[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Sep 20 22:00:06 BST 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
1614275b by Salvatore Bonaccorso at 2022-09-20T22:59:31+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -28,13 +28,13 @@ CVE-2022-3247
CVE-2022-3246
RESERVED
CVE-2022-3245 (HTML injection attack is closely related to Cross-site Scripting (XSS) ...)
- TODO: check
+ NOT-FOR-US: microweber
CVE-2022-3244
RESERVED
CVE-2022-3243
RESERVED
CVE-2022-3242 (Code Injection in GitHub repository microweber/microweber prior to 1.3 ...)
- TODO: check
+ NOT-FOR-US: microweber
CVE-2022-3241
RESERVED
CVE-2017-20148 (In the ebuild package through logcheck-1.3.23.ebuild for Logcheck on G ...)
@@ -392,7 +392,7 @@ CVE-2022-40956
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-40/#CVE-2022-40956
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-41/#CVE-2022-40956
CVE-2022-40955 (In versions of Apache InLong prior to 1.3.0, an attacker with sufficie ...)
- TODO: check
+ NOT-FOR-US: Apache InLong
CVE-2022-40954
RESERVED
CVE-2022-40701
@@ -2697,7 +2697,7 @@ CVE-2022-39976
CVE-2022-39975
RESERVED
CVE-2022-39974 (WASM3 v0.5.0 was discovered to contain a segmentation fault via the co ...)
- TODO: check
+ NOT-FOR-US: WASM3
CVE-2022-39973
RESERVED
CVE-2022-39972
@@ -4329,7 +4329,7 @@ CVE-2022-39212 (Nextcloud Talk is an open source chat, video & audio calls c
CVE-2022-39211 (Nextcloud server is an open source personal cloud platform. In affecte ...)
- nextcloud-server <itp> (bug #941708)
CVE-2022-39210 (Nextcloud android is the official Android client for the Nextcloud hom ...)
- TODO: check
+ NOT-FOR-US: Nextcloud android
CVE-2022-39209 (cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and renderin ...)
- cmark-gfm <unfixed>
- python-cmarkgfm <unfixed>
@@ -4663,7 +4663,7 @@ CVE-2022-3081
CVE-2022-3080
RESERVED
CVE-2022-3079 (Festo control block CPX-CEC-C1 and CPX-CMXX in multiple versions allow ...)
- TODO: check
+ NOT-FOR-US: Festo
CVE-2022-3078 (An issue was discovered in the Linux kernel through 5.16-rc6. There is ...)
- linux 5.17.3-1
[bullseye] - linux 5.10.113-1
@@ -5080,9 +5080,9 @@ CVE-2022-38958
CVE-2022-38957
RESERVED
CVE-2022-38956 (An exploitable firmware downgrade vulnerability was discovered on the ...)
- TODO: check
+ NOT-FOR-US: Netgear
CVE-2022-38955 (An exploitable firmware modification vulnerability was discovered on t ...)
- TODO: check
+ NOT-FOR-US: Netgear
CVE-2022-38954
RESERVED
CVE-2022-38953
@@ -5160,7 +5160,7 @@ CVE-2022-38918
CVE-2022-38917
RESERVED
CVE-2022-38916 (A file upload vulnerability exists in the storage feature of pagekit 1 ...)
- TODO: check
+ NOT-FOR-US: Pagekit CMS
CVE-2022-38915
RESERVED
CVE-2022-38914
@@ -5411,7 +5411,7 @@ CVE-2022-38810
CVE-2022-38809
RESERVED
CVE-2022-38808 (ywoa v6.1 is vulnerable to SQL Injection via backend/oa/visual/exportE ...)
- TODO: check
+ NOT-FOR-US: ywoa
CVE-2022-38807
RESERVED
CVE-2022-38806
@@ -5589,9 +5589,9 @@ CVE-2022-3007
CVE-2022-3006
RESERVED
CVE-2022-3005 (Cross-site Scripting (XSS) - Stored in GitHub repository yetiforcecomp ...)
- TODO: check
+ NOT-FOR-US: yetiforcecrm
CVE-2022-3004 (Cross-site Scripting (XSS) - Stored in GitHub repository yetiforcecomp ...)
- TODO: check
+ NOT-FOR-US: yetiforcecrm
CVE-2022-3003
RESERVED
CVE-2022-3002
@@ -5599,7 +5599,7 @@ CVE-2022-3002
CVE-2022-3001 (This vulnerability exists in Milesight Video Management Systems (VMS), ...)
NOT-FOR-US: Milesight Video Management Systems (VMS)
CVE-2022-3000 (Cross-site Scripting (XSS) - Stored in GitHub repository yetiforcecomp ...)
- TODO: check
+ NOT-FOR-US: yetiforcecrm
CVE-2022-38772 (Zoho ManageEngine OpManager, OpManager Plus, OpManager MSP, Network Co ...)
NOT-FOR-US: Zoho ManageEngine
CVE-2022-38771 (The mobile application in Transtek Mojodat FAM (Fixed Asset Management ...)
@@ -6133,9 +6133,9 @@ CVE-2022-38620
CVE-2022-38619
RESERVED
CVE-2022-38618 (SmartVista SVFE2 v2.2.22 was discovered to contain a SQL injection vul ...)
- TODO: check
+ NOT-FOR-US: SmartVista SVFE2
CVE-2022-38617 (SmartVista SVFE2 v2.2.22 was discovered to contain a SQL injection vul ...)
- TODO: check
+ NOT-FOR-US: SmartVista SVFE2
CVE-2022-38616 (SmartVista SVFE2 v2.2.22 was discovered to contain a SQL injection vul ...)
NOT-FOR-US: SmartVista
CVE-2022-38615 (SmartVista SVFE2 v2.2.22 was discovered to contain multiple SQL inject ...)
@@ -6218,9 +6218,9 @@ CVE-2022-38579
CVE-2022-38578
RESERVED
CVE-2022-38577 (ProcessMaker before v3.5.4 was discovered to contain insecure permissi ...)
- TODO: check
+ NOT-FOR-US: ProcessMaker
CVE-2022-38576 (Interview Management System v1.0 was discovered to contain a SQL injec ...)
- TODO: check
+ NOT-FOR-US: Interview Management System
CVE-2022-38575
RESERVED
CVE-2022-38574
@@ -6272,7 +6272,7 @@ CVE-2022-38552
CVE-2022-38551
RESERVED
CVE-2022-38550 (A stored cross-site scripting (XSS) vulnerability in the /weibo/list c ...)
- TODO: check
+ NOT-FOR-US: Jeesns
CVE-2022-38549
RESERVED
CVE-2022-38548
@@ -6311,7 +6311,7 @@ CVE-2022-38533 (In GNU Binutils before 2.40, there is a heap-buffer-overflow in
NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=ef186fe54aa6d281a3ff8a9528417e5cc614c797
NOTE: binutils not covered by security support
CVE-2022-38532 (Micro-Star International Co., Ltd MSI Center 1.0.50.0 was discovered t ...)
- TODO: check
+ NOT-FOR-US: Micro-Star
CVE-2022-38531 (FPT G-97RG6M R4.2.98.035 and G-97RG3 R4.2.43.078 are vulnerable to Rem ...)
NOT-FOR-US: FPT router
CVE-2022-38530 (GPAC v2.1-DEV-rev232-gfcaa01ebb-master was discovered to contain a sta ...)
@@ -6329,7 +6329,7 @@ CVE-2022-38528 (Open Asset Import Library (assimp) commit 3c253ca was discovered
[bullseye] - assimp <no-dsa> (Minor issue)
NOTE: https://github.com/assimp/assimp/issues/4662
CVE-2022-38527 (UCMS v1.6.0 was discovered to contain a cross-site scripting (XSS) vul ...)
- TODO: check
+ NOT-FOR-US: UCMS
CVE-2022-38526
RESERVED
CVE-2022-38525
@@ -6365,7 +6365,7 @@ CVE-2022-38511 (TOTOLINK A810R V5.9c.4050_B20190424 was discovered to contain a
CVE-2022-38510 (Tenda_TX9pro V22.03.02.10 was discovered to contain a buffer overflow ...)
NOT-FOR-US: Tenda
CVE-2022-38509 (Wedding Planner v1.0 was discovered to contain a SQL injection vulnera ...)
- TODO: check
+ NOT-FOR-US: Wedding Planner
CVE-2022-38508
RESERVED
CVE-2022-38507
@@ -6399,7 +6399,7 @@ CVE-2022-38078 (Movable Type XMLRPC API provided by Six Apart Ltd. contains a co
CVE-2022-2925 (Cross-site Scripting (XSS) - Stored in GitHub repository appwrite/appw ...)
NOT-FOR-US: appwrite
CVE-2022-2924 (Cross-site Scripting (XSS) - Stored in GitHub repository yetiforcecomp ...)
- TODO: check
+ NOT-FOR-US: yetiforcecrm
CVE-2022-2923 (NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.024 ...)
- vim 2:9.0.0242-1
NOTE: https://huntr.dev/bounties/fd3a3ab8-ab0f-452f-afea-8c613e283fd2
@@ -6628,7 +6628,7 @@ CVE-2022-38427 (Adobe Photoshop versions 22.5.8 (and earlier) and 23.4.2 (and ea
CVE-2022-38426 (Adobe Photoshop versions 22.5.8 (and earlier) and 23.4.2 (and earlier) ...)
NOT-FOR-US: Adobe
CVE-2022-38425 (Adobe Bridge version 12.0.2 (and earlier) and 11.1.3 (and earlier) are ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2022-38424
RESERVED
CVE-2022-38423
@@ -7055,7 +7055,7 @@ CVE-2022-38353
CVE-2022-38352 (ThinkPHP v6.0.13 was discovered to contain a deserialization vulnerabi ...)
NOT-FOR-US: ThinkPHP
CVE-2022-38351 (A vulnerability in Suprema Bio Star 2 v2.8.16 allows attackers to esca ...)
- TODO: check
+ NOT-FOR-US: Suprema Bio Star
CVE-2022-38350
RESERVED
CVE-2022-38349
@@ -7075,11 +7075,11 @@ CVE-2022-38343
CVE-2022-38342 (Safe Software FME Server v2022.0.1.1 and below was discovered to conta ...)
NOT-FOR-US: Safe Software FME Server
CVE-2022-38341 (Safe Software FME Server v2022.0.1.1 and below does not employ server- ...)
- TODO: check
+ NOT-FOR-US: Safe Software FME Server
CVE-2022-38340 (Safe Software FME Server v2022.0.1.1 and below was discovered to conta ...)
- TODO: check
+ NOT-FOR-US: Safe Software FME Server
CVE-2022-38339 (Safe Software FME Server v2022.0.1.1 and below contains a cross-site s ...)
- TODO: check
+ NOT-FOR-US: Safe Software FME Server
CVE-2022-38338
RESERVED
CVE-2022-38337
@@ -7091,7 +7091,7 @@ CVE-2022-38335
CVE-2022-38334 (XPDF v4.04 was discovered to contain a stack overflow via the function ...)
TODO: check
CVE-2022-38333 (Openwrt before v21.02.3 and Openwrt v22.03.0-rc6 were discovered to co ...)
- TODO: check
+ NOT-FOR-US: OpenWrt
CVE-2022-38332
RESERVED
CVE-2022-38331
@@ -8059,7 +8059,7 @@ CVE-2022-37974
CVE-2022-37973
RESERVED
CVE-2022-37972 (Microsoft Endpoint Configuration Manager Spoofing Vulnerability. ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-37971
RESERVED
CVE-2022-37970
@@ -8666,7 +8666,7 @@ CVE-2022-37702
CVE-2022-37701
RESERVED
CVE-2022-37700 (Zentao Demo15 is vulnerable to Directory Traversal. The impact is: obt ...)
- TODO: check
+ NOT-FOR-US: Zentao Demo15
CVE-2022-37699
RESERVED
CVE-2022-37698
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1614275baad04937bcc6d7b07d7fa886ddb6c45e
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1614275baad04937bcc6d7b07d7fa886ddb6c45e
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220920/ff33718f/attachment.htm>
More information about the debian-security-tracker-commits
mailing list