diff options
| author | Moritz Muehlenhoff <jmm@debian.org> | 2022-11-28 11:05:45 +0100 |
|---|---|---|
| committer | Moritz Muehlenhoff <jmm@debian.org> | 2022-11-28 11:05:45 +0100 |
| commit | 2f4ed6a1d763d7467ea47cdd7648ca6325661e6f (patch) | |
| tree | 286eaf5d0b5024f47fe5da7ca6c79acba9946024 /data | |
| parent | c07fb8b3eb4c56e2a08e27acafc30a5d7baf5b2c (diff) | |
NFUs
Diffstat (limited to 'data')
| -rw-r--r-- | data/CVE/list | 62 |
1 files changed, 31 insertions, 31 deletions
diff --git a/data/CVE/list b/data/CVE/list index 6fdb9bca0f..06c2225718 100644 --- a/data/CVE/list +++ b/data/CVE/list @@ -454,7 +454,7 @@ CVE-2022-45916 CVE-2022-45915 RESERVED CVE-2022-45914 (The ESL (Electronic Shelf Label) protocol, as implemented by (for exam ...) - TODO: check + NOT-FOR-US: ESL (Electronic Shelf Label) protocol CVE-2022-45913 RESERVED CVE-2022-45912 @@ -467,9 +467,9 @@ CVE-2022-4145 CVE-2022-45910 RESERVED CVE-2022-45909 (drachtio-server 0.8.18 has a heap-based buffer over-read via a long Re ...) - TODO: check + NOT-FOR-US: drachtio-server CVE-2022-45908 (In PaddlePaddle before 2.4, paddle.audio.functional.get_window is vuln ...) - TODO: check + NOT-FOR-US: PaddlePaddle CVE-2022-45907 (In PyTorch before trunk/89695, torch.jit.annotations.parse_type_line c ...) - pytorch <unfixed> (bug #1024903) [bullseye] - pytorch <no-dsa> (Minor issue) @@ -13845,7 +13845,7 @@ CVE-2022-41956 CVE-2022-41955 RESERVED CVE-2022-41954 (MPXJ is an open source library to read and write project plans from a ...) - TODO: check + NOT-FOR-US: MPXJ CVE-2022-41953 RESERVED CVE-2022-41952 (Synapse before 1.52.0 with URL preview functionality enabled will atte ...) @@ -13880,7 +13880,7 @@ CVE-2022-41942 (Sourcegraph is a code intelligence platform. In versions prior t CVE-2022-41941 RESERVED CVE-2022-41940 (Engine.IO is the implementation of transport-based cross-browser/cross ...) - TODO: check + NOT-FOR-US: Engine.io CVE-2022-41939 (knative.dev/func is is a client library and CLI enabling the developme ...) NOT-FOR-US: knative.dev/func CVE-2022-41938 (Flarum is an open source discussion platform. Flarum's page title syst ...) @@ -13908,13 +13908,13 @@ CVE-2022-41928 (XWiki Platform vulnerable to Improper Neutralization of Directiv CVE-2022-41927 (XWiki Platform is vulnerable to Cross-Site Request Forgery (CSRF) that ...) NOT-FOR-US: XWiki CVE-2022-41926 (Nextcould talk android is the android OS implementation of the nextclo ...) - TODO: check + NOT-FOR-US: Nextcould CVE-2022-41925 (A vulnerability identified in the Tailscale client allows a malicious ...) - TODO: check + NOT-FOR-US: Tailscale CVE-2022-41924 (A vulnerability identified in the Tailscale Windows client allows a ma ...) - TODO: check + NOT-FOR-US: Tailscale CVE-2022-41923 (Grails Spring Security Core plugin is vulnerable to privilege escalati ...) - TODO: check + NOT-FOR-US: Grails Spring Security Core plugin CVE-2022-41922 (`yiisoft/yii` before version 1.1.27 are vulnerable to Remote Code Exec ...) - yii <itp> (bug #597899) CVE-2022-41921 @@ -13922,7 +13922,7 @@ CVE-2022-41921 CVE-2022-41920 (Lancet is a general utility library for the go programming language. A ...) NOT-FOR-US: Lancet CVE-2022-41919 (Fastify is a web framework with minimal overhead and plugin architectu ...) - TODO: check + NOT-FOR-US: Fastify CVE-2022-41918 (OpenSearch is a community-driven, open source fork of Elasticsearch an ...) NOT-FOR-US: OpenSearch CVE-2022-41917 (OpenSearch is a community-driven, open source fork of Elasticsearch an ...) @@ -14022,7 +14022,7 @@ CVE-2022-41877 (FreeRDP is a free remote desktop protocol library and clients. A CVE-2022-41876 (ezplatform-graphql is a GraphQL server implementation for Ibexa DXP an ...) NOT-FOR-US: ezplatform-graphql CVE-2022-41875 (A remote code execution (RCE) vulnerability in Optica allows unauthent ...) - TODO: check + NOT-FOR-US: Optica CVE-2022-41874 (Tauri is a framework for building binaries for all major desktop platf ...) NOT-FOR-US: Tauri CVE-2022-41873 (Contiki-NG is an open-source, cross-platform operating system for Next ...) @@ -15943,11 +15943,11 @@ CVE-2022-41160 CVE-2022-41159 RESERVED CVE-2022-41158 (Remote code execution vulnerability can be achieved by using cookie va ...) - TODO: check + NOT-FOR-US: eyoom CVE-2022-41157 (A specific file on the sERP server if Kyungrinara(ERP solution) has a ...) - TODO: check + NOT-FOR-US: Kyungrinara CVE-2022-41156 (Remote code execution vulnerability due to insufficient verification o ...) - TODO: check + NOT-FOR-US: OndiskPlayerAgent CVE-2022-41153 RESERVED CVE-2022-41152 @@ -19108,7 +19108,7 @@ CVE-2022-39835 (An issue was discovered in Gajim through 1.4.7. The vulnerabilit CVE-2022-39834 (A stored XSS vulnerability was discovered in adminweb/ra/viewendentity ...) NOT-FOR-US: PrimeKey EJBCA CVE-2022-39833 (FileCloud Versions 20.2 and later allows remote attackers to potential ...) - TODO: check + NOT-FOR-US: FileCloud CVE-2022-39832 (An issue was discovered in PSPP 1.6.2. There is a heap-based buffer ov ...) - pspp <unfixed> (bug #1019598) [bullseye] - pspp <no-dsa> (Minor issue) @@ -20055,7 +20055,7 @@ CVE-2022-39399 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise E CVE-2022-39398 (tasklists is a tasklists plugin for GLPI (Kanban). Versions prior to 2 ...) NOT-FOR-US: GLPI plugin CVE-2022-39397 (aliyun-oss-client is a rust client for Alibaba Cloud OSS. Users of thi ...) - TODO: check + NOT-FOR-US: aliyun-oss-client CVE-2022-39396 (Parse Server is an open source backend that can be deployed to any inf ...) NOT-FOR-US: Node parse-server CVE-2022-39395 (Vela is a Pipeline Automation (CI/CD) framework built on Linux contain ...) @@ -20186,7 +20186,7 @@ CVE-2022-39347 (FreeRDP is a free remote desktop protocol library and clients. A NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-c5xq-8v35-pffg NOTE: https://github.com/FreeRDP/FreeRDP/commit/027424c2c6c0991cb9c22f9511478229c9b17e5d CVE-2022-39346 (Nextcloud server is an open source personal cloud server. Affected ver ...) - TODO: check + - nextcloud-server <itp> (bug #941708) CVE-2022-39345 (Gin-vue-admin is a backstage management system based on vue and gin, w ...) NOT-FOR-US: Gin-vue-admin CVE-2022-39344 (Azure RTOS USBX is a USB host, device, and on-the-go (OTG) embedded st ...) @@ -20200,9 +20200,9 @@ CVE-2022-39341 (OpenFGA is an authorization/permission engine. Versions prior to CVE-2022-39340 (OpenFGA is an authorization/permission engine. Prior to version 0.2.4, ...) NOT-FOR-US: OpenFGA CVE-2022-39339 (user_oidc is an OpenID Connect user backend for Nextcloud. In versions ...) - TODO: check + NOT-FOR-US: Nextcloud addon CVE-2022-39338 (user_oidc is an OpenID Connect user backend for Nextcloud. Versions pr ...) - TODO: check + NOT-FOR-US: Nextcloud addon CVE-2022-39337 RESERVED CVE-2022-39336 @@ -20231,7 +20231,7 @@ CVE-2022-39327 (Azure CLI is the command-line interface for Microsoft Azure. In CVE-2022-39326 (kartverket/github-workflows are shared reusable workflows for GitHub A ...) NOT-FOR-US: kartverket/github-workflows CVE-2022-39325 (BaserCMS is a content management system with a japanese language focus ...) - TODO: check + NOT-FOR-US: BaserCMS CVE-2022-39324 RESERVED CVE-2022-39323 (GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Fre ...) @@ -20604,7 +20604,7 @@ CVE-2022-39201 (Grafana is an open source observability and data visualization p CVE-2022-39200 (Dendrite is a Matrix homeserver written in Go. In affected versions ev ...) NOT-FOR-US: Dendrite CVE-2022-39199 (immudb is a database with built-in cryptographic proof and verificatio ...) - TODO: check + NOT-FOR-US: immudb CVE-2022-39198 (A deserialization vulnerability existed in dubbo hessian-lite 3.2.12 a ...) NOT-FOR-US: Apache Dubbo CVE-2022-3099 (Use After Free in GitHub repository vim/vim prior to 9.0.0360. ...) @@ -25816,7 +25816,7 @@ CVE-2022-2652 (Depending on the way the format strings in the card label are cra CVE-2022-2651 (Authentication Bypass by Primary Weakness in GitHub repository bookwyr ...) NOT-FOR-US: BookWyrm CVE-2022-2650 (Improper Restriction of Excessive Authentication Attempts in GitHub re ...) - TODO: check + NOT-FOR-US: wger CVE-2022-2649 RESERVED CVE-2022-2648 (A vulnerability was found in SourceCodester Multi Language Hotel Manag ...) @@ -28424,7 +28424,7 @@ CVE-2022-2514 (The time and filter parameters in Fava prior to v1.22 are vulnera NOTE: https://huntr.dev/bounties/dbf77139-4384-4dc5-9994-45a5e0747429 NOTE: https://github.com/beancount/fava/commit/ca9e3882c7b5fbf5273ba52340b9fea6a99f3711 (v1.22) CVE-2022-2513 (A vulnerability exists in the Intelligent Electronic Device (IED) Conn ...) - TODO: check + NOT-FOR-US: Hitachi CVE-2022-2512 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) - gitlab <unfixed> CVE-2022-2511 (Cross-site Scripting (XSS) vulnerability in the "commonuserinterface" ...) @@ -29026,9 +29026,9 @@ CVE-2022-36182 (Hashicorp Boundary v0.8.0 is vulnerable to Clickjacking which al CVE-2022-36181 RESERVED CVE-2022-36180 (Fusiondirectory 1.3 is vulnerable to Cross Site Scripting (XSS) via /f ...) - TODO: check + NOT-FOR-US: Fusiondirectory CVE-2022-36179 (Fusiondirectory 1.3 suffers from Improper Session Handling. ...) - TODO: check + NOT-FOR-US: Fusiondirectory CVE-2022-36178 RESERVED CVE-2022-36177 @@ -29250,7 +29250,7 @@ CVE-2022-36112 (GLPI stands for Gestionnaire Libre de Parc Informatique and is a - glpi <removed> (unimportant) NOTE: Only supported behind an authenticated HTTP zone CVE-2022-36111 (immudb is a database with built-in cryptographic proof and verificatio ...) - TODO: check + NOT-FOR-US: immudb CVE-2022-36110 (Netmaker makes networks with WireGuard. Prior to version 0.15.1, Impro ...) NOT-FOR-US: Netmaker CVE-2022-36109 (Moby is an open-source project created by Docker to enable software co ...) @@ -32739,7 +32739,7 @@ CVE-2022-34832 CVE-2022-34831 (An issue was discovered in Keyfactor PrimeKey EJBCA before 7.9.0, rela ...) NOT-FOR-US: Keyfactor CVE-2022-34830 (An Arm product family through 2022-06-29 has a TOCTOU Race Condition t ...) - TODO: check + NOT-FOR-US: ARM CVE-2022-34829 (Zoho ManageEngine ADSelfService Plus before 6203 allows a denial of se ...) NOT-FOR-US: Zoho ManageEngine CVE-2022-34828 @@ -41208,11 +41208,11 @@ CVE-2022-31694 (InstallBuilder Qt installers built with versions previous to 22. CVE-2022-31693 RESERVED CVE-2022-31692 (Spring Security, versions 5.7 prior to 5.7.5 and 5.6 prior to 5.6.9 co ...) - TODO: check + - libspring-security-2.0-java <removed> CVE-2022-31691 (Spring Tools 4 for Eclipse version 4.16.0 and below as well as VSCode ...) - TODO: check + NOT-FOR-US: Spring Tools 4 for Eclipse CVE-2022-31690 (Spring Security, versions 5.7 prior to 5.7.5, and 5.6 prior to 5.6.9, ...) - TODO: check + - libspring-security-2.0-java <removed> CVE-2022-31689 (VMware Workspace ONE Assist prior to 22.10 contains a Session fixation ...) NOT-FOR-US: VMware CVE-2022-31688 (VMware Workspace ONE Assist prior to 22.10 contains a Reflected cross- ...) @@ -45656,7 +45656,7 @@ CVE-2022-1581 (The WP-Polls WordPress plugin before 2.76.0 prioritizes getting a CVE-2022-1580 (The Site Offline Or Coming Soon Or Maintenance Mode WordPress plugin b ...) NOT-FOR-US: WordPress plugin CVE-2022-1579 (The function check_is_login_page() uses headers for the IP check, whic ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-1578 (The My wpdb WordPress plugin before 2.5 is missing CSRF check when run ...) NOT-FOR-US: WordPress plugin CVE-2022-1577 (The Database Backup for WordPress plugin before 2.5.2 does not have CS ...) |