[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Mon Sep 19 21:17:55 BST 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
edac8f0f by Salvatore Bonaccorso at 2022-09-19T22:17:18+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -91,7 +91,7 @@ CVE-2022-40986
CVE-2022-40985
RESERVED
CVE-2022-40980 (A potential unathenticated file deletion vulnerabilty on Trend Micro M ...)
- TODO: check
+ NOT-FOR-US: Trend Micro
CVE-2022-40979
RESERVED
CVE-2022-40978 (The installer of JetBrains IntelliJ IDEA before 2022.2.2 was vulnerabl ...)
@@ -991,7 +991,7 @@ CVE-2022-40610
CVE-2022-40609
RESERVED
CVE-2022-40608 (IBM Spectrum Protect Plus 10.1.6 through 10.1.11 Microsoft File System ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2022-40607
RESERVED
CVE-2022-3192
@@ -1819,7 +1819,7 @@ CVE-2022-40236
CVE-2022-40235
RESERVED
CVE-2022-40234 (Versions of IBM Spectrum Protect Plus prior to 10.1.12 (excluding 10.1 ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2022-40233
RESERVED
CVE-2022-40232
@@ -2032,17 +2032,17 @@ CVE-2022-3149
CVE-2022-3148 (Cross-site Scripting (XSS) - Generic in GitHub repository jgraph/drawi ...)
NOT-FOR-US: jgraph/drawio
CVE-2022-40144 (A vulnerability in Trend Micro Apex One and Trend Micro Apex One as a ...)
- TODO: check
+ NOT-FOR-US: Trend Micro
CVE-2022-40143 (A link following local privilege escalation vulnerability in Trend Mic ...)
- TODO: check
+ NOT-FOR-US: Trend Micro
CVE-2022-40142 (A security link following local privilege escalation vulnerability in ...)
- TODO: check
+ NOT-FOR-US: Trend Micro
CVE-2022-40141 (A vulnerability in Trend Micro Apex One and Apex One as a Service coul ...)
- TODO: check
+ NOT-FOR-US: Trend Micro
CVE-2022-40140 (An origin validation error vulnerability in Trend Micro Apex One and A ...)
- TODO: check
+ NOT-FOR-US: Trend Micro
CVE-2022-40139 (Improper validation of some components used by the rollback mechanism ...)
- TODO: check
+ NOT-FOR-US: Trend Micro
CVE-2022-40138
RESERVED
CVE-2022-40133 (A use-after-free(UAF) vulnerability was found in function 'vmw_execbuf ...)
@@ -2089,9 +2089,9 @@ CVE-2022-40127
CVE-2022-38972 (Cross-site scripting vulnerability in Movable Type plugin A-Form versi ...)
NOT-FOR-US: Movable Type plugin
CVE-2022-3142 (The NEX-Forms WordPress plugin before 7.9.7 does not properly sanitise ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-3141 (The Translate Multilingual sites WordPress plugin before 2.3.3 is vuln ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-3140
RESERVED
CVE-2022-3139
@@ -2203,25 +2203,25 @@ CVE-2022-40078
CVE-2022-40077
RESERVED
CVE-2022-40076 (Tenda AC21 V16.03.08.15 is vulnerable to Buffer Overflow via /bin/http ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2022-40075 (Tenda AC21 V 16.03.08.15 is vulnerable to Buffer Overflow via /bin/htt ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2022-40074 (Tenda AC21 V 16.03.08.15 is vulnerable to Buffer Overflow via /bin/htt ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2022-40073 (Tenda AC21 V 16.03.08.15 is vulnerable to Buffer Overflow via /bin/htt ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2022-40072 (Tenda AC21 V 16.03.08.15 is vulnerable to Buffer Overflow via /bin/htt ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2022-40071 (Tenda AC21 V 16.03.08.15 is vulnerable to Buffer Overflow via /bin/htt ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2022-40070 (Tenda AC21 V 16.03.08.15 is vulnerable to Buffer Overflow via bin/http ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2022-40069 (]Tenda AC21 V 16.03.08.15 is vulnerable to Buffer Overflow via /bin/ht ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2022-40068 (Tenda AC21 V16.03.08.15 is vulnerable to Buffer Overflow via /bin/http ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2022-40067 (Tenda AC21 V 16.03.08.15 is vulnerable to Buffer Overflow via /bin/htt ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2022-40066
RESERVED
CVE-2022-40065
@@ -4667,7 +4667,7 @@ CVE-2022-3037 (Use After Free in GitHub repository vim/vim prior to 9.0.0322. ..
NOTE: https://huntr.dev/bounties/af4c2f2d-d754-4607-b565-9e92f3f717b5
NOTE: https://github.com/vim/vim/commit/4f1b083be43f351bc107541e7b0c9655a5d2c0bb (v9.0.0322)
CVE-2022-3036 (The Gettext override translations WordPress plugin before 2.0.0 does n ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-3035 (Cross-site Scripting (XSS) - Stored in GitHub repository snipe/snipe-i ...)
- snipe-it <itp> (bug #1005172)
CVE-2022-3034
@@ -5184,7 +5184,7 @@ CVE-2022-3023
CVE-2022-3022
REJECTED
CVE-2022-3021 (The Slickr Flickr WordPress plugin through 2.8.1 does not sanitise and ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-3020
RESERVED
CVE-2021-46836 (Implementation of the WLAN module interfaces has the information discl ...)
@@ -5314,7 +5314,7 @@ CVE-2022-38766
CVE-2022-38765
RESERVED
CVE-2022-38764 (A vulnerability on Trend Micro HouseCall version 1.62.1.1133 and below ...)
- TODO: check
+ NOT-FOR-US: Trend Micro
CVE-2022-38763
RESERVED
CVE-2022-38762
@@ -5590,7 +5590,7 @@ CVE-2022-2959 (A race condition was found in the Linux kernel's watch queue due
NOTE: https://www.zerodayinitiative.com/advisories/ZDI-CAN-17291/
NOTE: https://git.kernel.org/linus/189b0ddc245139af81198d1a3637cac74f96e13a (5.19-rc1)
CVE-2022-2958 (The BadgeOS WordPress plugin before 3.7.1.3 does not sanitise and esca ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-2957 (A vulnerability classified as critical was found in SourceCodester Sim ...)
NOT-FOR-US: SourceCodester Simple and Nice Shopping Cart Script
CVE-2022-2956 (A vulnerability classified as problematic has been found in ConsoleTVs ...)
@@ -6679,7 +6679,7 @@ CVE-2022-2842 (A vulnerability classified as critical has been found in SourceCo
CVE-2022-2841 (A vulnerability was found in CrowdStrike Falcon 6.31.14505.0/6.42.1561 ...)
NOT-FOR-US: CrowdStrike Falcon
CVE-2022-2840 (The Zephyr Project Manager WordPress plugin before 3.2.5 does not sani ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-2839
RESERVED
CVE-2022-2838 (In Eclipse Sphinx™ before version 0.13.1, Apache Xerces XML Pars ...)
@@ -7402,9 +7402,9 @@ CVE-2022-2756 (Server-Side Request Forgery (SSRF) in GitHub repository kareadita
CVE-2022-2755
RESERVED
CVE-2022-2754 (The Ketchup Restaurant Reservations WordPress plugin through 1.0.0 doe ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-2753 (The Ketchup Restaurant Reservations WordPress plugin through 1.0.0 doe ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-2752
RESERVED
CVE-2022-2751 (A vulnerability was found in SourceCodester Company Website CMS and cl ...)
@@ -8013,9 +8013,9 @@ CVE-2022-2712
CVE-2022-2711
RESERVED
CVE-2022-2710 (The Scroll To Top WordPress plugin before 1.4.1 does not escape some o ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-2709 (The Float to Top Button WordPress plugin through 2.3.6 does not escape ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-37863
RESERVED
CVE-2022-37862
@@ -9313,9 +9313,9 @@ CVE-2022-2627
CVE-2022-2626 (Incorrect Privilege Assignment in GitHub repository hestiacp/hestiacp ...)
NOT-FOR-US: Hestia Control Panel
CVE-2022-37348 (Trend Micro Security 2021 and 2022 (Consumer) is vulnerable to an Out- ...)
- TODO: check
+ NOT-FOR-US: Trend Micro
CVE-2022-37347 (Trend Micro Security 2021 and 2022 (Consumer) is vulnerable to an Out- ...)
- TODO: check
+ NOT-FOR-US: Trend Micro
CVE-2022-37341
RESERVED
CVE-2022-37340
@@ -10244,7 +10244,7 @@ CVE-2022-2569 (The affected device stores sensitive information in cleartext, wh
CVE-2022-2568 (A privilege escalation flaw was found in the Ansible Automation Platfo ...)
NOT-FOR-US: Red Hat Ansible Automation Platform
CVE-2022-2567 (The Form Builder CP WordPress plugin before 1.2.32 does not sanitise a ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-2566
RESERVED
- ffmpeg 7:5.1.1-1
@@ -15656,7 +15656,7 @@ CVE-2022-2277 (Improper Input Validation vulnerability exists in the Hitachi Ene
CVE-2021-4234 (OpenVPN Access Server 2.10 and prior versions are susceptible to resen ...)
NOT-FOR-US: OpenVPN Access Server
CVE-2022-34893 (Trend Micro Security 2022 (consumer) has a link following vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: Trend Micro
CVE-2022-34892 (This vulnerability allows local attackers to escalate privileges on af ...)
NOT-FOR-US: Parallels
CVE-2022-34891 (This vulnerability allows local attackers to escalate privileges on af ...)
@@ -28462,7 +28462,7 @@ CVE-2022-1593 (The Site Offline or Coming Soon WordPress plugin through 1.6.6 do
CVE-2022-1592 (Server-Side Request Forgery in scout in GitHub repository clinical-gen ...)
NOT-FOR-US: clinical-genomics/scout
CVE-2022-1591 (The WordPress Ping Optimizer WordPress plugin before 2.35.1.3.0 does n ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-1590 (A vulnerability was found in Bludit 3.13.1. It has been declared as pr ...)
NOT-FOR-US: Bludit
CVE-2022-1589 (The Change wp-admin login WordPress plugin before 1.1.0 does not prope ...)
@@ -28634,7 +28634,7 @@ CVE-2022-1582 (The External Links in New Window / New Tab WordPress plugin befor
CVE-2022-1581
RESERVED
CVE-2022-1580 (The Site Offline Or Coming Soon Or Maintenance Mode WordPress plugin b ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-1579
RESERVED
CVE-2022-1578
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/edac8f0f5b004ef40a0ae1abca1d82e4fe335822
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/edac8f0f5b004ef40a0ae1abca1d82e4fe335822
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220919/f0c84517/attachment.htm>
More information about the debian-security-tracker-commits
mailing list