[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Tue Sep 13 12:31:22 BST 2022
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
8fb35876 by Moritz Muehlenhoff at 2022-09-13T13:31:01+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -11515,9 +11515,9 @@ CVE-2022-36104
CVE-2022-36103
RESERVED
CVE-2022-36102 (Shopware is an open source e-commerce software. In affected versions i ...)
- TODO: check
+ NOT-FOR-US: Shopware
CVE-2022-36101 (Shopware is an open source e-commerce software. In affected versions t ...)
- TODO: check
+ NOT-FOR-US: Shopware
CVE-2022-36100 (XWiki Platform Applications Tag and XWiki Platform Tag UI are tag appl ...)
NOT-FOR-US: XWiki
CVE-2022-36099 (XWiki Platform Wiki UI Main Wiki is software for managing subwikis on ...)
@@ -12797,7 +12797,7 @@ CVE-2022-35574
CVE-2022-35573
RESERVED
CVE-2022-35572 (On Linksys E5350 WiFi Router with firmware version 1.0.00.037 and lowe ...)
- TODO: check
+ NOT-FOR-US: Linksys
CVE-2022-35571
RESERVED
CVE-2022-35570
@@ -14203,37 +14203,30 @@ CVE-2022-35020 (Advancecomp v2.3 was discovered to contain a heap buffer overflo
- advancecomp <unfixed> (unimportant; bug #1019592)
NOTE: https://github.com/Cvjark/Poc/blob/main/advancecomp/CVE-2022-35020.md
NOTE: Crash in CLI tool, no security impact
- TODO: check, unclear reporting to upstream
CVE-2022-35019 (Advancecomp v2.3 was discovered to contain a segmentation fault. ...)
- advancecomp <unfixed> (bug #1019592)
[buster] - advancecomp <no-dsa> (Minor issue)
NOTE: https://github.com/Cvjark/Poc/blob/main/advancecomp/CVE-2022-35019.md
- TODO: check, unclear reporting to upstream
CVE-2022-35018 (Advancecomp v2.3 was discovered to contain a segmentation fault. ...)
- advancecomp <unfixed> (unimportant; bug #1019592)
NOTE: https://github.com/Cvjark/Poc/blob/main/advancecomp/CVE-2022-35018.md
NOTE: Crash in CLI tool, no security impact
- TODO: check, unclear reporting to upstream
CVE-2022-35017 (Advancecomp v2.3 was discovered to contain a heap buffer overflow. ...)
- advancecomp <unfixed> (unimportant; bug #1019592)
NOTE: https://github.com/Cvjark/Poc/blob/main/advancecomp/CVE-2022-35017.md
NOTE: Crash in CLI tool, no security impact
- TODO: check, unclear reporting to upstream
CVE-2022-35016 (Advancecomp v2.3 was discovered to contain a heap buffer overflow. ...)
- advancecomp <unfixed> (unimportant; bug #1019592)
NOTE: https://github.com/Cvjark/Poc/blob/main/advancecomp/CVE-2022-35016.md
NOTE: Crash in CLI tool, no security impact
- TODO: check, unclear reporting to upstream
CVE-2022-35015 (Advancecomp v2.3 was discovered to contain a heap buffer overflow via ...)
- advancecomp <unfixed> (unimportant; bug #1019592)
NOTE: https://github.com/Cvjark/Poc/blob/main/advancecomp/CVE-2022-35015.md
NOTE: Crash in CLI tool, no security impact
- TODO: check, unclear reporting to upstream
CVE-2022-35014 (Advancecomp v2.3 contains a segmentation fault. ...)
- advancecomp <unfixed> (unimportant; bug #1019592)
NOTE: https://github.com/Cvjark/Poc/blob/main/advancecomp/CVE-2022-35014.md
NOTE: Crash in CLI tool, no security impact
- TODO: check, unclear reporting to upstream
CVE-2022-35013 (PNGDec commit 8abf6be was discovered to contain a FPE via SaveBMP at / ...)
NOT-FOR-US: bitbank2/PNGdec
CVE-2022-35012 (PNGDec commit 8abf6be was discovered to contain a heap buffer overflow ...)
@@ -26375,7 +26368,7 @@ CVE-2022-1699 (Uncontrolled Resource Consumption in GitHub repository causefx/or
CVE-2022-1698 (Allowing long password leads to denial of service in GitHub repository ...)
NOT-FOR-US: organizr
CVE-2022-1697 (Okta Active Directory Agent versions 3.8.0 through 3.11.0 installed th ...)
- TODO: check
+ NOT-FOR-US: Okta
CVE-2022-1696
RESERVED
CVE-2022-1695 (The WP Simple Adsense Insertion WordPress plugin before 2.1 does not p ...)
@@ -28438,7 +28431,7 @@ CVE-2022-29909
CVE-2022-29492
RESERVED
CVE-2022-29490 (Improper Authorization vulnerability exists in the Workplace X WebUI o ...)
- TODO: check
+ NOT-FOR-US: Workplace X
CVE-2022-1543 (Improper handling of Length parameter in GitHub repository erudika/sco ...)
NOT-FOR-US: scoold
CVE-2022-1542 (The HPB Dashboard WordPress plugin through 1.3.1 does not sanitise and ...)
@@ -38521,7 +38514,7 @@ CVE-2022-26472
CVE-2022-26471
RESERVED
CVE-2022-26470 (In aie, there is a possible out of bounds write due to an incorrect bo ...)
- TODO: check
+ NOT-FOR-US: Mediatek
CVE-2022-26469 (In MtkEmail, there is a possible escalation of privilege due to fragme ...)
NOT-FOR-US: Mediatek
CVE-2022-26468 (In preloader (usb), there is a possible out of bounds write due to a m ...)
@@ -39796,7 +39789,7 @@ CVE-2022-26060
CVE-2022-26050
RESERVED
CVE-2022-26049 (This affects the package com.diffplug.gradle:goomph before 3.37.2. It ...)
- TODO: check
+ NOT-FOR-US: com.diffplug.gradle:goomph
CVE-2022-26048
RESERVED
CVE-2022-26046
@@ -39988,7 +39981,7 @@ CVE-2022-25900 (All versions of package git-clone are vulnerable to Command Inje
CVE-2022-25898 (The package jsrsasign before 10.5.25 are vulnerable to Improper Verifi ...)
NOT-FOR-US: Node jsrsasign
CVE-2022-25897 (The package org.eclipse.milo:sdk-server before 0.6.8 are vulnerable to ...)
- TODO: check
+ NOT-FOR-US: org.eclipse.milo:sdk-server
CVE-2022-25896 (This affects the package passport before 0.6.0. When a user logs in or ...)
- passportjs 0.6.0+~1.0.0-1 (bug #1014385)
[bullseye] - passportjs <no-dsa> (Minor issue)
@@ -40141,11 +40134,11 @@ CVE-2022-25647 (The package com.google.code.gson:gson before 2.8.9 are vulnerabl
NOTE: https://github.com/google/gson/commit/e6fae590cf2a758c47cd5a17f9bf3780ce62c986 (gson-parent-2.8.9)
NOTE: https://snyk.io/vuln/SNYK-JAVA-COMGOOGLECODEGSON-1730327
CVE-2022-25646 (All versions of package x-data-spreadsheet are vulnerable to Cross-sit ...)
- TODO: check
+ NOT-FOR-US: Node x-data-spreadsheet
CVE-2022-25645 (All versions of package dset are vulnerable to Prototype Pollution via ...)
NOT-FOR-US: Node dset
CVE-2022-25644 (All versions of package @pendo324/get-process-by-name are vulnerable t ...)
- TODO: check
+ NOT-FOR-US: Node @pendo324/get-process-by-name
CVE-2022-25354 (The package set-in before 2.0.3 are vulnerable to Prototype Pollution ...)
NOT-FOR-US: Node set-in
CVE-2022-25353
@@ -40902,7 +40895,7 @@ CVE-2022-25627
CVE-2022-25626
RESERVED
CVE-2022-25625 (A malicious unauthorized PAM user can access the administration config ...)
- TODO: check
+ NOT-FOR-US: Symantec
CVE-2022-25624
RESERVED
CVE-2022-25623 (The Symantec Management Agent is susceptible to a privilege escalation ...)
@@ -41855,7 +41848,7 @@ CVE-2022-25297 (This affects the package drogonframework/drogon before 1.7.5. Th
CVE-2022-25296 (The package bodymen from 0.0.0 are vulnerable to Prototype Pollution v ...)
NOT-FOR-US: Node bodymen
CVE-2022-25295 (This affects the package github.com/gophish/gophish before 0.12.0. The ...)
- TODO: check
+ NOT-FOR-US: gophish
CVE-2022-25294 (Proofpoint Insider Threat Management Agent for Windows relies on an in ...)
NOT-FOR-US: Proofpoint Insider Threat Management Agent for Windows
CVE-2022-25293 (A systemd stack-based buffer overflow in WatchGuard Firebox and XTM ap ...)
@@ -44967,7 +44960,7 @@ CVE-2022-24306 (Zoho ManageEngine SharePoint Manager Plus before 4329 allows acc
CVE-2022-24305 (Zoho ManageEngine SharePoint Manager Plus before 4329 is vulnerable to ...)
NOT-FOR-US: Zoho ManageEngine
CVE-2022-24304 (Schema in lib/schema.js in Mongoose before 6.4.6 is vulnerable to prot ...)
- TODO: check
+ NOT-FOR-US: Mongoose
CVE-2022-24303 (Pillow before 9.0.1 allows attackers to delete files because spaces in ...)
- pillow 9.0.1-1
[bullseye] - pillow <ignored> (Minor issue)
@@ -47566,7 +47559,7 @@ CVE-2022-23717 (PingID Windows Login prior to 2.8 is vulnerable to a denial of s
CVE-2022-23716
RESERVED
CVE-2022-23715 (A flaw was discovered in ECE before 3.4.0 that might lead to the discl ...)
- TODO: check
+ NOT-FOR-US: Elastic Cloud Enterprise
CVE-2022-23714 (A local privilege escalation (LPE) issue was discovered in the ransomw ...)
NOT-FOR-US: Elastic Endpoint Security for Windows
CVE-2022-23713 (A cross-site-scripting (XSS) vulnerability was discovered in the Vega ...)
@@ -58708,9 +58701,9 @@ CVE-2021-44428 (Pinkie 2.15 allows remote attackers to cause a denial of service
CVE-2021-44427 (An unauthenticated SQL Injection vulnerability in Rosario Student Info ...)
NOT-FOR-US: Rosario Student Information System
CVE-2021-44426 (An issue was discovered in AnyDesk before 6.2.6 and 6.3.x before 6.3.5 ...)
- TODO: check
+ NOT-FOR-US: AnyDesk
CVE-2021-44425 (An issue was discovered in AnyDesk before 6.2.6 and 6.3.x before 6.3.3 ...)
- TODO: check
+ NOT-FOR-US: AnyDesk
CVE-2021-44424
RESERVED
CVE-2021-44423 (An out-of-bounds read vulnerability exists when reading a BMP file usi ...)
@@ -86100,7 +86093,7 @@ CVE-2021-35111 (Improper validation of tag id while RRC sending tag id to MAC ca
CVE-2021-35110 (Possible buffer overflow to improper validation of hash segment of fil ...)
NOT-FOR-US: Qualcomm
CVE-2021-35109 (Possible address manipulation from APP-NS while APP-S is configuring a ...)
- TODO: check
+ NOT-FOR-US: Snapdragon
CVE-2021-35108 (Improper checking of AP-S lock bit while verifying the secure resource ...)
NOT-FOR-US: Snapdragon
CVE-2021-35107
@@ -102342,7 +102335,7 @@ CVE-2021-28863
CVE-2021-28862
RESERVED
CVE-2021-28861 (** DISPUTED ** Python 3.x through 3.10 has an open redirection vulnera ...)
- TODO: check
+ NOT-FOR-US: Disputed Python issue
CVE-2021-28860 (In Node.js mixme, prior to v0.5.1, an attacker can add or alter proper ...)
NOT-FOR-US: Node mixme
CVE-2021-28859
@@ -103495,7 +103488,7 @@ CVE-2021-28400
CVE-2021-28399 (OrangeHRM 4.7 allows an unauthenticated user to enumerate the valid us ...)
- orangehrm <itp> (bug #786622)
CVE-2021-28398 (A privileged attacker in GeoNetwork before 3.12.0 and 4.x before 4.0.4 ...)
- TODO: check
+ NOT-FOR-US: GeoNetwork
CVE-2021-28397
RESERVED
CVE-2021-28396
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8fb35876d8c9de5175d203028f2894fdf03be62c
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8fb35876d8c9de5175d203028f2894fdf03be62c
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220913/28b25d1c/attachment.htm>
More information about the debian-security-tracker-commits
mailing list