From d0dad1d21d7bab29c25d4d68395c2724cf2fe1b2 Mon Sep 17 00:00:00 2001 From: Salvatore Bonaccorso Date: Mon, 4 Jul 2022 22:40:13 +0200 Subject: Process some NFUs --- data/CVE/list | 44 ++++++++++++++++++++++---------------------- 1 file changed, 22 insertions(+), 22 deletions(-) diff --git a/data/CVE/list b/data/CVE/list index 1ee4dde289..cadbf6aa9e 100644 --- a/data/CVE/list +++ b/data/CVE/list @@ -4536,7 +4536,7 @@ CVE-2022-33173 CVE-2022-33172 RESERVED CVE-2022-33171 (** DISPUTED ** The findOne function in TypeORM before 0.3.0 can either ...) - TODO: check + NOT-FOR-US: TypeORM CVE-2022-33170 RESERVED CVE-2022-33169 @@ -4832,11 +4832,11 @@ CVE-2022-33025 (LibreDWG v0.12.4.4608 was discovered to contain a heap-use-after CVE-2022-33024 (There is an Assertion `int decode_preR13_entities(BITCODE_RL, BITCODE_ ...) - libredwg (bug #595191) CVE-2022-33023 (CVA6 commit 909d85a gives incorrect permission to use special multipli ...) - TODO: check + NOT-FOR-US: CVA6 CVE-2022-33022 RESERVED CVE-2022-33021 (CVA6 commit 909d85a accesses invalid memory when reading the value of ...) - TODO: check + NOT-FOR-US: CVA6 CVE-2022-33020 RESERVED CVE-2022-33019 @@ -4910,7 +4910,7 @@ CVE-2022-32990 (An issue in gimp_layer_invalidate_boundary of GNOME GIMP 2.10.30 CVE-2022-32989 RESERVED CVE-2022-32988 (Cross Site Scripting (XSS) vulnerability in router Asus DSL-N14U-B1 1. ...) - TODO: check + NOT-FOR-US: Asus CVE-2022-32987 (Multiple cross-site scripting (XSS) vulnerabilities in /bsms/?page=man ...) NOT-FOR-US: Simple Bakery Shop Management System CVE-2022-32986 @@ -13630,7 +13630,7 @@ CVE-2022-29898 (On various RAD-ISM-900-EN-* devices by PHOENIX CONTACT an admin CVE-2022-29897 (On various RAD-ISM-900-EN-* devices by PHOENIX CONTACT an admin user c ...) NOT-FOR-US: RAD-ISM-900-EN CVE-2022-29892 (Improper input validation vulnerability in Space of Cybozu Garoon 4.0. ...) - TODO: check + NOT-FOR-US: Cybozu CVE-2022-29885 (The documentation of Apache Tomcat 10.1.0-M1 to 10.1.0-M14, 10.0.0-M1 ...) - tomcat9 9.0.63-1 [bullseye] - tomcat9 (Minor issue) @@ -13668,33 +13668,33 @@ CVE-2022-29872 (A vulnerability has been identified in SICAM P850 (All versions CVE-2022-29518 (Screen Creator Advance2, HMI GC-A2 series, and Real time remote monito ...) NOT-FOR-US: Koyo Screen Creator Advance2 CVE-2022-29513 (Cross-site scripting vulnerability in Scheduler of Cybozu Garoon 4.10. ...) - TODO: check + NOT-FOR-US: Cybozu CVE-2022-29484 (Operation restriction bypass vulnerability in Space of Cybozu Garoon 4 ...) - TODO: check + NOT-FOR-US: Cybozu CVE-2022-29471 (Browse restriction bypass vulnerability in Bulletin of Cybozu Garoon a ...) - TODO: check + NOT-FOR-US: Cybozu CVE-2022-29467 (Address information disclosure vulnerability in Cybozu Garoon 4.2.0 to ...) - TODO: check + NOT-FOR-US: Cybozu CVE-2022-28718 (Operation restriction bypass vulnerability in Bulletin of Cybozu Garoo ...) - TODO: check + NOT-FOR-US: Cybozu CVE-2022-28713 (Improper authentication vulnerability in Scheduler of Cybozu Garoon 4. ...) - TODO: check + NOT-FOR-US: Cybozu CVE-2022-28692 (Improper input validation vulnerability in Scheduler of Cybozu Garoon ...) - TODO: check + NOT-FOR-US: Cybozu CVE-2022-27807 (Improper input validation vulnerability in Link of Cybozu Garoon 4.0.0 ...) - TODO: check + NOT-FOR-US: Cybozu CVE-2022-27803 (Improper input validation vulnerability in Space of Cybozu Garoon 4.0. ...) - TODO: check + NOT-FOR-US: Cybozu CVE-2022-27661 (Operation restriction bypass vulnerability in Workflow of Cybozu Garoo ...) - TODO: check + NOT-FOR-US: Cybozu CVE-2022-27627 (Cross-site scripting vulnerability in Organization's Information of Cy ...) - TODO: check + NOT-FOR-US: Cybozu CVE-2022-26368 (Browse restriction bypass and operation restriction bypass vulnerabili ...) - TODO: check + NOT-FOR-US: Cybozu CVE-2022-26054 (Operation restriction bypass vulnerability in Link of Cybozu Garoon 4. ...) - TODO: check + NOT-FOR-US: Cybozu CVE-2022-26051 (Operation restriction bypass vulnerability in Portal of Cybozu Garoon ...) - TODO: check + NOT-FOR-US: Cybozu CVE-2022-1525 RESERVED CVE-2022-1524 (LRM version 2.4 and lower does not implement TLS encryption. A malicio ...) @@ -18690,7 +18690,7 @@ CVE-2022-28201 [mediawiki: Title::newMainPage() goes into an infinite recursion NOTE: https://phabricator.wikimedia.org/T297571 NOTE: https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/YJNXKPV5Z56NSUQ4G3SXPDUIZG5EQ7UR/ CVE-2022-28200 (NVIDIA DGX A100 contains a vulnerability in SBIOS in the BiosCfgTool, ...) - TODO: check + NOT-FOR-US: NVIDIA CVE-2022-28199 RESERVED CVE-2022-28198 (NVIDIA Omniverse Nucleus and Cache contain a vulnerability in its conf ...) @@ -19639,7 +19639,7 @@ CVE-2022-27906 (Mendelson OFTP2 before 1.1 b43 is affected by directory traversa CVE-2022-27905 (In ControlUp Real-Time Agent before 8.6, an unquoted path can result i ...) NOT-FOR-US: ControlUp Real-Time Agent CVE-2022-27904 (The Automox Agent installation package before 37 on macOS allows an un ...) - TODO: check + NOT-FOR-US: Automox Agent installation package on macOS CVE-2022-27903 (An OS Command Injection vulnerability in the configuration parser of E ...) NOT-FOR-US: EVE-NG Professional CVE-2022-27902 @@ -24732,7 +24732,7 @@ CVE-2022-26137 CVE-2022-26136 RESERVED CVE-2022-26135 (A vulnerability in Mobile Plugin for Jira Data Center and Server allow ...) - TODO: check + NOT-FOR-US: Atlassian CVE-2022-26134 (In affected versions of Confluence Server and Data Center, an OGNL inj ...) NOT-FOR-US: Atlassian Confluence Server and Data Center CVE-2022-26133 (SharedSecretClusterAuthenticator in Atlassian Bitbucket Data Center ve ...) -- cgit v1.2.3