Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
84f78b73 by Salvatore Bonaccorso at 2022-10-20T23:33:50+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -2483,7 +2483,7 @@ CVE-2022-3423 (Denial of Service in GitHub repository
nocodb/nocodb prior to 0.9
CVE-2022-3422 (Account Takeover :: when see the info i can see the hash pass i
can cr ...)
NOT-FOR-US: ToolJet
CVE-2022-3421 (An attacker can pre-create the `/Applications/Google\
Drive.app/Conten ...)
- TODO: check
+ NOT-FOR-US: Drive for Desktop MacOS
CVE-2022-3420
RESERVED
CVE-2022-3419
@@ -4710,7 +4710,7 @@ CVE-2022-41544 (GetSimple CMS v3.3.16 was discovered to
contain a remote code ex
CVE-2022-41543
RESERVED
CVE-2022-41542 (devhub 0.102.0 was discovered to contain a broken session
control. ...)
- TODO: check
+ NOT-FOR-US: devhub
CVE-2022-41541 (TP-Link AX10v1 V1_211117 allows attackers to execute a replay
attack b ...)
NOT-FOR-US: TP-Link
CVE-2022-41540 (The web app client of TP-Link AX10v1 V1_211117 uses hard-coded
cryptog ...)
@@ -4932,7 +4932,7 @@ CVE-2022-41433
CVE-2022-41432
RESERVED
CVE-2022-41431 (xzs v3.8.0 was discovered to contain a cross-site scripting
(XSS) vuln ...)
- TODO: check
+ NOT-FOR-US: xzs
CVE-2022-41430 (Bento4 v1.6.0-639 was discovered to contain a heap overflow
via the AP ...)
NOT-FOR-US: Bento4
CVE-2022-41429 (Bento4 v1.6.0-639 was discovered to contain a heap overflow
via the AP ...)
@@ -8262,7 +8262,7 @@ CVE-2022-40057
CVE-2022-40056
RESERVED
CVE-2022-40055 (An issue in GX Group GPON ONT Titanium 2122A T2122-V1.26EXL
allows att ...)
- TODO: check
+ NOT-FOR-US: GX Group GPON ONT Titanium 2122A T2122-V1.26EXL
CVE-2022-40054
RESERVED
CVE-2022-40053
@@ -9661,7 +9661,7 @@ CVE-2022-39421 (Vulnerability in the Oracle VM VirtualBox
product of Oracle Virt
CVE-2022-39420 (Vulnerability in the Oracle Transportation Management product
of Oracl ...)
NOT-FOR-US: Oracle
CVE-2022-39419 (Vulnerability in the Java VM component of Oracle Database
Server. Supp ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2022-39418
RESERVED
CVE-2022-39417 (Vulnerability in the Oracle Solaris product of Oracle Systems
(compone ...)
@@ -27104,7 +27104,7 @@ CVE-2022-2053 (When a POST request comes through AJP
and the request exceeds the
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2095862
NOTE:
https://github.com/undertow-io/undertow/commit/10ad8964162162ce6d441e951cb9efcdaa585916
CVE-2022-2052 (Multiple Trumpf Products in multiple versions use default
privileged W ...)
- TODO: check
+ NOT-FOR-US: TRUMPF
CVE-2022-2051
RESERVED
CVE-2022-2050 (The WP-Paginate WordPress plugin before 2.1.9 does not escape
one of i ...)
@@ -48128,7 +48128,7 @@ CVE-2022-25752 (A vulnerability has been identified in
SCALANCE X302-7 EEC (230V
CVE-2022-25751 (A vulnerability has been identified in SCALANCE X302-7 EEC
(230V), SCA ...)
NOT-FOR-US: Siemens SCALANCE
CVE-2022-25750 (Memory corruption in BTHOST due to double free while music
playback an ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2022-25749
RESERVED
CVE-2022-25748
@@ -55008,11 +55008,11 @@ CVE-2022-23772 (Rat.SetString in math/big in Go
before 1.16.14 and 1.17.x before
NOTE: https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ
NOTE:
https://github.com/golang/go/commit/539d430efb5043cc6a2d4d4fcd2866b11717039a
(go1.17.7)
CVE-2022-23771 (This vulnerability occurs in user accounts creation and
deleteion rela ...)
- TODO: check
+ NOT-FOR-US: IPTIME NAS products
CVE-2022-23770 (This vulnerability could allow a remote attacker to execute
remote com ...)
- TODO: check
+ NOT-FOR-US: Smart Wing CMS
CVE-2022-23769 (Remote code execution vulnerability due to insufficient user
privilege ...)
- TODO: check
+ NOT-FOR-US: reverseWall-MDS
CVE-2022-23768 (This Vulnerability in NIS-HAP11AC is caused by an exposed
external por ...)
NOT-FOR-US: NIS-HAP11AC
CVE-2022-23767 (This vulnerability of SecureGate is SQL-Injection using login
without ...)
@@ -62192,7 +62192,7 @@ CVE-2022-22221 (An Improper Neutralization of Special
Elements vulnerability in
CVE-2022-22220 (A Time-of-check Time-of-use (TOCTOU) Race Condition
vulnerability in R ...)
NOT-FOR-US: Juniper
CVE-2022-22219 (Due to the Improper Handling of an Unexpected Data Type in the
process ...)
- TODO: check
+ NOT-FOR-US: Juniper
CVE-2022-22218 (On SRX Series devices, an Improper Check for Unusual or
Exceptional Co ...)
NOT-FOR-US: Juniper
CVE-2022-22217 (An Improper Check for Unusual or Exceptional Conditions
vulnerability ...)
@@ -62369,7 +62369,7 @@ CVE-2022-22130
CVE-2022-22129
RESERVED
CVE-2022-22128 (Tableau discovered a path traversal vulnerability affecting
Tableau Se ...)
- TODO: check
+ NOT-FOR-US: Tableau Server Administration Agent
CVE-2022-22127 (Tableau is aware of a broken access control vulnerability
present in T ...)
NOT-FOR-US: Tableau Server
CVE-2022-22126 (Openmct versions 1.3.0 to 1.7.7 are vulnerable against stored
XSS via ...)
@@ -68487,27 +68487,27 @@ CVE-2022-21641 (Vulnerability in the MySQL Server
product of Oracle MySQL (compo
CVE-2022-21640 (Vulnerability in the MySQL Server product of Oracle MySQL
(component: ...)
- mysql-8.0 <unfixed>
CVE-2022-21639 (Vulnerability in the PeopleSoft Enterprise PeopleTools product
of Orac ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2022-21638 (Vulnerability in the MySQL Server product of Oracle MySQL
(component: ...)
- mysql-8.0 8.0.30-1
CVE-2022-21637 (Vulnerability in the MySQL Server product of Oracle MySQL
(component: ...)
- mysql-8.0 <unfixed>
CVE-2022-21636 (Vulnerability in the Oracle Applications Framework product of
Oracle E ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2022-21635 (Vulnerability in the MySQL Server product of Oracle MySQL
(component: ...)
- mysql-8.0 8.0.30-1
CVE-2022-21634 (Vulnerability in the Oracle GraalVM Enterprise Edition product
of Orac ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2022-21633 (Vulnerability in the MySQL Server product of Oracle MySQL
(component: ...)
- mysql-8.0 <unfixed>
CVE-2022-21632 (Vulnerability in the MySQL Server product of Oracle MySQL
(component: ...)
- mysql-8.0 <unfixed>
CVE-2022-21631 (Vulnerability in the JD Edwards EnterpriseOne Tools product of
Oracle ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2022-21630 (Vulnerability in the JD Edwards EnterpriseOne Tools product of
Oracle ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2022-21629 (Vulnerability in the JD Edwards EnterpriseOne Tools product of
Oracle ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2022-21628 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise
Edition ...)
- openjdk-8 <unfixed>
- openjdk-11 11.0.17+8-1
@@ -68528,9 +68528,9 @@ CVE-2022-21624 (Vulnerability in the Oracle Java SE,
Oracle GraalVM Enterprise E
[bullseye] - openjdk-11 <postponed> (Minor issue, fix along with next
CPU)
- openjdk-17 <unfixed>
CVE-2022-21623 (Vulnerability in the Enterprise Manager Base Platform product
of Oracl ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2022-21622 (Vulnerability in the Oracle SOA Suite product of Oracle Fusion
Middlew ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2022-21621 (Vulnerability in the Oracle VM VirtualBox product of Oracle
Virtualiza ...)
- virtualbox 6.1.40-dfsg-1
NOTE:
https://www.oracle.com/security-alerts/cpuoct2022.html#AppendixOVIR
@@ -68547,65 +68547,65 @@ CVE-2022-21618 (Vulnerability in the Oracle Java SE,
Oracle GraalVM Enterprise E
CVE-2022-21617 (Vulnerability in the MySQL Server product of Oracle MySQL
(component: ...)
- mysql-8.0 <unfixed>
CVE-2022-21616 (Vulnerability in the Oracle WebLogic Server product of Oracle
Fusion M ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2022-21615 (Vulnerability in the Oracle Enterprise Data Quality product of
Oracle ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2022-21614 (Vulnerability in the Oracle Enterprise Data Quality product of
Oracle ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2022-21613 (Vulnerability in the Oracle Enterprise Data Quality product of
Oracle ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2022-21612 (Vulnerability in the Oracle Enterprise Data Quality product of
Oracle ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2022-21611 (Vulnerability in the MySQL Server product of Oracle MySQL
(component: ...)
- mysql-8.0 <unfixed>
CVE-2022-21610 (Vulnerability in the Oracle Solaris product of Oracle Systems
(compone ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2022-21609 (Vulnerability in the Oracle Business Intelligence Enterprise
Edition p ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2022-21608 (Vulnerability in the MySQL Server product of Oracle MySQL
(component: ...)
- mysql-8.0 <unfixed>
CVE-2022-21607 (Vulnerability in the MySQL Server product of Oracle MySQL
(component: ...)
- mysql-8.0 8.0.29-1
CVE-2022-21606 (Vulnerability in the Oracle Services for Microsoft Transaction
Server ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2022-21605 (Vulnerability in the MySQL Server product of Oracle MySQL
(component: ...)
- mysql-8.0 8.0.29-1
CVE-2022-21604 (Vulnerability in the MySQL Server product of Oracle MySQL
(component: ...)
- mysql-8.0 <unfixed>
CVE-2022-21603 (Vulnerability in the Oracle Database - Sharding component of
Oracle Da ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2022-21602 (Vulnerability in the PeopleSoft Enterprise PeopleTools product
of Orac ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2022-21601 (Vulnerability in the Oracle Communications Billing and Revenue
Managem ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2022-21600 (Vulnerability in the MySQL Server product of Oracle MySQL
(component: ...)
- mysql-8.0 8.0.28-1
CVE-2022-21599 (Vulnerability in the MySQL Server product of Oracle MySQL
(component: ...)
- mysql-8.0 <unfixed>
CVE-2022-21598 (Vulnerability in the Siebel Core - DB Deployment and
Configuration pro ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2022-21597 (Vulnerability in the Oracle GraalVM Enterprise Edition product
of Orac ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2022-21596 (Vulnerability in the Oracle Database - Advanced Queuing
component of O ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2022-21595 (Vulnerability in the MySQL Server product of Oracle MySQL
(component: ...)
- mysql-8.0 8.0.28-1
CVE-2022-21594 (Vulnerability in the MySQL Server product of Oracle MySQL
(component: ...)
- mysql-8.0 <unfixed>
CVE-2022-21593 (Vulnerability in the Oracle HTTP Server product of Oracle
Fusion Middl ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2022-21592 (Vulnerability in the MySQL Server product of Oracle MySQL
(component: ...)
- mysql-8.0 8.0.30-1
CVE-2022-21591 (Vulnerability in the Oracle Transportation Management product
of Oracl ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2022-21590 (Vulnerability in the Oracle BI Publisher product of Oracle
Fusion Midd ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2022-21589 (Vulnerability in the MySQL Server product of Oracle MySQL
(component: ...)
- mysql-8.0 <not-affected> (Fixed before initial uplod to Debian)
CVE-2022-21588
RESERVED
CVE-2022-21587 (Vulnerability in the Oracle Web Applications Desktop
Integrator produc ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2022-21586 (Vulnerability in the Oracle Banking Trade Finance product of
Oracle Fi ...)
NOT-FOR-US: Oracle
CVE-2022-21585 (Vulnerability in the Oracle Banking Trade Finance product of
Oracle Fi ...)
@@ -74087,7 +74087,7 @@ CVE-2022-20466
CVE-2022-20465
RESERVED
CVE-2022-20464 (In various functions of ap_input_processor.c, there is a
possible way ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2022-20463
RESERVED
CVE-2022-20462
@@ -74242,7 +74242,7 @@ CVE-2022-20399 (In the SEPolicy configuration of system
apps, there is a possibl
CVE-2022-20398 (In addOrUpdateNetwork of WifiServiceImpl.java, there is a
possible way ...)
NOT-FOR-US: Android
CVE-2022-20397 (In SitRilClient_OnResponse of SitRilSe.cpp, there is a
possible out of ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2022-20396 (In SettingsActivity.java, there is a possible way to make a
device dis ...)
NOT-FOR-US: Android
CVE-2022-20395 (In checkAccess of MediaProvider.java, there is a possible file
deletio ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/84f78b7379d9bdbb26840f8c07e48c7d9ac25faf
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/84f78b7379d9bdbb26840f8c07e48c7d9ac25faf
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
