Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
9d1f1119 by Salvatore Bonaccorso at 2022-08-19T10:40:47+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -4020,7 +4020,7 @@ CVE-2022-36949 (In Veritas NetBackup OpsCenter, an
attacker with local access to
CVE-2022-36948 (In Veritas NetBackup OpsCenter, a DOM XSS attack can occur.
This affec ...)
NOT-FOR-US: Veritas
CVE-2022-36947 (Unsafe Parsing of a PNG tRNS chunk in FastStone Image Viewer
through 7 ...)
- TODO: check
+ NOT-FOR-US: FastStone Image Viewer
CVE-2022-36946 (nfqnl_mangle in net/netfilter/nfnetlink_queue.c in the Linux
kernel th ...)
{DSA-5207-1}
- linux 5.18.16-1
@@ -4524,21 +4524,21 @@ CVE-2022-36731
CVE-2022-36730
RESERVED
CVE-2022-36729 (Library Management System v1.0 was discovered to contain a SQL
injecti ...)
- TODO: check
+ NOT-FOR-US: Library Management System
CVE-2022-36728 (Library Management System v1.0 was discovered to contain a SQL
injecti ...)
- TODO: check
+ NOT-FOR-US: Library Management System
CVE-2022-36727 (Library Management System v1.0 was discovered to contain a SQL
injecti ...)
- TODO: check
+ NOT-FOR-US: Library Management System
CVE-2022-36726
RESERVED
CVE-2022-36725 (Library Management System v1.0 was discovered to contain a SQL
injecti ...)
- TODO: check
+ NOT-FOR-US: Library Management System
CVE-2022-36724
RESERVED
CVE-2022-36723
RESERVED
CVE-2022-36722 (Library Management System v1.0 was discovered to contain a SQL
injecti ...)
- TODO: check
+ NOT-FOR-US: Library Management System
CVE-2022-36721
RESERVED
CVE-2022-36720
@@ -6386,7 +6386,7 @@ CVE-2022-35978 (Minetest is a free open-source voxel game
engine with easy moddi
CVE-2022-35977
RESERVED
CVE-2022-35976 (The GitOps Tools Extension for VSCode relies on kubeconfigs in
order t ...)
- TODO: check
+ NOT-FOR-US: GitOps Tools Extension for VSCode
CVE-2022-35975 (The GitOps Tools Extension for VSCode can make it easier to
manage Flu ...)
NOT-FOR-US: GitOps Tools Extension for VSCode
CVE-2022-35974
@@ -8264,9 +8264,9 @@ CVE-2022-35215
CVE-2022-35214
RESERVED
CVE-2022-35213 (Ecommerce-CodeIgniter-Bootstrap before commit 56465f was
discovered to ...)
- TODO: check
+ NOT-FOR-US: Ecommerce-CodeIgniter-Bootstrap
CVE-2022-35212 (osCommerce2 before v2.3.4.1 was discovered to contain a
cross-site scr ...)
- TODO: check
+ NOT-FOR-US: osCommerce2
CVE-2022-35211
RESERVED
CVE-2022-35210
@@ -8282,7 +8282,7 @@ CVE-2022-35206
CVE-2022-35205
RESERVED
CVE-2022-35204 (Vitejs Vite before v2.9.13 was discovered to allow attackers
to perfor ...)
- TODO: check
+ NOT-FOR-US: Vitejs Vite
CVE-2022-35203
RESERVED
CVE-2022-35202
@@ -8356,7 +8356,7 @@ CVE-2022-35169 (SAP BusinessObjects Business Intelligence
Platform (LCM) - versi
CVE-2022-35168 (Due to improper input sanitization of XML input in SAP
Business One - ...)
NOT-FOR-US: SAP
CVE-2022-35167 (Printix Cloud Print Management v1.3.1149.0 for Windows was
discovered ...)
- TODO: check
+ NOT-FOR-US: Printix Cloud Print Management
CVE-2022-35166 (libjpeg commit 842c7ba was discovered to contain an infinite
loop via ...)
- libjpeg <unfixed>
NOTE: https://github.com/thorfdbg/libjpeg/issues/7
@@ -8993,7 +8993,7 @@ CVE-2022-34854
CVE-2022-34841
RESERVED
CVE-2022-34488 (Improper buffer restrictions in the firmware for some Intel(R)
NUC Lap ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-34346
RESERVED
CVE-2022-33972
@@ -9772,7 +9772,7 @@ CVE-2022-34647
CVE-2022-34646
RESERVED
CVE-2022-34345 (Improper input validation in the firmware for some Intel(R)
NUC Laptop ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-34157
RESERVED
CVE-2022-33964
@@ -9784,7 +9784,7 @@ CVE-2022-33190
CVE-2022-32971
RESERVED
CVE-2022-32579 (Improper initialization in the firmware for some Intel(R) NUC
Laptop K ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-31476
RESERVED
CVE-2022-30692
@@ -11685,7 +11685,7 @@ CVE-2022-33894
CVE-2022-33892
RESERVED
CVE-2022-33209 (Improper input validation in the firmware for some Intel(R)
NUC Laptop ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-33200
RESERVED
CVE-2022-33188
@@ -14924,9 +14924,9 @@ CVE-2022-32553 (Pure Storage FlashArray products
running Purity//FA 6.2.0 - 6.2.
CVE-2022-32552 (Pure Storage FlashArray products running Purity//FA 6.2.0 -
6.2.3, 6.1 ...)
NOT-FOR-US: Pure Storage FlashArray
CVE-2022-30944 (Insufficiently protected credentials for Intel(R) AMT and
Intel(R) Sta ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-30601 (Insufficiently protected credentials for Intel(R) AMT and
Intel(R) Sta ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-30542
RESERVED
CVE-2022-30539
@@ -14940,7 +14940,7 @@ CVE-2022-29523
CVE-2022-28699
RESERVED
CVE-2022-28697 (Improper access control in firmware for Intel(R) AMT and
Intel(R) Stan ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-2036 (Cross-site Scripting (XSS) - Stored in GitHub repository
francoisjacqu ...)
NOT-FOR-US: francoisjacquet/rosariosis
CVE-2022-32551 (Zoho ManageEngine ServiceDesk Plus MSP before 10604 allows
path traver ...)
@@ -20984,7 +20984,7 @@ CVE-2022-30339
CVE-2022-30338
RESERVED
CVE-2022-30296 (Insufficiently protected credentials in the Intel(R)
Datacenter Group ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-29919
RESERVED
CVE-2022-29893
@@ -20996,7 +20996,7 @@ CVE-2022-29515
CVE-2022-29508
RESERVED
CVE-2022-29507 (Insufficiently protected credentials in the Intel(R) Team Blue
mobile ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-29478
RESERVED
CVE-2022-29470
@@ -21010,9 +21010,9 @@ CVE-2022-27877
CVE-2022-27808
RESERVED
CVE-2022-26844 (Insufficiently protected credentials in the installation
binaries for ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-26374 (Uncontrolled search path in the installation binaries for
Intel(R) SEA ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-26373 (Non-transparent sharing of return predictor targets between
contexts i ...)
{DSA-5207-1}
- linux 5.18.16-1
@@ -21020,7 +21020,7 @@ CVE-2022-26373 (Non-transparent sharing of return
predictor targets between cont
NOTE:
https://git.kernel.org/linus/2b1299322016731d56807aa49254a5ea3080b6b3
NOTE:
https://git.kernel.org/linus/ba6e31af2be96c4d0536f2152ed6f7b6c11bca47
CVE-2022-26344 (Incorrect default permissions in the installation binaries for
Intel(R ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-25976
RESERVED
CVE-2022-1670 (When generating a user invitation code in Octopus Server, the
validity ...)
@@ -24130,11 +24130,11 @@ CVE-2022-29466
CVE-2022-29262
RESERVED
CVE-2022-28858 (Improper buffer restriction in the firmware for some Intel(R)
NUC Lapt ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-27497
RESERVED
CVE-2022-27493 (Improper initialization in the firmware for some Intel(R) NUC
Laptop K ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-26424
RESERVED
CVE-2022-25899 (Authentication bypass for the Open AMT Cloud Toolkit software
maintain ...)
@@ -26189,7 +26189,7 @@ CVE-2022-28759
CVE-2022-28758
RESERVED
CVE-2022-28757 (The Zoom Client for Meetings for macOS (Standard and for IT
Admin) sta ...)
- TODO: check
+ NOT-FOR-US: Zoom
CVE-2022-28756 (The Zoom Client for Meetings for macOS (Standard and for IT
Admin) sta ...)
NOT-FOR-US: Zoom
CVE-2022-28755 (The Zoom Client for Meetings (for Android, iOS, Linux, macOS,
and Wind ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9d1f111915fe89cde49fc7b6aa38e8b3123ed821
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9d1f111915fe89cde49fc7b6aa38e8b3123ed821
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
