[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Fri Feb 17 10:19:25 GMT 2023
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
d65cf65b by Moritz Muehlenhoff at 2023-02-17T11:18:49+01:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -45,13 +45,13 @@ CVE-2023-0882
CVE-2023-0881
RESERVED
CVE-2023-0880 (Misinterpretation of Input in GitHub repository thorsten/phpmyfaq prio ...)
- TODO: check
+ NOT-FOR-US: phpmyfaq
CVE-2023-0879 (Cross-site Scripting (XSS) - Stored in GitHub repository btcpayserver/ ...)
- TODO: check
+ NOT-FOR-US: btcpayserver
CVE-2023-0878 (Cross-site Scripting (XSS) - Generic in GitHub repository nuxt/framewo ...)
- TODO: check
+ NOT-FOR-US: Nuxt
CVE-2023-0877 (Code Injection in GitHub repository froxlor/froxlor prior to 2.0.11. ...)
- TODO: check
+ - froxlor <itp> (bug #581792)
CVE-2023-0876
RESERVED
CVE-2023-0875
@@ -151,13 +151,13 @@ CVE-2023-0852
CVE-2023-0851
RESERVED
CVE-2022-48327 (Multiple Cross Site Scripting (XSS) vulnerabilities in Mapos 4.39.0 al ...)
- TODO: check
+ NOT-FOR-US: Mapos
CVE-2022-48326 (Multiple Cross Site Scripting (XSS) vulnerabilities in Mapos 4.39.0 al ...)
- TODO: check
+ NOT-FOR-US: Mapos
CVE-2022-48325 (Multiple Cross Site Scripting (XSS) vulnerabilities in Mapos 4.39.0 al ...)
- TODO: check
+ NOT-FOR-US: Mapos
CVE-2022-48324 (Multiple Cross Site Scripting (XSS) vulnerabilities in Mapos 4.39.0 al ...)
- TODO: check
+ NOT-FOR-US: Mapos
CVE-2021-46874
RESERVED
CVE-2023-25909
@@ -2518,9 +2518,9 @@ CVE-2023-22653
CVE-2023-0658 (A vulnerability, which was classified as critical, was found in Multil ...)
NOT-FOR-US: Multilaser RE057 and RE170
CVE-2022-48308 (It was discovered that the sls-logging was not verifying hostnames in ...)
- TODO: check
+ NOT-FOR-US: sls-logging
CVE-2022-48307 (It was discovered that the Magritte-ftp was not verifying hostnames in ...)
- TODO: check
+ NOT-FOR-US: Magritte-ftp
CVE-2022-48306 (Improper Validation of Certificate with Host Mismatch vulnerability in ...)
NOT-FOR-US: Palantir
CVE-2019-25101 (A vulnerability classified as critical has been found in OnShift Turbo ...)
@@ -4856,11 +4856,11 @@ CVE-2023-24223
CVE-2023-24222
RESERVED
CVE-2023-24221 (LuckyframeWEB v3.5 was discovered to contain a SQL injection vulnerabi ...)
- TODO: check
+ NOT-FOR-US: LuckyframeWEB
CVE-2023-24220 (LuckyframeWEB v3.5 was discovered to contain a SQL injection vulnerabi ...)
- TODO: check
+ NOT-FOR-US: LuckyframeWEB
CVE-2023-24219 (LuckyframeWEB v3.5 was discovered to contain a SQL injection vulnerabi ...)
- TODO: check
+ NOT-FOR-US: LuckyframeWEB
CVE-2023-24218
RESERVED
CVE-2023-24217
@@ -5142,7 +5142,7 @@ CVE-2023-24080
CVE-2023-24079
RESERVED
CVE-2023-24078 (Real Time Logic FuguHub v8.1 and earlier was discovered to contain a r ...)
- TODO: check
+ NOT-FOR-US: Real Time Logic FuguHub
CVE-2023-24077
RESERVED
CVE-2023-24076
@@ -5592,7 +5592,7 @@ CVE-2023-23928 (reason-jose is a JOSE implementation in ReasonML and OCaml.`Jose
CVE-2023-23927
RESERVED
CVE-2023-23926 (APOC (Awesome Procedures on Cypher) is an add-on library for Neo4j. An ...)
- TODO: check
+ NOT-FOR-US: APOC
CVE-2023-23925 (Switcher Client is a JavaScript SDK to work with Switcher API which is ...)
NOT-FOR-US: Switcher
CVE-2023-23924 (Dompdf is an HTML to PDF converter. The URI validation on dompdf 2.0.1 ...)
@@ -6321,7 +6321,7 @@ CVE-2023-23697 (Dell Command | Intel vPro Out of Band, versions before 4.4.0, co
CVE-2023-23696 (Dell Command Intel vPro Out of Band, versions prior to 4.3.1, contain ...)
NOT-FOR-US: Dell
CVE-2023-23695 (Dell Secure Connect Gateway (SCG) version 5.14.00.12 contains a broken ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2023-23694
RESERVED
CVE-2023-23693
@@ -9908,11 +9908,11 @@ CVE-2023-22582
CVE-2023-22581
RESERVED
CVE-2023-22580 (Due to improper input filtering in the sequalize js library, can malic ...)
- TODO: check
+ NOT-FOR-US: DIVD
CVE-2023-22579 (Due to improper parameter filtering in the sequalize js library, can a ...)
- TODO: check
+ NOT-FOR-US: DIVD
CVE-2023-22578 (Due to improper artibute filtering in the sequalize js library, can a ...)
- TODO: check
+ NOT-FOR-US: DIVD
CVE-2023-22577
RESERVED
CVE-2023-0040 (Versions of Async HTTP Client prior to 1.13.2 are vulnerable to a form ...)
@@ -11897,7 +11897,7 @@ CVE-2020-36620 (A vulnerability was found in Brondahl EnumStringValues up to 4.0
CVE-2023-22381
RESERVED
CVE-2023-22380 (A path traversal vulnerability was identified in GitHub Enterprise Ser ...)
- TODO: check
+ NOT-FOR-US: Github Enterprise Server
CVE-2023-22373 (Cross-site scripting vulnerability in CONPROSYS HMI System (CHS) Ver.3 ...)
NOT-FOR-US: CONPROSYS
CVE-2023-22339 (Improper access control vulnerability in CONPROSYS HMI System (CHS) Ve ...)
@@ -12289,7 +12289,7 @@ CVE-2022-47705
CVE-2022-47704
RESERVED
CVE-2022-47703 (TIANJIE CPE906-3 is vulnerable to password disclosure. This is present ...)
- TODO: check
+ NOT-FOR-US: TIANJIE
CVE-2022-47702
RESERVED
CVE-2022-47701 (COMFAST (Shenzhen Sihai Zhonglian Network Technology Co., Ltd) CF-WR62 ...)
@@ -23758,7 +23758,7 @@ CVE-2022-43446
CVE-2022-42465
RESERVED
CVE-2022-3843 (In WAGO Unmanaged Switch (852-111/000-001) in firmware version 01 an u ...)
- TODO: check
+ NOT-FOR-US: WAGO
CVE-2022-3842 (Use after free in Passwords in Google Chrome prior to 105.0.5195.125 a ...)
{DSA-5230-1}
- chromium 105.0.5195.125-1
@@ -24684,7 +24684,7 @@ CVE-2022-44301
CVE-2022-44300
RESERVED
CVE-2022-44299 (SiteServerCMS 7.1.3 sscms has a file read vulnerability. ...)
- TODO: check
+ NOT-FOR-US: SiteServer CMS
CVE-2022-44298 (SiteServer CMS 7.1.3 is vulnerable to SQL Injection. ...)
NOT-FOR-US: SiteServer CMS
CVE-2022-44297 (SiteServer CMS 7.1.3 has a SQL injection vulnerability the background. ...)
@@ -25910,7 +25910,7 @@ CVE-2022-43971 (An arbitrary code exection vulnerability exists in Linksys WUMC7
CVE-2022-43970 (A buffer overflow vulnerability exists in Linksys WRT54GL Wireless-G B ...)
NOT-FOR-US: Linksys
CVE-2022-43969 (Ricoh mp_c4504ex devices with firmware 1.06 mishandle credentials. ...)
- TODO: check
+ NOT-FOR-US: Ricoh
CVE-2022-43968 (Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9 ...)
NOT-FOR-US: Concrete CMS
CVE-2022-43967 (Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9 ...)
@@ -27189,7 +27189,7 @@ CVE-2022-43956
CVE-2022-43955
RESERVED
CVE-2022-43954 (An insertion of sensitive information into log file vulnerability [CWE ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2022-43953
RESERVED
CVE-2022-43952
@@ -31366,7 +31366,7 @@ CVE-2022-42474
CVE-2022-42473 (A missing authentication for a critical function vulnerability in Fort ...)
NOT-FOR-US: FortiGuard
CVE-2022-42472 (A improper neutralization of crlf sequences in http headers ('http res ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2022-42471 (An improper neutralization of CRLF sequences in HTTP headers ('HTTP Re ...)
NOT-FOR-US: FortiGuard
CVE-2022-42470
@@ -33897,7 +33897,7 @@ CVE-2022-41558 (The Visualizations component of TIBCO Software Inc.'s TIBCO Spot
CVE-2022-41342 (Improper buffer restrictions the Intel(R) C++ Compiler Classic before ...)
NOT-FOR-US: Intel
CVE-2022-41314 (Uncontrolled search path in some Intel(R) Network Adapter installer so ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-40982
RESERVED
CVE-2022-40971
@@ -34504,9 +34504,9 @@ CVE-2022-3292 (Use of Cache Containing Sensitive Information in GitHub repositor
CVE-2022-41336 (An improper neutralization of input during web page generation vulnera ...)
NOT-FOR-US: FortiGuard
CVE-2022-41335 (A relative path traversal vulnerability [CWE-23] in Fortinet FortiOS v ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2022-41334 (An improper neutralization of input during web page generation [CWE-79 ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2022-41333
RESERVED
CVE-2022-41332
@@ -36067,7 +36067,7 @@ CVE-2022-40696
CVE-2022-40684 (An authentication bypass using an alternate path or channel [CWE-288] ...)
NOT-FOR-US: FortiGuard
CVE-2022-40683 (A double free in Fortinet FortiWeb version 7.0.0 through 7.0.3 may all ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2022-40682
RESERVED
CVE-2022-40681
@@ -36077,13 +36077,13 @@ CVE-2022-40680 (A improper neutralization of input during web page generation ('
CVE-2022-40679
RESERVED
CVE-2022-40678 (An insufficiently protected credentials in Fortinet FortiNAC versions ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2022-40677 (A improper neutralization of argument delimiters in a command ('argume ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2022-40676
RESERVED
CVE-2022-40675 (Some cryptographic issues in Fortinet FortiNAC versions 9.4.0 through ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2022-40672 (Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability ...)
NOT-FOR-US: WordPress plugin
CVE-2022-40671 (Cross-Site Request Forgery (CSRF) vulnerability in Rate my Post – ...)
@@ -37641,7 +37641,7 @@ CVE-2022-40082 (Hertz v0.3.0 ws discovered to contain a path traversal vulnerabi
CVE-2022-40081
RESERVED
CVE-2022-40080 (Stack overflow vulnerability in Aspire E5-475G 's BIOS firmware, in th ...)
- TODO: check
+ NOT-FOR-US: Aspire
CVE-2022-40079
RESERVED
CVE-2022-40078
@@ -37921,11 +37921,11 @@ CVE-2022-39955 (The OWASP ModSecurity Core Rule Set (CRS) is affected by a parti
[bullseye] - modsecurity-crs <no-dsa> (Minor issues; will be fixed in point release)
NOTE: https://coreruleset.org/20220919/crs-version-3-3-3-and-3-2-2-covering-several-cves/
CVE-2022-39954 (An improper restriction of xml external entity reference in Fortinet F ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2022-39953
RESERVED
CVE-2022-39952 (A external control of file name or path in Fortinet FortiNAC versions ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2022-39951
RESERVED
CVE-2022-39950 (An improper neutralization of input during web page generation vulnera ...)
@@ -37933,7 +37933,7 @@ CVE-2022-39950 (An improper neutralization of input during web page generation v
CVE-2022-39949 (An improper control of a resource through its lifetime vulnerability [ ...)
NOT-FOR-US: FortiGuard
CVE-2022-39948 (An improper certificate validation vulnerability [CWE-295] in FortiOS ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2022-39947 (A improper neutralization of special elements used in an os command (' ...)
NOT-FOR-US: Fortinet
CVE-2022-39946
@@ -41184,7 +41184,7 @@ CVE-2022-38733 (OnCommand Insight versions 7.3.1 through 7.3.14 are susceptible
CVE-2022-38732 (SnapCenter versions prior to 4.7 shipped without Content Security Poli ...)
NOT-FOR-US: SnapCenter (NetAPP)
CVE-2022-38731 (Qaelum DOSE 18.08 through 21.1 before 21.2 allows Directory Traversal ...)
- TODO: check
+ NOT-FOR-US: Qaelum
CVE-2022-2985 (In music service, there is a missing permission check. This could lead ...)
NOT-FOR-US: Unisoc
CVE-2022-2984 (In jpg driver, there is a possible out of bounds write due to a missin ...)
@@ -42404,13 +42404,13 @@ CVE-2022-38380 (An improper access control [CWE-284] vulnerability in FortiOS ve
CVE-2022-38379 (Improper neutralization of input during web page generation [CWE-79] i ...)
NOT-FOR-US: FortiGuard
CVE-2022-38378 (An improper privilege management vulnerability [CWE-269] in Fortinet F ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2022-38377 (An improper access control vulnerability [CWE-284] in FortiManager 7.2 ...)
NOT-FOR-US: FortiGuard
CVE-2022-38376 (Multiple improper neutralization of input during web page generation ( ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2022-38375 (An improper authorization vulnerability [CWE-285] in Fortinet FortiNAC ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2022-38374 (A improper neutralization of input during web page generation ('cross- ...)
NOT-FOR-US: FortiGuard
CVE-2022-38373 (An improper neutralization of input during web page generation vulnera ...)
@@ -43178,11 +43178,11 @@ CVE-2022-38060 (A privilege escalation vulnerability exists in the sudo function
- kolla <itp> (bug #804128)
NOTE: https://bugs.launchpad.net/kolla/+bug/1985784
CVE-2022-38056 (Improper neutralization in the Intel(R) EMA software before version 1. ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-37336
RESERVED
CVE-2022-37329 (Uncontrolled search path in some Intel(R) Quartus(R) Prime Pro and Sta ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-36406
RESERVED
CVE-2022-36351
@@ -45191,7 +45191,7 @@ CVE-2022-37347 (Trend Micro Security 2021 and 2022 (Consumer) is vulnerable to a
CVE-2022-37341
RESERVED
CVE-2022-37340 (Uncontrolled search path in some Intel(R) QAT drivers for Windows befo ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-37326
RESERVED
CVE-2022-37325 (In Sangoma Asterisk through 16.28.0, 17.x and 18.x through 18.14.0, an ...)
@@ -45243,13 +45243,13 @@ CVE-2022-37305 (The Remote Keyless Entry (RKE) receiving unit on certain Honda v
CVE-2022-36426
RESERVED
CVE-2022-36397 (Incorrect default permissions in the software installer for some Intel ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-36369 (Improper access control in some QATzip software maintained by Intel(R) ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-36353
RESERVED
CVE-2022-36348 (Active debug code in some Intel (R) SPS firmware before version SPS_E5 ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-36291
RESERVED
CVE-2022-36281
@@ -46315,15 +46315,15 @@ CVE-2022-36944 (Scala 2.13.x before 2.13.9 has a Java deserialization chain in i
NOTE: https://github.com/scala/scala/pull/10118
NOTE: https://github.com/scala/scala/commit/f24c226211eb340c999d810013efbff35a49863f (v2.13.9)
CVE-2022-36797 (Protection mechanism failure in the Intel(R) Ethernet 500 Series Contr ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-36794 (Improper condition check in some Intel(R) SPS firmware before version ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-36792
RESERVED
CVE-2022-36421
RESERVED
CVE-2022-36416 (Protection mechanism failure in the Intel(R) Ethernet 500 Series Contr ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-36393
RESERVED
CVE-2022-36366
@@ -46349,7 +46349,7 @@ CVE-2022-2557 (The Team WordPress plugin before 4.1.2 contains a file which coul
CVE-2021-46830 (A path traversal vulnerability exists within GoAnywhere MFT before 6.8 ...)
NOT-FOR-US: GoAnywhere MFT
CVE-2022-36943 (SSZipArchive versions 2.5.3 and older contain an arbitrary file write ...)
- TODO: check
+ NOT-FOR-US: SSZipArchive
CVE-2022-36942
RESERVED
CVE-2022-36941
@@ -47468,7 +47468,7 @@ CVE-2022-36392
CVE-2022-36384 (Unquoted search path in the installer software for some Intel(r) NUC K ...)
NOT-FOR-US: Intel
CVE-2022-36382 (Out-of-bounds write in firmware for some Intel(R) Ethernet Network Con ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-36380 (Uncontrolled search path in the installer software for some Intel(r) N ...)
NOT-FOR-US: Intel
CVE-2022-36370 (Improper authentication in BIOS firmware for some Intel(R) NUC Boards ...)
@@ -47476,7 +47476,7 @@ CVE-2022-36370 (Improper authentication in BIOS firmware for some Intel(R) NUC B
CVE-2022-36283
RESERVED
CVE-2022-34864 (Out-of-bounds read in the Intel(R) Trace Analyzer and Collector softwa ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-34859
RESERVED
CVE-2022-33963
@@ -47512,7 +47512,7 @@ CVE-2022-36409
CVE-2022-36408
REJECTED
CVE-2022-36398 (Uncontrolled search path in the Intel(R) Battery Life Diagnostic Tool ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-36396
RESERVED
CVE-2022-36395
@@ -47522,13 +47522,13 @@ CVE-2022-36377 (Incorrect default permissions in the installer software for some
CVE-2022-36374
RESERVED
CVE-2022-36287 (Uncaught exception in the FCS Server software maintained by Intel befo ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-36278 (Insufficient control flow management in the Intel(R) Battery Life Diag ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-34855
RESERVED
CVE-2022-34153 (Improper initialization in the Intel(R) Battery Life Diagnostic Tool s ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-34147
RESERVED
CVE-2022-31137 (Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Kee ...)
@@ -47661,7 +47661,7 @@ CVE-2022-36364 (Apache Calcite Avatica JDBC driver creates HTTP client instances
CVE-2022-36298
RESERVED
CVE-2022-35729 (Out of bounds read in firmware for OpenBMC in some Intel(R) platforms ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-34848
RESERVED
CVE-2022-34846
@@ -47673,7 +47673,7 @@ CVE-2022-33196 (Incorrect default permissions in some memory controller configur
NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00738.html
NOTE: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20230214
CVE-2022-32570 (Improper authentication in the Intel(R) Quartus Prime Pro and Standard ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-32232
RESERVED
CVE-2022-2509 (A vulnerability found in gnutls. This security flaw happens because of ...)
@@ -47744,11 +47744,11 @@ CVE-2022-35727
CVE-2022-34852
RESERVED
CVE-2022-34849 (Uncaught exception in the Intel(R) Iris(R) Xe MAX drivers for Windows ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-29494 (Improper input validation in firmware for OpenBMC in some Intel(R) pla ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-29493 (Uncaught exception in webserver for the Integrated BMC in some Intel(R ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-2501 (An improper access control issue in GitLab EE affecting all versions f ...)
- gitlab <not-affected> (Specific to EE)
CVE-2022-2500 (A cross-site scripting issue has been discovered in GitLab CE/EE affec ...)
@@ -47878,9 +47878,9 @@ CVE-2022-36294
CVE-2022-36290
RESERVED
CVE-2022-36289 (Protection mechanism failure in the Intel(R) Media SDK software before ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-35883 (NULL pointer dereference in the Intel(R) Media SDK software before ver ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-35274
RESERVED
CVE-2022-35237
@@ -47888,11 +47888,11 @@ CVE-2022-35237
CVE-2022-34860
RESERVED
CVE-2022-34843 (Integer overflow in the Intel(R) Trace Analyzer and Collector software ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-33949
RESERVED
CVE-2022-32575 (Out-of-bounds write in the Intel(R) Trace Analyzer and Collector softw ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-2485 (Any attempt (good or bad) to log into AutomationDirect Stride Field I/ ...)
NOT-FOR-US: AutomationDirect
CVE-2022-2484 (The signature check in the Nokia ASIK AirScale system module version 4 ...)
@@ -49426,7 +49426,7 @@ CVE-2022-33144
CVE-2022-29870
RESERVED
CVE-2022-27170 (Protection mechanism failure in the Intel(R) Media SDK software before ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-2395 (The weForms WordPress plugin before 1.6.14 does not sanitise and escap ...)
NOT-FOR-US: WordPress plugin
CVE-2022-2394 (Puppet Bolt prior to version 3.24.0 will print sensitive parameters wh ...)
@@ -51718,13 +51718,13 @@ CVE-2022-34863
CVE-2022-34856
RESERVED
CVE-2022-34854 (Improper access control in the Intel(R) SUR software before version 2. ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-34841 (Improper buffer restrictions in the Intel(R) Media SDK software before ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-34488 (Improper buffer restrictions in the firmware for some Intel(R) NUC Lap ...)
NOT-FOR-US: Intel
CVE-2022-34346 (Out-of-bounds read in the Intel(R) Media SDK software before version 2 ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-33972 (Incorrect calculation in microcode keying mechanism for some 3rd Gener ...)
- intel-microcode <unfixed> (bug #1031334)
NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00730.html
@@ -51734,7 +51734,7 @@ CVE-2022-33197
CVE-2022-32581
RESERVED
CVE-2022-30531 (Out-of-bounds read in the Intel(R) Iris(R) Xe MAX drivers for Windows ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-2287 (Out-of-bounds Read in GitHub repository vim/vim prior to 9.0. ...)
- vim 2:9.0.0135-1 (unimportant)
NOTE: https://huntr.dev/bounties/654aa069-3a9d-45d3-9a52-c1cf3490c284/
@@ -52660,23 +52660,23 @@ CVE-2022-34646
CVE-2022-34345 (Improper input validation in the firmware for some Intel(R) NUC Laptop ...)
NOT-FOR-US: Intel
CVE-2022-34157 (Improper access control in the Intel(R) FPGA SDK for OpenCL(TM) with I ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-33964 (Improper input validation in the Intel(R) SUR software before version ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-33946 (Improper authentication in the Intel(R) SUR software before version 2. ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-33190 (Improper input validation in the Intel(R) SUR software before version ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-32971 (Improper authentication in the Intel(R) SUR software before version 2. ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-32579 (Improper initialization in the firmware for some Intel(R) NUC Laptop K ...)
NOT-FOR-US: Intel
CVE-2022-31476 (Improper access control in the Intel(R) SUR software before version 2. ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-30692 (Improper conditions check in the Intel(R) SUR software before version ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-29514 (Improper access control in the Intel(R) SUR software before version 2. ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-27168 (Cross-site scripting vulnerability in LiteCart versions prior to 2.4.2 ...)
NOT-FOR-US: LiteCart
CVE-2022-2214 (A vulnerability was found in SourceCodester Library Management System ...)
@@ -54436,7 +54436,7 @@ CVE-2022-33973 (Improper access control in the Intel(R) WAPI Security software f
CVE-2022-33898
RESERVED
CVE-2022-32764 (Description: Race condition in the Intel(R) DSA software before versio ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-32582
RESERVED
CVE-2022-32577
@@ -54444,7 +54444,7 @@ CVE-2022-32577
CVE-2022-32576
RESERVED
CVE-2022-30530 (Protection mechanism failure in the Intel(R) DSA software before versi ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-29895
RESERVED
CVE-2022-29871
@@ -54575,7 +54575,7 @@ CVE-2022-33945
CVE-2022-33942 (Protection mechanism failure in the Intel(R) DCM software before versi ...)
NOT-FOR-US: Intel
CVE-2022-33902 (Insufficient control flow management in the Intel(R) Quartus Prime Pro ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-33899
RESERVED
CVE-2022-33895
@@ -54583,7 +54583,7 @@ CVE-2022-33895
CVE-2022-33894
RESERVED
CVE-2022-33892 (Path traversal in the Intel(R) Quartus Prime Pro and Standard edition ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-33209 (Improper input validation in the firmware for some Intel(R) NUC Laptop ...)
NOT-FOR-US: Intel
CVE-2022-33200
@@ -54611,11 +54611,11 @@ CVE-2022-32288
CVE-2022-32233
RESERVED
CVE-2022-32231 (Improper initialization in the BIOS firmware for some Intel(R) Process ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-31477
RESERVED
CVE-2022-30704 (Improper initialization in the Intel(R) TXT SINIT ACM for some Intel(R ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-30691 (Uncontrolled resource consumption in the Intel(R) Support Android appl ...)
NOT-FOR-US: Intel
CVE-2022-30606
@@ -54910,11 +54910,11 @@ CVE-2022-33873 (An improper neutralization of special elements used in an OS Com
CVE-2022-33872 (An improper neutralization of special elements used in an OS Command ( ...)
NOT-FOR-US: Fortiguard
CVE-2022-33871 (A stack-based buffer overflow vulnerability [CWE-121] in FortiWeb vers ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2022-33870 (An improper neutralization of special elements used in an OS command v ...)
NOT-FOR-US: FortiGuard
CVE-2022-33869 (An improper neutralization of special elements used in an OS command v ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2022-2100 (The Page Generator WordPress plugin before 1.6.5 does not sanitise and ...)
NOT-FOR-US: WordPress plugin
CVE-2022-2099 (The WooCommerce WordPress plugin before 6.6.0 is vulnerable to stored ...)
@@ -57872,13 +57872,13 @@ CVE-2022-30601 (Insufficiently protected credentials for Intel(R) AMT and Intel(
CVE-2022-30542 (Improper input validation in the firmware for some Intel(R) Server Boa ...)
NOT-FOR-US: Intel
CVE-2022-30539 (Use after free in the BIOS firmware for some Intel(R) Processors may a ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-29920
RESERVED
CVE-2022-29896
RESERVED
CVE-2022-29523 (Improper conditions check in the Open CAS software maintained by Intel ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-28699
RESERVED
CVE-2022-28697 (Improper access control in firmware for Intel(R) AMT and Intel(R) Stan ...)
@@ -60017,7 +60017,7 @@ CVE-2022-31810
CVE-2022-31809
RESERVED
CVE-2022-31808 (A vulnerability has been identified in SiPass integrated AC5102 (ACC-G ...)
- TODO: check
+ NOT-FOR-US: SiPass
CVE-2022-31807
RESERVED
CVE-2022-31806 (In CODESYS V2 PLCWinNT and Runtime Toolkit 32 in versions prior to V2. ...)
@@ -60467,7 +60467,7 @@ CVE-2022-1894 (The Popup Builder WordPress plugin before 4.1.11 does not escape
CVE-2021-4232 (A vulnerability classified as problematic has been found in Zoo Manage ...)
NOT-FOR-US: Zoo Management System
CVE-2022-31733 (Starting with diego-release 2.55.0 and up to 2.69.0, and starting with ...)
- TODO: check
+ NOT-FOR-US: diego-release
CVE-2022-31732
RESERVED
CVE-2022-31731
@@ -60511,9 +60511,9 @@ CVE-2022-31713
CVE-2022-31712
RESERVED
CVE-2022-31711 (VMware vRealize Log Insight contains an Information Disclosure Vulnera ...)
- TODO: check
+ NOT-FOR-US: VMware
CVE-2022-31710 (vRealize Log Insight contains a deserialization vulnerability. An unau ...)
- TODO: check
+ NOT-FOR-US: VMware
CVE-2022-31709
RESERVED
CVE-2022-31708 (vRealize Operations (vROps) contains a broken access control vulnerabi ...)
@@ -60521,11 +60521,11 @@ CVE-2022-31708 (vRealize Operations (vROps) contains a broken access control vul
CVE-2022-31707 (vRealize Operations (vROps) contains a privilege escalation vulnerabil ...)
NOT-FOR-US: VMware
CVE-2022-31706 (The vRealize Log Insight contains a Directory Traversal Vulnerability. ...)
- TODO: check
+ NOT-FOR-US: VMware
CVE-2022-31705 (VMware ESXi, Workstation, and Fusion contain a heap out-of-bounds writ ...)
NOT-FOR-US: VMware
CVE-2022-31704 (The vRealize Log Insight contains a broken access control vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: VMware
CVE-2022-31703 (The vRealize Log Insight contains a Directory Traversal Vulnerability. ...)
NOT-FOR-US: VMware
CVE-2022-31702 (vRealize Network Insight (vRNI) contains a command injection vulnerabi ...)
@@ -60793,11 +60793,11 @@ CVE-2022-30533 (Cross-site scripting vulnerability in Modern Events Calendar Lit
CVE-2022-1893 (Exposure of Sensitive Information to an Unauthorized Actor in GitHub r ...)
NOT-FOR-US: Trudesk
CVE-2022-1892 (A buffer overflow in the SystemBootManagerDxe driver in some Lenovo No ...)
- TODO: check
+ NOT-FOR-US: Lenovo
CVE-2022-1891 (A buffer overflow in the SystemLoadDefaultDxe driver in some Lenovo No ...)
- TODO: check
+ NOT-FOR-US: Lenovo
CVE-2022-1890 (A buffer overflow in the ReadyBootDxe driver in some Lenovo Notebook p ...)
- TODO: check
+ NOT-FOR-US: Lenovo
CVE-2022-1889 (The Newsletter WordPress plugin before 7.4.6 does not escape and sanit ...)
NOT-FOR-US: WordPress plugin
CVE-2022-1888 (Alpha7 PC Loader (All versions) is vulnerable to a stack-based buffer ...)
@@ -60874,7 +60874,7 @@ CVE-2022-31613 (NVIDIA GPU Display Driver for Windows contains a vulnerability i
CVE-2022-31612 (NVIDIA GPU Display Driver for Windows contains a vulnerability in the ...)
NOT-FOR-US: NVIDIA drivers for Windows
CVE-2022-31611 (NVIDIA GeForce Experience contains an uncontrolled search path vulnera ...)
- TODO: check
+ NOT-FOR-US: NVIDIA
CVE-2022-31610 (NVIDIA GPU Display Driver for Windows contains a vulnerability in the ...)
NOT-FOR-US: NVIDIA drivers for Windows
CVE-2022-31609 (NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manag ...)
@@ -61564,9 +61564,9 @@ CVE-2022-31366 (An arbitrary file upload vulnerability in the apiImportLabs func
CVE-2022-31365
RESERVED
CVE-2022-31364 (Cypress : https://www.infineon.com/ Cypress Bluetooth Mesh SDK BSA0107 ...)
- TODO: check
+ NOT-FOR-US: Cypress
CVE-2022-31363 (Cypress : https://www.infineon.com/ Cypress Bluetooth Mesh SDK BSA0107 ...)
- TODO: check
+ NOT-FOR-US: Cypress
CVE-2022-31362 (** UNSUPPORTED WHEN ASSIGNED ** Docebo Community Edition v4.0.5 and be ...)
NOT-FOR-US: Docebo
CVE-2022-31361 (** UNSUPPORTED WHEN ASSIGNED ** Docebo Community Edition v4.0.5 and be ...)
@@ -61824,7 +61824,7 @@ CVE-2022-29506 (Out-of-bounds read vulnerability exist in the simulator module c
CVE-2022-1813 (OS Command Injection in GitHub repository yogeshojha/rengine prior to ...)
NOT-FOR-US: yogeshojha/rengine
CVE-2022-1812 (Integer Overflow or Wraparound in GitHub repository publify/publify pr ...)
- TODO: check
+ NOT-FOR-US: Publify
CVE-2022-1811 (Unrestricted Upload of File with Dangerous Type in GitHub repository p ...)
NOT-FOR-US: Publify
CVE-2022-1810 (Improper Access Control in GitHub repository publify/publify prior to ...)
@@ -63084,7 +63084,7 @@ CVE-2022-30906
CVE-2022-30905
RESERVED
CVE-2022-30904 (In Bestechnic Bluetooth Mesh SDK (BES2300) V1.0, a buffer overflow vul ...)
- TODO: check
+ NOT-FOR-US: Bestechnic Bluetooth Mesh SDK
CVE-2022-30903 (Nokia "G-2425G-A" Bharti Airtel Routers Hardware version "3FE48299DEAA ...)
NOT-FOR-US: Nokia "G-2425G-A" Bharti Airtel Routers Hardware
CVE-2022-30902
@@ -63938,7 +63938,7 @@ CVE-2022-30566
CVE-2022-30565
RESERVED
CVE-2022-30564 (Some Dahua embedded products have a vulnerability of unauthorized modi ...)
- TODO: check
+ NOT-FOR-US: Dahua
CVE-2022-30563 (When an attacker uses a man-in-the-middle attack to sniff the request ...)
NOT-FOR-US: Dahua
CVE-2022-30562 (If the user enables the https function on the device, an attacker can ...)
@@ -64031,7 +64031,7 @@ CVE-2022-1671 (A NULL pointer dereference flaw was found in rxrpc_preparse_s in
CVE-2022-30548 (Uncontrolled search path element in the Intel(R) Glorp software may al ...)
NOT-FOR-US: Intel
CVE-2022-30339 (Out-of-bounds read in firmware for the Intel(R) Integrated Sensor Solu ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-30338
RESERVED
CVE-2022-30296 (Insufficiently protected credentials in the Intel(R) Datacenter Group ...)
@@ -64059,7 +64059,7 @@ CVE-2022-28693
CVE-2022-27877
RESERVED
CVE-2022-27808 (Insufficient control flow management in some Intel(R) Ethernet Control ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-26844 (Insufficiently protected credentials in the installation binaries for ...)
NOT-FOR-US: Intel
CVE-2022-26374 (Uncontrolled search path in the installation binaries for Intel(R) SEA ...)
@@ -64443,7 +64443,7 @@ CVE-2022-30423 (Merchandise Online Store v1.0 by oretnom23 has an arbitrary code
CVE-2022-30422 (Proietti Tech srl Planet Time Enterprise 4.2.0.1,4.2.0.0,4.1.0.0,4.0.0 ...)
NOT-FOR-US: Proietti Tech srl Planet Time Enterprise
CVE-2022-30421 (Improper Authentication vulnerability in Toshiba Storage Security Soft ...)
- TODO: check
+ NOT-FOR-US: Toshiba
CVE-2022-30420
RESERVED
CVE-2022-30419
@@ -64668,7 +64668,7 @@ CVE-2022-30333 (RARLAB UnRAR before 6.12 on Linux and UNIX allows directory trav
NOTE: 6.12 application version corresponds to 6.1.7 source version:
NOTE: https://github.com/debian-calibre/unrar-nonfree/compare/upstream/6.1.6...upstream/6.1.7
CVE-2022-30332 (In Talend Administration Center 7.3.1.20200219 before TAC-15950, the F ...)
- TODO: check
+ NOT-FOR-US: Talend
CVE-2022-30331 (** DISPUTED ** The User-Defined Functions (UDF) feature in TigerGraph ...)
NOT-FOR-US: TigerGraph
CVE-2022-30330 (In the KeepKey firmware before 7.3.2,Flaws in the supervisor interface ...)
@@ -64741,21 +64741,21 @@ CVE-2022-30308 (In Festo Controller CECC-X-M1 product family in multiple version
CVE-2022-30307 (A key management error vulnerability [CWE-320] affecting the RSA SSH h ...)
NOT-FOR-US: FortiGuard
CVE-2022-30306 (A stack-based buffer overflow vulnerability [CWE-121] in the CA sign f ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2022-30305 (An insufficient logging [CWE-778] vulnerability in FortiSandbox versio ...)
NOT-FOR-US: FortiGuard
CVE-2022-30304 (An improper neutralization of input during web page generation vulnera ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2022-30303 (An improper neutralization of special elements used in an os command ( ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2022-30302 (Multiple relative path traversal vulnerabilities [CWE-23] in FortiDece ...)
NOT-FOR-US: Fortinet
CVE-2022-30301 (A path traversal vulnerability [CWE-22] in FortiAP-U CLI 6.2.0 through ...)
NOT-FOR-US: Fortinet
CVE-2022-30300 (A relative path traversal vulnerability [CWE-23] in FortiWeb 7.0.0 thr ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2022-30299 (A path traversal vulnerability [CWE-23] in the API of FortiWeb 7.0.0 t ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2022-30298 (An improper privilege management vulnerability [CWE-269] in Fortinet F ...)
NOT-FOR-US: FortiGuard
CVE-2022-29509 (Directory traversal vulnerability in T&D Data Server (Japanese Edi ...)
@@ -66108,9 +66108,9 @@ CVE-2022-29846 (In Progress Ipswitch WhatsUp Gold 16.1 through 21.1.1, and 22.0.
CVE-2022-29845 (In Progress Ipswitch WhatsUp Gold 21.1.0 through 21.1.1, and 22.0.0, i ...)
NOT-FOR-US: Progress Ipswitch WhatsUp Gold
CVE-2022-29844 (A vulnerability in the FTP service of Western Digital My Cloud OS 5 de ...)
- TODO: check
+ NOT-FOR-US: Western Digital
CVE-2022-29843 (A command injection vulnerability in the DDNS service configuration of ...)
- TODO: check
+ NOT-FOR-US: Western Digital
CVE-2022-29842
RESERVED
CVE-2022-29841
@@ -67053,7 +67053,7 @@ CVE-2022-29559
CVE-2022-29558 (Realtek rtl819x-SDK before v3.6.1 allows command injection over the we ...)
NOT-FOR-US: Realtek
CVE-2022-29557 (LexisNexis Firco Compliance Link 3.7 allows CSRF. ...)
- TODO: check
+ NOT-FOR-US: LexisNexis Firco Compliance Link
CVE-2022-29556 (The iot-manager microservice 1.0.0 in Northern.tech Mender Enterprise ...)
NOT-FOR-US: mendersoftware/iot-manager
CVE-2022-29555 (The Deviceconnect microservice through 1.3.0 in Northern.tech Mender E ...)
@@ -67449,7 +67449,7 @@ CVE-2022-29418 (Authenticated (admin user role) Persistent Cross-Site Scripting
CVE-2022-29417 (Plugin Settings Update vulnerability in ShortPixel's ShortPixel Adapti ...)
NOT-FOR-US: WordPress plugin
CVE-2022-29416 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Afterpay ...)
- TODO: check
+ NOT-FOR-US: AfterPay
CVE-2022-29415 (Unauthenticated Reflected Cross-Site Scripting (XSS) vulnerability in ...)
NOT-FOR-US: WordPress plugin
CVE-2022-29414 (Multiple (13x) Cross-Site Request Forgery (CSRF) vulnerabilities in WP ...)
@@ -68509,7 +68509,7 @@ CVE-2022-29056
CVE-2022-29055 (A access of uninitialized pointer in Fortinet FortiOS version 7.2.0, 7 ...)
NOT-FOR-US: FortiGuard
CVE-2022-29054 (A missing cryptographic steps vulnerability [CWE-325] in the functions ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2022-29053 (A missing cryptographic steps vulnerability [CWE-325] in the functions ...)
NOT-FOR-US: FortiGuard
CVE-2022-29052 (Jenkins Google Compute Engine Plugin 4.3.8 and earlier stores private ...)
@@ -69458,7 +69458,7 @@ CVE-2022-27631 (A memory corruption vulnerability exists in the httpd unescape f
CVE-2022-27499 (Premature release of resource during expected lifetime in the Intel(R) ...)
NOT-FOR-US: Intel
CVE-2022-27234 (Server-side request forgery in the CVAT software maintained by Intel(R ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-27187 (Uncontrolled search path element in the Intel(R) Quartus Prime Standar ...)
NOT-FOR-US: Intel
CVE-2022-27173
@@ -69466,9 +69466,9 @@ CVE-2022-27173
CVE-2022-26845 (Improper authentication in firmware for Intel(R) AMT before versions 1 ...)
NOT-FOR-US: Intel
CVE-2022-26841 (Insufficient control flow management for the Intel(R) SGX SDK software ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-26837 (Improper input validation in the BIOS firmware for some Intel(R) Proce ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-26833 (An improper authentication vulnerability exists in the REST API functi ...)
NOT-FOR-US: Open Automation Software
CVE-2022-26515
@@ -69476,7 +69476,7 @@ CVE-2022-26515
CVE-2022-26513 (Out-of-bounds write in some Intel(R) XMM(TM) 7560 Modem software befor ...)
NOT-FOR-US: Intel
CVE-2022-26509 (Improper conditions check in the Intel(R) SGX SDK software may allow a ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-26508 (Improper authentication in the Intel(R) SDP Tool before version 3.0.0 ...)
NOT-FOR-US: Intel
CVE-2022-26376 (A memory corruption vulnerability exists in the httpd unescape functio ...)
@@ -71824,7 +71824,7 @@ CVE-2022-27948 (** DISPUTED ** Certain Tesla vehicles through 2022-03-26 allow a
CVE-2022-1110 (A buffer overflow vulnerability in Lenovo Smart Standby Driver prior t ...)
NOT-FOR-US: Lenovo
CVE-2022-1109 (An incorrect default permissions vulnerability in Lenovo Leyun cloud m ...)
- TODO: check
+ NOT-FOR-US: Lenovo
CVE-2022-1108 (A potential vulnerability due to improper buffer validation in the SMI ...)
NOT-FOR-US: Lenovo
CVE-2022-1107 (During an internal product security audit a potential vulnerability du ...)
@@ -71956,7 +71956,7 @@ CVE-2022-27899
CVE-2022-27898
RESERVED
CVE-2022-27897 (Palantir Gotham versions prior to 3.22.11.2 included an unauthenticate ...)
- TODO: check
+ NOT-FOR-US: Palantir
CVE-2022-27896 (Information Exposure Through Log Files vulnerability discovered in Fou ...)
NOT-FOR-US: Foundry Code-Workbooks
CVE-2022-27895 (Information Exposure Through Log Files vulnerability discovered in Fou ...)
@@ -71966,11 +71966,11 @@ CVE-2022-27894 (The Foundry Blobster service was found to have a cross-site scri
CVE-2022-27893 (The Foundry Magritte plugin osisoft-pi-web-connector versions 0.15.0 - ...)
NOT-FOR-US: Foundry Magritte plugin osisoft-pi-web-connector
CVE-2022-27892 (Palantir Gotham versions prior to 3.22.11.2 included an unauthenticate ...)
- TODO: check
+ NOT-FOR-US: Palantir
CVE-2022-27891 (Palantir Gotham included an unauthenticated endpoint that listed all a ...)
- TODO: check
+ NOT-FOR-US: Palantir
CVE-2022-27890 (It was discovered that the sls-logging was not verifying hostnames in ...)
- TODO: check
+ NOT-FOR-US: sls-logging
CVE-2022-27889 (The Multipass service was found to have code paths that could be abuse ...)
NOT-FOR-US: Palantir
CVE-2022-27888 (Foundry Issues service versions 2.244.0 to 2.249.0 was found to be log ...)
@@ -72571,7 +72571,7 @@ CVE-2022-27679
CVE-2022-27678
RESERVED
CVE-2022-27677 (Failure to validate privileges during installation of AMD Ryzen™ ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2022-27676
REJECTED
CVE-2022-27675
@@ -72814,7 +72814,7 @@ CVE-2022-27598
CVE-2022-27597
RESERVED
CVE-2022-27596 (A vulnerability has been reported to affect QNAP device running QuTS h ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2022-27595
RESERVED
CVE-2022-27594
@@ -72930,9 +72930,9 @@ CVE-2022-27540
CVE-2022-27539
RESERVED
CVE-2022-27538 (A potential Time-of-Check to Time-of-Use (TOCTOU) vulnerability has be ...)
- TODO: check
+ NOT-FOR-US: HP
CVE-2022-27537 (Potential vulnerabilities have been identified in the system BIOS of c ...)
- TODO: check
+ NOT-FOR-US: HP
CVE-2022-27536 (Certificate.Verify in crypto/x509 in Go 1.18.x before 1.18.1 can be ca ...)
- golang-1.18 <not-affected> (MacOS-specific)
- golang-1.17 <not-affected> (MacOS-specific)
@@ -72993,9 +72993,9 @@ CVE-2022-27510 (Unauthorized access to Gateway user capabilities ...)
CVE-2022-27509 (Unauthenticated redirection to a malicious website ...)
NOT-FOR-US: Citrix
CVE-2022-27508 (Unauthenticated denial of service ...)
- TODO: check
+ NOT-FOR-US: Citrix
CVE-2022-27507 (Authenticated denial of service ...)
- TODO: check
+ NOT-FOR-US: Citrix
CVE-2022-27506 (Hard-coded credentials allow administrators to access the shell via th ...)
NOT-FOR-US: Citrix
CVE-2022-27505 (Reflected cross site scripting (XSS) ...)
@@ -73021,9 +73021,9 @@ CVE-2022-27180
CVE-2022-26889 (In Splunk Enterprise versions before 8.1.2, the uri path to load a rel ...)
NOT-FOR-US: Splunk
CVE-2022-26888 (Cross-site scripting in the Intel(R) Quartus Prime Pro and Standard ed ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-26840 (Improper neutralization in the Intel(R) Quartus Prime Pro and Standard ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-26070 (When handling a mismatched pre-authentication cookie, the application ...)
NOT-FOR-US: Splunk
CVE-2022-26024 (Improper access control in the Intel(R) NUC HDMI Firmware Update Tool ...)
@@ -73045,7 +73045,7 @@ CVE-2022-27491 (A improper verification of source of a communication channel in
CVE-2022-27490
RESERVED
CVE-2022-27489 (A improper neutralization of special elements used in an os command (' ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2022-27488
RESERVED
CVE-2022-27487
@@ -73059,7 +73059,7 @@ CVE-2022-27484 (A unverified password change in Fortinet FortiADC version 6.2.0
CVE-2022-27483 (A improper neutralization of special elements used in an os command (' ...)
NOT-FOR-US: Fortinet
CVE-2022-27482 (A improper neutralization of special elements used in an os command (' ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2022-27481 (A vulnerability has been identified in SCALANCE W1788-1 M12 (All versi ...)
NOT-FOR-US: Siemens SCALANCE
CVE-2022-27480 (A vulnerability has been identified in SICAM A8000 CP-8031 (All versio ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d65cf65bbf275e6a2bd0d628b88ed6a9cd94385b
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d65cf65bbf275e6a2bd0d628b88ed6a9cd94385b
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230217/f9b8e3e7/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list