Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
ad1a1edf by Salvatore Bonaccorso at 2022-10-07T08:41:20+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -7366,7 +7366,7 @@ CVE-2022-39277
CVE-2022-39276
RESERVED
CVE-2022-39275 (Saleor is a headless, GraphQL commerce platform. In affected
versions ...)
- TODO: check
+ NOT-FOR-US: Saleor
CVE-2022-39274 (LoRaMac-node is a reference implementation and documentation
of a LoRa ...)
TODO: check
CVE-2022-39273 (FlyteAdmin is the control plane for the data processing
platform Flyte ...)
@@ -7376,7 +7376,7 @@ CVE-2022-39272
CVE-2022-39271
RESERVED
CVE-2022-39270 (DiscoTOC is a Discourse theme component that generates a table
of cont ...)
- TODO: check
+ NOT-FOR-US: DiscoTOC Discourse theme
CVE-2022-39269 (PJSIP is a free and open source multimedia communication
library writt ...)
TODO: check
CVE-2022-39268 (### Impact In a CSRF attack, an innocent end user is tricked
by an att ...)
@@ -8779,7 +8779,7 @@ CVE-2022-3004 (Cross-site Scripting (XSS) - Stored in
GitHub repository yetiforc
CVE-2022-3003
RESERVED
CVE-2022-3002 (Cross-site Scripting (XSS) - Stored in GitHub repository
yetiforcecomp ...)
- TODO: check
+ NOT-FOR-US: yetiforcecrm
CVE-2022-3001 (This vulnerability exists in Milesight Video Management Systems
(VMS), ...)
NOT-FOR-US: Milesight Video Management Systems (VMS)
CVE-2022-3000 (Cross-site Scripting (XSS) - Stored in GitHub repository
yetiforcecomp ...)
@@ -8996,7 +8996,7 @@ CVE-2022-2977 (A flaw was found in the Linux kernel
implementation of proxied vi
CVE-2022-2976
RESERVED
CVE-2022-2975 (A vulnerability related to weak permissions was detected in
Avaya Aura ...)
- TODO: check
+ NOT-FOR-US: Avaya
CVE-2022-2974
RESERVED
CVE-2020-36601 (Out-of-bounds write vulnerability in the kernel modules.
Successful ex ...)
@@ -10771,11 +10771,11 @@ CVE-2022-2785 (There exists an arbitrary memory read
within the Linux Kernel BPF
CVE-2022-2784
RESERVED
CVE-2022-2783 (In affected versions of Octopus Server it was identified that a
sessio ...)
- TODO: check
+ NOT-FOR-US: Octopus
CVE-2022-2782
RESERVED
CVE-2022-2781 (In affected versions of Octopus Server it was identified that
the same ...)
- TODO: check
+ NOT-FOR-US: Octopus
CVE-2022-2780
RESERVED
CVE-2022-2779 (A vulnerability classified as critical was found in
SourceCodester Gas ...)
@@ -11474,7 +11474,7 @@ CVE-2022-37890
CVE-2022-37889
RESERVED
CVE-2022-37888 (There are buffer overflow vulnerabilities in multiple
underlying servi ...)
- TODO: check
+ NOT-FOR-US: Aruba
CVE-2022-37887
RESERVED
CVE-2022-37886
@@ -12748,7 +12748,7 @@ CVE-2022-2639 (An integer coercion error was found in
the openvswitch kernel mod
CVE-2022-2638 (The Export All URLs WordPress plugin before 4.4 does not
validate the ...)
NOT-FOR-US: WordPress plugin
CVE-2022-2637 (Incorrect Privilege Assignment vulnerability in Hitachi Storage
Plug-i ...)
- TODO: check
+ NOT-FOR-US: Hitachi
CVE-2022-2636 (Improper Input Validation in GitHub repository
hestiacp/hestiacp prior ...)
NOT-FOR-US: Hestia Control Panel
CVE-2022-2635 (The Autoptimize WordPress plugin before 3.1.1 does not sanitise
and es ...)
@@ -14802,7 +14802,7 @@ CVE-2022-36553 (Hytec Inter HWL-2511-SS v1.05 and below
was discovered to contai
CVE-2022-36552 (Tenda AC6(AC1200) v5.0 Firmware v02.03.01.114 and below
contains an is ...)
NOT-FOR-US: Tenda
CVE-2022-36551 (A Server Side Request Forgery (SSRF) in the Data Import module
in Hear ...)
- TODO: check
+ NOT-FOR-US: Heartex
CVE-2022-36550
RESERVED
CVE-2022-36549
@@ -22224,21 +22224,21 @@ CVE-2022-33891 (The Apache Spark UI offers the
possibility to enable ACLs via th
CVE-2022-33890 (A maliciously crafted PCT or DWF file when consumed through
DesignRevi ...)
TODO: check
CVE-2022-33889 (A maliciously crafted GIF or JPEG files when parsed through
Autodesk D ...)
- TODO: check
+ NOT-FOR-US: Autodesk
CVE-2022-33888 (A malicious crafted Dwg2Spd file when processed through
Autodesk DWG a ...)
- TODO: check
+ NOT-FOR-US: Autodesk
CVE-2022-33887 (A maliciously crafted PDF file when parsed through Autodesk
AutoCAD 20 ...)
- TODO: check
+ NOT-FOR-US: Autodesk
CVE-2022-33886 (A maliciously crafted MODEL and SLDPRT file can be used to
write beyon ...)
- TODO: check
+ NOT-FOR-US: Autodesk
CVE-2022-33885 (A maliciously crafted X_B, CATIA, and PDF file when parsed
through Aut ...)
- TODO: check
+ NOT-FOR-US: Autodesk
CVE-2022-33884 (Parsing a maliciously crafted X_B file can force Autodesk
AutoCAD 2023 ...)
- TODO: check
+ NOT-FOR-US: Autodesk
CVE-2022-33883 (A malicious crafted file consumed through Moldflow Synergy,
Moldflow A ...)
- TODO: check
+ NOT-FOR-US: Autodesk
CVE-2022-33882 (Under certain conditions, an attacker could create an
unintended spher ...)
- TODO: check
+ NOT-FOR-US: Autodesk
CVE-2022-33881 (Parsing a maliciously crafted PRT file can force Autodesk
AutoCAD 2023 ...)
NOT-FOR-US: Autodesk
CVE-2022-33311 (Browse restriction bypass vulnerability in Address Book of
Cybozu Offi ...)
@@ -26522,11 +26522,11 @@ CVE-2022-32175
CVE-2022-32174
RESERVED
CVE-2022-32173 (In OrchardCore rc1-11259 to v1.2.2 vulnerable to HTML
injection, allow ...)
- TODO: check
+ NOT-FOR-US: Orchard CMS
CVE-2022-32172 (In Zinc, versions v0.1.9 through v0.3.1 are vulnerable to
Stored Cross ...)
- TODO: check
+ NOT-FOR-US: ZincSearch
CVE-2022-32171 (In Zinc, versions v0.1.9 through v0.3.1 are vulnerable to
Stored Cross ...)
- TODO: check
+ NOT-FOR-US: ZincSearch
CVE-2022-32170 (The “Bytebase” application does not restrict low
privilege ...)
TODO: check
CVE-2022-32169 (The “Bytebase” application does not restrict low
privilege ...)
@@ -44030,17 +44030,17 @@ CVE-2022-26242
CVE-2022-26241
RESERVED
CVE-2022-26240 (The default privileges for the running service Normand Message
Buffer ...)
- TODO: check
+ NOT-FOR-US: Beckman Coulter Remisol Advance
CVE-2022-26239 (The default privileges for the running service Normand License
Manager ...)
- TODO: check
+ NOT-FOR-US: Beckman Coulter Remisol Advance
CVE-2022-26238
RESERVED
CVE-2022-26237 (The default privileges for the running service Normand Viewer
Service ...)
- TODO: check
+ NOT-FOR-US: Beckman Coulter Remisol Advance
CVE-2022-26236
RESERVED
CVE-2022-26235 (A vulnerability was discovered in the Remisol Advance
v2.0.12.1 and be ...)
- TODO: check
+ NOT-FOR-US: Beckman Coulter Remisol Advance
CVE-2022-26234
RESERVED
CVE-2022-26233 (Barco Control Room Management through Suite 2.9 Build 0275 was
discove ...)
@@ -52273,11 +52273,11 @@ CVE-2022-23770
CVE-2022-23769
RESERVED
CVE-2022-23768 (This Vulnerability in NIS-HAP11AC is caused by an exposed
external por ...)
- TODO: check
+ NOT-FOR-US: NIS-HAP11AC
CVE-2022-23767 (This vulnerability of SecureGate is SQL-Injection using login
without ...)
NOT-FOR-US: SecureGate
CVE-2022-23766 (An improper input validation vulnerability leading to
arbitrary file e ...)
- TODO: check
+ NOT-FOR-US: BigFileAgent
CVE-2022-23765 (This vulnerability occured by sending a malicious POST request
to a sp ...)
NOT-FOR-US: ipTIME NAS product
CVE-2022-23764 (The vulnerability causing from insufficient verification
procedures fo ...)
@@ -77360,7 +77360,7 @@ CVE-2021-40558
CVE-2021-40557
RESERVED
CVE-2021-40556 (A stack overflow vulnerability exists in the httpd service in
ASUS RT- ...)
- TODO: check
+ NOT-FOR-US: ASUS
CVE-2021-40555
RESERVED
CVE-2021-40554
@@ -109975,7 +109975,7 @@ CVE-2021-27776
CVE-2021-27775
RESERVED
CVE-2021-27774 (User input included in error response, which could be used in
a phishi ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2021-27773 (This vulnerability allows users to execute a clickjacking
attack in th ...)
NOT-FOR-US: HCL
CVE-2021-27772 (Users are able to read group conversations without actively
taking par ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ad1a1edf875c2ab22cc2c214b8ff81f84fd87661
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ad1a1edf875c2ab22cc2c214b8ff81f84fd87661
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
