Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
8a1595ab by Salvatore Bonaccorso at 2022-09-01T22:50:11+02:00
Process some NFUs
- - - - -
ca180ef3 by Salvatore Bonaccorso at 2022-09-01T22:50:12+02:00
Add CVE-2022-32743/samba
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -16730,9 +16730,9 @@ CVE-2022-2046 (The Directorist WordPress plugin before
7.2.3 allows administrato
CVE-2022-2045
RESERVED
CVE-2022-2044 (MOXA NPort 5110: Firmware Versions 2.10 is vulnerable to an
out-of-bou ...)
- TODO: check
+ NOT-FOR-US: MOXA
CVE-2022-2043 (MOXA NPort 5110: Firmware Versions 2.10 is vulnerable to an
out-of-bou ...)
- TODO: check
+ NOT-FOR-US: MOXA
CVE-2022-2042 (Use After Free in GitHub repository vim/vim prior to 8.2. ...)
- vim 2:9.0.0135-1 (unimportant)
NOTE: https://huntr.dev/bounties/8628b4cd-4055-4059-aed4-64f7fdc10eba
@@ -16796,7 +16796,9 @@ CVE-2022-32744 (A flaw was found in Samba. The KDC
accepts kpasswd requests encr
[buster] - samba <no-dsa> (Minor issue; affects Samba as AD DC)
NOTE: https://www.samba.org/samba/security/CVE-2022-32744.html
CVE-2022-32743 (Samba does not validate the Validated-DNS-Host-Name right for
the dNSH ...)
- TODO: check
+ - samba <unfixed>
+ [bullseye] - samba <no-dsa> (Minor issue)
+ NOTE: https://bugzilla.samba.org/show_bug.cgi?id=14833
CVE-2022-32742 (A flaw was found in Samba. Some SMB1 write requests were not
correctly ...)
{DSA-5205-1}
- samba 2:4.16.4+dfsg-1 (bug #1016449)
@@ -17427,13 +17429,13 @@ CVE-2022-2007 (Use after free in WebGPU in Google
Chrome prior to 102.0.5005.115
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2022-2006 (AutomationDirect DirectLOGIC has a DLL vulnerability in the
install di ...)
- TODO: check
+ NOT-FOR-US: AutomationDirect
CVE-2022-2005 (AutomationDirect C-more EA9 HTTP webserver uses an insecure
mechanism ...)
- TODO: check
+ NOT-FOR-US: AutomationDirect
CVE-2022-2004 (AutomationDirect DirectLOGIC is vulnerable to a a specially
crafted pa ...)
- TODO: check
+ NOT-FOR-US: AutomationDirect
CVE-2022-2003 (AutomationDirect DirectLOGIC is vulnerable to a specifically
crafted s ...)
- TODO: check
+ NOT-FOR-US: AutomationDirect
CVE-2022-2002
RESERVED
CVE-2022-2001 (The DX Share Selection plugin for WordPress is vulnerable to
Cross-Sit ...)
@@ -21163,7 +21165,7 @@ CVE-2022-31234 (Dell EMC PowerStore, contain(s) an
Improper Restriction of Exces
CVE-2022-31233 (Unisphere for PowerMax versions before 9.2.3.15 contain a
privilege es ...)
TODO: check
CVE-2022-31232 (SmartFabric storage software version 1.0.0 contains a
Command-Injectio ...)
- TODO: check
+ NOT-FOR-US: SmartFabric storage software
CVE-2022-31231
RESERVED
CVE-2022-31230 (Dell PowerScale OneFS, versions 8.2.x-9.2.x, contain broken or
risky c ...)
@@ -23915,9 +23917,9 @@ CVE-2022-30320 (Saia Burgess Controls (SBC) PCD through
2022-05-06 uses a Broken
CVE-2022-30319 (Saia Burgess Controls (SBC) PCD through 2022-05-06 allows
Authenticati ...)
NOT-FOR-US: Saia Burgess Controls
CVE-2022-30318 (Honeywell ControlEdge through R151.1 uses Hard-coded
Credentials. Acco ...)
- TODO: check
+ NOT-FOR-US: Honeywell
CVE-2022-30317 (Honeywell Experion LX through 2022-05-06 has Missing
Authentication fo ...)
- TODO: check
+ NOT-FOR-US: Honeywell
CVE-2022-30316 (Honeywell Experion PKS Safety Manager 5.02 has Insufficient
Verificati ...)
NOT-FOR-US: Honeywell
CVE-2022-30315 (Honeywell Experion PKS Safety Manager (SM and FSC) through
2022-05-06 ...)
@@ -26398,9 +26400,9 @@ CVE-2022-29504
CVE-2022-29503
RESERVED
CVE-2022-1405 (CNCSoft: All versions prior to 1.01.32 does not properly
sanitize inpu ...)
- TODO: check
+ NOT-FOR-US: CNCSoft
CVE-2022-1404 (Delta Electronics CNCSoft (All versions prior to 1.01.32) does
not pro ...)
- TODO: check
+ NOT-FOR-US: Delta Electronics
CVE-2022-1403 (ASDA-Soft: Version 5.4.1.0 and prior does not properly sanitize
input ...)
NOT-FOR-US: ASDA-Soft
CVE-2022-1402 (ASDA-Soft: Version 5.4.1.0 and prior does not properly sanitize
input ...)
@@ -31108,7 +31110,7 @@ CVE-2022-27913
CVE-2022-27912
RESERVED
CVE-2022-27911 (An issue was discovered in Joomla! 4.2.0. Multiple Full Path
Disclosur ...)
- TODO: check
+ NOT-FOR-US: Joomla!
CVE-2022-27910 (In Joomla component 'Joomlatools - DOCman 3.5.13 (and likely
most vers ...)
NOT-FOR-US: Joomla component
CVE-2022-27909 (In Joomla component 'jDownloads 3.9.8.2 Stable' the remote
user can ch ...)
@@ -32043,13 +32045,13 @@ CVE-2022-27565
CVE-2022-27564
RESERVED
CVE-2022-27563 (An unauthenticated user can overload a part of HCL
VersionVault Expres ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2022-27562
RESERVED
CVE-2022-27561
RESERVED
CVE-2022-27560 (HCL VersionVault Express exposes administrator credentials.
...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2022-27559
RESERVED
CVE-2022-27558 (HCL iNotes is susceptible to a Broken Password Strength Checks
vulnera ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/502c21ed0f1a93e7a9374757e9acdab4d1ecb036...ca180ef3e9dcc3bca9259097e42e0a6466e76d9a
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/502c21ed0f1a93e7a9374757e9acdab4d1ecb036...ca180ef3e9dcc3bca9259097e42e0a6466e76d9a
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
