[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) Tue, 26 Jul 2022 13:24:03 -0700


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
b581402a by Moritz Muehlenhoff at 2022-07-26T22:23:29+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -813,7 +813,7 @@ CVE-2022-36414 (There is an elevation of privilege breakout 
vulnerability in the
 CVE-2022-36413
        RESERVED
 CVE-2022-36412 (In Zoho ManageEngine SupportCenter Plus before 11023, V3 API 
requests  ...)
-       TODO: check
+       NOT-FOR-US: Zoho
 CVE-2022-36411
        RESERVED
 CVE-2022-36410
@@ -876,7 +876,7 @@ CVE-2022-36379
 CVE-2022-36378
        RESERVED
 CVE-2022-36375 (Authenticated (high role user) WordPress Options Change 
vulnerability  ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-36371
        RESERVED
 CVE-2022-36357
@@ -1185,7 +1185,7 @@ CVE-2022-36301
 CVE-2022-36300
        RESERVED
 CVE-2022-30706 (Open redirect vulnerability in Booked versions prior to 3.3 
allows a r ...)
-       TODO: check
+       NOT-FOR-US: Booked
 CVE-2022-2476 (A null pointer dereference bug was found in wavpack-5.4.0 The 
results  ...)
        - wavpack <unfixed> (bug #1015790)
        [bullseye] - wavpack <no-dsa> (Minor issue)
@@ -1513,7 +1513,7 @@ CVE-2022-36163
 CVE-2022-36162
        RESERVED
 CVE-2022-36161 (Orange Station 1.0 was discovered to contain a SQL injection 
vulnerabi ...)
-       TODO: check
+       NOT-FOR-US: Orange Station
 CVE-2022-36160
        RESERVED
 CVE-2022-36159
@@ -2193,15 +2193,15 @@ CVE-2022-2416
 CVE-2022-2415
        RESERVED
 CVE-2022-35873 (This vulnerability allows remote attackers to execute 
arbitrary code o ...)
-       TODO: check
+       NOT-FOR-US: Ignition
 CVE-2022-35872 (This vulnerability allows remote attackers to execute 
arbitrary code o ...)
-       TODO: check
+       NOT-FOR-US: Ignition
 CVE-2022-35871 (This vulnerability allows remote attackers to execute 
arbitrary code o ...)
-       TODO: check
+       NOT-FOR-US: Ignition
 CVE-2022-35870 (This vulnerability allows remote attackers to execute 
arbitrary code o ...)
-       TODO: check
+       NOT-FOR-US: Ignition
 CVE-2022-35869 (This vulnerability allows remote attackers to bypass 
authentication on ...)
-       TODO: check
+       NOT-FOR-US: Ignition
 CVE-2022-35868
        RESERVED
 CVE-2022-35867
@@ -2731,7 +2731,7 @@ CVE-2022-35641
 CVE-2022-35640
        RESERVED
 CVE-2022-35639 (IBM Sterling Partner Engagement Manager 6.1, 6.2, and Cloud 
22.2 do no ...)
-       TODO: check
+       NOT-FOR-US: IBM
 CVE-2022-35638
        RESERVED
 CVE-2022-35637
@@ -3564,7 +3564,7 @@ CVE-2022-35288 (IBM Security Verify Information Queue 
10.0.2 could allow a user
 CVE-2022-35287 (IBM Security Verify Information Queue 10.0.2 contains 
hard-coded crede ...)
        NOT-FOR-US: IBM
 CVE-2022-35286 (IBM Security Verify Information Queue 10.0.2 is vulnerable to 
cross-si ...)
-       TODO: check
+       NOT-FOR-US: IBM
 CVE-2022-35285 (IBM Security Verify Information Queue 10.0.2 is vulnerable to 
cross-si ...)
        NOT-FOR-US: IBM
 CVE-2022-35284 (IBM Security Verify Information Queue 10.0.2 could disclose 
sensitive  ...)
@@ -3940,7 +3940,7 @@ CVE-2022-35133
 CVE-2022-35132
        RESERVED
 CVE-2022-35131 (Joplin v2.8.8 allows attackers to execute arbitrary commands 
via a cra ...)
-       TODO: check
+       NOT-FOR-US: Joplin
 CVE-2022-35130
        RESERVED
 CVE-2022-35129
@@ -4220,13 +4220,13 @@ CVE-2022-34993
 CVE-2022-34992
        RESERVED
 CVE-2022-34991 (Paymoney v3.3 was discovered to contain multiple reflected 
cross-site  ...)
-       TODO: check
+       NOT-FOR-US: Paymoney
 CVE-2022-34990
        RESERVED
 CVE-2022-34989 (Fruits Bazar v1.0 was discovered to contain a SQL injection 
vulnerabil ...)
-       TODO: check
+       NOT-FOR-US: PaymoneyFruits Bazar
 CVE-2022-34988 (Inout Blockchain AltExchanger v1.2.1 was discovered to contain 
a cross ...)
-       TODO: check
+       NOT-FOR-US: Inout Blockchain AltExchanger
 CVE-2022-34987
        RESERVED
 CVE-2022-34986
@@ -4270,7 +4270,7 @@ CVE-2022-34968
 CVE-2022-34967
        RESERVED
 CVE-2022-34966 (OpenTeknik LLC OSSN OPEN SOURCE SOCIAL NETWORK v6.3 LTS was 
discovered ...)
-       TODO: check
+       NOT-FOR-US: OpenTeknik
 CVE-2022-34965 (OpenTeknik LLC OSSN OPEN SOURCE SOCIAL NETWORK v6.3 LTS was 
discovered ...)
        NOT-FOR-US: OpenTeknik
 CVE-2022-34964 (OpenTeknik LLC OSSN OPEN SOURCE SOCIAL NETWORK v6.3 LTS was 
discovered ...)
@@ -4467,9 +4467,9 @@ CVE-2022-34909
 CVE-2022-34908
        RESERVED
 CVE-2022-34907 (An authentication bypass vulnerability exists in FileWave 
before 14.6. ...)
-       TODO: check
+       NOT-FOR-US: FileWave
 CVE-2022-34906 (A hard-coded cryptographic key is used in FileWave before 
14.6.3 and 1 ...)
-       TODO: check
+       NOT-FOR-US: FileWave
 CVE-2022-34905
        RESERVED
 CVE-2022-34904
@@ -5195,7 +5195,7 @@ CVE-2022-34661
 CVE-2022-34660
        RESERVED
 CVE-2022-2225 (By using warp-cli subcommands (disable-ethernet, disable-wifi), 
it was ...)
-       TODO: check
+       NOT-FOR-US: Cloudflare Warp
 CVE-2022-2224 (The WordPress plugin Gallery for Social Photo is vulnerable to 
Cross-S ...)
        NOT-FOR-US: WordPress plugin
 CVE-2022-2223 (The WordPress plugin Image Slider is vulnerable to Cross-Site 
Request  ...)
@@ -5422,21 +5422,21 @@ CVE-2022-34579
 CVE-2022-34578
        RESERVED
 CVE-2022-34577 (A vulnerability in adm.cgi of WAVLINK WN535 G3 
M35G3R.V5030.180927 all ...)
-       TODO: check
+       NOT-FOR-US: Wavlink
 CVE-2022-34576 (A vulnerability in /cgi-bin/ExportAllSettings.sh of WAVLINK 
WN535 G3 M ...)
-       TODO: check
+       NOT-FOR-US: Wavlink
 CVE-2022-34575 (An access control issue in Wavlink WiFi-Repeater 
RPTA2-77W.M4300.01.GD ...)
-       TODO: check
+       NOT-FOR-US: Wavlink
 CVE-2022-34574 (An access control issue in Wavlink WiFi-Repeater 
RPTA2-77W.M4300.01.GD ...)
-       TODO: check
+       NOT-FOR-US: Wavlink
 CVE-2022-34573 (An access control issue in Wavlink WiFi-Repeater 
RPTA2-77W.M4300.01.GD ...)
-       TODO: check
+       NOT-FOR-US: Wavlink
 CVE-2022-34572 (An access control issue in Wavlink WiFi-Repeater 
RPTA2-77W.M4300.01.GD ...)
-       TODO: check
+       NOT-FOR-US: Wavlink
 CVE-2022-34571 (An access control issue in Wavlink WiFi-Repeater 
RPTA2-77W.M4300.01.GD ...)
-       TODO: check
+       NOT-FOR-US: Wavlink
 CVE-2022-34570 (WAVLINK WN579 X3 M79X3.V5030.191012/M79X3.V5030.191012 
contains an inf ...)
-       TODO: check
+       NOT-FOR-US: Wavlink
 CVE-2022-34569
        RESERVED
 CVE-2022-34568
@@ -6815,7 +6815,7 @@ CVE-2022-34069
 CVE-2022-34068
        RESERVED
 CVE-2022-34067 (Warehouse Management System v1.0 was discovered to contain a 
SQL injec ...)
-       TODO: check
+       NOT-FOR-US: Warehouse Management System
 CVE-2022-34066 (The Texercise package in PyPI v0.0.1 to v0.0.12 was discovered 
to cont ...)
        NOT-FOR-US: Texercise package in PyPI
 CVE-2022-34065 (The Rondolu-YT-Concate package in PyPI v0.1.0 was discovered 
to contai ...)
@@ -12299,7 +12299,7 @@ CVE-2022-31881
 CVE-2022-31880
        RESERVED
 CVE-2022-31879 (Online Fire Reporting System 1.0 is vulnerable to SQL 
Injection via th ...)
-       TODO: check
+       NOT-FOR-US: Online Fire Reporting System
 CVE-2022-31878
        RESERVED
 CVE-2022-31877
@@ -16454,7 +16454,7 @@ CVE-2022-1649 (Null pointer dereference in 
libr/bin/format/mach0/mach0.c in rada
        NOTE: https://huntr.dev/bounties/c07e4918-cf86-4d2e-8969-5fb63575b449
        NOTE: 
https://github.com/radareorg/radare2/commit/a5aafb99c3965259c84ddcf45a91144bf7eb4cf1
 CVE-2022-1648 (Pandora FMS v7.0NG.760 and below allows a relative path 
traversal in F ...)
-       TODO: check
+       NOT-FOR-US: Pandora FMS
 CVE-2022-1647 (The FormCraft WordPress plugin before 1.2.6 does not sanitise 
and esca ...)
        NOT-FOR-US: WordPress plugin
 CVE-2022-30526 (A privilege escalation vulnerability was identified in the CLI 
command ...)
@@ -25037,9 +25037,9 @@ CVE-2022-1043 [Linux Kernel io_uring Use-After-Free 
Privilege Escalation Vulnera
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1997328
        NOTE: 
https://git.kernel.org/linus/a30f895ad3239f45012e860d4f94c1a388b36d14 (5.14-rc7)
 CVE-2022-1042 (In Zephyr bluetooth mesh core stack, an out-of-bound write 
vulnerabili ...)
-       TODO: check
+       NOT-FOR-US: Zyphyr
 CVE-2022-1041 (In Zephyr bluetooth mesh core stack, an out-of-bound write 
vulnerabili ...)
-       TODO: check
+       NOT-FOR-US: Zyphyr
 CVE-2022-27635
        RESERVED
 CVE-2022-27626
@@ -39655,9 +39655,9 @@ CVE-2022-23002
 CVE-2022-23001
        RESERVED
 CVE-2022-23000 (The Western Digital My Cloud Web App 
[https://os5.mycloud.com/] uses a ...)
-       TODO: check
+       NOT-FOR-US: Western Digital
 CVE-2022-22999 (Western Digital My Cloud devices are vulnerable to a cross 
side script ...)
-       TODO: check
+       NOT-FOR-US: Western Digital
 CVE-2022-22998 (Implemented protections on AWS credentials that were not 
properly prot ...)
        NOT-FOR-US: Western Digital
 CVE-2022-22997 (Addressed a remote code execution vulnerability by resolving a 
command ...)
@@ -41035,7 +41035,7 @@ CVE-2022-22688 (Improper neutralization of special 
elements used in a command ('
 CVE-2022-22687 (Buffer copy without checking size of input ('Classic Buffer 
Overflow') ...)
        NOT-FOR-US: Synology DiskStation Manager
 CVE-2022-22686 (Cross-Site Request Forgery (CSRF) vulnerability in webapi 
component in ...)
-       TODO: check
+       NOT-FOR-US: Synology
 CVE-2022-22685
        RESERVED
 CVE-2022-22684
@@ -41859,7 +41859,7 @@ CVE-2022-22414 (IBM Robotic Process Automation 21.0.2 
could allow a local user t
 CVE-2022-22413 (IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 is 
vulnerabl ...)
        NOT-FOR-US: IBM
 CVE-2022-22412 (IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 
could allow  ...)
-       TODO: check
+       NOT-FOR-US: IBM
 CVE-2022-22411
        RESERVED
 CVE-2022-22410 (IBM Watson Query with Cloud Pak for Data as a Service could 
allow an a ...)
@@ -50063,7 +50063,7 @@ CVE-2022-21643 (USOC is an open source CMS with a focus 
on simplicity. In affect
 CVE-2022-21642 (Discourse is an open source platform for community discussion. 
In affe ...)
        NOT-FOR-US: Discourse
 CVE-2021-43959 (Affected versions of Atlassian Jira Service Management Server 
and Data ...)
-       TODO: check
+       NOT-FOR-US: Atlassian
 CVE-2021-43958 (Various rest resources in Fisheye and Crucible before version 
4.8.9 al ...)
        NOT-FOR-US: Atlassian
 CVE-2021-43957 (Affected versions of Atlassian Fisheye &amp; Crucible allowed 
remote a ...)
@@ -89772,7 +89772,7 @@ CVE-2020-36292
 CVE-2020-36291
        RESERVED
 CVE-2020-36290 (The Livesearch macro in Confluence Server and Data Center 
before versi ...)
-       TODO: check
+       NOT-FOR-US: Atlassian
 CVE-2020-36289 (Affected versions of Atlassian Jira Server and Data Center 
allow an un ...)
        NOT-FOR-US: Atlassian
 CVE-2020-36288 (The issue navigation and search view in Jira Server and Data 
Center be ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b581402a4a5201adde9f329d41055a681b33a87a

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b581402a4a5201adde9f329d41055a681b33a87a
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] NFUs

Reply via email to