Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
fea1a7de by Salvatore Bonaccorso at 2022-04-09T10:23:50+02:00
Process NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -5373,7 +5373,7 @@ CVE-2022-26880
CVE-2022-26879
RESERVED
CVE-2022-26877 (Asana Desktop before 1.6.0 allows remote attackers to
exfiltrate local ...)
- TODO: check
+ NOT-FOR-US: Asana Desktop
CVE-2022-26876
RESERVED
CVE-2022-26875
@@ -5415,15 +5415,15 @@ CVE-2022-26857
CVE-2022-26856
RESERVED
CVE-2022-26855 (Dell PowerScale OneFS, versions 8.2.x-9.3.0.x, contains an
incorrect d ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2022-26854 (Dell PowerScale OneFS, versions 8.2.x-9.2.x, contain risky
cryptograph ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2022-26853
RESERVED
CVE-2022-26852 (Dell PowerScale OneFS, versions 8.2.x-9.3.x, contain a
predictable see ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2022-26851 (Dell PowerScale OneFS, 8.2.2-9.3.x, contains a predictable
file name f ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2022-0924 (Out-of-bounds Read error in tiffcp in libtiff 4.3.0 allows
attackers t ...)
{DSA-5108-1}
- tiff 4.3.0-6
@@ -6106,7 +6106,7 @@ CVE-2022-26590
CVE-2022-26589
RESERVED
CVE-2022-26588 (A Cross-Site Request Forgery (CSRF) in IceHrm 31.0.0.OS allows
attacke ...)
- TODO: check
+ NOT-FOR-US: IceHrm
CVE-2022-26587
RESERVED
CVE-2022-26586
@@ -7049,9 +7049,9 @@ CVE-2022-26253
CVE-2022-26252 (aaPanel v6.8.21 was discovered to be vulnerable to directory
traversal ...)
NOT-FOR-US: aaPanel
CVE-2022-26251 (The HTTP interface of Synaman v5.1 and below was discovered to
allow a ...)
- TODO: check
+ NOT-FOR-US: Synaman
CVE-2022-26250 (Synaman v5.1 and below was discovered to contain weak file
permissions ...)
- TODO: check
+ NOT-FOR-US: Synaman
CVE-2022-26249 (Survey King v0.3.0 does not filter data properly when
exporting excel ...)
NOT-FOR-US: Survey King
CVE-2022-26248
@@ -7192,7 +7192,7 @@ CVE-2022-26181 (Dropbox Lepton v1.2.1-185-g2a08b77 was
discovered to contain a h
- lepton <removed>
NOTE: https://github.com/dropbox/lepton/issues/154
CVE-2022-26180 (qdPM 9.2 allows Cross-Site Request Forgery (CSRF) via the
index.php/my ...)
- TODO: check
+ NOT-FOR-US: qdPM
CVE-2022-26179
RESERVED
CVE-2022-26178
@@ -8792,11 +8792,11 @@ CVE-2022-0700 (The Simple Tracking WordPress plugin
before 1.7 does not sanitise
CVE-2022-0699
RESERVED
CVE-2022-25597 (ASUS RT-AC86U’s LPD service has insufficient filtering
for speci ...)
- TODO: check
+ NOT-FOR-US: ASUS
CVE-2022-25596 (ASUS RT-AC56U’s configuration function has a heap-based
buffer o ...)
- TODO: check
+ NOT-FOR-US: ASUS
CVE-2022-25595 (ASUS RT-AC86U has improper user request handling, which allows
an unau ...)
- TODO: check
+ NOT-FOR-US: ASUS
CVE-2022-25594 (Microprogram’s parking lot management system is
vulnerable to se ...)
TODO: check
CVE-2022-25593
@@ -9258,7 +9258,7 @@ CVE-2022-25375 (An issue was discovered in
drivers/usb/gadget/function/rndis.c i
CVE-2022-25374 (HashiCorp Terraform Enterprise before 202202-1 inserts
Sensitive Infor ...)
NOT-FOR-US: HashiCorp Terraform Enterprise
CVE-2022-25373 (Zoho ManageEngine SupportCenter Plus before 11020 allows
Stored XSS in ...)
- TODO: check
+ NOT-FOR-US: Zoho ManageEngine
CVE-2022-25372 (Pritunl Client through 1.2.3019.52 on Windows allows local
privilege e ...)
NOT-FOR-US: Pritunl Client
CVE-2022-0698
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fea1a7de370c973fa84a0b81b8c0d71354a795b3
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fea1a7de370c973fa84a0b81b8c0d71354a795b3
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
