Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: b849cf6c by Salvatore Bonaccorso at 2022-08-16T22:19:49+02:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -464,17 +464,17 @@ CVE-2022-38196 CVE-2022-38195 RESERVED CVE-2022-38194 (In Esri Portal for ArcGIS versions 10.8.1, a system property is not pr ...) - TODO: check + NOT-FOR-US: Esri Portal for ArcGIS CVE-2022-38193 (There is a code injection vulnerability in Esri Portal for ArcGIS vers ...) - TODO: check + NOT-FOR-US: Esri Portal for ArcGIS CVE-2022-38192 (A stored Cross Site Scripting (XSS) vulnerability in Esri Portal for A ...) - TODO: check + NOT-FOR-US: Esri Portal for ArcGIS CVE-2022-38191 (There is an HTML injection issue in Esri Portal for ArcGIS versions 10 ...) NOT-FOR-US: Esri Portal for ArcGIS CVE-2022-38190 (A stored Cross Site Scripting (XSS) vulnerability in Esri Portal for A ...) NOT-FOR-US: Esri Portal for ArcGIS CVE-2022-38189 (A stored Cross Site Scripting (XSS) vulnerability in Esri Portal for A ...) - TODO: check + NOT-FOR-US: Esri Portal for ArcGIS CVE-2022-38188 (There is a reflected XSS vulnerability in Esri Portal for ArcGIS versi ...) NOT-FOR-US: Esri Portal for ArcGIS CVE-2022-38187 (Prior to version 10.9.0, the sharing/rest/content/features/analyze end ...) @@ -484,7 +484,7 @@ CVE-2022-38186 (There is a reflected XSS vulnerability in Esri Portal for ArcGIS CVE-2022-38185 RESERVED CVE-2022-38184 (There is an improper access control vulnerability in Portal for ArcGIS ...) - TODO: check + NOT-FOR-US: Esri Portal for ArcGIS CVE-2022-38183 (In Gitea before 1.16.9, it was possible for users to add existing issu ...) - gitea <removed> CVE-2022-38182 @@ -4420,7 +4420,7 @@ CVE-2022-36601 CVE-2022-36600 RESERVED CVE-2022-36599 (Mingsoft MCMS 5.2.8 was discovered to contain a SQL injection vulnerab ...) - TODO: check + NOT-FOR-US: Mingsoft MCMS CVE-2022-36598 RESERVED CVE-2022-36597 @@ -4826,9 +4826,9 @@ CVE-2022-2523 (Cross-site Scripting (XSS) - Reflected in GitHub repository beanc NOTE: https://huntr.dev/bounties/2a1802d8-1c2e-4919-96a7-d4dcf7ffcf8f NOTE: https://github.com/beancount/fava/commit/dccfb6a2f4567f35ce2e9a78e24f92ebf946bc9b (v1.22.2) CVE-2022-36381 (OS command injection vulnerability in Nintendo Wi-Fi Network Adaptor W ...) - TODO: check + NOT-FOR-US: Nintendo Wi-Fi Network Adaptor WAP-001 CVE-2022-36293 (Buffer overflow vulnerability in Nintendo Wi-Fi Network Adaptor WAP-00 ...) - TODO: check + NOT-FOR-US: Nintendo Wi-Fi Network Adaptor WAP-001 CVE-2022-35734 ('Hulu / フールー' App for Android from version ...) TODO: check CVE-2022-34156 ('Hulu / フールー' App for iOS versions prior t ...) @@ -5014,7 +5014,7 @@ CVE-2022-36361 CVE-2022-36360 RESERVED CVE-2022-35239 (The image file management page of SolarView Compact SV-CPT-MC310 Ver.7 ...) - TODO: check + NOT-FOR-US: SolarView Compact SV-CPT-MC310 CVE-2022-2505 RESERVED - firefox 103.0-1 @@ -5358,9 +5358,9 @@ CVE-2022-36275 CVE-2022-36274 RESERVED CVE-2022-36273 (Tenda AC9 V15.03.2.21_cn is vulnerable to command injection via goform ...) - TODO: check + NOT-FOR-US: Tenda CVE-2022-36272 (Mingsoft MCMS 5.2.8 was discovered to contain a SQL injection vulnerab ...) - TODO: check + NOT-FOR-US: Mingsoft MCMS CVE-2022-36271 RESERVED CVE-2022-36270 (Clinic's Patient Management System v1.0 has arbitrary code execution v ...) @@ -5420,7 +5420,7 @@ CVE-2022-36244 CVE-2022-36243 RESERVED CVE-2022-36242 (Clinic's Patient Management System v1.0 is vulnerable to SQL Injection ...) - TODO: check + NOT-FOR-US: Clinic's Patient Management System CVE-2022-36241 RESERVED CVE-2022-36240 @@ -21430,7 +21430,7 @@ CVE-2022-30266 CVE-2022-30265 RESERVED CVE-2022-30264 (The Emerson ROC and FloBoss RTU product lines through 2022-05-02 perfo ...) - TODO: check + NOT-FOR-US: Emerson CVE-2022-30263 RESERVED CVE-2022-30262 @@ -22253,7 +22253,7 @@ CVE-2022-29961 CVE-2022-29960 (Emerson OpenBSI through 2022-04-29 uses weak cryptography. It is an en ...) NOT-FOR-US: Emerson CVE-2022-29959 (Emerson OpenBSI through 2022-04-29 mishandles credential storage. It i ...) - TODO: check + NOT-FOR-US: Emerson CVE-2022-29958 (JTEKT TOYOPUC PLCs through 2022-04-29 do not ensure data integrity. Th ...) NOT-FOR-US: JTEKT TOYOPUC PLCs CVE-2022-29957 (The Emerson DeltaV Distributed Control System (DCS) through 2022-04-29 ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b849cf6c767a994cf5c3028ea9bcdb380ef91799 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b849cf6c767a994cf5c3028ea9bcdb380ef91799 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits