Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits: 6ca0332c by Moritz Muehlenhoff at 2022-11-21T12:46:34+01:00 NFUs - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,5 +1,5 @@ CVE-2022-4096 (Server-Side Request Forgery (SSRF) in GitHub repository appsmithorg/ap ...) - TODO: check + NOT-FOR-US: appsmith CVE-2022-4095 RESERVED CVE-2022-4094 @@ -63,7 +63,7 @@ CVE-2022-4068 (A user is able to enable their own account if it was disabled by CVE-2022-4067 (Cross-site Scripting (XSS) - Stored in GitHub repository librenms/libr ...) NOT-FOR-US: LibreNMS CVE-2022-4066 (A vulnerability was found in davidmoreno onion. It has been rated as p ...) - TODO: check + - libonion <itp> (bug #744119) CVE-2022-4065 (A vulnerability was found in cbeust testng. It has been declared as cr ...) TODO: check CVE-2022-4064 (A vulnerability was found in Dalli. It has been classified as problema ...) @@ -12405,9 +12405,9 @@ CVE-2022-41941 CVE-2022-41940 RESERVED CVE-2022-41939 (knative.dev/func is is a client library and CLI enabling the developme ...) - TODO: check + NOT-FOR-US: knative.dev/func CVE-2022-41938 (Flarum is an open source discussion platform. Flarum's page title syst ...) - TODO: check + NOT-FOR-US: Flarum CVE-2022-41937 RESERVED CVE-2022-41936 @@ -13135,13 +13135,13 @@ CVE-2022-41660 (A vulnerability has been identified in JT2Go (All versions < CVE-2022-41656 RESERVED CVE-2022-41655 (Auth. (subscriber+) Sensitive Data Exposure vulnerability in Phone Ord ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-41650 RESERVED CVE-2022-41647 RESERVED CVE-2022-41643 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Acce ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-41640 RESERVED CVE-2022-41638 (Auth. Stored Cross-Site Scripting (XSS) in Pop-Up Chop Chop plugin < ...) @@ -20020,7 +20020,7 @@ CVE-2022-38873 CVE-2022-38872 RESERVED CVE-2022-38871 (In Free5gc v3.0.5, the AMF breaks due to malformed NAS messages. ...) - TODO: check + NOT-FOR-US: free5GC CVE-2022-38870 (Free5gc v3.2.1 is vulnerable to Information disclosure. ...) NOT-FOR-US: free5GC CVE-2022-38869 @@ -21582,7 +21582,7 @@ CVE-2022-2885 (Cross-site Scripting (XSS) - Stored in GitHub repository yetiforc CVE-2022-38396 RESERVED CVE-2022-38395 (HP Support Assistant uses HP Performance Tune-up as a diagnostic tool. ...) - TODO: check + NOT-FOR-US: HP CVE-2022-38393 RESERVED CVE-2022-2884 (A vulnerability in GitLab CE/EE affecting all versions from 11.3.4 pri ...) @@ -22343,7 +22343,7 @@ CVE-2022-38171 (Xpdf prior to version 4.04 contains an integer overflow in the J NOTE: This is CVE-2021-30860 in Apple CoreGraphics and CVE-2022-38171 in xpdf NOTE: https://gist.github.com/zmanion/b2ed0d1a0cec163ecd07d5e3d9740dc6 CVE-2022-2794 (Certain HP PageWide Pro Printers may be vulnerable to a potential deni ...) - TODO: check + NOT-FOR-US: HP CVE-2022-2793 (Emerson Electric's Proficy Machine Edition Version 9.00 and prior is v ...) NOT-FOR-US: Emerson CVE-2022-2792 (Emerson Electric's Proficy Machine Edition Version 9.00 and prior is v ...) @@ -24930,7 +24930,7 @@ CVE-2022-37199 (JFinal CMS 5.1.0 is vulnerable to SQL Injection via /jfinal_cms/ CVE-2022-37198 RESERVED CVE-2022-37197 (IOBit IOTransfer V4 is vulnerable to Unquoted Service Path. ...) - TODO: check + NOT-FOR-US: IOBit CVE-2022-37196 RESERVED CVE-2022-37195 @@ -31257,7 +31257,7 @@ CVE-2022-34829 (Zoho ManageEngine ADSelfService Plus before 6203 allows a denial CVE-2022-34828 RESERVED CVE-2022-34827 (Carel Boss Mini 1.5.0 has Improper Access Control. ...) - TODO: check + NOT-FOR-US: Carel Boss Mini CVE-2022-34826 (In Couchbase Server 7.1.x before 7.1.1, an encrypted Private Key passp ...) NOT-FOR-US: Couchbase Server CVE-2022-34825 (Uncontrolled Search Path Element in CLUSTERPRO X 5.0 for Windows and e ...) @@ -39681,7 +39681,7 @@ CVE-2022-31696 CVE-2022-31695 RESERVED CVE-2022-31694 (InstallBuilder Qt installers built with versions previous to 22.10 try ...) - TODO: check + NOT-FOR-US: InstallBuilder Qt installers CVE-2022-31693 RESERVED CVE-2022-31692 (Spring Security, versions 5.7 prior to 5.7.5 and 5.6 prior to 5.6.9 co ...) @@ -39972,9 +39972,9 @@ CVE-2022-1877 CVE-2022-31618 (NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manag ...) NOT-FOR-US: NVIDIA CVE-2022-31617 (NVIDIA GPU Display Driver for Windows contains a vulnerability in the ...) - TODO: check + NOT-FOR-US: NVIDIA drivers for Windows CVE-2022-31616 (NVIDIA GPU Display Driver for Windows contains a vulnerability in the ...) - TODO: check + NOT-FOR-US: NVIDIA drivers for Windows CVE-2022-31615 (NVIDIA GPU Display Driver for Linux contains a vulnerability in the ke ...) - nvidia-graphics-drivers 470.141.03-1 (bug #1016614) [bullseye] - nvidia-graphics-drivers 470.141.03-1~deb11u1 @@ -39997,13 +39997,13 @@ CVE-2022-31615 (NVIDIA GPU Display Driver for Linux contains a vulnerability in CVE-2022-31614 (NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manag ...) NOT-FOR-US: NVIDIA CVE-2022-31613 (NVIDIA GPU Display Driver for Windows contains a vulnerability in the ...) - TODO: check + NOT-FOR-US: NVIDIA drivers for Windows CVE-2022-31612 (NVIDIA GPU Display Driver for Windows contains a vulnerability in the ...) - TODO: check + NOT-FOR-US: NVIDIA drivers for Windows CVE-2022-31611 RESERVED CVE-2022-31610 (NVIDIA GPU Display Driver for Windows contains a vulnerability in the ...) - TODO: check + NOT-FOR-US: NVIDIA drivers for Windows CVE-2022-31609 (NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manag ...) NOT-FOR-US: NVIDIA CVE-2022-31608 (NVIDIA GPU Display Driver for Linux contains a vulnerability in an opt ...) @@ -40045,7 +40045,7 @@ CVE-2022-31607 (NVIDIA GPU Display Driver for Linux contains a vulnerability in [bullseye] - nvidia-graphics-drivers-tesla-470 470.141.03-1~deb11u1 - nvidia-graphics-drivers-tesla-510 510.85.02-1 (bug #1016621) CVE-2022-31606 (NVIDIA GPU Display Driver for Windows contains a vulnerability in the ...) - TODO: check + NOT-FOR-US: NVIDIA drivers for Windows CVE-2022-31605 (NVFLARE, versions prior to 2.1.2, contains a vulnerability in its util ...) NOT-FOR-US: NVFLARE CVE-2022-31604 (NVFLARE, versions prior to 2.1.2, contains a vulnerability in its PKI ...) @@ -63961,7 +63961,7 @@ CVE-2022-0326 (NULL Pointer Dereference in Homebrew mruby prior to 3.2. ...) CVE-2022-0325 RESERVED CVE-2022-0324 (There is a vulnerability in DHCPv6 packet parsing code that could be e ...) - TODO: check + NOT-FOR-US: SONiC CVE-2021-46402 RESERVED CVE-2022-23792 @@ -80329,9 +80329,9 @@ CVE-2022-20952 CVE-2022-20951 (A vulnerability in the web-based management interface of Cisco BroadWo ...) NOT-FOR-US: Cisco CVE-2022-20950 (A vulnerability in the interaction of SIP and Snort 3 for Cisco Firepo ...) - TODO: check + NOT-FOR-US: Cisco CVE-2022-20949 (A vulnerability in the management web server of Cisco Firepower Threat ...) - TODO: check + NOT-FOR-US: Cisco CVE-2022-20948 RESERVED CVE-2022-20947 (A vulnerability in dynamic access policies (DAP) functionality of Cisc ...) @@ -80343,29 +80343,29 @@ CVE-2022-20945 (A vulnerability in the 802.11 association frame validation of Ci CVE-2022-20944 (A vulnerability in the software image verification functionality of Ci ...) NOT-FOR-US: Cisco CVE-2022-20943 (Multiple vulnerabilities in the Server Message Block Version 2 (SMB2) ...) - TODO: check + NOT-FOR-US: Cisco CVE-2022-20942 (A vulnerability in the web-based management interface of Cisco Email S ...) NOT-FOR-US: Cisco CVE-2022-20941 (A vulnerability in the web-based management interface of Cisco Firepow ...) NOT-FOR-US: Cisco CVE-2022-20940 (A vulnerability in the TLS handler of Cisco Firepower Threat Defense ( ...) - TODO: check + NOT-FOR-US: Cisco CVE-2022-20939 RESERVED CVE-2022-20938 (A vulnerability in the module import function of the administrative in ...) - TODO: check + NOT-FOR-US: Cisco CVE-2022-20937 (A vulnerability in a feature that monitors RADIUS requests on Cisco Id ...) NOT-FOR-US: Cisco CVE-2022-20936 (Multiple vulnerabilities in the web-based management interface of Cisc ...) - TODO: check + NOT-FOR-US: Cisco CVE-2022-20935 (Multiple vulnerabilities in the web-based management interface of Cisc ...) - TODO: check + NOT-FOR-US: Cisco CVE-2022-20934 (A vulnerability in the CLI of Cisco Firepower Threat Defense (FTD) Sof ...) - TODO: check + NOT-FOR-US: Cisco CVE-2022-20933 (A vulnerability in the Cisco AnyConnect VPN server of Cisco Meraki MX ...) NOT-FOR-US: Cisco CVE-2022-20932 (Multiple vulnerabilities in the web-based management interface of Cisc ...) - TODO: check + NOT-FOR-US: Cisco CVE-2022-20931 RESERVED CVE-2022-20930 (A vulnerability in the CLI of Cisco SD-WAN Software could allow an aut ...) @@ -80373,19 +80373,19 @@ CVE-2022-20930 (A vulnerability in the CLI of Cisco SD-WAN Software could allow CVE-2022-20929 RESERVED CVE-2022-20928 (A vulnerability in the authentication and authorization flows for VPN ...) - TODO: check + NOT-FOR-US: Cisco CVE-2022-20927 (A vulnerability in the SSL/TLS client of Cisco Adaptive Security Appli ...) - TODO: check + NOT-FOR-US: Cisco CVE-2022-20926 (A vulnerability in the web management interface of the Cisco Firepower ...) - TODO: check + NOT-FOR-US: Cisco CVE-2022-20925 (A vulnerability in the web management interface of the Cisco Firepower ...) - TODO: check + NOT-FOR-US: Cisco CVE-2022-20924 (A vulnerability in the Simple Network Management Protocol (SNMP) featu ...) - TODO: check + NOT-FOR-US: Cisco CVE-2022-20923 (A vulnerability in the IPSec VPN Server authentication functionality o ...) NOT-FOR-US: Cisco CVE-2022-20922 (Multiple vulnerabilities in the Server Message Block Version 2 (SMB2) ...) - TODO: check + NOT-FOR-US: Cisco CVE-2022-20921 (A vulnerability in the API implementation of Cisco ACI Multi-Site Orch ...) NOT-FOR-US: Cisco CVE-2022-20920 (A vulnerability in the SSH implementation of Cisco IOS Software and Ci ...) @@ -80393,7 +80393,7 @@ CVE-2022-20920 (A vulnerability in the SSH implementation of Cisco IOS Software CVE-2022-20919 (A vulnerability in the processing of malformed Common Industrial Proto ...) NOT-FOR-US: Cisco CVE-2022-20918 (A vulnerability in the Simple Network Management Protocol (SNMP) acces ...) - TODO: check + NOT-FOR-US: Cisco CVE-2022-20917 RESERVED CVE-2022-20916 (A vulnerability in the web-based management interface of Cisco IoT Con ...) @@ -80419,7 +80419,7 @@ CVE-2022-20907 (Multiple vulnerabilities in Cisco Nexus Dashboard could allow an CVE-2022-20906 (Multiple vulnerabilities in Cisco Nexus Dashboard could allow an authe ...) NOT-FOR-US: Cisco CVE-2022-20905 (Multiple vulnerabilities in the web-based management interface of Cisc ...) - TODO: check + NOT-FOR-US: Cisco CVE-2022-20904 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2022-20903 (Multiple vulnerabilities in the web-based management interface of Cisc ...) @@ -80485,7 +80485,7 @@ CVE-2022-20874 (Multiple vulnerabilities in the web-based management interface o CVE-2022-20873 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2022-20872 (Multiple vulnerabilities in the web-based management interface of Cisc ...) - TODO: check + NOT-FOR-US: Cisco CVE-2022-20871 RESERVED CVE-2022-20870 (A vulnerability in the egress MPLS packet processing function of Cisco ...) @@ -80521,7 +80521,7 @@ CVE-2022-20856 (A vulnerability in the processing of Control and Provisioning of CVE-2022-20855 (A vulnerability in the self-healing functionality of Cisco IOS XE Soft ...) NOT-FOR-US: Cisco CVE-2022-20854 (A vulnerability in the processing of SSH connections of Cisco Firepowe ...) - TODO: check + NOT-FOR-US: Cisco CVE-2022-20853 RESERVED CVE-2022-20852 (Multiple vulnerabilities in the web interface of Cisco Webex Meetings ...) @@ -80543,31 +80543,31 @@ CVE-2022-20845 CVE-2022-20844 (A vulnerability in authentication mechanism of Cisco Software-Defined ...) NOT-FOR-US: Cisco CVE-2022-20843 (Multiple vulnerabilities in the web-based management interface of Cisc ...) - TODO: check + NOT-FOR-US: Cisco CVE-2022-20842 (Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, ...) NOT-FOR-US: Cisco CVE-2022-20841 (Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, ...) NOT-FOR-US: Cisco CVE-2022-20840 (Multiple vulnerabilities in the web-based management interface of Cisc ...) - TODO: check + NOT-FOR-US: Cisco CVE-2022-20839 (Multiple vulnerabilities in the web-based management interface of Cisc ...) - TODO: check + NOT-FOR-US: Cisco CVE-2022-20838 (Multiple vulnerabilities in the web-based management interface of Cisc ...) - TODO: check + NOT-FOR-US: Cisco CVE-2022-20837 (A vulnerability in the DNS application layer gateway (ALG) functionali ...) NOT-FOR-US: Cisco CVE-2022-20836 (Multiple vulnerabilities in the web-based management interface of Cisc ...) - TODO: check + NOT-FOR-US: Cisco CVE-2022-20835 (Multiple vulnerabilities in the web-based management interface of Cisc ...) - TODO: check + NOT-FOR-US: Cisco CVE-2022-20834 (Multiple vulnerabilities in the web-based management interface of Cisc ...) - TODO: check + NOT-FOR-US: Cisco CVE-2022-20833 (Multiple vulnerabilities in the web-based management interface of Cisc ...) - TODO: check + NOT-FOR-US: Cisco CVE-2022-20832 (Multiple vulnerabilities in the web-based management interface of Cisc ...) - TODO: check + NOT-FOR-US: Cisco CVE-2022-20831 (Multiple vulnerabilities in the web-based management interface of Cisc ...) - TODO: check + NOT-FOR-US: Cisco CVE-2022-20830 (A vulnerability in authentication mechanism of Cisco Software-Defined ...) NOT-FOR-US: Cisco CVE-2022-20829 (A vulnerability in the packaging of Cisco Adaptive Security Device Man ...) @@ -80577,7 +80577,7 @@ CVE-2022-20828 (A vulnerability in the CLI parser of Cisco FirePOWER Software fo CVE-2022-20827 (Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, ...) NOT-FOR-US: Cisco CVE-2022-20826 (A vulnerability in the secure boot implementation of Cisco Secure Fire ...) - TODO: check + NOT-FOR-US: Cisco CVE-2022-20825 (A vulnerability in the web-based management interface of Cisco Small B ...) NOT-FOR-US: Cisco CVE-2022-20824 (A vulnerability in the Cisco Discovery Protocol feature of Cisco FXOS ...) @@ -83179,9 +83179,9 @@ CVE-2022-20462 (In phNxpNciHal_write_unlocked of phNxpNciHal.cc, there is a poss CVE-2022-20461 RESERVED CVE-2022-20460 (In (TBD) mprot_unmap? of (TBD), there is a possible way to corrupt the ...) - TODO: check + NOT-FOR-US: Google Pixel CVE-2022-20459 (In (TBD) of (TBD), there is a possible way to redirect code execution ...) - TODO: check + NOT-FOR-US: Google Pixel CVE-2022-20458 RESERVED CVE-2022-20457 (In getMountModeInternal of StorageManagerService.java, there is a poss ...) @@ -83243,9 +83243,9 @@ CVE-2022-20430 (There is an missing authorization issue in the system service. S CVE-2022-20429 (In CarSettings of app packages, there is a possible permission bypass ...) NOT-FOR-US: Android CVE-2022-20428 (In (TBD) of (TBD), there is a possible out of bounds write due to a mi ...) - TODO: check + NOT-FOR-US: Google Pixel CVE-2022-20427 (In (TBD) of (TBD), there is a possible way to corrupt memory due to im ...) - TODO: check + NOT-FOR-US: Google Pixel CVE-2022-20426 (In multiple functions of many files, there is a possible obstruction o ...) NOT-FOR-US: Android CVE-2022-20425 (In addAutomaticZenRule of ZenModeHelper.java, there is a possible perm ...) @@ -89998,7 +89998,7 @@ CVE-2021-40274 CVE-2021-40273 RESERVED CVE-2021-40272 (OP5 Monitor 8.3.1, 8.3.2, and OP5 8.3.3 are vulnerable to Cross Site S ...) - TODO: check + NOT-FOR-US: OP5 Monitor CVE-2021-40271 RESERVED CVE-2021-40270 @@ -93499,9 +93499,9 @@ CVE-2021-38830 CVE-2021-38829 RESERVED CVE-2021-38828 (Xiongmai Camera XM-JPR2-LX V4.02.R12.A6420987.10002.147502.00000 is vu ...) - TODO: check + NOT-FOR-US: Xiongmai CVE-2021-38827 (Xiongmai Camera XM-JPR2-LX V4.02.R12.A6420987.10002.147502.00000 is vu ...) - TODO: check + NOT-FOR-US: Xiongmai CVE-2021-38826 RESERVED CVE-2021-38825 @@ -93517,7 +93517,7 @@ CVE-2021-38821 CVE-2021-38820 RESERVED CVE-2021-38819 (A SQL injection vulnerability exits on the Simple Image Gallery System ...) - TODO: check + NOT-FOR-US: Simple Image Gallery System CVE-2021-38818 RESERVED CVE-2021-38817 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6ca0332c980f020da14b38b8fffeb215b5c8385f -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6ca0332c980f020da14b38b8fffeb215b5c8385f You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits