Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
4d4fec58 by Salvatore Bonaccorso at 2022-04-15T10:29:36+02:00
Process several NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1355,7 +1355,7 @@ CVE-2022-28721
CVE-2022-28720
RESERVED
CVE-2022-28711 (A memory corruption vulnerability exists in the cgi.c unescape
functio ...)
- TODO: check
+ NOT-FOR-US: ArduPilot APWeb
CVE-2022-28709
RESERVED
CVE-2022-28698
@@ -1526,9 +1526,9 @@ CVE-2022-1259
CVE-2022-1258 (A blind SQL injection vulnerability in the ePolicy Orchestrator
(ePO) ...)
NOT-FOR-US: McAfee
CVE-2022-1257 (Insecure storage of sensitive information vulnerability in MA
for Linu ...)
- TODO: check
+ NOT-FOR-US: McAfee
CVE-2022-1256 (A local privilege escalation vulnerability in MA for Windows
prior to ...)
- TODO: check
+ NOT-FOR-US: McAfee
CVE-2022-1255
RESERVED
CVE-2022-1254
@@ -1566,11 +1566,11 @@ CVE-2022-28796 (jbd2_journal_wait_updates in
fs/jbd2/transaction.c in the Linux
- linux <not-affected> (Vulnerable code not present)
NOTE:
https:/git.kernel.org/linus/cc16eecae687912238ee6efbff71ad31e2bc414e (5.18-rc1)
CVE-2022-28663 (A vulnerability has been identified in Simcenter Femap (All
versions & ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2022-28662 (A vulnerability has been identified in Simcenter Femap (All
versions & ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2022-28661 (A vulnerability has been identified in Simcenter Femap (All
versions & ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2022-1271
RESERVED
{DLA-2977-1 DLA-2976-1}
@@ -1900,13 +1900,13 @@ CVE-2022-28546
CVE-2022-28545
RESERVED
CVE-2022-28544 (Path traversal vulnerability in unzip method of
InstallAgentCommonHelp ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-28543 (Path traversal vulnerability in Samsung Flow prior to version
4.8.07.4 ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-28542 (Improper sanitization of incoming intent in Galaxy Store prior
to vers ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-28541 (Uncontrolled search path element vulnerability in Samsung
Update prior ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-28540
RESERVED
CVE-2022-28539
@@ -2194,9 +2194,9 @@ CVE-2022-28399
CVE-2022-28398
RESERVED
CVE-2022-28397 (An arbitrary file upload vulnerability in the file upload
module of Gh ...)
- TODO: check
+ NOT-FOR-US: Ghost CMS
CVE-2022-28396 (Apostrophe v3.16.1 was discovered to contain a remote code
execution ( ...)
- TODO: check
+ NOT-FOR-US: Apostrophe CMS
CVE-2022-28395
RESERVED
CVE-2022-28394
@@ -2465,9 +2465,9 @@ CVE-2022-28301
CVE-2022-28300
RESERVED
CVE-2022-27188 (OS command injection vulnerability exists in CENTUM VP
R4.01.00 to R4. ...)
- TODO: check
+ NOT-FOR-US: CENTUM
CVE-2022-26034 (Improper authentication vulnerability in the communication
protocol pr ...)
- TODO: check
+ NOT-FOR-US: CENTUM
CVE-2022-1200
RESERVED
CVE-2021-4225
@@ -3620,7 +3620,7 @@ CVE-2022-27954
CVE-2022-27953
RESERVED
CVE-2022-27952 (An arbitrary file upload vulnerability in the file upload
module of Pa ...)
- TODO: check
+ NOT-FOR-US: PayloadCMS
CVE-2022-27951
RESERVED
CVE-2022-27950 (In drivers/hid/hid-elo.c in the Linux kernel before 5.16.11, a
memory ...)
@@ -3961,9 +3961,9 @@ CVE-2022-27849
CVE-2022-27848 (Authenticated (admin+ user) Stored Cross-Site Scripting (XSS)
in Moder ...)
NOT-FOR-US: WordPress plugin
CVE-2022-27847 (Cross-Site Request Forgery (CSRF) vulnerability in Yooslider
Yoo Slide ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-27846 (Cross-Site Request Forgery (CSRF) vulnerability in Yooslider
Yoo Slide ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-27845 (Authenticated (admin or higher user role) Stored Cross-Site
Scripting ...)
NOT-FOR-US: WordPress plugin
CVE-2022-27844 (Arbitrary File Read vulnerability in WPvivid Team Migration,
Backup, S ...)
@@ -3996,49 +3996,49 @@ CVE-2018-25032 (zlib before 1.2.12 allows memory
corruption when deflating (i.e.
CVE-2022-27843 (DLL hijacking vulnerability in Kies prior to version
2.6.4.22014_2 all ...)
TODO: check
CVE-2022-27842 (DLL hijacking vulnerability in Smart Switch PC prior to
version 4.2.22 ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-27841 (Improper exception handling in Samsung Pass prior to version
3.7.07.5 ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-27840 (Improper access control vulnerability in SamsungRecovery prior
to vers ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-27839 (Improper authentication vulnerability in SecretMode in Samsung
Interne ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-27838 (Improper access control vulnerability in FactoryCamera prior
to versio ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-27837 (A vulnerability using PendingIntent in Accessibility prior to
version ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-27836 (Improper access control and path traversal vulnerability in
StroageMan ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-27835 (Improper boundary check in UWB firmware prior to SMR Apr-2022
Release ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-27834 (Use after free vulnerability in dsp_context_unload_graph
function of D ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-27833 (Improper input validation in DSP driver prior to SMR Apr-2022
Release ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-27832 (Improper boundary check in media.extractor library prior to
SMR Apr-20 ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-27831 (Improper boundary check in sflvd_rdbuf_bits of
libsflvextractor prior ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-27830 (Improper validation vulnerability in SemBlurInfo prior to SMR
Apr-2022 ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-27829 (Improper validation vulnerability in VerifyCredentialResponse
prior to ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-27828 (Improper validation vulnerability in MediaMonitorEvent prior
to SMR Ap ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-27827 (Improper validation vulnerability in MediaMonitorDimension
prior to SM ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-27826 (Improper validation vulnerability in SemSuspendDialogInfo
prior to SMR ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-27825 (Improper size check in sapefd_parse_meta_HEADER function of
libsapeext ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-27824 (Improper size check of in sapefd_parse_meta_DESCRIPTION
function of li ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-27823 (Improper size check in sapefd_parse_meta_HEADER_old function
of libsap ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-27822 (Information exposure vulnerability in ril property setting
prior to SM ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-27821 (Improper boundary check in Quram Agif library prior to SMR
Apr-2022 Re ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-27820 (OWASP Zed Attack Proxy (ZAP) through w2022-03-21 does not
verify the T ...)
- zaproxy <itp> (bug #897142)
CVE-2022-27819 (SWHKD 1.1.5 allows unsafe parsing via the -c option. An
information le ...)
@@ -4046,13 +4046,13 @@ CVE-2022-27819 (SWHKD 1.1.5 allows unsafe parsing via
the -c option. An informat
CVE-2022-27818 (SWHKD 1.1.5 unsafely uses the /tmp/swhkd.sock pathname. There
can be a ...)
NOT-FOR-US: SWHKD
CVE-2022-27817 (SWHKD 1.1.5 consumes the keyboard events of unintended users.
This cou ...)
- TODO: check
+ NOT-FOR-US: SWHKD
CVE-2022-27816 (SWHKD 1.1.5 unsafely uses the /tmp/swhks.pid pathname. There
can be da ...)
NOT-FOR-US: SWHKD
CVE-2022-27815 (SWHKD 1.1.5 unsafely uses the /tmp/swhkd.pid pathname. There
can be an ...)
NOT-FOR-US: SWHKD
CVE-2022-27814 (SWHKD 1.1.5 allows arbitrary file-existence tests via the -c
option. ...)
- TODO: check
+ NOT-FOR-US: SWHKD
CVE-2022-27813
RESERVED
CVE-2022-27812
@@ -4343,7 +4343,7 @@ CVE-2022-27673
CVE-2022-27672
RESERVED
CVE-2022-27671 (A CSRF token visible in the URL may possibly lead to
information discl ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2022-27670 (SAP SQL Anywhere - version 17.0, allows an authenticated
attacker to p ...)
NOT-FOR-US: SAP
CVE-2022-27669 (An unauthenticated user can use functions of XML Data
Archiving Servic ...)
@@ -4595,25 +4595,25 @@ CVE-2022-27578 (An attacker can perform a privilege
escalation through the SICK
CVE-2022-27577 (The vulnerability in the MSC800 in all versions before 4.15
allows for ...)
TODO: check
CVE-2022-27576 (Information exposure vulnerability in Samsung DeX Home prior
to SMR Ap ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-27575 (Information exposure vulnerability in One UI Home prior to SMR
April-2 ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-27574 (Improper input validation vulnerability in parser_iloc and
sheifd_find ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-27573 (Improper input validation vulnerability in parser_infe and
sheifd_find ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-27572 (Heap-based buffer overflow vulnerability in parser_ipma
function of li ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-27571 (Heap-based buffer overflow vulnerability in
sheifd_get_info_image func ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-27570 (Heap-based buffer overflow vulnerability in parser_single_iref
functio ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-27569 (Heap-based buffer overflow vulnerability in parser_infe
function in li ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-27568 (Heap-based buffer overflow vulnerability in parser_iloc
function in li ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-27567 (Null pointer dereference vulnerability in parser_hvcC function
of libs ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-27566
RESERVED
CVE-2022-27565
@@ -4695,7 +4695,7 @@ CVE-2022-27530
CVE-2022-27529
RESERVED
CVE-2022-27528 (A maliciously crafted DWFX and SKP files in Autodesk
Navisworks 2022 c ...)
- TODO: check
+ NOT-FOR-US: Autodesk
CVE-2022-27527
RESERVED
CVE-2022-27526
@@ -4703,9 +4703,9 @@ CVE-2022-27526
CVE-2022-27525
RESERVED
CVE-2022-27524 (An out-of-bounds read can be exploited in Autodesk TrueView
2022 may l ...)
- TODO: check
+ NOT-FOR-US: Autodesk
CVE-2022-27523 (A buffer over-read can be exploited in Autodesk TrueView 2022
may lead ...)
- TODO: check
+ NOT-FOR-US: Autodesk
CVE-2022-27522
RESERVED
CVE-2022-27521
@@ -4739,13 +4739,13 @@ CVE-2022-27508
CVE-2022-27507
RESERVED
CVE-2022-27506 (Hard-coded credentials allow administrators to access the
shell via th ...)
- TODO: check
+ NOT-FOR-US: Citrix
CVE-2022-27505 (Reflected cross site scripting (XSS) ...)
- TODO: check
+ NOT-FOR-US: Citrix
CVE-2022-27504
RESERVED
CVE-2022-27503 (Cross-site Scripting (XSS) vulnerability in Citrix StoreFront
affects ...)
- TODO: check
+ NOT-FOR-US: Citrix
CVE-2022-27502
RESERVED
CVE-2022-27501
@@ -4805,9 +4805,9 @@ CVE-2022-27482
CVE-2022-27481 (A vulnerability has been identified in SCALANCE W1788-1 M12
(All versi ...)
NOT-FOR-US: Siemens SCALANCE
CVE-2022-27480 (A vulnerability has been identified in SICAM A8000 CP-8031
(All versio ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2022-27479 (Apache Superset before 1.4.2 is vulnerable to SQL injection in
chart d ...)
- TODO: check
+ NOT-FOR-US: Apache Superset
CVE-2022-27478
RESERVED
CVE-2022-27477 (Newbee-Mall v1.0.0 was discovered to contain an arbitrary file
upload ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4d4fec58a12960e51ee5a89bbf11a96401bc4bc3
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4d4fec58a12960e51ee5a89bbf11a96401bc4bc3
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
