Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
d9ef618e by Salvatore Bonaccorso at 2022-09-14T22:37:52+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -4384,7 +4384,7 @@ CVE-2022-38798
CVE-2022-38797
RESERVED
CVE-2022-38796 (A Host Header Injection vulnerability in Feehi CMS 2.1.1 may
allow an ...)
- TODO: check
+ NOT-FOR-US: Feehi CMS
CVE-2022-38453 (Multiple binary application files on the CMS8000 device are
compiled w ...)
NOT-FOR-US: Contec Health
CVE-2022-38399 (Missing protection mechanism for alternate hardware interface
in SmaCa ...)
@@ -5046,7 +5046,7 @@ CVE-2022-38635
CVE-2022-38634
RESERVED
CVE-2022-38633 (Genymotion Desktop v3.2.1 was discovered to contain a DLL
hijacking vu ...)
- TODO: check
+ NOT-FOR-US: Genymotion Desktop
CVE-2022-38632
RESERVED
CVE-2022-38631
@@ -5228,17 +5228,17 @@ CVE-2022-38544
CVE-2022-38543
RESERVED
CVE-2022-38542 (Archery v1.4.0 to v1.8.5 was discovered to contain a SQL
injection vul ...)
- TODO: check
+ NOT-FOR-US: Archery
CVE-2022-38541 (Archery v1.8.3 to v1.8.5 was discovered to contain multiple
SQL inject ...)
- TODO: check
+ NOT-FOR-US: Archery
CVE-2022-38540 (Archery v1.4.0 to v1.8.5 was discovered to contain a SQL
injection vul ...)
- TODO: check
+ NOT-FOR-US: Archery
CVE-2022-38539 (Archery v1.7.5 to v1.8.5 was discovered to contain a SQL
injection vul ...)
- TODO: check
+ NOT-FOR-US: Archery
CVE-2022-38538 (Archery v1.7.0 to v1.8.5 was discovered to contain a SQL
injection vul ...)
- TODO: check
+ NOT-FOR-US: Archery
CVE-2022-38537 (Archery v1.4.5 to v1.8.5 was discovered to contain multiple
SQL inject ...)
- TODO: check
+ NOT-FOR-US: Archery
CVE-2022-38536
RESERVED
CVE-2022-38535
@@ -5329,11 +5329,11 @@ CVE-2022-38499
CVE-2022-38498
RESERVED
CVE-2022-38497 (LIEF commit 365a16a was discovered to contain a segmentation
violation ...)
- TODO: check
+ NOT-FOR-US: LIEF
CVE-2022-38496 (LIEF commit 365a16a was discovered to contain a reachable
assertion ab ...)
- TODO: check
+ NOT-FOR-US: LIEF
CVE-2022-38495 (LIEF commit 365a16a was discovered to contain a heap-buffer
overflow v ...)
- TODO: check
+ NOT-FOR-US: LIEF
CVE-2022-38078 (Movable Type XMLRPC API provided by Six Apart Ltd. contains a
command ...)
- movabletype-opensource <removed>
CVE-2022-2925 (Cross-site Scripting (XSS) - Stored in GitHub repository
appwrite/appw ...)
@@ -6083,9 +6083,9 @@ CVE-2022-38309 (Tenda AC18 router v15.03.05.19 and
v15.03.05.05 was discovered t
CVE-2022-38308
RESERVED
CVE-2022-38307 (LIEF commit 5d1d643 was discovered to contain a segmentation
violation ...)
- TODO: check
+ NOT-FOR-US: LIEF
CVE-2022-38306 (LIEF commit 5d1d643 was discovered to contain a heap-buffer
overflow i ...)
- TODO: check
+ NOT-FOR-US: LIEF
CVE-2022-36403 (Untrusted search path vulnerability in the installer of Device
Softwar ...)
NOT-FOR-US: Ricoh
CVE-2022-2825
@@ -7680,7 +7680,7 @@ CVE-2022-37663
CVE-2022-37662
RESERVED
CVE-2022-37661 (SmartRG SR506n 2.5.15 and SR510n 2.6.13 routers are vulnerable
to Remo ...)
- TODO: check
+ NOT-FOR-US: SmartRG
CVE-2022-37660
RESERVED
CVE-2022-37659
@@ -8723,7 +8723,7 @@ CVE-2022-37304
CVE-2022-37303
RESERVED
CVE-2022-37302 (A CWE-119: Improper Restriction of Operations within the
Bounds of a M ...)
- TODO: check
+ NOT-FOR-US: EcoStruxure Control Expert
CVE-2022-37301
RESERVED
CVE-2022-37300 (A CWE-640: Weak Password Recovery Mechanism for Forgotten
Password vul ...)
@@ -9473,7 +9473,7 @@ CVE-2022-37013
CVE-2022-37012
RESERVED
CVE-2022-37011 (A vulnerability has been identified in Mendix SAML Module
(Mendix 7 co ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2022-37010 (In JetBrains IntelliJ IDEA before 2022.2 email address
validation in t ...)
- intellij-idea <itp> (bug #747616)
CVE-2022-37009 (In JetBrains IntelliJ IDEA before 2022.2 local code execution
via a Va ...)
@@ -9990,13 +9990,13 @@ CVE-2022-36784
CVE-2022-36783
RESERVED
CVE-2022-36782 (Pal Electronics Systems - Pal Gate Authorization Errors. The
vulnerabi ...)
- TODO: check
+ NOT-FOR-US: Pal Electronics Systems
CVE-2022-36781
RESERVED
CVE-2022-36780 (Avdor CIS - crystal quality Credentials Management Errors. The
product ...)
- TODO: check
+ NOT-FOR-US: Avdor CIS
CVE-2022-36779 (PROSCEND - PROSCEND / ADVICE .Ltd - G/5G Industrial Cellular
Router (w ...)
- TODO: check
+ NOT-FOR-US: PROSCEND
CVE-2022-36778 (insert HTML / js code inside input how to get to the
vulnerable input ...)
TODO: check
CVE-2022-36777
@@ -10732,7 +10732,7 @@ CVE-2022-36438
CVE-2022-36437
RESERVED
CVE-2022-36436 (OSU Open Source Lab VNCAuthProxy through 1.1.1 is affected by
an vncap ...)
- TODO: check
+ NOT-FOR-US: OSU Open Source Lab VNCAuthProxy
CVE-2022-36435
RESERVED
CVE-2022-36434
@@ -12428,33 +12428,33 @@ CVE-2022-35843
CVE-2022-35842
RESERVED
CVE-2022-35841 (Windows Enterprise App Management Service Remote Code
Execution Vulner ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-35840 (Microsoft OLE DB Provider for SQL Server Remote Code Execution
Vulnera ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-35839
RESERVED
CVE-2022-35838 (HTTP V3 Denial of Service Vulnerability. ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-35837 (Windows Graphics Component Information Disclosure
Vulnerability. This ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-35836 (Microsoft OLE DB Provider for SQL Server Remote Code Execution
Vulnera ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-35835 (Microsoft OLE DB Provider for SQL Server Remote Code Execution
Vulnera ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-35834 (Microsoft OLE DB Provider for SQL Server Remote Code Execution
Vulnera ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-35833 (Windows Secure Channel Denial of Service Vulnerability. This
CVE ID is ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-35832 (Windows Event Tracing Denial of Service Vulnerability. ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-35831 (Windows Remote Access Connection Manager Information
Disclosure Vulner ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-35830 (Remote Procedure Call Runtime Remote Code Execution
Vulnerability. ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-35829
RESERVED
CVE-2022-35828 (Microsoft Defender for Endpoint for Mac Elevation of Privilege
Vulnera ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-35827 (Visual Studio Remote Code Execution Vulnerability. This CVE ID
is uniq ...)
NOT-FOR-US: Microsoft
CVE-2022-35826 (Visual Studio Remote Code Execution Vulnerability. This CVE ID
is uniq ...)
@@ -12464,7 +12464,7 @@ CVE-2022-35825 (Visual Studio Remote Code Execution
Vulnerability. This CVE ID i
CVE-2022-35824 (Azure Site Recovery Remote Code Execution Vulnerability. This
CVE ID i ...)
NOT-FOR-US: Microsoft
CVE-2022-35823 (Microsoft SharePoint Remote Code Execution Vulnerability. ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-35822 (Windows Defender Credential Guard Security Feature Bypass
Vulnerabilit ...)
NOT-FOR-US: Microsoft
CVE-2022-35821 (Azure Sphere Information Disclosure Vulnerability. ...)
@@ -12500,11 +12500,11 @@ CVE-2022-35807 (Azure Site Recovery Elevation of
Privilege Vulnerability. This C
CVE-2022-35806 (Azure RTOS GUIX Studio Remote Code Execution Vulnerability.
This CVE I ...)
NOT-FOR-US: Microsoft
CVE-2022-35805 (Microsoft Dynamics CRM (on-premises) Remote Code Execution
Vulnerabili ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-35804 (SMB Client and Server Remote Code Execution Vulnerability. ...)
NOT-FOR-US: Microsoft
CVE-2022-35803 (Windows Common Log File System Driver Elevation of Privilege
Vulnerabi ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-35802 (Azure Site Recovery Elevation of Privilege Vulnerability. This
CVE ID ...)
NOT-FOR-US: Microsoft
CVE-2022-35801 (Azure Site Recovery Elevation of Privilege Vulnerability. This
CVE ID ...)
@@ -13039,7 +13039,7 @@ CVE-2022-35583 (wkhtmlTOpdf 0.12.6 is vulnerable to
SSRF which allows an attacke
NOTE: a protected network in an automated way, a malicious actor may
access internal
NOTE: resources. A user of wkhtmltopdf should restrict such access.
CVE-2022-35582 (Penta Security Systems Inc WAPPLES 4.0.*, 5.0.0.*, 5.0.12.*
are vulner ...)
- TODO: check
+ NOT-FOR-US: Penta Security Systems
CVE-2022-35581
RESERVED
CVE-2022-35580
@@ -14874,7 +14874,7 @@ CVE-2022-2279 (NULL Pointer Dereference in GitHub
repository bfabiszewski/libmob
CVE-2022-2278 (The Featured Image from URL (FIFU) WordPress plugin before
4.0.1 does ...)
NOT-FOR-US: WordPress plugin
CVE-2022-2277 (Improper Input Validation vulnerability exists in the Hitachi
Energy M ...)
- TODO: check
+ NOT-FOR-US: Hitachi
CVE-2021-4234 (OpenVPN Access Server 2.10 and prior versions are susceptible
to resen ...)
NOT-FOR-US: OpenVPN Access Server
CVE-2022-34893
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d9ef618e98741b6c059715383fb71a5323d20970
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d9ef618e98741b6c059715383fb71a5323d20970
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
