[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Sat Sep 17 10:00:26 BST 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
c369c81f by Salvatore Bonaccorso at 2022-09-17T10:59:58+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,15 +1,15 @@
CVE-2022-40762 (A Memory Allocation with Excessive Size Value vulnerablity in the TEE_ ...)
- TODO: check
+ NOT-FOR-US: Samsung mTower
CVE-2022-40761 (The function tee_obj_free in Samsung mTower through 0.3.0 allows a tru ...)
- TODO: check
+ NOT-FOR-US: Samsung mTower
CVE-2022-40760 (A Buffer Access with Incorrect Length Value vulnerablity in the TEE_MA ...)
- TODO: check
+ NOT-FOR-US: Samsung mTower
CVE-2022-40759 (A NULL pointer dereference issue in the TEE_MACCompareFinal function i ...)
- TODO: check
+ NOT-FOR-US: Samsung mTower
CVE-2022-40758 (A Buffer Access with Incorrect Length Value vulnerablity in the TEE_Ci ...)
- TODO: check
+ NOT-FOR-US: Samsung mTower
CVE-2022-40757 (A Buffer Access with Incorrect Length Value vulnerablity in the TEE_MA ...)
- TODO: check
+ NOT-FOR-US: Samsung mTower
CVE-2022-40756
RESERVED
CVE-2022-40755 (JasPer 3.0.6 allows denial of service via a reachable assertion in the ...)
@@ -1132,7 +1132,7 @@ CVE-2022-40302
CVE-2022-40301
RESERVED
CVE-2022-40300 (Zoho ManageEngine Password Manager Pro through 12120 before 12121, PAM ...)
- TODO: check
+ NOT-FOR-US: Zoho ManageEngine
CVE-2022-40299 (In Singular before 4.3.1, a predictable /tmp pathname is used (e.g., b ...)
[experimental] - singular 1:4.3.1-p1+ds-1
- singular <unfixed> (unimportant)
@@ -5298,7 +5298,7 @@ CVE-2022-38613 (A Path Traversal vulnerability in SmartVista Cardgen v3.28.0 all
CVE-2022-38612
RESERVED
CVE-2022-38611 (Incorrect access control in Watchdog Anti-Virus v1.4.158 allows attack ...)
- TODO: check
+ NOT-FOR-US: Watchdog Anti-Virus
CVE-2022-38610 (Garage Management System v1.0 was discovered to contain a SQL injectio ...)
NOT-FOR-US: Garage Management System
CVE-2022-38609
@@ -7793,7 +7793,7 @@ CVE-2022-37711
CVE-2022-37710
RESERVED
CVE-2022-37709 (Tesla Model 3 V11.0(2022.4.5.1 6b701552d7a6) Tesla mobile app v4.23 is ...)
- TODO: check
+ NOT-FOR-US: Tesla
CVE-2022-37708
RESERVED
CVE-2022-37707
@@ -9061,15 +9061,15 @@ CVE-2022-37253 (Persistent cross-site scripting (XSS) in Crime Reporting System
CVE-2022-37252
RESERVED
CVE-2022-37251 (Craft CMS 4.2.0.1 is vulnerable to Cross Site Scripting (XSS) via Draf ...)
- TODO: check
+ NOT-FOR-US: Craft CMS
CVE-2022-37250 (Craft CMS 4.2.0.1 suffers from Stored Cross Site Scripting (XSS) in /a ...)
- TODO: check
+ NOT-FOR-US: Craft CMS
CVE-2022-37249
RESERVED
CVE-2022-37248 (Craft CMS 4.2.0.1 is vulnerable to Cross Site Scripting (XSS) via src/ ...)
- TODO: check
+ NOT-FOR-US: Craft CMS
CVE-2022-37247 (Craft CMS 4.2.0.1 is vulnerable to stored a cross-site scripting (XSS) ...)
- TODO: check
+ NOT-FOR-US: Craft CMS
CVE-2022-37246
RESERVED
CVE-2022-37245 (MDaemon Technologies SecurityGateway for Email Servers 8.5.2 is vulner ...)
@@ -12936,7 +12936,7 @@ CVE-2022-2394 (Puppet Bolt prior to version 3.24.0 will print sensitive paramete
CVE-2021-46827 (An issue was discovered in Oxygen XML WebHelp before 22.1 build 202108 ...)
NOT-FOR-US: Oxygen XML WebHelp
CVE-2022-35713 (Adobe Photoshop versions 22.5.8 (and earlier) and 23.4.2 (and earlier) ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2022-35712
RESERVED
CVE-2022-35711
@@ -13034,7 +13034,7 @@ CVE-2022-35666 (Adobe Acrobat Reader versions 22.001.20169 (and earlier), 20.005
CVE-2022-35665 (Adobe Acrobat Reader versions 22.001.20169 (and earlier), 20.005.30362 ...)
NOT-FOR-US: Adobe
CVE-2022-35664 (Adobe Experience Manager versions 6.5.13.0 (and earlier) is affected b ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2022-35663
RESERVED
CVE-2022-35662
@@ -14109,7 +14109,7 @@ CVE-2022-2334 (The application searches for a library dll that is not found. If
CVE-2022-2333 (If an attacker manages to trick a valid user into loading a malicious ...)
TODO: check
CVE-2022-2332 (A local unprivileged attacker may escalate to administrator privileges ...)
- TODO: check
+ NOT-FOR-US: Honeywell
CVE-2022-35271
RESERVED
CVE-2022-35270
@@ -15220,7 +15220,7 @@ CVE-2022-30705
CVE-2022-29495 (Cross-Site Request Forgery (CSRF) vulnerability in Sygnoos Popup Build ...)
NOT-FOR-US: WordPress plugin
CVE-2022-29489 (Cross-Site Request Forgery (CSRF) vulnerability in Sucuri Security plu ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-27235 (Multiple Broken Access Control vulnerabilities in Social Share Buttons ...)
NOT-FOR-US: WordPress plugin
CVE-2022-26366
@@ -16980,7 +16980,7 @@ CVE-2022-34220 (Adobe Acrobat Reader versions 22.001.20142 (and earlier), 20.005
CVE-2022-34219 (Adobe Acrobat Reader versions 22.001.20142 (and earlier), 20.005.30334 ...)
NOT-FOR-US: Adobe
CVE-2022-34218 (Adobe Experience Manager versions 6.5.13.0 (and earlier) is affected b ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2022-34217 (Adobe Acrobat Reader versions 22.001.20142 (and earlier), 20.005.30334 ...)
NOT-FOR-US: Adobe
CVE-2022-34216 (Adobe Acrobat Reader versions 22.001.20142 (and earlier), 20.005.30334 ...)
@@ -23007,7 +23007,7 @@ CVE-2022-31863
CVE-2022-31862
RESERVED
CVE-2022-31861 (Cross site Scripting (XSS) in ThingsBoard IoT Platform through 3.3.4.1 ...)
- TODO: check
+ NOT-FOR-US: ThingsBoard IoT Platform
CVE-2022-31860 (An issue was discovered in OpenRemote through 1.0.4 allows attackers t ...)
NOT-FOR-US: OpenRemote
CVE-2022-31859
@@ -26607,37 +26607,37 @@ CVE-2022-30688 (needrestart 0.8 through 3.5 before 3.6 is prone to local privile
CVE-2022-30687 (Trend Micro Maximum Security 2022 is vulnerable to a link following vu ...)
NOT-FOR-US: Trend Micro
CVE-2022-30686 (Adobe Experience Manager versions 6.5.13.0 (and earlier) is affected b ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2022-30685 (Adobe Experience Manager versions 6.5.13.0 (and earlier) is affected b ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2022-30684 (Adobe Experience Manager versions 6.5.13.0 (and earlier) is affected b ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2022-30683 (Adobe Experience Manager versions 6.5.13.0 (and earlier) is affected b ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2022-30682 (Adobe Experience Manager versions 6.5.13.0 (and earlier) is affected b ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2022-30681 (Adobe Experience Manager versions 6.5.13.0 (and earlier) is affected b ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2022-30680 (Adobe Experience Manager versions 6.5.13.0 (and earlier) is affected b ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2022-30679
RESERVED
CVE-2022-30678 (Adobe Experience Manager versions 6.5.13.0 (and earlier) is affected b ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2022-30677 (Adobe Experience Manager versions 6.5.13.0 (and earlier) is affected b ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2022-30676 (Adobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) ar ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2022-30675 (Adobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) ar ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2022-30674 (Adobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) ar ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2022-30673 (Adobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) ar ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2022-30672 (Adobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) ar ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2022-30671 (Adobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) ar ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2022-30670 (RoboHelp Server earlier versions than RHS 11 Update 3 are affected by ...)
NOT-FOR-US: RoboHelp Server
CVE-2022-30669 (Adobe Illustrator versions 26.0.2 (and earlier) and 25.4.5 (and earlie ...)
@@ -28870,7 +28870,7 @@ CVE-2022-29928 (In JetBrains TeamCity before 2022.04 leak of secrets in TeamCity
CVE-2022-29927 (In JetBrains TeamCity before 2022.04 reflected XSS on the Build Chain ...)
NOT-FOR-US: JetBrains TeamCity
CVE-2022-29922 (Improper Input Validation vulnerability in the handling of a specially ...)
- TODO: check
+ NOT-FOR-US: Hitachi
CVE-2022-29918
RESERVED
- firefox 100.0-1
@@ -28943,7 +28943,7 @@ CVE-2022-29909
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-17/#CVE-2022-29909
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-18/#CVE-2022-29909
CVE-2022-29492 (Improper Input Validation vulnerability in the handling of a malformed ...)
- TODO: check
+ NOT-FOR-US: Hitachi
CVE-2022-29490 (Improper Authorization vulnerability exists in the Workplace X WebUI o ...)
NOT-FOR-US: Workplace X
CVE-2022-1543 (Improper handling of Length parameter in GitHub repository erudika/sco ...)
@@ -29825,7 +29825,7 @@ CVE-2022-29651 (An arbitrary file upload vulnerability in the Select Image funct
CVE-2022-29650 (Online Food Ordering System v1.0 was discovered to contain a SQL injec ...)
NOT-FOR-US: Online Food Ordering System
CVE-2022-29649 (Qsmart Next v4.1.2 was discovered to contain a cross-site scripting (X ...)
- TODO: check
+ NOT-FOR-US: Qsmart Next
CVE-2022-29648 (A cross-site scripting (XSS) vulnerability in Jfinal CMS v5.1.0 allows ...)
NOT-FOR-US: Jfinal CMS
CVE-2022-29647 (An issue was discovered in MCMS 5.2.7. There is a CSRF vulnerability t ...)
@@ -32123,17 +32123,17 @@ CVE-2022-28860 (An authentication downgrade in the server in Citilog 8.0 allows
CVE-2022-1285 (Server-Side Request Forgery (SSRF) in GitHub repository gogs/gogs prio ...)
NOT-FOR-US: Go Git Service
CVE-2022-28857 (Adobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) ar ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2022-28856 (Adobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) ar ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2022-28855 (Adobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) ar ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2022-28854 (Adobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) ar ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2022-28853 (Adobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) ar ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2022-28852 (Adobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) ar ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2022-28851
RESERVED
CVE-2022-28850 (Adobe Bridge version 12.0.1 (and earlier versions) is affected by an o ...)
@@ -32327,7 +32327,7 @@ CVE-2022-28760
CVE-2022-28759
RESERVED
CVE-2022-28758 (Zoom On-Premise Meeting Connector MMR before version 4.8.20220815.130 ...)
- TODO: check
+ NOT-FOR-US: Zoom
CVE-2022-28757 (The Zoom Client for Meetings for macOS (Standard and for IT Admin) sta ...)
NOT-FOR-US: Zoom
CVE-2022-28756 (The Zoom Client for Meetings for macOS (Standard and for IT Admin) sta ...)
@@ -35952,7 +35952,7 @@ CVE-2022-27563 (An unauthenticated user can overload a part of HCL VersionVault
CVE-2022-27562
RESERVED
CVE-2022-27561 (There is a reflected Cross-Site Scripting vulnerability in the HCL Tra ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2022-27560 (HCL VersionVault Express exposes administrator credentials. ...)
NOT-FOR-US: HCL
CVE-2022-27559
@@ -37773,7 +37773,7 @@ CVE-2022-26961
CVE-2022-26960 (connector.minimal.php in std42 elFinder through 2.1.60 is affected by ...)
NOT-FOR-US: std42 elFinder
CVE-2022-26959 (There are two full (read/write) Blind/Time-based SQL injection vulnera ...)
- TODO: check
+ NOT-FOR-US: Northstar Club Management
CVE-2022-26958
RESERVED
CVE-2022-26957
@@ -37845,7 +37845,7 @@ CVE-2022-26930 (Windows Remote Access Connection Manager Information Disclosure
CVE-2022-26929 (.NET Framework Remote Code Execution Vulnerability. ...)
TODO: check
CVE-2022-26928 (Windows Photo Import API Elevation of Privilege Vulnerability. ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-26927 (Windows Graphics Component Remote Code Execution Vulnerability. ...)
NOT-FOR-US: Microsoft
CVE-2022-26926 (Windows Address Book Remote Code Execution Vulnerability. ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c369c81fcc26faac1925d8580a59a960eba80bdd
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c369c81fcc26faac1925d8580a59a960eba80bdd
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220917/d0cbed97/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list