Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
edac8f0f by Salvatore Bonaccorso at 2022-09-19T22:17:18+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -91,7 +91,7 @@ CVE-2022-40986
CVE-2022-40985
RESERVED
CVE-2022-40980 (A potential unathenticated file deletion vulnerabilty on Trend
Micro M ...)
- TODO: check
+ NOT-FOR-US: Trend Micro
CVE-2022-40979
RESERVED
CVE-2022-40978 (The installer of JetBrains IntelliJ IDEA before 2022.2.2 was
vulnerabl ...)
@@ -991,7 +991,7 @@ CVE-2022-40610
CVE-2022-40609
RESERVED
CVE-2022-40608 (IBM Spectrum Protect Plus 10.1.6 through 10.1.11 Microsoft
File System ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2022-40607
RESERVED
CVE-2022-3192
@@ -1819,7 +1819,7 @@ CVE-2022-40236
CVE-2022-40235
RESERVED
CVE-2022-40234 (Versions of IBM Spectrum Protect Plus prior to 10.1.12
(excluding 10.1 ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2022-40233
RESERVED
CVE-2022-40232
@@ -2032,17 +2032,17 @@ CVE-2022-3149
CVE-2022-3148 (Cross-site Scripting (XSS) - Generic in GitHub repository
jgraph/drawi ...)
NOT-FOR-US: jgraph/drawio
CVE-2022-40144 (A vulnerability in Trend Micro Apex One and Trend Micro Apex
One as a ...)
- TODO: check
+ NOT-FOR-US: Trend Micro
CVE-2022-40143 (A link following local privilege escalation vulnerability in
Trend Mic ...)
- TODO: check
+ NOT-FOR-US: Trend Micro
CVE-2022-40142 (A security link following local privilege escalation
vulnerability in ...)
- TODO: check
+ NOT-FOR-US: Trend Micro
CVE-2022-40141 (A vulnerability in Trend Micro Apex One and Apex One as a
Service coul ...)
- TODO: check
+ NOT-FOR-US: Trend Micro
CVE-2022-40140 (An origin validation error vulnerability in Trend Micro Apex
One and A ...)
- TODO: check
+ NOT-FOR-US: Trend Micro
CVE-2022-40139 (Improper validation of some components used by the rollback
mechanism ...)
- TODO: check
+ NOT-FOR-US: Trend Micro
CVE-2022-40138
RESERVED
CVE-2022-40133 (A use-after-free(UAF) vulnerability was found in function
'vmw_execbuf ...)
@@ -2089,9 +2089,9 @@ CVE-2022-40127
CVE-2022-38972 (Cross-site scripting vulnerability in Movable Type plugin
A-Form versi ...)
NOT-FOR-US: Movable Type plugin
CVE-2022-3142 (The NEX-Forms WordPress plugin before 7.9.7 does not properly
sanitise ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-3141 (The Translate Multilingual sites WordPress plugin before 2.3.3
is vuln ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-3140
RESERVED
CVE-2022-3139
@@ -2203,25 +2203,25 @@ CVE-2022-40078
CVE-2022-40077
RESERVED
CVE-2022-40076 (Tenda AC21 V16.03.08.15 is vulnerable to Buffer Overflow via
/bin/http ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2022-40075 (Tenda AC21 V 16.03.08.15 is vulnerable to Buffer Overflow via
/bin/htt ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2022-40074 (Tenda AC21 V 16.03.08.15 is vulnerable to Buffer Overflow via
/bin/htt ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2022-40073 (Tenda AC21 V 16.03.08.15 is vulnerable to Buffer Overflow via
/bin/htt ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2022-40072 (Tenda AC21 V 16.03.08.15 is vulnerable to Buffer Overflow via
/bin/htt ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2022-40071 (Tenda AC21 V 16.03.08.15 is vulnerable to Buffer Overflow via
/bin/htt ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2022-40070 (Tenda AC21 V 16.03.08.15 is vulnerable to Buffer Overflow via
bin/http ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2022-40069 (]Tenda AC21 V 16.03.08.15 is vulnerable to Buffer Overflow via
/bin/ht ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2022-40068 (Tenda AC21 V16.03.08.15 is vulnerable to Buffer Overflow via
/bin/http ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2022-40067 (Tenda AC21 V 16.03.08.15 is vulnerable to Buffer Overflow via
/bin/htt ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2022-40066
RESERVED
CVE-2022-40065
@@ -4667,7 +4667,7 @@ CVE-2022-3037 (Use After Free in GitHub repository
vim/vim prior to 9.0.0322. ..
NOTE: https://huntr.dev/bounties/af4c2f2d-d754-4607-b565-9e92f3f717b5
NOTE:
https://github.com/vim/vim/commit/4f1b083be43f351bc107541e7b0c9655a5d2c0bb
(v9.0.0322)
CVE-2022-3036 (The Gettext override translations WordPress plugin before 2.0.0
does n ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-3035 (Cross-site Scripting (XSS) - Stored in GitHub repository
snipe/snipe-i ...)
- snipe-it <itp> (bug #1005172)
CVE-2022-3034
@@ -5184,7 +5184,7 @@ CVE-2022-3023
CVE-2022-3022
REJECTED
CVE-2022-3021 (The Slickr Flickr WordPress plugin through 2.8.1 does not
sanitise and ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-3020
RESERVED
CVE-2021-46836 (Implementation of the WLAN module interfaces has the
information discl ...)
@@ -5314,7 +5314,7 @@ CVE-2022-38766
CVE-2022-38765
RESERVED
CVE-2022-38764 (A vulnerability on Trend Micro HouseCall version 1.62.1.1133
and below ...)
- TODO: check
+ NOT-FOR-US: Trend Micro
CVE-2022-38763
RESERVED
CVE-2022-38762
@@ -5590,7 +5590,7 @@ CVE-2022-2959 (A race condition was found in the Linux
kernel's watch queue due
NOTE: https://www.zerodayinitiative.com/advisories/ZDI-CAN-17291/
NOTE:
https://git.kernel.org/linus/189b0ddc245139af81198d1a3637cac74f96e13a (5.19-rc1)
CVE-2022-2958 (The BadgeOS WordPress plugin before 3.7.1.3 does not sanitise
and esca ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-2957 (A vulnerability classified as critical was found in
SourceCodester Sim ...)
NOT-FOR-US: SourceCodester Simple and Nice Shopping Cart Script
CVE-2022-2956 (A vulnerability classified as problematic has been found in
ConsoleTVs ...)
@@ -6679,7 +6679,7 @@ CVE-2022-2842 (A vulnerability classified as critical has
been found in SourceCo
CVE-2022-2841 (A vulnerability was found in CrowdStrike Falcon
6.31.14505.0/6.42.1561 ...)
NOT-FOR-US: CrowdStrike Falcon
CVE-2022-2840 (The Zephyr Project Manager WordPress plugin before 3.2.5 does
not sani ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-2839
RESERVED
CVE-2022-2838 (In Eclipse Sphinx™ before version 0.13.1, Apache Xerces
XML Pars ...)
@@ -7402,9 +7402,9 @@ CVE-2022-2756 (Server-Side Request Forgery (SSRF) in
GitHub repository kareadita
CVE-2022-2755
RESERVED
CVE-2022-2754 (The Ketchup Restaurant Reservations WordPress plugin through
1.0.0 doe ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-2753 (The Ketchup Restaurant Reservations WordPress plugin through
1.0.0 doe ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-2752
RESERVED
CVE-2022-2751 (A vulnerability was found in SourceCodester Company Website CMS
and cl ...)
@@ -8013,9 +8013,9 @@ CVE-2022-2712
CVE-2022-2711
RESERVED
CVE-2022-2710 (The Scroll To Top WordPress plugin before 1.4.1 does not escape
some o ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-2709 (The Float to Top Button WordPress plugin through 2.3.6 does not
escape ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-37863
RESERVED
CVE-2022-37862
@@ -9313,9 +9313,9 @@ CVE-2022-2627
CVE-2022-2626 (Incorrect Privilege Assignment in GitHub repository
hestiacp/hestiacp ...)
NOT-FOR-US: Hestia Control Panel
CVE-2022-37348 (Trend Micro Security 2021 and 2022 (Consumer) is vulnerable to
an Out- ...)
- TODO: check
+ NOT-FOR-US: Trend Micro
CVE-2022-37347 (Trend Micro Security 2021 and 2022 (Consumer) is vulnerable to
an Out- ...)
- TODO: check
+ NOT-FOR-US: Trend Micro
CVE-2022-37341
RESERVED
CVE-2022-37340
@@ -10244,7 +10244,7 @@ CVE-2022-2569 (The affected device stores sensitive
information in cleartext, wh
CVE-2022-2568 (A privilege escalation flaw was found in the Ansible Automation
Platfo ...)
NOT-FOR-US: Red Hat Ansible Automation Platform
CVE-2022-2567 (The Form Builder CP WordPress plugin before 1.2.32 does not
sanitise a ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-2566
RESERVED
- ffmpeg 7:5.1.1-1
@@ -15656,7 +15656,7 @@ CVE-2022-2277 (Improper Input Validation vulnerability
exists in the Hitachi Ene
CVE-2021-4234 (OpenVPN Access Server 2.10 and prior versions are susceptible
to resen ...)
NOT-FOR-US: OpenVPN Access Server
CVE-2022-34893 (Trend Micro Security 2022 (consumer) has a link following
vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: Trend Micro
CVE-2022-34892 (This vulnerability allows local attackers to escalate
privileges on af ...)
NOT-FOR-US: Parallels
CVE-2022-34891 (This vulnerability allows local attackers to escalate
privileges on af ...)
@@ -28462,7 +28462,7 @@ CVE-2022-1593 (The Site Offline or Coming Soon
WordPress plugin through 1.6.6 do
CVE-2022-1592 (Server-Side Request Forgery in scout in GitHub repository
clinical-gen ...)
NOT-FOR-US: clinical-genomics/scout
CVE-2022-1591 (The WordPress Ping Optimizer WordPress plugin before 2.35.1.3.0
does n ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-1590 (A vulnerability was found in Bludit 3.13.1. It has been
declared as pr ...)
NOT-FOR-US: Bludit
CVE-2022-1589 (The Change wp-admin login WordPress plugin before 1.1.0 does
not prope ...)
@@ -28634,7 +28634,7 @@ CVE-2022-1582 (The External Links in New Window / New
Tab WordPress plugin befor
CVE-2022-1581
RESERVED
CVE-2022-1580 (The Site Offline Or Coming Soon Or Maintenance Mode WordPress
plugin b ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-1579
RESERVED
CVE-2022-1578
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/edac8f0f5b004ef40a0ae1abca1d82e4fe335822
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/edac8f0f5b004ef40a0ae1abca1d82e4fe335822
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
