Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
c171b5fe by Salvatore Bonaccorso at 2022-08-26T22:42:48+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -18239,7 +18239,7 @@ CVE-2022-XXXX [Sanitizing and other XSS protections]
NOTE:
https://git.spip.net/spip/svp/commit/bf0ff95ac535f1aa53e6a946ea739fd71106f182
NOTE:
https://blog.spip.net/Mise-a-jour-de-maintenance-et-securite-sortie-de-SPIP-4-1-2-SPIP-4-0-7-SPIP-3-2.html?lang=fr
CVE-2022-31798 (Nortek Linear eMerge E3-Series 0.32-07p devices are vulnerable
to /car ...)
- TODO: check
+ NOT-FOR-US: Nortek Linear eMerge E3-Series devices
CVE-2022-31797
RESERVED
CVE-2022-1936 (Incorrect authorization in GitLab EE affecting all versions
from 12.0 ...)
@@ -19423,7 +19423,7 @@ CVE-2022-31501 (The ChaoticOnyx/OnyxForum repository
before 2022-05-04 on GitHub
CVE-2022-31500 (In KNIME Analytics Platform below 4.6.0, the Windows installer
sets im ...)
NOT-FOR-US: KNIME Analytics Platform
CVE-2022-31499 (Nortek Linear eMerge E3-Series devices before 0.32-08f allow
an unauth ...)
- TODO: check
+ NOT-FOR-US: Nortek Linear eMerge E3-Series devices
CVE-2022-31498 (LibreHealth EHR Base 2.0.0 allows
interface/orders/patient_match_dialo ...)
NOT-FOR-US: LibreHealth EHR Base
CVE-2022-31497 (LibreHealth EHR Base 2.0.0 allows
interface/main/finder/finder_navigat ...)
@@ -19956,7 +19956,7 @@ CVE-2022-1811 (Unrestricted Upload of File with
Dangerous Type in GitHub reposit
CVE-2022-1810 (Improper Access Control in GitHub repository publify/publify
prior to ...)
NOT-FOR-US: Publify
CVE-2022-31269 (Nortek Linear eMerge E3-Series devices through 0.32-09c place
admin cr ...)
- TODO: check
+ NOT-FOR-US: Nortek Linear eMerge E3-Series devices
CVE-2022-31268 (A Path Traversal vulnerability in Gitblit 1.9.3 can lead to
reading we ...)
NOT-FOR-US: Gitblit
CVE-2022-31267 (Gitblit 1.9.2 allows privilege escalation via the Config User
Service: ...)
@@ -20686,7 +20686,7 @@ CVE-2022-30986
CVE-2022-30985
RESERVED
CVE-2022-30984 (A buffer overflow vulnerability in the Rubrik Backup Service
(RBS) Age ...)
- TODO: check
+ NOT-FOR-US: Rubrik CDM
CVE-2022-30983
RESERVED
CVE-2022-30982 (An issue was discovered in Gentics CMS before 5.43.1. There is
stored ...)
@@ -24190,7 +24190,7 @@ CVE-2022-29852
CVE-2022-29851
RESERVED
CVE-2022-29850 (Various Lexmark products through 2022-04-27 allow External
Control of ...)
- TODO: check
+ NOT-FOR-US: Lexmark
CVE-2022-29849 (In Progress OpenEdge before 11.7.14 and 12.x before 12.2.9,
certain SU ...)
NOT-FOR-US: Progress OpenEdge
CVE-2022-29848 (In Progress Ipswitch WhatsUp Gold 17.0.0 through 21.1.1, and
22.0.0, i ...)
@@ -27356,7 +27356,7 @@ CVE-2022-28749 (Zooms On-Premise Meeting Connector MMR
before version 4.8.113.20
CVE-2022-28748
RESERVED
CVE-2022-28747 (Key reuse in GoSecure Titan Inbox Detection & Response
(IDR) throu ...)
- TODO: check
+ NOT-FOR-US: GoSecure Titan Inbox Detection & Response (IDR)
CVE-2022-28746
RESERVED
CVE-2022-28745
@@ -30323,7 +30323,7 @@ CVE-2022-27814 (SWHKD 1.1.5 allows arbitrary
file-existence tests via the -c opt
CVE-2022-27813
RESERVED
CVE-2022-27812 (Flooding SNS firewall 3.7.0 to 3.7.26 with udp or icmp
randomizing the ...)
- TODO: check
+ NOT-FOR-US: Flooding SNS firewall
CVE-2022-27811 (GNOME OCRFeeder before 0.8.4 allows OS command injection via
shell met ...)
- ocrfeeder <unfixed> (bug #1008320)
[bullseye] - ocrfeeder <no-dsa> (Minor issue)
@@ -44630,7 +44630,7 @@ CVE-2022-23237 (E-Series SANtricity OS Controller
Software 11.x versions through
CVE-2022-23236 (E-Series SANtricity OS Controller Software versions 11.40
through 11.7 ...)
NOT-FOR-US: E-Series SANtricity OS Controller Software
CVE-2022-23235 (Active IQ Unified Manager for VMware vSphere, Linux, and
Microsoft Win ...)
- TODO: check
+ NOT-FOR-US: Active IQ Unified Manager / Netapp
CVE-2022-23234 (SnapCenter versions prior to 4.5 are susceptible to a
vulnerability wh ...)
NOT-FOR-US: SnapCenter
CVE-2022-23233 (StorageGRID (formerly StorageGRID Webscale) versions prior to
11.6.0 a ...)
@@ -58525,7 +58525,7 @@ CVE-2021-43331 (In GNU Mailman before 2.1.36, a crafted
URL to the Cgi/options.p
CVE-2021-43330
RESERVED
CVE-2021-43329 (A SQL injection vulnerability in license_update.php in Mumara
Classic ...)
- TODO: check
+ NOT-FOR-US: Mumara Classic
CVE-2021-43328
RESERVED
CVE-2021-43327 (An issue was discovered on Renesas RX65 and RX65N devices.
With a VCC ...)
@@ -59135,7 +59135,7 @@ CVE-2022-20923
CVE-2022-20922
RESERVED
CVE-2022-20921 (A vulnerability in the API implementation of Cisco ACI
Multi-Site Orch ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2022-20920
RESERVED
CVE-2022-20919
@@ -59247,7 +59247,7 @@ CVE-2022-20867
CVE-2022-20866 (A vulnerability in the handling of RSA keys on devices running
Cisco A ...)
NOT-FOR-US: Cisco
CVE-2022-20865 (A vulnerability in the CLI of Cisco FXOS Software could allow
an authe ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2022-20864
RESERVED
CVE-2022-20863
@@ -59329,9 +59329,9 @@ CVE-2022-20826
CVE-2022-20825 (A vulnerability in the web-based management interface of Cisco
Small B ...)
NOT-FOR-US: Cisco
CVE-2022-20824 (A vulnerability in the Cisco Discovery Protocol feature of
Cisco FXOS ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2022-20823 (A vulnerability in the OSPF version 3 (OSPFv3) feature of
Cisco NX-OS ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2022-20822
RESERVED
CVE-2022-20821 (A vulnerability in the health check RPM of Cisco IOS XR
Software could ...)
@@ -61323,7 +61323,7 @@ CVE-2021-42629
CVE-2021-42628
RESERVED
CVE-2021-42627 (The WAN configuration page "wan.htm" on D-Link DIR-615 devices
with fi ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2021-42626
RESERVED
CVE-2021-42625
@@ -63606,7 +63606,7 @@ CVE-2021-42234
CVE-2021-42233 (The Simple Blog plugin in Wondercms 3.4.1 is vulnerable to
stored cros ...)
NOT-FOR-US: Simple Blog plugin in Wondercms
CVE-2021-42232 (TP-Link Archer A7 Archer A7(US)_V5_210519 is affected by a
command inj ...)
- TODO: check
+ NOT-FOR-US: TP-Link
CVE-2021-42231
RESERVED
CVE-2021-42230 (Seowon 130-SLC router all versions as of 2021-09-15 is
vulnerable to R ...)
@@ -68682,7 +68682,7 @@ CVE-2021-40287
CVE-2021-40286
RESERVED
CVE-2021-40285 (htmly v2.8.1 was discovered to contain an arbitrary file
deletion vuln ...)
- TODO: check
+ NOT-FOR-US: htmly
CVE-2021-40284 (D-Link DSL-3782 EU v1.01:EU v1.03 is affected by a buffer
overflow whi ...)
NOT-FOR-US: D-Link
CVE-2021-40283
@@ -70755,9 +70755,9 @@ CVE-2021-39396
CVE-2021-39395
RESERVED
CVE-2021-39394 (mm-wiki v0.2.1 was discovered to contain a Cross-Site Request
Forgery ...)
- TODO: check
+ NOT-FOR-US: mm-wiki
CVE-2021-39393 (mm-wiki v0.2.1 was discovered to contain a cross-site
scripting (XSS) ...)
- TODO: check
+ NOT-FOR-US: mm-wiki
CVE-2021-39392 (The management tool in MyLittleBackup up to and including 1.7
allows r ...)
NOT-FOR-US: MyLittleBackup
CVE-2021-39391 (Cross Site Scripting (XSS) vulnerability exists in the admin
panel in ...)
@@ -87836,7 +87836,7 @@ CVE-2021-32572 (Speco Web Viewer through 2021-05-12
allows Directory Traversal v
CVE-2021-32571 (** UNSUPPORTED WHEN ASSIGNED ** In OSS-RC systems of the
release 18B a ...)
NOT-FOR-US: OSS-RC
CVE-2021-32570 (In Ericsson Network Manager (ENM) releases before 21.2, users
belongin ...)
- TODO: check
+ NOT-FOR-US: Ericsson
CVE-2021-32569 (** UNSUPPORTED WHEN ASSIGNED ** In OSS-RC systems of the
release 18B a ...)
NOT-FOR-US: OSS-RC
CVE-2021-32568 (mrdoc is vulnerable to Deserialization of Untrusted Data ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c171b5feeebdc905c55d3f0538f7c54a1bc2af10
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c171b5feeebdc905c55d3f0538f7c54a1bc2af10
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
