Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
ad0a77a3 by Salvatore Bonaccorso at 2022-10-07T22:32:24+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -71,7 +71,7 @@ CVE-2022-3424
CVE-2022-3423 (Denial of Service in GitHub repository nocodb/nocodb prior to
0.92.0. ...)
TODO: check
CVE-2022-3422 (Account Takeover :: when see the info i can see the hash pass i
can cr ...)
- TODO: check
+ NOT-FOR-US: ToolJet
CVE-2022-3421
RESERVED
CVE-2022-3420
@@ -885,7 +885,7 @@ CVE-2022-42094
CVE-2022-42093
RESERVED
CVE-2022-42092 (Backdrop CMS 1.22.0 has Unrestricted File Upload vulnerability
via 'th ...)
- TODO: check
+ NOT-FOR-US: Backdrop CMS
CVE-2022-42091
RESERVED
CVE-2022-42090
@@ -919,11 +919,11 @@ CVE-2022-42077
CVE-2022-42076
RESERVED
CVE-2022-42075 (Wedding Planner v1.0 is vulnerable to has arbitrary code
execution. ...)
- TODO: check
+ NOT-FOR-US: Wedding Planner
CVE-2022-42074 (Online Diagnostic Lab Management System v1.0 is vulnerable to
SQL Inje ...)
- TODO: check
+ NOT-FOR-US: Online Diagnostic Lab Management System
CVE-2022-42073 (Online Diagnostic Lab Management System v1.0 is vulnerable to
SQL Inje ...)
- TODO: check
+ NOT-FOR-US: Online Diagnostic Lab Management System
CVE-2022-42072
RESERVED
CVE-2022-42071
@@ -2338,13 +2338,13 @@ CVE-2022-41517 (TOTOLINK NR1800X V9.1.0u.6279_B20210910
was discovered to contai
CVE-2022-41516
RESERVED
CVE-2022-41515 (Open Source SACCO Management System v1.0 was discovered to
contain a S ...)
- TODO: check
+ NOT-FOR-US: Open Source SACCO Management System
CVE-2022-41514 (Open Source SACCO Management System v1.0 was discovered to
contain a S ...)
- TODO: check
+ NOT-FOR-US: Open Source SACCO Management System
CVE-2022-41513 (Online Diagnostic Lab Management System v1.0 was discovered to
contain ...)
- TODO: check
+ NOT-FOR-US: Online Diagnostic Lab Management System
CVE-2022-41512 (An arbitrary file upload vulnerability in the component
/php_action/ed ...)
- TODO: check
+ NOT-FOR-US: Online Diagnostic Lab Management System
CVE-2022-41511
RESERVED
CVE-2022-41510
@@ -2542,7 +2542,7 @@ CVE-2022-41416
CVE-2022-41415
RESERVED
CVE-2022-41414 (An insecure default in the component auth.login.prompt.enabled
of Life ...)
- TODO: check
+ NOT-FOR-US: Liferay
CVE-2022-41413
RESERVED
CVE-2022-41412
@@ -2586,7 +2586,7 @@ CVE-2022-41394
CVE-2022-41393
RESERVED
CVE-2022-41392 (A cross-site scripting (XSS) vulnerability in TotalJS commit
8c2c8909 ...)
- TODO: check
+ NOT-FOR-US: TotalJS CMS
CVE-2022-41391
RESERVED
CVE-2022-41390
@@ -2612,11 +2612,11 @@ CVE-2022-41381
CVE-2022-41380
RESERVED
CVE-2022-41379 (An arbitrary file upload vulnerability in the component
/leave_system/ ...)
- TODO: check
+ NOT-FOR-US: Online Leave Management System
CVE-2022-41378 (Online Pet Shop We App v1.0 was discovered to contain a SQL
injection ...)
- TODO: check
+ NOT-FOR-US: Online Pet Shop We App
CVE-2022-41377 (Online Pet Shop We App v1.0 was discovered to contain a SQL
injection ...)
- TODO: check
+ NOT-FOR-US: Online Pet Shop We App
CVE-2022-41376
RESERVED
CVE-2022-41375
@@ -3843,7 +3843,7 @@ CVE-2022-40874
CVE-2022-40873
RESERVED
CVE-2022-40872 (An SQL injection vulnerability issue was discovered in
Sourcecodester ...)
- TODO: check
+ NOT-FOR-US: Sourcecodester Simple E-Learning System
CVE-2022-40871
RESERVED
CVE-2022-40870
@@ -6191,69 +6191,69 @@ CVE-2022-39880
CVE-2022-39879
RESERVED
CVE-2022-39878 (Improper access control vulnerability in Samsung Checkout
prior to ver ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-39877 (Improper access control vulnerability in ProfileSharingAccount
in Grou ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-39876 (Insertion of Sensitive Information into Log in
PushRegIdUpdateClient o ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-39875 (Improper component protection vulnerability in Samsung Account
prior t ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-39874 (Sensitive log information leakage vulnerability in Samsung
Account pri ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-39873 (Improper authorization vulnerability in Samsung Internet prior
to vers ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-39872 (Improper restriction of broadcasting Intent in ShareLive prior
to vers ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-39871 (Improper access control vulnerability
cloudNotificationManager.java in ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-39870 (Improper access control vulnerability in
cloudNotificationManager.java ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-39869 (Improper access control vulnerability in
cloudNotificationManager.java ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-39868 (Improper access control vulnerability in GedSamsungAccount.kt
SmartThi ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-39867 (Improper access control vulnerability in
cloudNotificationManager.java ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-39866 (Improper access control vulnerability in
RegisteredEventMediator.kt Sm ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-39865 (Improper access control vulnerability in
ContentsSharingActivity.java ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-39864 (Improper access control vulnerability in WifiSetupLaunchHelper
in Smar ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-39863 (Intent redirection vulnerability in Samsung Account prior to
version 1 ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-39862 (Improper authorization in Dynamic Lockscreen prior to SMR
Sep-2022 Rel ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-39861 (Unprotected Receiver in AtBroadcastReceiver in FactoryCamera
prior to ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-39860 (Improper access control vulnerability in QuickShare prior to
version 1 ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-39859 (Implicit intent hijacking vulnerability in UPHelper library
prior to v ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-39858 (Path traversal vulnerability in AtBroadcastReceiver in
FactoryCamera p ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-39857 (Improper access control vulnerability in CameraTestActivity in
Factory ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-39856 (Improper access control vulnerability in imsservice
application prior ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-39855 (Improper access control vulnerability in FACM application
prior to SMR ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-39854 (Improper protection in IOMMU prior to SMR Oct-2022 Release 1
allows un ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-39853 (A use after free vulnerability in perf-mgr driver prior to SMR
Oct-202 ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-39852 (A heap-based overflow vulnerability in makeContactAGIF in
libagifencod ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-39851 (Improper access control vulnerability in CocktailBarService
prior to S ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-39850 (Improper access control in mum_container_policy service prior
to SMR O ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-39849 (Improper access control in knox_vpn_policy service prior to
SMR Oct-20 ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-39848 (Exposure of sensitive information in AT_Distributor prior to
SMR Oct-2 ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-39847 (Use after free vulnerability in set_nft_pid and signal_handler
functio ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-39846 (DLL hijacking vulnerability in Smart Switch PC prior to
version 4.3.22 ...)
NOT-FOR-US: Samstung
CVE-2022-39845 (Improper validation of integrity check vulnerability in
Samsung Kies p ...)
@@ -7484,7 +7484,7 @@ CVE-2022-39282
CVE-2022-39281
RESERVED
CVE-2022-39280 (dparse is a parser for Python dependency files. dparse in
versions bef ...)
- TODO: check
+ NOT-FOR-US: dparse (parser for Python dependency files)
CVE-2022-39279 (discourse-chat is a plugin for the Discourse message board
which adds ...)
NOT-FOR-US: discourse-chat plugin for Discourse
CVE-2022-39278
@@ -7508,7 +7508,7 @@ CVE-2022-39270 (DiscoTOC is a Discourse theme component
that generates a table o
CVE-2022-39269 (PJSIP is a free and open source multimedia communication
library writt ...)
TODO: check
CVE-2022-39268 (### Impact In a CSRF attack, an innocent end user is tricked
by an att ...)
- TODO: check
+ NOT-FOR-US: orchest/orchest
CVE-2022-39267
RESERVED
CVE-2022-39266 (isolated-vm is a library for nodejs which gives the user
access to v8' ...)
@@ -7586,7 +7586,7 @@ CVE-2022-39240 (MyGraph is a permission management
system. Versions prior to 1.0
CVE-2022-39239 (netlify-ipx is an on-Demand image optimization for Netlify
using ipx. ...)
TODO: check
CVE-2022-39238 (Arvados is an open source platform for managing and analyzing
biomedic ...)
- TODO: check
+ NOT-FOR-US: Arvados
CVE-2022-39237 (syslabs/sif is the Singularity Image Format (SIF) reference
implementa ...)
TODO: check
CVE-2022-39236 (Matrix Javascript SDK is the Matrix Client-Server SDK for
JavaScript. ...)
@@ -8429,11 +8429,11 @@ CVE-2022-38936 (An issue has been found in PBC through
2022-8-27. A SEGV issue d
CVE-2022-38935
RESERVED
CVE-2022-38934 (readelf in ToaruOS 2.0.1 has some arbitrary address read
vulnerabiliti ...)
- TODO: check
+ NOT-FOR-US: readelf in ToaruOS
CVE-2022-38933
RESERVED
CVE-2022-38932 (readelf in ToaruOS 2.0.1 has a global overflow allowing RCE
when parsi ...)
- TODO: check
+ NOT-FOR-US: readelf in ToaruOS
CVE-2022-38931 (A Server-Side Request Forgery (SSRF) in fetch_net_file_upload
function ...)
NOT-FOR-US: baijiacms
CVE-2022-38930
@@ -11584,29 +11584,29 @@ CVE-2022-37898
CVE-2022-37897
RESERVED
CVE-2022-37896 (A vulnerability in the Aruba InstantOS and ArubaOS 10 web
management i ...)
- TODO: check
+ NOT-FOR-US: Aruba
CVE-2022-37895 (An unauthenticated Denial of Service (DoS) vulnerability
exists in the ...)
- TODO: check
+ NOT-FOR-US: Aruba
CVE-2022-37894 (An unauthenticated Denial of Service (DoS) vulnerability
exists in the ...)
- TODO: check
+ NOT-FOR-US: Aruba
CVE-2022-37893 (An authenticated command injection vulnerability exists in the
Aruba I ...)
- TODO: check
+ NOT-FOR-US: Aruba
CVE-2022-37892 (A vulnerability in the Aruba InstantOS and ArubaOS 10 web
management i ...)
- TODO: check
+ NOT-FOR-US: Aruba
CVE-2022-37891 (Unauthenticated buffer overflow vulnerabilities exist within
the Aruba ...)
- TODO: check
+ NOT-FOR-US: Aruba
CVE-2022-37890 (Unauthenticated buffer overflow vulnerabilities exist within
the Aruba ...)
- TODO: check
+ NOT-FOR-US: Aruba
CVE-2022-37889 (There are buffer overflow vulnerabilities in multiple
underlying servi ...)
- TODO: check
+ NOT-FOR-US: Aruba
CVE-2022-37888 (There are buffer overflow vulnerabilities in multiple
underlying servi ...)
NOT-FOR-US: Aruba
CVE-2022-37887 (There are buffer overflow vulnerabilities in multiple
underlying servi ...)
- TODO: check
+ NOT-FOR-US: Aruba
CVE-2022-37886 (There are buffer overflow vulnerabilities in multiple
underlying servi ...)
- TODO: check
+ NOT-FOR-US: Aruba
CVE-2022-37885 (There are buffer overflow vulnerabilities in multiple
underlying servi ...)
- TODO: check
+ NOT-FOR-US: Aruba
CVE-2022-37884 (A vulnerability exists in the ClearPass Policy Manager Guest
User Inte ...)
NOT-FOR-US: Aruba
CVE-2022-37883 (Vulnerabilities in the ClearPass Policy Manager web-based
management i ...)
@@ -14283,7 +14283,7 @@ CVE-2022-36870 (Pending Intent hijacking vulnerability
in MTransferNotificationM
CVE-2022-36869 (Improper access control vulnerability in ContactsDumpActivity
of?Conta ...)
NOT-FOR-US: Samsung
CVE-2022-36868 (Improper restriction of broadcasting Intent in
MouseNKeyHidDevice prio ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-36867 (Improper access control vulnerability in Editor Lite prior to
version ...)
NOT-FOR-US: Samsung
CVE-2022-36866 (Improper access control vulnerability in Broadcaster in Group
Sharing ...)
@@ -18445,7 +18445,7 @@ CVE-2022-35232
CVE-2022-35231
RESERVED
CVE-2022-33896 (A buffer underflow vulnerability exists in the way Hword of
Hancom Off ...)
- TODO: check
+ NOT-FOR-US: Hancom Office
CVE-2022-2325 (The Invitation Based Registrations WordPress plugin through
2.2.84 doe ...)
NOT-FOR-US: WordPress plugin
CVE-2022-2324 (Improperly Implemented Security Check vulnerability in the
SonicWall H ...)
@@ -22348,7 +22348,7 @@ CVE-2022-33903 (Tor 0.4.7.x before 0.4.7.8 allows a
denial of service via the we
CVE-2022-33891 (The Apache Spark UI offers the possibility to enable ACLs via
the conf ...)
- apache-spark <itp> (bug #802194)
CVE-2022-33890 (A maliciously crafted PCT or DWF file when consumed through
DesignRevi ...)
- TODO: check
+ NOT-FOR-US: Autodesk
CVE-2022-33889 (A maliciously crafted GIF or JPEG files when parsed through
Autodesk D ...)
NOT-FOR-US: Autodesk
CVE-2022-33888 (A malicious crafted Dwg2Spd file when processed through
Autodesk DWG a ...)
@@ -25320,15 +25320,15 @@ CVE-2022-32595
CVE-2022-32594
RESERVED
CVE-2022-32593 (In vowe, there is a possible out of bounds write due to a
missing boun ...)
- TODO: check
+ NOT-FOR-US: Mediatek
CVE-2022-32592 (In cpu dvfs, there is a possible out of bounds write due to a
missing ...)
- TODO: check
+ NOT-FOR-US: Mediatek
CVE-2022-32591 (In ril, there is a possible system crash due to an incorrect
bounds ch ...)
- TODO: check
+ NOT-FOR-US: Mediatek
CVE-2022-32590 (In wlan, there is a possible use after free due to an
incorrect status ...)
- TODO: check
+ NOT-FOR-US: Mediatek
CVE-2022-32589 (In Wi-Fi driver, there is a possible way to disconnect Wi-Fi
due to an ...)
- TODO: check
+ NOT-FOR-US: Mediatek
CVE-2022-32569
RESERVED
CVE-2022-32568
@@ -43429,15 +43429,15 @@ CVE-2022-0865 (Reachable Assertion in tiffcp in
libtiff 4.3.0 allows attackers t
CVE-2022-26476 (A vulnerability has been identified in Spectrum Power 4 (All
versions ...)
NOT-FOR-US: Siemens
CVE-2022-26475 (In wlan, there is a possible out of bounds write due to a
missing boun ...)
- TODO: check
+ NOT-FOR-US: Mediatek
CVE-2022-26474 (In sensorhub, there is a possible out of bounds write due to
an incorr ...)
- TODO: check
+ NOT-FOR-US: Mediatek
CVE-2022-26473 (In vdec fmt, there is a possible use after free due to
improper lockin ...)
- TODO: check
+ NOT-FOR-US: Mediatek
CVE-2022-26472 (In ims, there is a possible escalation of privilege due to a
parcel fo ...)
- TODO: check
+ NOT-FOR-US: Mediatek
CVE-2022-26471 (In telephony, there is a possible escalation of privilege due
to a par ...)
- TODO: check
+ NOT-FOR-US: Mediatek
CVE-2022-26470 (In aie, there is a possible out of bounds write due to an
incorrect bo ...)
NOT-FOR-US: Mediatek
CVE-2022-26469 (In MtkEmail, there is a possible escalation of privilege due
to fragme ...)
@@ -43475,7 +43475,7 @@ CVE-2022-26454 (In teei, there is a possible memory
corruption due to an integer
CVE-2022-26453 (In teei, there is a possible memory corruption due to a use
after free ...)
NOT-FOR-US: Mediatek
CVE-2022-26452 (In isp, there is a possible use after free due to improper
locking. Th ...)
- TODO: check
+ NOT-FOR-US: Mediatek
CVE-2022-26451 (In ged, there is a possible use after free due to improper
locking. Th ...)
NOT-FOR-US: Mediatek
CVE-2022-26450 (In apusys, there is a possible use after free due to a race
condition. ...)
@@ -44164,11 +44164,11 @@ CVE-2022-26240 (The default privileges for the
running service Normand Message B
CVE-2022-26239 (The default privileges for the running service Normand License
Manager ...)
NOT-FOR-US: Beckman Coulter Remisol Advance
CVE-2022-26238 (The default privileges for the running service Normand Service
Manager ...)
- TODO: check
+ NOT-FOR-US: Beckman Coulter Remisol Advance
CVE-2022-26237 (The default privileges for the running service Normand Viewer
Service ...)
NOT-FOR-US: Beckman Coulter Remisol Advance
CVE-2022-26236 (The default privileges for the running service Normand Remisol
Advance ...)
- TODO: check
+ NOT-FOR-US: Beckman Coulter Remisol Advance
CVE-2022-26235 (A vulnerability was discovered in the Remisol Advance
v2.0.12.1 and be ...)
NOT-FOR-US: Beckman Coulter Remisol Advance
CVE-2022-26234
@@ -61115,7 +61115,7 @@ CVE-2022-21938 (Under certain circumstances, a
vulnerability in Metasys ADS/ADX/
CVE-2022-21937 (Under certain circumstances, a vulnerability in Metasys
ADS/ADX/OAS 10 ...)
NOT-FOR-US: Metasys
CVE-2022-21936 (On Metasys ADX Server version 12.0 running MVE, an Active
Directory us ...)
- TODO: check
+ NOT-FOR-US: Metasys ADX Server
CVE-2022-21935 (A vulnerability in Metasys ADS/ADX/OAS 10 versions prior to
10.1.5 and ...)
NOT-FOR-US: Metasys
CVE-2022-21934 (Under certain circumstances an authenticated user could lock
other use ...)
@@ -78500,15 +78500,15 @@ CVE-2021-40168
CVE-2021-40167 (A malicious crafted dwf or .pct file when consumed through
DesignRevie ...)
NOT-FOR-US: Autodesk
CVE-2021-40166 (A maliciously crafted PNG file in Autodesk Image Processing
component ...)
- TODO: check
+ NOT-FOR-US: Autodesk
CVE-2021-40165 (A maliciously crafted TIFF, PICT, TGA, or RLC file in Autodesk
Image P ...)
- TODO: check
+ NOT-FOR-US: Autodesk
CVE-2021-40164 (A heap-based buffer overflow could occur while parsing TIFF,
PICT, TGA ...)
- TODO: check
+ NOT-FOR-US: Autodesk
CVE-2021-40163 (A Memory Corruption vulnerability may lead to code execution
through m ...)
- TODO: check
+ NOT-FOR-US: Autodesk
CVE-2021-40162 (A maliciously crafted TIF, PICT, TGA, or RLC files in Autodesk
Image P ...)
- TODO: check
+ NOT-FOR-US: Autodesk
CVE-2021-40161 (A Memory Corruption vulnerability may lead to code execution
through m ...)
NOT-FOR-US: Autodesk
CVE-2021-40160 (PDFTron prior to 9.0.7 version may be forced to read beyond
allocated ...)
@@ -168703,7 +168703,7 @@ CVE-2020-15857
CVE-2020-15856
RESERVED
CVE-2020-15855 (Two cross-site scripting vulnerabilities were fixed in Bodhi
5.6.1. ...)
- TODO: check
+ NOT-FOR-US: Bodhi
CVE-2020-15854
RESERVED
CVE-2020-15853
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ad0a77a3d51b1cb68f3ba4900d905a060a319d73
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ad0a77a3d51b1cb68f3ba4900d905a060a319d73
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
