Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
6afa5c58 by Salvatore Bonaccorso at 2022-12-06T21:26:34+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -43,7 +43,7 @@ CVE-2022-4302
CVE-2022-4301
RESERVED
CVE-2022-4300 (A vulnerability was found in FastCMS. It has been rated as
critical. T ...)
- TODO: check
+ NOT-FOR-US: FastCMS
CVE-2022-4299
RESERVED
CVE-2022-4298
@@ -51,7 +51,7 @@ CVE-2022-4298
CVE-2022-4297
RESERVED
CVE-2022-4296 (A vulnerability classified as problematic has been found in
TP-Link TL ...)
- TODO: check
+ NOT-FOR-US: TP-Link
CVE-2022-46663
RESERVED
CVE-2022-46651
@@ -1597,7 +1597,7 @@ CVE-2022-46156 (The Synthetic Monitoring Agent for
Grafana's Synthetic Monitorin
CVE-2022-46155 (Airtable.js is the JavaScript client for Airtable. Prior to
version 0. ...)
NOT-FOR-US: Airtable.js
CVE-2022-46154 (Kodexplorer is a chinese language web based file manager and
browser b ...)
- TODO: check
+ NOT-FOR-US: Kodexplorer
CVE-2022-46153
RESERVED
CVE-2022-46152 (OP-TEE Trusted OS is the secure side implementation of OP-TEE
project, ...)
@@ -1696,7 +1696,7 @@ CVE-2022-4149
CVE-2022-4148
RESERVED
CVE-2022-4147 (Quarkus CORS filter allows simple GET and POST requests with
invalid O ...)
- TODO: check
+ NOT-FOR-US: Quarkus
CVE-2022-46139
RESERVED
CVE-2022-46138
@@ -3030,7 +3030,7 @@ CVE-2022-45550
CVE-2022-45549
RESERVED
CVE-2022-45548 (AyaCMS v3.1.2 has an Arbitrary File Upload vulnerability. ...)
- TODO: check
+ NOT-FOR-US: AyaCMS
CVE-2022-45547
RESERVED
CVE-2022-45546
@@ -4036,7 +4036,7 @@ CVE-2022-45328 (Church Management System v1.0 was
discovered to contain a SQL in
CVE-2022-45327
RESERVED
CVE-2022-45326 (An XML external entity (XXE) injection vulnerability in
Kwoksys Kwok I ...)
- TODO: check
+ NOT-FOR-US: Kwoksys
CVE-2022-45325
RESERVED
CVE-2022-45324
@@ -7870,7 +7870,7 @@ CVE-2022-44291 (webTareas 2.4p5 was discovered to contain
a SQL injection vulner
CVE-2022-44290 (webTareas 2.4p5 was discovered to contain a SQL injection
vulnerabilit ...)
NOT-FOR-US: webtareas
CVE-2022-44289 (Thinkphp 5.1.41 and 5.0.24 has a code logic error which causes
file up ...)
- TODO: check
+ NOT-FOR-US: ThinkPHP Framework
CVE-2022-44288
RESERVED
CVE-2022-44287
@@ -11376,13 +11376,13 @@ CVE-2022-43558
CVE-2022-43557 (The BD BodyGuard™ infusion pumps specified allow for
access thro ...)
TODO: check
CVE-2022-43556 (Concrete CMS (formerly concrete5) below 8.5.10 and between
9.0.0 and 9 ...)
- TODO: check
+ NOT-FOR-US: Concrete CMS
CVE-2022-43555
RESERVED
CVE-2022-43554
RESERVED
CVE-2022-43553 (A remote code execution vulnerability in EdgeRouters (Version
2.0.9-ho ...)
- TODO: check
+ NOT-FOR-US: EdgeRouters
CVE-2022-43552
RESERVED
CVE-2022-43551
@@ -11390,7 +11390,7 @@ CVE-2022-43551
CVE-2022-43550
RESERVED
CVE-2022-43549 (Improper authentication in Veeam Backup for Google Cloud v1.0
and v3.0 ...)
- TODO: check
+ NOT-FOR-US: Veeam
CVE-2022-43548 (A OS Command Injection vulnerability exists in Node.js
versions <14 ...)
- nodejs 18.12.1+dfsg-1 (bug #1023518)
NOTE:
https://nodejs.org/en/blog/vulnerability/november-2022-security-releases/#dns-rebinding-in-inspect-via-invalid-octal-ip-address-medium-cve-2022-43548
@@ -12011,7 +12011,7 @@ CVE-2022-43371
CVE-2022-43370
RESERVED
CVE-2022-43369 (AutoTaxi Stand Management System v1.0 was discovered to
contain a cros ...)
- TODO: check
+ NOT-FOR-US: AutoTaxi Stand Management System
CVE-2022-43368
RESERVED
CVE-2022-43367 (IP-COM EW9 V15.11.0.14(9732) was discovered to contain a
command injec ...)
@@ -12588,7 +12588,7 @@ CVE-2022-43099
CVE-2022-43098
RESERVED
CVE-2022-43097 (Phpgurukul User Registration & User Management System v3.0
was dis ...)
- TODO: check
+ NOT-FOR-US: Phpgurukul User Registration & User Management System
CVE-2022-43096 (Mediatrix 4102 before v48.5.2718 allows local attackers to
gain root a ...)
NOT-FOR-US: Mediatrix
CVE-2022-43095
@@ -16678,7 +16678,7 @@ CVE-2022-40218
CVE-2022-40216 (Auth. (subscriber+) Messaging Block Bypass vulnerability in
Better Mes ...)
NOT-FOR-US: WordPress plugin
CVE-2022-40209 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in
Xylus Th ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-40203
RESERVED
CVE-2022-40192 (Cross-Site Request Forgery (CSRF) vulnerability in wpForo
Forum plugin ...)
@@ -18939,7 +18939,7 @@ CVE-2022-40682
CVE-2022-40681
RESERVED
CVE-2022-40680 (A improper neutralization of input during web page generation
('cross- ...)
- TODO: check
+ NOT-FOR-US: FortiGuard
CVE-2022-40679
RESERVED
CVE-2022-40678
@@ -19265,7 +19265,7 @@ CVE-2022-40605 (MITRE CALDERA before 4.1.0 allows XSS
in the Operations tab and/
CVE-2022-40604 (In Apache Airflow 2.3.0 through 2.3.4, part of a url was
unnecessarily ...)
- airflow <itp> (bug #819700)
CVE-2022-40603 (A cross-site scripting (XSS) vulnerability in the CGI program
of Zyxel ...)
- TODO: check
+ NOT-FOR-US: Zyxel
CVE-2022-40602 (A flaw in the Zyxel LTE3301-M209 firmware verisons prior to
V1.00(ABLG ...)
NOT-FOR-US: Zyxel
CVE-2022-40601
@@ -20016,7 +20016,7 @@ CVE-2022-40261 (An attacker can exploit this
vulnerability to elevate privileges
CVE-2022-40260
RESERVED
CVE-2022-40259 (AMI MegaRAC Redfish Arbitrary Code Execution ...)
- TODO: check
+ NOT-FOR-US: AMI MegaRAC Redfish
CVE-2022-40258
RESERVED
CVE-2022-40257 (An HTML injection vulnerability exists in CERT/CC VINCE
software prior ...)
@@ -20050,7 +20050,7 @@ CVE-2022-40244
CVE-2022-40243
RESERVED
CVE-2022-40242 (MegaRAC Default Credentials Vulnerability ...)
- TODO: check
+ NOT-FOR-US: MegaRAC
CVE-2022-40241
RESERVED
CVE-2022-40240
@@ -25190,7 +25190,7 @@ CVE-2022-38381 (An improper handling of malformed
request vulnerability [CWE-228
CVE-2022-38380 (An improper access control [CWE-284] vulnerability in FortiOS
version ...)
NOT-FOR-US: FortiGuard
CVE-2022-38379 (Improper neutralization of input during web page generation
[CWE-79] i ...)
- TODO: check
+ NOT-FOR-US: FortiGuard
CVE-2022-38378
RESERVED
CVE-2022-38377 (An improper access control vulnerability [CWE-284] in
FortiManager 7.2 ...)
@@ -25300,7 +25300,7 @@ CVE-2022-2829 (Cross-site Scripting (XSS) - Stored in
GitHub repository yetiforc
CVE-2022-2828 (In affected versions of Octopus Server it is possible to reveal
inform ...)
NOT-FOR-US: Octopus Server
CVE-2022-2827 (AMI MegaRAC User Enumeration Vulnerability ...)
- TODO: check
+ NOT-FOR-US: MegaRAC
CVE-2022-2826 (An issue has been discovered in GitLab affecting all versions
starting ...)
- gitlab <unfixed>
CVE-2022-38362 (Apache Airflow Docker's Provider prior to 3.0.0 shipped with
an exampl ...)
@@ -26766,7 +26766,7 @@ CVE-2022-37785
CVE-2022-37784
RESERVED
CVE-2022-37783 (All Craft CMS versions between 3.0.0 and 3.7.32 disclose
password hash ...)
- TODO: check
+ NOT-FOR-US: Craft CMS
CVE-2022-37782
RESERVED
CVE-2022-37781 (fdkaac v1.0.3 was discovered to contain a heap buffer overflow
via __i ...)
@@ -27810,11 +27810,11 @@ CVE-2022-2644 (A vulnerability was found in
SourceCodester Online Admission Syst
CVE-2022-2643 (A vulnerability has been found in SourceCodester Online
Admission Syst ...)
NOT-FOR-US: SourceCodester Online Admission System
CVE-2022-2642 (Horner Automation’s RCC 972 firmware version 15.40
contains glob ...)
- TODO: check
+ NOT-FOR-US: Horner Automation
CVE-2022-2641 (Horner Automation’s RCC 972 with firmware version 15.40
has a st ...)
- TODO: check
+ NOT-FOR-US: Horner Automation
CVE-2022-2640 (The Config-files of Horner Automation’s RCC 972 with
firmware ve ...)
- TODO: check
+ NOT-FOR-US: Horner Automation
CVE-2022-37396 (In JetBrains Rider before 2022.2 Trust and Open Project dialog
could b ...)
NOT-FOR-US: JetBrains
CVE-2022-37395 (A Huawei device has an input verification vulnerability.
Successful ex ...)
@@ -31892,7 +31892,7 @@ CVE-2022-35845
CVE-2022-35844 (An improper neutralization of special elements used in an OS
command v ...)
NOT-FOR-US: FortiGuard
CVE-2022-35843 (An authentication bypass by assumed-immutable data
vulnerability [CWE- ...)
- TODO: check
+ NOT-FOR-US: FortiGuard
CVE-2022-35842 (An exposure of sensitive information to an unauthorized actor
vulnerab ...)
NOT-FOR-US: FortiGuard
CVE-2022-35841 (Windows Enterprise App Management Service Remote Code
Execution Vulner ...)
@@ -33378,9 +33378,9 @@ CVE-2022-35260 (curl can be told to parse a `.netrc`
file for credentials. If th
NOTE: introduced by:
https://github.com/curl/curl/commit/eeaae10c0fb27aa066fdc296074edeacfdeb6522
(curl-7_84_0)
NOTE: Fixed by:
https://github.com/curl/curl/commit/c97ec984fb2bc919a3aa863e0476dffa377b184c
(curl-7_86_0)
CVE-2022-35259 (XML Injection with Endpoint Manager 2022. 3 and below causing
a downlo ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2022-35258 (An unauthenticated attacker can cause a denial-of-service to
the follo ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2022-35257 (A local privilege escalation vulnerability in UI Desktop for
Windows ( ...)
NOT-FOR-US: UI Desktop for Windows
CVE-2022-35256 (The llhttp parser in the http module in Node v18.7.0 does not
correctl ...)
@@ -33397,7 +33397,7 @@ CVE-2022-35255 (A weak randomness in WebCrypto keygen
vulnerability exists in No
NOTE:
https://github.com/nodejs/node/commit/0c2a5723beff39d1f62daec96b5389da3d427e79
(v18.9.1)
NOTE: Introduced by
https://github.com/nodejs/node/commit/dae283d96fd31ad0f30840a7e55ac97294f505ac
(v15.0.0)
CVE-2022-35254 (An unauthenticated attacker can cause a denial-of-service to
the follo ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2022-35253 (A vulnerability exists in Hyperledger Fabric <2.4 could
allow an at ...)
NOT-FOR-US: Hyperledger Fabric
CVE-2022-35252 (When curl is used to retrieve and parse cookies from a HTTP(S)
server, ...)
@@ -34548,7 +34548,7 @@ CVE-2022-34883 (OS Command Injection vulnerability in
Hitachi RAID Manager Stora
CVE-2022-34882 (Information Exposure Through an Error Message vulnerability in
Hitachi ...)
NOT-FOR-US: Hitachi
CVE-2022-34881 (Generation of Error Message Containing Sensitive Information
vulnerabi ...)
- TODO: check
+ NOT-FOR-US: Hitachi
CVE-2022-34880
RESERVED
CVE-2022-34879 (Reflected Cross Site Scripting (XSS) vulnerabilities in AST
Agent Time ...)
@@ -37641,9 +37641,9 @@ CVE-2022-33878 (An exposure of sensitive information to
an unauthorized actor vu
CVE-2022-33877
RESERVED
CVE-2022-33876 (Multiple instances of improper input validation vulnerability
in Forti ...)
- TODO: check
+ NOT-FOR-US: FortiGuard
CVE-2022-33875 (An improper neutralization of special elements used in an SQL
Command ...)
- TODO: check
+ NOT-FOR-US: FortiGuard
CVE-2022-33874 (An improper neutralization of special elements used in an OS
Command ( ...)
NOT-FOR-US: Fortiguard
CVE-2022-33873 (An improper neutralization of special elements used in an OS
Command ( ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6afa5c587d0018000e41a0d3681bd2add80d2632
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6afa5c587d0018000e41a0d3681bd2add80d2632
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
