[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) Tue, 13 Sep 2022 04:31:32 -0700


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
8fb35876 by Moritz Muehlenhoff at 2022-09-13T13:31:01+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -11515,9 +11515,9 @@ CVE-2022-36104
 CVE-2022-36103
        RESERVED
 CVE-2022-36102 (Shopware is an open source e-commerce software. In affected 
versions i ...)
-       TODO: check
+       NOT-FOR-US: Shopware
 CVE-2022-36101 (Shopware is an open source e-commerce software. In affected 
versions t ...)
-       TODO: check
+       NOT-FOR-US: Shopware
 CVE-2022-36100 (XWiki Platform Applications Tag and XWiki Platform Tag UI are 
tag appl ...)
        NOT-FOR-US: XWiki
 CVE-2022-36099 (XWiki Platform Wiki UI Main Wiki is software for managing 
subwikis on  ...)
@@ -12797,7 +12797,7 @@ CVE-2022-35574
 CVE-2022-35573
        RESERVED
 CVE-2022-35572 (On Linksys E5350 WiFi Router with firmware version 1.0.00.037 
and lowe ...)
-       TODO: check
+       NOT-FOR-US: Linksys
 CVE-2022-35571
        RESERVED
 CVE-2022-35570
@@ -14203,37 +14203,30 @@ CVE-2022-35020 (Advancecomp v2.3 was discovered to 
contain a heap buffer overflo
        - advancecomp <unfixed> (unimportant; bug #1019592)
        NOTE: 
https://github.com/Cvjark/Poc/blob/main/advancecomp/CVE-2022-35020.md
        NOTE: Crash in CLI tool, no security impact
-       TODO: check, unclear reporting to upstream
 CVE-2022-35019 (Advancecomp v2.3 was discovered to contain a segmentation 
fault. ...)
        - advancecomp <unfixed> (bug #1019592)
        [buster] - advancecomp <no-dsa> (Minor issue)
        NOTE: 
https://github.com/Cvjark/Poc/blob/main/advancecomp/CVE-2022-35019.md
-       TODO: check, unclear reporting to upstream
 CVE-2022-35018 (Advancecomp v2.3 was discovered to contain a segmentation 
fault. ...)
        - advancecomp <unfixed> (unimportant; bug #1019592)
        NOTE: 
https://github.com/Cvjark/Poc/blob/main/advancecomp/CVE-2022-35018.md
        NOTE: Crash in CLI tool, no security impact
-       TODO: check, unclear reporting to upstream
 CVE-2022-35017 (Advancecomp v2.3 was discovered to contain a heap buffer 
overflow. ...)
        - advancecomp <unfixed> (unimportant; bug #1019592)
        NOTE: 
https://github.com/Cvjark/Poc/blob/main/advancecomp/CVE-2022-35017.md
        NOTE: Crash in CLI tool, no security impact
-       TODO: check, unclear reporting to upstream
 CVE-2022-35016 (Advancecomp v2.3 was discovered to contain a heap buffer 
overflow. ...)
        - advancecomp <unfixed> (unimportant; bug #1019592)
        NOTE: 
https://github.com/Cvjark/Poc/blob/main/advancecomp/CVE-2022-35016.md
        NOTE: Crash in CLI tool, no security impact
-       TODO: check, unclear reporting to upstream
 CVE-2022-35015 (Advancecomp v2.3 was discovered to contain a heap buffer 
overflow via  ...)
        - advancecomp <unfixed> (unimportant; bug #1019592)
        NOTE: 
https://github.com/Cvjark/Poc/blob/main/advancecomp/CVE-2022-35015.md
        NOTE: Crash in CLI tool, no security impact
-       TODO: check, unclear reporting to upstream
 CVE-2022-35014 (Advancecomp v2.3 contains a segmentation fault. ...)
        - advancecomp <unfixed> (unimportant; bug #1019592)
        NOTE: 
https://github.com/Cvjark/Poc/blob/main/advancecomp/CVE-2022-35014.md
        NOTE: Crash in CLI tool, no security impact
-       TODO: check, unclear reporting to upstream
 CVE-2022-35013 (PNGDec commit 8abf6be was discovered to contain a FPE via 
SaveBMP at / ...)
        NOT-FOR-US: bitbank2/PNGdec
 CVE-2022-35012 (PNGDec commit 8abf6be was discovered to contain a heap buffer 
overflow ...)
@@ -26375,7 +26368,7 @@ CVE-2022-1699 (Uncontrolled Resource Consumption in 
GitHub repository causefx/or
 CVE-2022-1698 (Allowing long password leads to denial of service in GitHub 
repository ...)
        NOT-FOR-US: organizr
 CVE-2022-1697 (Okta Active Directory Agent versions 3.8.0 through 3.11.0 
installed th ...)
-       TODO: check
+       NOT-FOR-US: Okta
 CVE-2022-1696
        RESERVED
 CVE-2022-1695 (The WP Simple Adsense Insertion WordPress plugin before 2.1 
does not p ...)
@@ -28438,7 +28431,7 @@ CVE-2022-29909
 CVE-2022-29492
        RESERVED
 CVE-2022-29490 (Improper Authorization vulnerability exists in the Workplace X 
WebUI o ...)
-       TODO: check
+       NOT-FOR-US: Workplace X
 CVE-2022-1543 (Improper handling of Length parameter in GitHub repository 
erudika/sco ...)
        NOT-FOR-US: scoold
 CVE-2022-1542 (The HPB Dashboard WordPress plugin through 1.3.1 does not 
sanitise and ...)
@@ -38521,7 +38514,7 @@ CVE-2022-26472
 CVE-2022-26471
        RESERVED
 CVE-2022-26470 (In aie, there is a possible out of bounds write due to an 
incorrect bo ...)
-       TODO: check
+       NOT-FOR-US: Mediatek
 CVE-2022-26469 (In MtkEmail, there is a possible escalation of privilege due 
to fragme ...)
        NOT-FOR-US: Mediatek
 CVE-2022-26468 (In preloader (usb), there is a possible out of bounds write 
due to a m ...)
@@ -39796,7 +39789,7 @@ CVE-2022-26060
 CVE-2022-26050
        RESERVED
 CVE-2022-26049 (This affects the package com.diffplug.gradle:goomph before 
3.37.2. It  ...)
-       TODO: check
+       NOT-FOR-US: com.diffplug.gradle:goomph
 CVE-2022-26048
        RESERVED
 CVE-2022-26046
@@ -39988,7 +39981,7 @@ CVE-2022-25900 (All versions of package git-clone are 
vulnerable to Command Inje
 CVE-2022-25898 (The package jsrsasign before 10.5.25 are vulnerable to 
Improper Verifi ...)
        NOT-FOR-US: Node jsrsasign
 CVE-2022-25897 (The package org.eclipse.milo:sdk-server before 0.6.8 are 
vulnerable to ...)
-       TODO: check
+       NOT-FOR-US: org.eclipse.milo:sdk-server
 CVE-2022-25896 (This affects the package passport before 0.6.0. When a user 
logs in or ...)
        - passportjs 0.6.0+~1.0.0-1 (bug #1014385)
        [bullseye] - passportjs <no-dsa> (Minor issue)
@@ -40141,11 +40134,11 @@ CVE-2022-25647 (The package com.google.code.gson:gson 
before 2.8.9 are vulnerabl
        NOTE: 
https://github.com/google/gson/commit/e6fae590cf2a758c47cd5a17f9bf3780ce62c986 
(gson-parent-2.8.9)
        NOTE: https://snyk.io/vuln/SNYK-JAVA-COMGOOGLECODEGSON-1730327
 CVE-2022-25646 (All versions of package x-data-spreadsheet are vulnerable to 
Cross-sit ...)
-       TODO: check
+       NOT-FOR-US: Node x-data-spreadsheet
 CVE-2022-25645 (All versions of package dset are vulnerable to Prototype 
Pollution via ...)
        NOT-FOR-US: Node dset
 CVE-2022-25644 (All versions of package @pendo324/get-process-by-name are 
vulnerable t ...)
-       TODO: check
+       NOT-FOR-US: Node @pendo324/get-process-by-name
 CVE-2022-25354 (The package set-in before 2.0.3 are vulnerable to Prototype 
Pollution  ...)
        NOT-FOR-US: Node set-in
 CVE-2022-25353
@@ -40902,7 +40895,7 @@ CVE-2022-25627
 CVE-2022-25626
        RESERVED
 CVE-2022-25625 (A malicious unauthorized PAM user can access the 
administration config ...)
-       TODO: check
+       NOT-FOR-US: Symantec
 CVE-2022-25624
        RESERVED
 CVE-2022-25623 (The Symantec Management Agent is susceptible to a privilege 
escalation ...)
@@ -41855,7 +41848,7 @@ CVE-2022-25297 (This affects the package 
drogonframework/drogon before 1.7.5. Th
 CVE-2022-25296 (The package bodymen from 0.0.0 are vulnerable to Prototype 
Pollution v ...)
        NOT-FOR-US: Node bodymen
 CVE-2022-25295 (This affects the package github.com/gophish/gophish before 
0.12.0. The ...)
-       TODO: check
+       NOT-FOR-US: gophish
 CVE-2022-25294 (Proofpoint Insider Threat Management Agent for Windows relies 
on an in ...)
        NOT-FOR-US: Proofpoint Insider Threat Management Agent for Windows
 CVE-2022-25293 (A systemd stack-based buffer overflow in WatchGuard Firebox 
and XTM ap ...)
@@ -44967,7 +44960,7 @@ CVE-2022-24306 (Zoho ManageEngine SharePoint Manager 
Plus before 4329 allows acc
 CVE-2022-24305 (Zoho ManageEngine SharePoint Manager Plus before 4329 is 
vulnerable to ...)
        NOT-FOR-US: Zoho ManageEngine
 CVE-2022-24304 (Schema in lib/schema.js in Mongoose before 6.4.6 is vulnerable 
to prot ...)
-       TODO: check
+       NOT-FOR-US: Mongoose
 CVE-2022-24303 (Pillow before 9.0.1 allows attackers to delete files because 
spaces in ...)
        - pillow 9.0.1-1
        [bullseye] - pillow <ignored> (Minor issue)
@@ -47566,7 +47559,7 @@ CVE-2022-23717 (PingID Windows Login prior to 2.8 is 
vulnerable to a denial of s
 CVE-2022-23716
        RESERVED
 CVE-2022-23715 (A flaw was discovered in ECE before 3.4.0 that might lead to 
the discl ...)
-       TODO: check
+       NOT-FOR-US: Elastic Cloud Enterprise
 CVE-2022-23714 (A local privilege escalation (LPE) issue was discovered in the 
ransomw ...)
        NOT-FOR-US: Elastic Endpoint Security for Windows
 CVE-2022-23713 (A cross-site-scripting (XSS) vulnerability was discovered in 
the Vega  ...)
@@ -58708,9 +58701,9 @@ CVE-2021-44428 (Pinkie 2.15 allows remote attackers to 
cause a denial of service
 CVE-2021-44427 (An unauthenticated SQL Injection vulnerability in Rosario 
Student Info ...)
        NOT-FOR-US: Rosario Student Information System
 CVE-2021-44426 (An issue was discovered in AnyDesk before 6.2.6 and 6.3.x 
before 6.3.5 ...)
-       TODO: check
+       NOT-FOR-US: AnyDesk
 CVE-2021-44425 (An issue was discovered in AnyDesk before 6.2.6 and 6.3.x 
before 6.3.3 ...)
-       TODO: check
+       NOT-FOR-US: AnyDesk
 CVE-2021-44424
        RESERVED
 CVE-2021-44423 (An out-of-bounds read vulnerability exists when reading a BMP 
file usi ...)
@@ -86100,7 +86093,7 @@ CVE-2021-35111 (Improper validation of tag id while RRC 
sending tag id to MAC ca
 CVE-2021-35110 (Possible buffer overflow to improper validation of hash 
segment of fil ...)
        NOT-FOR-US: Qualcomm
 CVE-2021-35109 (Possible address manipulation from APP-NS while APP-S is 
configuring a ...)
-       TODO: check
+       NOT-FOR-US: Snapdragon
 CVE-2021-35108 (Improper checking of AP-S lock bit while verifying the secure 
resource ...)
        NOT-FOR-US: Snapdragon
 CVE-2021-35107
@@ -102342,7 +102335,7 @@ CVE-2021-28863
 CVE-2021-28862
        RESERVED
 CVE-2021-28861 (** DISPUTED ** Python 3.x through 3.10 has an open redirection 
vulnera ...)
-       TODO: check
+       NOT-FOR-US: Disputed Python issue
 CVE-2021-28860 (In Node.js mixme, prior to v0.5.1, an attacker can add or 
alter proper ...)
        NOT-FOR-US: Node mixme
 CVE-2021-28859
@@ -103495,7 +103488,7 @@ CVE-2021-28400
 CVE-2021-28399 (OrangeHRM 4.7 allows an unauthenticated user to enumerate the 
valid us ...)
        - orangehrm <itp> (bug #786622)
 CVE-2021-28398 (A privileged attacker in GeoNetwork before 3.12.0 and 4.x 
before 4.0.4 ...)
-       TODO: check
+       NOT-FOR-US: GeoNetwork
 CVE-2021-28397
        RESERVED
 CVE-2021-28396



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8fb35876d8c9de5175d203028f2894fdf03be62c

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8fb35876d8c9de5175d203028f2894fdf03be62c
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] NFUs

Reply via email to