[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Thu Feb 16 15:34:36 GMT 2023
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
d637c64e by Moritz Muehlenhoff at 2023-02-16T16:34:09+01:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -19636,13 +19636,13 @@ CVE-2022-45548 (AyaCMS v3.1.2 has an Arbitrary File Upload vulnerability. ...)
CVE-2022-45547
RESERVED
CVE-2022-45546 (Information Disclosure in Authentication Component of ScreenCheck Badg ...)
- TODO: check
+ NOT-FOR-US: ScreenCheck BadgeMaker
CVE-2022-45545
RESERVED
CVE-2022-45544 (Insecure Permission vulnerability in Schlix Web Inc SCHLIX CMS 2.2.7-2 ...)
NOT-FOR-US: Schlix Web Inc SCHLIX CMS
CVE-2022-45543 (Cross site scripting (XSS) vulnerability in DiscuzX 3.4 allows attacke ...)
- TODO: check
+ NOT-FOR-US: DiscuzX
CVE-2022-45542 (EyouCMS <= 1.6.0 was discovered a reflected-XSS in the FileManager ...)
NOT-FOR-US: EyouCMS
CVE-2022-45541 (EyouCMS <= 1.6.0 was discovered a reflected-XSS in the article attr ...)
@@ -19982,9 +19982,9 @@ CVE-2022-45457
CVE-2022-45456
RESERVED
CVE-2022-45455 (Local privilege escalation due to incomplete uninstallation cleanup. T ...)
- TODO: check
+ NOT-FOR-US: Acronis
CVE-2022-45454 (Sensitive information disclosure due to insecure folder permissions. T ...)
- TODO: check
+ NOT-FOR-US: Acronis
CVE-2022-45453
RESERVED
CVE-2022-45452
@@ -20090,9 +20090,9 @@ CVE-2022-45439 (A pair of spare WiFi credentials is stored in the configuration
CVE-2022-45438 (When explicitly enabling the feature flag DASHBOARD_CACHE (disabled by ...)
NOT-FOR-US: Apache Superset
CVE-2022-45437 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: Pandora FMS
CVE-2022-45436 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: Pandora FMS
CVE-2022-4003
RESERVED
CVE-2022-4002
@@ -20711,7 +20711,7 @@ CVE-2022-45287
CVE-2022-45286
RESERVED
CVE-2022-45285 (Vsourz Digital Advanced Contact form 7 DB Versions 1.7.2 and 1.9.1 is ...)
- TODO: check
+ NOT-FOR-US: Vsourz Digital Advanced Contact form
CVE-2022-45284
RESERVED
CVE-2022-45283 (GPAC MP4box v2.0.0 was discovered to contain a stack overflow in the s ...)
@@ -21084,7 +21084,7 @@ CVE-2022-45156
CVE-2022-45155
RESERVED
CVE-2022-45154 (A Cleartext Storage of Sensitive Information vulnerability in suppport ...)
- TODO: check
+ NOT-FOR-US: SuSE supportutils
CVE-2022-45153 (An Incorrect Default Permissions vulnerability in saphanabootstrap-for ...)
NOT-FOR-US: SAP
CVE-2022-45152 (A blind Server-Side Request Forgery (SSRF) vulnerability was found in ...)
@@ -23216,7 +23216,7 @@ CVE-2023-20951
CVE-2023-20950
RESERVED
CVE-2023-20949 (In s2mpg11_pmic_probe of s2mpg11-regulator.c, there is a possible out ...)
- TODO: check
+ NOT-FOR-US: Linux kernel of the Pixel phone
CVE-2023-20948
RESERVED
NOT-FOR-US: Android
@@ -23280,7 +23280,7 @@ CVE-2023-20928 (In binder_vma_close of binder.c, there is a possible use after f
NOTE: https://source.android.com/docs/security/bulletin/2023-01-01
NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=2374
CVE-2023-20927 (In permissions of AndroidManifest.xml, there is a possible way to gran ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2023-20926
RESERVED
CVE-2023-20925 (In setUclampMinLocked of PowerSessionManager.cpp, there is a possible ...)
@@ -28226,7 +28226,7 @@ CVE-2022-43472
CVE-2022-43471
RESERVED
CVE-2022-43469 (Cross-Site Request Forgery (CSRF) vulnerability in Orchestrated Corona ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-43463 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Cust ...)
NOT-FOR-US: WordPress plugin
CVE-2022-43462 (Auth. SQL Injection (SQLi) vulnerability in Adeel Ahmed's IP Blacklist ...)
@@ -30595,7 +30595,7 @@ CVE-2022-3445 (Use after free in Skia in Google Chrome prior to 106.0.5249.119 a
- chromium 106.0.5249.119-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2022-42735 (Improper Privilege Management vulnerability in Apache Software Foundat ...)
- TODO: check
+ NOT-FOR-US: Apache ShenYu
CVE-2022-42734 (A vulnerability has been identified in syngo Dynamics (All versions &l ...)
NOT-FOR-US: syngo Dynamics
CVE-2022-42733 (A vulnerability has been identified in syngo Dynamics (All versions &l ...)
@@ -31311,7 +31311,7 @@ CVE-2022-42457 (Generex CS141 through 2.10 allows remote command execution by ad
CVE-2022-42456
RESERVED
CVE-2022-42455 (ASUS EC Tool driver (aka d.sys) 1beb15c90dcf7a5234ed077833a0a3e900969b ...)
- TODO: check
+ NOT-FOR-US: ASUS
CVE-2022-42454 (Insights for Vulnerability Remediation (IVR) is vulnerable to man-in-t ...)
NOT-FOR-US: HCL
CVE-2022-42453 (There are insufficient warnings when a Fixlet is imported by a user. T ...)
@@ -32613,7 +32613,7 @@ CVE-2022-41955 (Autolab is a course management service, initially developed by a
CVE-2022-41954 (MPXJ is an open source library to read and write project plans from a ...)
NOT-FOR-US: MPXJ
CVE-2022-41953 (Git GUI is a convenient graphical tool that comes with Git for Windows ...)
- TODO: check
+ NOT-FOR-US: Git for Windows
CVE-2022-41952 (Synapse before 1.52.0 with URL preview functionality enabled will atte ...)
- matrix-synapse 1.53.0-1
NOTE: https://github.com/matrix-org/synapse/security/advisories/GHSA-4822-jvwx-w47h
@@ -33594,7 +33594,7 @@ CVE-2022-41136 (Cross-Site Request Forgery (CSRF) vulnerability leading to Store
CVE-2022-41135 (Unauth. Plugin Settings Change vulnerability in Modula plugin <= 2. ...)
NOT-FOR-US: WordPress plugin
CVE-2022-41134 (Cross-Site Request Forgery (CSRF) in OptinlyHQ Optinly – Exit In ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-41132 (Unauthenticated Plugin Settings Change Leading To Stored XSS Vulnerabi ...)
NOT-FOR-US: WordPress plugin
CVE-2022-40975
@@ -33713,7 +33713,7 @@ CVE-2022-41566
CVE-2022-41565
RESERVED
CVE-2022-41564 (The Hawk Console component of TIBCO Software Inc.'s TIBCO Hawk and TIB ...)
- TODO: check
+ NOT-FOR-US: TIBCO
CVE-2022-41563 (The Dashboard component of TIBCO Software Inc.'s TIBCO JasperReports S ...)
NOT-FOR-US: TIBCO
CVE-2022-41562 (The HTML escaping component of TIBCO Software Inc.'s TIBCO JasperRepor ...)
@@ -35864,7 +35864,7 @@ CVE-2022-40713 (An issue was discovered in NOKIA 1350OMS R14.2. Multiple Relativ
CVE-2022-40712 (An issue was discovered in NOKIA 1350OMS R14.2. Reflected XSS exists u ...)
NOT-FOR-US: NOKIA
CVE-2022-40711 (PrimeKey EJBCA 7.9.0.2 Community allows stored XSS in the End Entity s ...)
- TODO: check
+ NOT-FOR-US: PrimeKey EJBCA
CVE-2022-40710 (A link following vulnerability in Trend Micro Deep Security 20 and Clo ...)
NOT-FOR-US: Trend Micro
CVE-2022-40709 (An Out-of-bounds read vulnerability in Trend Micro Deep Security 20 an ...)
@@ -37590,7 +37590,7 @@ CVE-2022-40023 (Sqlalchemy mako before 1.2.2 is vulnerable to Regular expression
NOTE: https://github.com/sqlalchemy/mako/commit/925760291d6efec64fda6e9dd1fd9cfbd5be068c (rel_1_2_2)
NOTE: https://github.com/sqlalchemy/mako/issues/366
CVE-2022-40022 (Microchip Technology (Microsemi) SyncServer S650 was discovered to con ...)
- TODO: check
+ NOT-FOR-US: Microchip Technology
CVE-2022-40021
RESERVED
CVE-2022-40020
@@ -37602,7 +37602,7 @@ CVE-2022-40018
CVE-2022-40017
RESERVED
CVE-2022-40016 (Use After Free (UAF) vulnerability in ireader media-server before comm ...)
- TODO: check
+ NOT-FOR-US: ireader media-server
CVE-2022-40015
RESERVED
CVE-2022-40014
@@ -39038,7 +39038,7 @@ CVE-2022-39382 (Keystone is a headless CMS for Node.js — built with GraphQ
CVE-2022-39381 (Muhammara is a node module with c/cpp bindings to modify PDF with js f ...)
NOT-FOR-US: Muhammara Nodejs module
CVE-2022-39380 (Wire web-app is part of Wire communications. Versions prior to 2022-11 ...)
- TODO: check
+ NOT-FOR-US: Wire webapp
CVE-2022-39379 (Fluentd collects events from various data sources and writes them to f ...)
- fluentd <itp> (bug #926692)
CVE-2022-39378 (Discourse is a platform for community discussion. Under certain condit ...)
@@ -39702,7 +39702,7 @@ CVE-2022-3091 (RONDS EPM version 1.19.5 has a vulnerability in which a function
CVE-2022-3090 (Red Lion Controls Crimson 3.0 versions 707.000 and prior, Crimson 3.1 ...)
NOT-FOR-US: Red Lion Controls Crimson
CVE-2022-3089 (Echelon SmartServer 2.2 with i.LON Vision 2.2 stores cleartext credent ...)
- TODO: check
+ NOT-FOR-US: Echelon
CVE-2022-3088 (UC-8100A-ME-T System Image: Versions v1.0 to v1.6, UC-2100 System Imag ...)
NOT-FOR-US: Moxa
CVE-2022-3087 (Fuji Electric Tellus Lite V-Simulator versions 4.0.12.0 and prior are ...)
@@ -40352,7 +40352,7 @@ CVE-2022-38937
CVE-2022-38936 (An issue has been found in PBC through 2022-8-27. A SEGV issue detecte ...)
NOT-FOR-US: PBC
CVE-2022-38935 (An issue was discovered in NiterForum version 2.5.0-beta in /src/main/ ...)
- TODO: check
+ NOT-FOR-US: NiterForum
CVE-2022-38934 (readelf in ToaruOS 2.0.1 has some arbitrary address read vulnerabiliti ...)
NOT-FOR-US: readelf in ToaruOS
CVE-2022-38933
@@ -40486,9 +40486,9 @@ CVE-2022-38870 (Free5gc v3.2.1 is vulnerable to Information disclosure. ...)
CVE-2022-38869
RESERVED
CVE-2022-38868 (SQL Injection vulnerability in Ehoney version 2.0.0 in models/protocol ...)
- TODO: check
+ NOT-FOR-US: Ehoney
CVE-2022-38867 (SQL Injection vulnerability in rttys versions 4.0.0, 4.0.1, and 4.0.2 ...)
- TODO: check
+ NOT-FOR-US: rttys
CVE-2022-38866 (Certain The MPlayer Project products are vulnerable to Buffer Overflow ...)
{DLA-3255-1}
- mplayer 2:1.5+svn38408-1 (unimportant)
@@ -40820,13 +40820,13 @@ CVE-2022-38779
CVE-2022-38778 (A flaw (CVE-2022-38900) was discovered in one of Kibana’s third ...)
TODO: check
CVE-2022-38777 (An issue was discovered in the rollback feature of Elastic Endpoint Se ...)
- TODO: check
+ NOT-FOR-US: Elastic Endpoint Security
CVE-2022-38776
RESERVED
CVE-2022-38775 (An issue was discovered in the rollback feature of Elastic Endpoint Se ...)
- TODO: check
+ NOT-FOR-US: Elastic Endpoint Security
CVE-2022-38774 (An issue was discovered in the quarantine feature of Elastic Endpoint ...)
- TODO: check
+ NOT-FOR-US: Elastic Endpoint Security
CVE-2022-38773 (Affected devices do not contain an Immutable Root of Trust in Hardware ...)
NOT-FOR-US: Siemens
CVE-2022-3010
@@ -40977,7 +40977,7 @@ CVE-2022-2989 (An incorrect handling of the supplementary groups in the Podman c
NOTE: https://github.com/containers/podman/commit/21540161f20daffd884eba99b2cc31373c9a0ec4 (v4.2.0-rhel)
NOTE: https://github.com/containers/podman/commit/5c7f28336171f0a5137edd274e45608120d31289 (v4.3.0-rc1)
CVE-2022-2988 (A CWE-787: Out-of-bounds Write vulnerability exists that could cause s ...)
- TODO: check
+ NOT-FOR-US: Schneider
CVE-2022-2987 (The Ldap WP Login / Active Directory Integration WordPress plugin befo ...)
NOT-FOR-US: WordPress plugin
CVE-2022-2986 (Enabling and disabling installed H5P libraries did not include the nec ...)
@@ -41278,7 +41278,7 @@ CVE-2022-38659 (In specific scenarios, on Windows the operator credentials may b
CVE-2022-38658 (BigFix deployments that have installed the Notification Service on Win ...)
NOT-FOR-US: HCL
CVE-2022-38657 (An open redirect to malicious sites can occur when accessing the "Feed ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2022-38656 (HCL Commerce, when using Elasticsearch, can allow a remote attacker to ...)
NOT-FOR-US: HCL
CVE-2022-38655 (BigFix WebUI non-master operators are missing controls that prevent th ...)
@@ -43066,11 +43066,11 @@ CVE-2022-38114 (This vulnerability occurs when a web server fails to correctly p
CVE-2022-38113 (This vulnerability discloses build and services versions in the server ...)
NOT-FOR-US: Solarwinds
CVE-2022-38112 (In DPA 2022.4 and older releases, generated heap memory dumps contain ...)
- TODO: check
+ NOT-FOR-US: SolarWinds
CVE-2022-38111 (SolarWinds Platform was susceptible to the Deserialization of Untruste ...)
- TODO: check
+ NOT-FOR-US: SolarWinds
CVE-2022-38110 (In Database Performance Analyzer (DPA) 2022.4 and older releases, cert ...)
- TODO: check
+ NOT-FOR-US: SolarWinds
CVE-2022-38109
RESERVED
CVE-2022-38108 (SolarWinds Platform was susceptible to the Deserialization of Untruste ...)
@@ -43640,7 +43640,7 @@ CVE-2022-2714 (Improper Handling of Length Parameter Inconsistency in GitHub rep
CVE-2022-2713 (Insufficient Session Expiration in GitHub repository cockpit-hq/cockpi ...)
NOT-FOR-US: Cockpit-HQ/Cockpit
CVE-2022-2712 (In Eclipse GlassFish versions 5.1.0 to 6.2.5, there is a vulnerability ...)
- TODO: check
+ - glassfish <removed>
CVE-2022-2711 (The Import any XML or CSV File to WordPress plugin before 3.6.9 is not ...)
NOT-FOR-US: WordPress plugin
CVE-2022-2710 (The Scroll To Top WordPress plugin before 1.4.1 does not escape some o ...)
@@ -43951,9 +43951,9 @@ CVE-2022-37721 (PyroCMS 3.9 is vulnerable to a stored Cross Site Scripting (XSS_
CVE-2022-37720 (Orchardproject Orchard CMS 1.10.3 is vulnerable to Cross Site Scriptin ...)
NOT-FOR-US: Orchard CMS
CVE-2022-37719 (A Cross-Site Request Forgery (CSRF) in the management portal of JetNex ...)
- TODO: check
+ NOT-FOR-US: JetNexus
CVE-2022-37718 (The management portal component of JetNexus/EdgeNexus ADC 4.2.8 was di ...)
- TODO: check
+ NOT-FOR-US: JetNexus
CVE-2022-37717
RESERVED
CVE-2022-37716
@@ -44751,7 +44751,7 @@ CVE-2022-36350 (Stored cross-site scripting vulnerability in PukiWiki versions 1
CVE-2022-2667 (A vulnerability was found in SourceCodester Loan Management System and ...)
NOT-FOR-US: SourceCodester
CVE-2022-2666 (A vulnerability has been found in SourceCodester Loan Management Syste ...)
- TODO: check
+ NOT-FOR-US: SourceCodester
CVE-2022-2665 (A vulnerability classified as critical was found in SourceCodester Sim ...)
NOT-FOR-US: SourceCodester
CVE-2022-2664 (A vulnerability classified as critical has been found in Private Cloud ...)
@@ -45802,9 +45802,9 @@ CVE-2022-37035 (An issue was discovered in bgpd in FRRouting (FRR) 8.3. In bgp_n
NOTE: https://github.com/FRRouting/frr/pull/11926
NOTE: https://github.com/FRRouting/frr/commit/71ca5b09bc71e8cbe38177cf41e83fe164e52eee
CVE-2022-37034 (In dotCMS 5.x-22.06, it is possible to call the TempResource multiple ...)
- TODO: check
+ NOT-FOR-US: dotCMS
CVE-2022-37033 (In dotCMS 5.x-22.06, TempFileAPI allows a user to create a temporary f ...)
- TODO: check
+ NOT-FOR-US: dotCMS
CVE-2022-37032 (An out-of-bounds read in the BGP daemon of FRRouting FRR before 8.4 ma ...)
{DLA-3211-1}
- frr 8.4.1-1 (bug #1021016)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d637c64e487f366aac6b985a9acb1708de7a1423
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d637c64e487f366aac6b985a9acb1708de7a1423
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230216/472aed07/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list