Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
a7f3932d by Salvatore Bonaccorso at 2022-10-11T23:05:36+02:00
Process several NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -175,9 +175,9 @@ CVE-2022-3455
CVE-2022-3454
RESERVED
CVE-2022-3453 (A vulnerability was found in SourceCodester Book Store
Management Syst ...)
- TODO: check
+ NOT-FOR-US: SourceCodester Book Store Management System
CVE-2022-3452 (A vulnerability was found in SourceCodester Book Store
Management Syst ...)
- TODO: check
+ NOT-FOR-US: SourceCodester Book Store Management System
CVE-2022-42783
RESERVED
CVE-2022-42782
@@ -313,7 +313,7 @@ CVE-2022-3439
CVE-2022-3438 (Open Redirect in GitHub repository ikus060/rdiffweb prior to
2.5.0a4. ...)
- rdiffweb <itp> (bug #969974)
CVE-2022-42731 (mfa/FIDO2.py in django-mfa2 before 2.5.1 and 2.6.x before
2.6.1 allows ...)
- TODO: check
+ NOT-FOR-US: django-mfa2
CVE-2022-42730
RESERVED
CVE-2022-42729
@@ -1409,13 +1409,13 @@ CVE-2022-42240
CVE-2022-42239
RESERVED
CVE-2022-42238 (A Vertical Privilege Escalation issue in Merchandise Online
Store v.1. ...)
- TODO: check
+ NOT-FOR-US: Merchandise Online Store
CVE-2022-42237
RESERVED
CVE-2022-42236 (A Stored XSS issue in Merchandise Online Store v.1.0 allows to
injecti ...)
- TODO: check
+ NOT-FOR-US: Merchandise Online Store
CVE-2022-42235 (A Stored XSS issue in Student Clearance System v.1.0 allows
the inject ...)
- TODO: check
+ NOT-FOR-US: Student Clearance System
CVE-2022-42234
RESERVED
CVE-2022-42233
@@ -1425,9 +1425,9 @@ CVE-2022-42232
CVE-2022-42231
RESERVED
CVE-2022-42230 (Simple Cold Storage Management System v1.0 is vulnerable to
SQL Inject ...)
- TODO: check
+ NOT-FOR-US: Simple Cold Storage Management System
CVE-2022-42229 (Wedding Planner v1.0 is vulnerable to Arbitrary code execution
via pac ...)
- TODO: check
+ NOT-FOR-US: Wedding Planner
CVE-2022-42228
RESERVED
CVE-2022-42227
@@ -1817,7 +1817,7 @@ CVE-2022-42036
CVE-2022-42035
RESERVED
CVE-2022-42034 (Wedding Planner v1.0 is vulnerable to arbitrary code execution
via use ...)
- TODO: check
+ NOT-FOR-US: Wedding Planner
CVE-2022-42033
RESERVED
CVE-2022-42032
@@ -2682,7 +2682,7 @@ CVE-2022-41667
CVE-2022-41666
RESERVED
CVE-2022-41665 (A vulnerability has been identified in SICAM P850 (All
versions < V ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2022-41664
RESERVED
CVE-2022-41663
@@ -3437,7 +3437,7 @@ CVE-2022-41378 (Online Pet Shop We App v1.0 was
discovered to contain a SQL inje
CVE-2022-41377 (Online Pet Shop We App v1.0 was discovered to contain a SQL
injection ...)
NOT-FOR-US: Online Pet Shop We App
CVE-2022-41376 (Metro UI v4.4.0 to v4.5.0 was discovered to contain a
reflected cross- ...)
- TODO: check
+ NOT-FOR-US: Metro UI
CVE-2022-41375
RESERVED
CVE-2022-41374
@@ -4207,11 +4207,11 @@ CVE-2022-41085
CVE-2022-41084
RESERVED
CVE-2022-41083 (Visual Studio Code Elevation of Privilege Vulnerability. ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-41082 (Microsoft Exchange Server Remote Code Execution Vulnerability.
...)
NOT-FOR-US: Microsoft
CVE-2022-41081 (Windows Point-to-Point Tunneling Protocol Remote Code
Execution Vulner ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-41080
RESERVED
CVE-2022-41079
@@ -4287,9 +4287,9 @@ CVE-2022-41045
CVE-2022-41044
RESERVED
CVE-2022-41043 (Microsoft Office Information Disclosure Vulnerability. ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-41042 (Visual Studio Code Information Disclosure Vulnerability. ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-41041
RESERVED
CVE-2022-41040 (Microsoft Exchange Server Elevation of Privilege
Vulnerability. ...)
@@ -4297,21 +4297,21 @@ CVE-2022-41040 (Microsoft Exchange Server Elevation of
Privilege Vulnerability.
CVE-2022-41039
RESERVED
CVE-2022-41038 (Microsoft SharePoint Server Remote Code Execution
Vulnerability. This ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-41037 (Microsoft SharePoint Server Remote Code Execution
Vulnerability. This ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-41036 (Microsoft SharePoint Server Remote Code Execution
Vulnerability. This ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-41035 (Microsoft Edge (Chromium-based) Spoofing Vulnerability. ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-41034 (Visual Studio Code Remote Code Execution Vulnerability. ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-41033 (Windows COM+ Event System Service Elevation of Privilege
Vulnerability ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-41032 (NuGet Client Elevation of Privilege Vulnerability. ...)
TODO: check
CVE-2022-41031 (Microsoft Word Remote Code Execution Vulnerability. ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-40129
RESERVED
CVE-2022-41030
@@ -5137,7 +5137,7 @@ CVE-2022-36404
CVE-2022-35238 (Unauthenticated Plugin Settings Change vulnerability in
Awesome Filter ...)
NOT-FOR-US: WordPress plugin
CVE-2022-33978 (Reflected Cross-Site Scripting (XSS) vulnerability FontMeister
plugin ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-3216 (A vulnerability has been found in Nintendo Game Boy Color and
classifi ...)
NOT-FOR-US: Nintendo Game Boy Color
CVE-2022-3215 (NIOHTTP1 and projects using it for generating HTTP responses
can be su ...)
@@ -5247,7 +5247,7 @@ CVE-2022-40635 (Improper Control of Dynamically-Managed
Code Resources vulnerabi
CVE-2022-40634 (Improper Control of Dynamically-Managed Code Resources
vulnerability i ...)
NOT-FOR-US: Crafter Studio of Crafter CMS
CVE-2022-40631 (A vulnerability has been identified in SCALANCE X200-4P IRT
(All versi ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2022-38097
RESERVED
CVE-2022-37332
@@ -6213,9 +6213,9 @@ CVE-2022-40229
CVE-2022-40228
RESERVED
CVE-2022-40227 (A vulnerability has been identified in SIMATIC HMI Comfort
Panels (inc ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2022-40226 (A vulnerability has been identified in SICAM P850 (All
versions < V ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2022-40225
RESERVED
CVE-2022-40200
@@ -6313,19 +6313,19 @@ CVE-2022-40184
CVE-2022-40183
RESERVED
CVE-2022-40182 (A vulnerability has been identified in Desigo PXM30-1 (All
versions &l ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2022-40181 (A vulnerability has been identified in Desigo PXM30-1 (All
versions &l ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2022-40180 (A vulnerability has been identified in Desigo PXM30-1 (All
versions &l ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2022-40179 (A vulnerability has been identified in Desigo PXM30-1 (All
versions &l ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2022-40178 (A vulnerability has been identified in Desigo PXM30-1 (All
versions &l ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2022-40177 (A vulnerability has been identified in Desigo PXM30-1 (All
versions &l ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2022-40176 (A vulnerability has been identified in Desigo PXM30-1 (All
versions &l ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2022-3162
RESERVED
CVE-2022-3161
@@ -6402,7 +6402,7 @@ CVE-2022-40149 (Those using Jettison to parse untrusted
XML or JSON data may be
CVE-2022-40148
RESERVED
CVE-2022-40147 (A vulnerability has been identified in Industrial Edge
Management (All ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2022-40146 (Server-Side Request Forgery (SSRF) vulnerability in Batik of
Apache XM ...)
- batik 1.15+dfsg-1 (bug #1020589)
[bullseye] - batik <no-dsa> (Minor issue)
@@ -6662,7 +6662,7 @@ CVE-2022-40049
CVE-2022-40048 (Flatpress v1.2.1 was discovered to contain a remote code
execution (RC ...)
NOT-FOR-US: Flatpress
CVE-2022-40047 (Flatpress v1.2.1 was discovered to contain a reflected
cross-site scri ...)
- TODO: check
+ NOT-FOR-US: Flatpress
CVE-2022-40046
RESERVED
CVE-2022-40045
@@ -10736,7 +10736,7 @@ CVE-2022-2909 (A vulnerability was found in
SourceCodester Simple and Nice Shopp
CVE-2022-38466 (A vulnerability has been identified in CoreShield One-Way
Gateway (OWG ...)
NOT-FOR-US: CoreShield One-Way Gateway (OWG)
CVE-2022-38465 (A vulnerability has been identified in SIMATIC Drive
Controller family ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2022-38089 (Stored cross-site scripting vulnerability in Exment ((PHP8)
exceedone/ ...)
NOT-FOR-US: Exment
CVE-2022-38080 (Reflected cross-site scripting vulnerability in Exment ((PHP8)
exceedo ...)
@@ -11160,7 +11160,7 @@ CVE-2022-38373
CVE-2022-38372
RESERVED
CVE-2022-38371 (A vulnerability has been identified in Nucleus NET (All
versions), Nuc ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2022-38370 (Apache IoTDB grafana-connector version 0.13.0 contains an
interface wi ...)
NOT-FOR-US: Apache IoTDB
CVE-2022-38369 (Apache IoTDB version 0.13.0 is vulnerable by session id
attack. Users ...)
@@ -12135,71 +12135,71 @@ CVE-2022-2727 (A vulnerability was found in
SourceCodester Gym Management System
CVE-2022-2726 (A vulnerability classified as critical has been found in
SEMCMS. This ...)
NOT-FOR-US: SEMCMS
CVE-2022-38053 (Microsoft SharePoint Server Remote Code Execution
Vulnerability. This ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-38052
RESERVED
CVE-2022-38051 (Windows Graphics Component Elevation of Privilege
Vulnerability. This ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-38050 (Win32k Elevation of Privilege Vulnerability. ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-38049 (Microsoft Office Graphics Remote Code Execution Vulnerability.
...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-38048 (Microsoft Office Remote Code Execution Vulnerability. ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-38047 (Windows Point-to-Point Tunneling Protocol Remote Code
Execution Vulner ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-38046 (Web Account Manager Information Disclosure Vulnerability. ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-38045 (Server Service Remote Protocol Elevation of Privilege
Vulnerability. ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-38044 (Windows CD-ROM File System Driver Remote Code Execution
Vulnerability. ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-38043 (Windows Security Support Provider Interface Information
Disclosure Vul ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-38042 (Active Directory Domain Services Elevation of Privilege
Vulnerability. ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-38041 (Windows Secure Channel Denial of Service Vulnerability. ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-38040 (Microsoft ODBC Driver Remote Code Execution Vulnerability. ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-38039 (Windows Kernel Elevation of Privilege Vulnerability. This CVE
ID is un ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-38038 (Windows Kernel Elevation of Privilege Vulnerability. This CVE
ID is un ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-38037 (Windows Kernel Elevation of Privilege Vulnerability. This CVE
ID is un ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-38036 (Internet Key Exchange (IKE) Protocol Denial of Service
Vulnerability. ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-38035
RESERVED
CVE-2022-38034 (Windows Workstation Service Elevation of Privilege
Vulnerability. ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-38033 (Windows Server Remotely Accessible Registry Keys Information
Disclosur ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-38032 (Windows Portable Device Enumerator Service Security Feature
Bypass Vul ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-38031 (Microsoft WDAC OLE DB provider for SQL Server Remote Code
Execution Vu ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-38030 (Windows USB Serial Driver Information Disclosure
Vulnerability. ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-38029 (Windows ALPC Elevation of Privilege Vulnerability. ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-38028 (Windows Print Spooler Elevation of Privilege Vulnerability.
...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-38027 (Windows Storage Elevation of Privilege Vulnerability. ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-38026 (Windows DHCP Client Information Disclosure Vulnerability. ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-38025 (Windows Distributed File System (DFS) Information Disclosure
Vulnerabi ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-38024
RESERVED
CVE-2022-38023
RESERVED
CVE-2022-38022 (Windows Kernel Elevation of Privilege Vulnerability. This CVE
ID is un ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-38021 (Connected User Experiences and Telemetry Elevation of
Privilege Vulner ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-38020 (Visual Studio Code Elevation of Privilege Vulnerability. ...)
NOT-FOR-US: Microsoft
CVE-2022-38019 (AV1 Video Extension Remote Code Execution Vulnerability. ...)
@@ -12207,9 +12207,9 @@ CVE-2022-38019 (AV1 Video Extension Remote Code
Execution Vulnerability. ...)
CVE-2022-38018
RESERVED
CVE-2022-38017 (StorSimple 8000 Series Elevation of Privilege Vulnerability.
...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-38016 (Windows Local Security Authority (LSA) Elevation of Privilege
Vulnerab ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-38015
RESERVED
CVE-2022-38014
@@ -12235,83 +12235,83 @@ CVE-2022-38005 (Windows Print Spooler Elevation of
Privilege Vulnerability. ...)
CVE-2022-38004 (Windows Fax Service Remote Code Execution Vulnerability. ...)
NOT-FOR-US: Microsoft
CVE-2022-38003 (Windows Resilient File System Elevation of Privilege. ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-38002
RESERVED
CVE-2022-38001 (Microsoft Office Spoofing Vulnerability. ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-38000 (Windows Point-to-Point Tunneling Protocol Remote Code
Execution Vulner ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-37999 (Windows Group Policy Preference Client Elevation of Privilege
Vulnerab ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-37998 (Windows Local Session Manager (LSM) Denial of Service
Vulnerability. T ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-37997 (Windows Graphics Component Elevation of Privilege
Vulnerability. This ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-37996 (Windows Kernel Memory Information Disclosure Vulnerability.
...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-37995 (Windows Kernel Elevation of Privilege Vulnerability. This CVE
ID is un ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-37994 (Windows Group Policy Preference Client Elevation of Privilege
Vulnerab ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-37993 (Windows Group Policy Preference Client Elevation of Privilege
Vulnerab ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-37992
RESERVED
CVE-2022-37991 (Windows Kernel Elevation of Privilege Vulnerability. This CVE
ID is un ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-37990 (Windows Kernel Elevation of Privilege Vulnerability. This CVE
ID is un ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-37989 (Windows Client Server Run-time Subsystem (CSRSS) Elevation of
Privileg ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-37988 (Windows Kernel Elevation of Privilege Vulnerability. This CVE
ID is un ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-37987 (Windows Client Server Run-time Subsystem (CSRSS) Elevation of
Privileg ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-37986 (Windows Win32k Elevation of Privilege Vulnerability. ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-37985 (Windows Graphics Component Information Disclosure
Vulnerability. ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-37984 (Windows WLAN Service Elevation of Privilege Vulnerability. ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-37983 (Microsoft DWM Core Library Elevation of Privilege
Vulnerability. ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-37982 (Microsoft WDAC OLE DB provider for SQL Server Remote Code
Execution Vu ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-37981 (Windows Event Logging Service Denial of Service Vulnerability.
...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-37980 (Windows DHCP Client Elevation of Privilege Vulnerability. ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-37979 (Windows Hyper-V Elevation of Privilege Vulnerability. ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-37978 (Windows Active Directory Certificate Services Security Feature
Bypass. ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-37977 (Local Security Authority Subsystem Service (LSASS) Denial of
Service V ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-37976 (Active Directory Certificate Services Elevation of Privilege
Vulnerabi ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-37975 (Windows Group Policy Elevation of Privilege Vulnerability. ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-37974 (Windows Mixed Reality Developer Tools Information Disclosure
Vulnerabi ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-37973 (Windows Local Session Manager (LSM) Denial of Service
Vulnerability. T ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-37972 (Microsoft Endpoint Configuration Manager Spoofing
Vulnerability. ...)
NOT-FOR-US: Microsoft
CVE-2022-37971 (Microsoft Windows Defender Elevation of Privilege
Vulnerability. ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-37970 (Windows DWM Core Library Elevation of Privilege Vulnerability.
...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-37969 (Windows Common Log File System Driver Elevation of Privilege
Vulnerabi ...)
NOT-FOR-US: Microsoft
CVE-2022-37968 (Azure Arc-enabled Kubernetes cluster Connect Elevation of
Privilege Vu ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-37967
RESERVED
CVE-2022-37966
RESERVED
CVE-2022-37965 (Windows Point-to-Point Tunneling Protocol Denial of Service
Vulnerabil ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-37964 (Windows Kernel Elevation of Privilege Vulnerability. This CVE
ID is un ...)
NOT-FOR-US: Microsoft
CVE-2022-37963 (Microsoft Office Visio Remote Code Execution Vulnerability.
This CVE I ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a7f3932d4eeef02081d3d92b6b8678bc6bd33595
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a7f3932d4eeef02081d3d92b6b8678bc6bd33595
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
