Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
a563d910 by Moritz Mühlenhoff at 2022-08-19T00:04:37+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -39,7 +39,7 @@ CVE-2022-2878
CVE-2022-2877
RESERVED
CVE-2022-2876 (A vulnerability, which was classified as critical, was found in
Source ...)
- TODO: check
+ NOT-FOR-US: SourceCodester
CVE-2022-XXXX [freeciv modpack installer buffer overflow]
- freeciv <unfixed> (bug #1017579)
[bullseye] - freeciv <no-dsa> (Minor issue)
@@ -80,7 +80,7 @@ CVE-2022-38382
CVE-2022-38105
RESERVED
CVE-2022-2870 (A vulnerability was found in laravel 5.1 and classified as
problematic ...)
- TODO: check
+ NOTE: Additional misreport for laravel, likely to be rejected
CVE-2022-2869 (libtiff's tiffcrop tool has a uint32_t underflow which leads to
out of ...)
- tiff 4.4.0~rc1-1
NOTE: https://gitlab.com/libtiff/libtiff/-/issues/352
@@ -599,7 +599,7 @@ CVE-2022-2811 (A vulnerability classified as problematic
has been found in Sourc
CVE-2022-2810
RESERVED
CVE-2022-38216 (An integer overflow exists in Mapbox's closed source gl-native
library ...)
- TODO: check
+ NOT-FOR-US: Mapbox
CVE-2022-38215
RESERVED
CVE-2022-38214
@@ -836,7 +836,7 @@ CVE-2022-38152
CVE-2022-38151
RESERVED
CVE-2022-38149 (HashiCorp Consul Template through 0.29.1 inserts Sensitive
Information ...)
- TODO: check
+ NOT-FOR-US: Consul Template
CVE-2022-38148
RESERVED
CVE-2022-38147
@@ -2501,7 +2501,7 @@ CVE-2022-37424
CVE-2022-37423 (Neo4j APOC (Awesome Procedures on Cypher) before 4.3.0.7 and
4.x befor ...)
NOT-FOR-US: Neo4j APOC (Awesome Procedures on Cypher)
CVE-2022-37422 (Payara through 5.2022.2 allows directory traversal without
authenticat ...)
- TODO: check
+ NOT-FOR-US: Payara
CVE-2022-37421
RESERVED
CVE-2022-37420
@@ -3462,13 +3462,13 @@ CVE-2022-37065
CVE-2022-37064
RESERVED
CVE-2022-37063 (All FLIR AX8 thermal sensor cameras versions up to and
including 1.46. ...)
- TODO: check
+ NOT-FOR-US: FLIR AX8
CVE-2022-37062 (All FLIR AX8 thermal sensor cameras version up to and
including 1.46.1 ...)
- TODO: check
+ NOT-FOR-US: FLIR AX8
CVE-2022-37061 (All FLIR AX8 thermal sensor cameras version up to and
including 1.46.1 ...)
- TODO: check
+ NOT-FOR-US: FLIR AX8
CVE-2022-37060 (FLIR AX8 thermal sensor cameras version up to and including
1.46.16 is ...)
- TODO: check
+ NOT-FOR-US: FLIR AX8
CVE-2022-37059
RESERVED
CVE-2022-37058
@@ -3559,7 +3559,7 @@ CVE-2022-37027
CVE-2022-37026
RESERVED
CVE-2022-37025 (An improper privilege management vulnerability in McAfee
Security Scan ...)
- TODO: check
+ NOT-FOR-US: McAfee
CVE-2022-37024 (Zoho ManageEngine OpManager, OpManager Plus, OpManager MSP,
Network Co ...)
NOT-FOR-US: Zoho ManageEngine
CVE-2022-2588
@@ -4742,7 +4742,7 @@ CVE-2022-36532
CVE-2022-36531
RESERVED
CVE-2022-36530 (An issue was discovered in rageframe2 2.6.37. There is a XSS
vulnerabi ...)
- TODO: check
+ NOT-FOR-US: rageframe
CVE-2022-36529
RESERVED
CVE-2022-36528
@@ -5094,7 +5094,7 @@ CVE-2022-36357
CVE-2022-36346
RESERVED
CVE-2022-36344 (An unquoted search path vulnerability exists in 'JustSystems
JUST Onli ...)
- TODO: check
+ NOT-FOR-US: JustSystems
CVE-2022-36343 (Authenticated (author or higher user role) Stored Cross-Site
Scripting ...)
NOT-FOR-US: WordPress plugin
CVE-2022-36341
@@ -6108,9 +6108,9 @@ CVE-2022-36026
CVE-2022-36025
RESERVED
CVE-2022-36024 (A fork of discord.py py-cord is a modern, easy to use,
feature-rich, a ...)
- TODO: check
+ NOT-FOR-US: py-cord
CVE-2022-36023 (Hyperledger Fabric is an enterprise-grade permissioned
distributed led ...)
- TODO: check
+ NOT-FOR-US: Hyperledger Fabric
CVE-2022-36022
RESERVED
CVE-2022-36021
@@ -6136,7 +6136,7 @@ CVE-2022-36012
CVE-2022-36011
RESERVED
CVE-2022-36010 (This library allows strings to be parsed as functions and
stored as a ...)
- TODO: check
+ NOT-FOR-US: oxyno-zeta
CVE-2022-36009
RESERVED
CVE-2022-36008
@@ -6208,7 +6208,7 @@ CVE-2022-35977
CVE-2022-35976
RESERVED
CVE-2022-35975 (The GitOps Tools Extension for VSCode can make it easier to
manage Flu ...)
- TODO: check
+ NOT-FOR-US: GitOps Tools Extension for VSCode
CVE-2022-35974
RESERVED
CVE-2022-35973
@@ -8114,7 +8114,7 @@ CVE-2022-35200
CVE-2022-35199
RESERVED
CVE-2022-35198 (Contract Management System v2.0 contains a weak default
password which ...)
- TODO: check
+ NOT-FOR-US: Contract Management System
CVE-2022-35197
RESERVED
CVE-2022-35196
@@ -8160,11 +8160,11 @@ CVE-2022-35177
CVE-2022-35176
RESERVED
CVE-2022-35175 (Barangay Management System v1.0 was discovered to contain a
SQL inject ...)
- TODO: check
+ NOT-FOR-US: Barangay
CVE-2022-35174 (A stored cross-site scripting (XSS) vulnerability in Kirby's
Starterki ...)
- TODO: check
+ NOT-FOR-US: Kirby
CVE-2022-35173 (An issue was discovered in Nginx NJS v0.7.5. The JUMP offset
for a bre ...)
- TODO: check
+ NOT-FOR-US: Nginx NJS
CVE-2022-35172 (SAP NetWeaver Enterprise Portal - versions 7.10, 7.11, 7.20,
7.30, 7.3 ...)
NOT-FOR-US: SAP
CVE-2022-35171 (When a user opens manipulated JPEG 2000 (.jp2, jp2k.x3d) files
receive ...)
@@ -11763,29 +11763,29 @@ CVE-2022-33882
CVE-2022-33881 (Parsing a maliciously crafted PRT file can force Autodesk
AutoCAD 2023 ...)
NOT-FOR-US: Autodesk
CVE-2022-33311 (Browse restriction bypass vulnerability in Address Book of
Cybozu Offi ...)
- TODO: check
+ NOT-FOR-US: Cybozu
CVE-2022-33151 (Cross-site scripting vulnerability in the specific parameters
of Cyboz ...)
- TODO: check
+ NOT-FOR-US: Cybozu
CVE-2022-32583 (Operation restriction bypass vulnerability in Scheduler of
Cybozu Offi ...)
- TODO: check
+ NOT-FOR-US: Cybozu
CVE-2022-32544 (Operation restriction bypass vulnerability in Project of
Cybozu Office ...)
- TODO: check
+ NOT-FOR-US: Cybozu
CVE-2022-32453 (HTTP header injection vulnerability in Cybozu Office 10.0.0 to
10.8.5 ...)
- TODO: check
+ NOT-FOR-US: Cybozu
CVE-2022-32283 (Browse restriction bypass vulnerability in Cabinet of Cybozu
Office 10 ...)
- TODO: check
+ NOT-FOR-US: Cybozu
CVE-2022-30693 (Information disclosure vulnerability in the system
configuration of Cy ...)
- TODO: check
+ NOT-FOR-US: Cybozu
CVE-2022-30604 (Cross-site scripting vulnerability in the specific parameters
of Cyboz ...)
- TODO: check
+ NOT-FOR-US: Cybozu
CVE-2022-29891 (Browse restriction bypass vulnerability in Custom Ap of Cybozu
Office ...)
- TODO: check
+ NOT-FOR-US: Cybozu
CVE-2022-29487 (Cross-site scripting vulnerability in Cybozu Office 10.0.0 to
10.8.5 a ...)
- TODO: check
+ NOT-FOR-US: Cybozu
CVE-2022-28715 (Cross-site scripting vulnerability in the specific parameters
of Cyboz ...)
- TODO: check
+ NOT-FOR-US: Cybozu
CVE-2022-25986 (Browse restriction bypass vulnerability in Scheduler of Cybozu
Office ...)
- TODO: check
+ NOT-FOR-US: Cybozu
CVE-2022-2108 (The plugin Wbcom Designs – BuddyPress Group Reviews for
WordPres ...)
NOT-FOR-US: WordPress plugin
CVE-2022-2107 (The MiCODUS MV720 GPS tracker API server has an authentication
mechani ...)
@@ -23839,9 +23839,9 @@ CVE-2022-29552
CVE-2022-29551
RESERVED
CVE-2022-29550 (** DISPUTED ** An issue was discovered in Qualys Cloud Agent
4.8.0-49. ...)
- TODO: check
+ NOT-FOR-US: Qualys
CVE-2022-29549 (An issue was discovered in Qualys Cloud Agent 4.8.0-49. It
executes pr ...)
- TODO: check
+ NOT-FOR-US: Qualys
CVE-2022-29548 (A reflected XSS issue exists in the Management Console of
several WSO2 ...)
NOT-FOR-US: WSO2
CVE-2022-29547 (The CreateRedirect extension before 2022-04-14 for MediaWiki
does not ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a563d910b526db46fffa2c988fc37deb1d28c791
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a563d910b526db46fffa2c988fc37deb1d28c791
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
