Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
806812c4 by Salvatore Bonaccorso at 2022-11-05T09:21:28+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -5813,27 +5813,27 @@ CVE-2022-43574 ("IBM Robotic Process Automation 21.0.1,
21.0.2, 21.0.3, 21.0.4,
CVE-2022-43573
RESERVED
CVE-2022-43572 (In Splunk Enterprise versions below 8.2.9, 8.1.12, and 9.0.2,
sending ...)
- TODO: check
+ NOT-FOR-US: Splunk Enterprise
CVE-2022-43571 (In Splunk Enterprise versions below 8.2.9, 8.1.12, and 9.0.2,
an authe ...)
NOT-FOR-US: Splunk Enterprise
CVE-2022-43570 (In Splunk Enterprise versions below 8.1.12, 8.2.9, and 9.0.2,
an authe ...)
- TODO: check
+ NOT-FOR-US: Splunk Enterprise
CVE-2022-43569 (In Splunk Enterprise versions below 8.1.12, 8.2.9, and 9.0.2,
an authe ...)
- TODO: check
+ NOT-FOR-US: Splunk Enterprise
CVE-2022-43568 (In Splunk Enterprise versions below 8.1.12, 8.2.9, and 9.0.2,
a View a ...)
- TODO: check
+ NOT-FOR-US: Splunk Enterprise
CVE-2022-43567 (In Splunk Enterprise versions below 8.2.9, 8.1.12, and 9.0.2,
an authe ...)
- TODO: check
+ NOT-FOR-US: Splunk Enterprise
CVE-2022-43566 (In Splunk Enterprise versions below 8.2.9, 8.1.12, and 9.0.2,
an authe ...)
- TODO: check
+ NOT-FOR-US: Splunk Enterprise
CVE-2022-43565 (In Splunk Enterprise versions below 8.2.9 and 8.1.12, the way
that the ...)
- TODO: check
+ NOT-FOR-US: Splunk Enterprise
CVE-2022-43564 (In Splunk Enterprise versions below 8.1.12, 8.2.9, and 9.0.2,
a remote ...)
- TODO: check
+ NOT-FOR-US: Splunk Enterprise
CVE-2022-43563 (In Splunk Enterprise versions below 8.2.9 and 8.1.12, the way
that the ...)
- TODO: check
+ NOT-FOR-US: Splunk Enterprise
CVE-2022-43562 (In Splunk Enterprise versions below 8.1.12, 8.2.9, and 9.0.2,
Splunk E ...)
- TODO: check
+ NOT-FOR-US: Splunk Enterprise
CVE-2022-43561 (In Splunk Enterprise versions below 8.1.12, 8.2.9, and 9.0.2,
a remote ...)
NOT-FOR-US: Splunk Enterprise
CVE-2022-43560
@@ -10700,17 +10700,17 @@ CVE-2022-41673
CVE-2022-41672 (In Apache Airflow, prior to version 2.4.1, deactivating a user
wouldn' ...)
- airflow <itp> (bug #819700)
CVE-2022-41671 (A CWE-89: Improper Neutralization of Special Elements used in
SQL Comm ...)
- TODO: check
+ NOT-FOR-US: EcoStruxure Operator Terminal Expert and Pro-face BLUE
CVE-2022-41670 (A CWE-22: Improper Limitation of a Pathname to a Restricted
Directory ...)
- TODO: check
+ NOT-FOR-US: EcoStruxure Operator Terminal Expert and Pro-face BLUE
CVE-2022-41669 (A CWE-347: Improper Verification of Cryptographic Signature
vulnerabil ...)
- TODO: check
+ NOT-FOR-US: EcoStruxure Operator Terminal Expert and Pro-face BLUE
CVE-2022-41668 (A CWE-704: Incorrect Project Conversion vulnerability exists
that allo ...)
- TODO: check
+ NOT-FOR-US: EcoStruxure Operator Terminal Expert and Pro-face BLUE
CVE-2022-41667 (A CWE-22: Improper Limitation of a Pathname to a Restricted
Directory ...)
- TODO: check
+ NOT-FOR-US: EcoStruxure Operator Terminal Expert and Pro-face BLUE
CVE-2022-41666 (A CWE-347: Improper Verification of Cryptographic Signature
vulnerabil ...)
- TODO: check
+ NOT-FOR-US: EcoStruxure Operator Terminal Expert and Pro-face BLUE
CVE-2022-41665 (A vulnerability has been identified in SICAM P850 (All
versions < V ...)
NOT-FOR-US: Siemens
CVE-2022-41664
@@ -16185,7 +16185,7 @@ CVE-2022-39386
CVE-2022-39385
RESERVED
CVE-2022-39384 (OpenZeppelin Contracts is a library for secure smart contract
developm ...)
- TODO: check
+ NOT-FOR-US: OpenZeppelin
CVE-2022-39383
RESERVED
CVE-2022-39382 (Keystone is a headless CMS for Node.js — built with
GraphQL and ...)
@@ -16686,7 +16686,7 @@ CVE-2022-3097 (The LBStopAttack WordPress plugin
through 1.1.2 does not use nonc
CVE-2022-3096 (The WP Total Hacks WordPress plugin through 4.7.2 does not
prevent low ...)
NOT-FOR-US: WordPress plugin
CVE-2022-3095 (The implementation of backslash parsing in the Dart URI class
for vers ...)
- TODO: check
+ NOT-FOR-US: Dart language (different from src:dart)
CVE-2022-3094
RESERVED
CVE-2022-39197 (An XSS (Cross Site Scripting) vulnerability was found in
HelpSystems C ...)
@@ -17170,15 +17170,15 @@ CVE-2022-39022 (U-Office Force Download function has
a path traversal vulnerabil
CVE-2022-39021 (U-Office Force login function has an Open Redirect
vulnerability. An u ...)
NOT-FOR-US: U-Office Force
CVE-2022-39020 (Multiple instances of XSS (stored and reflected) was found in
the appl ...)
- TODO: check
+ NOT-FOR-US: Schoolbox
CVE-2022-39019 (Broken access controls on PDFtron WebviewerUI in M-Files
Hubshare befo ...)
- TODO: check
+ NOT-FOR-US: M-Files Hubshare
CVE-2022-39018 (Broken access controls on PDFtron data in M-Files Hubshare
before 3.3. ...)
- TODO: check
+ NOT-FOR-US: M-Files Hubshare
CVE-2022-39017 (Improper input validation and output encoding in all comments
fields, ...)
- TODO: check
+ NOT-FOR-US: M-Files Hubshare
CVE-2022-39016 (Javascript injection in PDFtron in M-Files Hubshare before
3.3.10.9 al ...)
- TODO: check
+ NOT-FOR-US: M-Files Hubshare
CVE-2022-38400 (Mailform Pro CGI 4.3.1 and earlier allow a remote
unauthenticated atta ...)
NOT-FOR-US: Mailform Pro CGI
CVE-2022-33941 (PowerCMS XMLRPC API provided by Alfasado Inc. contains a
command injec ...)
@@ -18323,9 +18323,9 @@ CVE-2022-38663 (Jenkins Git Plugin 4.11.4 and earlier
does not properly mask (i.
CVE-2022-38662
RESERVED
CVE-2022-38661 (HCL Workload Automation could allow a local user to overwrite
key syst ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2022-38660 (HCL XPages applications are susceptible to a Cross Site
Request Forger ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2022-38659
RESERVED
CVE-2022-38658
@@ -18333,11 +18333,11 @@ CVE-2022-38658
CVE-2022-38657
RESERVED
CVE-2022-38656 (HCL Commerce, when using Elasticsearch, can allow a remote
attacker to ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2022-38655
RESERVED
CVE-2022-38654 (HCL Domino is susceptible to an information disclosure
vulnerability. ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2022-38653
RESERVED
CVE-2022-38652
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/806812c4c965dbbbe89c91eaf96e409a6e4002f5
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/806812c4c965dbbbe89c91eaf96e409a6e4002f5
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
