Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
260041ef by Moritz Muehlenhoff at 2022-07-28T23:24:48+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -19,7 +19,7 @@ CVE-2022-2566
CVE-2022-2565
RESERVED
CVE-2022-2564 (Prototype Pollution in GitHub repository automattic/mongoose
prior to ...)
- TODO: check
+ NOT-FOR-US: Mongoose
CVE-2022-2563
RESERVED
CVE-2022-37008
@@ -1409,7 +1409,7 @@ CVE-2022-36284
CVE-2022-36282
RESERVED
CVE-2022-35882 (Authenticated (author or higher user role) Stored Cross-Site
Scripting ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-34868
RESERVED
CVE-2022-34867
@@ -14761,7 +14761,7 @@ CVE-2022-31241
CVE-2022-31240
RESERVED
CVE-2022-1805 (When connecting to Amazon Workspaces, the SHA256 presented by
AWS conn ...)
- TODO: check
+ NOT-FOR-US: Tera2
CVE-2022-1804
RESERVED
CVE-2022-1803 (Improper Restriction of Rendered UI Layers or Frames in GitHub
reposit ...)
@@ -17518,21 +17518,21 @@ CVE-2022-1616 (Use after free in append_command in
GitHub repository vim/vim pri
NOTE: https://huntr.dev/bounties/40f1d75f-fb2f-4281-b585-a41017f217e2
NOTE:
https://github.com/vim/vim/commit/d88934406c5375d88f8f1b65331c9f0cab68cc6c
(v8.2.4895)
CVE-2022-30320 (Saia Burgess Controls (SBC) PCD through 2022-05-06 uses a
Broken or Ri ...)
- TODO: check
+ NOT-FOR-US: Saia Burgess Controls
CVE-2022-30319 (Saia Burgess Controls (SBC) PCD through 2022-05-06 allows
Authenticati ...)
- TODO: check
+ NOT-FOR-US: Saia Burgess Controls
CVE-2022-30318
RESERVED
CVE-2022-30317
RESERVED
CVE-2022-30316 (Honeywell Experion PKS Safety Manager 5.02 has Insufficient
Verificati ...)
- TODO: check
+ NOT-FOR-US: Honeywell
CVE-2022-30315 (Honeywell Experion PKS Safety Manager (SM and FSC) through
2022-05-06 ...)
- TODO: check
+ NOT-FOR-US: Honeywell
CVE-2022-30314 (Honeywell Experion PKS Safety Manager 5.02 uses Hard-coded
Credentials ...)
- TODO: check
+ NOT-FOR-US: Honeywell
CVE-2022-30313 (Honeywell Experion PKS Safety Manager through 2022-05-06 has
Missing A ...)
- TODO: check
+ NOT-FOR-US: Honeywell
CVE-2022-30312
RESERVED
CVE-2022-30311 (In Festo Controller CECC-X-M1 product family in multiple
versions, the ...)
@@ -25535,13 +25535,13 @@ CVE-2022-27616
CVE-2022-27615 (Improper limitation of a pathname to a restricted directory
('Path Tra ...)
NOT-FOR-US: Synology
CVE-2022-27614 (Exposure of sensitive information to an unauthorized actor
vulnerabili ...)
- TODO: check
+ NOT-FOR-US: Synology
CVE-2022-27613 (Improper neutralization of special elements used in an SQL
command ('S ...)
- TODO: check
+ NOT-FOR-US: Synology
CVE-2022-27612 (Buffer copy without checking size of input ('Classic Buffer
Overflow') ...)
- TODO: check
+ NOT-FOR-US: Synology
CVE-2022-27611 (Improper limitation of a pathname to a restricted directory
('Path Tra ...)
- TODO: check
+ NOT-FOR-US: Synology
CVE-2022-27610 (Improper limitation of a pathname to a restricted directory
('Path Tra ...)
NOT-FOR-US: Synology
CVE-2022-27609 (Forcepoint One Endpoint prior to version 22.01 installed on
Microsoft ...)
@@ -25748,7 +25748,7 @@ CVE-2022-27511 (Corruption of the system by a remote,
unauthenticated user. The
CVE-2022-27510
RESERVED
CVE-2022-27509 (Unauthenticated redirection to a malicious website ...)
- TODO: check
+ NOT-FOR-US: Citrix
CVE-2022-27508
RESERVED
CVE-2022-27507
@@ -41517,11 +41517,11 @@ CVE-2022-22687 (Buffer copy without checking size of
input ('Classic Buffer Over
CVE-2022-22686 (Cross-Site Request Forgery (CSRF) vulnerability in webapi
component in ...)
NOT-FOR-US: Synology
CVE-2022-22685 (Improper limitation of a pathname to a restricted directory
('Path Tra ...)
- TODO: check
+ NOT-FOR-US: Synology
CVE-2022-22684 (Improper neutralization of special elements used in an OS
command ('OS ...)
- TODO: check
+ NOT-FOR-US: Synology
CVE-2022-22683 (Buffer copy without checking size of input ('Classic Buffer
Overflow') ...)
- TODO: check
+ NOT-FOR-US: Synology
CVE-2022-22682 (Improper neutralization of input during web page generation
('Cross-si ...)
NOT-FOR-US: Synology
CVE-2022-22681 (Session fixation vulnerability in access control management in
Synolog ...)
@@ -107544,27 +107544,27 @@ CVE-2021-22652 (Access to the Advantech iView
versions prior to v5.7.03.6112 con
CVE-2021-22651 (When loading a specially crafted file, Luxion KeyShot versions
prior t ...)
NOT-FOR-US: Luxion
CVE-2021-22650 (An attacker may use TWinSoft and a malicious source project
file (TPG) ...)
- TODO: check
+ NOT-FOR-US: TWinSoft
CVE-2021-22649 (Luxion KeyShot versions prior to 10.1, Luxion KeyShot Viewer
versions ...)
NOT-FOR-US: Luxion KeyShot
CVE-2021-22648 (Ovarro TBox proprietary Modbus file access functions allow
attackers t ...)
- TODO: check
+ NOT-FOR-US: Ovarro TBox
CVE-2021-22647 (Luxion KeyShot versions prior to 10.1, Luxion KeyShot Viewer
versions ...)
NOT-FOR-US: Luxion KeyShot
CVE-2021-22646 (The “ipk” package containing the configuration
created by ...)
- TODO: check
+ NOT-FOR-US: Ovarro TBox
CVE-2021-22645 (Luxion KeyShot versions prior to 10.1, Luxion KeyShot Viewer
versions ...)
NOT-FOR-US: Luxion KeyShot
CVE-2021-22644 (Ovarro TBox TWinSoft uses the custom hardcoded user
“TWinSoft ...)
- TODO: check
+ NOT-FOR-US: Ovarro TBox
CVE-2021-22643 (Luxion KeyShot versions prior to 10.1, Luxion KeyShot Viewer
versions ...)
NOT-FOR-US: Luxion KeyShot
CVE-2021-22642 (An attacker could use specially crafted invalid Modbus frames
to crash ...)
- TODO: check
+ NOT-FOR-US: Ovarro
CVE-2021-22641 (A heap-based buffer overflow issue has been identified in the
way the ...)
NOT-FOR-US: Fuji Electric
CVE-2021-22640 (An attacker can decrypt the Ovarro TBox login password by
communicatio ...)
- TODO: check
+ NOT-FOR-US: Ovarro TBox
CVE-2021-22639 (An uninitialized pointer issue has been identified in the way
the appl ...)
NOT-FOR-US: Fuji Electric
CVE-2021-22638 (Fatek FvDesigner Version 1.5.76 and prior is vulnerable to an
out-of-b ...)
@@ -374479,7 +374479,7 @@ CVE-2016-4992 (389 Directory Server in Red Hat
Enterprise Linux Desktop 6 throug
[jessie] - 389-ds-base <no-dsa> (Minor issue)
NOTE:
http://directory.fedoraproject.org/docs/389ds/releases/release-1-3-5-13.html
CVE-2016-4991 (Input passed to the Pdf() function is shell escaped and passed
to chil ...)
- TODO: check
+ NOT-FOR-US: Node nodepdf
CVE-2016-4990
REJECTED
CVE-2016-4989 (setroubleshoot allows local users to bypass an intended
container prot ...)
@@ -376299,9 +376299,9 @@ CVE-2016-4428 (Cross-site scripting (XSS)
vulnerability in OpenStack Dashboard (
- horizon 3:9.0.1-2 (bug #828967)
NOTE: https://bugs.launchpad.net/bugs/1567673
CVE-2016-4427 (In zulip before 1.3.12, deactivated users could access messages
if SSO ...)
- TODO: check
+ NOT-FOR-US: Zulip
CVE-2016-4426 (In zulip before 1.3.12, bot API keys were accessible to other
users in ...)
- TODO: check
+ NOT-FOR-US: Zulip
CVE-2016-4424
RESERVED
CVE-2016-4423 (The attemptAuthentication function in
Component/Security/Http/Firewall ...)
@@ -383243,9 +383243,9 @@ CVE-2016-2140 (The libvirt driver in OpenStack
Compute (Nova) before 2015.1.4 (k
[wheezy] - nova <no-dsa> (Minor issue)
NOTE: Affects: <=2015.1.3, >=12.0.0 <=12.0.2
CVE-2016-2139 (In kippo-graph before version 1.5.1, there is a cross-site
scripting v ...)
- TODO: check
+ NOT-FOR-US: kippo-graph
CVE-2016-2138 (In kippo-graph before version 1.5.1, there is a cross-site
scripting v ...)
- TODO: check
+ NOT-FOR-US: kippo-graph
CVE-2016-2137
REJECTED
CVE-2016-2136
@@ -388162,7 +388162,7 @@ CVE-2016-0797 (Multiple integer overflows in OpenSSL
1.0.1 before 1.0.1s and 1.0
NOTE: https://www.openssl.org/news/secadv/20160301.txt
NOTE: Fixed in master in
https://git.openssl.org/?p=openssl.git;a=commit;h=99ba9fd02fd481eb971023a3a0a251a37eb87e4c
CVE-2016-0796 (WordPress Plugin mb.miniAudioPlayer-an HTML5 audio player for
your mp3 ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2016-0795 (LibreOffice before 5.0.5 allows remote attackers to cause a
denial of ...)
{DSA-3482-1}
- libreoffice 1:5.0.5~rc1-1
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/260041ef6c4eef917e57517f043b198d21b165a2
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/260041ef6c4eef917e57517f043b198d21b165a2
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
