Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
cec9608a by Salvatore Bonaccorso at 2022-09-10T09:55:04+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -2628,7 +2628,7 @@ CVE-2022-39121
CVE-2022-39120
RESERVED
CVE-2022-39119 (In network service, there is a missing permission check. This
could le ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-39118
RESERVED
CVE-2022-39117
@@ -4097,7 +4097,7 @@ CVE-2022-38641
CVE-2022-38640
RESERVED
CVE-2022-38639 (A cross-site scripting (XSS) vulnerability in Markdown-Nice
v1.8.22 al ...)
- TODO: check
+ NOT-FOR-US: Markdown-Nice
CVE-2022-38638
RESERVED
CVE-2022-38637
@@ -4399,7 +4399,7 @@ CVE-2022-38495
CVE-2022-38078 (Movable Type XMLRPC API provided by Six Apart Ltd. contains a
command ...)
- movabletype-opensource <removed>
CVE-2022-2925 (Cross-site Scripting (XSS) - Stored in GitHub repository
appwrite/appw ...)
- TODO: check
+ NOT-FOR-US: appwrite
CVE-2022-2924
RESERVED
CVE-2022-2923 (NULL Pointer Dereference in GitHub repository vim/vim prior to
9.0.024 ...)
@@ -5240,11 +5240,11 @@ CVE-2022-38271
CVE-2022-38270
RESERVED
CVE-2022-38269 (School Activity Updates with SMS Notification v1.0 was
discovered to c ...)
- TODO: check
+ NOT-FOR-US: School Activity Updates with SMS Notification
CVE-2022-38268 (School Activity Updates with SMS Notification v1.0 was
discovered to c ...)
- TODO: check
+ NOT-FOR-US: School Activity Updates with SMS Notification
CVE-2022-38267 (School Activity Updates with SMS Notification v1.0 was
discovered to c ...)
- TODO: check
+ NOT-FOR-US: School Activity Updates with SMS Notification
CVE-2022-38266
RESERVED
CVE-2022-38265 (Apartment Visitor Management System v1.0 was discovered to
contain a S ...)
@@ -5266,7 +5266,7 @@ CVE-2022-38258 (A local file inclusion (LFI)
vulnerability in D-Link DIR 819 v1.
CVE-2022-38257
RESERVED
CVE-2022-38256 (TastyIgniter v3.5.0 was discovered to contain a cross-site
scripting ( ...)
- TODO: check
+ NOT-FOR-US: TastyIgniter
CVE-2022-38255 (Interview Management System v1.0 was discovered to contain a
SQL injec ...)
NOT-FOR-US: Interview Management System
CVE-2022-38254 (Nagios XI before v5.8.7 was discovered to contain a cross-site
scripti ...)
@@ -5624,7 +5624,7 @@ CVE-2022-38133 (In JetBrains TeamCity before 2022.04.3
the private SSH key could
CVE-2022-38132 (Command injection vulnerability in Linksys MR8300 router while
Registr ...)
NOT-FOR-US: Linksys
CVE-2022-38131 (RStudio Connect is affected by an Open Redirect issue. The
vulnerabili ...)
- TODO: check
+ NOT-FOR-US: RStudio Connect
CVE-2022-38130 (The
com.keysight.tentacle.config.ResourceManager.smsRestoreDatabaseZip ...)
NOT-FOR-US: Keysight Sensor Management Server
CVE-2022-38129 (A path traversal vulnerability exists in the
com.keysight.tentacle.lic ...)
@@ -6326,7 +6326,7 @@ CVE-2022-37859
CVE-2022-37858
RESERVED
CVE-2022-37857 (bilde2910 Hauk v1.6.1 requires a hardcoded password which by
default i ...)
- TODO: check
+ NOT-FOR-US: bilde2910 Hauk
CVE-2022-37856
RESERVED
CVE-2022-37855
@@ -8072,7 +8072,7 @@ CVE-2022-37166
CVE-2022-37165
RESERVED
CVE-2022-37164 (Inoda OnTrack v3.4 employs a weak password policy which allows
attacke ...)
- TODO: check
+ NOT-FOR-US: Inoda OnTrack
CVE-2022-37163 (Bminusl IHateToBudget v1.5.7 employs a weak password policy
which allo ...)
NOT-FOR-US: Bminusl IHateToBudget
CVE-2022-37162 (Claroline 13.5.7 and prior is vulnerable to Cross Site
Scripting (XSS) ...)
@@ -8860,81 +8860,81 @@ CVE-2022-36879 (An issue was discovered in the Linux
kernel through 5.18.14. xfr
- linux 5.18.16-1
NOTE:
https://git.kernel.org/linus/f85daf0e725358be78dfd208dea5fd665d8cb901
(v5.19-rc8)
CVE-2022-36878 (Exposure of Sensitive Information in Find My Mobile prior to
version 7 ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-36877 (Exposure of Sensitive Information in FaqSymptomCardViewModel
in Samsun ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-36876 (Improper authorization in UPI payment in Samsung Pass prior to
version ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-36875 (Improper restriction of broadcasting Intent in
SaWebViewRelayActivity ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-36874 (Improper Handling of Insufficient Permissions or Privileges
vulnerabil ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-36873 (Improper restriction of broadcasting Intent in
GalaxyStoreBridgePageLi ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-36872 (Pending Intent hijacking vulnerability in SpayNotification in
Samsung ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-36871 (Pending Intent hijacking vulnerability in NotiCenterUtils in
Samsung P ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-36870 (Pending Intent hijacking vulnerability in
MTransferNotificationManager ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-36869 (Improper access control vulnerability in ContactsDumpActivity
of?Conta ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-36868
RESERVED
CVE-2022-36867 (Improper access control vulnerability in Editor Lite prior to
version ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-36866 (Improper access control vulnerability in Broadcaster in Group
Sharing ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-36865 (Improper access control in Group Sharing prior to versions
13.0.6.15 i ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-36864 (Improper access control and intent redirection in Samsung
Email prior ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-36863 (A heap-based overflow vulnerability in
GetCorrectDbLanguageTypeEsPKc f ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-36862 (A heap-based overflow vulnerability in
HWR::EngineCJK::Impl::Construct ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-36861 (Custom permission misuse vulnerability in SystemUI prior to
SMR Sep-20 ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-36860 (A heap-based overflow vulnerability in LoadEnvironment
function in lib ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-36859 (Improper input validation vulnerability in SmartTagPlugin
prior to ver ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-36858 (A heap-based overflow vulnerability in
GetCorrectDbLanguageTypeEsPKc() ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-36857 (Improper Authorization vulnerability in Photo Editor prior to
SMR Sep- ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-36856 (Improper access control vulnerability in Telecom application
prior to ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-36855 (A use after free vulnerability in iva_ctl driver prior to SMR
Sep-2022 ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-36854 (Out of bound read in libapexjni.media.samsung.so prior to SMR
Sep-2022 ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-36853 (Intent redirection in Photo Editor prior to SMR Sep-2022
Release 1 all ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-36852 (Improper Authorization vulnerability in Video Editor prior to
SMR Sep- ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-36851 (Improper access control vulnerability in Samsung pass prior to
version ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-36850 (Path traversal vulnerability in CallBGProvider prior to SMR
Sep-2022 R ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-36849 (Use after free vulnerability in sdp_mm_set_process_sensitive
function ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-36848 (Improper Authorization vulnerability in setDualDARPolicyCmd
prior to S ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-36847 (Use after free vulnerability in mtp_send_signal function of
MTP driver ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-36846 (A heap-based overflow vulnerability in ConstructDictionary
function in ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-36845 (A heap-based overflow vulnerability in MHW_RECOG_LIB_INFO
function in ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-36844 (A heap-based overflow vulnerability in
HWR::EngJudgeModel::Construct() ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-36843 (A heap-based overflow vulnerability in MHW_RECOG_LIB_INFO
function in ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-36842 (A heap-based overflow vulnerability in prepareRecogLibrary
function in ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-36841 (A heap-based overflow vulnerability in
PrepareRecogLibrary_Part functi ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-36840 (DLL hijacking vulnerability in Samsung Update Setup prior to
version 2 ...)
NOT-FOR-US: Samsung
CVE-2022-36839 (SQL injection vulnerability via IAPService in Samsung Checkout
prior t ...)
@@ -9393,7 +9393,7 @@ CVE-2022-36619 (In D-link DIR-816 A2_v1.10CNB04.img,the
network can be reset wit
CVE-2022-36618
RESERVED
CVE-2022-36617 (Arq Backup 7.19.5.0 and below stores backup encryption
passwords using ...)
- TODO: check
+ NOT-FOR-US: Arq Backup
CVE-2022-36616 (TOTOLINK A810R V4.1.2cu.5182_B20201026 and
V5.9c.4050_B20190424 was di ...)
NOT-FOR-US: TOTOLINK
CVE-2022-36615 (TOTOLINK A3000RU V4.1.2cu.5185_B20201128 was discovered to
contain a h ...)
@@ -9770,7 +9770,7 @@ CVE-2022-2530
CVE-2022-2529
RESERVED
CVE-2022-2528 (In affected versions of Octopus Deploy it is possible to upload
a pack ...)
- TODO: check
+ NOT-FOR-US: Octopus Deploy
CVE-2022-36439
RESERVED
CVE-2022-36438
@@ -10824,19 +10824,19 @@ CVE-2022-36102
CVE-2022-36101
RESERVED
CVE-2022-36100 (XWiki Platform Applications Tag and XWiki Platform Tag UI are
tag appl ...)
- TODO: check
+ NOT-FOR-US: XWiki
CVE-2022-36099 (XWiki Platform Wiki UI Main Wiki is software for managing
subwikis on ...)
- TODO: check
+ NOT-FOR-US: XWiki
CVE-2022-36098 (XWiki Platform Mentions UI is a user interface for mentioning
users in ...)
- TODO: check
+ NOT-FOR-US: XWiki
CVE-2022-36097 (XWiki Platform Attachment UI provides a macro to easily upload
and sel ...)
- TODO: check
+ NOT-FOR-US: XWiki
CVE-2022-36096 (The XWiki Platform Index UI is an Index of all pages,
attachments, orp ...)
- TODO: check
+ NOT-FOR-US: XWiki
CVE-2022-36095 (XWiki Platform is a generic wiki platform. Prior to versions
13.10.5 a ...)
- TODO: check
+ NOT-FOR-US: XWiki
CVE-2022-36094 (XWiki Platform Web Parent POM contains Web resources for the
XWiki pla ...)
- TODO: check
+ NOT-FOR-US: XWiki
CVE-2022-36093 (XWiki Platform Web Templates are templates for XWiki Platform,
a gener ...)
NOT-FOR-US: XWiki
CVE-2022-36092 (XWiki Platform Old Core is a core package for XWiki Platform,
a generi ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cec9608a189727973f617da12b7090a4b30e9c9d
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cec9608a189727973f617da12b7090a4b30e9c9d
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
