Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
f86ad91b by Salvatore Bonaccorso at 2022-05-11T07:29:05+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -2911,7 +2911,7 @@ CVE-2022-1399
CVE-2022-1398
RESERVED
CVE-2022-1397 (API Privilege Escalation in GitHub repository
alextselegidis/easyappoi ...)
- TODO: check
+ NOT-FOR-US: alextselegidis/easyappointments
CVE-2022-1396 (The Donorbox WordPress plugin before 7.1.7 does not sanitise
and escap ...)
NOT-FOR-US: WordPress plugin
CVE-2022-1395
@@ -4335,7 +4335,7 @@ CVE-2022-28988
CVE-2022-28987
RESERVED
CVE-2022-28986 (LMS Doctor Simple 2 Factor Authentication Plugin For Moodle
Affected: ...)
- TODO: check
+ NOT-FOR-US: LMS Doctor Simple 2 Factor Authentication Plugin For Moodle
CVE-2022-28985
RESERVED
CVE-2022-28984
@@ -6598,9 +6598,9 @@ CVE-2022-28164 (Brocade SANnav before SANnav 2.2.0
application uses the Blowfish
CVE-2022-28163 (In Brocade SANnav before Brocade SANnav 2.2.0, multiple
endpoints asso ...)
NOT-FOR-US: Brocade SANnav
CVE-2022-28162 (Brocade SANnav before version SANnav 2.2.0 logs the REST API
Authentic ...)
- TODO: check
+ NOT-FOR-US: Brocade SANnav
CVE-2022-28161 (An information exposure through log file vulnerability in
Brocade SANN ...)
- TODO: check
+ NOT-FOR-US: Brocade SANnav
CVE-2022-1159 (Rockwell Automation Studio 5000 Logix Designer (all versions)
are vuln ...)
NOT-FOR-US: Rockwell Automation
CVE-2022-1158
@@ -8927,7 +8927,7 @@ CVE-2022-27310
CVE-2022-27309
RESERVED
CVE-2022-27308 (A stored cross-site scripting (XSS) vulnerability in PHProjekt
PhpSimp ...)
- TODO: check
+ NOT-FOR-US: PHProjekt PhpSimplyGest
CVE-2022-27307
RESERVED
CVE-2022-27306
@@ -9099,7 +9099,7 @@ CVE-2022-27244 (An issue was discovered in MISP before
2.4.156. A malicious site
CVE-2022-27243 (An issue was discovered in MISP before 2.4.156.
app/View/Users/terms.c ...)
NOT-FOR-US: MISP
CVE-2022-27242 (A vulnerability has been identified in OpenV2G (V0.9.4). The
OpenV2G E ...)
- TODO: check
+ NOT-FOR-US: OpenV2G / Siemens
CVE-2022-27241 (A vulnerability has been identified in Mendix Applications
using Mendi ...)
NOT-FOR-US: Siemens
CVE-2022-1027 (The Page Restriction WordPress (WP) WordPress plugin before
1.2.7 allo ...)
@@ -9249,7 +9249,7 @@ CVE-2022-0994 (The Hummingbird WordPress plugin before
3.3.2 does not sanitise a
CVE-2022-27225 (Gradle Enterprise before 2021.4.3 relies on cleartext data
transmissio ...)
NOT-FOR-US: Gradle Enterprise
CVE-2022-27224 (An issue was discovered in Galleon NTS-6002-GPS
4.14.103-Galleon-NTS-6 ...)
- TODO: check
+ NOT-FOR-US: Galleon NTS-6002-GPS
CVE-2022-27223 (In drivers/usb/gadget/udc/udc-xilinx.c in the Linux kernel
before 5.16 ...)
- linux 5.16.12-1
[bullseye] - linux 5.10.103-1
@@ -9967,7 +9967,7 @@ CVE-2022-26983
CVE-2022-26982 (SimpleMachinesForum 2.1.1 and earlier allows remote
authenticated admi ...)
NOT-FOR-US: Simple Machines Forum (SMF)
CVE-2022-0947 (A vulnerability in ABB ARG600 Wireless Gateway series that
could allow ...)
- TODO: check
+ NOT-FOR-US: ABB ARG600 Wireless Gateway
CVE-2022-0946 (Stored XSS viva cshtm file upload in GitHub repository
star7th/showdoc ...)
NOT-FOR-US: ShowDoc
CVE-2022-0945 (Stored XSS viva axd and cshtml file upload in star7th/showdoc
in GitHu ...)
@@ -17555,13 +17555,13 @@ CVE-2022-24292 (Certain HP Print devices may be
vulnerable to potential informat
CVE-2022-24291 (Certain HP Print devices may be vulnerable to potential
information di ...)
NOT-FOR-US: HP
CVE-2022-24290 (A vulnerability has been identified in Teamcenter V12.4 (All
versions ...)
- TODO: check
+ NOT-FOR-US: Teamcenter /Siemens
CVE-2022-24289 (Hessian serialization is a network protocol that supports
object-based ...)
NOT-FOR-US: Apache Cayenne
CVE-2022-24288 (In Apache Airflow, prior to version 2.2.4, some example DAGs
did not p ...)
- airflow <itp> (bug #819700)
CVE-2022-24287 (A vulnerability has been identified in SIMATIC PCS 7 V9.0 and
earlier ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2022-21799 (Cross-site scripting vulnerability in ELECOM LAN router
WRC-300FEBK-R ...)
NOT-FOR-US: ELECOM
CVE-2022-21173 (Hidden functionality vulnerability in ELECOM LAN routers
(WRH-300BK3 f ...)
@@ -18491,19 +18491,19 @@ CVE-2022-24047 (This vulnerability allows remote
attackers to bypass authenticat
CVE-2022-24046 (This vulnerability allows network-adjacent attackers to
execute arbitr ...)
NOT-FOR-US: Sonos One Speaker
CVE-2022-24045 (A vulnerability has been identified in Desigo DXR2 (All
versions < ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2022-24044 (A vulnerability has been identified in Desigo DXR2 (All
versions < ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2022-24043 (A vulnerability has been identified in Desigo DXR2 (All
versions < ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2022-24042 (A vulnerability has been identified in Desigo DXR2 (All
versions < ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2022-24041 (A vulnerability has been identified in Desigo DXR2 (All
versions < ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2022-24040 (A vulnerability has been identified in Desigo DXR2 (All
versions < ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2022-24039 (A vulnerability has been identified in Desigo PXC4 (All
versions < ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2022-24038
RESERVED
CVE-2022-24037
@@ -20112,9 +20112,9 @@ CVE-2022-23707 (An XSS vulnerability was found in
Kibana index patterns. Using t
CVE-2022-23706
RESERVED
CVE-2022-23705 (A security vulnerability has been identified in HPE Nimble
Storage Hyb ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2022-23704 (A potential security vulnerability has been identified in
Integrated L ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2022-23703 (A security vulnerability has been identified in HPE Nimble
Storage Hyb ...)
NOT-FOR-US: HPE
CVE-2022-23702 (A potential security vulnerability has been identified in HPE
Superdom ...)
@@ -20168,9 +20168,9 @@ CVE-2022-23679
CVE-2022-23678
RESERVED
CVE-2022-23677 (A remote execution of arbitrary code vulnerability was
discovered in A ...)
- TODO: check
+ NOT-FOR-US: Aruba
CVE-2022-23676 (A remote execution of arbitrary code vulnerability was
discovered in A ...)
- TODO: check
+ NOT-FOR-US: Aruba
CVE-2022-23675
RESERVED
CVE-2022-23674
@@ -34243,7 +34243,7 @@ CVE-2021-43714
CVE-2021-43713
RESERVED
CVE-2021-43712 (Stored XSS in Add New Employee Form in Sourcecodester Employee
Daily T ...)
- TODO: check
+ NOT-FOR-US: Sourcecodester Employee Daily Task Management System
CVE-2021-43711 (The downloadFlile.cgi binary file in TOTOLINK EX200
V4.0.3c.7646_B2020 ...)
NOT-FOR-US: TOTOLINK
CVE-2021-43710
@@ -36936,7 +36936,7 @@ CVE-2021-43096
CVE-2021-43095
RESERVED
CVE-2021-43094 (An SQL Injection vulnerability exists in OpenMRS Reference
Application ...)
- TODO: check
+ NOT-FOR-US: OpenMRS
CVE-2021-43093
RESERVED
CVE-2021-43092
@@ -38087,7 +38087,7 @@ CVE-2021-42647
CVE-2021-42646
RESERVED
CVE-2021-42645 (CMSimple_XH 1.7.4 is affected by a remote code execution (RCE)
vulnera ...)
- TODO: check
+ NOT-FOR-US: CMSimple
CVE-2021-42644
RESERVED
CVE-2021-42643
@@ -42070,7 +42070,7 @@ CVE-2021-41547 (A vulnerability has been identified in
Teamcenter Active Workspa
CVE-2021-41546 (A vulnerability has been identified in RUGGEDCOM ROX MX5000
(All versi ...)
NOT-FOR-US: Siemens
CVE-2021-41545 (A vulnerability has been identified in Desigo DXR2 (All
versions < ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2021-41544
RESERVED
CVE-2021-41543 (A vulnerability has been identified in Climatix POL909 (AWB
module) (A ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f86ad91bbaa1d2d83de0124e1d3857c8f6320f3a
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f86ad91bbaa1d2d83de0124e1d3857c8f6320f3a
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
