Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
e5678963 by Salvatore Bonaccorso at 2022-06-14T21:38:04+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -4617,7 +4617,7 @@ CVE-2022-31449
CVE-2022-31448
RESERVED
CVE-2022-31447 (An XML external entity (XXE) injection vulnerability in
Magicpin v3.4 ...)
- TODO: check
+ NOT-FOR-US: Magicpin
CVE-2022-31446 (Tenda AC18 router V15.03.05.19 and V15.03.05.05 was discovered
to cont ...)
NOT-FOR-US: Tenda
CVE-2022-31445
@@ -4681,7 +4681,7 @@ CVE-2022-31417
CVE-2022-31416
RESERVED
CVE-2022-31415 (Online Fire Reporting System v1.0 was discovered to contain a
SQL inje ...)
- TODO: check
+ NOT-FOR-US: Online Fire Reporting System
CVE-2022-31414
RESERVED
CVE-2022-31413
@@ -4711,11 +4711,11 @@ CVE-2022-31402 (ITOP v3.0.1 was discovered to contain a
cross-site scripting (XS
CVE-2022-31401
RESERVED
CVE-2022-31400 (A cross-site scripting (XSS) vulnerability in
/staff/setup/email-addre ...)
- TODO: check
+ NOT-FOR-US: Helpdeskz
CVE-2022-31399
RESERVED
CVE-2022-31398 (A cross-site scripting (XSS) vulnerability in
/staff/tools/custom-fiel ...)
- TODO: check
+ NOT-FOR-US: Helpdeskz
CVE-2022-31397
RESERVED
CVE-2022-31396
@@ -5520,7 +5520,7 @@ CVE-2022-31056
CVE-2022-31055 (kCTF is a Kubernetes-based infrastructure for capture the flag
(CTF) c ...)
TODO: check
CVE-2022-31054 (Argo Events is an event-driven workflow automation framework
for Kuber ...)
- TODO: check
+ NOT-FOR-US: Argo
CVE-2022-31053 (Biscuit is an authentication and authorization token for
microservices ...)
TODO: check
CVE-2022-31052
@@ -6561,7 +6561,7 @@ CVE-2022-30694
CVE-2022-30543
RESERVED
CVE-2022-29485 (Cross-site scripting vulnerability in SHIRASAGI v1.0.0 to
v1.14.2, and ...)
- TODO: check
+ NOT-FOR-US: SHIRASAGI
CVE-2022-29481
RESERVED
CVE-2022-28689
@@ -6824,7 +6824,7 @@ CVE-2022-29925 (Access of uninitialized pointer
vulnerability exists in the simu
CVE-2022-29522 (Use after free vulnerability exists in the simulator module
contained ...)
TODO: check
CVE-2022-29482 ('Mobaoku-Auction&Flea Market' App for iOS versions prior
to 5.5.16 ...)
- TODO: check
+ NOT-FOR-US: 'Mobaoku-Auction&Flea Market' App for iOS
CVE-2022-27231 (Cross-site scripting vulnerability exists in WP Statistics
versions pr ...)
NOT-FOR-US: WordPress plugin
CVE-2022-26302 (Heap-based buffer overflow exists in the simulator module
contained in ...)
@@ -7120,9 +7120,9 @@ CVE-2022-1661 (The affected products are vulnerable to
directory traversal, whic
CVE-2022-1660 (The affected products are vulnerable of untrusted data due to
deserial ...)
NOT-FOR-US: Keysight N6854A and N6841A
CVE-2022-1659 (Vulnerable versions of the JupiterX Core (<= 2.0.6) plugin
register ...)
- TODO: check
+ NOT-FOR-US: JupiterX Core
CVE-2022-1658 (Vulnerable versions of the Jupiter Theme (<= 6.10.1) allow
arbitrar ...)
- TODO: check
+ NOT-FOR-US: Jupiter Theme
CVE-2022-1657 (Vulnerable versions of the Jupiter (<= 6.10.1) and JupiterX
(<= ...)
TODO: check
CVE-2022-1656 (Vulnerable versions of the JupiterX Theme (<=2.0.6) allow
any logge ...)
@@ -7135,7 +7135,7 @@ CVE-2022-1655
[stretch] - horizon <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2075681
CVE-2022-1654 (Jupiter Theme <= 6.10.1 and JupiterX Core Plugin <= 2.0.7
allow ...)
- TODO: check
+ NOT-FOR-US: Jupiter Theme and JupiterX Core Plugin
CVE-2022-1653
RESERVED
CVE-2022-1652 (Linux Kernel could allow a local attacker to execute arbitrary
code on ...)
@@ -7775,7 +7775,7 @@ CVE-2022-30299
CVE-2022-30298
RESERVED
CVE-2022-29509 (Directory traversal vulnerability in T&D Data Server
(Japanese Edi ...)
- TODO: check
+ NOT-FOR-US: T&D Data Server
CVE-2022-29483 (Incorrect Default Permissions vulnerability in ABB e-Design
allows att ...)
NOT-FOR-US: ABB e-Design
CVE-2022-28702 (Incorrect Default Permissions vulnerability in ABB e-Design
allows att ...)
@@ -9412,9 +9412,9 @@ CVE-2022-29799
NOTE:
https://gitlab.com/craftyguy/networkd-dispatcher/-/commit/2e226ee027bdc8022f0e10470318f89f25dc6133
NOTE: No security impact in Debian, see #1010303
CVE-2022-29798 (There is a denial of service vulnerability in CV81-WDM FW
versions 01. ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2022-29797 (There is a buffer overflow vulnerability in CV81-WDM FW
01.70.49.29.46 ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2022-29796 (The HiAIserver has a vulnerability in verifying the validity
of the we ...)
NOT-FOR-US: Huawei
CVE-2022-29795 (The frame scheduling module has a null pointer dereference
vulnerabili ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e5678963918633955cfa07db3dd2d17379735ea1
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e5678963918633955cfa07db3dd2d17379735ea1
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
