Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
1c3e2197 by Moritz Muehlenhoff at 2022-10-13T13:38:49+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -11,15 +11,15 @@ CVE-2022-42902 (In Linaro Automated Validation Architecture
(LAVA) before 2022.1
NOTE: https://git.lavasoftware.org/lava/lava/-/merge_requests/1834
NOTE:
https://git.lavasoftware.org/lava/lava/-/commit/e66b74cd6c175ff8826b8f3431740963be228b52?merge_request_iid=1834
CVE-2022-42901 (Bentley MicroStation and MicroStation-based applications may
be affect ...)
- TODO: check
+ NOT-FOR-US: Bentley
CVE-2022-42900 (Bentley MicroStation and MicroStation-based applications may
be affect ...)
- TODO: check
+ NOT-FOR-US: Bentley
CVE-2022-42899 (Bentley MicroStation and MicroStation-based applications may
be affect ...)
- TODO: check
+ NOT-FOR-US: Bentley
CVE-2022-42898
RESERVED
CVE-2022-42897 (Array Networks AG/vxAG with ArrayOS AG before 9.4.0.469 allows
unauthe ...)
- TODO: check
+ NOT-FOR-US: Array Networks
CVE-2022-3478
RESERVED
CVE-2022-42906 (powerline-gitstatus (aka Powerline Gitstatus) before 1.3.2
allows arbi ...)
@@ -49,13 +49,13 @@ CVE-2022-3475
CVE-2022-3474
RESERVED
CVE-2022-3473 (A vulnerability classified as critical has been found in
SourceCodeste ...)
- TODO: check
+ NOT-FOR-US: SourceCodester
CVE-2022-3472 (A vulnerability was found in SourceCodester Human Resource
Management ...)
- TODO: check
+ NOT-FOR-US: SourceCodester
CVE-2022-3471 (A vulnerability was found in SourceCodester Human Resource
Management ...)
- TODO: check
+ NOT-FOR-US: SourceCodester
CVE-2022-3470 (A vulnerability was found in SourceCodester Human Resource
Management ...)
- TODO: check
+ NOT-FOR-US: SourceCodester
CVE-2022-3469
RESERVED
CVE-2022-3468
@@ -3631,13 +3631,13 @@ CVE-2022-41353
CVE-2022-41352 (An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15
and 9.0. ...)
NOT-FOR-US: Zimbra
CVE-2022-41351 (In Zimbra Collaboration Suite (ZCS) 8.8.15, at the URL
/h/calendar, on ...)
- TODO: check
+ NOT-FOR-US: Zimbra
CVE-2022-41350 (In Zimbra Collaboration Suite (ZCS) 8.8.15,
/h/search?action=voicemail ...)
- TODO: check
+ NOT-FOR-US: Zimbra
CVE-2022-41349 (In Zimbra Collaboration Suite (ZCS) 8.8.15, the URL at
/h/compose acce ...)
- TODO: check
+ NOT-FOR-US: Zimbra
CVE-2022-41348 (An issue was discovered in Zimbra Collaboration (ZCS) 9.0. XSS
can occ ...)
- TODO: check
+ NOT-FOR-US: Zimbra
CVE-2022-41347 (An issue was discovered in Zimbra Collaboration (ZCS) 8.8.x
and 9.x (e ...)
NOT-FOR-US: Zimbra
CVE-2022-41346
@@ -3758,7 +3758,7 @@ CVE-2022-41320 (Veritas System Recovery (VSR) versions 18
and 21 store a network
CVE-2022-41319 (A Reflected Cross-Site Scripting (XSS) vulnerability affects
the Verit ...)
NOT-FOR-US: Veritas
CVE-2022-41316 (HashiCorp Vault and Vault Enterprise’s TLS certificate
auth meth ...)
- TODO: check
+ NOT-FOR-US: HashiCorp Vault and Vault Enterprise
CVE-2022-3281
RESERVED
CVE-2022-3280
@@ -6455,7 +6455,7 @@ CVE-2022-40188 (Knot Resolver before 5.5.3 allows remote
attackers to cause a de
NOTE:
https://github.com/CZ-NIC/knot-resolver/commit/f6577a20e493c7fbdac124d7544bf1846b084185
(v5.5.3)
NOTE: https://www.knot-resolver.cz/2022-09-21-knot-resolver-5.5.3.html
CVE-2022-40187 (Foresight GC3 Launch Monitor 1.3.15.68 ships with a Target
Communicati ...)
- TODO: check
+ NOT-FOR-US: Foresight GC3 Launch Monitor
CVE-2022-40186 (An issue was discovered in HashiCorp Vault and Vault
Enterprise before ...)
NOT-FOR-US: HashiCorp Vault and Vault Enterprise
CVE-2022-40185
@@ -8430,11 +8430,11 @@ CVE-2022-39301
CVE-2022-39300
RESERVED
CVE-2022-39299 (Passport-SAML is a SAML 2.0 authentication provider for
Passport, the ...)
- TODO: check
+ NOT-FOR-US: Passport-SAML
CVE-2022-39298 (MelisFront is the engine that displays website hosted on Melis
Platfor ...)
- TODO: check
+ NOT-FOR-US: MelisFront
CVE-2022-39297 (MelisCms provides a full CMS for Melis Platform, including
templating ...)
- TODO: check
+ NOT-FOR-US: MelisCms
CVE-2022-39296 (MelisAssetManager provides deliveries of Melis Platform's
assets locat ...)
NOT-FOR-US: MelisAssetManager
CVE-2022-39295
@@ -11411,7 +11411,7 @@ CVE-2022-38363
CVE-2022-2829 (Cross-site Scripting (XSS) - Stored in GitHub repository
yetiforcecomp ...)
NOT-FOR-US: yetiforcecrm
CVE-2022-2828 (In affected versions of Octopus Server it is possible to reveal
inform ...)
- TODO: check
+ NOT-FOR-US: Octopus Server
CVE-2022-2827
RESERVED
CVE-2022-2826
@@ -21924,9 +21924,9 @@ CVE-2022-34393
CVE-2022-34392
RESERVED
CVE-2022-34391 (Dell Client BIOS Versions prior to the remediated version
contain an i ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2022-34390 (Dell BIOS contains a use of uninitialized variable
vulnerability. A lo ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2022-34389
RESERVED
CVE-2022-34388
@@ -22884,7 +22884,7 @@ CVE-2022-34022
CVE-2022-34021
RESERVED
CVE-2022-34020 (Cross Site Request Forgery (CSRF) vulnerability in ResIOT
ResIOT IOT P ...)
- TODO: check
+ NOT-FOR-US: DellResIOT
CVE-2022-34019
RESERVED
CVE-2022-34018
@@ -23286,7 +23286,7 @@ CVE-2014-125002 (A vulnerability was found in FFmpeg
2.0. It has been classified
- ffmpeg <not-affected> (Fixed before re-introduction to Debian as
src:ffmpeg)
NOTE: Fixed by:
http://git.videolan.org/?p=ffmpeg.git;a=commit;h=f1caaa1c61310beba705957e6366f0392a0b005b
(n2.2-rc1)
CVE-2022-33937 (Dell GeoDrive, Versions 1.0 - 2.2, contain a Path Traversal
Vulnerabil ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2022-33936 (Cloud Mobility for Dell EMC Storage, 1.3.0.XXX contains a RCE
vulnerab ...)
NOT-FOR-US: EMC
CVE-2022-33935 (Dell EMC Data Protection Advisor versions 19.6 and earlier,
contains a ...)
@@ -23316,15 +23316,15 @@ CVE-2022-33924 (Dell Wyse Management Suite 3.6.1 and
below contains an Improper
CVE-2022-33923 (Dell PowerStore, versions prior to 3.0.0.0, contains an OS
Command Inj ...)
NOT-FOR-US: Dell
CVE-2022-33922 (Dell GeoDrive, versions prior to 2.2, contains Insecure File
and Folde ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2022-33921 (Dell GeoDrive, versions prior to 2.2, contains Multiple DLL
Hijacking ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2022-33920 (Dell GeoDrive, versions prior to 2.2, contains an Unquoted
File Path v ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2022-33919 (Dell GeoDrive, versions 2.1 - 2.2, contains an information
disclosure ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2022-33918 (Dell GeoDrive, Versions 2.1 - 2.2, contains an information
disclosure ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2022-33917 (An issue was discovered in the Arm Mali GPU Kernel Driver
(Valhall r29 ...)
NOT-FOR-US: ARM Mali
CVE-2022-2117 (The GiveWP plugin for WordPress is vulnerable to Sensitive
Information ...)
@@ -26689,27 +26689,27 @@ CVE-2022-32495
CVE-2022-32494
RESERVED
CVE-2022-32493 (Dell BIOS contains an Stack-Based Buffer Overflow
vulnerability. A loc ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2022-32492 (Dell BIOS contains an improper input validation vulnerability.
A local ...)
NOT-FOR-US: Dell
CVE-2022-32491 (Dell Client BIOS contains a Buffer Overflow vulnerability. A
local aut ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2022-32490
RESERVED
CVE-2022-32489 (Dell BIOS contains an improper input validation vulnerability.
A local ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2022-32488 (Dell BIOS contains an improper input validation vulnerability.
A local ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2022-32487 (Dell BIOS contains an improper input validation vulnerability.
A local ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2022-32486 (Dell BIOS contains an improper input validation vulnerability.
A local ...)
NOT-FOR-US: Dell
CVE-2022-32485 (Dell BIOS contains an improper input validation vulnerability.
A local ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2022-32484 (Dell BIOS contains an improper input validation vulnerability.
A local ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2022-32483 (Dell BIOS contains an improper input validation vulnerability.
A local ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2022-32482
RESERVED
CVE-2022-32481 (Dell PowerProtect Cyber Recovery, versions prior to 19.11,
contain a p ...)
@@ -27696,13 +27696,13 @@ CVE-2022-32172 (In Zinc, versions v0.1.9 through
v0.3.1 are vulnerable to Stored
CVE-2022-32171 (In Zinc, versions v0.1.9 through v0.3.1 are vulnerable to
Stored Cross ...)
NOT-FOR-US: ZincSearch
CVE-2022-32170 (The “Bytebase” application does not restrict low
privilege ...)
- TODO: check
+ NOT-FOR-US: Bytebase
CVE-2022-32169 (The “Bytebase” application does not restrict low
privilege ...)
- TODO: check
+ NOT-FOR-US: Bytebase
CVE-2022-32168 (Notepad++ versions 8.4.1 and before are vulnerable to DLL
hijacking wh ...)
- TODO: check
+ NOT-FOR-US: Notepad++
CVE-2022-32167 (Cloudreve versions v1.0.0 through v3.5.3 are vulnerable to
Stored Cros ...)
- TODO: check
+ NOT-FOR-US: Cloudreve
CVE-2022-32166 (In ovs versions v0.90.0 through v2.5.0 are vulnerable to heap
buffer o ...)
- openvswitch 2.13.0+dfsg1-1
NOTE:
https://github.com/openvswitch/ovs/commit/2ed6505555cdcb46f9b1f0329d1491b75290fc73
(v2.12.0)
@@ -29100,7 +29100,7 @@ CVE-2022-31681 (VMware ESXi contains a null-pointer
deference vulnerability. A m
CVE-2022-31680 (The vCenter Server contains an unsafe deserialisation
vulnerability in ...)
NOT-FOR-US: VMware
CVE-2022-31679 (Applications that allow HTTP PATCH access to resources exposed
by Spri ...)
- TODO: check
+ NOT-FOR-US: VMware
CVE-2022-31678
RESERVED
CVE-2022-31677 (An Insufficient Session Expiration issue was discovered in the
Pinnipe ...)
@@ -30450,7 +30450,7 @@ CVE-2022-31230 (Dell PowerScale OneFS, versions
8.2.x-9.2.x, contain broken or r
CVE-2022-31229 (Dell PowerScale OneFS, 8.2.x through 9.3.0.x, contain an error
message ...)
NOT-FOR-US: Dell
CVE-2022-31228 (Dell EMC XtremIO versions prior to X2 6.4.0-22 contain a
bruteforce vu ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2022-31227
RESERVED
CVE-2022-31226 (Dell BIOS versions contain a Stack-based Buffer Overflow
vulnerability ...)
@@ -37676,7 +37676,7 @@ CVE-2022-28804
CVE-2022-28803 (In SilverStripe Framework through 2022-04-07, Stored XSS can
occur in ...)
NOT-FOR-US: Silverstripe CMS
CVE-2022-28802 (Code by Zapier before 2022-08-17 allowed intra-account
privilege escal ...)
- TODO: check
+ NOT-FOR-US: Zapier
CVE-2022-28801
RESERVED
CVE-2022-28800
@@ -46196,7 +46196,7 @@ CVE-2022-24376 (All versions of package git-promise are
vulnerable to Command In
CVE-2022-24375 (The package node-opcua before 2.74.0 are vulnerable to Denial
of Servi ...)
NOT-FOR-US: node-opcua/node-opcua
CVE-2022-24373 (The package react-native-reanimated before 3.0.0-rc.1 are
vulnerable t ...)
- TODO: check
+ NOT-FOR-US: react-native-reanimated
CVE-2022-24298 (All versions of package freeopcua/freeopcua are vulnerable to
Denial o ...)
NOT-FOR-US: FreeOpcUa/freeopcua
CVE-2022-24279 (The package madlib-object-utils before 0.1.8 are vulnerable to
Prototy ...)
@@ -53554,7 +53554,7 @@ CVE-2022-23718 (PingID Windows Login prior to 2.8 uses
known vulnerable componen
CVE-2022-23717 (PingID Windows Login prior to 2.8 is vulnerable to a denial of
service ...)
NOT-FOR-US: PingID Integration for Windows Login
CVE-2022-23716 (A flaw was discovered in ECE before 3.1.1 that could lead to
the discl ...)
- TODO: check
+ NOT-FOR-US: Elastic Cloud Enterprise
CVE-2022-23715 (A flaw was discovered in ECE before 3.4.0 that might lead to
the discl ...)
NOT-FOR-US: Elastic Cloud Enterprise
CVE-2022-23714 (A local privilege escalation (LPE) issue was discovered in the
ransomw ...)
@@ -54116,13 +54116,13 @@ CVE-2022-23466
CVE-2022-23465
RESERVED
CVE-2022-23464 (Nepxion Discovery is a solution for Spring Cloud. Discovery is
vulnera ...)
- TODO: check
+ NOT-FOR-US: Nepxion
CVE-2022-23463 (Nepxion Discovery is a solution for Spring Cloud. Discover is
vulnerab ...)
- TODO: check
+ NOT-FOR-US: Nepxion
CVE-2022-23462
RESERVED
CVE-2022-23461 (Jodit Editor is a WYSIWYG editor written in pure TypeScript
without th ...)
- TODO: check
+ NOT-FOR-US: Jodit Editor
CVE-2022-23460 (Jsonxx or Json++ is a JSON parser, writer and reader written
in C++. I ...)
TODO: check - numerous jsonxx repositories exist on github
NOTE: https://github.com/advisories/GHSA-h8mv-q3c4-8hw2
@@ -54130,7 +54130,7 @@ CVE-2022-23459 (Jsonxx or Json++ is a JSON parser,
writer and reader written in
TODO: check - numerous jsonxx repositories exist on github
NOTE: https://github.com/advisories/GHSA-8662-6hf9-cr47
CVE-2022-23458 (Toast UI Grid is a component to display and edit data.
Versions prior ...)
- TODO: check
+ NOT-FOR-US: Toast UI Grid
CVE-2022-23457 (ESAPI (The OWASP Enterprise Security API) is a free, open
source, web ...)
- libowasp-esapi-java 2.4.0.0-1 (bug #1010339)
[bullseye] - libowasp-esapi-java <no-dsa> (Minor issue)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1c3e219774f53ecddcd3769888810929ba781dc8
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1c3e219774f53ecddcd3769888810929ba781dc8
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
