Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
af8c9c63 by Salvatore Bonaccorso at 2022-06-21T22:56:43+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -11875,9 +11875,9 @@ CVE-2022-29777 (Onlyoffice Document Server v6.0.0 and
below and Core 6.1.0.26 an
CVE-2022-29776 (Onlyoffice Document Server v6.0.0 and below and Core 6.1.0.26
and belo ...)
NOT-FOR-US: Onlyoffice Document Server
CVE-2022-29775 (iSpyConnect iSpy v7.2.2.0 allows attackers to bypass
authentication vi ...)
- TODO: check
+ NOT-FOR-US: iSpyConnect iSpy
CVE-2022-29774 (iSpyConnect iSpy v7.2.2.0 is vulnerable to path traversal. ...)
- TODO: check
+ NOT-FOR-US: iSpyConnect iSpy
CVE-2022-29773 (An access control issue in aleksis/core/util/auth_helpers.py:
ClientPr ...)
NOT-FOR-US: AlekSIS
CVE-2022-29772
@@ -17353,17 +17353,17 @@ CVE-2022-27881 (engine.c in slaacd in OpenBSD 6.9 and
7.0 before 2022-02-21 has
CVE-2022-27873
RESERVED
CVE-2022-27872 (A maliciously crafted PDF file may be used to dereference a
pointer fo ...)
- TODO: check
+ NOT-FOR-US: Autodesk
CVE-2022-27871 (Autodesk AutoCAD product suite, Revit, Design Review and
Navisworks re ...)
- TODO: check
+ NOT-FOR-US: Autodesk
CVE-2022-27870 (A maliciously crafted TGA file in Autodesk AutoCAD 2023 may be
used to ...)
- TODO: check
+ NOT-FOR-US: Autodesk
CVE-2022-27869 (A maliciously crafted TIFF file in Autodesk AutoCAD 2023 can
be forced ...)
- TODO: check
+ NOT-FOR-US: Autodesk
CVE-2022-27868 (A maliciously crafted CAT file in Autodesk AutoCAD 2023 can be
used to ...)
- TODO: check
+ NOT-FOR-US: Autodesk
CVE-2022-27867 (A maliciously crafted JT file in Autodesk AutoCAD 2022, 2021,
2020, 20 ...)
- TODO: check
+ NOT-FOR-US: Autodesk
CVE-2022-27866
RESERVED
CVE-2022-27865
@@ -22350,7 +22350,7 @@ CVE-2022-26149 (MODX Revolution through 2.8.3-pl allows
remote authenticated adm
CVE-2022-26148 (An issue was discovered in Grafana through 7.3.4, when
integrated with ...)
- grafana <removed>
CVE-2022-26147 (The Quectel RG502Q-EA modem before 2022-02-23 allow OS Command
Injecti ...)
- TODO: check
+ NOT-FOR-US: Quectel RG502Q-EA modem
CVE-2022-26146 (Tricentis qTest before 10.4 allows stored XSS by an
authenticated atta ...)
NOT-FOR-US: Tricentis qTest
CVE-2022-26145
@@ -23764,7 +23764,7 @@ CVE-2022-25587
CVE-2022-25586
RESERVED
CVE-2022-25585 (Unioncms v1.0.13 was discovered to contain a stored cross-site
scripti ...)
- TODO: check
+ NOT-FOR-US: Unioncms
CVE-2022-25584 (Seyeon Tech Co., Ltd FlexWATCH FW3170-PS-E Network Video
System 4.23-3 ...)
NOT-FOR-US: FlexWATCH FW3170-PS-E
CVE-2022-25583
@@ -31169,7 +31169,7 @@ CVE-2022-23344
CVE-2022-23343
RESERVED
CVE-2022-23342 (The Hyland Onbase Application Server releases prior to
20.3.58.1000 an ...)
- TODO: check
+ NOT-FOR-US: Hyland Onbase Application Server
CVE-2022-23341
RESERVED
CVE-2022-23340 (Joplin 2.6.10 allows remote attackers to execute system
commands throu ...)
@@ -32100,7 +32100,7 @@ CVE-2022-23173
CVE-2022-23172
RESERVED
CVE-2022-23171 (AtlasVPN - Privilege Escalation Lack of proper security
controls on na ...)
- TODO: check
+ NOT-FOR-US: AtlasVPN
CVE-2022-23170
RESERVED
CVE-2022-23169 (attacker needs to craft a SQL payload. the vulnerable
parameter is "ag ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/af8c9c633e97dc820c5a25a893eb4d5ddc39e1e0
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/af8c9c633e97dc820c5a25a893eb4d5ddc39e1e0
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
