Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
fc9a34f8 by Moritz Muehlenhoff at 2022-12-22T15:34:48+01:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -8842,6 +8842,7 @@ CVE-2022-45348
RESERVED
CVE-2022-45347
RESERVED
+ NOT-FOR-US: Apache ShardingSphere-Proxy
CVE-2022-45344
RESERVED
CVE-2022-45343 (GPAC v2.1-DEV-rev478-g696e6f868-master was discovered to
contain a hea ...)
@@ -17110,7 +17111,7 @@ CVE-2022-43272 (DCMTK v3.6.7 was discovered to contain
a memory leak via the T_A
NOTE:
https://github.com/songxpu/bug_report/tree/master/DCMTK/memory_leak_in_3.6.7
NOTE: Fixed by:
https://github.com/DCMTK/dcmtk/commit/c34f4e46e672ad21accf04da0dc085e43be6f5e1
CVE-2022-43271 (Inhabit Systems Pty Ltd Move CRM version 4, build 260 was
discovered t ...)
- TODO: check
+ NOT-FOR-US: Inhabit Systems Pty Ltd Move CRM
CVE-2022-43270
RESERVED
CVE-2022-43269
@@ -18773,11 +18774,11 @@ CVE-2022-42719 (A use-after-free in the mac80211
stack when parsing a multi-BSSI
NOTE:
https://lore.kernel.org/netdev/[email protected]/T/#u
NOTE: https://github.com/PurpleVsGreen/beacown
CVE-2022-42718 (Incorrect default permissions in the installation folder for
NI LabVIE ...)
- TODO: check
+ NOT-FOR-US: NI LabVIEW
CVE-2022-42717 (An issue was discovered in Hashicorp Packer before 2.3.1. The
recommen ...)
NOT-FOR-US: Hashicorp Packer
CVE-2022-42716 (An issue was discovered in the Arm Mali GPU Kernel Driver.
There is a ...)
- TODO: check
+ NOT-FOR-US: Arm Mali GPU Kernel Driver
CVE-2022-42715 (A reflected XSS vulnerability exists in REDCap before 12.04.18
in the ...)
NOT-FOR-US: REDCap
CVE-2022-42714
@@ -23534,7 +23535,7 @@ CVE-2022-40843 (The Tenda AC1200 V-W15Ev2
V15.11.0.10(1576) router is vulnerable
CVE-2022-40842 (ndk design NdkAdvancedCustomizationFields 3.5.0 is vulnerable
to Serve ...)
NOT-FOR-US: NdkAdvancedCustomizationFields
CVE-2022-40841 (A cross-site scripting (XSS) vulnerability in
NdkAdvancedCustomization ...)
- TODO: check
+ NOT-FOR-US: NdkAdvancedCustomizationFields
CVE-2022-40840 (ndk design NdkAdvancedCustomizationFields 3.5.0 is vulnerable
to Cross ...)
NOT-FOR-US: NdkAdvancedCustomizationFields
CVE-2022-40839 (A SQL injection vulnerability in the height and width
parameter in Ndk ...)
@@ -24191,19 +24192,19 @@ CVE-2022-3190 (Infinite loop in the F5 Ethernet
Trailer protocol dissector in Wi
NOTE: https://gitlab.com/wireshark/wireshark/-/issues/18307
NOTE: https://www.wireshark.org/security/wnpa-sec-2022-06.html
CVE-2022-3189 (Dataprobe iBoot-PDU FW versions prior to 1.42.06162022 contain
a vulne ...)
- TODO: check
+ NOT-FOR-US: Dataprobe iBoot-PDU FW
CVE-2022-3188 (Dataprobe iBoot-PDU FW versions prior to 1.42.06162022 contain
a vulne ...)
- TODO: check
+ NOT-FOR-US: Dataprobe iBoot-PDU FW
CVE-2022-3187 (Dataprobe iBoot-PDU FW versions prior to 1.42.06162022 contain
a vulne ...)
- TODO: check
+ NOT-FOR-US: Dataprobe iBoot-PDU FW
CVE-2022-3186 (Dataprobe iBoot-PDU FW versions prior to 1.42.06162022 contain
a vulne ...)
- TODO: check
+ NOT-FOR-US: Dataprobe iBoot-PDU FW
CVE-2022-3185 (Dataprobe iBoot-PDU FW versions prior to 1.42.06162022 contain
a vulne ...)
- TODO: check
+ NOT-FOR-US: Dataprobe iBoot-PDU FW
CVE-2022-3184 (Dataprobe iBoot-PDU FW versions prior to 1.42.06162022 contain
a vulne ...)
- TODO: check
+ NOT-FOR-US: Dataprobe iBoot-PDU FW
CVE-2022-3183 (Dataprobe iBoot-PDU FW versions prior to 1.42.06162022 contain
a vulne ...)
- TODO: check
+ NOT-FOR-US: Dataprobe iBoot-PDU FW
CVE-2022-3182 (Improper Access Control vulnerability in the Duo SMS two-factor
of Dev ...)
NOT-FOR-US: Devolutions Remote Desktop Manager
CVE-2022-40606 (MITRE CALDERA before 4.1.0 allows XSS in the Operations tab
and/or Deb ...)
@@ -27231,7 +27232,7 @@ CVE-2022-39306 (Grafana is an open-source platform for
monitoring and observabil
CVE-2022-39305 (Gin-vue-admin is a backstage management system based on vue
and gin, w ...)
NOT-FOR-US: Gin-vue-admin
CVE-2022-39304 (ghinstallation provides transport, which implements
http.RoundTripper ...)
- TODO: check
+ NOT-FOR-US: ghinstallation
CVE-2022-39303 (Ree6 is a moderation bot. This vulnerability allows
manipulation of SQ ...)
NOT-FOR-US: Ree6
CVE-2022-39302 (Ree6 is a moderation bot. This vulnerability would allow other
server ...)
@@ -27888,7 +27889,7 @@ CVE-2022-3075 (Insufficient data validation in Mojo in
Google Chrome prior to 10
CVE-2022-3074 (The Slider Hero WordPress plugin before 8.4.4 does not escape
the slid ...)
NOT-FOR-US: WordPress plugin
CVE-2022-3073 (Quanos "SCHEMA ST4" example web templates in version Bootstrap
2019 v2 ...)
- TODO: check
+ NOT-FOR-US: Quanos "SCHEMA ST4" example web templates
CVE-2022-3072 (Cross-site Scripting (XSS) - Stored in GitHub repository
francoisjacqu ...)
NOT-FOR-US: francoisjacquet/rosariosis
CVE-2006-20001
@@ -28386,7 +28387,7 @@ CVE-2022-38902 (A Cross-site scripting (XSS)
vulnerability in the Blog module -
CVE-2022-38901 (A Cross-site scripting (XSS) vulnerability in the Document and
Media m ...)
NOT-FOR-US: Liferay
CVE-2022-38900 (decode-uri-component 0.2.0 is vulnerable to Improper Input
Validation ...)
- TODO: check
+ NOT-FOR-US: Node decode-uri-component
CVE-2022-38899
RESERVED
CVE-2022-38898
@@ -28440,7 +28441,7 @@ CVE-2022-38875
CVE-2022-38874
RESERVED
CVE-2022-38873 (D-Link devices DAP-2310 v2.10rc036 and earlier, DAP-2330
v1.06rc020 an ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2022-38872
RESERVED
CVE-2022-38871 (In Free5gc v3.0.5, the AMF breaks due to malformed NAS
messages. ...)
@@ -28850,7 +28851,7 @@ CVE-2022-38755 (A vulnerability has been identified in
Micro Focus Filr in versi
CVE-2022-38754 (A potential vulnerability has been identified in Micro Focus
Operation ...)
NOT-FOR-US: Micro Focus
CVE-2022-38753 (This update resolves a multi-factor authentication bypass
attack ...)
- TODO: check
+ NOT-FOR-US: Micro Focus
CVE-2022-2999
RESERVED
CVE-2022-2998 (Use after free in Browser Creation in Google Chrome prior to
104.0.511 ...)
@@ -28965,7 +28966,7 @@ CVE-2022-38735
CVE-2022-38734
RESERVED
CVE-2022-38733 (OnCommand Insight versions 7.3.1 through 7.3.14 are
susceptible to an ...)
- TODO: check
+ NOT-FOR-US: NetApp
CVE-2022-38732 (SnapCenter versions prior to 4.7 shipped without Content
Security Poli ...)
NOT-FOR-US: SnapCenter (NetAPP)
CVE-2022-38731
@@ -29088,7 +29089,7 @@ CVE-2022-2968
CVE-2022-2967
RESERVED
CVE-2022-2966 (Out-of-bounds Read vulnerability in Delta Electronics
DOPSoft.This iss ...)
- TODO: check
+ NOT-FOR-US: Delta Electronics DOPSoft
CVE-2022-2965 (Improper Restriction of Rendered UI Layers or Frames in GitHub
reposit ...)
NOT-FOR-US: NotrinosERP
CVE-2022-2964 (A flaw was found in the Linux kernel’s driver for the
ASIX AX881 ...)
@@ -29228,7 +29229,7 @@ CVE-2022-38661 (HCL Workload Automation could allow a
local user to overwrite ke
CVE-2022-38660 (HCL XPages applications are susceptible to a Cross Site
Request Forger ...)
NOT-FOR-US: HCL
CVE-2022-38659 (In specific scenarios, on Windows the operator credentials may
be encr ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2022-38658
RESERVED
CVE-2022-38657
@@ -30736,9 +30737,9 @@ CVE-2022-38177 (By spoofing the target resolver with
responses that have a malfo
NOTE: Fixed by (while refactoring):
https://gitlab.isc.org/isc-projects/bind9/-/commit/d4eb6e0a57a7eeb42328ff66865fa66688603c17
(v9_17_20)
NOTE: Fixed by:
https://gitlab.isc.org/isc-projects/bind9/-/commit/5b2282afff760b1ed3471f6666bdfe8e1d34e590
(v9_16_33)
CVE-2022-2808 (Algan Yazılım Prens Student Information System
product has a ...)
- TODO: check
+ NOT-FOR-US: Algan
CVE-2022-2807 (Algan Yazılım Prens Student Information System
product has a ...)
- TODO: check
+ NOT-FOR-US: Algan
CVE-2022-2806 (It was found that the ovirt-log-collector/sosreport collects
the RHV a ...)
NOT-FOR-US: ovirt-log-collector
CVE-2022-2805 (A flaw was found in ovirt-engine, which leads to the logging of
plaint ...)
@@ -30938,9 +30939,9 @@ CVE-2022-38126
CVE-2022-38125
RESERVED
CVE-2022-38124 (Debug tool in Secomea SiteManager allows logged-in
administrator to mo ...)
- TODO: check
+ NOT-FOR-US: Secomea
CVE-2022-38123 (Improper Input Validation of plugin files in Administrator
Interface o ...)
- TODO: check
+ NOT-FOR-US: Secomea
CVE-2022-38122 (UPSMON PRO transmits sensitive data in cleartext over HTTP
protocol. A ...)
NOT-FOR-US: UPSMON PRO
CVE-2022-38121 (UPSMON PRO configuration file stores user password in
plaintext under ...)
@@ -30993,7 +30994,7 @@ CVE-2022-2754 (The Ketchup Restaurant Reservations
WordPress plugin through 1.0.
CVE-2022-2753 (The Ketchup Restaurant Reservations WordPress plugin through
1.0.0 doe ...)
NOT-FOR-US: WordPress plugin
CVE-2022-2752 (A vulnerability in the web server of Secomea GateManager allows
a loca ...)
- TODO: check
+ NOT-FOR-US: Secomea
CVE-2022-2751 (A vulnerability was found in SourceCodester Company Website CMS
and cl ...)
NOT-FOR-US: SourceCodester Company Website CMS
CVE-2022-2750 (A vulnerability, which was classified as critical, was found in
Source ...)
@@ -31669,7 +31670,7 @@ CVE-2022-37834
CVE-2022-37833
RESERVED
CVE-2022-37832 (Mutiny 7.2.0-10788 suffers from Hardcoded root password. ...)
- TODO: check
+ NOT-FOR-US: Mutiny
CVE-2022-37831
RESERVED
CVE-2022-37830
@@ -35898,9 +35899,9 @@ CVE-2022-36224 (XunRuiCMS V4.5.6 is vulnerable to Cross
Site Request Forgery (CS
CVE-2022-36223 (In Emby Server 4.6.7.0, the playlist name field is vulnerable
to XSS s ...)
NOT-FOR-US: Emby Server
CVE-2022-36222 (Nokia Fastmile 3tg00118abad52 devices shipped by Optus are
shipped wit ...)
- TODO: check
+ NOT-FOR-US: Nokia
CVE-2022-36221 (Nokia Fastmile 3tg00118abad52 is affected by an authenticated
path tra ...)
- TODO: check
+ NOT-FOR-US: Nokia
CVE-2022-36220 (Kiosk breakout (without quit password) in Safe Exam Browser
(Windows) ...)
NOT-FOR-US: Safe Exam Browser
CVE-2022-36219
@@ -37220,11 +37221,11 @@ CVE-2022-35697 (Adobe Experience Manager Core
Components version 2.20.6 (and ear
CVE-2022-35696 (Adobe Experience Manager version 6.5.14 (and earlier) is
affected by a ...)
NOT-FOR-US: Adobe
CVE-2022-35695 (Adobe Experience Manager version 6.5.14 (and earlier) is
affected by a ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2022-35694 (Adobe Experience Manager version 6.5.14 (and earlier) is
affected by a ...)
NOT-FOR-US: Adobe
CVE-2022-35693 (Adobe Experience Manager version 6.5.14 (and earlier) is
affected by a ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2022-35692 (Adobe Commerce versions 2.4.3-p2 (and earlier), 2.3.7-p3 (and
earlier) ...)
NOT-FOR-US: Adobe
CVE-2022-35691 (Adobe Acrobat Reader versions 22.002.20212 (and earlier) and
20.005.30 ...)
@@ -43967,7 +43968,7 @@ CVE-2022-33270
CVE-2022-33269
RESERVED
CVE-2022-33268 (Information disclosure due to buffer over-read in Bluetooth
HOST while ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2022-33267
RESERVED
CVE-2022-33266
@@ -44729,9 +44730,9 @@ CVE-2022-32969 (MetaMask before 10.11.3 might allow an
attacker to access a user
CVE-2022-32968
RESERVED
CVE-2022-32967 (RTL8111EP-CG/RTL8111FP-CG DASH function has hard-coded
password. An un ...)
- TODO: check
+ NOT-FOR-US: RTL8111EP-CG/RTL8111FP-CGm
CVE-2022-32966 (RTL8168FP-CG Dash remote management function has missing
authorization ...)
- TODO: check
+ NOT-FOR-US: RTL8168FP-CG
CVE-2022-32965 (OMICARD EDM has a hard-coded machine key. An unauthenticated
remote at ...)
NOT-FOR-US: OMICARD EDM
CVE-2022-32964 (OMICARD EDM’s API function has insufficient validation
for user ...)
@@ -48281,7 +48282,7 @@ CVE-2022-31710
CVE-2022-31709
RESERVED
CVE-2022-31708 (vRealize Operations (vROps) contains a broken access control
vulnerabi ...)
- TODO: check
+ NOT-FOR-US: VMware
CVE-2022-31707 (vRealize Operations (vROps) contains a privilege escalation
vulnerabil ...)
NOT-FOR-US: VMware
CVE-2022-31706
@@ -48331,7 +48332,7 @@ CVE-2022-31685 (VMware Workspace ONE Assist prior to
22.10 contains an Authentic
CVE-2022-31684 (Reactor Netty HTTP Server, in versions 1.0.11 - 1.0.23, may
log reques ...)
NOT-FOR-US: Reactor Netty, different from src:netty
CVE-2022-31683 (Concourse (7.x.y prior to 7.8.3 and 6.x.y prior to 6.7.9)
contains an ...)
- TODO: check
+ NOT-FOR-US: VMware
CVE-2022-31682 (VMware Aria Operations contains an arbitrary file read
vulnerability. ...)
NOT-FOR-US: VMware
CVE-2022-31681 (VMware ESXi contains a null-pointer deference vulnerability. A
malicio ...)
@@ -51301,7 +51302,7 @@ CVE-2022-30681 (Adobe Experience Manager versions
6.5.13.0 (and earlier) is affe
CVE-2022-30680 (Adobe Experience Manager versions 6.5.13.0 (and earlier) is
affected b ...)
NOT-FOR-US: Adobe
CVE-2022-30679 (Adobe Experience Manager version 6.5.14 (and earlier) is
affected by a ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2022-30678 (Adobe Experience Manager versions 6.5.13.0 (and earlier) is
affected b ...)
NOT-FOR-US: Adobe
CVE-2022-30677 (Adobe Experience Manager versions 6.5.13.0 (and earlier) is
affected b ...)
@@ -58913,7 +58914,7 @@ CVE-2022-28175
CVE-2022-28174
RESERVED
CVE-2022-28173 (The web server of some Hikvision wireless bridge products have
an acce ...)
- TODO: check
+ NOT-FOR-US: Hikvision
CVE-2022-28172 (The web module in some Hikvision Hybrid SAN/Cluster Storage
products h ...)
NOT-FOR-US: Hikvision
CVE-2022-28171 (The web module in some Hikvision Hybrid SAN/Cluster Storage
products h ...)
@@ -60615,7 +60616,7 @@ CVE-2022-27583 (A remote unprivileged attacker can
interact with the configurati
CVE-2022-27582 (Password recovery vulnerability in SICK SIM4000 (PPC)
Partnumber 10787 ...)
NOT-FOR-US: SICK SICK SIM4000 (PPC) Partnumber 1078787
CVE-2022-27581 (Use of a Broken or Risky Cryptographic Algorithm in SICK
RFU61x firmwa ...)
- TODO: check
+ NOT-FOR-US: SICK
CVE-2022-27580 (A deserialization vulnerability in a .NET framework class used
and not ...)
NOT-FOR-US: SICK
CVE-2022-27579 (A deserialization vulnerability in a .NET framework class used
and not ...)
@@ -60744,7 +60745,7 @@ CVE-2022-27520
CVE-2022-27519
RESERVED
CVE-2022-27518 (Unauthenticated remote arbitrary code execution ...)
- TODO: check
+ NOT-FOR-US: Citrix
CVE-2022-27517
RESERVED
CVE-2022-27516 (User login brute force protection functionality bypass ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fc9a34f8ab79693ac23dadf7b88afd244a814c52
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fc9a34f8ab79693ac23dadf7b88afd244a814c52
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
