Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
016160b3 by Salvatore Bonaccorso at 2022-11-04T21:47:23+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -47,7 +47,7 @@ CVE-2022-44726
CVE-2022-44725
RESERVED
CVE-2022-44724 (The Handy Tip macro in Stiltsoft Handy Macros for Confluence
Server/Da ...)
- TODO: check
+ NOT-FOR-US: Stiltsoft
CVE-2022-44723
RESERVED
CVE-2022-44722
@@ -10814,7 +10814,7 @@ CVE-2022-3342
CVE-2022-3341
RESERVED
CVE-2022-3340 (XML External Entity (XXE) vulnerability in Trellix IPS Manager
prior t ...)
- TODO: check
+ NOT-FOR-US: Trellix IPS Manager
CVE-2022-3339 (A reflected cross-site scripting (XSS) vulnerability in ePO
prior to 5 ...)
NOT-FOR-US: Trellix ePolicy Orchestrator
CVE-2022-3338 (An External XML entity (XXE) vulnerability in ePO prior to 5.10
Update ...)
@@ -14073,7 +14073,7 @@ CVE-2022-40265
CVE-2022-40264
RESERVED
CVE-2022-40263 (BD Totalys MultiProcessor, versions 1.70 and earlier, contain
hardcode ...)
- TODO: check
+ NOT-FOR-US: BD Totalys MultiProcessor
CVE-2022-40262 (A potential attacker can execute an arbitrary code at the time
of the ...)
NOT-FOR-US: AMI
CVE-2022-40261 (An attacker can exploit this vulnerability to elevate
privileges from ...)
@@ -16077,7 +16077,7 @@ CVE-2022-39389
CVE-2022-39388
RESERVED
CVE-2022-39387 (XWiki OIDC has various tools to manipulate OpenID Connect
protocol in ...)
- TODO: check
+ NOT-FOR-US: XWiki
CVE-2022-39386
RESERVED
CVE-2022-39385
@@ -18448,7 +18448,7 @@ CVE-2022-38584
CVE-2022-38583
RESERVED
CVE-2022-38582 (Incorrect access control in the anti-virus driver wsdkd.sys of
Watchdo ...)
- TODO: check
+ NOT-FOR-US: Watchdog Antivirus
CVE-2022-38581
RESERVED
CVE-2022-38580 (Zalando Skipper v0.13.236 is vulnerable to Server-Side Request
Forgery ...)
@@ -19180,9 +19180,9 @@ CVE-2022-2852 (Use after free in FedCM in Google Chrome
prior to 104.0.5112.101
- chromium 104.0.5112.101-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2022-38381 (An improper handling of malformed request vulnerability
[CWE-228] exis ...)
- TODO: check
+ NOT-FOR-US: FortiGuard
CVE-2022-38380 (An improper access control [CWE-284] vulnerability in FortiOS
version ...)
- TODO: check
+ NOT-FOR-US: FortiGuard
CVE-2022-38379
RESERVED
CVE-2022-38378
@@ -19194,11 +19194,11 @@ CVE-2022-38376
CVE-2022-38375
RESERVED
CVE-2022-38374 (A improper neutralization of input during web page generation
('cross- ...)
- TODO: check
+ NOT-FOR-US: FortiGuard
CVE-2022-38373 (An improper neutralization of input during web page generation
vulnera ...)
- TODO: check
+ NOT-FOR-US: FortiGuard
CVE-2022-38372 (A hidden functionality vulnerability [CWE-1242] in FortiTester
CLI 2.3 ...)
- TODO: check
+ NOT-FOR-US: FortiGuard
CVE-2022-38371 (A vulnerability has been identified in Nucleus NET (All
versions), Nuc ...)
NOT-FOR-US: Siemens
CVE-2022-38370 (Apache IoTDB grafana-connector version 0.13.0 contains an
interface wi ...)
@@ -19853,7 +19853,7 @@ CVE-2022-2760 (In affected versions of Octopus Deploy
it is possible to reveal t
CVE-2022-38169
RESERVED
CVE-2022-38168 (Broken Access Control in User Authentication in Avaya Scopia
Pathfinde ...)
- TODO: check
+ NOT-FOR-US: Avaya Scopia Pathfinder
CVE-2022-38167
RESERVED
CVE-2022-38166
@@ -20084,7 +20084,7 @@ CVE-2022-36793 (Unauthenticated Plugin Settings Change
& Data Deletion vulne
CVE-2022-36791 (Authenticated (contributor+) Stored Cross-Site Scripting (XSS)
vulnera ...)
NOT-FOR-US: WordPress plugin
CVE-2022-36428 (Auth. (admin+) Cross-Site Scripting (XSS) vulnerability in
Stage Rock ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-36427 (Missing Access Control vulnerability in About Rentals. Inc.
About Rent ...)
NOT-FOR-US: WordPress plugin
CVE-2022-36425 (Broken Access Control vulnerability in Beaver Builder plugin
<= 2.5 ...)
@@ -20138,7 +20138,7 @@ CVE-2022-2743
CVE-2022-2742
RESERVED
CVE-2022-2741 (The denial-of-service can be triggered by transmitting a
carefully cra ...)
- TODO: check
+ NOT-FOR-US: zephyr-rtos
CVE-2022-2740 (A vulnerability was found in SourceCodester Company Website
CMS. It ha ...)
NOT-FOR-US: SourceCodester Company Website CMS
CVE-2022-2739 (The version of podman as released for Red Hat Enterprise Linux
7 Extra ...)
@@ -20421,13 +20421,13 @@ CVE-2022-37932
CVE-2022-37931
RESERVED
CVE-2022-37930 (A security vulnerability has been identified in HPE Nimble
Storage Hyb ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2022-37929 (Improper Privilege Management vulnerability in Hewlett Packard
Enterpr ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2022-37928 (Insufficient Verification of Data Authenticity vulnerability
in Hewlet ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2022-37927 (URL Redirection to Untrusted Site ('Open Redirect')
vulnerability in H ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2022-37926
RESERVED
CVE-2022-37925
@@ -20457,37 +20457,37 @@ CVE-2022-37914 (Vulnerabilities in the web-based
management interface of Aruba E
CVE-2022-37913 (Vulnerabilities in the web-based management interface of Aruba
EdgeCon ...)
NOT-FOR-US: Aruba
CVE-2022-37912 (Authenticated command injection vulnerabilities exist in the
ArubaOS c ...)
- TODO: check
+ NOT-FOR-US: Aruba
CVE-2022-37911 (Due to improper restrictions on XML entities multiple
vulnerabilities ...)
- TODO: check
+ NOT-FOR-US: Aruba
CVE-2022-37910 (A buffer overflow vulnerability exists in the ArubaOS command
line int ...)
- TODO: check
+ NOT-FOR-US: Aruba
CVE-2022-37909 (Aruba has identified certain configurations of ArubaOS that
can lead t ...)
- TODO: check
+ NOT-FOR-US: Aruba
CVE-2022-37908 (An authenticated attacker can impact the integrity of the
ArubaOS boot ...)
- TODO: check
+ NOT-FOR-US: Aruba
CVE-2022-37907 (A vulnerability exists in the ArubaOS bootloader on 7xxx
series contro ...)
- TODO: check
+ NOT-FOR-US: Aruba
CVE-2022-37906 (An authenticated path traversal vulnerability exists in the
ArubaOS co ...)
- TODO: check
+ NOT-FOR-US: Aruba
CVE-2022-37905 (Vulnerabilities in ArubaOS running on 7xxx series controllers
exist th ...)
- TODO: check
+ NOT-FOR-US: Aruba
CVE-2022-37904 (Vulnerabilities in ArubaOS running on 7xxx series controllers
exist th ...)
- TODO: check
+ NOT-FOR-US: Aruba
CVE-2022-37903 (A vulnerability exists that allows an authenticated attacker
to overwr ...)
- TODO: check
+ NOT-FOR-US: Aruba
CVE-2022-37902 (Authenticated command injection vulnerabilities exist in the
ArubaOS c ...)
- TODO: check
+ NOT-FOR-US: Aruba
CVE-2022-37901 (Authenticated command injection vulnerabilities exist in the
ArubaOS c ...)
- TODO: check
+ NOT-FOR-US: Aruba
CVE-2022-37900 (Authenticated command injection vulnerabilities exist in the
ArubaOS c ...)
- TODO: check
+ NOT-FOR-US: Aruba
CVE-2022-37899 (Authenticated command injection vulnerabilities exist in the
ArubaOS c ...)
- TODO: check
+ NOT-FOR-US: Aruba
CVE-2022-37898 (Authenticated command injection vulnerabilities exist in the
ArubaOS c ...)
- TODO: check
+ NOT-FOR-US: Aruba
CVE-2022-37897 (There is a command injection vulnerability that could lead to
unauthen ...)
- TODO: check
+ NOT-FOR-US: Aruba
CVE-2022-37896 (A vulnerability in the Aruba InstantOS and ArubaOS 10 web
management i ...)
NOT-FOR-US: Aruba
CVE-2022-37895 (An unauthenticated Denial of Service (DoS) vulnerability
exists in the ...)
@@ -21925,7 +21925,7 @@ CVE-2022-2629 (The Top Bar WordPress plugin before
3.0.4 does not sanitise and e
CVE-2022-2628 (The DSGVO All in one for WP WordPress plugin before 4.2 does
not sanit ...)
NOT-FOR-US: WordPress plugin
CVE-2022-2627 (The Newspaper WordPress theme before 12 does not sanitise a
parameter ...)
- TODO: check
+ NOT-FOR-US: WordPress theme
CVE-2022-2626 (Incorrect Privilege Assignment in GitHub repository
hestiacp/hestiacp ...)
NOT-FOR-US: Hestia Control Panel
CVE-2022-37348 (Trend Micro Security 2021 and 2022 (Consumer) is vulnerable to
an Out- ...)
@@ -22847,7 +22847,7 @@ CVE-2022-37015
CVE-2022-37014
RESERVED
CVE-2022-2572 (In affected versions of Octopus Server where access is managed
by an e ...)
- TODO: check
+ NOT-FOR-US: Octopus Server
CVE-2022-2571 (Heap-based Buffer Overflow in GitHub repository vim/vim prior
to 9.0.0 ...)
- vim 2:9.0.0135-1
NOTE: https://huntr.dev/bounties/2e5a1dc4-2dfb-4e5f-8c70-e1ede21f3571/
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/016160b3093e44176faab3a757cb863e20c3536c
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/016160b3093e44176faab3a757cb863e20c3536c
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
