Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
da5108f1 by Salvatore Bonaccorso at 2022-03-09T21:54:57+01:00
Process several NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -3755,7 +3755,7 @@ CVE-2022-25306 (The WP Statistics WordPress plugin is
vulnerable to Cross-Site S
CVE-2022-25305 (The WP Statistics WordPress plugin is vulnerable to Cross-Site
Scripti ...)
NOT-FOR-US: WordPress plugin
CVE-2022-21158 (A stored cross-site scripting vulnerability in marktext
versions prior ...)
- TODO: check
+ NOT-FOR-US: marktext
CVE-2022-0674
RESERVED
CVE-2022-0673 (A flaw was found in LemMinX in versions prior to 0.19.0. Cache
poisoni ...)
@@ -4096,13 +4096,13 @@ CVE-2022-25214 (Improper access control on the
LocalClientList.asp interface all
CVE-2022-25213 (Improper physical access control and use of hard-coded
credentials in ...)
TODO: check
CVE-2022-24915 (The absence of filters when loading some sections in the web
applicati ...)
- TODO: check
+ NOT-FOR-US: IPCOMM
CVE-2022-24432 (Persistent cross-site scripting (XSS) in the web interface of
ipDIO al ...)
- TODO: check
+ NOT-FOR-US: IPCOMM
CVE-2022-22985 (The absence of filters when loading some sections in the web
applicati ...)
- TODO: check
+ NOT-FOR-US: IPCOMM
CVE-2022-21146 (Persistent cross-site scripting in the web interface of ipDIO
allows a ...)
- TODO: check
+ NOT-FOR-US: IPCOMM
CVE-2022-0623 (Out-of-bounds Read in Homebrew mruby prior to 3.2. ...)
- mruby <not-affected> (Vulnerable code introduced later)
NOTE:
https://github.com/mruby/mruby/commit/ff3a5ebed6ffbe3e70481531cfb969b497aa73ad
@@ -4490,7 +4490,7 @@ CVE-2022-25092
CVE-2022-25091
RESERVED
CVE-2022-25090 (Printix Secure Cloud Print Management 1.3.1035.0 creates a
temporary f ...)
- TODO: check
+ NOT-FOR-US: Printix Secure Cloud Print Management
CVE-2022-25089 (Printix Secure Cloud Print Management through 1.3.1106.0
incorrectly u ...)
NOT-FOR-US: Printix Secure Cloud Print Management
CVE-2022-25088
@@ -4690,7 +4690,7 @@ CVE-2022-24997
CVE-2022-24996
RESERVED
CVE-2022-24995 (Tenda AX3 v16.03.12.10_CN was discovered to contain a stack
overflow i ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2022-24994
RESERVED
CVE-2022-24993
@@ -4863,7 +4863,7 @@ CVE-2020-22592
CVE-2022-24961 (In Portainer Agent before 2.11.1, an API server can continue
running e ...)
NOT-FOR-US: Portainer
CVE-2022-24960 (A use after free vulnerability was discovered in PDFTron SDK
version 9 ...)
- TODO: check
+ NOT-FOR-US: PDFTron
CVE-2022-24959 (An issue was discovered in the Linux kernel before 5.16.5.
There is a ...)
{DSA-5096-1 DSA-5092-1 DLA-2941-1}
- linux 5.16.7-1
@@ -5791,25 +5791,25 @@ CVE-2022-24611
CVE-2022-24610 (Settings/network settings/wireless settings on the Alecto
DVC-215IP ca ...)
NOT-FOR-US: Alecto
CVE-2022-24609 (Luocms v2.0 is affected by an incorrect access control
vulnerability. ...)
- TODO: check
+ NOT-FOR-US: Luocms
CVE-2022-24608 (Luocms v2.0 is affected by Cross Site Scripting (XSS) in
/admin/news/s ...)
- TODO: check
+ NOT-FOR-US: Luocms
CVE-2022-24607 (Luocms v2.0 is affected by SQL Injection in
/admin/news/news_ok.php. ...)
- TODO: check
+ NOT-FOR-US: Luocms
CVE-2022-24606 (Luocms v2.0 is affected by SQL Injection in
/admin/news/sort_ok.php. ...)
- TODO: check
+ NOT-FOR-US: Luocms
CVE-2022-24605 (Luocms v2.0 is affected by SQL Injection in
/admin/link/link_ok.php. ...)
- TODO: check
+ NOT-FOR-US: Luocms
CVE-2022-24604 (Luocms v2.0 is affected by SQL Injection in
/admin/link/link_mod.php. ...)
- TODO: check
+ NOT-FOR-US: Luocms
CVE-2022-24603 (Luocms v2.0 is affected by SQL Injection in
/admin/news/sort_mod.php. ...)
- TODO: check
+ NOT-FOR-US: Luocms
CVE-2022-24602 (Luocms v2.0 is affected by SQL Injection in
/admin/news/news_mod.php. ...)
- TODO: check
+ NOT-FOR-US: Luocms
CVE-2022-24601 (Luocms v2.0 is affected by SQL Injection in
/admin/manager/admin_mod.p ...)
- TODO: check
+ NOT-FOR-US: Luocms
CVE-2022-24600 (Luocms v2.0 is affected by SQL Injection through
/admin/login.php. An ...)
- TODO: check
+ NOT-FOR-US: Luocms
CVE-2022-24599 (In autofile Audio File Library 0.3.6, there exists one memory
leak vul ...)
- audiofile <unfixed>
[bullseye] - audiofile <no-dsa> (Minor issue)
@@ -5966,29 +5966,29 @@ CVE-2022-24528
CVE-2022-24527
RESERVED
CVE-2022-24526 (Visual Studio Code Spoofing Vulnerability. ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-24525 (Windows Update Stack Elevation of Privilege Vulnerability. ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-24524
RESERVED
CVE-2022-24523
RESERVED
CVE-2022-24522 (Skype Extension for Chrome Information Disclosure
Vulnerability. ...)
- TODO: check
+ NOT-FOR-US: Skype Extension for Chrome
CVE-2022-24521
RESERVED
CVE-2022-24520 (Azure Site Recovery Remote Code Execution Vulnerability. This
CVE ID i ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-24519 (Azure Site Recovery Elevation of Privilege Vulnerability. This
CVE ID ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-24518 (Azure Site Recovery Elevation of Privilege Vulnerability. This
CVE ID ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-24517 (Azure Site Recovery Remote Code Execution Vulnerability. This
CVE ID i ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-24516
RESERVED
CVE-2022-24515 (Azure Site Recovery Elevation of Privilege Vulnerability. This
CVE ID ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-24514
RESERVED
CVE-2022-24513
@@ -5996,27 +5996,27 @@ CVE-2022-24513
CVE-2022-24512 (.NET and Visual Studio Remote Code Execution Vulnerability.
...)
TODO: check
CVE-2022-24511 (Microsoft Office Word Tampering Vulnerability. ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-24510 (Microsoft Office Visio Remote Code Execution Vulnerability.
This CVE I ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-24509 (Microsoft Office Visio Remote Code Execution Vulnerability.
This CVE I ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-24508 (Windows SMBv3 Client/Server Remote Code Execution
Vulnerability. ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-24507 (Windows Ancillary Function Driver for WinSock Elevation of
Privilege V ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-24506 (Azure Site Recovery Elevation of Privilege Vulnerability. This
CVE ID ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-24505 (Windows ALPC Elevation of Privilege Vulnerability. This CVE ID
is uniq ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-24504
RESERVED
CVE-2022-24503 (Remote Desktop Protocol Client Information Disclosure
Vulnerability. ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-24502 (Windows HTML Platforms Security Feature Bypass Vulnerability.
...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-24501 (VP9 Video Extensions Remote Code Execution Vulnerability. This
CVE ID ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-24500
RESERVED
CVE-2022-24499
@@ -6076,47 +6076,47 @@ CVE-2022-24473
CVE-2022-24472
RESERVED
CVE-2022-24471 (Azure Site Recovery Remote Code Execution Vulnerability. This
CVE ID i ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-24470 (Azure Site Recovery Remote Code Execution Vulnerability. This
CVE ID i ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-24469 (Azure Site Recovery Elevation of Privilege Vulnerability. This
CVE ID ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-24468 (Azure Site Recovery Remote Code Execution Vulnerability. This
CVE ID i ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-24467 (Azure Site Recovery Remote Code Execution Vulnerability. This
CVE ID i ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-24466
RESERVED
CVE-2022-24465 (Microsoft Intune Portal for iOS Security Feature Bypass
Vulnerability. ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-24464 (.NET and Visual Studio Denial of Service Vulnerability. ...)
TODO: check
CVE-2022-24463 (Microsoft Exchange Server Spoofing Vulnerability. ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-24462 (Microsoft Word Security Feature Bypass Vulnerability. ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-24461 (Microsoft Office Visio Remote Code Execution Vulnerability.
This CVE I ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-24460 (Tablet Windows User Interface Application Elevation of
Privilege Vulne ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-24459 (Windows Fax and Scan Service Elevation of Privilege
Vulnerability. ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-24458
RESERVED
CVE-2022-24457 (HEIF Image Extensions Remote Code Execution Vulnerability. ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-24456 (HEVC Video Extensions Remote Code Execution Vulnerability.
This CVE ID ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-24455 (Windows CD-ROM Driver Elevation of Privilege Vulnerability.
...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-24454 (Windows Security Support Provider Interface Elevation of
Privilege Vul ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-24453 (HEVC Video Extensions Remote Code Execution Vulnerability.
This CVE ID ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-24452 (HEVC Video Extensions Remote Code Execution Vulnerability.
This CVE ID ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-24451 (VP9 Video Extensions Remote Code Execution Vulnerability. This
CVE ID ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-24450 (NATS nats-server before 2.7.2 has Incorrect Access Control.
Any authen ...)
NOT-FOR-US: nats-server
CVE-2022-24449
@@ -6207,7 +6207,7 @@ CVE-2022-0509 (Cross-site Scripting (XSS) - Stored in
Packagist pimcore/pimcore
CVE-2022-0508 (Server-Side Request Forgery (SSRF) in GitHub repository
chocobozzz/pee ...)
- peertube <itp> (bug #950821)
CVE-2022-0507 (Found a potential security vulnerability inside the Pandora
API. Affec ...)
- TODO: check
+ NOT-FOR-US: Pandora FMS
CVE-2022-0506 (Cross-site Scripting (XSS) - Stored in Packagist
microweber/microweber ...)
NOT-FOR-US: microweber
CVE-2022-0505 (Cross-Site Request Forgery (CSRF) in Packagist
microweber/microweber p ...)
@@ -6378,7 +6378,7 @@ CVE-2022-0484 (Lack of validation of URLs causes Mirantis
Container Cloud Lens E
CVE-2022-0483 (Local privilege escalation due to insecure folder permissions.
The fol ...)
NOT-FOR-US: Acronis VSS Doctor
CVE-2022-0482 (Exposure of Private Personal Information to an Unauthorized
Actor in G ...)
- TODO: check
+ NOT-FOR-US: easyappointments
CVE-2022-24372
RESERVED
CVE-2022-24371
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/da5108f1249164c43d0fce2dddfea605c3c37ba8
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/da5108f1249164c43d0fce2dddfea605c3c37ba8
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
