Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
f131fcf3 by Salvatore Bonaccorso at 2022-08-30T22:39:50+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1185,7 +1185,7 @@ CVE-2022-38627
CVE-2022-38626
RESERVED
CVE-2022-38625 (Patlite NH-FB v1.46 and below was discovered to contain
insufficient f ...)
- TODO: check
+ NOT-FOR-US: Patlite NH-FB
CVE-2022-38624
RESERVED
CVE-2022-38623
@@ -2685,7 +2685,7 @@ CVE-2022-38120
CVE-2022-38119
RESERVED
CVE-2022-38118 (OAKlouds Portal website’s Meeting Room has insufficient
validati ...)
- TODO: check
+ NOT-FOR-US: OAKlouds
CVE-2022-38117
RESERVED
CVE-2022-38116 (Le-yan Personnel and Salary Management System has hard-coded
database ...)
@@ -4942,7 +4942,7 @@ CVE-2022-37239 (MDaemon Technologies SecurityGateway for
Email Servers 8.5.2 is
CVE-2022-37238 (MDaemon Technologies SecurityGateway for Email Servers 8.5.2
is vulner ...)
NOT-FOR-US: MDaemon
CVE-2022-37237 (An attacker can send malicious RTMP requests to make the
ZLMediaKit se ...)
- TODO: check
+ NOT-FOR-US: ZLMediaKit
CVE-2022-37236
RESERVED
CVE-2022-37235
@@ -5118,7 +5118,7 @@ CVE-2022-37151 (There is an unauthorized access
vulnerability in Online Diagnost
CVE-2022-37150 (An issue was discovered in Online Diagnostic Lab Management
System 1.0 ...)
NOT-FOR-US: Online Diagnostic Lab Management System
CVE-2022-37149 (WAVLINK WL-WN575A3 RPT75A3.V4300.201217 was discovered to
contain a co ...)
- TODO: check
+ NOT-FOR-US: WAVLINK
CVE-2022-37148
RESERVED
CVE-2022-37147
@@ -7930,7 +7930,7 @@ CVE-2022-36039
CVE-2022-36038
RESERVED
CVE-2022-36037 (kirby is a content management system (CMS) that adapts to many
differe ...)
- TODO: check
+ NOT-FOR-US: Kirby CMS
CVE-2022-36036 (mdx-mermaid provides plug and play access to Mermaid in MDX.
There is ...)
TODO: check
CVE-2022-36035
@@ -9927,7 +9927,7 @@ CVE-2022-32765
CVE-2022-2331
RESERVED
CVE-2022-2330 (Improper Restriction of XML External Entity Reference
vulnerability in ...)
- TODO: check
+ NOT-FOR-US: DLP Endpoint for Windows
CVE-2022-2329
RESERVED
CVE-2022-2328 (The Flexi Quote Rotator WordPress plugin through 0.9.4 does not
saniti ...)
@@ -15706,7 +15706,7 @@ CVE-2022-32995 (Halo CMS v1.5.3 was discovered to
contain a Server-Side Request
CVE-2022-32994 (Halo CMS v1.5.3 was discovered to contain an arbitrary file
upload vul ...)
NOT-FOR-US: Halo CMS
CVE-2022-32993 (TOTOLINK A7000R V4.1cu.4134 was discovered to contain an
access contro ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2022-32992 (Online Tours And Travels Management System v1.0 was discovered
to cont ...)
NOT-FOR-US: Online Tours And Travels Management System
CVE-2022-32991 (Web Based Quiz System v1.0 was discovered to contain a SQL
injection v ...)
@@ -16825,7 +16825,7 @@ CVE-2022-2025
CVE-2017-20051 (A vulnerability was found in InnoSetup Installer. It has been
declared ...)
NOT-FOR-US: InnoSetup
CVE-2022-32548 (An issue was discovered on certain DrayTek Vigor routers
before July 2 ...)
- TODO: check
+ NOT-FOR-US: DrayTek Vigor router
CVE-2022-32547 (In ImageMagick, there is load of misaligned address for type
'double', ...)
- imagemagick <unfixed> (bug #1016442)
[bullseye] - imagemagick <ignored> (Minor issue)
@@ -31648,7 +31648,7 @@ CVE-2022-27560
CVE-2022-27559
RESERVED
CVE-2022-27558 (HCL iNotes is susceptible to a Broken Password Strength Checks
vulnera ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2022-27557
RESERVED
CVE-2022-27556
@@ -31670,9 +31670,9 @@ CVE-2022-27549 (HCL Launch may store certain data for
recurring activities in a
CVE-2022-27548 (HCL Launch stores user credentials in plain clear text which
can be re ...)
NOT-FOR-US: HCL
CVE-2022-27547 (HCL iNotes is susceptible to a link to non-existent domain
vulnerabili ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2022-27546 (HCL iNotes is susceptible to a Reflected Cross-site Scripting
(XSS) vu ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2022-27545 (BigFix Web Reports authorized users may perform HTML injection
for the ...)
NOT-FOR-US: BigFix Web Reports
CVE-2022-27544 (BigFix Web Reports authorized users may see SMTP credentials
in clear ...)
@@ -37045,7 +37045,7 @@ CVE-2022-25643 (seatd-launch in seatd 0.6.x before
0.6.4 allows removing files w
CVE-2022-25642 (Obyte (formerly Byteball) Wallet before 3.4.1 allows XSS. A
crafted ch ...)
NOT-FOR-US: Obyte (formerly Byteball) Wallet
CVE-2022-25641 (Foxit PDF Reader before 11.2.2 and PDF Editor before 11.2.2,
and Phant ...)
- TODO: check
+ NOT-FOR-US: Foxit PDF Reader
CVE-2022-25640 (In wolfSSL before 5.2.0, a TLS 1.3 server cannot properly
enforce a re ...)
- wolfssl 5.2.0-1
[bullseye] - wolfssl 4.6.0+p1-0+deb11u1
@@ -46410,7 +46410,7 @@ CVE-2022-22899 (Core FTP / SFTP Server v2 Build 725 was
discovered to allow unau
CVE-2022-22898
RESERVED
CVE-2022-22897 (A SQL injection vulnerability in the product_all_one_img and
image_pro ...)
- TODO: check
+ NOT-FOR-US: ApolloTheme AP PageBuilder
CVE-2022-22896
RESERVED
CVE-2022-22895 (Jerryscript 3.0.0 was discovered to contain a
heap-buffer-overflow via ...)
@@ -69271,7 +69271,7 @@ CVE-2021-40328
CVE-2021-40327 (Trusted Firmware-M (TF-M) 1.4.0, when Profile Small is used,
has incor ...)
NOT-FOR-US: Trusted Firmware-M (TF-M)
CVE-2021-40326 (Foxit PDF Reader before 11.1 and PDF Editor before 11.1, and
PhantomPD ...)
- TODO: check
+ NOT-FOR-US: Foxit PDF Reader
CVE-2021-40325 (Cobbler before 3.3.0 allows authorization bypass for
modification of s ...)
- cobbler <removed>
CVE-2021-40324 (Cobbler before 3.3.0 allows arbitrary file write operations
via upload ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f131fcf39b9b9a54d7c8ee2fd090ca8914571115
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f131fcf39b9b9a54d7c8ee2fd090ca8914571115
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
