[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Sep 22 09:21:45 BST 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
9370af46 by Salvatore Bonaccorso at 2022-09-22T10:21:20+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1405,7 +1405,7 @@ CVE-2022-40223
CVE-2022-40219 (Cross-Site Request Forgery (CSRF) vulnerability in SedLex FavIcon Swit ...)
NOT-FOR-US: WordPress plugin
CVE-2022-40217 (Authenticated (admin+) Arbitrary File Edit/Upload vulnerability in Xpl ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-40215
RESERVED
CVE-2022-40213
@@ -2607,7 +2607,7 @@ CVE-2022-40188
CVE-2022-40187
RESERVED
CVE-2022-40186 (An issue was discovered in HashiCorp Vault and Vault Enterprise before ...)
- TODO: check
+ NOT-FOR-US: HashiCorp Vault and Vault Enterprise
CVE-2022-40185
RESERVED
CVE-2022-40184
@@ -3106,7 +3106,7 @@ CVE-2022-39977
CVE-2022-39976
RESERVED
CVE-2022-39975 (The Layout module in Liferay Portal v7.3.3 through v7.4.3.34, and Life ...)
- TODO: check
+ NOT-FOR-US: Liferay
CVE-2022-39974 (WASM3 v0.5.0 was discovered to contain a segmentation fault via the co ...)
NOT-FOR-US: WASM3
CVE-2022-39973
@@ -6775,7 +6775,7 @@ CVE-2022-38514
CVE-2022-38513
RESERVED
CVE-2022-38512 (The Translation module in Liferay Portal v7.4.3.12 through v7.4.3.36, ...)
- TODO: check
+ NOT-FOR-US: Liferay
CVE-2022-38511 (TOTOLINK A810R V5.9c.4050_B20190424 was discovered to contain a comman ...)
NOT-FOR-US: TOTOLINK
CVE-2022-38510 (Tenda_TX9pro V22.03.02.10 was discovered to contain a buffer overflow ...)
@@ -10356,7 +10356,7 @@ CVE-2022-37248 (Craft CMS 4.2.0.1 is vulnerable to Cross Site Scripting (XSS) vi
CVE-2022-37247 (Craft CMS 4.2.0.1 is vulnerable to stored a cross-site scripting (XSS) ...)
NOT-FOR-US: Craft CMS
CVE-2022-37246 (Craft CMS 4.2.0.1 is affected by Cross Site Scripting (XSS) in the fil ...)
- TODO: check
+ NOT-FOR-US: Craft CMS
CVE-2022-37245 (MDaemon Technologies SecurityGateway for Email Servers 8.5.2 is vulner ...)
NOT-FOR-US: MDaemon
CVE-2022-37244 (MDaemon Technologies SecurityGateway for Email Servers 8.5.2 is vulner ...)
@@ -30329,7 +30329,7 @@ CVE-2022-1527 (The WP 2FA WordPress plugin before 2.2.1 does not sanitise and es
CVE-2021-4227
RESERVED
CVE-2022-29908 (The folioupdate service in Fabasoft Cloud Enterprise Client 22.4.0043 ...)
- TODO: check
+ NOT-FOR-US: Fabasoft
CVE-2022-29907 (The Nimbus skin for MediaWiki through 1.37.2 (before 6f9c8fb868345701d ...)
NOT-FOR-US: MediaWiki Nimbus skin
CVE-2022-29906 (The admin API module in the QuizGame extension for MediaWiki through 1 ...)
@@ -33162,17 +33162,17 @@ CVE-2022-28984
CVE-2022-28983
RESERVED
CVE-2022-28982 (A cross-site scripting (XSS) vulnerability in Liferay Portal v7.3.3 th ...)
- TODO: check
+ NOT-FOR-US: Liferay
CVE-2022-28981 (Path traversal vulnerability in the Hypermedia REST APIs module in Lif ...)
- TODO: check
+ NOT-FOR-US: Liferay
CVE-2022-28980 (Multiple cross-site scripting (XSS) vulnerabilities in Liferay Portal ...)
- TODO: check
+ NOT-FOR-US: Liferay
CVE-2022-28979 (Liferay Portal v7.1.0 through v7.4.2 and Liferay DXP v7.3 before servi ...)
- TODO: check
+ NOT-FOR-US: Liferay
CVE-2022-28978 (Stored cross-site scripting (XSS) vulnerability in the Site module's u ...)
- TODO: check
+ NOT-FOR-US: Liferay
CVE-2022-28977 (HtmlUtil.escapeRedirect in Liferay Portal 7.3.1 through 7.4.2, and Lif ...)
- TODO: check
+ NOT-FOR-US: Liferay
CVE-2022-28976
RESERVED
CVE-2022-28975
@@ -39816,7 +39816,7 @@ CVE-2022-26698 (An out-of-bounds read issue was addressed with improved bounds c
CVE-2022-26697 (An out-of-bounds read issue was addressed with improved input validati ...)
NOT-FOR-US: Apple
CVE-2022-26696 (This issue was addressed with improved environment sanitization. This ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2022-26695
RESERVED
CVE-2022-26694 (This issue was addressed with improved checks. This issue is fixed in ...)
@@ -49472,15 +49472,15 @@ CVE-2022-23698 (A remote unauthenticated disclosure of information vulnerability
CVE-2022-23697 (A remote cross-site scripting (xss) vulnerability was discovered in HP ...)
NOT-FOR-US: HPE
CVE-2022-23696 (Vulnerabilities in the web-based management interface of ClearPass Pol ...)
- TODO: check
+ NOT-FOR-US: Aruba
CVE-2022-23695 (Vulnerabilities in the web-based management interface of ClearPass Pol ...)
- TODO: check
+ NOT-FOR-US: Aruba
CVE-2022-23694 (Vulnerabilities in the web-based management interface of ClearPass Pol ...)
- TODO: check
+ NOT-FOR-US: Aruba
CVE-2022-23693 (Vulnerabilities in the web-based management interface of ClearPass Pol ...)
- TODO: check
+ NOT-FOR-US: Aruba
CVE-2022-23692 (Vulnerabilities in the web-based management interface of ClearPass Pol ...)
- TODO: check
+ NOT-FOR-US: Aruba
CVE-2022-23691 (A vulnerability exists in certain AOS-CX switch models which could all ...)
NOT-FOR-US: Aruba
CVE-2022-23690 (A vulnerability in the web-based management interface of AOS-CX could ...)
@@ -49494,7 +49494,7 @@ CVE-2022-23687 (Multiple vulnerabilities exist in the processing of packet data
CVE-2022-23686 (Multiple vulnerabilities exist in the processing of packet data by the ...)
NOT-FOR-US: Aruba
CVE-2022-23685 (A vulnerability in the ClearPass Policy Manager web-based management i ...)
- TODO: check
+ NOT-FOR-US: Aruba
CVE-2022-23684 (A vulnerability in the web-based management interface of AOS-CX could ...)
NOT-FOR-US: Aruba
CVE-2022-23683 (Authenticated command injection vulnerabilities exist in the AOS-CX Ne ...)
@@ -75766,7 +75766,7 @@ CVE-2021-40025 (The eID module has a vulnerability that causes the memory to be
CVE-2021-40024 (Implementation of the WLAN module interfaces has the information discl ...)
TODO: check
CVE-2021-40023 (Configuration defects in the secure OS module. Successful exploitation ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2021-40022 (The weaver module has a vulnerability in parameter type verification,S ...)
NOT-FOR-US: Huawei
CVE-2021-40021 (The eID module has an out-of-bounds memory write vulnerability,Success ...)
@@ -75774,7 +75774,7 @@ CVE-2021-40021 (The eID module has an out-of-bounds memory write vulnerability,S
CVE-2021-40020 (There is an Out-of-bounds array read vulnerability in the security sto ...)
NOT-FOR-US: Huawei
CVE-2021-40019 (Out-of-bounds heap read vulnerability in the HW_KEYMASTER module. Succ ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2021-40018 (The eID module has a null pointer reference vulnerability. Successful ...)
NOT-FOR-US: Huawei
CVE-2021-40017 (The HW_KEYMASTER module lacks the validity check of the key format. Su ...)
@@ -98389,7 +98389,7 @@ CVE-2021-31015
CVE-2021-31014
REJECTED
CVE-2021-31013 (An out-of-bounds read was addressed with improved bounds checking. Thi ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2021-31012
REJECTED
CVE-2021-31011
@@ -98411,7 +98411,7 @@ CVE-2021-31004 (A race condition was addressed with improved locking. This issue
CVE-2021-31003
REJECTED
CVE-2021-31002 (An out-of-bounds read was addressed with improved input validation. Th ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2021-31001 (An access issue was addressed with improved access restrictions. This ...)
NOT-FOR-US: Apple
CVE-2021-31000 (A permissions issue was addressed with improved validation. This issue ...)
@@ -144508,7 +144508,7 @@ CVE-2020-25493 (Oclean Mobile Application 2.1.2 communicates with an external we
CVE-2020-25492
RESERVED
CVE-2020-25491 (6Kare Emakin 5.0.341.0 is affected by Cross Site Scripting (XSS) via t ...)
- TODO: check
+ NOT-FOR-US: 6Kare Emakin
CVE-2020-25490 (Lack of cryptographic signature verification in the Sqreen PHP agent d ...)
NOT-FOR-US: Sqreen
CVE-2020-25489 (A heap overflow in Sqreen PyMiniRacer (aka Python Mini Racer) before 0 ...)
@@ -157407,9 +157407,9 @@ CVE-2020-19589
CVE-2020-19588
RESERVED
CVE-2020-19587 (Cross Site Scripting (XSS) vulnerability in configMap parameters in Ye ...)
- TODO: check
+ NOT-FOR-US: Yellowfin Business Intelligence
CVE-2020-19586 (Incorrect Access Control issue in Yellowfin Business Intelligence 7.3 ...)
- TODO: check
+ NOT-FOR-US: Yellowfin Business Intelligence
CVE-2020-19585
RESERVED
CVE-2020-19584
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9370af4619f2e984734d2ad43e590d970fedcf8f
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9370af4619f2e984734d2ad43e590d970fedcf8f
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220922/b67d6b52/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list