Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
2fa71d05 by Salvatore Bonaccorso at 2022-11-11T21:30:03+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -64,23 +64,23 @@ CVE-2022-3952 (A vulnerability has been found in
ManyDesigns Portofino 5.3.2 and
CVE-2022-3951
RESERVED
CVE-2022-3950 (A vulnerability, which was classified as problematic, was found
in san ...)
- TODO: check
+ NOT-FOR-US: sanluan PublicCMS
CVE-2022-3949 (A vulnerability, which was classified as problematic, has been
found i ...)
- TODO: check
+ NOT-FOR-US: Sourcecodester Simple Cashiering System
CVE-2022-3948 (A vulnerability classified as critical was found in eolinker
goku_lite ...)
- TODO: check
+ NOT-FOR-US: eolinker goku_lite
CVE-2022-3947 (A vulnerability classified as critical has been found in
eolinker goku ...)
- TODO: check
+ NOT-FOR-US: eolinker goku_lite
CVE-2022-3946
RESERVED
CVE-2022-3945 (Improper Restriction of Excessive Authentication Attempts in
GitHub re ...)
TODO: check
CVE-2022-3944 (A vulnerability was found in jerryhanjj ERP. It has been
declared as c ...)
- TODO: check
+ NOT-FOR-US: jerryhanjj ERP
CVE-2022-3943 (A vulnerability was found in ForU CMS. It has been classified
as probl ...)
- TODO: check
+ NOT-FOR-US: ForU CMS
CVE-2022-3942 (A vulnerability was found in SourceCodester Sanitization
Management Sy ...)
- TODO: check
+ NOT-FOR-US: SourceCodester Sanitization Management System
CVE-2022-45146
RESERVED
CVE-2022-45145
@@ -12076,7 +12076,7 @@ CVE-2022-40196
CVE-2022-38136
RESERVED
CVE-2022-38099 (Improper input validation in BIOS firmware for some Intel(R)
NUC 11 Co ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-3328
RESERVED
CVE-2022-3327 (Missing Authentication for Critical Function in GitHub
repository ikus ...)
@@ -22972,13 +22972,13 @@ CVE-2022-2647 (A vulnerability was found in
jeecg-boot. It has been declared as
CVE-2022-37397 (An issue was discovered in the YugabyteDB 2.6.1 when using
LDAP-based ...)
NOT-FOR-US: YugabyteDB
CVE-2022-37345 (Improper authentication in BIOS firmware[A1] for some Intel(R)
NUC Kit ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-37334 (Improper initialization in BIOS firmware for some Intel(R) NUC
11 Pro ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-37327
RESERVED
CVE-2022-36789 (Improper access control in BIOS firmware for some Intel(R) NUC
10 Perf ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-36391
RESERVED
CVE-2022-36339
@@ -22986,9 +22986,9 @@ CVE-2022-36339
CVE-2022-35400
RESERVED
CVE-2022-35276 (Improper access control in BIOS firmware for some Intel(R) NUC
8 Compu ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-34152 (Improper input validation in BIOS firmware for some Intel(R)
NUC Board ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-32766
RESERVED
CVE-2022-2646 (A vulnerability, which was classified as problematic, was found
in Sou ...)
@@ -24249,7 +24249,7 @@ CVE-2022-36393
CVE-2022-36366
RESERVED
CVE-2022-36349 (Insecure default variable initialization in BIOS firmware for
some Int ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-34653
RESERVED
CVE-2022-33145
@@ -25379,17 +25379,17 @@ CVE-2017-20145 (A vulnerability was found in Tecrail
Responsive Filemanger up to
CVE-2017-20144 (A vulnerability has been found in Anvsoft PDFMate PDF
Converter Pro 1. ...)
NOT-FOR-US: Anvsoft PDFMate PDF Converter Pro
CVE-2022-36400 (Path traversal in the installer software for some Intel(r) NUC
Kit Wir ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-36392
RESERVED
CVE-2022-36384 (Unquoted search path in the installer software for some
Intel(r) NUC K ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-36382
RESERVED
CVE-2022-36380 (Uncontrolled search path in the installer software for some
Intel(r) N ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-36370 (Improper authentication in BIOS firmware for some Intel(R) NUC
Boards ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-36283
RESERVED
CVE-2022-34864
@@ -25435,7 +25435,7 @@ CVE-2022-36396
CVE-2022-36395
RESERVED
CVE-2022-36377 (Incorrect default permissions in the installer software for
some Intel ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-36374
RESERVED
CVE-2022-36287
@@ -25569,7 +25569,7 @@ CVE-2022-2510 (Cross-site Scripting (XSS) vulnerability
in "Extension:ExtendedSe
CVE-2022-36372
RESERVED
CVE-2022-36367 (Incorrect default permissions in the Intel(R) Support Android
applicat ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-36364 (Apache Calcite Avatica JDBC driver creates HTTP client
instances based ...)
NOT-FOR-US: Apache Calcite
CVE-2022-36298
@@ -27278,7 +27278,7 @@ CVE-2022-2397
CVE-2022-2396 (A vulnerability classified as problematic was found in
SourceCodester ...)
NOT-FOR-US: Simple e-Learning System
CVE-2022-35740 (dotCMS before 22.06 allows remote attackers to bypass intended
access ...)
- TODO: check
+ NOT-FOR-US: dotCMS
CVE-2022-35739 (PRTG Network Monitor through 22.2.77.2204 does not prevent
custom inpu ...)
NOT-FOR-US: PRTG Network Monitor
CVE-2022-35738
@@ -32192,7 +32192,7 @@ CVE-2022-33982
CVE-2022-33976
RESERVED
CVE-2022-33973 (Improper access control in the Intel(R) WAPI Security software
for Win ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-33898
RESERVED
CVE-2022-32764
@@ -32330,7 +32330,7 @@ CVE-2022-33950
CVE-2022-33945
RESERVED
CVE-2022-33942 (Protection mechanism failure in the Intel(R) DCM software
before versi ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-33902
RESERVED
CVE-2022-33899
@@ -32348,7 +32348,7 @@ CVE-2022-33200
CVE-2022-33188
RESERVED
CVE-2022-33176 (Improper input validation in BIOS firmware for some Intel(R)
NUC 11 Pe ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-33143
RESERVED
CVE-2022-33141
@@ -32374,13 +32374,13 @@ CVE-2022-31477
CVE-2022-30704
RESERVED
CVE-2022-30691 (Uncontrolled resource consumption in the Intel(R) Support
Android appl ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-30606
RESERVED
CVE-2022-30537
RESERVED
CVE-2022-30297 (Cross-site scripting in the Intel(R) EMA software before
version 1.8.0 ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-29924
RESERVED
CVE-2022-29921
@@ -35585,7 +35585,7 @@ CVE-2022-32590 (In wlan, there is a possible use after
free due to an incorrect
CVE-2022-32589 (In Wi-Fi driver, there is a possible way to disconnect Wi-Fi
due to an ...)
NOT-FOR-US: Mediatek
CVE-2022-32569 (Improper buffer restrictions in BIOS firmware for some
Intel(R) NUC M1 ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-32568
RESERVED
CVE-2022-32567 (The Appfire Jira Misc Custom Fields (JMCF) app 2.4.6 for
Atlassian Jir ...)
@@ -35625,7 +35625,7 @@ CVE-2022-30944 (Insufficiently protected credentials
for Intel(R) AMT and Intel(
CVE-2022-30601 (Insufficiently protected credentials for Intel(R) AMT and
Intel(R) Sta ...)
NOT-FOR-US: Intel
CVE-2022-30542 (Improper input validation in the firmware for some Intel(R)
Server Boa ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-30539
RESERVED
CVE-2022-29920
@@ -41766,7 +41766,7 @@ CVE-2022-1671 (A NULL pointer dereference flaw was
found in rxrpc_preparse_s in
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2083992
NOTE: Fixed by:
https://git.kernel.org/linus/ff8376ade4f668130385839cef586a0990f8ef87 (5.18-rc1)
CVE-2022-30548 (Uncontrolled search path element in the Intel(R) Glorp
software may al ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-30339
RESERVED
CVE-2022-30338
@@ -41776,11 +41776,11 @@ CVE-2022-30296 (Insufficiently protected credentials
in the Intel(R) Datacenter
CVE-2022-29919
RESERVED
CVE-2022-29893 (Improper authentication in firmware for Intel(R) AMT before
versions 1 ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-29887
RESERVED
CVE-2022-29515 (Missing release of memory after effective lifetime in firmware
for Int ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-29508
RESERVED
CVE-2022-29507 (Insufficiently protected credentials in the Intel(R) Team Blue
mobile ...)
@@ -44923,13 +44923,13 @@ CVE-2022-29486 (Improper buffer restrictions in the
Hyperscan library maintained
CVE-2022-29469
RESERVED
CVE-2022-29466 (Improper input validation in firmware for Intel(R) SPS before
version ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-29262
RESERVED
CVE-2022-28858 (Improper buffer restriction in the firmware for some Intel(R)
NUC Lapt ...)
NOT-FOR-US: Intel
CVE-2022-27497 (Null pointer dereference in firmware for Intel(R) AMT before
version 1 ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-27493 (Improper initialization in the firmware for some Intel(R) NUC
Laptop K ...)
NOT-FOR-US: Intel
CVE-2022-26424
@@ -47179,31 +47179,31 @@ CVE-2022-28665 (A memory corruption vulnerability
exists in the httpd unescape f
CVE-2022-28664 (A memory corruption vulnerability exists in the httpd unescape
functio ...)
NOT-FOR-US: FreshTomato
CVE-2022-28611 (Improper input validation in some Intel(R) XMM(TM) 7560 Modem
software ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-28126 (Improper input validation in some Intel(R) XMM(TM) 7560 Modem
software ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-27879
RESERVED
CVE-2022-27876
RESERVED
CVE-2022-27874 (Improper authentication in some Intel(R) XMM(TM) 7560 Modem
software b ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-27639 (Incomplete cleanup in some Intel(R) XMM(TM) 7560 Modem
software before ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-27638 (Uncontrolled search path element in the Intel(R) Advanced Link
Analyze ...)
TODO: check
CVE-2022-27631 (A memory corruption vulnerability exists in the httpd unescape
functio ...)
NOT-FOR-US: DD-WRT
CVE-2022-27499 (Premature release of resource during expected lifetime in the
Intel(R) ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-27234
RESERVED
CVE-2022-27187 (Uncontrolled search path element in the Intel(R) Quartus Prime
Standar ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-27173
RESERVED
CVE-2022-26845 (Improper authentication in firmware for Intel(R) AMT before
versions 1 ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-26841
RESERVED
CVE-2022-26837
@@ -47213,25 +47213,25 @@ CVE-2022-26833 (An improper authentication
vulnerability exists in the REST API
CVE-2022-26515
RESERVED
CVE-2022-26513 (Out-of-bounds write in some Intel(R) XMM(TM) 7560 Modem
software befor ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-26509
RESERVED
CVE-2022-26508 (Improper authentication in the Intel(R) SDP Tool before
version 3.0.0 ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-26376 (A memory corruption vulnerability exists in the httpd unescape
functio ...)
NOT-FOR-US: Asuswrt
CVE-2022-26369 (Out-of-bounds read in some Intel(R) XMM(TM) 7560 Modem
software before ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-26367 (Improper buffer restrictions in some Intel(R) XMM(TM) 7560
Modem softw ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-26341 (Insufficiently protected credentials in software in Intel(R)
AMT SDK b ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-26079 (Improper conditions check in some Intel(R) XMM(TM) 7560 Modem
software ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-26047 (Improper input validation for some Intel(R) PROSet/Wireless
WiFi, Inte ...)
TODO: check
CVE-2022-26045 (Improper buffer restrictions in some Intel(R) XMM(TM) 7560
Modem softw ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-25868
RESERVED
CVE-2022-1284 (heap-use-after-free in GitHub repository radareorg/radare2
prior to 5. ...)
@@ -50752,7 +50752,7 @@ CVE-2022-27501
CVE-2022-27500 (Incorrect default permissions for the Intel(R) Support Android
applica ...)
NOT-FOR-US: Intel
CVE-2022-27233 (XML injection in the Intel(R) Quartus Prime Pro and Standard
edition s ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-27229
RESERVED
CVE-2022-27183 (The Monitoring Console app configured in Distributed mode
allows for a ...)
@@ -50768,7 +50768,7 @@ CVE-2022-26840
CVE-2022-26070 (When handling a mismatched pre-authentication cookie, the
application ...)
NOT-FOR-US: Splunk
CVE-2022-26024 (Improper access control in the Intel(R) NUC HDMI Firmware
Update Tool ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-26017 (Improper access control in the Intel(R) DSA software for
before versio ...)
NOT-FOR-US: Intel
CVE-2022-25841 (Uncontrolled search path elements in the Intel(R) Datacenter
Group Eve ...)
@@ -54174,9 +54174,9 @@ CVE-2022-26304
CVE-2022-26131 (Power Line Communications PLC4TRUCKS J2497 trailer receivers
are susce ...)
NOT-FOR-US: Power Line Communications PLC4TRUCKS J2497 trailer receivers
CVE-2022-26124 (Improper buffer restrictions in BIOS firmware for some
Intel(R) NUC Bo ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-26086 (Uncontrolled search path element in the PresentMon software
maintained ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-26083
RESERVED
CVE-2022-26074 (Incomplete cleanup in a firmware subsystem for Intel(R) SPS
before ver ...)
@@ -54190,9 +54190,9 @@ CVE-2022-26038
CVE-2022-26037
RESERVED
CVE-2022-26028 (Uncontrolled search path in the Intel(R) VTune(TM) Profiler
software b ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-26006 (Improper input validation in the BIOS firmware for some
Intel(R) Proce ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-25999 (Uncontrolled search path element in the Intel(R) Enpirion(R)
Digital P ...)
NOT-FOR-US: Intel
CVE-2022-25992
@@ -54202,7 +54202,7 @@ CVE-2022-25966 (Improper access control in the Intel(R)
Edge Insights for Indust
CVE-2022-25922 (Power Line Communications PLC4TRUCKS J2497 trailer brake
controllers i ...)
NOT-FOR-US: Power Line Communications PLC4TRUCKS J2497 trailer brake
controllers
CVE-2022-25917 (Uncaught exception in the firmware for some Intel(R) Server
Board M50C ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-25909
RESERVED
CVE-2022-25870
@@ -56841,7 +56841,7 @@ CVE-2022-22139 (Uncontrolled search path in the
Intel(R) XTU software before ver
CVE-2022-21225 (Improper neutralization in the Intel(R) Data Center Manager
software b ...)
NOT-FOR-US: Intel
CVE-2022-21198 (Time-of-check time-of-use race condition in the BIOS firmware
for some ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-21183
RESERVED
CVE-2016-20014 (In pam_tacplus.c in pam_tacplus before 1.4.1, pam_sm_acct_mgmt
does no ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2fa71d058f4b76aa89072ee9ebfd52520a552946
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2fa71d058f4b76aa89072ee9ebfd52520a552946
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
