[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Sep 21 21:54:41 BST 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
e2b0c26e by Salvatore Bonaccorso at 2022-09-21T22:53:30+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -2972,15 +2972,15 @@ CVE-2022-40032
CVE-2022-40031
RESERVED
CVE-2022-40030 (SourceCodester Simple Task Managing System v1.0 was discovered to cont ...)
- TODO: check
+ NOT-FOR-US: SourceCodester Simple Task Managing System
CVE-2022-40029 (SourceCodester Simple Task Managing System v1.0 was discovered to cont ...)
- TODO: check
+ NOT-FOR-US: SourceCodester Simple Task Managing System
CVE-2022-40028 (SourceCodester Simple Task Managing System v1.0 was discovered to cont ...)
- TODO: check
+ NOT-FOR-US: SourceCodester Simple Task Managing System
CVE-2022-40027 (SourceCodester Simple Task Managing System v1.0 was discovered to cont ...)
- TODO: check
+ NOT-FOR-US: SourceCodester Simple Task Managing System
CVE-2022-40026 (SourceCodester Simple Task Managing System v1.0 was discovered to cont ...)
- TODO: check
+ NOT-FOR-US: SourceCodester Simple Task Managing System
CVE-2022-40025
RESERVED
CVE-2022-40024
@@ -8232,17 +8232,17 @@ CVE-2022-36405 (Authenticated (contributor+) Stored Cross-Site Scripting (XSS) v
CVE-2022-36394 (Authenticated (author+) SQL Injection (SQLi) vulnerability in Contest ...)
NOT-FOR-US: WordPress plugin
CVE-2022-36390 (Authenticated (subscriber+) Reflected Cross-Site Scripting (XSS) vulne ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-36387 (Broken Access Control vulnerability in Alessio Caiazza's About Me plug ...)
NOT-FOR-US: WordPress plugin
CVE-2022-36383 (Multiple Authenticated (contributor+) Stored Cross-Site Scripting (XSS ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-36376 (Server-Side Request Forgery (SSRF) vulnerability in Rank Math SEO plug ...)
NOT-FOR-US: WordPress plugin
CVE-2022-36373 (Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in Simon Wa ...)
NOT-FOR-US: WordPress plugin
CVE-2022-36365 (Multiple Authenticated (contributor+) Stored Cross-Site Scripting (XSS ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-36358 (Cross-Site Request Forgery (CSRF) vulnerability in SEO Scout plugin &l ...)
NOT-FOR-US: WordPress plugin
CVE-2022-36355 (Authenticated (contributor+) Stored Cross-Site Scripting (XSS) vulnera ...)
@@ -10810,7 +10810,7 @@ CVE-2022-37029
CVE-2022-37028
RESERVED
CVE-2022-37027 (Ahsay AhsayCBS 9.1.4.0 allows an authenticated system user to inject a ...)
- TODO: check
+ NOT-FOR-US: Ahsay AhsayCBS
CVE-2022-37026 (In Erlang/OTP before 23.3.4.15, 24.x before 24.3.4.2, and 25.x before ...)
TODO: check
CVE-2022-37025 (An improper privilege management vulnerability in McAfee Security Scan ...)
@@ -14454,7 +14454,7 @@ CVE-2022-35623 (In Nordic nRF5 SDK for Mesh 5.0, a heap overflow vulnerability c
CVE-2022-35622
RESERVED
CVE-2022-35621 (Access control vulnerability in Evoh NFT EvohClaimable contract with s ...)
- TODO: check
+ NOT-FOR-US: Evoh NFT EvohClaimable contract
CVE-2022-35620 (D-LINK DIR-818LW A1:DIR818L_FW105b01 was discovered to contain a remot ...)
NOT-FOR-US: D-LINK
CVE-2022-35619 (D-LINK DIR-818LW A1:DIR818L_FW105b01 was discovered to contain a remot ...)
@@ -15530,7 +15530,7 @@ CVE-2022-2317 (The Simple Membership WordPress plugin before 4.1.3 allows user t
CVE-2022-2316 (HTML injection vulnerability in secure messages of Devolutions Server ...)
NOT-FOR-US: Devolutions Server
CVE-2022-2315 (Database Software Accreditation Tracking/Presentation Module product b ...)
- TODO: check
+ NOT-FOR-US: Database Software Accreditation Tracking/Presentation Module product
CVE-2022-2314 (The VR Calendar WordPress plugin through 2.2.2 lets any user execute a ...)
NOT-FOR-US: WordPress plugin
CVE-2022-2313 (A DLL hijacking vulnerability in the MA Smart Installer for Windows pr ...)
@@ -16774,7 +16774,7 @@ CVE-2022-34748 (A vulnerability has been identified in Simcenter Femap (All vers
CVE-2022-34747 (A format string vulnerability in Zyxel NAS326 firmware versions prior ...)
NOT-FOR-US: Zyxel
CVE-2022-34746 (An insufficient entropy vulnerability caused by the improper use of ra ...)
- TODO: check
+ NOT-FOR-US: Zyxel
CVE-2022-34743 (The AT commands of the USB port have an out-of-bounds read vulnerabili ...)
NOT-FOR-US: Huawei
CVE-2022-34742 (The system module has a read/write vulnerability. Successful exploitat ...)
@@ -19687,7 +19687,7 @@ CVE-2022-2087 (A vulnerability, which was classified as problematic, was found i
CVE-2022-2086 (A vulnerability, which was classified as critical, has been found in S ...)
NOT-FOR-US: SourceCodester Bank Management System
CVE-2022-33735 (There is a password verification vulnerability in WS7200-10 11.0.2.13. ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2022-33734 (Sensitive information exposure in onCharacteristicChanged in Charm by ...)
NOT-FOR-US: Samsung
CVE-2022-33733 (Sensitive information exposure in onCharacteristicRead in Charm by Sam ...)
@@ -21510,7 +21510,7 @@ CVE-2022-32919
CVE-2022-32918
RESERVED
CVE-2022-32917 (The issue was addressed with improved bounds checks. This issue is fix ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2022-32916
RESERVED
CVE-2022-32915
@@ -21524,13 +21524,13 @@ CVE-2022-32912 (An out-of-bounds read was addressed with improved bounds checkin
- wpewebkit <not-affected> (only affects macOS)
NOTE: https://webkitgtk.org/security/WSA-2022-0009.html
CVE-2022-32911 (The issue was addressed with improved memory handling. This issue is f ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2022-32910
RESERVED
CVE-2022-32909
RESERVED
CVE-2022-32908 (A memory corruption issue was addressed with improved input validation ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2022-32907
RESERVED
CVE-2022-32906
@@ -21589,13 +21589,13 @@ CVE-2022-32885
CVE-2022-32884
RESERVED
CVE-2022-32883 (A logic issue was addressed with improved restrictions. This issue is ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2022-32882 (This issue was addressed with improved checks. This issue is fixed in ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2022-32881
RESERVED
CVE-2022-32880 (This issue was addressed by enabling hardened runtime. This issue is f ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2022-32879
RESERVED
CVE-2022-32878
@@ -21611,7 +21611,7 @@ CVE-2022-32874
CVE-2022-32873
RESERVED
CVE-2022-32872 (A logic issue was addressed with improved restrictions. This issue is ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2022-32871
RESERVED
CVE-2022-32870
@@ -21619,7 +21619,7 @@ CVE-2022-32870
CVE-2022-32869
RESERVED
CVE-2022-32868 (A logic issue was addressed with improved state management. This issue ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2022-32867
RESERVED
CVE-2022-32866
@@ -21627,13 +21627,13 @@ CVE-2022-32866
CVE-2022-32865
RESERVED
CVE-2022-32864 (The issue was addressed with improved memory handling. This issue is f ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2022-32863 (A memory corruption issue was addressed with improved state management ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2022-32862
RESERVED
CVE-2022-32861 (A logic issue was addressed with improved state management. This issue ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2022-32860
RESERVED
CVE-2022-32859
@@ -21647,7 +21647,7 @@ CVE-2022-32856
CVE-2022-32855
RESERVED
CVE-2022-32854 (This issue was addressed with improved checks. This issue is fixed in ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2022-32853
RESERVED
CVE-2022-32852
@@ -21755,7 +21755,7 @@ CVE-2022-32804
CVE-2022-32803
RESERVED
CVE-2022-32802 (A logic issue was addressed with improved checks. This issue is fixed ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2022-32801
RESERVED
CVE-2022-32800
@@ -21769,7 +21769,7 @@ CVE-2022-32797
CVE-2022-32796
RESERVED
CVE-2022-32795 (This issue was addressed with improved checks. This issue is fixed in ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2022-32794
RESERVED
CVE-2022-32793 (Multiple out-of-bounds write issues were addressed with improved bound ...)
@@ -21788,7 +21788,7 @@ CVE-2022-32790
CVE-2022-32789
RESERVED
CVE-2022-32788 (A buffer overflow was addressed with improved bounds checking. This is ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2022-32787
RESERVED
CVE-2022-32786
@@ -26011,11 +26011,11 @@ CVE-2022-31326
CVE-2022-31325 (There is a SQL Injection vulnerability in ChurchCRM 4.4.5 via the 'Per ...)
NOT-FOR-US: ChurchCRM
CVE-2022-31324 (An arbitrary file download vulnerability in the downloadAction() funct ...)
- TODO: check
+ NOT-FOR-US: Penta Security Systems Inc WAPPLES
CVE-2022-31323
RESERVED
CVE-2022-31322 (Penta Security Systems Inc WAPPLES v6.0 r3 4.10-hotfix1 allows attacke ...)
- TODO: check
+ NOT-FOR-US: Penta Security Systems Inc WAPPLES
CVE-2022-31321 (The foldername parameter in Bolt 5.1.7 was discovered to have incorrec ...)
NOT-FOR-US: Bolt CMS
CVE-2022-31320
@@ -30489,7 +30489,7 @@ CVE-2022-29837
CVE-2022-29836
RESERVED
CVE-2022-29835 (WD Discovery software executable files were signed with an unsafe SHA- ...)
- TODO: check
+ NOT-FOR-US: WD Discovery software
CVE-2022-29834 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
NOT-FOR-US: ICONICS
CVE-2022-29833
@@ -34047,13 +34047,13 @@ CVE-2022-28642
CVE-2022-28641
RESERVED
CVE-2022-28640 (A potential local adjacent arbitrary code execution vulnerability that ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2022-28639 (A remote potential adjacent denial of service (DoS) and potential adja ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2022-28638 (An isolated local disclosure of information and potential isolated loc ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2022-28637 (A local Denial of Service (DoS) and local arbitrary code execution vul ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2022-28636 (A potential local arbitrary code execution and a local denial of servi ...)
NOT-FOR-US: HPE
CVE-2022-28635 (A potential local arbitrary code execution and a local denial of servi ...)
@@ -39122,7 +39122,7 @@ CVE-2022-26931 (Windows Kerberos Elevation of Privilege Vulnerability. ...)
CVE-2022-26930 (Windows Remote Access Connection Manager Information Disclosure Vulner ...)
NOT-FOR-US: Microsoft
CVE-2022-26929 (.NET Framework Remote Code Execution Vulnerability. ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-26928 (Windows Photo Import API Elevation of Privilege Vulnerability. ...)
NOT-FOR-US: Microsoft
CVE-2022-26927 (Windows Graphics Component Remote Code Execution Vulnerability. ...)
@@ -42485,11 +42485,11 @@ CVE-2022-25710
CVE-2022-25709
RESERVED
CVE-2022-25708 (Memory corruption in WLAN due to buffer copy without checking size of ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2022-25707
RESERVED
CVE-2022-25706 (Information disclosure in Bluetooth driver due to buffer over-read whi ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2022-25705
RESERVED
CVE-2022-25704
@@ -42509,27 +42509,27 @@ CVE-2022-25698
CVE-2022-25697
RESERVED
CVE-2022-25696 (Memory corruption in display due to time-of-check time-of-use race con ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2022-25695
RESERVED
CVE-2022-25694
RESERVED
CVE-2022-25693 (Memory corruption in graphics due to use-after-free while graphics pro ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2022-25692
RESERVED
CVE-2022-25691
RESERVED
CVE-2022-25690 (Information disclosure in WLAN due to improper validation of array ind ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2022-25689
RESERVED
CVE-2022-25688 (Memory corruption in video due to buffer overflow while parsing ps vid ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2022-25687
RESERVED
CVE-2022-25686 (Memory corruption in video module due to buffer overflow while process ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2022-25685
RESERVED
CVE-2022-25684
@@ -42561,9 +42561,9 @@ CVE-2022-25672
CVE-2022-25671
RESERVED
CVE-2022-25670 (Denial of service in WLAN HOST due to buffer over read while unpacking ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2022-25669 (Denial of service in video due to buffer over read while parsing MP4 c ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2022-25668 (Memory corruption in video driver due to double free while parsing ASF ...)
NOT-FOR-US: Snapdragon
CVE-2022-25667
@@ -42589,15 +42589,15 @@ CVE-2022-25658 (Memory corruption due to incorrect pointer arithmetic when attem
CVE-2022-25657 (Memory corruption due to buffer overflow occurs while processing inval ...)
NOT-FOR-US: Qualcomm
CVE-2022-25656 (Possible integer overflow and memory corruption due to improper valida ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2022-25655
RESERVED
CVE-2022-25654 (Memory corruption in kernel due to improper input validation while pro ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2022-25653 (Information disclosure in video due to buffer over-read while processi ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2022-25652 (Cryptographic issues in BSP due to improper hash verification in Snapd ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2022-25651 (Memory corruption in bluetooth host due to integer overflow while proc ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2022-25650 (A vulnerability has been identified in Mendix Applications using Mendi ...)
@@ -48237,15 +48237,15 @@ CVE-2022-23954 (Potential vulnerabilities have been identified in the BIOS for s
CVE-2022-23953 (Potential vulnerabilities have been identified in the BIOS for some HP ...)
NOT-FOR-US: HP
CVE-2022-23952 (In Keylime before 6.3.0, current keylime installer installs the keylim ...)
- TODO: check
+ NOT-FOR-US: Keylime
CVE-2022-23951 (In Keylime before 6.3.0, quote responses from the agent can contain po ...)
- TODO: check
+ NOT-FOR-US: Keylime
CVE-2022-23950 (In Keylime before 6.3.0, Revocation Notifier uses a fixed /tmp path fo ...)
- TODO: check
+ NOT-FOR-US: Keylime
CVE-2022-23949 (In Keylime before 6.3.0, unsanitized UUIDs can be passed by a rogue ag ...)
- TODO: check
+ NOT-FOR-US: Keylime
CVE-2022-23948 (A flaw was found in Keylime before 6.3.0. The logic in the Keylime age ...)
- TODO: check
+ NOT-FOR-US: Keylime
CVE-2022-0371 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
- gitlab <unfixed>
NOTE: https://gitlab.com/gitlab-org/gitlab/-/issues/350476
@@ -49277,7 +49277,7 @@ CVE-2022-23769
CVE-2022-23768 (This Vulnerability in NIS-HAP11AC is caused by an exposed external por ...)
TODO: check
CVE-2022-23767 (This vulnerability of SecureGate is SQL-Injection using login without ...)
- TODO: check
+ NOT-FOR-US: SecureGate
CVE-2022-23766 (An improper input validation vulnerability leading to arbitrary file e ...)
TODO: check
CVE-2022-23765 (This vulnerability occured by sending a malicious POST request to a sp ...)
@@ -55111,7 +55111,7 @@ CVE-2022-0031
CVE-2022-0030
RESERVED
CVE-2022-0029 (An improper link resolution vulnerability in the Palo Alto Networks Co ...)
- TODO: check
+ NOT-FOR-US: Palo Alto Networks
CVE-2022-0028 (A PAN-OS URL filtering policy misconfiguration could allow a network-b ...)
NOT-FOR-US: Palo Alto Networks
CVE-2022-0027 (An improper authorization vulnerability in Palo Alto Network Cortex XS ...)
@@ -56676,7 +56676,7 @@ CVE-2022-22107 (In Daybyday CRM, versions 2.0.0 through 2.2.0 are vulnerable to
CVE-2022-22106 (Memory corruption in multimedia due to improper length check while cop ...)
NOT-FOR-US: Snapdragon
CVE-2022-22105 (Memory corruption in bluetooth due to integer overflow while processin ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2022-22104 (Memory corruption in multimedia due to improper check on the messages ...)
NOT-FOR-US: Snapdragon
CVE-2022-22103 (Memory corruption in multimedia driver due to double free while proces ...)
@@ -56696,19 +56696,19 @@ CVE-2022-22097 (Memory corruption in graphic driver due to use after free while
CVE-2022-22096 (Memory corruption in Bluetooth HOST due to stack-based buffer overflow ...)
NOT-FOR-US: Qualcomm
CVE-2022-22095 (Memory corruption in synx driver due to use-after-free condition in th ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2022-22094 (memory corruption in Kernel due to race condition while getting mappin ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2022-22093 (Memory corruption or temporary denial of service due to improper handl ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2022-22092 (Memory corruption in kernel due to use after free issue in Snapdragon ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2022-22091 (Improper authorization of a replayed LTE security mode command can lea ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2022-22090 (Memory corruption in audio due to use after free while managing buffer ...)
NOT-FOR-US: Snapdragon
CVE-2022-22089 (Memory corruption in audio while playing record due to improper list h ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2022-22088
RESERVED
CVE-2022-22087 (memory corruption in video due to buffer overflow while parsing mkv cl ...)
@@ -56724,7 +56724,7 @@ CVE-2022-22083 (Denial of service due to memory corruption while extracting ape
CVE-2022-22082 (Memory corruption due to possible buffer overflow while parsing DSF he ...)
NOT-FOR-US: Snapdragon
CVE-2022-22081 (Memory corruption in audio module due to integer overflow in Snapdrago ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2022-22080 (Improper validation of backend id in PCM routing process can lead to m ...)
NOT-FOR-US: Snapdragon
CVE-2022-22079
@@ -56738,7 +56738,7 @@ CVE-2022-22076
CVE-2022-22075
RESERVED
CVE-2022-22074 (Memory Corruption during wma file playback due to integer overflow in ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2022-22073
RESERVED
CVE-2022-22072 (Buffer overflow can occur due to improper validation of NDP applicatio ...)
@@ -56754,7 +56754,7 @@ CVE-2022-22068 (kernel event may contain unexpected content which is not generat
CVE-2022-22067 (Potential memory leak in modem during the processing of NSA RRC Reconf ...)
NOT-FOR-US: Snapdragon
CVE-2022-22066 (Memory corruption occurs while processing command received from HLOS d ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2022-22065 (Out of bound read in WLAN HOST due to improper length check can lead t ...)
NOT-FOR-US: Snapdragon
CVE-2022-22064 (Possible buffer over read due to lack of size validation while unpacki ...)
@@ -61610,7 +61610,7 @@ CVE-2021-3987
CVE-2021-3986
RESERVED
CVE-2021-44076 (An issue was discovered in CrushFTP 9. The creation of a new user thro ...)
- TODO: check
+ NOT-FOR-US: CrushFTP
CVE-2021-44075
RESERVED
CVE-2021-44074
@@ -64964,7 +64964,7 @@ CVE-2021-43312
CVE-2021-43311
RESERVED
CVE-2021-43310 (A vulnerability in Keylime before 6.3.0 allows an attacker to craft a ...)
- TODO: check
+ NOT-FOR-US: Keylime
CVE-2021-43309 (An exponential ReDoS (Regular Expression Denial of Service) can be tri ...)
NOT-FOR-US: Node uri-template-lite
CVE-2021-43308 (An exponential ReDoS (Regular Expression Denial of Service) can be tri ...)
@@ -67801,7 +67801,7 @@ CVE-2021-42599
CVE-2021-42598
RESERVED
CVE-2021-42597 (A Cross Site Scripting (XSS) vulnerability exists in Sourcecodester St ...)
- TODO: check
+ NOT-FOR-US: Sourcecodester Storage Unit Rental Management System
CVE-2021-42596
RESERVED
CVE-2021-42595
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e2b0c26e2a2848bf235a04d1e11be7f3c08c2cdc
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e2b0c26e2a2848bf235a04d1e11be7f3c08c2cdc
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220921/8d76498a/attachment.htm>
More information about the debian-security-tracker-commits
mailing list