[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Thu Jan 19 17:33:12 GMT 2023
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
a8702552 by Moritz Muehlenhoff at 2023-01-19T18:32:48+01:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -26705,9 +26705,9 @@ CVE-2022-41958 (super-xray is a web vulnerability scanning tool. Versions prior
CVE-2022-41957 (Muhammara is a node module with c/cpp bindings to modify PDF with Java ...)
NOT-FOR-US: Muhammara Nodejs module
CVE-2022-41956 (Autolab is a course management service, initially developed by a team ...)
- TODO: check
+ NOT-FOR-US: Autolab
CVE-2022-41955 (Autolab is a course management service, initially developed by a team ...)
- TODO: check
+ NOT-FOR-US: Autolab
CVE-2022-41954 (MPXJ is an open source library to read and write project plans from a ...)
NOT-FOR-US: MPXJ
CVE-2022-41953 (Git GUI is a convenient graphical tool that comes with Git for Windows ...)
@@ -27148,7 +27148,7 @@ CVE-2022-41809
CVE-2022-41779 (Delta Electronics InfraSuite Device Master versions 00.00.01a and prio ...)
NOT-FOR-US: Delta Electronics
CVE-2022-41778 (Delta Electronics InfraSuite Device Master versions 00.00.01a and prio ...)
- TODO: check
+ NOT-FOR-US: Delta Electronics
CVE-2022-41776 (Delta Electronics InfraSuite Device Master versions 00.00.01a and prio ...)
NOT-FOR-US: Delta Electronics
CVE-2022-41773 (The affected product DIAEnergie (versions prior to v1.9.01.002) is vul ...)
@@ -27184,7 +27184,7 @@ CVE-2022-41629 (Delta Electronics InfraSuite Device Master versions 00.00.01a an
CVE-2022-41627 (The physical IoT device of the AliveCor's KardiaMobile, a smartphone-b ...)
NOT-FOR-US: AliveCor
CVE-2022-41613 (Bentley Systems MicroStation Connect versions 10.17.0.209 and prior ar ...)
- TODO: check
+ NOT-FOR-US: Bentley
CVE-2022-41607 (All versions of ETIC Telecom Remote Access Server (RAS) 4.5.0 and prio ...)
NOT-FOR-US: ETIC Telecom Remote Access Server (RAS)
CVE-2022-41555 (The affected product DIAEnergie (versions prior to v1.9.01.002) is vul ...)
@@ -27204,7 +27204,7 @@ CVE-2022-40204 (A cross-site scripting (XSS) vulnerability exists in all current
CVE-2022-40202 (The database backup function in Delta Electronics InfraSuite Device Ma ...)
NOT-FOR-US: Delta Electronics
CVE-2022-40201 (Bentley Systems MicroStation Connect versions 10.17.0.209 and prior ar ...)
- TODO: check
+ NOT-FOR-US: Bentley
CVE-2022-40190 (SAUTER Controls moduWeb firmware version 2.7.1 is vulnerable to reflec ...)
NOT-FOR-US: SAUTER Controls moduWeb firmware
CVE-2022-38355 (Daikin SVMPC1 version 2.1.22 and prior and SVMPC2 version 1.2.3 and pr ...)
@@ -27680,7 +27680,7 @@ CVE-2022-40128 (Cross-Site Request Forgery (CSRF) vulnerability in Advanced Orde
CVE-2022-39044 (Hidden functionality vulnerability in multiple Buffalo network devices ...)
NOT-FOR-US: Buffalo
CVE-2022-38467 (Reflected Cross-Site Scripting (XSS) vulnerability in CRM Perks Forms ...)
- TODO: check
+ NOT-FOR-US: CRM Perks
CVE-2022-38456
RESERVED
CVE-2022-38141
@@ -27743,7 +27743,7 @@ CVE-2022-3330 (It was possible for a guest user to read a todo targeting an inac
CVE-2022-3329
RESERVED
CVE-2022-30544 (Cross-Site Request Forgery (CSRF) in MiKa's OSM – OpenStreetMap ...)
- TODO: check
+ NOT-FOR-US: MiKa
CVE-2022-27628
RESERVED
CVE-2022-26375 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Mamm ...)
@@ -28188,7 +28188,7 @@ CVE-2022-41419 (Bento4 v1.6.0-639 was discovered to contain a memory leak via th
CVE-2022-41418 (An issue in the component BlogEngine/BlogEngine.NET/AppCode/Api/Upload ...)
NOT-FOR-US: BlogEngine.NET
CVE-2022-41417 (BlogEngine.NET v3.3.8.0 allows an attacker to create any folder with " ...)
- TODO: check
+ NOT-FOR-US: BlogEngine.NET
CVE-2022-41416 (Online Tours & Travels Management System v1.0 was discovered to co ...)
NOT-FOR-US: Online Tours & Travels Management System
CVE-2022-41415 (Acer Altos W2000h-W570h F4 R01.03.0018 was discovered to contain a sta ...)
@@ -30435,15 +30435,15 @@ CVE-2022-40522
CVE-2022-40521
RESERVED
CVE-2022-40520 (Memory corruption due to stack-based buffer overflow in Core ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2022-40519 (Information disclosure due to buffer overread in Core ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2022-40518 (Information disclosure due to buffer overread in Core ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2022-40517 (Memory corruption in core due to stack-based buffer overflow ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2022-40516 (Memory corruption in Core due to stack-based buffer overflow. ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2022-40515
RESERVED
CVE-2022-40514
@@ -30869,7 +30869,7 @@ CVE-2022-40320 (cfg_tilde_expand in confuse.c in libConfuse 3.3 has a heap-based
NOTE: https://github.com/libconfuse/libconfuse/issues/163
NOTE: Fixed by: https://github.com/libconfuse/libconfuse/commit/d73777c2c3566fb2647727bb56d9a2295b81669b
CVE-2022-40319 (The LISTSERV 17 web interface allows remote attackers to conduct Insec ...)
- TODO: check
+ NOT-FOR-US: LISTSERV
CVE-2022-40318
RESERVED
CVE-2022-40317 (OpenKM 6.3.11 allows stored XSS related to the javascript: s ...)
@@ -31227,11 +31227,11 @@ CVE-2022-3162
NOTE: Server components no longer built since 1.20.5+really1.20.2-1, marking that as fixed version
NOTE: The source package itself it still vulnerable, but custom rebuilds are not really a usecase here
CVE-2022-3161 (The APDFL.dll contains a memory corruption vulnerability while parsing ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2022-3160 (The APDFL.dll contains an out-of-bounds write past the fixed-length he ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2022-3159 (The APDFL.dll contains a stack-based buffer overflow vulnerability tha ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2022-3158 (Rockwell Automation FactoryTalk VantagePoint versions 8.0, 8.10, 8.20, ...)
NOT-FOR-US: Rockwell Automation
CVE-2022-3157 (A vulnerability exists in the Rockwell Automation controllers that all ...)
@@ -31382,7 +31382,7 @@ CVE-2022-3146
RESERVED
NOT-FOR-US: tripleo-ansible
CVE-2022-3145 (An open redirect vulnerability exists in Okta OIDC Middleware prior to ...)
- TODO: check
+ NOT-FOR-US: Okta
CVE-2022-3144 (The Wordfence Security – Firewall & Malware Scan plugin for ...)
NOT-FOR-US: WordPress plugin
CVE-2022-3143 (wildfly-elytron: possible timing attacks via use of unsafe comparator. ...)
@@ -31570,7 +31570,7 @@ CVE-2022-40051
CVE-2022-40050 (ZFile v4.1.1 was discovered to contain an arbitrary file upload vulner ...)
NOT-FOR-US: ZFile
CVE-2022-40049 (SQL injection vulnerability in sourcecodester Theme Park Ticketing Sys ...)
- TODO: check
+ NOT-FOR-US: Theme Park Ticketing System
CVE-2022-40048 (Flatpress v1.2.1 was discovered to contain a remote code execution (RC ...)
NOT-FOR-US: Flatpress
CVE-2022-40047 (Flatpress v1.2.1 was discovered to contain a reflected cross-site scri ...)
@@ -33653,17 +33653,17 @@ CVE-2022-39190 (An issue was discovered in net/netfilter/nf_tables_api.c in the
[buster] - linux <not-affected> (Vulnerable code introduced later)
NOTE: https://git.kernel.org/linus/e02f0d3970404bfea385b6edb86f2d936db0ea2b (6.0-rc3)
CVE-2022-39187 (Rumpus - FTP server version 9.0.7.1 has a Reflected cross-site scripti ...)
- TODO: check
+ NOT-FOR-US: Rumpus
CVE-2022-39186 (EXFO - BV-10 Performance Endpoint Unit misconfiguration. System config ...)
- TODO: check
+ NOT-FOR-US: EXFO
CVE-2022-39185 (EXFO - BV-10 Performance Endpoint Unit Undocumented privileged user. U ...)
- TODO: check
+ NOT-FOR-US: EXFO
CVE-2022-39184 (EXFO - BV-10 Performance Endpoint Unit authentication bypass User can ...)
- TODO: check
+ NOT-FOR-US: EXFO
CVE-2022-39183 (Moodle Plugin - SAML Auth may allow Open Redirect through unspecified ...)
- TODO: check
+ NOT-FOR-US: Moodle plugin
CVE-2022-39182 (H C Mingham-Smith Ltd - Tardis 2000 Privilege escalation.Version 1.6 i ...)
- TODO: check
+ NOT-FOR-US: H C Mingham-Smith Ltd - Tardis 2000
CVE-2022-39181 (GLPI - Reports plugin for GLPI Reflected Cross-Site-Scripting (RXSS). ...)
NOT-FOR-US: GLPI plugin
CVE-2022-39180 (College Management System v1.0 - SQL Injection (SQLi). By inserting SQ ...)
@@ -33732,7 +33732,7 @@ CVE-2022-3093
CVE-2022-3092 (GE CIMPICITY versions 2022 and prior is vulnerable to an out-of-bounds ...)
NOT-FOR-US: GE CIMPICITY
CVE-2022-3091 (RONDS EPM version 1.19.5 has a vulnerability in which a function could ...)
- TODO: check
+ NOT-FOR-US: RONDS EPM
CVE-2022-3090 (Red Lion Controls Crimson 3.0 versions 707.000 and prior, Crimson 3.1 ...)
NOT-FOR-US: Red Lion Controls Crimson
CVE-2022-3089
@@ -33740,11 +33740,11 @@ CVE-2022-3089
CVE-2022-3088 (UC-8100A-ME-T System Image: Versions v1.0 to v1.6, UC-2100 System Imag ...)
NOT-FOR-US: Moxa
CVE-2022-3087 (Fuji Electric Tellus Lite V-Simulator versions 4.0.12.0 and prior are ...)
- TODO: check
+ NOT-FOR-US: Fuji
CVE-2022-3086 (Cradlepoint IBR600 NCOS versions 6.5.0.160bc2e and prior are vulnerabl ...)
NOT-FOR-US: Moxa
CVE-2022-3085 (Fuji Electric Tellus Lite V-Simulator versions 4.0.12.0 and prior are ...)
- TODO: check
+ NOT-FOR-US: Fuji
CVE-2022-3084 (GE CIMPICITY versions 2022 and prior is vulnerable when data from a fa ...)
NOT-FOR-US: GE CIMPICITY
CVE-2022-3083
@@ -33843,11 +33843,11 @@ CVE-2022-39120 (In sensor driver, there is a possible out of bounds write due to
CVE-2022-39119 (In network service, there is a missing permission check. This could le ...)
NOT-FOR-US: Unisoc
CVE-2022-39118 (In sprd_sysdump driver, there is a possible out of bounds write due to ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-39117 (In messaging service, there is a missing permission check. This could ...)
NOT-FOR-US: Unisoc
CVE-2022-39116 (In sprd_sysdump driver, there is a possible out of bounds write due to ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-39115 (In Music service, there is a missing permission check. This could lead ...)
NOT-FOR-US: Unisoc
CVE-2022-39114 (In Music service, there is a missing permission check. This could lead ...)
@@ -33871,7 +33871,7 @@ CVE-2022-39106 (In sensor driver, there is a possible out of bounds write due to
CVE-2022-39105 (In sensor driver, there is a possible out of bounds write due to a mis ...)
NOT-FOR-US: Unisoc
CVE-2022-39104 (In contacts service, there is a missing permission check. This could l ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-39103 (In Gallery service, there is a missing permission check. This could le ...)
NOT-FOR-US: Unisoc
CVE-2022-39102 (In power management service, there is a missing permission check. This ...)
@@ -33903,21 +33903,21 @@ CVE-2022-39090 (In power management service, there is a missing permission check
CVE-2022-39089
RESERVED
CVE-2022-39088 (In network service, there is a missing permission check. This could le ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-39087 (In network service, there is a missing permission check. This could le ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-39086 (In network service, there is a missing permission check. This could le ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-39085 (In network service, there is a missing permission check. This could le ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-39084 (In network service, there is a missing permission check. This could le ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-39083 (In network service, there is a missing permission check. This could le ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-39082 (In network service, there is a missing permission check. This could le ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-39081 (In network service, there is a missing permission check. This could le ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-39080 (In messaging service, there is a missing permission check. This could ...)
NOT-FOR-US: Unisoc
CVE-2022-3082 (The miniOrange Discord Integration WordPress plugin before 2.1.6 does ...)
@@ -33990,9 +33990,9 @@ CVE-2022-39075
CVE-2022-39074
RESERVED
CVE-2022-39073 (There is a command injection vulnerability in ZTE MF286R, Due to insuf ...)
- TODO: check
+ NOT-FOR-US: ZTE
CVE-2022-39072 (There is a SQL injection vulnerability in Some ZTE Mobile Internet pro ...)
- TODO: check
+ NOT-FOR-US: ZTE
CVE-2022-39071
RESERVED
CVE-2022-39070 (There is an access control vulnerability in some ZTE PON OLT products. ...)
@@ -34858,7 +34858,7 @@ CVE-2022-38775
CVE-2022-38774
RESERVED
CVE-2022-38773 (Affected devices do not contain an Immutable Root of Trust in Hardware ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2022-3010
RESERVED
CVE-2022-3009
@@ -35234,11 +35234,11 @@ CVE-2022-38686
CVE-2022-38685
RESERVED
CVE-2022-38684 (In contacts service, there is a missing permission check. This could l ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-38683 (In contacts service, there is a missing permission check. This could l ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-38682 (In contacts service, there is a missing permission check. This could l ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-38681
RESERVED
CVE-2022-38680
@@ -35246,7 +35246,7 @@ CVE-2022-38680
CVE-2022-38679 (In music service, there is a missing permission check. This could lead ...)
NOT-FOR-US: Unisoc
CVE-2022-38678 (In contacts service, there is a missing permission check. This could l ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-38677 (In cell service, there is a missing permission check. This could lead ...)
NOT-FOR-US: Unisoc
CVE-2022-38676 (In gpu driver, there is a possible out of bounds write due to a missin ...)
@@ -35732,13 +35732,13 @@ CVE-2022-38493 (Rhonabwy 0.9.99 through 1.1.x before 1.1.7 doesn't check the RSA
[bullseye] - rhonabwy <not-affected> (Vulnerable code not present)
NOTE: https://github.com/babelouest/rhonabwy/commit/dd528b3aabd13863f855a68e76966e4e019fc399
CVE-2022-38492 (An issue was discovered in EasyVista 2020.2.125.3 and 2022.1.109.0.03 ...)
- TODO: check
+ NOT-FOR-US: EasyVista
CVE-2022-38491 (An issue was discovered in EasyVista 2020.2.125.3 and 2022.1.109.0.03. ...)
- TODO: check
+ NOT-FOR-US: EasyVista
CVE-2022-38490 (An issue was discovered in EasyVista 2020.2.125.3 and 2022.1.109.0.03. ...)
- TODO: check
+ NOT-FOR-US: EasyVista
CVE-2022-38489 (An issue was discovered in EasyVista 2020.2.125.3 before 2022.1.110.1. ...)
- TODO: check
+ NOT-FOR-US: EasyVista
CVE-2022-38488 (logrocket-oauth2-example through 2020-05-27 allows SQL injection via t ...)
NOT-FOR-US: logrocket-oauth2-example
CVE-2022-38487
@@ -35756,9 +35756,9 @@ CVE-2022-38484
CVE-2022-38483
RESERVED
CVE-2022-38482 (A link-manipulation issue was discovered in Mega HOPEX 15.2.0.6110 bef ...)
- TODO: check
+ NOT-FOR-US: Mega HOPEX
CVE-2022-38481 (An issue was discovered in Mega HOPEX 15.2.0.6110 before V5CP2. The ap ...)
- TODO: check
+ NOT-FOR-US: Mega HOPEX
CVE-2022-38480
RESERVED
CVE-2022-38479
@@ -36033,7 +36033,7 @@ CVE-2022-2895 (Measuresoft ScadaPro Server (All Versions) uses unmaintained Acti
CVE-2022-2894 (Measuresoft ScadaPro Server (All Versions) uses unmaintained ActiveX c ...)
NOT-FOR-US: Measuresoft ScadaPro
CVE-2022-2893 (RONDS EPM version 1.19.5 does not properly validate the filename param ...)
- TODO: check
+ NOT-FOR-US: RONDS EPM
CVE-2022-2892 (Measuresoft ScadaPro Server (Versions prior to 6.8.0.1) uses an unmain ...)
NOT-FOR-US: Measuresoft ScadaPro
CVE-2021-46834 (A permission bypass vulnerability in Huawei cross device task manageme ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a8702552952aacbe28de338a86ab8a7033f4432b
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a8702552952aacbe28de338a86ab8a7033f4432b
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230119/beda74b0/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list