[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Mar 30 21:02:42 BST 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
040fc5cf by Salvatore Bonaccorso at 2023-03-30T22:02:20+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -8034,11 +8034,11 @@ CVE-2023-26314 (The mono package before 6.8.0.105+dfsg-3.3 for Debian allows arb
CVE-2023-26293
RESERVED
CVE-2023-26292 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: Forcepoint
CVE-2023-26291 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: Forcepoint
CVE-2023-26290 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: Forcepoint
CVE-2023-26289
RESERVED
CVE-2023-26288
@@ -11389,7 +11389,7 @@ CVE-2023-0667
CVE-2023-0666
RESERVED
CVE-2023-0665 (HashiCorp Vault's PKI mount issuer endpoints did not correctly authori ...)
- TODO: check
+ NOT-FOR-US: HashiCorp Vault
CVE-2023-0664 (A flaw was found in the QEMU Guest Agent service for Windows. A local ...)
- qemu <not-affected> (Windows specific issue)
CVE-2023-0663 (A vulnerability was found in Calendar Event Management System 2.3.0. I ...)
@@ -11862,9 +11862,9 @@ CVE-2023-0622 (Cscape Envision RV version 4.60 is vulnerable to an out-of-bounds
CVE-2023-0621 (Cscape Envision RV version 4.60 is vulnerable to an out-of-bounds read ...)
NOT-FOR-US: Cscape Envision RV
CVE-2023-0620 (HashiCorp Vault and Vault Enterprise versions 0.8.0 through 1.13.1 are ...)
- TODO: check
+ NOT-FOR-US: HashiCorp Vault
CVE-2023-25000 (HashiCorp Vault's implementation of Shamir's secret sharing used preco ...)
- TODO: check
+ NOT-FOR-US: HashiCorp Vault
CVE-2023-24999 (HashiCorp Vault and Vault Enterprise’s approle auth method allow ...)
NOT-FOR-US: Vault
CVE-2023-24998 (Apache Commons FileUpload before 1.5 does not limit the number of requ ...)
@@ -13871,7 +13871,7 @@ CVE-2023-24310
CVE-2023-24309
RESERVED
CVE-2023-24308 (A potential memory vulnerability due to insufficient input validation ...)
- TODO: check
+ NOT-FOR-US: PDF-XChange Editor
CVE-2023-24307
RESERVED
CVE-2023-24306
@@ -37323,7 +37323,7 @@ CVE-2022-43652
CVE-2022-43651
RESERVED
CVE-2022-43650 (This vulnerability allows remote attackers to disclose sensitive infor ...)
- TODO: check
+ NOT-FOR-US: RARLAB WinRAR
CVE-2022-43649 (This vulnerability allows remote attackers to execute arbitrary code o ...)
NOT-FOR-US: Foxit PDF Reader
CVE-2022-43648 (This vulnerability allows network-adjacent attackers to execute arbitr ...)
@@ -37387,27 +37387,27 @@ CVE-2022-43620 (This vulnerability allows network-adjacent attackers to bypass a
CVE-2022-43619 (This vulnerability allows network-adjacent attackers to execute arbitr ...)
NOT-FOR-US: D-Link
CVE-2022-43618 (This vulnerability allows remote attackers to execute arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: Corel CorelDRAW Graphics Suite
CVE-2022-43617 (This vulnerability allows remote attackers to execute arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: Corel CorelDRAW Graphics Suite
CVE-2022-43616 (This vulnerability allows remote attackers to execute arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: Corel CorelDRAW Graphics Suite
CVE-2022-43615 (This vulnerability allows remote attackers to disclose sensitive infor ...)
- TODO: check
+ NOT-FOR-US: Corel CorelDRAW Graphics Suite
CVE-2022-43614 (This vulnerability allows remote attackers to execute arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: Corel CorelDRAW Graphics Suite
CVE-2022-43613 (This vulnerability allows remote attackers to execute arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: Corel CorelDRAW Graphics Suite
CVE-2022-43612 (This vulnerability allows remote attackers to disclose sensitive infor ...)
- TODO: check
+ NOT-FOR-US: Corel CorelDRAW Graphics Suite
CVE-2022-43611 (This vulnerability allows remote attackers to disclose sensitive infor ...)
- TODO: check
+ NOT-FOR-US: Corel CorelDRAW Graphics Suite
CVE-2022-43610 (This vulnerability allows remote attackers to disclose sensitive infor ...)
- TODO: check
+ NOT-FOR-US: Corel CorelDRAW Graphics Suite
CVE-2022-43609 (This vulnerability allows remote attackers to execute arbitrary code o ...)
TODO: check
CVE-2022-43608 (This vulnerability allows network-adjacent attackers to execute arbitr ...)
- TODO: check
+ NOT-FOR-US: Canon
CVE-2022-3661 (Insufficient data validation in Extensions in Google Chrome prior to 1 ...)
{DSA-5261-1}
- chromium 107.0.5304.68-1
@@ -37469,11 +37469,11 @@ CVE-2022-3649 (A vulnerability was found in Linux Kernel. It has been classified
CVE-2022-43607
RESERVED
CVE-2022-43606 (A use-of-uninitialized-pointer vulnerability exists in the Forward Ope ...)
- TODO: check
+ NOT-FOR-US: EIP Stack Group OpENer
CVE-2022-43605 (An out-of-bounds write vulnerability exists in the SetAttributeList at ...)
- TODO: check
+ NOT-FOR-US: EIP Stack Group OpENer
CVE-2022-43604 (An out-of-bounds write vulnerability exists in the GetAttributeList at ...)
- TODO: check
+ NOT-FOR-US: EIP Stack Group OpENer
CVE-2022-43603 (A denial of service vulnerability exists in the ZfileOutput::close() f ...)
[experimental] - openimageio 2.4.7.1+dfsg-1
- openimageio 2.4.7.1+dfsg-2 (bug #1027808)
@@ -40829,7 +40829,7 @@ CVE-2022-42449
CVE-2022-42448
RESERVED
CVE-2022-42447 (HCL Compass is vulnerable to Cross-Origin Resource Sharing (CORS). Thi ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2022-42446 (Starting with Sametime 12, anonymous users are enabled by default. Aft ...)
NOT-FOR-US: HCL
CVE-2022-42445 (HCL Launch could allow a user with administrative privileges, includin ...)
@@ -40855,13 +40855,13 @@ CVE-2022-42436 (IBM MQ 8.0.0, 9.0.0, 9.1.0, 9.2.0, 9.3.0 Managed File Transfer c
CVE-2022-42435 (IBM Business Automation Workflow 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0. ...)
NOT-FOR-US: IBM
CVE-2022-42433 (This vulnerability allows network-adjacent attackers to execute arbitr ...)
- TODO: check
+ NOT-FOR-US: TP-Link
CVE-2022-42432 (This vulnerability allows local attackers to disclose sensitive inform ...)
TODO: check
CVE-2022-42431 (This vulnerability allows local attackers to escalate privileges on af ...)
- TODO: check
+ NOT-FOR-US: Tesla vehicles
CVE-2022-42430 (This vulnerability allows local attackers to escalate privileges on af ...)
- TODO: check
+ NOT-FOR-US: Tesla vehicles
CVE-2022-42429 (This vulnerability allows remote attackers to escalate privileges on a ...)
TODO: check
CVE-2022-42428 (This vulnerability allows remote attackers to escalate privileges on a ...)
@@ -45607,7 +45607,7 @@ CVE-2022-40637 (This vulnerability allows remote attackers to execute arbitrary
CVE-2022-40636 (This vulnerability allows remote attackers to execute arbitrary code o ...)
NOT-FOR-US: Ansys SpaceClaim
CVE-2022-3210 (This vulnerability allows network-adjacent attackers to execute arbitr ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2022-31735 (OpenAM Consortium Edition version 14.0.0 provided by OpenAM Consortium ...)
NOT-FOR-US: OpenAM (different from src:openam)
CVE-2021-46838
@@ -46652,7 +46652,7 @@ CVE-2022-38086 (Cross-Site Request Forgery (CSRF) vulnerability in Shortcodes Ul
CVE-2022-38085 (Cross-Site Request Forgery (CSRF) vulnerability in Read more By Adam p ...)
NOT-FOR-US: WordPress plugin
CVE-2022-38077 (Cross-Site Request Forgery (CSRF) vulnerability in WP OnlineSupport, E ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-37342 (Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability ...)
NOT-FOR-US: WordPress plugin
CVE-2022-36790
@@ -49230,7 +49230,7 @@ CVE-2022-39161
CVE-2022-39160 (IBM Cognos Analytics 11.2.1, 11.2.0, and 11.1.7 is vulnerable to cross ...)
NOT-FOR-US: IBM
CVE-2022-3093 (This vulnerability allows physical attackers to execute arbitrary code ...)
- TODO: check
+ NOT-FOR-US: Tesla vehicles
CVE-2022-3092 (GE CIMPICITY versions 2022 and prior is vulnerable to an out-of-bounds ...)
NOT-FOR-US: GE CIMPICITY
CVE-2022-3091 (RONDS EPM version 1.19.5 has a vulnerability in which a function could ...)
@@ -49578,7 +49578,7 @@ CVE-2022-3061 (Found Linux Kernel flaw in the i740 driver. The Userspace program
- linux 5.18.2-1
NOTE: https://git.kernel.org/linus/15cf0b82271b1823fb02ab8c377badba614d95d5 (5.18-rc5)
CVE-2022-39043 (Juiker app stores debug logs which contains sensitive information to m ...)
- TODO: check
+ NOT-FOR-US: Juiker app stores
CVE-2022-39042 (aEnrich a+HRD has improper validation for login function. An unauthent ...)
NOT-FOR-US: aEnrich a+HRD
CVE-2022-39041 (aEnrich a+HRD has insufficient user input validation for specific API ...)
@@ -51813,7 +51813,7 @@ CVE-2022-2849 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to
NOTE: https://github.com/vim/vim/commit/f6d39c31d2177549a986d170e192d8351bd571e2 (v9.0.0220)
NOTE: Crash in CLI tool, no security impact
CVE-2022-2848 (This vulnerability allows remote attackers to execute arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: PTC
CVE-2022-2847 (A vulnerability, which was classified as critical, has been found in S ...)
NOT-FOR-US: SourceCodester Guest Management System
CVE-2022-2846 (The Calendar Event Multi View WordPress plugin before 1.4.07 does not ...)
@@ -51998,7 +51998,7 @@ CVE-2022-38306 (LIEF commit 5d1d643 was discovered to contain a heap-buffer over
CVE-2022-36403 (Untrusted search path vulnerability in the installer of Device Softwar ...)
NOT-FOR-US: Ricoh
CVE-2022-2825 (This vulnerability allows remote attackers to execute arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: PTC
CVE-2022-2824 (Improper Access Control in GitHub repository openemr/openemr prior to ...)
NOT-FOR-US: OpenEMR
CVE-2022-2823 (The Slider, Gallery, and Carousel by MetaSlider WordPress plugin befor ...)
@@ -54465,91 +54465,91 @@ CVE-2022-37392 (Improper Check for Unusual or Exceptional Conditions vulnerabili
NOTE: https://github.com/apache/trafficserver/commit/3b9cbf873a77bb7f9297f2b16496a290e0cf7de1 (master)
NOTE: https://github.com/apache/trafficserver/commit/0ba19c72b70a25e3dfbbc3f507427314ba2afd80 (v9.1.x)
CVE-2022-37391 (This vulnerability allows remote attackers to execute arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: Foxit PDF Reader
CVE-2022-37390 (This vulnerability allows remote attackers to execute arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: Foxit PDF Reader
CVE-2022-37389 (This vulnerability allows remote attackers to execute arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: Foxit PDF Reader
CVE-2022-37388 (This vulnerability allows remote attackers to execute arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: Foxit PDF Reader
CVE-2022-37387 (This vulnerability allows remote attackers to execute arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: Foxit PDF Reader
CVE-2022-37386 (This vulnerability allows remote attackers to disclose sensitive infor ...)
- TODO: check
+ NOT-FOR-US: Foxit PDF Reader
CVE-2022-37385 (This vulnerability allows remote attackers to execute arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: Foxit PDF Reader
CVE-2022-37384 (This vulnerability allows remote attackers to execute arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: Foxit PDF Reader
CVE-2022-37383 (This vulnerability allows remote attackers to disclose sensitive infor ...)
- TODO: check
+ NOT-FOR-US: Foxit PDF Reader
CVE-2022-37382 (This vulnerability allows remote attackers to disclose sensitive infor ...)
- TODO: check
+ NOT-FOR-US: Foxit PDF Reader
CVE-2022-37381 (This vulnerability allows remote attackers to execute arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: Foxit PDF Reader
CVE-2022-37380 (This vulnerability allows remote attackers to disclose sensitive infor ...)
- TODO: check
+ NOT-FOR-US: Foxit PDF Reader
CVE-2022-37379 (This vulnerability allows remote attackers to disclose sensitive infor ...)
- TODO: check
+ NOT-FOR-US: Foxit PDF Reader
CVE-2022-37378 (This vulnerability allows remote attackers to execute arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: Foxit PDF Reader
CVE-2022-37377 (This vulnerability allows remote attackers to execute arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: Foxit PDF Reader
CVE-2022-37376 (This vulnerability allows remote attackers to disclose sensitive infor ...)
- TODO: check
+ NOT-FOR-US: Foxit PDF Reader
CVE-2022-37375 (This vulnerability allows remote attackers to disclose sensitive infor ...)
- TODO: check
+ NOT-FOR-US: PDF-XChange Editor
CVE-2022-37374 (This vulnerability allows remote attackers to execute arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: PDF-XChange Editor
CVE-2022-37373 (This vulnerability allows remote attackers to disclose sensitive infor ...)
- TODO: check
+ NOT-FOR-US: PDF-XChange Editor
CVE-2022-37372 (This vulnerability allows remote attackers to execute arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: PDF-XChange Editor
CVE-2022-37371 (This vulnerability allows remote attackers to execute arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: PDF-XChange Editor
CVE-2022-37370 (This vulnerability allows remote attackers to disclose sensitive infor ...)
- TODO: check
+ NOT-FOR-US: PDF-XChange Editor
CVE-2022-37369 (This vulnerability allows remote attackers to execute arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: PDF-XChange Editor
CVE-2022-37368 (This vulnerability allows remote attackers to disclose sensitive infor ...)
- TODO: check
+ NOT-FOR-US: PDF-XChange Editor
CVE-2022-37367 (This vulnerability allows remote attackers to execute arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: PDF-XChange Editor
CVE-2022-37366 (This vulnerability allows remote attackers to execute arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: PDF-XChange Editor
CVE-2022-37365 (This vulnerability allows remote attackers to execute arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: PDF-XChange Editor
CVE-2022-37364 (This vulnerability allows remote attackers to execute arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: PDF-XChange Editor
CVE-2022-37363 (This vulnerability allows remote attackers to execute arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: PDF-XChange Editor
CVE-2022-37362 (This vulnerability allows remote attackers to execute arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: PDF-XChange Editor
CVE-2022-37361 (This vulnerability allows remote attackers to disclose sensitive infor ...)
- TODO: check
+ NOT-FOR-US: PDF-XChange Editor
CVE-2022-37360 (This vulnerability allows remote attackers to disclose sensitive infor ...)
- TODO: check
+ NOT-FOR-US: PDF-XChange Editor
CVE-2022-37359 (This vulnerability allows remote attackers to execute arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: PDF-XChange Editor
CVE-2022-37358 (This vulnerability allows remote attackers to execute arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: PDF-XChange Editor
CVE-2022-37357 (This vulnerability allows remote attackers to execute arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: PDF-XChange Editor
CVE-2022-37356 (This vulnerability allows remote attackers to execute arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: PDF-XChange Editor
CVE-2022-37355 (This vulnerability allows remote attackers to execute arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: PDF-XChange Editor
CVE-2022-37354 (This vulnerability allows remote attackers to execute arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: PDF-XChange Editor
CVE-2022-37353 (This vulnerability allows remote attackers to disclose sensitive infor ...)
- TODO: check
+ NOT-FOR-US: PDF-XChange Editor
CVE-2022-37352 (This vulnerability allows remote attackers to disclose sensitive infor ...)
- TODO: check
+ NOT-FOR-US: PDF-XChange Editor
CVE-2022-37351 (This vulnerability allows remote attackers to disclose sensitive infor ...)
- TODO: check
+ NOT-FOR-US: PDF-XChange Editor
CVE-2022-37350 (This vulnerability allows remote attackers to execute arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: PDF-XChange Editor
CVE-2022-37349 (This vulnerability allows remote attackers to execute arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: PDF-XChange Editor
CVE-2022-2633 (The All-in-One Video Gallery plugin for WordPress is vulnerable to arb ...)
NOT-FOR-US: All-in-One Video Gallery plugin for WordPress
CVE-2022-2632
@@ -55626,35 +55626,35 @@ CVE-2022-36985 (An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2
CVE-2022-36984 (An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, ...)
NOT-FOR-US: Veritas
CVE-2022-36983 (This vulnerability allows remote attackers to bypass authentication on ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2022-36982 (This vulnerability allows remote attackers to read arbitrary files on ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2022-36981 (This vulnerability allows remote attackers to execute arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2022-36980 (This vulnerability allows remote attackers to bypass authentication on ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2022-36979 (This vulnerability allows remote attackers to bypass authentication on ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2022-36978 (This vulnerability allows remote attackers to execute arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2022-36977 (This vulnerability allows remote attackers to execute arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2022-36976 (This vulnerability allows remote attackers to bypass authentication on ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2022-36975 (This vulnerability allows remote attackers to bypass authentication on ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2022-36974 (This vulnerability allows remote attackers to execute arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2022-36973 (This vulnerability allows remote attackers to bypass authentication on ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2022-36972 (This vulnerability allows remote attackers to bypass authentication on ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2022-36971 (This vulnerability allows remote attackers to execute arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2022-36970 (This vulnerability allows remote attackers to execute arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: AVEVA
CVE-2022-36969 (This vulnerability allows remote attackers to disclose sensitive infor ...)
- TODO: check
+ NOT-FOR-US: AVEVA
CVE-2022-36968 (In Progress WS_FTP Server prior to version 8.7.3, forms within the adm ...)
NOT-FOR-US: Progress WS_FTP Server
CVE-2022-36967 (In Progress WS_FTP Server prior to version 8.7.3, multiple reflected c ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/040fc5cfce4742e5a07290e55f529734287b8175
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/040fc5cfce4742e5a07290e55f529734287b8175
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230330/a62f9747/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list