Neil Williams pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
af433ced by Neil Williams at 2022-05-09T13:03:13+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -4632,19 +4632,19 @@ CVE-2022-28795 (A vulnerability within the Avira
Password Manager Browser Extens
CVE-2022-28794
RESERVED
CVE-2022-28793 (Given the TEE is compromised and controlled by the attacker,
improper ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-28792 (DLL hijacking vulnerability in Gear IconX PC Manager prior to
version ...)
NOT-FOR-US: Gear IconX PC Manager
CVE-2022-28791 (Improper input validation vulnerability in InstallAgent in
Galaxy Stor ...)
NOT-FOR-US: Samsung
CVE-2022-28790 (Improper authentication in Link to Windows Service prior to
version 2. ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-28789 (Unprotected activities in Voice Note prior to version
21.3.51.11 allow ...)
NOT-FOR-US: Samsung / Voice Note
CVE-2022-28788 (Improper buffer size check logic in aviextractor library prior
to SMR ...)
NOT-FOR-US: Samsung
CVE-2022-28787 (Improper buffer size check logic in wmfextractor library prior
to SMR ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-28786 (Improper buffer size check logic in aviextractor library prior
to SMR ...)
NOT-FOR-US: Samsung
CVE-2022-28785 (Improper buffer size check logic in aviextractor library prior
to SMR ...)
@@ -5484,7 +5484,7 @@ CVE-2022-28483
CVE-2022-28482
RESERVED
CVE-2022-28481 (CSV-Safe gem < 3.0.0 doesn't filter out special characters
which co ...)
- TODO: check
+ NOT-FOR-US: zvory/csv-safe
CVE-2022-28480 (ALLMediaServer 1.6 is vulnerable to Buffer Overflow via
MediaServer.ex ...)
NOT-FOR-US: ALLMediaServer
CVE-2022-28479
@@ -5506,7 +5506,7 @@ CVE-2022-28472
CVE-2022-28471 (In ffjpeg (commit hash: caade60), the function bmp_load() in
bmp.c con ...)
NOT-FOR-US: ffjpeg
CVE-2022-28470 (marcador package in PyPI 0.1 through 0.13 included a
code-execution ba ...)
- TODO: check
+ NOT-FOR-US: joajfreitas/marcador
CVE-2022-28469
RESERVED
CVE-2022-28468 (Payroll Management System v1.0 was discovered to contain a SQL
injecti ...)
@@ -5525,7 +5525,7 @@ CVE-2022-28463 (ImageMagick 7.1.0-27 is vulnerable to
Buffer Overflow. ...)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/4988
NOTE:
https://github.com/ImageMagick/ImageMagick6/commit/e6ea5876e0228165ee3abc6e959aa174cee06680
CVE-2022-28462 (novel-plus 3.6.0 suffers from an Arbitrary file reading
vulnerability. ...)
- TODO: check
+ NOT-FOR-US: Novel-plus
CVE-2022-28461 (mingyuefusu Library Management System all versions as of
03-27-2022 is ...)
NOT-FOR-US: mingyuefusu Library Management System
CVE-2022-28460
@@ -6473,11 +6473,11 @@ CVE-2022-28167
CVE-2022-28166
RESERVED
CVE-2022-28165 (A vulnerability in the role-based access control (RBAC)
functionality ...)
- TODO: check
+ NOT-FOR-US: Brocade SANnav
CVE-2022-28164 (Brocade SANnav before SANnav 2.2.0 application uses the
Blowfish symme ...)
- TODO: check
+ NOT-FOR-US: Brocade SANnav
CVE-2022-28163 (In Brocade SANnav before Brocade SANnav 2.2.0, multiple
endpoints asso ...)
- TODO: check
+ NOT-FOR-US: Brocade SANnav
CVE-2022-28162
RESERVED
CVE-2022-28161
@@ -6775,7 +6775,7 @@ CVE-2022-28122
CVE-2022-28121
RESERVED
CVE-2022-28120 (Beijing Runnier Network Technology Co., Ltd Open virtual
simulation ex ...)
- TODO: check
+ NOT-FOR-US: Beijing Runnier Network Technology
CVE-2022-28119
RESERVED
CVE-2022-28118 (SiteServer CMS v7.x allows attackers to execute arbitrary code
via a c ...)
@@ -6856,7 +6856,7 @@ CVE-2022-28083
CVE-2022-28082 (Tenda AX12 v22.03.01.21_CN was discovered to contain a stack
overflow ...)
NOT-FOR-US: Tenda
CVE-2022-28081 (A reflected cross-site scripting (XSS) vulnerability in the
component ...)
- TODO: check
+ NOT-FOR-US: khaled-alshamaa/ar-php
CVE-2022-28080 (Royal Event Management System v1.0 was discovered to contain a
SQL inj ...)
NOT-FOR-US: Royal Event Management System
CVE-2022-28079 (College Management System v1.0 was discovered to contain a SQL
injecti ...)
@@ -7268,7 +7268,7 @@ CVE-2022-27905 (In ControlUp Real-Time Agent before 8.6,
an unquoted path can re
CVE-2022-27904
RESERVED
CVE-2022-27903 (An OS Command Injection vulnerability in the configuration
parser of E ...)
- TODO: check
+ NOT-FOR-US: EVE-NG Professional
CVE-2022-27902
REJECTED
CVE-2022-27901
@@ -8095,7 +8095,7 @@ CVE-2022-27590
CVE-2022-27589
RESERVED
CVE-2022-27588 (We have already fixed this vulnerability in the following
versions of ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2022-27587
RESERVED
CVE-2022-27586
@@ -8280,17 +8280,17 @@ CVE-2022-27233
CVE-2022-27229
RESERVED
CVE-2022-27183 (The Monitoring Console app configured in Distributed mode
allows for a ...)
- TODO: check
+ NOT-FOR-US: Splunk
CVE-2022-27180
RESERVED
CVE-2022-26889 (The lack of sanitization in a relative url path in a search
parameter ...)
- TODO: check
+ NOT-FOR-US: Splunk
CVE-2022-26888
RESERVED
CVE-2022-26840
RESERVED
CVE-2022-26070 (When handling a mismatched pre-authentication cookie, the
application ...)
- TODO: check
+ NOT-FOR-US: Splunk
CVE-2022-26024
RESERVED
CVE-2022-26017
@@ -12751,7 +12751,7 @@ CVE-2022-25346
CVE-2022-25345
RESERVED
CVE-2022-25324 (All versions of package bignum are vulnerable to Denial of
Service (Do ...)
- TODO: check
+ NOT-FOR-US: justmoon/node-bignum
CVE-2022-25304
RESERVED
CVE-2022-25303
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/af433ced751ea6ac4a1f7d75f40b1dd1c89a331b
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/af433ced751ea6ac4a1f7d75f40b1dd1c89a331b
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
