Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
f03a228d by Moritz Muehlenhoff at 2022-07-27T23:00:56+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -53,7 +53,7 @@ CVE-2022-2552
CVE-2022-2551
RESERVED
CVE-2022-2550 (OS Command Injection in GitHub repository hestiacp/hestiacp
prior to 1 ...)
- TODO: check
+ NOT-FOR-US: Hestia Control Panel
CVE-2022-2549 (NULL Pointer Dereference in GitHub repository gpac/gpac prior
to v2.1. ...)
TODO: check
CVE-2022-36922 (Jenkins Lucene-Search Plugin 370.v62a5f618cd3a and earlier
does not es ...)
@@ -1233,11 +1233,11 @@ CVE-2022-34344
CVE-2022-34154
RESERVED
CVE-2022-33970 (Authenticated WordPress Options Change vulnerability in
Biplob018 Shor ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-33969 (Authenticated WordPress Options Change vulnerability in Biplob
Adhikar ...)
NOT-FOR-US: WordPress plugin
CVE-2022-33943 (Authenticated (contributor or higher user role) Cross-Site
Scripting ( ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-33201
RESERVED
CVE-2022-33142
@@ -2977,13 +2977,14 @@ CVE-2022-35674
CVE-2022-35673
RESERVED
CVE-2022-35672 (Adobe Acrobat Reader version 22.001.20085 (and earlier),
20.005.30314 ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2022-35671
RESERVED
CVE-2022-35670
RESERVED
CVE-2022-35669 (Acrobat Reader versions 22.001.20142 (and earlier),
20.005.30334 (and ...)
- TODO: check
+ NOT-FOR-US: Adobe
+
CVE-2022-35668
RESERVED
CVE-2022-35667
@@ -3891,7 +3892,7 @@ CVE-2022-35293
CVE-2022-35292
RESERVED
CVE-2022-35291 (Due to misconfigured application endpoints, SAP SuccessFactors
attachm ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2022-35290
RESERVED
CVE-2022-35289
@@ -4088,13 +4089,13 @@ CVE-2022-2315
CVE-2022-2314
RESERVED
CVE-2022-2313 (A DLL hijacking vulnerability in the MA Smart Installer for
Windows pr ...)
- TODO: check
+ NOT-FOR-US: MA Smart Installer for Windows
CVE-2022-2312
RESERVED
CVE-2022-2311
RESERVED
CVE-2022-2310 (An authentication bypass vulnerability in Skyhigh SWG in main
releases ...)
- TODO: check
+ NOT-FOR-US: Skyhigh SWG
CVE-2022-2309 (NULL Pointer Dereference allows attackers to cause a denial of
service ...)
- lxml 4.9.1-1 (bug #1014766)
[bullseye] - lxml <no-dsa> (Minor issue)
@@ -5812,11 +5813,11 @@ CVE-2022-34553
CVE-2022-34552
RESERVED
CVE-2022-34551 (Sims v1.0 was discovered to allow path traversal when
downloading atta ...)
- TODO: check
+ NOT-FOR-US: Sims
CVE-2022-34550 (Sims v1.0 was discovered to contain a cross-site scripting
(XSS) vulne ...)
- TODO: check
+ NOT-FOR-US: Sims
CVE-2022-34549 (Sims v1.0 was discovered to contain an arbitrary file upload
vulnerabi ...)
- TODO: check
+ NOT-FOR-US: Sims
CVE-2022-34548
RESERVED
CVE-2022-34547
@@ -5856,7 +5857,7 @@ CVE-2022-34531
CVE-2022-34530
RESERVED
CVE-2022-34529 (WASM3 v0.5.0 was discovered to contain a segmentation fault
via the co ...)
- TODO: check
+ NOT-FOR-US: WASM3
CVE-2022-34528
RESERVED
CVE-2022-34527
@@ -7047,9 +7048,9 @@ CVE-2022-34123
CVE-2022-34122
RESERVED
CVE-2022-34121 (Cuppa CMS v1.0 was discovered to contain a local file
inclusion (LFI) ...)
- TODO: check
+ NOT-FOR-US: Cuppa CMS
CVE-2022-34120 (Barangay Management System v1.0 was discovered to contain a
remote cod ...)
- TODO: check
+ NOT-FOR-US: Barangay Management System
CVE-2022-34119
RESERVED
CVE-2022-34118
@@ -25395,7 +25396,7 @@ CVE-2022-27612
CVE-2022-27611
RESERVED
CVE-2022-27610 (Improper limitation of a pathname to a restricted directory
('Path Tra ...)
- TODO: check
+ NOT-FOR-US: Synology
CVE-2022-27609 (Forcepoint One Endpoint prior to version 22.01 installed on
Microsoft ...)
NOT-FOR-US: Forcepoint One Endpoint
CVE-2022-27608 (Forcepoint One Endpoint prior to version 22.01 installed on
Microsoft ...)
@@ -34665,9 +34666,9 @@ CVE-2022-24407 (In Cyrus SASL 2.1.17 through 2.1.27
before 2.1.28, plugins/sql.c
NOTE: Fixed by:
https://github.com/cyrusimap/cyrus-sasl/commit/2d2e97b0eb53fa7f87a3bf1529d8f712dd954480
(master)
NOTE:
https://www.cyrusimap.org/sasl/sasl/release-notes/2.1/index.html#new-in-2-1-28
CVE-2022-24406 (OX App Suite through 7.10.6 allows SSRF because
multipart/form-data bo ...)
- TODO: check
+ NOT-FOR-US: OX App Suite
CVE-2022-24405 (OX App Suite through 7.10.6 allows OS Command Injection via a
serializ ...)
- TODO: check
+ NOT-FOR-US: OX App Suite
CVE-2022-24404
RESERVED
CVE-2022-24403
@@ -39720,11 +39721,11 @@ CVE-2022-0183 (Missing encryption of sensitive data
vulnerability in 'MIRUPASS'
CVE-2020-36515
RESERVED
CVE-2022-23101 (OX App Suite through 7.10.6 allows XSS via appHandler in a
deep link i ...)
- TODO: check
+ NOT-FOR-US: OX App Suite
CVE-2022-23100 (OX App Suite through 7.10.6 allows OS Command Injection via
Documentco ...)
- TODO: check
+ NOT-FOR-US: OX App Suite
CVE-2022-23099 (OX App Suite through 7.10.6 allows XSS by forcing block-wise
read. ...)
- TODO: check
+ NOT-FOR-US: OX App Suite
CVE-2022-23098 (An issue was discovered in the DNS proxy in Connman through
1.40. The ...)
{DLA-2915-1}
- connman 1.36-2.4 (bug #1004935)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f03a228dc47e2495c59ec064ae0434a74400774e
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f03a228dc47e2495c59ec064ae0434a74400774e
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
