Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: af8c9c63 by Salvatore Bonaccorso at 2022-06-21T22:56:43+02:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -11875,9 +11875,9 @@ CVE-2022-29777 (Onlyoffice Document Server v6.0.0 and below and Core 6.1.0.26 an CVE-2022-29776 (Onlyoffice Document Server v6.0.0 and below and Core 6.1.0.26 and belo ...) NOT-FOR-US: Onlyoffice Document Server CVE-2022-29775 (iSpyConnect iSpy v7.2.2.0 allows attackers to bypass authentication vi ...) - TODO: check + NOT-FOR-US: iSpyConnect iSpy CVE-2022-29774 (iSpyConnect iSpy v7.2.2.0 is vulnerable to path traversal. ...) - TODO: check + NOT-FOR-US: iSpyConnect iSpy CVE-2022-29773 (An access control issue in aleksis/core/util/auth_helpers.py: ClientPr ...) NOT-FOR-US: AlekSIS CVE-2022-29772 @@ -17353,17 +17353,17 @@ CVE-2022-27881 (engine.c in slaacd in OpenBSD 6.9 and 7.0 before 2022-02-21 has CVE-2022-27873 RESERVED CVE-2022-27872 (A maliciously crafted PDF file may be used to dereference a pointer fo ...) - TODO: check + NOT-FOR-US: Autodesk CVE-2022-27871 (Autodesk AutoCAD product suite, Revit, Design Review and Navisworks re ...) - TODO: check + NOT-FOR-US: Autodesk CVE-2022-27870 (A maliciously crafted TGA file in Autodesk AutoCAD 2023 may be used to ...) - TODO: check + NOT-FOR-US: Autodesk CVE-2022-27869 (A maliciously crafted TIFF file in Autodesk AutoCAD 2023 can be forced ...) - TODO: check + NOT-FOR-US: Autodesk CVE-2022-27868 (A maliciously crafted CAT file in Autodesk AutoCAD 2023 can be used to ...) - TODO: check + NOT-FOR-US: Autodesk CVE-2022-27867 (A maliciously crafted JT file in Autodesk AutoCAD 2022, 2021, 2020, 20 ...) - TODO: check + NOT-FOR-US: Autodesk CVE-2022-27866 RESERVED CVE-2022-27865 @@ -22350,7 +22350,7 @@ CVE-2022-26149 (MODX Revolution through 2.8.3-pl allows remote authenticated adm CVE-2022-26148 (An issue was discovered in Grafana through 7.3.4, when integrated with ...) - grafana <removed> CVE-2022-26147 (The Quectel RG502Q-EA modem before 2022-02-23 allow OS Command Injecti ...) - TODO: check + NOT-FOR-US: Quectel RG502Q-EA modem CVE-2022-26146 (Tricentis qTest before 10.4 allows stored XSS by an authenticated atta ...) NOT-FOR-US: Tricentis qTest CVE-2022-26145 @@ -23764,7 +23764,7 @@ CVE-2022-25587 CVE-2022-25586 RESERVED CVE-2022-25585 (Unioncms v1.0.13 was discovered to contain a stored cross-site scripti ...) - TODO: check + NOT-FOR-US: Unioncms CVE-2022-25584 (Seyeon Tech Co., Ltd FlexWATCH FW3170-PS-E Network Video System 4.23-3 ...) NOT-FOR-US: FlexWATCH FW3170-PS-E CVE-2022-25583 @@ -31169,7 +31169,7 @@ CVE-2022-23344 CVE-2022-23343 RESERVED CVE-2022-23342 (The Hyland Onbase Application Server releases prior to 20.3.58.1000 an ...) - TODO: check + NOT-FOR-US: Hyland Onbase Application Server CVE-2022-23341 RESERVED CVE-2022-23340 (Joplin 2.6.10 allows remote attackers to execute system commands throu ...) @@ -32100,7 +32100,7 @@ CVE-2022-23173 CVE-2022-23172 RESERVED CVE-2022-23171 (AtlasVPN - Privilege Escalation Lack of proper security controls on na ...) - TODO: check + NOT-FOR-US: AtlasVPN CVE-2022-23170 RESERVED CVE-2022-23169 (attacker needs to craft a SQL payload. the vulnerable parameter is "ag ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/af8c9c633e97dc820c5a25a893eb4d5ddc39e1e0 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/af8c9c633e97dc820c5a25a893eb4d5ddc39e1e0 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits