Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
0ddbe86b by Moritz Mühlenhoff at 2022-08-05T23:28:29+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -15,13 +15,13 @@ CVE-2022-37432
CVE-2022-2675
RESERVED
CVE-2022-2674 (A vulnerability was found in SourceCodester Best Fee Management
System ...)
- TODO: check
+ NOT-FOR-US: SourceCodester
CVE-2022-2673 (A vulnerability was found in Rigatur Online Booking and Hotel
Manageme ...)
- TODO: check
+ NOT-FOR-US: Rigatur Online Booking and Hotel Management System
CVE-2022-2672 (A vulnerability was found in SourceCodester Garage Management
System. ...)
- TODO: check
+ NOT-FOR-US: SourceCodester
CVE-2022-2671 (A vulnerability was found in SourceCodester Garage Management
System a ...)
- TODO: check
+ NOT-FOR-US: SourceCodester
CVE-2022-2670
RESERVED
CVE-2022-2669
@@ -81,13 +81,13 @@ CVE-2022-37398
CVE-2022-36350
RESERVED
CVE-2022-2667 (A vulnerability was found in SourceCodester Loan Management
System and ...)
- TODO: check
+ NOT-FOR-US: SourceCodester
CVE-2022-2666
RESERVED
CVE-2022-2665 (A vulnerability classified as critical was found in
SourceCodester Sim ...)
- TODO: check
+ NOT-FOR-US: SourceCodester
CVE-2022-2664 (A vulnerability classified as critical has been found in
Private Cloud ...)
- TODO: check
+ NOT-FOR-US: Private Cloud Management Platform
CVE-2020-36591
RESERVED
CVE-2020-36590
@@ -335,7 +335,7 @@ CVE-2022-2628
CVE-2022-2627
RESERVED
CVE-2022-2626 (Incorrect Privilege Assignment in GitHub repository
hestiacp/hestiacp ...)
- TODO: check
+ NOT-FOR-US: Hestia Control Panel
CVE-2022-37348
RESERVED
CVE-2022-37347
@@ -1631,29 +1631,29 @@ CVE-2022-36842
CVE-2022-36841
RESERVED
CVE-2022-36840 (DLL hijacking vulnerability in Samsung Update Setup prior to
version 2 ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-36839 (SQL injection vulnerability via IAPService in Samsung Checkout
prior t ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-36838 (Implicit Intent hijacking vulnerability in Galaxy Wearable
prior to ve ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-36837 (Intent redirection vulnerability using implicit intent in
Samsung emai ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-36836 (Unprotected provider vulnerability in Charm by Samsung prior
to versio ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-36835 (Implicit Intent hijacking vulnerability in Samsung Internet
Browser pr ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-36834 (Exposure of Sensitive Information vulnerability in Game
Launcher prior ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-36833 (Improper Privilege Management vulnerability in Game Optimizing
Service ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-36832 (Improper access control vulnerability in WebApp in Cameralyzer
prior t ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-36831 (Path traversal vulnerability in UriFileUtils of Samsung Notes
prior to ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-36830 (PendingIntent hijacking vulnerability in cancelAlarmManager in
Charm b ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-36829 (PendingIntent hijacking vulnerability in releaseAlarm in Charm
by Sams ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-36828
RESERVED
CVE-2022-36827
@@ -2614,7 +2614,7 @@ CVE-2022-36343 (Authenticated (author or higher user
role) Stored Cross-Site Scr
CVE-2022-36341
RESERVED
CVE-2022-36296 (Broken Authentication vulnerability in JumpDEMAND Inc.
ActiveDEMAND pl ...)
- TODO: check
+ NOT-FOR-US: JumpDEMAND
CVE-2022-36292
RESERVED
CVE-2022-36288
@@ -2622,7 +2622,7 @@ CVE-2022-36288
CVE-2022-36285
RESERVED
CVE-2022-36284 (Authenticated IDOR vulnerability in StoreApps Affiliate For
WooCommerc ...)
- TODO: check
+ NOT-FOR-US: WooCommerce addon
CVE-2022-36282
RESERVED
CVE-2022-35882 (Authenticated (author or higher user role) Stored Cross-Site
Scripting ...)
@@ -2650,7 +2650,7 @@ CVE-2022-33969 (Authenticated WordPress Options Change
vulnerability in Biplob A
CVE-2022-33943 (Authenticated (contributor or higher user role) Cross-Site
Scripting ( ...)
NOT-FOR-US: WordPress plugin
CVE-2022-33201 (Cross-Site Request Forgery (CSRF) vulnerability in MailerLite
– ...)
- TODO: check
+ NOT-FOR-US: MailerLite
CVE-2022-33142
RESERVED
CVE-2022-2515
@@ -3770,7 +3770,7 @@ CVE-2022-35938
CVE-2022-35937
RESERVED
CVE-2022-35936 (Ethermint is an Ethereum library. In Ethermint running
versions before ...)
- TODO: check
+ NOT-FOR-US: Ethermint
CVE-2022-35935
RESERVED
CVE-2022-35934
@@ -6648,9 +6648,9 @@ CVE-2022-34771
CVE-2022-34770
RESERVED
CVE-2022-34769 (Michlol - rashim web interface Insecure direct object
references (IDOR ...)
- TODO: check
+ NOT-FOR-US: Michlol
CVE-2022-34768 (Supersmart.me - Walk Through Performing unauthorized actions
on other ...)
- TODO: check
+ NOT-FOR-US: Supersmart.me
CVE-2022-34767 (Web page which "wizardpwd.asp" ALLNET Router model WR0500AC is
prone t ...)
NOT-FOR-US: ALLNET
CVE-2022-34766
@@ -9610,47 +9610,47 @@ CVE-2022-2086 (A vulnerability, which was classified as
critical, has been found
CVE-2022-33735
RESERVED
CVE-2022-33734 (Sensitive information exposure in onCharacteristicChanged in
Charm by ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-33733 (Sensitive information exposure in onCharacteristicRead in
Charm by Sam ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-33732 (Improper access control vulnerability in Samsung Dex for PC
prior to S ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-33731 (Improper access control vulnerability in DesktopSystemUI prior
to SMR ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-33730 (Heap-based buffer overflow vulnerability in Samsung Dex for PC
prior t ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-33729 (Improper restriction of broadcasting Intent in
ConfirmConnectActivity ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-33728 (Exposure of sensitive information in Bluetooth prior to SMR
Aug-2022 R ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-33727 (A vulnerable code in onCreate of SecDevicePickerDialog prior
to SMR Au ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-33726 (Unprotected dynamic receiver in Samsung Galaxy Friends prior
to SMR Au ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-33725 (A vulnerability using PendingIntent in Knox VPN prior to SMR
Aug-2022 ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-33724 (Exposure of Sensitive Information in Samsung Dialer
application?prior ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-33723 (A vulnerable code in onCreate of BluetoothScanDialog prior to
SMR Aug- ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-33722 (Implicit Intent hijacking vulnerability in Smart View prior to
SMR Aug ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-33721 (A vulnerability using PendingIntent in DeX for PC prior to SMR
Aug-202 ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-33720 (Improper authentication vulnerability in AppLock prior to SMR
Aug-2022 ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-33719 (Improper input validation in baseband prior to SMR Aug-2022
Release 1 ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-33718 (An improper access control vulnerability in Wi-Fi Service
prior to SMR ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-33717 (A missing input validation before memory read in SEM TA prior
to SMR A ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-33716 (An absence of variable initialization in ICCC TA prior to SMR
Aug-2022 ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-33715 (Improper access control and path traversal vulnerability in
LauncherPr ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-33714 (Improper access control vulnerability in
SemWifiApBroadcastReceiver pr ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-33713 (Implicit Intent hijacking vulnerability in Samsung Cloud prior
to vers ...)
NOT-FOR-US: Samsung
CVE-2022-33712 (Intent redirection vulnerability using implict intent in
Camera prior ...)
@@ -12219,7 +12219,7 @@ CVE-2022-28666 (Broken Access Control vulnerability in
YIKES Inc. Custom Product
CVE-2022-28612 (Improper Access Control vulnerability leading to multiple
Authenticate ...)
NOT-FOR-US: WordPress plugin
CVE-2022-25649 (Multiple Improper Access Control vulnerabilities in StoreApps
Affiliat ...)
- TODO: check
+ NOT-FOR-US: WooCommerce addon
CVE-2022-2035 (A reflected cross-site scripting (XSS) vulnerability exists in
the pla ...)
NOT-FOR-US: SCORM Engine
CVE-2022-2034
@@ -14849,25 +14849,25 @@ CVE-2022-31667
CVE-2022-31666
RESERVED
CVE-2022-31665 (VMware Workspace ONE Access, Identity Manager and vRealize
Automation ...)
- TODO: check
+ NOT-FOR-US: VMware
CVE-2022-31664 (VMware Workspace ONE Access, Identity Manager and vRealize
Automation ...)
- TODO: check
+ NOT-FOR-US: VMware
CVE-2022-31663 (VMware Workspace ONE Access, Identity Manager and vRealize
Automation ...)
- TODO: check
+ NOT-FOR-US: VMware
CVE-2022-31662 (VMware Workspace ONE Access, Identity Manager, Connectors and
vRealize ...)
- TODO: check
+ NOT-FOR-US: VMware
CVE-2022-31661 (VMware Workspace ONE Access, Identity Manager and vRealize
Automation ...)
- TODO: check
+ NOT-FOR-US: VMware
CVE-2022-31660 (VMware Workspace ONE Access, Identity Manager and vRealize
Automation ...)
- TODO: check
+ NOT-FOR-US: VMware
CVE-2022-31659 (VMware Workspace ONE Access and Identity Manager contain a
remote code ...)
- TODO: check
+ NOT-FOR-US: VMware
CVE-2022-31658 (VMware Workspace ONE Access, Identity Manager and vRealize
Automation ...)
- TODO: check
+ NOT-FOR-US: VMware
CVE-2022-31657 (VMware Workspace ONE Access and Identity Manager contain a URL
injecti ...)
- TODO: check
+ NOT-FOR-US: VMware
CVE-2022-31656 (VMware Workspace ONE Access, Identity Manager and vRealize
Automation ...)
- TODO: check
+ NOT-FOR-US: VMware
CVE-2022-31655 (VMware vRealize Log Insight in versions prior to 8.8.2 contain
a store ...)
NOT-FOR-US: VMware
CVE-2022-31654 (VMware vRealize Log Insight in versions prior to 8.8.2 contain
a store ...)
@@ -17935,7 +17935,7 @@ CVE-2022-1705
NOTE:
https://github.com/golang/go/commit/222ee24a0046ae61679f4d97967e3b4058a3b90e
(go1.18.4)
NOTE:
https://github.com/golang/go/commit/d13431c37ab62f9755f705731536ff74e7165b08
(go1.17.12)
CVE-2022-1704 (Due to an XML external entity reference, the software parses
XML in th ...)
- TODO: check
+ NOT-FOR-US: Ignition
CVE-2022-1703 (Improper neutralization of special elements in the SonicWall
SSL-VPN S ...)
NOT-FOR-US: SonicWall
CVE-2022-1702 (SonicWall SMA1000 series firmware 12.4.0, 12.4.1-02965 and
earlier ver ...)
@@ -35525,17 +35525,17 @@ CVE-2022-0529 (A flaw was found in Unzip. The
vulnerability occurs during the co
NOTE: https://github.com/ByteHackr/unzip_poc
NOTE: Unclear status, checking with upstream
CVE-2021-46681 (A XSS vulnerability exist in Pandora FMS version 756 and
below, that a ...)
- TODO: check
+ NOT-FOR-US: Pandora FMS
CVE-2021-46680 (A XSS vulnerability exist in Pandora FMS version 756 and
below, that a ...)
- TODO: check
+ NOT-FOR-US: Pandora FMS
CVE-2021-46679 (A XSS vulnerability exist in Pandora FMS version 756 and
below, that a ...)
- TODO: check
+ NOT-FOR-US: Pandora FMS
CVE-2021-46678 (A XSS vulnerability exist in Pandora FMS version 756 and
below, that a ...)
- TODO: check
+ NOT-FOR-US: Pandora FMS
CVE-2021-46677 (A XSS vulnerability exist in Pandora FMS version 756 and
below, that a ...)
- TODO: check
+ NOT-FOR-US: Pandora FMS
CVE-2021-46676 (A XSS vulnerability exist in Pandora FMS version 756 and
below, that a ...)
- TODO: check
+ NOT-FOR-US: Pandora FMS
CVE-2022-24668 (A program using swift-nio-http2 is vulnerable to a denial of
service a ...)
NOT-FOR-US: swift-nio-http2
CVE-2022-24667 (A program using swift-nio-http2 is vulnerable to a denial of
service a ...)
@@ -43962,7 +43962,7 @@ CVE-2022-22301 (An improper neutralization of special
elements used in an OS Com
CVE-2022-22300 (A improper handling of insufficient permissions or privileges
in Forti ...)
NOT-FOR-US: FortiGuard
CVE-2022-22299 (A format string vulnerability [CWE-134] in the command line
interprete ...)
- TODO: check
+ NOT-FOR-US: FortiNet
CVE-2022-22298
RESERVED
CVE-2022-22297
@@ -73273,7 +73273,7 @@ CVE-2021-36863
CVE-2021-36862
RESERVED
CVE-2021-36861 (Cross-Site Request Forgery (CSRF) vulnerability in Rich
Reviews by Sta ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-36860
RESERVED
CVE-2021-36859
@@ -96468,7 +96468,7 @@ CVE-2021-27799 (ean_leading_zeroes in backend/upcean.c
in Zint Barcode Generator
NOTE: https://sourceforge.net/p/zint/tickets/218/
NOTE:
https://sourceforge.net/p/zint/code/ci/7f8c8114f31c09a986597e0ba63a49f96150368a/
CVE-2021-27798 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability in Brocade
Fabric OS v ...)
- TODO: check
+ NOT-FOR-US: Brocade
CVE-2021-27797 (Brocade Fabric OS before Brocade Fabric OS v8.2.1c, v8.1.2h,
and all v ...)
NOT-FOR-US: Brocade
CVE-2021-27796 (A vulnerability in Brocade Fabric OS versions before Brocade
Fabric OS ...)
@@ -194651,7 +194651,7 @@ CVE-2020-1756
CVE-2020-1755
RESERVED
CVE-2020-1754 (In Moodle before 3.8.2, 3.7.5, 3.6.9 and 3.5.11, users viewing
the gra ...)
- TODO: check
+ - moodle <removed>
CVE-2020-1753 (A security flaw was found in Ansible Engine, all Ansible 2.7.x
version ...)
{DSA-4950-1}
- ansible 2.9.16+dfsg-1
@@ -194925,7 +194925,7 @@ CVE-2020-1693 (A flaw was found in Spacewalk up to
version 2.9 where it was vuln
CVE-2020-1692 (Moodle before version 3.7.2 is vulnerable to information
exposure of s ...)
- moodle <removed>
CVE-2020-1691 (In Moodle 3.8, messages required extra sanitizing before
updating the ...)
- TODO: check
+ - moodle <removed>
CVE-2020-1690 (An improper authorization flaw was discovered in
openstack-selinux's a ...)
NOT-FOR-US: openstack-selinux
CVE-2019-19364 (A weak malicious user can escalate its privilege whenever
CatalystProd ...)
@@ -381280,7 +381280,7 @@ CVE-2016-3099 (mod_ns in Red Hat Enterprise Linux
Desktop 7, Red Hat Enterprise
[wheezy] - libapache2-mod-nss <not-affected> (Vulnerability introduced
in 1.0.11)
NOTE: Introduced in
https://git.fedorahosted.org/cgit/mod_nss.git/commit/?id=2d1650900f4d47dc43400d826c0f7e1a7c5229b8
(1.10.11)
CVE-2016-3098 (Cross-site request forgery (CSRF) vulnerability in administrate
0.1.4 ...)
- TODO: check
+ NOT-FOR-US: administrate
CVE-2016-3097 (Cross-site scripting (XSS) vulnerability in spacewalk-java in
Red Hat ...)
NOT-FOR-US: spacewalk-java
CVE-2016-3096 (The create_script function in the lxc_container module in
Ansible befo ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0ddbe86b3a7aebdc102967e83c999fd458fa9825
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0ddbe86b3a7aebdc102967e83c999fd458fa9825
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
