Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
59a6f38c by Salvatore Bonaccorso at 2022-09-07T21:15:27+02:00
Process several NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -4161,7 +4161,7 @@ CVE-2022-2903
CVE-2022-2902
RESERVED
CVE-2022-2901 (Improper Authorization in GitHub repository chatwoot/chatwoot
prior to ...)
- TODO: check
+ NOT-FOR-US: chatwoot
CVE-2022-2900
RESERVED
CVE-2022-38464
@@ -5070,7 +5070,7 @@ CVE-2022-2796 (Cross-site Scripting (XSS) - Stored in
GitHub repository pimcore/
CVE-2022-2795
RESERVED
CVE-2022-38176 (An issue was discovered in YSoft SAFEQ 6 before 6.0.72.
Incorrect priv ...)
- TODO: check
+ NOT-FOR-US: YSoft
CVE-2022-38175
RESERVED
CVE-2022-38174
@@ -5890,7 +5890,7 @@ CVE-2022-2716 (The Beaver Builder – WordPress Page
Builder for WordPress i
CVE-2022-2715 (A vulnerability has been found in SourceCodester Employee
Management S ...)
NOT-FOR-US: SourceCodester Employee Management System
CVE-2022-2714 (Improper Handling of Length Parameter Inconsistency in GitHub
reposito ...)
- TODO: check
+ NOT-FOR-US: francoisjacquet/rosariosis
CVE-2022-2713 (Insufficient Session Expiration in GitHub repository
cockpit-hq/cockpi ...)
NOT-FOR-US: Cockpit-HQ/Cockpit
CVE-2022-2712
@@ -6089,7 +6089,7 @@ CVE-2022-37773
CVE-2022-37772
RESERVED
CVE-2022-37771 (IObit Malware Fighter v9.2 for Microsoft Windows lacks tamper
protecti ...)
- TODO: check
+ NOT-FOR-US: IObit Malware Fighter
CVE-2022-37770 (libjpeg commit 281daa9 was discovered to contain a
segmentation fault ...)
- libjpeg <unfixed> (unimportant)
NOTE: https://github.com/thorfdbg/libjpeg/issues/79
@@ -7482,7 +7482,7 @@ CVE-2022-37255
CVE-2022-37254 (DolphinPHP 1.5.1 is vulnerable to Cross Site Scripting (XSS)
via Backg ...)
NOT-FOR-US: DolphinPHP
CVE-2022-37253 (Persistent cross-site scripting (XSS) in Crime Reporting
System 1.0 al ...)
- TODO: check
+ NOT-FOR-US: Crime Reporting System
CVE-2022-37252
RESERVED
CVE-2022-37251
@@ -8871,7 +8871,7 @@ CVE-2022-36672 (Novel-Plus v3.6.2 was discovered to
contain a hard-coded JWT key
CVE-2022-36671 (Novel-Plus v3.6.2 was discovered to contain an arbitrary file
download ...)
NOT-FOR-US: Novel-Plus
CVE-2022-36670 (PCProtect Endpoint prior to v5.17.470 for Microsoft Windows
lacks tamp ...)
- TODO: check
+ NOT-FOR-US: PCProtect Endpoint
CVE-2022-36669
RESERVED
CVE-2022-36668
@@ -8885,7 +8885,7 @@ CVE-2022-36665
CVE-2022-36664
RESERVED
CVE-2022-36663 (Gluu Oxauth before v4.4.1 allows attackers to execute blind
SSRF (Serv ...)
- TODO: check
+ NOT-FOR-US: Gluu Oxauth
CVE-2022-36662
RESERVED
CVE-2022-36661
@@ -10469,7 +10469,7 @@ CVE-2022-36074
CVE-2022-36073
RESERVED
CVE-2022-36072 (SilverwareGames.io is a social network for users to play video
games o ...)
- TODO: check
+ NOT-FOR-US: SilverwareGames.io
CVE-2022-36071 (SFTPGo is configurable SFTP server with optional HTTP/S, FTP/S
and Web ...)
NOT-FOR-US: SFTPGo
CVE-2022-36070
@@ -10483,9 +10483,9 @@ CVE-2022-36067 (vm2 is a sandbox that can run untrusted
code with whitelisted No
CVE-2022-36066
RESERVED
CVE-2022-36065 (GrowthBook is an open-source platform for feature flagging and
A/B tes ...)
- TODO: check
+ NOT-FOR-US: GrowthBook
CVE-2022-36064 (Shescape is a shell escape package for JavaScript. An
Inefficient Regu ...)
- TODO: check
+ NOT-FOR-US: Shescape
CVE-2022-36063
RESERVED
CVE-2022-36062
@@ -10507,7 +10507,7 @@ CVE-2022-36059
CVE-2022-36058 (Elrond go is the go implementation for the Elrond Network
protocol. In ...)
TODO: check
CVE-2022-36057 (Discourse-Chat is an asynchronous messaging plugin for the
Discourse o ...)
- TODO: check
+ NOT-FOR-US: Discourse-Chat
CVE-2022-36056
RESERVED
CVE-2022-36055 (Helm is a tool for managing Charts. Charts are packages of
pre-configu ...)
@@ -10533,19 +10533,19 @@ CVE-2022-36046 (Next.js is a React framework that can
provide building blocks to
CVE-2022-36045 (NodeBB Forum Software is powered by Node.js and supports
either Redis, ...)
NOT-FOR-US: NodeBB
CVE-2022-36044 (Rizin is a UNIX-like reverse engineering framework and
command-line to ...)
- TODO: check
+ NOT-FOR-US: Rizin
CVE-2022-36043 (Rizin is a UNIX-like reverse engineering framework and
command-line to ...)
- TODO: check
+ NOT-FOR-US: Rizin
CVE-2022-36042 (Rizin is a UNIX-like reverse engineering framework and
command-line to ...)
- TODO: check
+ NOT-FOR-US: Rizin
CVE-2022-36041 (Rizin is a UNIX-like reverse engineering framework and
command-line to ...)
- TODO: check
+ NOT-FOR-US: Rizin
CVE-2022-36040 (Rizin is a UNIX-like reverse engineering framework and
command-line to ...)
- TODO: check
+ NOT-FOR-US: Rizin
CVE-2022-36039 (Rizin is a UNIX-like reverse engineering framework and
command-line to ...)
- TODO: check
+ NOT-FOR-US: Rizin
CVE-2022-36038 (CircuitVerse is an open-source platform which allows users to
construc ...)
- TODO: check
+ NOT-FOR-US: CircuitVerse
CVE-2022-36037 (kirby is a content management system (CMS) that adapts to many
differe ...)
NOT-FOR-US: Kirby CMS
CVE-2022-36036 (mdx-mermaid provides plug and play access to Mermaid in MDX.
There is ...)
@@ -10561,7 +10561,7 @@ CVE-2022-36033 (jsoup is a Java HTML parser, built for
HTML editing, cleaning, s
NOTE:
https://github.com/jhy/jsoup/security/advisories/GHSA-gp7f-rwcx-9369
NOTE:
https://github.com/jhy/jsoup/commit/4ea768d96b3d232e63edef9594766d44597b3882
(jsoup-1.15.3)
CVE-2022-36032 (ReactPHP HTTP is a streaming HTTP client and server
implementation for ...)
- TODO: check
+ NOT-FOR-US: ReactPHP HTTP
CVE-2022-36031 (Directus is a free and open-source data platform for headless
content ...)
NOT-FOR-US: Directus
CVE-2022-36030 (Project-nexus is a general-purpose blog website framework.
Affected ve ...)
@@ -10771,7 +10771,7 @@ CVE-2022-35933 (This package is a PrestaShop module
that allows users to post re
CVE-2022-35932 (Nextcloud Talk is a video and audio conferencing app for
Nextcloud. Pr ...)
NOT-FOR-US: Nextcloud Talk
CVE-2022-35931 (Nextcloud Password Policy is an app that enables a Nextcloud
server ad ...)
- TODO: check
+ NOT-FOR-US: Nextcloud Password Policy
CVE-2022-35930 (PolicyController is a utility used to enforce supply chain
policy in K ...)
NOT-FOR-US: sigstore/policy-controller
CVE-2022-35929 (cosign is a container signing and verification utility. In
versions pr ...)
@@ -10807,7 +10807,7 @@ CVE-2022-35915 (OpenZeppelin Contracts is a library for
secure smart contract de
CVE-2022-35914
RESERVED
CVE-2022-35913 (Samourai Wallet Stonewallx2 0.99.98e allows a denial of
service via a ...)
- TODO: check
+ NOT-FOR-US: Samourai Wallet Stonewallx2
CVE-2022-35912 (In grails-databinding in Grails before 3.3.15, 4.x before
4.1.1, 5.x b ...)
- grails <itp> (bug #473213)
CVE-2022-35911 (** DISPUTED ** On Patlite NH-FB series devices through 1.46,
remote at ...)
@@ -20270,7 +20270,7 @@ CVE-2022-32278 (XFCE 4.16 allows attackers to execute
arbitrary code because xdg
- exo 4.16.4-1 (bug #1013129)
NOTE:
https://gitlab.xfce.org/xfce/exo/-/commit/c71c04ff5882b2866a0d8506fb460d4ef796de9f
(exo-4.16.4)
CVE-2022-32277 (Squiz Matrix CMS 6.20 is vulnerable to an Insecure Direct
Object Refer ...)
- TODO: check
+ NOT-FOR-US: Squiz Matrix CMS
CVE-2022-32276 (** DISPUTED ** Grafana 8.4.3 allows unauthenticated access via
(for ex ...)
- grafana <removed>
CVE-2022-32275 (Grafana 8.4.3 allows reading files via (for example) a
/dashboard/snap ...)
@@ -21628,13 +21628,13 @@ CVE-2022-1926 (Integer Overflow or Wraparound in
GitHub repository polonel/trude
CVE-2022-31793 (do_request in request.c in muhttpd before 1.1.7 allows remote
attacker ...)
NOT-FOR-US: Arris
CVE-2022-31792 (A stored cross-site scripting (XSS) vulnerability exists in
the manage ...)
- TODO: check
+ NOT-FOR-US: WatchGuard Firebox and XTM appliances
CVE-2022-31791 (WatchGuard Firebox and XTM appliances allow a local attacker
(that has ...)
- TODO: check
+ NOT-FOR-US: WatchGuard Firebox and XTM appliances
CVE-2022-31790 (WatchGuard Firebox and XTM appliances allow an unauthenticated
remote ...)
NOT-FOR-US: WatchGuard Firebox and XTM appliances
CVE-2022-31789 (An integer overflow in WatchGuard Firebox and XTM appliances
allows an ...)
- TODO: check
+ NOT-FOR-US: WatchGuard Firebox and XTM appliances
CVE-2022-31788 (IdeaLMS 2022 allows SQL injection via the
IdeaLMS/ChatRoom/ClassAccess ...)
NOT-FOR-US: IdeaLMS
CVE-2022-31787 (IdeaTMS 2022 is vulnerable to SQL Injection via the PATH_INFO
...)
@@ -26112,7 +26112,7 @@ CVE-2022-30333 (RARLAB UnRAR before 6.12 on Linux and
UNIX allows directory trav
CVE-2022-30332
RESERVED
CVE-2022-30331 (** DISPUTED ** The User-Defined Functions (UDF) feature in
TigerGraph ...)
- TODO: check
+ NOT-FOR-US: TigerGraph
CVE-2022-30330 (In the KeepKey firmware before 7.3.2,Flaws in the supervisor
interface ...)
NOT-FOR-US: KeepKey firmware
CVE-2022-30329 (An issue was found on TRENDnet TEW-831DR 1.0 601.130.1.1356
devices. A ...)
@@ -27467,13 +27467,13 @@ CVE-2022-26054 (Operation restriction bypass
vulnerability in Link of Cybozu Gar
CVE-2022-26051 (Operation restriction bypass vulnerability in Portal of Cybozu
Garoon ...)
NOT-FOR-US: Cybozu
CVE-2022-1525 (The Cognex 3D-A1000 Dimensioning System in firmware version
1.0.3 (335 ...)
- TODO: check
+ NOT-FOR-US: Cognex 3D-A1000 Dimensioning System
CVE-2022-1524 (LRM version 2.4 and lower does not implement TLS encryption. A
malicio ...)
NOT-FOR-US: LRM
CVE-2022-1523
RESERVED
CVE-2022-1522 (The Cognex 3D-A1000 Dimensioning System in firmware version
1.0.3 (335 ...)
- TODO: check
+ NOT-FOR-US: Cognex 3D-A1000 Dimensioning System
CVE-2022-1521 (LRM does not implement authentication or authorization by
default. A m ...)
NOT-FOR-US: LRM
CVE-2022-1520
@@ -29273,7 +29273,7 @@ CVE-2022-1370 (Delta Electronics DIAEnergie (All
versions prior to 1.8.02.004) h
CVE-2022-1369 (Delta Electronics DIAEnergie (All versions prior to 1.8.02.004)
has a ...)
NOT-FOR-US: Delta Electronics
CVE-2022-1368 (The Cognex 3D-A1000 Dimensioning System in firmware version
1.0.3 (335 ...)
- TODO: check
+ NOT-FOR-US: Cognex 3D-A1000 Dimensioning System
CVE-2022-1367 (Delta Electronics DIAEnergie (All versions prior to 1.8.02.004)
has a ...)
NOT-FOR-US: Delta Electronics
CVE-2022-1366 (Delta Electronics DIAEnergie (All versions prior to 1.8.02.004)
has a ...)
@@ -36344,13 +36344,13 @@ CVE-2022-26863 (Prior Dell BIOS versions contain an
Input Validation vulnerabili
CVE-2022-26862 (Prior Dell BIOS versions contain an Input Validation
vulnerability. A ...)
NOT-FOR-US: Dell
CVE-2022-26861 (Dell BIOS versions contain an Insecure Automated Optimization
vulnerab ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2022-26860 (Dell BIOS versions contain a stack-based buffer overflow
vulnerability ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2022-26859 (Dell BIOS contains a race condition vulnerability. A local
attacker co ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2022-26858 (Dell BIOS versions contain an Improper Authentication
vulnerability. A ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2022-26857 (Dell OpenManage Enterprise Versions 3.8.3 and prior contain an
imprope ...)
NOT-FOR-US: Dell OpenManage Enterprise
CVE-2022-26856 (Dell EMC Repository Manager version 3.4.0 contains a
plain-text passwo ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/59a6f38ceeed85e2c73519c5b98c52e0818e665c
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/59a6f38ceeed85e2c73519c5b98c52e0818e665c
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
