Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
a8046100 by Salvatore Bonaccorso at 2022-11-06T15:00:25+01:00
Process NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -5570,7 +5570,7 @@ CVE-2022-3677
CVE-2022-3676 (In Eclipse Openj9 before version 0.35.0, interface calls can be
inline ...)
NOT-FOR-US: Eclipse Openj9
CVE-2022-3675 (Fedora CoreOS supports setting a GRUB bootloader password using
a Buta ...)
- TODO: check
+ NOT-FOR-US: Fedora CoreOS grub-password feature
CVE-2022-3674 (A vulnerability has been found in SourceCodester Sanitization
Manageme ...)
NOT-FOR-US: SourceCodester Sanitization Management System
CVE-2022-3673 (A vulnerability, which was classified as problematic, was found
in Sou ...)
@@ -8191,7 +8191,7 @@ CVE-2022-42745 (CandidATS version 3.0.0 allows an
external attacker to read arbi
CVE-2022-42744 (CandidATS version 3.0.0 allows an external attacker to perform
CRUD op ...)
NOT-FOR-US: CandidATS
CVE-2022-42743 (deep-parse-json version 1.0.2 allows an external attacker to
edit or a ...)
- TODO: check
+ NOT-FOR-US: deep-parse-json Nodejs module
CVE-2022-42742
RESERVED
CVE-2022-42741
@@ -10639,15 +10639,15 @@ CVE-2022-41715 (Programs which compile regular
expressions from untrusted source
NOTE:
https://github.com/golang/go/commit/645abfe529dc325e16daa17210640c2907d1c17a
(go1.19.2)
NOTE:
https://github.com/golang/go/commit/e9017c2416ad0ef642f5e0c2eab2dbf3cba4d997
(go1.18.7)
CVE-2022-41714 (fastest-json-copy version 1.0.1 allows an external attacker to
edit or ...)
- TODO: check
+ NOT-FOR-US: fastest-json-copy Nodejs module
CVE-2022-41713 (deep-object-diff version 1.1.0 allows an external attacker to
edit or ...)
- TODO: check
+ NOT-FOR-US: deep-object-diff Nodejs module
CVE-2022-41712
RESERVED
CVE-2022-41711 (Badaso version 2.6.0 allows an unauthenticated remote attacker
to exec ...)
NOT-FOR-US: Badaso
CVE-2022-41710 (Markdownify version 1.4.1 allows an external attacker to
remotely obta ...)
- TODO: check
+ NOT-FOR-US: Markdownify
CVE-2022-41709 (Markdownify version 1.4.1 allows an external attacker to
execute arbit ...)
NOT-FOR-US: Markdownify
CVE-2022-41708 (Relatedcode's Messenger version 7bcd20b allows an
authenticated extern ...)
@@ -12801,7 +12801,7 @@ CVE-2022-40841
CVE-2022-40840 (ndk design NdkAdvancedCustomizationFields 3.5.0 is vulnerable
to Cross ...)
TODO: check
CVE-2022-40839 (A SQL injection vulnerability in the height and width
parameter in Ndk ...)
- TODO: check
+ NOT-FOR-US: NdkAdvancedCustomizationFields
CVE-2022-40838
RESERVED
CVE-2022-40837
@@ -14181,7 +14181,7 @@ CVE-2022-40278 (An issue was discovered in Samsung
TizenRT through 3.0_GBM (and
CVE-2022-40277 (Joplin version 2.8.8 allows an external attacker to execute
arbitrary ...)
NOT-FOR-US: Joplin
CVE-2022-40276 (Zettlr version 2.3.0 allows an external attacker to remotely
obtain ar ...)
- TODO: check
+ NOT-FOR-US: Zettlr
CVE-2022-40275
RESERVED
CVE-2022-40274 (Gridea version 0.9.3 allows an external attacker to execute
arbitrary ...)
@@ -16223,7 +16223,7 @@ CVE-2022-39383
CVE-2022-39382 (Keystone is a headless CMS for Node.js — built with
GraphQL and ...)
NOT-FOR-US: Keystone CMS
CVE-2022-39381 (Muhammara is a node module with c/cpp bindings to modify PDF
with js f ...)
- TODO: check
+ NOT-FOR-US: Muhammara Nodejs module
CVE-2022-39380
RESERVED
CVE-2022-39379 (Fluentd collects events from various data sources and writes
them to f ...)
@@ -16314,7 +16314,7 @@ CVE-2022-39346
CVE-2022-39345 (Gin-vue-admin is a backstage management system based on vue
and gin, w ...)
NOT-FOR-US: Gin-vue-admin
CVE-2022-39344 (Azure RTOS USBX is a USB host, device, and on-the-go (OTG)
embedded st ...)
- TODO: check
+ NOT-FOR-US: Azure RTOS USBX
CVE-2022-39343
RESERVED
CVE-2022-39342 (OpenFGA is an authorization/permission engine. Versions prior
to versi ...)
@@ -16350,7 +16350,7 @@ CVE-2022-39328
CVE-2022-39327 (Azure CLI is the command-line interface for Microsoft Azure.
In versio ...)
TODO: check
CVE-2022-39326 (kartverket/github-workflows are shared reusable workflows for
GitHub A ...)
- TODO: check
+ NOT-FOR-US: kartverket/github-workflows
CVE-2022-39325
RESERVED
CVE-2022-39324
@@ -16360,7 +16360,7 @@ CVE-2022-39323 (GLPI stands for Gestionnaire Libre de
Parc Informatique. GLPI is
NOTE:
https://github.com/glpi-project/glpi/security/advisories/GHSA-cp6q-9p4x-8hr9
NOTE: Only supported behind an authenticated HTTP zone
CVE-2022-39322 (@keystone-6/core is a core package for Keystone 6, a content
managemen ...)
- TODO: check
+ NOT-FOR-US: Keystone CMS
CVE-2022-39321 (GitHub Actions Runner is the application that runs a job from
a GitHub ...)
TODO: check
CVE-2022-39320
@@ -16402,7 +16402,7 @@ CVE-2022-39303 (Ree6 is a moderation bot. This
vulnerability allows manipulation
CVE-2022-39302 (Ree6 is a moderation bot. This vulnerability would allow other
server ...)
NOT-FOR-US: Ree6
CVE-2022-39301 (sra-admin is a background rights management system that
separates the ...)
- TODO: check
+ NOT-FOR-US: sra-admin
CVE-2022-39300 (node SAML is a SAML 2.0 library based on the SAML
implementation of pa ...)
NOT-FOR-US: Node saml
CVE-2022-39299 (Passport-SAML is a SAML 2.0 authentication provider for
Passport, the ...)
@@ -17218,7 +17218,7 @@ CVE-2022-33941 (PowerCMS XMLRPC API provided by
Alfasado Inc. contains a command
CVE-2022-3060 (Improper control of a resource identifier in Error Tracking in
GitLab ...)
- gitlab <unfixed>
CVE-2022-3059 (The application was vulnerable to multiple instances of SQL
injection ...)
- TODO: check
+ NOT-FOR-US: Schoolbox
CVE-2022-3058 (Use after free in Sign-In Flow in Google Chrome prior to
105.0.5195.52 ...)
{DSA-5223-1}
- chromium 105.0.5195.52-1
@@ -17830,7 +17830,7 @@ CVE-2022-3025 (The Bitcoin / Altcoin Faucet WordPress
plugin through 1.6.0 does
CVE-2022-3024 (The Simple Bitcoin Faucets WordPress plugin through 1.7.0 does
not hav ...)
NOT-FOR-US: WordPress plugin
CVE-2022-3023 (Use of Externally-Controlled Format String in GitHub repository
pingca ...)
- TODO: check
+ NOT-FOR-US: pingcap/tidb
CVE-2022-3022
REJECTED
CVE-2022-3021 (The Slickr Flickr WordPress plugin through 2.8.1 does not
sanitise and ...)
@@ -19838,7 +19838,7 @@ CVE-2022-38183 (In Gitea before 1.16.9, it was possible
for users to add existin
CVE-2022-38182
RESERVED
CVE-2022-38181 (An Arm product family through 2022-08-12 mail GPU kernel
driver allows ...)
- TODO: check
+ NOT-FOR-US: ARM Mali GPU driver
CVE-2022-2809 (A vulnerability in bmcweb of OpenBMC Project allows user to
cause deni ...)
NOT-FOR-US: OpenBMC
CVE-2022-38180 (In JetBrains Ktor before 2.1.0 the wrong authentication
provider could ...)
@@ -21235,11 +21235,11 @@ CVE-2022-37625
CVE-2022-37624
RESERVED
CVE-2022-37623 (Prototype pollution vulnerability in function resolveShims in
resolve- ...)
- TODO: check
+ NOT-FOR-US: browserify-shim
CVE-2022-37622
RESERVED
CVE-2022-37621 (Prototype pollution vulnerability in function resolveShims in
resolve- ...)
- TODO: check
+ NOT-FOR-US: browserify-shim
CVE-2022-37620 (A Regular Expression Denial of Service (ReDoS) flaw was found
in kanga ...)
TODO: check
CVE-2022-37619
@@ -21281,7 +21281,7 @@ CVE-2022-37605
CVE-2022-37604
RESERVED
CVE-2022-37603 (A Regular expression denial of service (ReDoS) flaw was found
in Funct ...)
- TODO: check
+ NOT-FOR-US: loader-utils
CVE-2022-37602 (Prototype pollution vulnerability in karma-runner grunt-karma
4.0.1 vi ...)
TODO: check
CVE-2022-37601 (Prototype pollution vulnerability in function parseQuery in
parseQuery ...)
@@ -25790,33 +25790,33 @@ CVE-2022-35889
CVE-2022-35888 (Ampere Altra and Ampere Altra Max devices through 2022-07-15
allow att ...)
NOT-FOR-US: Ampere Altra and Ampere Altra Max devices
CVE-2022-35887 (Four format string injection vulnerabilities exist in the web
interfac ...)
- TODO: check
+ NOT-FOR-US: Abode
CVE-2022-35886 (Four format string injection vulnerabilities exist in the web
interfac ...)
- TODO: check
+ NOT-FOR-US: Abode
CVE-2022-35885 (Four format string injection vulnerabilities exist in the web
interfac ...)
- TODO: check
+ NOT-FOR-US: Abode
CVE-2022-35884 (Four format string injection vulnerabilities exist in the web
interfac ...)
- TODO: check
+ NOT-FOR-US: Abode
CVE-2022-35881 (Four format string injection vulnerabilities exist in the UPnP
logging ...)
- TODO: check
+ NOT-FOR-US: Abode
CVE-2022-35880 (Four format string injection vulnerabilities exist in the UPnP
logging ...)
- TODO: check
+ NOT-FOR-US: Abode
CVE-2022-35879 (Four format string injection vulnerabilities exist in the UPnP
logging ...)
- TODO: check
+ NOT-FOR-US: Abode
CVE-2022-35878 (Four format string injection vulnerabilities exist in the UPnP
logging ...)
- TODO: check
+ NOT-FOR-US: Abode
CVE-2022-33938 (A format string injection vulnerability exists in the
ghome_process_co ...)
- TODO: check
+ NOT-FOR-US: Abode
CVE-2022-35877 (Four format string injection vulnerabilities exist in the XCMD
testWif ...)
- TODO: check
+ NOT-FOR-US: Abode
CVE-2022-35876 (Four format string injection vulnerabilities exist in the XCMD
testWif ...)
- TODO: check
+ NOT-FOR-US: Abode
CVE-2022-35875 (Four format string injection vulnerabilities exist in the XCMD
testWif ...)
- TODO: check
+ NOT-FOR-US: Abode
CVE-2022-35874 (Four format string injection vulnerabilities exist in the XCMD
testWif ...)
- TODO: check
+ NOT-FOR-US: Abode
CVE-2022-35244 (A format string injection vulnerability exists in the XCMD
getVarHA fu ...)
- TODO: check
+ NOT-FOR-US: Abode
CVE-2022-2446
RESERVED
CVE-2022-2445
@@ -25958,7 +25958,7 @@ CVE-2022-35853
CVE-2022-35852
RESERVED
CVE-2022-35851 (An improper neutralization of input during web page generation
vulnera ...)
- TODO: check
+ NOT-FOR-US: FortiGuard
CVE-2022-35850
RESERVED
CVE-2022-35849
@@ -25976,7 +25976,7 @@ CVE-2022-35844 (An improper neutralization of special
elements used in an OS com
CVE-2022-35843
RESERVED
CVE-2022-35842 (An exposure of sensitive information to an unauthorized actor
vulnerab ...)
- TODO: check
+ NOT-FOR-US: FortiGuard
CVE-2022-35841 (Windows Enterprise App Management Service Remote Code
Execution Vulner ...)
NOT-FOR-US: Microsoft
CVE-2022-35840 (Microsoft OLE DB Provider for SQL Server Remote Code Execution
Vulnera ...)
@@ -26200,7 +26200,7 @@ CVE-2022-2396 (A vulnerability classified as
problematic was found in SourceCode
CVE-2022-35740
RESERVED
CVE-2022-35739 (PRTG Network Monitor through 22.2.77.2204 does not prevent
custom inpu ...)
- TODO: check
+ NOT-FOR-US: PRTG Network Monitor
CVE-2022-35738
RESERVED
CVE-2022-35737 (SQLite 1.0.12 through 3.39.x before 3.39.2 sometimes allows an
array-b ...)
@@ -27405,15 +27405,15 @@ CVE-2022-35279 ("IBM Business Automation Workflow
18.0.0.0, 18.0.0.1, 18.0.0.2,
CVE-2022-35278 (In Apache ActiveMQ Artemis prior to 2.24.0, an attacker could
show mal ...)
NOT-FOR-US: Apache ActiveMQ Artemis
CVE-2022-34850 (An OS command injection vulnerability exists in the web_server
/action ...)
- TODO: check
+ NOT-FOR-US: Robustel R1510
CVE-2022-34845 (A firmware update vulnerability exists in the sysupgrade
functionality ...)
- TODO: check
+ NOT-FOR-US: Robustel R1510
CVE-2022-33975
RESERVED
CVE-2022-33897 (A directory traversal vulnerability exists in the web_server
/ajax/rem ...)
- TODO: check
+ NOT-FOR-US: Robustel R1510
CVE-2022-33150 (An OS command injection vulnerability exists in the js_package
install ...)
- TODO: check
+ NOT-FOR-US: Robustel R1510
CVE-2022-2339 (With this SSRF vulnerability, an attacker can reach internal
addresses ...)
NOT-FOR-US: nocodb
CVE-2022-2338 (Softing Secure Integration Server V1.22 is vulnerable to
authenticatio ...)
@@ -27431,27 +27431,27 @@ CVE-2022-2333 (If an attacker manages to trick a
valid user into loading a malic
CVE-2022-2332 (A local unprivileged attacker may escalate to administrator
privileges ...)
NOT-FOR-US: Honeywell
CVE-2022-35271 (A denial of service vulnerability exists in the web_server
hashFirst f ...)
- TODO: check
+ NOT-FOR-US: Robustel R1510
CVE-2022-35270 (A denial of service vulnerability exists in the web_server
hashFirst f ...)
- TODO: check
+ NOT-FOR-US: Robustel R1510
CVE-2022-35269 (A denial of service vulnerability exists in the web_server
hashFirst f ...)
- TODO: check
+ NOT-FOR-US: Robustel R1510
CVE-2022-35268 (A denial of service vulnerability exists in the web_server
hashFirst f ...)
- TODO: check
+ NOT-FOR-US: Robustel R1510
CVE-2022-35267 (A denial of service vulnerability exists in the web_server
hashFirst f ...)
- TODO: check
+ NOT-FOR-US: Robustel R1510
CVE-2022-35266 (A denial of service vulnerability exists in the web_server
hashFirst f ...)
- TODO: check
+ NOT-FOR-US: Robustel R1510
CVE-2022-35265 (A denial of service vulnerability exists in the web_server
hashFirst f ...)
- TODO: check
+ NOT-FOR-US: Robustel R1510
CVE-2022-35264 (A denial of service vulnerability exists in the web_server
hashFirst f ...)
- TODO: check
+ NOT-FOR-US: Robustel R1510
CVE-2022-35263 (A denial of service vulnerability exists in the web_server
hashFirst f ...)
- TODO: check
+ NOT-FOR-US: Robustel R1510
CVE-2022-35262 (A denial of service vulnerability exists in the web_server
hashFirst f ...)
- TODO: check
+ NOT-FOR-US: Robustel R1510
CVE-2022-35261 (A denial of service vulnerability exists in the web_server
hashFirst f ...)
- TODO: check
+ NOT-FOR-US: Robustel R1510
CVE-2022-35260 [.netrc parser out-of-bounds access]
RESERVED
- curl 7.86.0-1
@@ -27507,7 +27507,7 @@ CVE-2022-35246 (A NoSQL-Injection information
disclosure vulnerability vulnerabi
CVE-2022-34866 (Passage Drive versions v1.4.0 to v1.5.1.0 and Passage Drive
for Box ve ...)
NOT-FOR-US: Passage Drive
CVE-2022-32765 (An OS command injection vulnerability exists in the sysupgrade
command ...)
- TODO: check
+ NOT-FOR-US: Robustel R1510
CVE-2022-2331
RESERVED
CVE-2022-2330 (Improper Restriction of XML External Entity Reference
vulnerability in ...)
@@ -28725,7 +28725,7 @@ CVE-2022-27235 (Multiple Broken Access Control
vulnerabilities in Social Share B
CVE-2022-26366
RESERVED
CVE-2022-25952 (Cross-Site Request Forgery (CSRF) vulnerability in Keywordrush
Content ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-2276 (The WP Edit Menu WordPress plugin before 1.5.0 does not have
authorisa ...)
NOT-FOR-US: WordPress plugin
CVE-2022-2275 (The WP Edit Menu WordPress plugin before 1.5.0 does not have
CSRF in a ...)
@@ -30375,7 +30375,7 @@ CVE-2022-2169 (The Loading Page with Loading Screen
WordPress plugin before 1.0.
CVE-2022-2168 (The Download Manager WordPress plugin before 3.2.44 does not
escape a ...)
NOT-FOR-US: WordPress plugin
CVE-2022-2167 (The Newspaper WordPress theme before 12 does not sanitise a
parameter ...)
- TODO: check
+ NOT-FOR-US: WordPress theme
CVE-2022-34270
RESERVED
CVE-2022-34269
@@ -31573,7 +31573,7 @@ CVE-2022-33879 (The initial fixes in CVE-2022-30126 and
CVE-2022-30973 for regex
[buster] - tika <no-dsa> (Minor issue)
NOTE: https://www.openwall.com/lists/oss-security/2022/06/27/5
CVE-2022-33878 (An exposure of sensitive information to an unauthorized actor
vulnerab ...)
- TODO: check
+ NOT-FOR-US: FortiGuard
CVE-2022-33877
RESERVED
CVE-2022-33876
@@ -31589,7 +31589,7 @@ CVE-2022-33872 (An improper neutralization of special
elements used in an OS Com
CVE-2022-33871
RESERVED
CVE-2022-33870 (An improper neutralization of special elements used in an OS
command v ...)
- TODO: check
+ NOT-FOR-US: FortiGuard
CVE-2022-33869
RESERVED
CVE-2022-2100 (The Page Generator WordPress plugin before 1.6.5 does not
sanitise and ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a8046100a9267936f328219682b51c0916ac9580
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a8046100a9267936f328219682b51c0916ac9580
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
