[Git][security-tracker-team/security-tracker][master] Process several NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Sat Sep 10 15:24:08 BST 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
92de00e7 by Salvatore Bonaccorso at 2022-09-10T16:23:44+02:00
Process several NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -26608,7 +26608,7 @@ CVE-2022-30314 (Honeywell Experion PKS Safety Manager 5.02 uses Hard-coded Crede
CVE-2022-30313 (Honeywell Experion PKS Safety Manager through 2022-05-06 has Missing A ...)
NOT-FOR-US: Honeywell
CVE-2022-30312 (The Trend Controls IC protocol through 2022-05-06 allows Cleartext Tra ...)
- TODO: check
+ NOT-FOR-US: Trend Controls IC protocol
CVE-2022-30311 (In Festo Controller CECC-X-M1 product family in multiple versions, the ...)
NOT-FOR-US: Festo
CVE-2022-30310 (In Festo Controller CECC-X-M1 product family in multiple versions, the ...)
@@ -27315,7 +27315,7 @@ CVE-2022-30081
CVE-2022-30080
RESERVED
CVE-2022-30079 (Command injection vulnerability was discovered in Netgear R6200 v2 fir ...)
- TODO: check
+ NOT-FOR-US: Netgear
CVE-2022-30078 (NETGEAR R6200_V2 firmware versions through R6200v2-V1.0.3.12_10.1.11 a ...)
NOT-FOR-US: Netgear
CVE-2022-30077
@@ -30370,7 +30370,7 @@ CVE-2022-29063 (The Solr plugin of Apache OFBiz is configured by default to auto
CVE-2022-29062 (Multiple relative path traversal vulnerabilities [CWE-23] in Fortinet ...)
NOT-FOR-US: FortiGuard
CVE-2022-29061 (An improper neutralization of special elements used in an OS command ( ...)
- TODO: check
+ NOT-FOR-US: FortiGuard
CVE-2022-29060 (A use of hard-coded cryptographic key vulnerability [CWE-321] in Forti ...)
NOT-FOR-US: Fortinet
CVE-2022-29059
@@ -31161,11 +31161,11 @@ CVE-2022-28744
CVE-2022-28743 (Time-of-check Time-of-use (TOCTOU) Race Condition vulerability in Fosc ...)
NOT-FOR-US: Foscam R2C IP camera
CVE-2022-28742 (aEnrich eHRD Learning Management Key Performance Indicator System 5+ h ...)
- TODO: check
+ NOT-FOR-US: aEnrich eHRD Learning Management Key Performance Indicator System
CVE-2022-28741 (aEnrich a+HRD 5.x Learning Management Key Performance Indicator System ...)
- TODO: check
+ NOT-FOR-US: aEnrich a+HRD 5.x Learning Management Key Performance Indicator System
CVE-2022-28740 (aEnrich eHRD Learning Management Key Performance Indicator System 5+ e ...)
- TODO: check
+ NOT-FOR-US: aEnrich eHRD Learning Management Key Performance Indicator System
CVE-2022-28739 (There is a buffer over-read in Ruby before 2.6.10, 2.7.x before 2.7.6, ...)
- ruby3.0 3.0.4-1 (bug #1009956)
- ruby2.7 <removed> (bug #1009957)
@@ -32754,7 +32754,7 @@ CVE-2022-28222 (The CleanTalk AntiSpam plugin <= 5.173 for WordPress is vulne
CVE-2022-28221 (The CleanTalk AntiSpam plugin <= 5.173 for WordPress is vulnerable ...)
NOT-FOR-US: WordPress plugin
CVE-2022-28220 (Apache James prior to release 3.6.3 and 3.7.1 is vulnerable to a buffe ...)
- TODO: check
+ NOT-FOR-US: Apache James
CVE-2022-1185 (A denial of service vulnerability when rendering RDoc files in GitLab ...)
- gitlab <unfixed>
CVE-2022-1184 (A use-after-free flaw was found in fs/ext4/namei.c:dx_insert_block() i ...)
@@ -33647,11 +33647,11 @@ CVE-2022-27971
CVE-2022-27970
RESERVED
CVE-2022-27969 (Cynet 360 Web Portal before v4.5 was discovered to allow attackers to ...)
- TODO: check
+ NOT-FOR-US: Cynet 360 Web Portal
CVE-2022-27968 (Cynet 360 Web Portal before v4.5 was discovered to allow attackers to ...)
- TODO: check
+ NOT-FOR-US: Cynet 360 Web Portal
CVE-2022-27967 (Cynet 360 Web Portal before v4.5 was discovered to allow attackers to ...)
- TODO: check
+ NOT-FOR-US: Cynet 360 Web Portal
CVE-2022-27966 (Xshell v7.0.0099 and below contains a binary hijack vulnerability whic ...)
NOT-FOR-US: NetSarang Xshell
CVE-2022-27965 (Xlpd v7.0.0094 and below contains a binary hijack vulnerability which ...)
@@ -34687,7 +34687,7 @@ CVE-2022-27595
CVE-2022-27594
RESERVED
CVE-2022-27593 (An externally controlled reference to a resource vulnerability has bee ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2022-27592
RESERVED
CVE-2022-27591
@@ -37832,51 +37832,51 @@ CVE-2022-26471
CVE-2022-26470 (In aie, there is a possible out of bounds write due to an incorrect bo ...)
TODO: check
CVE-2022-26469 (In MtkEmail, there is a possible escalation of privilege due to fragme ...)
- TODO: check
+ NOT-FOR-US: Mediatek
CVE-2022-26468 (In preloader (usb), there is a possible out of bounds write due to a m ...)
- TODO: check
+ NOT-FOR-US: Mediatek
CVE-2022-26467 (In rpmb, there is a possible out of bounds write due to an incorrect b ...)
- TODO: check
+ NOT-FOR-US: Mediatek
CVE-2022-26466 (In audio ipi, there is a possible out of bounds write due to an intege ...)
- TODO: check
+ NOT-FOR-US: Mediatek
CVE-2022-26465 (In audio ipi, there is a possible out of bounds write due to an incorr ...)
- TODO: check
+ NOT-FOR-US: Mediatek
CVE-2022-26464 (In vow, there is a possible out of bounds write due to an incorrect bo ...)
- TODO: check
+ NOT-FOR-US: Mediatek
CVE-2022-26463 (In vow, there is a possible out of bounds read due to an incorrect bou ...)
- TODO: check
+ NOT-FOR-US: Mediatek
CVE-2022-26462 (In vow, there is a possible out of bounds read due to an incorrect bou ...)
- TODO: check
+ NOT-FOR-US: Mediatek
CVE-2022-26461 (In vow, there is a possible undefined behavior due to an API misuse. T ...)
- TODO: check
+ NOT-FOR-US: Mediatek
CVE-2022-26460 (In vow, there is a possible out of bounds write due to an incorrect bo ...)
- TODO: check
+ NOT-FOR-US: Mediatek
CVE-2022-26459 (In vow, there is a possible out of bounds read due to an integer overf ...)
- TODO: check
+ NOT-FOR-US: Mediatek
CVE-2022-26458 (In vow, there is a possible out of bounds write due to a missing bound ...)
- TODO: check
+ NOT-FOR-US: Mediatek
CVE-2022-26457 (In vow, there is a possible out of bounds write due to a missing bound ...)
- TODO: check
+ NOT-FOR-US: Mediatek
CVE-2022-26456 (In vow, there is a possible information disclosure due to a symbolic l ...)
- TODO: check
+ NOT-FOR-US: Mediatek
CVE-2022-26455 (In gz, there is a possible memory corruption due to incorrect error ha ...)
- TODO: check
+ NOT-FOR-US: Mediatek
CVE-2022-26454 (In teei, there is a possible memory corruption due to an integer overf ...)
- TODO: check
+ NOT-FOR-US: Mediatek
CVE-2022-26453 (In teei, there is a possible memory corruption due to a use after free ...)
- TODO: check
+ NOT-FOR-US: Mediatek
CVE-2022-26452
RESERVED
CVE-2022-26451 (In ged, there is a possible use after free due to improper locking. Th ...)
- TODO: check
+ NOT-FOR-US: Mediatek
CVE-2022-26450 (In apusys, there is a possible use after free due to a race condition. ...)
- TODO: check
+ NOT-FOR-US: Mediatek
CVE-2022-26449 (In apusys, there is a possible out of bounds write due to a missing bo ...)
- TODO: check
+ NOT-FOR-US: Mediatek
CVE-2022-26448 (In apusys, there is a possible out of bounds write due to a missing bo ...)
- TODO: check
+ NOT-FOR-US: Mediatek
CVE-2022-26447 (In BT firmware, there is a possible out of bounds write due to a missi ...)
- TODO: check
+ NOT-FOR-US: Mediatek
CVE-2022-26446
RESERVED
CVE-2022-26445 (In wifi driver, there is a possible out of bounds write due to a missi ...)
@@ -38046,15 +38046,15 @@ CVE-2022-26396
CVE-2022-26395
RESERVED
CVE-2022-26394 (The Baxter Spectrum WBM does not perform mutual authentication with th ...)
- TODO: check
+ NOT-FOR-US: Baxter Spectrum WBM
CVE-2022-26393 (The Baxter Spectrum WBM is susceptible to format string attacks via ap ...)
- TODO: check
+ NOT-FOR-US: Baxter Spectrum WBM
CVE-2022-26392 (The Baxter Spectrum WBM (v16, v16D38) and Baxter Spectrum WBM (v17, v1 ...)
- TODO: check
+ NOT-FOR-US: Baxter Spectrum WBM
CVE-2022-26391
RESERVED
CVE-2022-26390 (The Baxter Spectrum Wireless Battery Module (WBM) stores network crede ...)
- TODO: check
+ NOT-FOR-US: Baxter Spectrum Wireless Battery Module (WBM)
CVE-2022-26389
RESERVED
CVE-2022-26388
@@ -56477,7 +56477,7 @@ CVE-2021-44837 (An issue was discovered in Delta RM 1.2. It is possible for an u
CVE-2021-44836 (An issue was discovered in Delta RM 1.2. The /risque/risque/workflow/r ...)
NOT-FOR-US: Delta RM
CVE-2021-44835 (An issue was discovered in Active Intelligent Visualization 5. The Vdc ...)
- TODO: check
+ NOT-FOR-US: Active Intelligent Visualization
CVE-2021-44834
RESERVED
CVE-2021-4107 (yetiforcecrm is vulnerable to Improper Neutralization of Input During ...)
@@ -63019,7 +63019,7 @@ CVE-2022-20925
CVE-2022-20924
RESERVED
CVE-2022-20923 (A vulnerability in the IPSec VPN Server authentication functionality o ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2022-20922
RESERVED
CVE-2022-20921 (A vulnerability in the API implementation of Cisco ACI Multi-Site Orch ...)
@@ -63139,7 +63139,7 @@ CVE-2022-20865 (A vulnerability in the CLI of Cisco FXOS Software could allow an
CVE-2022-20864
RESERVED
CVE-2022-20863 (A vulnerability in the messaging interface of Cisco Webex App, formerl ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2022-20862 (A vulnerability in the web-based management interface of Cisco Unified ...)
NOT-FOR-US: Cisco
CVE-2022-20861 (Multiple vulnerabilities in Cisco Nexus Dashboard could allow an unaut ...)
@@ -63500,7 +63500,7 @@ CVE-2022-20698 (A vulnerability in the OOXML parsing module in Clam AntiVirus (C
CVE-2022-20697 (A vulnerability in the web services interface of Cisco IOS Software an ...)
NOT-FOR-US: Cisco
CVE-2022-20696 (A vulnerability in the binding configuration of Cisco SD-WAN vManage S ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2022-20695 (A vulnerability in the authentication functionality of Cisco Wireless ...)
NOT-FOR-US: Cisco
CVE-2022-20694 (A vulnerability in the implementation of the Resource Public Key Infra ...)
@@ -81198,7 +81198,7 @@ CVE-2021-36831
CVE-2021-36830
RESERVED
CVE-2021-36829 (Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-36828 (Authenticated (admin+) Stored Cross-Site Scripting (XSS) in WP Mainten ...)
NOT-FOR-US: WordPress plugin
CVE-2021-36827 (Authenticated (admin or higher user role) Stored Cross-Site Scripting ...)
@@ -81324,9 +81324,9 @@ CVE-2021-36785 (The miniorange_saml (aka Miniorange Saml) extension before 1.4.3
CVE-2021-36784 (A Improper Privilege Management vulnerability in SUSE Rancher allows u ...)
NOT-FOR-US: Rancher
CVE-2021-36783 (A Exposure of Sensitive Information to an Unauthorized Actor vulnerabi ...)
- TODO: check
+ NOT-FOR-US: Rancher
CVE-2021-36782 (A Cleartext Storage of Sensitive Information vulnerability in SUSE Ran ...)
- TODO: check
+ NOT-FOR-US: Rancher
CVE-2021-36781 (A Incorrect Default Permissions vulnerability in the parsec package of ...)
NOT-FOR-US: Parsec
CVE-2021-36780 (A Improper Access Control vulnerability in longhorn of SUSE Longhorn a ...)
@@ -85350,11 +85350,11 @@ CVE-2021-35136
CVE-2021-35135 (A null pointer dereference may potentially occur during RSA key import ...)
NOT-FOR-US: Snapdragon
CVE-2021-35134 (Due to insufficient validation of ELF headers, an Incorrect Calculatio ...)
- TODO: check
+ NOT-FOR-US: Snapdragon
CVE-2021-35133 (Use after free in the synx driver issue while performing other functio ...)
- TODO: check
+ NOT-FOR-US: Snapdragon
CVE-2021-35132 (Out of bound write in DSP service due to improper bound check for resp ...)
- TODO: check
+ NOT-FOR-US: Snapdragon
CVE-2021-35131
RESERVED
CVE-2021-35130 (Memory corruption in graphics support layer due to use after free cond ...)
@@ -85374,7 +85374,7 @@ CVE-2021-35124
CVE-2021-35123 (Buffer copy in GATT multi notification due to improper length check fo ...)
NOT-FOR-US: Snapdragon
CVE-2021-35122 (Non-secure region can try modifying RG permissions of IO space xPUs du ...)
- TODO: check
+ NOT-FOR-US: Snapdragon
CVE-2021-35121 (An array index is improperly used to lock and unlock a mutex which can ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2021-35120 (Improper handling between export and release functions on the same han ...)
@@ -85392,7 +85392,7 @@ CVE-2021-35115 (Improper handling of multiple session supported by PVM backend c
CVE-2021-35114 (Improper buffer initialization on the backend driver can lead to buffe ...)
NOT-FOR-US: Snapdragon
CVE-2021-35113 (Possible authentication bypass due to improper order of signature veri ...)
- TODO: check
+ NOT-FOR-US: Snapdragon
CVE-2021-35112 (A user with user level permission can access graphics protected region ...)
NOT-FOR-US: Snapdragon
CVE-2021-35111 (Improper validation of tag id while RRC sending tag id to MAC can lead ...)
@@ -85424,7 +85424,7 @@ CVE-2021-35099
CVE-2021-35098 (Improper validation of session id in PCM routing process can lead to m ...)
NOT-FOR-US: Snapdragon
CVE-2021-35097 (Possible authentication bypass due to improper order of signature veri ...)
- TODO: check
+ NOT-FOR-US: Snapdragon
CVE-2021-35096 (Improper memory allocation during counter check DLM handling can lead ...)
NOT-FOR-US: Snapdragon
CVE-2021-35095 (Improper serialization of message queue client registration can lead t ...)
@@ -87458,7 +87458,7 @@ CVE-2021-34238
CVE-2021-34237
RESERVED
CVE-2021-34236 (Buffer Overflow in Netgear R8000 Router with firmware v1.0.4.56 allows ...)
- TODO: check
+ NOT-FOR-US: Netgear
CVE-2021-34235 (Tokheim Profleet DiaLOG 11.005.02 is affected by SQL Injection. The co ...)
NOT-FOR-US: Tokheim Profleet DiaLOG
CVE-2021-34234
@@ -150821,7 +150821,7 @@ CVE-2020-21518
CVE-2020-21517 (Cross Site Scripting (XSS) vulnerability in MetInfo 7.0.0 via the gour ...)
NOT-FOR-US: MetInfo
CVE-2020-21516 (There is an arbitrary file upload vulnerability in FeehiCMS 2.0.8 at t ...)
- TODO: check
+ NOT-FOR-US: FeehiCMS
CVE-2020-21515
RESERVED
CVE-2020-21514
@@ -154117,7 +154117,7 @@ CVE-2020-19916
CVE-2020-19915 (Cross Site Scripting (XSS vulnerability exists in WUZHI CMS 4.1.0 via ...)
NOT-FOR-US: WUZHI CMS
CVE-2020-19914 (Cross Site Scripting (XSS) in xiunobbs 4.0.4 allows remote attackers t ...)
- TODO: check
+ NOT-FOR-US: xiunobbs
CVE-2020-19913
RESERVED
CVE-2020-19912
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/92de00e752d05cc15d54b374b8d228db0a2f9066
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/92de00e752d05cc15d54b374b8d228db0a2f9066
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220910/e45fe502/attachment.htm>
More information about the debian-security-tracker-commits
mailing list