Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
bab4bfb0 by Salvatore Bonaccorso at 2022-06-17T14:31:16+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -3677,15 +3677,15 @@ CVE-2019-25066 (A vulnerability has been found in
ajenti 2.1.31 and classified a
CVE-2019-25065 (A vulnerability was found in OpenNetAdmin 18.1.1. It has been
rated as ...)
NOT-FOR-US: OpenNetAdmin
CVE-2018-25044 (A vulnerability, which was classified as critical, has been
found in u ...)
- TODO: check
+ NOT-FOR-US: uTorrent
CVE-2018-25043 (A vulnerability classified as critical was found in uTorrent.
This vul ...)
- TODO: check
+ NOT-FOR-US: uTorrent
CVE-2018-25042 (A vulnerability classified as critical has been found in
uTorrent. Thi ...)
- TODO: check
+ NOT-FOR-US: uTorrent
CVE-2018-25041 (A vulnerability was found in uTorrent. It has been rated as
critical. ...)
- TODO: check
+ NOT-FOR-US: uTorrent
CVE-2018-25040 (A vulnerability was found in uTorrent Web. It has been
declared as cri ...)
- TODO: check
+ NOT-FOR-US: uTorrent
CVE-2018-25039 (A vulnerability was found in Thomson TCW710 ST5D.10.05. It has
been de ...)
NOT-FOR-US: Thomson TCW710
CVE-2018-25038 (A vulnerability was found in Thomson TCW710 ST5D.10.05. It has
been cl ...)
@@ -6102,7 +6102,7 @@ CVE-2022-31466 (Time of Check - Time of Use (TOCTOU)
vulnerability in Quick Heal
CVE-2022-31465 (A vulnerability has been identified in Xpedition Designer (All
version ...)
NOT-FOR-US: Siemens
CVE-2022-31464 (Insecure permissions configuration in Adaware Protect
v1.2.439.4251 al ...)
- TODO: check
+ NOT-FOR-US: Adaware
CVE-2022-31463 (Owl Labs Meeting Owl 5.2.0.15 does not require a password for
Bluetoot ...)
NOT-FOR-US: Owl Labs Meeting Owl
CVE-2022-31462 (Owl Labs Meeting Owl 5.2.0.15 allows attackers to control the
device v ...)
@@ -6428,19 +6428,19 @@ CVE-2022-31303
CVE-2022-31302
RESERVED
CVE-2022-31301 (Haraj v3.7 was discovered to contain a stored cross-site
scripting (XS ...)
- TODO: check
+ NOT-FOR-US: Haraj
CVE-2022-31300 (A cross-site scripting vulnerability in the DM Section
component of Ha ...)
- TODO: check
+ NOT-FOR-US: Haraj
CVE-2022-31299 (Haraj v3.7 was discovered to contain a reflected cross-site
scripting ...)
- TODO: check
+ NOT-FOR-US: Haraj
CVE-2022-31298 (A cross-site scripting vulnerability in the ads comment
section of Har ...)
- TODO: check
+ NOT-FOR-US: Haraj
CVE-2022-31297
RESERVED
CVE-2022-31296
RESERVED
CVE-2022-31295 (An issue in the delete_post() function of Online Discussion
Forum Site ...)
- TODO: check
+ NOT-FOR-US: Online Discussion Forum Site
CVE-2022-31294 (An issue in the save_users() function of Online Discussion
Forum Site ...)
NOT-FOR-US: Online Discussion Forum Site
CVE-2022-31293
@@ -9216,15 +9216,15 @@ CVE-2022-30331
CVE-2022-30330 (In the KeepKey firmware before 7.3.2, the bootloader can be
exploited ...)
NOT-FOR-US: KeepKey firmware
CVE-2022-30329 (An issue was found on TRENDnet TEW-831DR 1.0 601.130.1.1356
devices. A ...)
- TODO: check
+ NOT-FOR-US: TRENDnet
CVE-2022-30328 (An issue was found on TRENDnet TEW-831DR 1.0 601.130.1.1356
devices. T ...)
- TODO: check
+ NOT-FOR-US: TRENDnet
CVE-2022-30327 (An issue was found on TRENDnet TEW-831DR 1.0 601.130.1.1356
devices. T ...)
- TODO: check
+ NOT-FOR-US: TRENDnet
CVE-2022-30326 (An issue was found on TRENDnet TEW-831DR 1.0 601.130.1.1356
devices. T ...)
- TODO: check
+ NOT-FOR-US: TRENDnet
CVE-2022-30325 (An issue was found on TRENDnet TEW-831DR 1.0 601.130.1.1356
devices. T ...)
- TODO: check
+ NOT-FOR-US: TRENDnet
CVE-2022-30324 (HashiCorp Nomad and Nomad Enterprise version 0.2.0 up to 1.3.0
were im ...)
TODO: check
CVE-2022-30323 (HashiCorp go-getter through 2.0.2 does not safely perform
downloads (i ...)
@@ -11885,13 +11885,13 @@ CVE-2022-29455 (DOM-based Reflected Cross-Site
Scripting (XSS) vulnerability in
CVE-2022-29454
RESERVED
CVE-2022-29453 (Cross-Site Request Forgery (CSRF) vulnerability in API KEY for
Google ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-29452 (Authenticated (editor or higher user role) Stored Cross-Site
Scripting ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-29451 (Cross-Site Request Forgery (CSRF) leading to Arbitrary File
Upload vul ...)
NOT-FOR-US: WordPress plugin
CVE-2022-29450 (Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in
Admin Ma ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-29449 (Authenticated (contributor or higher user role) Stored
Cross-Site Scri ...)
NOT-FOR-US: WordPress plugin
CVE-2022-29448 (Authenticated (admin or higher user role) Local File Inclusion
(LFI) v ...)
@@ -11905,7 +11905,7 @@ CVE-2022-29445 (Authenticated (administrator or higher
role) Local File Inclusio
CVE-2022-29444 (Plugin Settings Change leading to Cross-Site Scripting (XSS)
vulnerabi ...)
NOT-FOR-US: WordPress plugin
CVE-2022-29443 (Multiple Authenticated (contributor or higher user role)
Stored Cross- ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-29442 (Authenticated (subscriber or higher user role) Stored
Cross-Site Scrip ...)
NOT-FOR-US: WordPress plugin
CVE-2022-29441 (Cross-Site Request Forgery (CSRF) vulnerability in Private
Messages Fo ...)
@@ -12736,7 +12736,7 @@ CVE-2022-29151 (Windows Cluster Shared Volume (CSV)
Elevation of Privilege Vulne
CVE-2022-29150 (Windows Cluster Shared Volume (CSV) Elevation of Privilege
Vulnerabili ...)
NOT-FOR-US: Microsoft
CVE-2022-29149 (Azure Open Management Infrastructure (OMI) Elevation of
Privilege Vuln ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-29148 (Visual Studio Remote Code Execution Vulnerability. ...)
NOT-FOR-US: Microsoft
CVE-2022-29147
@@ -12748,7 +12748,7 @@ CVE-2022-29145 (.NET and Visual Studio Denial of
Service Vulnerability. This CVE
CVE-2022-29144
RESERVED
CVE-2022-29143 (Microsoft SQL Server Remote Code Execution Vulnerability. ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-29142 (Windows Kernel Elevation of Privilege Vulnerability. This CVE
ID is un ...)
NOT-FOR-US: Microsoft
CVE-2022-29141 (Windows LDAP Remote Code Execution Vulnerability. This CVE ID
is uniqu ...)
@@ -12796,7 +12796,7 @@ CVE-2022-29121 (Windows WLAN AutoConfig Service Denial
of Service Vulnerability.
CVE-2022-29120 (Windows Clustered Shared Volume Information Disclosure
Vulnerability. ...)
NOT-FOR-US: Microsoft
CVE-2022-29119 (HEVC Video Extensions Remote Code Execution Vulnerability.
This CVE ID ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-29118
RESERVED
CVE-2022-29117 (.NET and Visual Studio Denial of Service Vulnerability. This
CVE ID is ...)
@@ -12812,7 +12812,7 @@ CVE-2022-29113 (Windows Digital Media Receiver
Elevation of Privilege Vulnerabil
CVE-2022-29112 (Windows Graphics Component Information Disclosure
Vulnerability. This ...)
NOT-FOR-US: Microsoft
CVE-2022-29111 (HEVC Video Extensions Remote Code Execution Vulnerability.
This CVE ID ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-29110 (Microsoft Excel Remote Code Execution Vulnerability. This CVE
ID is un ...)
NOT-FOR-US: Microsoft
CVE-2022-29109 (Microsoft Excel Remote Code Execution Vulnerability. This CVE
ID is un ...)
@@ -13542,29 +13542,29 @@ CVE-2022-28852
CVE-2022-28851
RESERVED
CVE-2022-28850 (Adobe Bridge version 12.0.1 (and earlier versions) is affected
by an o ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2022-28849 (Adobe Bridge version 12.0.1 (and earlier versions) is affected
by a Us ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2022-28848 (Adobe Bridge version 12.0.1 (and earlier versions) is affected
by an o ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2022-28847 (Adobe Bridge version 12.0.1 (and earlier versions) is affected
by an o ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2022-28846 (Adobe Bridge version 12.0.1 (and earlier versions) is affected
by an o ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2022-28845 (Adobe Bridge version 12.0.1 (and earlier versions) is affected
by an o ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2022-28844 (Adobe Bridge version 12.0.1 (and earlier versions) is affected
by an o ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2022-28843 (Adobe Bridge version 12.0.1 (and earlier versions) is affected
by an o ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2022-28842 (Adobe Bridge version 12.0.1 (and earlier versions) is affected
by a Us ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2022-28841 (Adobe Bridge version 12.0.1 (and earlier versions) is affected
by an o ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2022-28840 (Adobe Bridge version 12.0.1 (and earlier versions) is affected
by an o ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2022-28839 (Adobe Bridge version 12.0.1 (and earlier versions) is affected
by an o ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2022-28838 (Acrobat Acrobat Pro DC version 22.001.2011x (and earlier),
20.005.3033 ...)
NOT-FOR-US: Adobe
CVE-2022-28837 (Acrobat Pro DC version 22.001.2011x (and earlier),
20.005.3033x (and e ...)
@@ -13750,7 +13750,7 @@ CVE-2022-28751
CVE-2022-28750
RESERVED
CVE-2022-28749 (Zooms On-Premise Meeting Connector MMR before version
4.8.113.20220526 ...)
- TODO: check
+ NOT-FOR-US: Zoom
CVE-2022-28748
RESERVED
CVE-2022-28747
@@ -15316,9 +15316,9 @@ CVE-2022-28228
CVE-2022-28227
RESERVED
CVE-2022-28226 (Local privilege vulnerability in Yandex Browser for Windows
prior to 2 ...)
- TODO: check
+ NOT-FOR-US: Yandex Browser
CVE-2022-28225 (Local privilege vulnerability in Yandex Browser for Windows
prior to 2 ...)
- TODO: check
+ NOT-FOR-US: Yandex Browser
CVE-2022-28224 (Clusters using Calico (version 3.22.1 and below), Calico
Enterprise (v ...)
TODO: check
CVE-2022-1191 (SSRF on index.php/cobrowse/proxycss/ in GitHub repository
livehelperch ...)
@@ -16592,7 +16592,7 @@ CVE-2022-27861
CVE-2022-27860 (Cross-Site Request Forgery (CSRF) leading to Cross-Site
Scripting (XSS ...)
NOT-FOR-US: WordPress plugin
CVE-2022-27859 (Multiple Authenticated (contributor or higher user role)
Stored Cross- ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-27858
RESERVED
CVE-2022-27857
@@ -17386,9 +17386,9 @@ CVE-2022-27534 (Kaspersky Anti-Virus products for home
and Kaspersky Endpoint Se
CVE-2022-27533
RESERVED
CVE-2022-27532 (A maliciously crafted TIF file in Autodesk 3ds Max 2022 and
2021 can b ...)
- TODO: check
+ NOT-FOR-US: Autodesk
CVE-2022-27531 (A maliciously crafted TIF file can be forced to read beyond
allocated ...)
- TODO: check
+ NOT-FOR-US: Autodesk
CVE-2022-27530 (A maliciously crafted TIF or PICT file in Autodesk AutoCAD
2022, 2021, ...)
NOT-FOR-US: Autodesk
CVE-2022-27529 (A maliciously crafted PICT, BMP, PSD or TIF file in Autodesk
AutoCAD 2 ...)
@@ -17426,9 +17426,9 @@ CVE-2022-27514
CVE-2022-27513
RESERVED
CVE-2022-27512 (Temporary disruption of the ADM license service. The impact of
this in ...)
- TODO: check
+ NOT-FOR-US: Citrix
CVE-2022-27511 (Corruption of the system by a remote, unauthenticated user.
The impact ...)
- TODO: check
+ NOT-FOR-US: Citrix
CVE-2022-27510
RESERVED
CVE-2022-27509
@@ -18334,11 +18334,11 @@ CVE-2022-0990 (Server-Side Request Forgery (SSRF) in
GitHub repository janeczku/
CVE-2020-36519 (Mimecast Email Security before 2020-01-10 allows any admin to
spoof an ...)
NOT-FOR-US: Mimecast Email Security
CVE-2022-27221 (A vulnerability has been identified in SINEMA Remote Connect
Server (A ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2022-27220 (A vulnerability has been identified in SINEMA Remote Connect
Server (A ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2022-27219 (A vulnerability has been identified in SINEMA Remote Connect
Server (A ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2022-27194 (A vulnerability has been identified in SIMATIC PCS neo
(Administration ...)
NOT-FOR-US: Siemens
CVE-2022-0989 (An unprivileged user could use the functionality of the NS
WooCommerce ...)
@@ -20378,7 +20378,7 @@ CVE-2022-0865 (Reachable Assertion in tiffcp in libtiff
4.3.0 allows attackers t
NOTE: https://gitlab.com/libtiff/libtiff/-/merge_requests/306
NOTE:
https://gitlab.com/libtiff/libtiff/-/commit/a1c933dabd0e1c54a412f3f84ae0aa58115c6067
CVE-2022-26476 (A vulnerability has been identified in Spectrum Power 4 (All
versions ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2022-26475
RESERVED
CVE-2022-26474
@@ -21230,7 +21230,7 @@ CVE-2022-26175
CVE-2022-26174 (A remote code execution (RCE) vulnerability in Beekeeper
Studio v3.2.0 ...)
NOT-FOR-US: Beekeeper Studio
CVE-2022-26173 (JForum v2.8.0 was discovered to contain a Cross-Site Request
Forgery ( ...)
- TODO: check
+ NOT-FOR-US: JForum2
CVE-2022-26172
RESERVED
CVE-2022-26171 (Bank Management System v1.o was discovered to contain a SQL
injection ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bab4bfb0b4f99890dce21b0c385a055ce66addbe
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bab4bfb0b4f99890dce21b0c385a055ce66addbe
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
