiki Platform Mentions UI is a user interface for mentioning users in ...)
- TODO: check
+ NOT-FOR-US: XWiki
CVE-2022-36097 (XWiki Platform Attachment UI provides a macro to easily upload and sel ...)
- TODO: check
+ NOT-FOR-US: XWiki
CVE-2022-36096 (The XWiki Platform Index UI is an Index of all pages, attachments, orp ...)
- TODO: check
+ NOT-FOR-US: XWiki
CVE-2022-36095 (XWiki Platform is a generic wiki platform. Prior to versions 13.10.5 a ...)
- TODO: check
+ NOT-FOR-US: XWiki
CVE-2022-36094 (XWiki Platform Web Parent POM contains Web resources for the XWiki pla ...)
- TODO: check
+ NOT-FOR-US: XWiki
CVE-2022-36093 (XWiki Platform Web Templates are templates for XWiki Platform, a gener ...)
NOT-FOR-US: XWiki
CVE-2022-36092 (XWiki Platform Old Core is a core package for XWiki Platform, a generi ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cec9608a189727973f617da12b7090a4b30e9c9d
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cec9608a189727973f617da12b7090a4b30e9c9d
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220910/125b39f4/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list