Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
b9e56cea by Salvatore Bonaccorso at 2022-11-06T16:53:05+01:00
Process several NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -16421,7 +16421,7 @@ CVE-2022-39296 (MelisAssetManager provides deliveries
of Melis Platform's assets
CVE-2022-39295 (Knowage is an open source suite for modern business analytics
alternat ...)
NOT-FOR-US: Knowage
CVE-2022-39294 (conduit-hyper integrates a conduit application with the hyper
server. ...)
- TODO: check
+ NOT-FOR-US: conduit-hyper
CVE-2022-39293 (Azure RTOS USBX is a high-performance USB host, device, and
on-the-go ...)
NOT-FOR-US: Azure RTOS USBX
CVE-2022-39292 (Slack Morphism is a modern client library for Slack Web/Events
API/Soc ...)
@@ -16495,7 +16495,7 @@ CVE-2022-39274 (LoRaMac-node is a reference
implementation and documentation of
CVE-2022-39273 (FlyteAdmin is the control plane for the data processing
platform Flyte ...)
NOT-FOR-US: FlyteAdmin
CVE-2022-39272 (Flux is an open and extensible continuous delivery solution
for Kubern ...)
- TODO: check
+ NOT-FOR-US: Flux
CVE-2022-39271 (Traefik (pronounced traffic) is a modern HTTP reverse proxy
and load b ...)
NOT-FOR-US: Traefik
CVE-2022-39270 (DiscoTOC is a Discourse theme component that generates a table
of cont ...)
@@ -16539,7 +16539,7 @@ CVE-2022-39260 (Git is an open source, scalable,
distributed revision control sy
NOTE:
https://github.com/git/git/commit/71ad7fe1bcec2a115bd0ab187240348358aa7f21
(v2.30.6)
NOTE:
https://github.com/git/git/commit/0ca6ead81edd4fb1984b69aae87c1189e3025530
(v2.30.6)
CVE-2022-39259 (jadx is a set of command line and GUI tools for producing Java
source ...)
- TODO: check
+ NOT-FOR-US: jadx
CVE-2022-39258 (mailcow is a mailserver suite. A vulnerability innversions
prior to 20 ...)
NOT-FOR-US: mailcow
CVE-2022-39257 (Matrix iOS SDK allows developers to build iOS apps compatible
with Mat ...)
@@ -21288,7 +21288,7 @@ CVE-2022-37604
CVE-2022-37603 (A Regular expression denial of service (ReDoS) flaw was found
in Funct ...)
NOT-FOR-US: loader-utils
CVE-2022-37602 (Prototype pollution vulnerability in karma-runner grunt-karma
4.0.1 vi ...)
- TODO: check
+ NOT-FOR-US: karma-runner grunt-karma
CVE-2022-37601 (Prototype pollution vulnerability in function parseQuery in
parseQuery ...)
NOT-FOR-US: loader-utils
CVE-2022-37600
@@ -25078,7 +25078,7 @@ CVE-2022-36184
CVE-2022-36183
RESERVED
CVE-2022-36182 (Hashicorp Boundary v0.8.0 is vulnerable to Clickjacking which
allow fo ...)
- TODO: check
+ NOT-FOR-US: HashiCorp Boundary
CVE-2022-36181
RESERVED
CVE-2022-36180
@@ -25873,7 +25873,7 @@ CVE-2022-2424 (The Google Maps Anywhere WordPress
plugin through 1.2.6.3 does no
CVE-2022-2423 (The DW Promobar WordPress plugin through 1.0.4 does not
sanitise and e ...)
NOT-FOR-US: WordPress plugin
CVE-2022-2422 (Due to improper input validation in the Feathers js library, it
is pos ...)
- TODO: check
+ NOT-FOR-US: Feathers js library
CVE-2022-2421 (Due to improper type validation in attachment parsing the
Socket.io js ...)
TODO: check
CVE-2022-2420 (A vulnerability was found in URVE Web Manager. It has been
rated as cr ...)
@@ -27805,7 +27805,7 @@ CVE-2022-35133 (A cross-site scripting (XSS)
vulnerability in CherryTree v0.99.3
NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1202513
NOTE: https://github.com/giuspen/cherrytree/issues/2099
CVE-2022-35132 (Usermin through 1.850 allows a remote authenticated user to
execute OS ...)
- TODO: check
+ NOT-FOR-US: Usermin
CVE-2022-35131 (Joplin v2.8.8 allows attackers to execute arbitrary commands
via a cra ...)
NOT-FOR-US: Joplin
CVE-2022-35130
@@ -31628,7 +31628,7 @@ CVE-2022-33861
CVE-2022-33860
RESERVED
CVE-2022-33859 (A security vulnerability was discovered in the Eaton Foreseer
EPMS sof ...)
- TODO: check
+ NOT-FOR-US: Eaton Foreseer EPMS
CVE-2022-33858
RESERVED
CVE-2022-33857
@@ -31855,7 +31855,7 @@ CVE-2022-2089 (The Bold Page Builder WordPress plugin
before 4.3.3 does not sani
CVE-2022-33758
RESERVED
CVE-2022-33757 (An authenticated attacker could read Nessus Debug Log file
attachments ...)
- TODO: check
+ NOT-FOR-US: Nessus
CVE-2022-33756 (CA Automic Automation 12.2 and 12.3 contain an entropy
weakness vulner ...)
NOT-FOR-US: CA Automic Automation
CVE-2022-33755 (CA Automic Automation 12.2 and 12.3 contain an insecure input
handling ...)
@@ -33027,45 +33027,45 @@ CVE-2022-2078 (A vulnerability was found in the Linux
kernel's nft_set_desc_conc
NOTE: https://www.openwall.com/lists/oss-security/2022/06/02/1
NOTE:
https://git.kernel.org/linus/fecf31ee395b0295f2d7260aa29946b7605f7c85 (5.19-rc1)
CVE-2022-33207 (Four OS command injection vulnerabilities exists in the web
interface ...)
- TODO: check
+ NOT-FOR-US: Abode Systems
CVE-2022-33206 (Four OS command injection vulnerabilities exists in the web
interface ...)
- TODO: check
+ NOT-FOR-US: Abode Systems
CVE-2022-33205 (Four OS command injection vulnerabilities exists in the web
interface ...)
- TODO: check
+ NOT-FOR-US: Abode Systems
CVE-2022-33204 (Four OS command injection vulnerabilities exists in the web
interface ...)
- TODO: check
+ NOT-FOR-US: Abode Systems
CVE-2022-33195 (Four OS command injection vulnerabilities exist in the XCMD
testWifiAP ...)
- TODO: check
+ NOT-FOR-US: Abode Systems
CVE-2022-33194 (Four OS command injection vulnerabilities exist in the XCMD
testWifiAP ...)
- TODO: check
+ NOT-FOR-US: Abode Systems
CVE-2022-33193 (Four OS command injection vulnerabilities exist in the XCMD
testWifiAP ...)
- TODO: check
+ NOT-FOR-US: Abode Systems
CVE-2022-33192 (Four OS command injection vulnerabilities exist in the XCMD
testWifiAP ...)
- TODO: check
+ NOT-FOR-US: Abode Systems
CVE-2022-33189 (An OS command injection vulnerability exists in the XCMD
setAlexa func ...)
- TODO: check
+ NOT-FOR-US: Abode Systems
CVE-2022-32775 (An integer overflow vulnerability exists in the web interface
/action/ ...)
- TODO: check
+ NOT-FOR-US: Abode Systems
CVE-2022-32773 (An OS command injection vulnerability exists in the XCMD
doDebug funct ...)
- TODO: check
+ NOT-FOR-US: Abode Systems
CVE-2022-32586 (An OS command injection vulnerability exists in the web
interface /act ...)
- TODO: check
+ NOT-FOR-US: Abode Systems
CVE-2022-32574 (A double-free vulnerability exists in the web interface
/action/ipcamS ...)
- TODO: check
+ NOT-FOR-US: Abode Systems
CVE-2022-32454 (A stack-based buffer overflow vulnerability exists in the XCMD
setIPCa ...)
- TODO: check
+ NOT-FOR-US: Abode Systems
CVE-2022-30603 (An OS command injection vulnerability exists in the web
interface /act ...)
- TODO: check
+ NOT-FOR-US: Abode Systems
CVE-2022-30541 (An OS command injection vulnerability exists in the XCMD
setUPnP funct ...)
- TODO: check
+ NOT-FOR-US: Abode Systems
CVE-2022-29889 (A hard-coded password vulnerability exists in the telnet
functionality ...)
- TODO: check
+ NOT-FOR-US: Abode Systems
CVE-2022-29520 (An OS command injection vulnerability exists in the
console_main_loop ...)
- TODO: check
+ NOT-FOR-US: Abode Systems
CVE-2022-29472 (An OS command injection vulnerability exists in the web
interface util ...)
- TODO: check
+ NOT-FOR-US: Abode Systems
CVE-2022-27804 (An os command injection vulnerability exists in the web
interface util ...)
- TODO: check
+ NOT-FOR-US: Abode Systems
CVE-2022-2077
REJECTED
CVE-2022-2076
@@ -33083,21 +33083,21 @@ CVE-2022-33187
CVE-2022-33186
RESERVED
CVE-2022-33185 (Several commands in Brocade Fabric OS before Brocade Fabric OS
v.9.0.1 ...)
- TODO: check
+ NOT-FOR-US: Brocade
CVE-2022-33184 (A vulnerability in fab_seg.c.h libraries of all Brocade Fabric
OS vers ...)
- TODO: check
+ NOT-FOR-US: Brocade
CVE-2022-33183 (A vulnerability in Brocade Fabric OS CLI before Brocade Fabric
OS v9.1 ...)
- TODO: check
+ NOT-FOR-US: Brocade
CVE-2022-33182 (A privilege escalation vulnerability in Brocade Fabric OS CLI
before B ...)
- TODO: check
+ NOT-FOR-US: Brocade
CVE-2022-33181 (An information disclosure vulnerability in Brocade Fabric OS
CLI befor ...)
- TODO: check
+ NOT-FOR-US: Brocade
CVE-2022-33180 (A vulnerability in Brocade Fabric OS CLI before Brocade Fabric
OS v9.1 ...)
- TODO: check
+ NOT-FOR-US: Brocade
CVE-2022-33179 (A vulnerability in Brocade Fabric OS CLI before Brocade Fabric
OS v9.1 ...)
- TODO: check
+ NOT-FOR-US: Brocade
CVE-2022-33178 (A vulnerability in the radius authentication system of Brocade
Fabric ...)
- TODO: check
+ NOT-FOR-US: Brocade
CVE-2022-33175 (Power Distribution Units running on Powertek firmware
(multiple brands ...)
NOT-FOR-US: Powertek
CVE-2022-33174 (Power Distribution Units running on Powertek firmware
(multiple brands ...)
@@ -33505,7 +33505,7 @@ CVE-2022-32986
CVE-2022-32761 (An information disclosure vulnerability exists in the
aVideoEncoderRec ...)
NOT-FOR-US: WWBN AVideo
CVE-2022-32760 (A denial of service vulnerability exists in the XCMD doDebug
functiona ...)
- TODO: check
+ NOT-FOR-US: Abode Systems
CVE-2022-32572 (An os command injection vulnerability exists in the
aVideoEncoder wget ...)
NOT-FOR-US: WWBN AVideo
CVE-2022-32282 (An improper password check exists in the login functionality
of WWBN A ...)
@@ -33515,13 +33515,13 @@ CVE-2022-30547 (A directory traversal vulnerability
exists in the unzipDirectory
CVE-2022-30534 (An OS command injection vulnerability exists in the
aVideoEncoder chun ...)
NOT-FOR-US: WWBN AVideo
CVE-2022-29477 (An authentication bypass vulnerability exists in the web
interface /ac ...)
- TODO: check
+ NOT-FOR-US: Abode Systems
CVE-2022-29475 (An information disclosure vulnerability exists in the XFINDER
function ...)
- TODO: check
+ NOT-FOR-US: Abode Systems
CVE-2022-28710 (An information disclosure vulnerability exists in the
chunkFile functi ...)
NOT-FOR-US: WWBN AVideo
CVE-2022-27805 (An authentication bypass vulnerability exists in the GHOME
control fun ...)
- TODO: check
+ NOT-FOR-US: Abode Systems
CVE-2022-2072 (The Name Directory WordPress plugin before 1.25.3 does not
sanitise an ...)
NOT-FOR-US: WordPress plugin
CVE-2022-2071 (The Name Directory WordPress plugin before 1.25.4 does not have
CSRF c ...)
@@ -33703,59 +33703,59 @@ CVE-2022-32949
CVE-2022-32948
RESERVED
CVE-2022-32947 (The issue was addressed with improved memory handling. This
issue is f ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2022-32946 (This issue was addressed with improved entitlements. This
issue is fix ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2022-32945
RESERVED
CVE-2022-32944 (A memory corruption issue was addressed with improved state
management ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2022-32943
RESERVED
CVE-2022-32942
RESERVED
CVE-2022-32941 (The issue was addressed with improved bounds checks. This
issue is fix ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2022-32940 (The issue was addressed with improved bounds checks. This
issue is fix ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2022-32939 (The issue was addressed with improved bounds checks. This
issue is fix ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2022-32938 (A parsing issue in the handling of directory paths was
addressed with ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2022-32937
RESERVED
CVE-2022-32936 (An out-of-bounds read was addressed with improved input
validation. Th ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2022-32935 (A lock screen issue was addressed with improved state
management. This ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2022-32934 (The issue was addressed with improved memory handling. This
issue is f ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2022-32933
RESERVED
CVE-2022-32932 (The issue was addressed with improved memory handling. This
issue is f ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2022-32931
RESERVED
CVE-2022-32930
RESERVED
CVE-2022-32929 (A permissions issue was addressed with additional
restrictions. This i ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2022-32928 (A logic issue was addressed with improved restrictions. This
issue is ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2022-32927 (The issue was addressed with improved memory handling. This
issue is f ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2022-32926 (The issue was addressed with improved bounds checks. This
issue is fix ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2022-32925 (An out-of-bounds write issue was addressed with improved
bounds checki ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2022-32924 (The issue was addressed with improved memory handling. This
issue is f ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2022-32923 (A correctness issue in the JIT was addressed with improved
checks. Thi ...)
{DSA-5241-1 DSA-5240-1 DLA-3124-1}
- webkit2gtk 2.38.0-1
- wpewebkit 2.38.0-1
CVE-2022-32922 (A use after free issue was addressed with improved memory
management. ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2022-32921
RESERVED
CVE-2022-32920
@@ -33763,17 +33763,17 @@ CVE-2022-32920
CVE-2022-32919
RESERVED
CVE-2022-32918 (This issue was addressed with improved data protection. This
issue is ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2022-32917 (The issue was addressed with improved bounds checks. This
issue is fix ...)
NOT-FOR-US: Apple
CVE-2022-32916
RESERVED
CVE-2022-32915 (A type confusion issue was addressed with improved checks.
This issue ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2022-32914 (A use after free issue was addressed with improved memory
management. ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2022-32913 (The issue was addressed with additional restrictions on the
observabil ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2022-32912 (An out-of-bounds read was addressed with improved bounds
checking. Thi ...)
- webkit2gtk <not-affected> (only affects macOS)
- wpewebkit <not-affected> (only affects macOS)
@@ -33781,21 +33781,21 @@ CVE-2022-32912 (An out-of-bounds read was addressed
with improved bounds checkin
CVE-2022-32911 (The issue was addressed with improved memory handling. This
issue is f ...)
NOT-FOR-US: Apple
CVE-2022-32910 (A logic issue was addressed with improved checks. This issue
is fixed ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2022-32909 (The issue was addressed with improved handling of caches. This
issue i ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2022-32908 (A memory corruption issue was addressed with improved input
validation ...)
NOT-FOR-US: Apple
CVE-2022-32907 (This issue was addressed with improved checks. This issue is
fixed in ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2022-32906
RESERVED
CVE-2022-32905 (This issue was addressed with improved validation of symlinks.
This is ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2022-32904 (An access issue was addressed with additional sandbox
restrictions. Th ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2022-32903 (A use after free issue was addressed with improved memory
management. ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2022-32902
RESERVED
CVE-2022-32901
@@ -33803,15 +33803,15 @@ CVE-2022-32901
CVE-2022-32900
RESERVED
CVE-2022-32899 (The issue was addressed with improved memory handling. This
issue is f ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2022-32898 (The issue was addressed with improved memory handling. This
issue is f ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2022-32897
RESERVED
CVE-2022-32896
RESERVED
CVE-2022-32895 (A race condition was addressed with improved state handling.
This issu ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2022-32894 (An out-of-bounds write issue was addressed with improved
bounds checki ...)
NOT-FOR-US: Apple
CVE-2022-32893 (An out-of-bounds write issue was addressed with improved
bounds checki ...)
@@ -33820,7 +33820,7 @@ CVE-2022-32893 (An out-of-bounds write issue was
addressed with improved bounds
- wpewebkit 2.36.7-1
NOTE: https://wpewebkit.org/security/WSA-2022-0008.html
CVE-2022-32892 (An access issue was addressed with improvements to the
sandbox. This i ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2022-32891
RESERVED
{DSA-5211-1 DSA-5210-1 DLA-3073-1}
@@ -33828,15 +33828,15 @@ CVE-2022-32891
- wpewebkit 2.36.6-1
NOTE: https://webkitgtk.org/security/WSA-2022-0009.html
CVE-2022-32890 (A logic issue was addressed with improved checks. This issue
is fixed ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2022-32889 (The issue was addressed with improved memory handling. This
issue is f ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2022-32888 (An out-of-bounds write issue was addressed with improved
bounds checki ...)
{DSA-5241-1 DSA-5240-1 DLA-3124-1}
- webkit2gtk 2.38.0-1
- wpewebkit 2.38.0-1
CVE-2022-32887 (The issue was addressed with improved memory handling. This
issue is f ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2022-32886 (A buffer overflow issue was addressed with improved memory
handling. T ...)
{DSA-5241-1 DSA-5240-1 DLA-3124-1}
- webkit2gtk 2.38.0-1
@@ -33851,19 +33851,19 @@ CVE-2022-32883 (A logic issue was addressed with
improved restrictions. This iss
CVE-2022-32882 (This issue was addressed with improved checks. This issue is
fixed in ...)
NOT-FOR-US: Apple
CVE-2022-32881 (A logic issue was addressed with improved restrictions. This
issue is ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2022-32880 (This issue was addressed by enabling hardened runtime. This
issue is f ...)
NOT-FOR-US: Apple
CVE-2022-32879 (A logic issue was addressed with improved state management.
This issue ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2022-32878
RESERVED
CVE-2022-32877 (A configuration issue was addressed with additional
restrictions. This ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2022-32876
RESERVED
CVE-2022-32875 (A logic issue was addressed with improved state management.
This issue ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2022-32874
RESERVED
CVE-2022-32873
@@ -33873,31 +33873,31 @@ CVE-2022-32872 (A logic issue was addressed with
improved restrictions. This iss
CVE-2022-32871
RESERVED
CVE-2022-32870 (A logic issue was addressed with improved state management.
This issue ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2022-32869
RESERVED
CVE-2022-32868 (A logic issue was addressed with improved state management.
This issue ...)
NOT-FOR-US: Apple
CVE-2022-32867 (This issue was addressed with improved data protection. This
issue is ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2022-32866 (The issue was addressed with improved memory handling. This
issue is f ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2022-32865 (The issue was addressed with improved memory handling. This
issue is f ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2022-32864 (The issue was addressed with improved memory handling. This
issue is f ...)
NOT-FOR-US: Apple
CVE-2022-32863 (A memory corruption issue was addressed with improved state
management ...)
NOT-FOR-US: Apple
CVE-2022-32862 (This issue was addressed with improved data protection. This
issue is ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2022-32861 (A logic issue was addressed with improved state management.
This issue ...)
NOT-FOR-US: Apple
CVE-2022-32860
RESERVED
CVE-2022-32859 (A logic issue was addressed with improved state management.
This issue ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2022-32858 (The issue was addressed with improved memory handling. This
issue is f ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2022-32857 (This issue was addressed by using HTTPS when sending
information over ...)
NOT-FOR-US: Apple
CVE-2022-32856
@@ -33943,7 +33943,7 @@ CVE-2022-32837 (This issue was addressed with improved
checks. This issue is fix
CVE-2022-32836
RESERVED
CVE-2022-32835 (This issue was addressed with improved entitlements. This
issue is fix ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2022-32834 (An access issue was addressed with improvements to the
sandbox. This i ...)
NOT-FOR-US: Apple
CVE-2022-32833
@@ -33959,7 +33959,7 @@ CVE-2022-32829 (This issue was addressed with improved
checks. This issue is fix
CVE-2022-32828 (The issue was addressed with improved memory handling. This
issue is f ...)
NOT-FOR-US: Apple
CVE-2022-32827 (A memory corruption issue was addressed with improved state
management ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2022-32826 (An authorization issue was addressed with improved state
management. T ...)
NOT-FOR-US: Apple
CVE-2022-32825 (The issue was addressed with improved memory handling. This
issue is f ...)
@@ -34028,7 +34028,7 @@ CVE-2022-32796 (A memory corruption issue was addressed
with improved state mana
CVE-2022-32795 (This issue was addressed with improved checks. This issue is
fixed in ...)
NOT-FOR-US: Apple
CVE-2022-32794 (A logic issue was addressed with improved state management.
This issue ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2022-32793 (Multiple out-of-bounds write issues were addressed with
improved bound ...)
NOT-FOR-US: Apple
CVE-2022-32792 (An out-of-bounds write issue was addressed with improved input
validat ...)
@@ -35030,7 +35030,7 @@ CVE-2022-32409 (A local file inclusion (LFI)
vulnerability in the component code
CVE-2022-32408
RESERVED
CVE-2022-32407 (Softr v2.0 was discovered to contain a Cross-Site Scripting
(XSS) vuln ...)
- TODO: check
+ NOT-FOR-US: Softr
CVE-2022-32406 (GtkRadiant v1.6.6 was discovered to contain a buffer overflow
via the ...)
NOT-FOR-US: GtkRadiant
CVE-2022-32405 (Prison Management System v1.0 was discovered to contain a SQL
injectio ...)
@@ -36480,7 +36480,7 @@ CVE-2022-31900
CVE-2022-31899
RESERVED
CVE-2022-31898 (gl-inet GL-MT300N-V2 Mango v3.212 and GL-AX1800 Flint v3.214
were disc ...)
- TODO: check
+ NOT-FOR-US: gl-inet GL-MT300N-V2 Mango and GL-AX1800 Flint
CVE-2022-31897 (SourceCodester Zoo Management System 1.0 is vulnerable to
Cross Site S ...)
NOT-FOR-US: SourceCodester Zoo Management System
CVE-2022-31896
@@ -37243,7 +37243,7 @@ CVE-2022-31680 (The vCenter Server contains an unsafe
deserialisation vulnerabil
CVE-2022-31679 (Applications that allow HTTP PATCH access to resources exposed
by Spri ...)
NOT-FOR-US: VMware
CVE-2022-31678 (VMware Cloud Foundation (NSX-V) contains an XML External
Entity (XXE) ...)
- TODO: check
+ NOT-FOR-US: VMware
CVE-2022-31677 (An Insufficient Session Expiration issue was discovered in the
Pinnipe ...)
NOT-FOR-US: Pinniped Supervisor
CVE-2022-31676 (VMware Tools (12.0.0, 11.x.y and 10.x.y) contains a local
privilege es ...)
@@ -38015,7 +38015,7 @@ CVE-2022-31470 (An XSS vulnerability in the
index_mobile_changepass.hsp reset-pa
CVE-2022-31469
RESERVED
CVE-2022-31468 (OX App Suite through 8.2 allows XSS via an attachment or OX
Drive cont ...)
- TODO: check
+ NOT-FOR-US: OX App Suite
CVE-2022-31467 (A DLL hijacking vulnerability in the installed for Quick Heal
Total Se ...)
NOT-FOR-US: Quick Heal Total Security
CVE-2022-31466 (Time of Check - Time of Use (TOCTOU) vulnerability in Quick
Heal Total ...)
@@ -41397,7 +41397,7 @@ CVE-2022-30309 (In Festo Controller CECC-X-M1 product
family in multiple version
CVE-2022-30308 (In Festo Controller CECC-X-M1 product family in multiple
versions, the ...)
NOT-FOR-US: Festo
CVE-2022-30307 (A key management error vulnerability [CWE-320] affecting the
RSA SSH h ...)
- TODO: check
+ NOT-FOR-US: FortiGuard
CVE-2022-30306
RESERVED
CVE-2022-30305
@@ -42764,7 +42764,7 @@ CVE-2022-29853
CVE-2022-29852
RESERVED
CVE-2022-29851 (documentconverter in OX App Suite through 7.10.6, in a
non-default con ...)
- TODO: check
+ NOT-FOR-US: OX App Suite
CVE-2022-29850 (Various Lexmark products through 2022-04-27 allow an attacker
who has ...)
NOT-FOR-US: Lexmark
CVE-2022-29849 (In Progress OpenEdge before 11.7.14 and 12.x before 12.2.9,
certain SU ...)
@@ -42826,9 +42826,9 @@ CVE-2022-29824 (In libxml2 before 2.9.14, several
buffer handling functions in b
CVE-2022-29516 (The web console of FUJITSU Network IPCOM series (IPCOM EX2
IN(3200, 35 ...)
NOT-FOR-US: FUJITSU
CVE-2022-29823 (Feather-Sequalize cleanQuery method uses insecure recursive
logic to f ...)
- TODO: check
+ NOT-FOR-US: Feather js library
CVE-2022-29822 (Due to improper parameter filtering in the Feathers js
library, which ...)
- TODO: check
+ NOT-FOR-US: Feather js library
CVE-2022-29821 (In JetBrains Rider before 2022.1 local code execution via
links in ReS ...)
NOT-FOR-US: JetBrains Rider
CVE-2022-29820 (In JetBrains PyCharm before 2022.1 exposure of the debugger
port to th ...)
@@ -45907,7 +45907,7 @@ CVE-2022-28765
CVE-2022-28764
RESERVED
CVE-2022-28763 (The Zoom Client for Meetings (for Android, iOS, Linux, macOS,
and Wind ...)
- TODO: check
+ NOT-FOR-US: Zoom
CVE-2022-28762 (Zoom Client for Meetings for macOS (Standard and for IT Admin)
startin ...)
NOT-FOR-US: Zoom
CVE-2022-28761 (Zoom On-Premise Meeting Connector MMR before version
4.8.20220916.131 ...)
@@ -47246,7 +47246,7 @@ CVE-2022-28293
CVE-2022-28292
RESERVED
CVE-2022-28291 (Insufficiently Protected Credentials: An authenticated user
with debug ...)
- TODO: check
+ NOT-FOR-US: Nessus
CVE-2022-28290 (Reflective Cross-Site Scripting vulnerability in WordPress
Country Sel ...)
NOT-FOR-US: WordPress plugin
CVE-2022-28289
@@ -47822,9 +47822,9 @@ CVE-2022-1160 (heap buffer overflow in
get_one_sourceline in GitHub repository v
NOTE: Introduced by:
https://github.com/vim/vim/commit/85b43c6cb7d56919e245622f4e42db6d8bee4194
(v8.2.4603)
NOTE: Fixed by:
https://github.com/vim/vim/commit/2bdad6126778f907c0b98002bfebf0e611a3f5db
(v8.2.4647)
CVE-2022-28170 (Brocade Fabric OS Web Application services before Brocade
Fabric v9.1. ...)
- TODO: check
+ NOT-FOR-US: Brocade
CVE-2022-28169 (Brocade Webtools in Brocade Fabric OS versions before Brocade
Fabric O ...)
- TODO: check
+ NOT-FOR-US: Brocade
CVE-2022-28168 (In Brocade SANnav before Brocade SANnav v2.2.0.2 and Brocade
SANnav2.1 ...)
NOT-FOR-US: Brocade
CVE-2022-28167 (Brocade SANnav before Brocade SANvav v. 2.2.0.2 and Brocade
SANanv v.2 ...)
@@ -48592,9 +48592,9 @@ CVE-2022-27915
CVE-2022-27914
RESERVED
CVE-2022-27913 (An issue was discovered in Joomla! 4.2.0 through 4.2.3.
Inadequate fil ...)
- TODO: check
+ NOT-FOR-US: Joomla!
CVE-2022-27912 (An issue was discovered in Joomla! 4.0.0 through 4.2.3. Sites
with pub ...)
- TODO: check
+ NOT-FOR-US: Joomla!
CVE-2022-27911 (An issue was discovered in Joomla! 4.2.0. Multiple Full Path
Disclosur ...)
NOT-FOR-US: Joomla!
CVE-2022-27910 (In Joomla component 'Joomlatools - DOCman 3.5.13 (and likely
most vers ...)
@@ -48630,9 +48630,9 @@ CVE-2022-27896
CVE-2022-27895
RESERVED
CVE-2022-27894 (The Foundry Blobster service was found to have a cross-site
scripting ...)
- TODO: check
+ NOT-FOR-US: Foundry Blobster service
CVE-2022-27893 (The Foundry Magritte plugin osisoft-pi-web-connector versions
0.15.0 - ...)
- TODO: check
+ NOT-FOR-US: Foundry Magritte plugin osisoft-pi-web-connector
CVE-2022-27892
RESERVED
CVE-2022-27891
@@ -49422,9 +49422,9 @@ CVE-2022-27625 (A vulnerability regarding improper
restriction of operations wit
CVE-2022-27624 (A vulnerability regarding improper restriction of operations
within th ...)
NOT-FOR-US: Synology
CVE-2022-27623 (Missing authentication for critical function vulnerability in
iSCSI ma ...)
- TODO: check
+ NOT-FOR-US: Synology DiskStation Manager (DSM)
CVE-2022-27622 (Server-Side Request Forgery (SSRF) vulnerability in Package
Center fun ...)
- TODO: check
+ NOT-FOR-US: Synology DiskStation Manager (DSM)
CVE-2022-27621 (Improper limitation of a pathname to a restricted directory
('Path Tra ...)
NOT-FOR-US: Synology DiskStation Manager
CVE-2022-27620 (Improper limitation of a pathname to a restricted directory
('Path Tra ...)
@@ -49496,15 +49496,15 @@ CVE-2022-27588 (We have already fixed this
vulnerability in the following versio
CVE-2022-27587
RESERVED
CVE-2022-27586 (Password recovery vulnerability in SICK SIM1004 Partnumber
1098148 wit ...)
- TODO: check
+ NOT-FOR-US: SICK SIM1004 Partnumber 1098148
CVE-2022-27585 (Password recovery vulnerability in SICK SIM1000 FX Partnumber
1097816 ...)
- TODO: check
+ NOT-FOR-US: SICK SIM1000 FX Partnumber 1097816 and 1097817
CVE-2022-27584 (Password recovery vulnerability in SICK SIM2000ST Partnumber
2086502 a ...)
- TODO: check
+ NOT-FOR-US: SICK SIM2000ST Partnumber 2086502 and 1080579
CVE-2022-27583 (A remote unprivileged attacker can interact with the
configuration int ...)
- TODO: check
+ NOT-FOR-US: Flexi-Compact FLX3-CPUC1 or FLX3-CPUC2
CVE-2022-27582 (Password recovery vulnerability in SICK SICK SIM4000 (PPC)
Partnumber ...)
- TODO: check
+ NOT-FOR-US: SICK SICK SIM4000 (PPC) Partnumber 1078787
CVE-2022-27581
RESERVED
CVE-2022-27580 (A deserialization vulnerability in a .NET framework class used
and not ...)
@@ -51916,7 +51916,7 @@ CVE-2022-26764 (A memory corruption issue was addressed
with improved validation
CVE-2022-26763 (An out-of-bounds access issue was addressed with improved
bounds check ...)
NOT-FOR-US: Apple
CVE-2022-26762 (A memory corruption issue was addressed with improved memory
handling. ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2022-26761 (A memory corruption issue was addressed with improved memory
handling. ...)
NOT-FOR-US: Apple
CVE-2022-26760
@@ -51980,7 +51980,7 @@ CVE-2022-26732
CVE-2022-26731 (A logic issue was addressed with improved state management.
This issue ...)
NOT-FOR-US: Apple
CVE-2022-26730 (A memory corruption issue existed in the processing of ICC
profiles. T ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2022-26729
RESERVED
CVE-2022-26728 (This issue was addressed with improved entitlements. This
issue is fix ...)
@@ -53794,13 +53794,13 @@ CVE-2022-26125 (Buffer overflow vulnerabilities exist
in FRRouting through 8.1.0
[buster] - frr <no-dsa> (Minor issue)
NOTE: https://github.com/FRRouting/frr/issues/10507
CVE-2022-26122 (An insufficient verification of data authenticity
vulnerability [CWE-3 ...)
- TODO: check
+ NOT-FOR-US: FortiGuard
CVE-2022-26121 (An exposure of resource to wrong sphere vulnerability
[CWE-668] in For ...)
NOT-FOR-US: FortiGuard
CVE-2022-26120 (Multiple improper neutralization of special elements used in
an SQL Co ...)
NOT-FOR-US: Fortinet
CVE-2022-26119 (A improper authentication vulnerability in Fortinet FortiSIEM
before 6 ...)
- TODO: check
+ NOT-FOR-US: FortiGuard
CVE-2022-26118 (A privilege chaining vulnerability [CWE-268] in FortiManager
and Forti ...)
NOT-FOR-US: Fortinet
CVE-2022-26117 (An empty password in configuration file vulnerability
[CWE-258] in For ...)
@@ -54071,7 +54071,7 @@ CVE-2022-25921 (All versions of package morgan-json are
vulnerable to Arbitrary
CVE-2022-25919
RESERVED
CVE-2022-25918 (The package shescape from 1.5.10 and before 1.6.1 are
vulnerable to Re ...)
- TODO: check
+ NOT-FOR-US: shescape
CVE-2022-25916
RESERVED
CVE-2022-25914 (The package com.google.cloud.tools:jib-core before 0.22.0 are
vulnerab ...)
@@ -54118,7 +54118,7 @@ CVE-2022-25894
CVE-2022-25893
RESERVED
CVE-2022-25892 (The package muhammara before 2.6.1, from 3.0.0 and before
3.1.1; all v ...)
- TODO: check
+ NOT-FOR-US: Muhammara Nodejs module
CVE-2022-25891 (The package github.com/containrrr/shoutrrr/pkg/util before
0.6.0 are v ...)
NOT-FOR-US: github.com/containrrr/shoutrrr/pkg/util
CVE-2022-25890
@@ -54133,7 +54133,7 @@ CVE-2022-25887 (The package sanitize-html before 2.7.1
are vulnerable to Regular
CVE-2022-25886
RESERVED
CVE-2022-25885 (The package muhammara before 2.6.0; all versions of package
hummus are ...)
- TODO: check
+ NOT-FOR-US: Muhammara Nodejs module
CVE-2022-25884
RESERVED
CVE-2022-25883
@@ -54209,7 +54209,7 @@ CVE-2022-25851 (The package jpeg-js before 0.4.4 are
vulnerable to Denial of Ser
CVE-2022-25850 (The package github.com/hoppscotch/proxyscotch before 1.0.0 are
vulnera ...)
NOT-FOR-US: hoppscotch proxyscotch
CVE-2022-25849 (The package joyqi/hyper-down from 0.0.0 are vulnerable to
Cross-site S ...)
- TODO: check
+ NOT-FOR-US: joyqi/hyper-down
CVE-2022-25848
RESERVED
CVE-2022-25847
@@ -54444,7 +54444,7 @@ CVE-2022-21187 (The package libvcs before 0.11.1 are
vulnerable to Command Injec
CVE-2022-21186 (The package @acrontum/filesystem-template before 0.0.2 are
vulnerable ...)
NOT-FOR-US: acrontum/filesystem-template
CVE-2022-21169 (The package express-xss-sanitizer before 1.1.3 are vulnerable
to Proto ...)
- TODO: check
+ NOT-FOR-US: express-xss-sanitizer
CVE-2022-21167 (All versions of package masuit.tools.core are vulnerable to
Arbitrary ...)
NOT-FOR-US: masuit.tools
CVE-2022-21165 (All versions of package font-converter are vulnerable to
Arbitrary Com ...)
@@ -57116,7 +57116,7 @@ CVE-2022-24938
CVE-2022-24937
RESERVED
CVE-2022-24936 (Out-of-Bounds error in GBL parser in Silicon Labs Gecko
Bootloader ver ...)
- TODO: check
+ NOT-FOR-US: Silicon Labs Gecko Bootloader
CVE-2022-24935 (Lexmark products through 2022-02-10 have Incorrect Access
Control. ...)
NOT-FOR-US: Lexmark
CVE-2022-24934 (wpsupdater.exe in Kingsoft WPS Office through 11.2.0.10382
allows remo ...)
@@ -58035,9 +58035,9 @@ CVE-2022-21168 (The affected product is vulnerable due
to an invalid pointer ini
CVE-2022-24671 (A link following privilege escalation vulnerability in Trend
Micro Ant ...)
NOT-FOR-US: Trend Micro
CVE-2022-24670 (An attacker can use the unrestricted LDAP queries to determine
configu ...)
- TODO: check
+ NOT-FOR-US: forgerock
CVE-2022-24669 (It may be possible to gain some details of the deployment
through a we ...)
- TODO: check
+ NOT-FOR-US: forgerock
CVE-2022-0547 (OpenVPN 2.1 until v2.4.12 and v2.5.6 may enable authentication
bypass ...)
{DLA-2992-1}
- openvpn 2.5.6-1 (bug #1008015)
@@ -65629,7 +65629,7 @@ CVE-2022-22660 (This issue was addressed with a new
entitlement. This issue is f
CVE-2022-22659 (A logic issue was addressed with improved state management.
This issue ...)
NOT-FOR-US: Apple
CVE-2022-22658 (An input validation issue was addressed with improved input
validation ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2022-22657 (A memory initialization issue was addressed with improved
memory handl ...)
NOT-FOR-US: Apple
CVE-2022-22656 (An authentication issue was addressed with improved state
management. ...)
@@ -67355,11 +67355,11 @@ CVE-2022-0076
CVE-2022-0075
RESERVED
CVE-2022-0074 (Untrusted Search Path vulnerability in LiteSpeed Technologies
OpenLite ...)
- TODO: check
+ NOT-FOR-US: LiteSpeed Technologies OpenLiteSpeed Web Server and
LiteSpeed Web Server Container
CVE-2022-0073 (Improper Input Validation vulnerability in LiteSpeed
Technologies Open ...)
- TODO: check
+ NOT-FOR-US: LiteSpeed Technologies OpenLiteSpeed Web Server and
LiteSpeed Web Server dashboards
CVE-2022-0072 (Directory Traversal vulnerability in LiteSpeed Technologies
OpenLiteSp ...)
- TODO: check
+ NOT-FOR-US: LiteSpeed Technologies OpenLiteSpeed Web Server and
LiteSpeed Web Server dashboards
CVE-2022-0071 (Incomplete fix for CVE-2021-3101. Hotdog, prior to v1.0.2, did
not mim ...)
NOT-FOR-US: Amazon Web Services hotpatch
CVE-2022-0070 (Incomplete fix for CVE-2021-3100. The Apache Log4j hotpatch
package st ...)
@@ -68594,9 +68594,9 @@ CVE-2021-45478
CVE-2021-45477
RESERVED
CVE-2021-45476 (Yordam Library Information Document Automation product before
version ...)
- TODO: check
+ NOT-FOR-US: Yordam Library Information Document Automation
CVE-2021-45475 (Yordam Library Information Document Automation product before
version ...)
- TODO: check
+ NOT-FOR-US: Yordam Library Information Document Automation
CVE-2021-4166 (vim is vulnerable to Out-of-bounds Read ...)
- vim 2:8.2.3995-1
[bullseye] - vim <no-dsa> (Minor issue)
@@ -69184,11 +69184,11 @@ CVE-2021-45450 (In Mbed TLS before 2.28.0 and 3.x
before 3.1.0, psa_cipher_gener
CVE-2021-45449 (Docker Desktop version 4.3.0 and 4.3.1 has a bug that may log
sensitiv ...)
NOT-FOR-US: Docker Desktop on Windows
CVE-2021-45448 (Pentaho Business Analytics Server versions before 9.2.0.2 and
8.3.0.25 ...)
- TODO: check
+ NOT-FOR-US: Pentaho Business Analytics Server
CVE-2021-45447 (Hitachi Vantara Pentaho Business Analytics Server versions
before 9.3. ...)
- TODO: check
+ NOT-FOR-US: Hitachi
CVE-2021-45446 (A vulnerability in Hitachi Vantara Pentaho Business Analytics
Server v ...)
- TODO: check
+ NOT-FOR-US: Hitachi
CVE-2021-45445 (Unisys ClearPath MCP TCP/IP Networking Services 59.1, 60.0,
and 62.0 h ...)
NOT-FOR-US: Unisys
CVE-2021-45444 (In zsh before 5.8.1, an attacker can achieve code execution if
they co ...)
@@ -71247,7 +71247,7 @@ CVE-2021-44864 (TP-Link WR886N 3.0 1.0.1 Build 150127
Rel.34123n is vulnerable t
CVE-2021-44863
RESERVED
CVE-2021-44862 (Netskope client is impacted by a vulnerability where an
authenticated, ...)
- TODO: check
+ NOT-FOR-US: Netskope
CVE-2021-44861
RESERVED
CVE-2021-44860 (An out-of-bounds read vulnerability exists when reading a TIF
file usi ...)
@@ -77839,7 +77839,7 @@ CVE-2022-20971
CVE-2022-20970
RESERVED
CVE-2022-20969 (A vulnerability in multiple management dashboard pages of
Cisco Umbrel ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2022-20968
RESERVED
CVE-2022-20967
@@ -77851,31 +77851,31 @@ CVE-2022-20965
CVE-2022-20964
RESERVED
CVE-2022-20963 (A vulnerability in the web-based management interface of Cisco
Identit ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2022-20962 (A vulnerability in the Localdisk Management feature of Cisco
Identity ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2022-20961 (A vulnerability in the web-based management interface of Cisco
Identit ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2022-20960 (A vulnerability in Cisco AsyncOS Software for Cisco Email
Security App ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2022-20959 (A vulnerability in the External RESTful Services (ERS) API of
Cisco Id ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2022-20958 (A vulnerability in the web-based management interface of Cisco
BroadWo ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2022-20957
RESERVED
CVE-2022-20956 (A vulnerability in the web-based management interface of Cisco
Identit ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2022-20955 (Multiple vulnerabilities in Cisco TelePresence Collaboration
Endpoint ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2022-20954 (Multiple vulnerabilities in Cisco TelePresence Collaboration
Endpoint ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2022-20953 (Multiple vulnerabilities in Cisco TelePresence Collaboration
Endpoint ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2022-20952
RESERVED
CVE-2022-20951 (A vulnerability in the web-based management interface of Cisco
BroadWo ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2022-20950
RESERVED
CVE-2022-20949
@@ -77893,7 +77893,7 @@ CVE-2022-20944 (A vulnerability in the software image
verification functionality
CVE-2022-20943
RESERVED
CVE-2022-20942 (A vulnerability in the web-based management interface of Cisco
Email S ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2022-20941
RESERVED
CVE-2022-20940
@@ -77903,7 +77903,7 @@ CVE-2022-20939
CVE-2022-20938
RESERVED
CVE-2022-20937 (A vulnerability in a feature that monitors RADIUS requests on
Cisco Id ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2022-20936
RESERVED
CVE-2022-20935
@@ -77911,7 +77911,7 @@ CVE-2022-20935
CVE-2022-20934
RESERVED
CVE-2022-20933 (A vulnerability in the Cisco AnyConnect VPN server of Cisco
Meraki MX ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2022-20932
RESERVED
CVE-2022-20931
@@ -78041,9 +78041,9 @@ CVE-2022-20870 (A vulnerability in the egress MPLS
packet processing function of
CVE-2022-20869 (A vulnerability in the web-based management interface of Cisco
BroadWo ...)
NOT-FOR-US: Cisco
CVE-2022-20868 (A vulnerability in the web-based management interface of Cisco
Email S ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2022-20867 (A vulnerability in web-based management interface of the of
Cisco Emai ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2022-20866 (A vulnerability in the handling of RSA keys on devices running
Cisco A ...)
NOT-FOR-US: Cisco
CVE-2022-20865 (A vulnerability in the CLI of Cisco FXOS Software could allow
an authe ...)
@@ -78133,7 +78133,7 @@ CVE-2022-20824 (A vulnerability in the Cisco Discovery
Protocol feature of Cisco
CVE-2022-20823 (A vulnerability in the OSPF version 3 (OSPFv3) feature of
Cisco NX-OS ...)
NOT-FOR-US: Cisco
CVE-2022-20822 (A vulnerability in the web-based management interface of Cisco
Identit ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2022-20821 (A vulnerability in the health check RPM of Cisco IOS XR
Software could ...)
NOT-FOR-US: Cisco
CVE-2022-20820 (Multiple vulnerabilities in the web interface of Cisco Webex
Meetings ...)
@@ -78155,7 +78155,7 @@ CVE-2022-20813 (Multiple vulnerabilities in the API and
in the web-based managem
CVE-2022-20812 (Multiple vulnerabilities in the API and in the web-based
management in ...)
NOT-FOR-US: Cisco
CVE-2022-20811 (Multiple vulnerabilities in Cisco TelePresence Collaboration
Endpoint ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2022-20810 (A vulnerability in the Simple Network Management Protocol
(SNMP) of Ci ...)
NOT-FOR-US: Cisco
CVE-2022-20809 (Multiple vulnerabilities in the API and web-based management
interface ...)
@@ -78239,7 +78239,7 @@ CVE-2022-20778 (A vulnerability in the authentication
component of Cisco Webex M
CVE-2022-20777 (Multiple vulnerabilities in Cisco Enterprise NFV
Infrastructure Softwa ...)
NOT-FOR-US: Cisco
CVE-2022-20776 (Multiple vulnerabilities in Cisco TelePresence Collaboration
Endpoint ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2022-20775 (Multiple vulnerabilities in the CLI of Cisco SD-WAN Software
could all ...)
NOT-FOR-US: Cisco
CVE-2022-20774 (A vulnerability in the web-based management interface of Cisco
IP Phon ...)
@@ -78247,7 +78247,7 @@ CVE-2022-20774 (A vulnerability in the web-based
management interface of Cisco I
CVE-2022-20773 (A vulnerability in the key-based SSH authentication mechanism
of Cisco ...)
NOT-FOR-US: Cisco
CVE-2022-20772 (A vulnerability in Cisco Email Security Appliance (ESA) and
Cisco Secu ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2022-20771 (On April 20, 2022, the following vulnerability in the ClamAV
scanning ...)
{DLA-3042-1}
- clamav 0.103.6+dfsg-1
@@ -79746,7 +79746,7 @@ CVE-2021-42778 (A heap double free issue was found in
Opensc before version 0.22
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=28185
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2016083
CVE-2021-42777 (Stimulsoft (aka Stimulsoft Reports) 2013.1.1600.0, when
Compilation Mo ...)
- TODO: check
+ NOT-FOR-US: Stimulsoft
CVE-2021-42776 (CloverDX Server before 5.11.2 and and 5.12.x before 5.12.1
allows XXE ...)
NOT-FOR-US: CloverDX Server
CVE-2021-42775 (Broadcom Emulex HBA Manager/One Command Manager versions
before 11.4.4 ...)
@@ -86453,7 +86453,7 @@ CVE-2021-40663 (deep.assign npm package 0.0.0-alpha.0
is vulnerable to Improperl
CVE-2021-40662 (A Cross-Site Request Forgery (CSRF) in Chamilo LMS 1.11.14
allows atta ...)
NOT-FOR-US: Chamilo LMS
CVE-2021-40661 (A remote, unauthenticated, directory traversal vulnerability
was ident ...)
- TODO: check
+ NOT-FOR-US: IND780 Advanced Weighing Terminals
CVE-2021-40660 (An issue was discovered in Delight Nashorn Sandbox 0.2.0.
There is an ...)
NOT-FOR-US: Delight Nashorn Sandbox
CVE-2021-40659
@@ -89435,7 +89435,7 @@ CVE-2021-39475
CVE-2021-39474 (Vulnerability in the product Docsis 3.0 UBC1319BA00 Router
supported a ...)
NOT-FOR-US: Docsis UBC1319BA00 Router
CVE-2021-39473 (Saibamen HotelManager v1.2 is vulnerable to Cross Site
Scripting (XSS) ...)
- TODO: check
+ NOT-FOR-US: Saibamen HotelManager
CVE-2021-39472
RESERVED
CVE-2021-39471
@@ -89517,7 +89517,7 @@ CVE-2021-39434
CVE-2021-39433 (A local file inclusion (LFI) vulnerability exists in version
BIQS IT B ...)
NOT-FOR-US: BIQS IT Biqs-drive
CVE-2021-39432 (diplib v3.0.0 is vulnerable to Double Free. ...)
- TODO: check
+ NOT-FOR-US: diplib
CVE-2021-39431
RESERVED
CVE-2021-39430
@@ -91228,25 +91228,25 @@ CVE-2021-38739
CVE-2021-38738
RESERVED
CVE-2021-38737 (SEMCMS v 1.1 is vulnerable to SQL Injection via Ant_Pro.php.
...)
- TODO: check
+ NOT-FOR-US: SEMCMS
CVE-2021-38736 (SEMCMS Shop V 1.1 is vulnerable to SQL Injection via
Ant_Global.php. ...)
- TODO: check
+ NOT-FOR-US: SEMCMS
CVE-2021-38735
RESERVED
CVE-2021-38734 (SEMCMS SHOP v 1.1 is vulnerable to SQL Injection via
Ant_Menu.php. ...)
- TODO: check
+ NOT-FOR-US: SEMCMS
CVE-2021-38733 (SEMCMS SHOP v 1.1 is vulnerable to SQL Injection via
Ant_BlogCat.php. ...)
- TODO: check
+ NOT-FOR-US: SEMCMS
CVE-2021-38732 (SEMCMS SHOP v 1.1 is vulnerable to SQL via Ant_Message.php.
...)
- TODO: check
+ NOT-FOR-US: SEMCMS
CVE-2021-38731 (SEMCMS SHOP v 1.1 is vulnerable to SQL Injection via
Ant_Zekou.php. ...)
- TODO: check
+ NOT-FOR-US: SEMCMS
CVE-2021-38730 (SEMCMS SHOP v 1.1 is vulnerable to SQL Injection via
Ant_Info.php. ...)
- TODO: check
+ NOT-FOR-US: SEMCMS
CVE-2021-38729 (SEMCMS SHOP v 1.1 is vulnerable to SQL Injection via
Ant_Plist.php. ...)
- TODO: check
+ NOT-FOR-US: SEMCMS
CVE-2021-38728 (SEMCMS SHOP v 1.1 is vulnerable to Cross Site Scripting (XSS)
via Ant_ ...)
- TODO: check
+ NOT-FOR-US: SEMCMS
CVE-2021-38727 (FUEL CMS 1.5.0 allows SQL Injection via parameter 'col' in
/fuel/index ...)
NOT-FOR-US: FUEL CMS
CVE-2021-38726
@@ -92121,15 +92121,15 @@ CVE-2021-38401 (Fuji Electric V-Server Lite and
Tellus Lite V-Simulator prior to
CVE-2021-38400 (An attacker with physical access to Boston Scientific Zoom
Latitude Mo ...)
NOT-FOR-US: Boston Scientific Zoom Latitude Model 3120
CVE-2021-38399 (Honeywell Experion PKS C200, C200E, C300, and ACE controllers
are vuln ...)
- TODO: check
+ NOT-FOR-US: Honeywell Experion PKS C200, C200E, C300, and ACE
controllers
CVE-2021-38398 (The affected device uses off-the-shelf software components
that contai ...)
NOT-FOR-US: Boston Scientific
CVE-2021-38397 (Honeywell Experion PKS C200, C200E, C300, and ACE controllers
are vuln ...)
- TODO: check
+ NOT-FOR-US: Honeywell Experion PKS C200, C200E, C300, and ACE
controllers
CVE-2021-38396 (The programmer installation utility does not perform a
cryptographic a ...)
NOT-FOR-US: Boston Scientific
CVE-2021-38395 (Honeywell Experion PKS C200, C200E, C300, and ACE controllers
are vuln ...)
- TODO: check
+ NOT-FOR-US: Honeywell Experion PKS C200, C200E, C300, and ACE
controllers
CVE-2021-38394 (An attacker with physical access to the device can extract the
binary ...)
NOT-FOR-US: Boston Scientific
CVE-2021-38393 (A Blind SQL injection vulnerability exists in the
/DataHandler/Handler ...)
@@ -92577,7 +92577,7 @@ CVE-2021-38219
CVE-2021-38218
RESERVED
CVE-2021-38217 (SEMCMS v 1.2 is vulnerable to SQL Injection via
SEMCMS_User.php. ...)
- TODO: check
+ NOT-FOR-US: SEMCMS
CVE-2021-38216
RESERVED
CVE-2021-38215
@@ -93821,7 +93821,7 @@ CVE-2021-37825
CVE-2021-37824
RESERVED
CVE-2021-37823 (OpenCart 3.0.3.7 allows users to obtain database information
or read s ...)
- TODO: check
+ NOT-FOR-US: OpenCart
CVE-2021-37822
RESERVED
CVE-2021-37821
@@ -93911,9 +93911,9 @@ CVE-2021-37784
CVE-2021-37783
RESERVED
CVE-2021-37782 (Employee Record Management System v 1.2 is vulnerable to SQL
Injection ...)
- TODO: check
+ NOT-FOR-US: Employee Record Management System
CVE-2021-37781 (Employee Record Management System v 1.2 is vulnerable to Cross
Site Sc ...)
- TODO: check
+ NOT-FOR-US: Employee Record Management System
CVE-2021-37780
RESERVED
CVE-2021-37779
@@ -95994,7 +95994,7 @@ CVE-2021-36908 (Cross-Site Request Forgery (CSRF)
vulnerability leading to Datab
CVE-2021-36907
RESERVED
CVE-2021-36906 (Multiple Insecure Direct Object References (IDOR)
vulnerabilities in E ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-36905
RESERVED
CVE-2021-36904
@@ -96010,7 +96010,7 @@ CVE-2021-36900
CVE-2021-36899 (Authenticated (admin+) Reflected Cross-Site Scripting (XSS)
vulnerabil ...)
NOT-FOR-US: WordPress plugin
CVE-2021-36898 (Auth. SQL Injection (SQLi) vulnerability in Quiz And Survey
Master plu ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-36897
RESERVED
CVE-2021-36896 (Authenticated (author or higher user role) Stored Cross-Site
Scripting ...)
@@ -96078,9 +96078,9 @@ CVE-2021-36866 (Authenticated (author or higher role)
Stored Cross-Site Scriptin
CVE-2021-36865 (Insecure direct object references (IDOR) vulnerability in
ExpressTech ...)
NOT-FOR-US: WordPress plugin
CVE-2021-36864 (Auth. (editor+) Reflected Cross-Site Scripting (XSS)
vulnerability in ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-36863 (Auth. (contributor+) Stored Cross-Site Scripting (XSS)
vulnerability i ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-36862
RESERVED
CVE-2021-36861 (Cross-Site Request Forgery (CSRF) vulnerability in Rich
Reviews by Sta ...)
@@ -96090,7 +96090,7 @@ CVE-2021-36860
CVE-2021-36859
RESERVED
CVE-2021-36858 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Them ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-36857 (Authenticated (editor+) Stored Cross-Site Scripting (XSS)
vulnerabilit ...)
NOT-FOR-US: WordPress plugin
CVE-2021-36856
@@ -97657,7 +97657,7 @@ CVE-2021-36208
CVE-2021-36207 (Under certain circumstances improper privilege management in
Metasys A ...)
NOT-FOR-US: Metasys
CVE-2021-36206 (All versions of CEVAS prior to 1.01.46 do not sufficiently
validate us ...)
- TODO: check
+ NOT-FOR-US: CEVAS
CVE-2021-36205 (Under certain circumstances the session token is not cleared
on logout ...)
NOT-FOR-US: Johnson Controls
CVE-2021-36204
@@ -119360,7 +119360,7 @@ CVE-2021-27786 (Cross-origin resource sharing (CORS)
enables browsers to perform
CVE-2021-27785 (HCL Commerce's Remote Store server could allow a local
attacker to obt ...)
NOT-FOR-US: HCL Commerce's Remote Store server
CVE-2021-27784 (The provided HCL Launch Container images contain non-unique
HTTPS cert ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2021-27783 (User generated PPKG file for Bulk Enroll may have unencrypted
sensitiv ...)
NOT-FOR-US: HCL
CVE-2021-27782
@@ -210139,7 +210139,7 @@ CVE-2020-4101 ("HCL Digital Experience is susceptible
to Server Side Request For
CVE-2020-4100 ("HCL Verse for Android was found to employ dynamic code
loading. This ...)
NOT-FOR-US: HCL
CVE-2020-4099 (The application was signed using a key length less than or
equal to 10 ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2020-4098
RESERVED
CVE-2020-4097 (In HCL Notes version 9 previous to release 9.0.1 FixPack 10
Interim Fi ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b9e56cea0d4332e594dc1c9db065453762895f44
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b9e56cea0d4332e594dc1c9db065453762895f44
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
