Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
0a27d8bc by Salvatore Bonaccorso at 2022-12-14T09:59:28+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -2769,7 +2769,7 @@ CVE-2022-46406
CVE-2022-46405 (Mastodon through 4.0.2 allows attackers to cause a denial of
service ( ...)
- mastodon <itp> (bug #859741)
CVE-2022-46404 (A command injection vulnerability has been identified in Atos
Unify Op ...)
- TODO: check
+ NOT-FOR-US: Atos Unify OpenScape
CVE-2022-46403
RESERVED
CVE-2022-46402
@@ -2819,7 +2819,7 @@ CVE-2022-46383 (RackN Digital Rebar through 4.6.14, 4.7
through 4.7.22, 4.8 thro
CVE-2022-46382 (RackN Digital Rebar through 4.6.14, 4.7 through 4.7.22, 4.8
through 4. ...)
NOT-FOR-US: RackN Digital Rebar
CVE-2022-46381 (Certain Linear eMerge E3-Series devices are vulnerable to XSS
via the ...)
- TODO: check
+ NOT-FOR-US: Linear eMerge E3-Series devices
CVE-2022-4280 (A vulnerability, which was classified as problematic, has been
found i ...)
NOT-FOR-US: Dot Tech Smart Campus System
CVE-2022-4279 (A vulnerability classified as problematic has been found in
SourceCode ...)
@@ -6343,7 +6343,7 @@ CVE-2022-45271
CVE-2022-45270
RESERVED
CVE-2022-45269 (A directory traversal vulnerability in the component
SCS.Web.Server.SP ...)
- TODO: check
+ NOT-FOR-US: Linx Sphere LINX
CVE-2022-45268
RESERVED
CVE-2022-45267
@@ -7465,7 +7465,7 @@ CVE-2022-44876
CVE-2022-44875
RESERVED
CVE-2022-44874 (wasm3 commit 7890a2097569fde845881e0b352d813573e371f9 was
discovered t ...)
- TODO: check
+ NOT-FOR-US: wasm3
CVE-2022-44873
RESERVED
CVE-2022-44872
@@ -17586,11 +17586,11 @@ CVE-2022-42143 (Open Source SACCO Management System
v1.0 is vulnerable to SQL In
CVE-2022-42142 (Online Tours & Travels Management System v1.0 is
vulnerable to Arb ...)
NOT-FOR-US: Online Tours & Travels Management System
CVE-2022-42141 (Delta Electronics DX-2100-L1-CN 2.42 is vulnerable to Cross
Site Scrip ...)
- TODO: check
+ NOT-FOR-US: Delta Electronics
CVE-2022-42140 (Delta Electronics DX-2100-L1-CN 2.42 is vulnerable to Command
Injectio ...)
- TODO: check
+ NOT-FOR-US: Delta Electronics
CVE-2022-42139 (Delta Electronics DVW-W02W2-E2 1.5.0.10 is vulnerable to
Command Injec ...)
- TODO: check
+ NOT-FOR-US: Delta Electronics
CVE-2022-42138
RESERVED
CVE-2022-42137
@@ -18414,7 +18414,7 @@ CVE-2022-41657 (Delta Electronics InfraSuite Device
Master Versions 00.00.01a an
CVE-2022-41654
RESERVED
CVE-2022-41653 (Daikin SVMPC1 version 2.1.22 and prior and SVMPC2 version
1.2.3 and pr ...)
- TODO: check
+ NOT-FOR-US: Daikin
CVE-2022-41651 (The affected product DIAEnergie (versions prior to
v1.9.01.002) is vul ...)
NOT-FOR-US: DIAEnergie
CVE-2022-41648 (The HEIDENHAIN Controller TNC 640, version 340590 07 SP5,
running HERO ...)
@@ -18452,7 +18452,7 @@ CVE-2022-40201
CVE-2022-40190 (SAUTER Controls moduWeb firmware version 2.7.1 is vulnerable
to reflec ...)
NOT-FOR-US: SAUTER Controls moduWeb firmware
CVE-2022-38355 (Daikin SVMPC1 version 2.1.22 and prior and SVMPC2 version
1.2.3 and pr ...)
- TODO: check
+ NOT-FOR-US: Daikin
CVE-2022-38142 (Delta Electronics InfraSuite Device Master versions 00.00.01a
and prio ...)
NOT-FOR-US: Delta Electronics
CVE-2022-3361 (The Ultimate Member plugin for WordPress is vulnerable to
directory tr ...)
@@ -19826,27 +19826,27 @@ CVE-2022-41290
CVE-2022-41289
RESERVED
CVE-2022-41288 (A vulnerability has been identified in JT2Go (All versions),
Teamcente ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2022-41287 (A vulnerability has been identified in JT2Go (All versions),
Teamcente ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2022-41286 (A vulnerability has been identified in JT2Go (All versions),
Teamcente ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2022-41285 (A vulnerability has been identified in JT2Go (All versions),
Teamcente ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2022-41284 (A vulnerability has been identified in JT2Go (All versions),
Teamcente ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2022-41283 (A vulnerability has been identified in JT2Go (All versions),
Teamcente ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2022-41282 (A vulnerability has been identified in JT2Go (All versions),
Teamcente ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2022-41281 (A vulnerability has been identified in JT2Go (All versions),
Teamcente ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2022-41280 (A vulnerability has been identified in JT2Go (All versions),
Teamcente ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2022-41279 (A vulnerability has been identified in JT2Go (All versions),
Teamcente ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2022-41278 (A vulnerability has been identified in JT2Go (All versions),
Teamcente ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2022-41277
RESERVED
CVE-2022-41276
@@ -19906,7 +19906,7 @@ CVE-2022-3261
CVE-2022-3260 (The response header has not enabled X-FRAME-OPTIONS, Which
helps preve ...)
TODO: check
CVE-2022-3259 (Openshift 4.9 does not use HTTP Strict Transport Security
(HSTS) which ...)
- TODO: check
+ NOT-FOR-US: Openshift
CVE-2022-3258 (Incorrect Permission Assignment for Critical Resource
vulnerability in ...)
NOT-FOR-US: HYPR Workforce Access
CVE-2022-3257 (Mattermost version 7.1.x and earlier fails to sufficiently
process a s ...)
@@ -20210,7 +20210,7 @@ CVE-2022-41129
CVE-2022-41128 (Windows Scripting Languages Remote Code Execution
Vulnerability. This ...)
NOT-FOR-US: Microsoft
CVE-2022-41127 (Microsoft Dynamics NAV and Microsoft Dynamics 365 Business
Central (On ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-41126
RESERVED
CVE-2022-41125 (Windows CNG Key Isolation Service Elevation of Privilege
Vulnerability ...)
@@ -20222,7 +20222,7 @@ CVE-2022-41123 (Microsoft Exchange Server Elevation of
Privilege Vulnerability.
CVE-2022-41122 (Microsoft SharePoint Server Spoofing Vulnerability. ...)
NOT-FOR-US: Microsoft
CVE-2022-41121 (Windows Graphics Component Elevation of Privilege
Vulnerability. This ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-41120 (Microsoft Windows Sysmon Elevation of Privilege Vulnerability.
...)
NOT-FOR-US: Microsoft
CVE-2022-41119 (Visual Studio Remote Code Execution Vulnerability. ...)
@@ -20234,7 +20234,7 @@ CVE-2022-41117
CVE-2022-41116 (Windows Point-to-Point Tunneling Protocol Denial of Service
Vulnerabil ...)
NOT-FOR-US: Microsoft
CVE-2022-41115 (Microsoft Edge (Chromium-based) Update Elevation of Privilege
Vulnerab ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-41114 (Windows Bind Filter Driver Elevation of Privilege
Vulnerability. ...)
NOT-FOR-US: Microsoft
CVE-2022-41113 (Windows Win32 Kernel Subsystem Elevation of Privilege
Vulnerability. ...)
@@ -20276,7 +20276,7 @@ CVE-2022-41096 (Microsoft DWM Core Library Elevation of
Privilege Vulnerability.
CVE-2022-41095 (Windows Digital Media Receiver Elevation of Privilege
Vulnerability. ...)
NOT-FOR-US: Microsoft
CVE-2022-41094 (Windows Hyper-V Elevation of Privilege Vulnerability. ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-41093 (Windows Advanced Local Procedure Call (ALPC) Elevation of
Privilege Vu ...)
NOT-FOR-US: Microsoft
CVE-2022-41092 (Windows Win32k Elevation of Privilege Vulnerability. This CVE
ID is un ...)
@@ -20286,7 +20286,7 @@ CVE-2022-41091 (Windows Mark of the Web Security
Feature Bypass Vulnerability. T
CVE-2022-41090 (Windows Point-to-Point Tunneling Protocol Denial of Service
Vulnerabil ...)
NOT-FOR-US: Microsoft
CVE-2022-41089 (.NET Framework Remote Code Execution Vulnerability. ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-41088 (Windows Point-to-Point Tunneling Protocol Remote Code
Execution Vulner ...)
NOT-FOR-US: Microsoft
CVE-2022-41087
@@ -20310,13 +20310,13 @@ CVE-2022-41079 (Microsoft Exchange Server Spoofing
Vulnerability. This CVE ID is
CVE-2022-41078 (Microsoft Exchange Server Spoofing Vulnerability. This CVE ID
is uniqu ...)
NOT-FOR-US: Microsoft
CVE-2022-41077 (Windows Fax Compose Form Elevation of Privilege Vulnerability.
...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-41076 (PowerShell Remote Code Execution Vulnerability. ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-41075
RESERVED
CVE-2022-41074 (Windows Graphics Component Information Disclosure
Vulnerability. This ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-41073 (Windows Print Spooler Elevation of Privilege Vulnerability.
...)
NOT-FOR-US: Microsoft
CVE-2022-41072
@@ -20631,7 +20631,7 @@ CVE-2022-40941
CVE-2022-40940
RESERVED
CVE-2022-40939 (In certain Secustation products the administrator account
password can ...)
- TODO: check
+ NOT-FOR-US: Secustation
CVE-2022-40938
RESERVED
CVE-2022-40937
@@ -22241,7 +22241,7 @@ CVE-2022-40266 (Improper Input Validation vulnerability
in Mitsubishi Electric G
CVE-2022-40265 (Improper Input Validation vulnerability in Mitsubishi Electric
Corpora ...)
NOT-FOR-US: Mitsubishi
CVE-2022-40264 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
- TODO: check
+ NOT-FOR-US: Mitsubishi Electric
CVE-2022-40263 (BD Totalys MultiProcessor, versions 1.70 and earlier, contain
hardcode ...)
NOT-FOR-US: BD Totalys MultiProcessor
CVE-2022-40262 (A potential attacker can execute an arbitrary code at the time
of the ...)
@@ -26443,15 +26443,15 @@ CVE-2022-2953 (LibTIFF 4.4.0 has an out-of-bounds
read in extractImageSection in
CVE-2022-2952 (GE CIMPICITY versions 2022 and prior is vulnerable when data
from a fa ...)
NOT-FOR-US: GE CIMPICITY
CVE-2022-2951 (Altair HyperView Player versions 2021.1.0.27 and prior are
vulnerable ...)
- TODO: check
+ NOT-FOR-US: Altair HyperView Player
CVE-2022-2950 (Altair HyperView Player versions 2021.1.0.27 and prior are
vulnerable ...)
- TODO: check
+ NOT-FOR-US: Altair HyperView Player
CVE-2022-2949 (Altair HyperView Player versions 2021.1.0.27 and prior are
vulnerable ...)
- TODO: check
+ NOT-FOR-US: Altair HyperView Player
CVE-2022-2948 (GE CIMPICITY versions 2022 and prior is vulnerable to a
heap-based buf ...)
NOT-FOR-US: GE CIMPICITY
CVE-2022-2947 (Altair HyperView Player versions 2021.1.0.27 and prior perform
operati ...)
- TODO: check
+ NOT-FOR-US: Altair HyperView Player
CVE-2022-38666 (Jenkins NS-ND Integration Performance Publisher Plugin
4.8.0.146 and e ...)
NOT-FOR-US: Jenkins plugin
CVE-2022-38665 (Jenkins CollabNet Plugins Plugin 2.0.8 and earlier stores a
RabbitMQ p ...)
@@ -26595,7 +26595,7 @@ CVE-2022-38630
CVE-2022-38629
RESERVED
CVE-2022-38628 (Nortek Linear eMerge E3-Series 0.32-08f, 0.32-07p, 0.32-07e,
0.32-09c, ...)
- TODO: check
+ NOT-FOR-US: Nortek Linear eMerge E3-Series
CVE-2022-38627
RESERVED
CVE-2022-38626
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0a27d8bca8c793e18d3bf8f2357023ffbe9ed86b
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0a27d8bca8c793e18d3bf8f2357023ffbe9ed86b
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
