Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
9140ca1e by Salvatore Bonaccorso at 2022-10-26T22:43:17+02:00
Process NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -3832,7 +3832,7 @@ CVE-2022-3420
CVE-2022-3419
RESERVED
CVE-2022-42468 (Apache Flume versions 1.4.0 through 1.10.1 are vulnerable to a
remote ...)
- TODO: check
+ NOT-FOR-US: Apache Flume
CVE-2022-42467 (When running in prototype mode, the h2 webconsole module
(accessible f ...)
NOT-FOR-US: Apache Isis
CVE-2022-42466 (Prior to 2.0.0-M9, it was possible for an end-user to set the
value of ...)
@@ -9878,7 +9878,7 @@ CVE-2022-39946
CVE-2022-39945
RESERVED
CVE-2022-39944 (In Apache Linkis <=1.2.0 when used with the MySQL
Connector/J, a de ...)
- TODO: check
+ NOT-FOR-US: Apache Linkis
CVE-2022-39943
RESERVED
CVE-2022-39942
@@ -10123,9 +10123,9 @@ CVE-2022-39839 (Cotonti Siena 0.9.20 allows admins to
conduct stored XSS attacks
CVE-2022-39838 (Systematic FIX Adapter (ALFAFX) 2.4.0.25 13/09/2017 allows
remote file ...)
NOT-FOR-US: Systematic FIX Adapter (ALFAFX)
CVE-2022-39837 (An issue was discovered in Connected Vehicle Systems Alliance
(COVESA) ...)
- TODO: check
+ NOT-FOR-US: Connected Vehicle Systems Alliance (COVESA)
CVE-2022-39836 (An issue was discovered in Connected Vehicle Systems Alliance
(COVESA) ...)
- TODO: check
+ NOT-FOR-US: Connected Vehicle Systems Alliance (COVESA)
CVE-2022-39835 (An issue was discovered in Gajim through 1.4.7. The
vulnerability allo ...)
- gajim 1.5.0-1
[bullseye] - gajim <no-dsa> (Minor issue)
@@ -11151,17 +11151,17 @@ CVE-2022-39364
CVE-2022-39363
RESERVED
CVE-2022-39362 (Metabase is data visualization software. Prior to versions
0.44.5, 1.4 ...)
- TODO: check
+ NOT-FOR-US: Metabase
CVE-2022-39361 (Metabase is data visualization software. Prior to versions
0.44.5, 1.4 ...)
- TODO: check
+ NOT-FOR-US: Metabase
CVE-2022-39360 (Metabase is data visualization software. Prior to versions
0.44.5, 1.4 ...)
- TODO: check
+ NOT-FOR-US: Metabase
CVE-2022-39359 (Metabase is data visualization software. Prior to versions
0.44.5, 1.4 ...)
- TODO: check
+ NOT-FOR-US: Metabase
CVE-2022-39358 (Metabase is data visualization software. Prior to versions
0.44.5, 1.4 ...)
- TODO: check
+ NOT-FOR-US: Metabase
CVE-2022-39357 (Winter is a free, open-source content management system based
on the L ...)
- TODO: check
+ NOT-FOR-US: Winter
CVE-2022-39356
RESERVED
CVE-2022-39355
@@ -11185,7 +11185,7 @@ CVE-2022-39347
CVE-2022-39346
RESERVED
CVE-2022-39345 (Gin-vue-admin is a backstage management system based on vue
and gin, w ...)
- TODO: check
+ NOT-FOR-US: Gin-vue-admin
CVE-2022-39344
RESERVED
CVE-2022-39343
@@ -11245,7 +11245,7 @@ CVE-2022-39317
CVE-2022-39316
RESERVED
CVE-2022-39315 (Kirby is a Content Management System. Prior to versions
3.5.8.2, 3.6.6 ...)
- TODO: check
+ NOT-FOR-US: Kirby CMS
CVE-2022-39314 (Kirby is a flat-file CMS. In versions prior to 3.5.8.2,
3.6.6.2, 3.7.5 ...)
NOT-FOR-US: Kirby CMS
CVE-2022-39313 (Parse Server is an open source backend that can be deployed to
any inf ...)
@@ -13441,7 +13441,7 @@ CVE-2022-38582
CVE-2022-38581
RESERVED
CVE-2022-38580 (Zalando Skipper v0.13.236 is vulnerable to Server-Side Request
Forgery ...)
- TODO: check
+ NOT-FOR-US: Zalando Skipper
CVE-2022-38579
RESERVED
CVE-2022-38578
@@ -13842,9 +13842,9 @@ CVE-2022-38438 (Adobe Experience Manager versions
6.5.13.0 (and earlier) is affe
CVE-2022-38437 (Adobe Acrobat Reader versions 22.002.20212 (and earlier) and
20.005.30 ...)
NOT-FOR-US: Adobe
CVE-2022-38436 (Adobe Illustrator versions 26.4 (and earlier) and 25.4.7 (and
earlier) ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2022-38435 (Adobe Illustrator versions 26.4 (and earlier) and 25.4.7 (and
earlier) ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2022-38434 (Adobe Photoshop versions 22.5.8 (and earlier) and 23.4.2 (and
earlier) ...)
NOT-FOR-US: Adobe
CVE-2022-38433 (Adobe Photoshop versions 22.5.8 (and earlier) and 23.4.2 (and
earlier) ...)
@@ -14653,17 +14653,17 @@ CVE-2022-38202
CVE-2022-38201
RESERVED
CVE-2022-38200 (A cross site scripting vulnerability exists in some map
service config ...)
- TODO: check
+ NOT-FOR-US: ArcGIS Server
CVE-2022-38199 (A remote file download issue can occur in some capabilities of
Esri Ar ...)
- TODO: check
+ NOT-FOR-US: ArcGIS Server
CVE-2022-38198 (There is a reflected cross site scripting issue in the Esri
ArcGIS Ser ...)
- TODO: check
+ NOT-FOR-US: Esri ArcGIS Server
CVE-2022-38197 (Esri ArcGIS Server versions 10.9.1 and below have an
unvalidated redir ...)
- TODO: check
+ NOT-FOR-US: Esri ArcGIS Server
CVE-2022-38196 (Esri ArcGIS Server versions 10.9.1 and prior have a path
traversal vul ...)
- TODO: check
+ NOT-FOR-US: Esri ArcGIS Server
CVE-2022-38195 (There is as reflected cross site scripting issue in Esri
ArcGIS Server ...)
- TODO: check
+ NOT-FOR-US: Esri ArcGIS Server
CVE-2022-38194 (In Esri Portal for ArcGIS versions 10.8.1, a system property
is not pr ...)
NOT-FOR-US: Esri Portal for ArcGIS
CVE-2022-38193 (There is a code injection vulnerability in Esri Portal for
ArcGIS vers ...)
@@ -14851,7 +14851,7 @@ CVE-2022-38164
CVE-2022-38163
RESERVED
CVE-2022-38162 (Reflected cross-site scripting (XSS) vulnerabilities in
WithSecure thr ...)
- TODO: check
+ NOT-FOR-US: WithSecure
CVE-2022-38161 (The Gumstix Overo SBC on the VSKS board through 2022-08-09, as
used on ...)
NOT-FOR-US: Gumstix Overo SBC
CVE-2022-38160
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9140ca1e08e3ab29909603ecdc154cd2d559f94e
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9140ca1e08e3ab29909603ecdc154cd2d559f94e
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
