[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Sep 14 21:38:23 BST 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
d9ef618e by Salvatore Bonaccorso at 2022-09-14T22:37:52+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -4384,7 +4384,7 @@ CVE-2022-38798
CVE-2022-38797
RESERVED
CVE-2022-38796 (A Host Header Injection vulnerability in Feehi CMS 2.1.1 may allow an ...)
- TODO: check
+ NOT-FOR-US: Feehi CMS
CVE-2022-38453 (Multiple binary application files on the CMS8000 device are compiled w ...)
NOT-FOR-US: Contec Health
CVE-2022-38399 (Missing protection mechanism for alternate hardware interface in SmaCa ...)
@@ -5046,7 +5046,7 @@ CVE-2022-38635
CVE-2022-38634
RESERVED
CVE-2022-38633 (Genymotion Desktop v3.2.1 was discovered to contain a DLL hijacking vu ...)
- TODO: check
+ NOT-FOR-US: Genymotion Desktop
CVE-2022-38632
RESERVED
CVE-2022-38631
@@ -5228,17 +5228,17 @@ CVE-2022-38544
CVE-2022-38543
RESERVED
CVE-2022-38542 (Archery v1.4.0 to v1.8.5 was discovered to contain a SQL injection vul ...)
- TODO: check
+ NOT-FOR-US: Archery
CVE-2022-38541 (Archery v1.8.3 to v1.8.5 was discovered to contain multiple SQL inject ...)
- TODO: check
+ NOT-FOR-US: Archery
CVE-2022-38540 (Archery v1.4.0 to v1.8.5 was discovered to contain a SQL injection vul ...)
- TODO: check
+ NOT-FOR-US: Archery
CVE-2022-38539 (Archery v1.7.5 to v1.8.5 was discovered to contain a SQL injection vul ...)
- TODO: check
+ NOT-FOR-US: Archery
CVE-2022-38538 (Archery v1.7.0 to v1.8.5 was discovered to contain a SQL injection vul ...)
- TODO: check
+ NOT-FOR-US: Archery
CVE-2022-38537 (Archery v1.4.5 to v1.8.5 was discovered to contain multiple SQL inject ...)
- TODO: check
+ NOT-FOR-US: Archery
CVE-2022-38536
RESERVED
CVE-2022-38535
@@ -5329,11 +5329,11 @@ CVE-2022-38499
CVE-2022-38498
RESERVED
CVE-2022-38497 (LIEF commit 365a16a was discovered to contain a segmentation violation ...)
- TODO: check
+ NOT-FOR-US: LIEF
CVE-2022-38496 (LIEF commit 365a16a was discovered to contain a reachable assertion ab ...)
- TODO: check
+ NOT-FOR-US: LIEF
CVE-2022-38495 (LIEF commit 365a16a was discovered to contain a heap-buffer overflow v ...)
- TODO: check
+ NOT-FOR-US: LIEF
CVE-2022-38078 (Movable Type XMLRPC API provided by Six Apart Ltd. contains a command ...)
- movabletype-opensource <removed>
CVE-2022-2925 (Cross-site Scripting (XSS) - Stored in GitHub repository appwrite/appw ...)
@@ -6083,9 +6083,9 @@ CVE-2022-38309 (Tenda AC18 router v15.03.05.19 and v15.03.05.05 was discovered t
CVE-2022-38308
RESERVED
CVE-2022-38307 (LIEF commit 5d1d643 was discovered to contain a segmentation violation ...)
- TODO: check
+ NOT-FOR-US: LIEF
CVE-2022-38306 (LIEF commit 5d1d643 was discovered to contain a heap-buffer overflow i ...)
- TODO: check
+ NOT-FOR-US: LIEF
CVE-2022-36403 (Untrusted search path vulnerability in the installer of Device Softwar ...)
NOT-FOR-US: Ricoh
CVE-2022-2825
@@ -7680,7 +7680,7 @@ CVE-2022-37663
CVE-2022-37662
RESERVED
CVE-2022-37661 (SmartRG SR506n 2.5.15 and SR510n 2.6.13 routers are vulnerable to Remo ...)
- TODO: check
+ NOT-FOR-US: SmartRG
CVE-2022-37660
RESERVED
CVE-2022-37659
@@ -8723,7 +8723,7 @@ CVE-2022-37304
CVE-2022-37303
RESERVED
CVE-2022-37302 (A CWE-119: Improper Restriction of Operations within the Bounds of a M ...)
- TODO: check
+ NOT-FOR-US: EcoStruxure Control Expert
CVE-2022-37301
RESERVED
CVE-2022-37300 (A CWE-640: Weak Password Recovery Mechanism for Forgotten Password vul ...)
@@ -9473,7 +9473,7 @@ CVE-2022-37013
CVE-2022-37012
RESERVED
CVE-2022-37011 (A vulnerability has been identified in Mendix SAML Module (Mendix 7 co ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2022-37010 (In JetBrains IntelliJ IDEA before 2022.2 email address validation in t ...)
- intellij-idea <itp> (bug #747616)
CVE-2022-37009 (In JetBrains IntelliJ IDEA before 2022.2 local code execution via a Va ...)
@@ -9990,13 +9990,13 @@ CVE-2022-36784
CVE-2022-36783
RESERVED
CVE-2022-36782 (Pal Electronics Systems - Pal Gate Authorization Errors. The vulnerabi ...)
- TODO: check
+ NOT-FOR-US: Pal Electronics Systems
CVE-2022-36781
RESERVED
CVE-2022-36780 (Avdor CIS - crystal quality Credentials Management Errors. The product ...)
- TODO: check
+ NOT-FOR-US: Avdor CIS
CVE-2022-36779 (PROSCEND - PROSCEND / ADVICE .Ltd - G/5G Industrial Cellular Router (w ...)
- TODO: check
+ NOT-FOR-US: PROSCEND
CVE-2022-36778 (insert HTML / js code inside input how to get to the vulnerable input ...)
TODO: check
CVE-2022-36777
@@ -10732,7 +10732,7 @@ CVE-2022-36438
CVE-2022-36437
RESERVED
CVE-2022-36436 (OSU Open Source Lab VNCAuthProxy through 1.1.1 is affected by an vncap ...)
- TODO: check
+ NOT-FOR-US: OSU Open Source Lab VNCAuthProxy
CVE-2022-36435
RESERVED
CVE-2022-36434
@@ -12428,33 +12428,33 @@ CVE-2022-35843
CVE-2022-35842
RESERVED
CVE-2022-35841 (Windows Enterprise App Management Service Remote Code Execution Vulner ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-35840 (Microsoft OLE DB Provider for SQL Server Remote Code Execution Vulnera ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-35839
RESERVED
CVE-2022-35838 (HTTP V3 Denial of Service Vulnerability. ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-35837 (Windows Graphics Component Information Disclosure Vulnerability. This ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-35836 (Microsoft OLE DB Provider for SQL Server Remote Code Execution Vulnera ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-35835 (Microsoft OLE DB Provider for SQL Server Remote Code Execution Vulnera ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-35834 (Microsoft OLE DB Provider for SQL Server Remote Code Execution Vulnera ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-35833 (Windows Secure Channel Denial of Service Vulnerability. This CVE ID is ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-35832 (Windows Event Tracing Denial of Service Vulnerability. ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-35831 (Windows Remote Access Connection Manager Information Disclosure Vulner ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-35830 (Remote Procedure Call Runtime Remote Code Execution Vulnerability. ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-35829
RESERVED
CVE-2022-35828 (Microsoft Defender for Endpoint for Mac Elevation of Privilege Vulnera ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-35827 (Visual Studio Remote Code Execution Vulnerability. This CVE ID is uniq ...)
NOT-FOR-US: Microsoft
CVE-2022-35826 (Visual Studio Remote Code Execution Vulnerability. This CVE ID is uniq ...)
@@ -12464,7 +12464,7 @@ CVE-2022-35825 (Visual Studio Remote Code Execution Vulnerability. This CVE ID i
CVE-2022-35824 (Azure Site Recovery Remote Code Execution Vulnerability. This CVE ID i ...)
NOT-FOR-US: Microsoft
CVE-2022-35823 (Microsoft SharePoint Remote Code Execution Vulnerability. ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-35822 (Windows Defender Credential Guard Security Feature Bypass Vulnerabilit ...)
NOT-FOR-US: Microsoft
CVE-2022-35821 (Azure Sphere Information Disclosure Vulnerability. ...)
@@ -12500,11 +12500,11 @@ CVE-2022-35807 (Azure Site Recovery Elevation of Privilege Vulnerability. This C
CVE-2022-35806 (Azure RTOS GUIX Studio Remote Code Execution Vulnerability. This CVE I ...)
NOT-FOR-US: Microsoft
CVE-2022-35805 (Microsoft Dynamics CRM (on-premises) Remote Code Execution Vulnerabili ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-35804 (SMB Client and Server Remote Code Execution Vulnerability. ...)
NOT-FOR-US: Microsoft
CVE-2022-35803 (Windows Common Log File System Driver Elevation of Privilege Vulnerabi ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-35802 (Azure Site Recovery Elevation of Privilege Vulnerability. This CVE ID ...)
NOT-FOR-US: Microsoft
CVE-2022-35801 (Azure Site Recovery Elevation of Privilege Vulnerability. This CVE ID ...)
@@ -13039,7 +13039,7 @@ CVE-2022-35583 (wkhtmlTOpdf 0.12.6 is vulnerable to SSRF which allows an attacke
NOTE: a protected network in an automated way, a malicious actor may access internal
NOTE: resources. A user of wkhtmltopdf should restrict such access.
CVE-2022-35582 (Penta Security Systems Inc WAPPLES 4.0.*, 5.0.0.*, 5.0.12.* are vulner ...)
- TODO: check
+ NOT-FOR-US: Penta Security Systems
CVE-2022-35581
RESERVED
CVE-2022-35580
@@ -14874,7 +14874,7 @@ CVE-2022-2279 (NULL Pointer Dereference in GitHub repository bfabiszewski/libmob
CVE-2022-2278 (The Featured Image from URL (FIFU) WordPress plugin before 4.0.1 does ...)
NOT-FOR-US: WordPress plugin
CVE-2022-2277 (Improper Input Validation vulnerability exists in the Hitachi Energy M ...)
- TODO: check
+ NOT-FOR-US: Hitachi
CVE-2021-4234 (OpenVPN Access Server 2.10 and prior versions are susceptible to resen ...)
NOT-FOR-US: OpenVPN Access Server
CVE-2022-34893
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d9ef618e98741b6c059715383fb71a5323d20970
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d9ef618e98741b6c059715383fb71a5323d20970
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220914/b48f9f4b/attachment.htm>
More information about the debian-security-tracker-commits
mailing list