Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
1af50de8 by Salvatore Bonaccorso at 2022-01-04T21:32:13+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -661,7 +661,7 @@ CVE-2022-22295
CVE-2022-22294
RESERVED
CVE-2022-0086 (uppy is vulnerable to Server-Side Request Forgery (SSRF) ...)
- TODO: check
+ NOT-FOR-US: Node uppy
CVE-2022-0085
RESERVED
CVE-2022-0084
@@ -984,11 +984,11 @@ CVE-2021-45982
CVE-2021-45981
RESERVED
CVE-2021-45980 (Foxit PDF Reader and PDF Editor before 11.1 on macOS allow
remote atta ...)
- TODO: check
+ NOT-FOR-US: Foxit
CVE-2021-45979 (Foxit PDF Reader and PDF Editor before 11.1 on macOS allow
remote atta ...)
- TODO: check
+ NOT-FOR-US: Foxit
CVE-2021-45978 (Foxit PDF Reader and PDF Editor before 11.1 on macOS allow
remote atta ...)
- TODO: check
+ NOT-FOR-US: Foxit
CVE-2021-45977
RESERVED
CVE-2021-45976
@@ -1445,9 +1445,9 @@ CVE-2021-4188 (mruby is vulnerable to NULL Pointer
Dereference ...)
NOTE: https://huntr.dev/bounties/78533fb9-f3e0-47c2-86dc-d1f96d5bea28
NOTE: Fixed by:
https://github.com/mruby/mruby/commit/27d1e0132a0804581dca28df042e7047fd27eaa8
CVE-2021-45913 (A hardcoded key in ControlUp Real-Time Agent (cuAgent.exe)
before 8.2. ...)
- TODO: check
+ NOT-FOR-US: ControlUp Real-Time Agent
CVE-2021-45912 (An unauthenticated Named Pipe channel in Controlup Real-Time
Agent (cu ...)
- TODO: check
+ NOT-FOR-US: ControlUp Real-Time Agent
CVE-2021-44775
RESERVED
CVE-2021-44465
@@ -3156,7 +3156,7 @@ CVE-2021-45391
CVE-2021-45390
RESERVED
CVE-2021-45389 (StarWind SAN & NAS build 1578 and StarWind Command Center
Build 68 ...)
- TODO: check
+ NOT-FOR-US: StarWind
CVE-2021-45388
RESERVED
CVE-2021-45387
@@ -6959,7 +6959,7 @@ CVE-2021-44170
CVE-2021-44169
RESERVED
CVE-2021-44168 (A download of code without integrity check vulnerability in
the "execu ...)
- TODO: check
+ NOT-FOR-US: FortiGuard
CVE-2021-44167
RESERVED
CVE-2021-44166
@@ -7959,9 +7959,9 @@ CVE-2021-43860
CVE-2021-43859
RESERVED
CVE-2021-43858 (MinIO is a Kubernetes native application for cloud storage.
Prior to v ...)
- TODO: check
+ NOT-FOR-US: MinIO
CVE-2021-43857 (Gerapy is a distributed crawler management framework. Gerapy
prior to ...)
- TODO: check
+ NOT-FOR-US: Gerapy
CVE-2021-43856 (Wiki.js is a wiki app built on Node.js. Wiki.js 2.5.263 and
earlier is ...)
NOT-FOR-US: Wiki.js
CVE-2021-43855 (Wiki.js is a wiki app built on node.js. Wiki.js 2.5.263 and
earlier is ...)
@@ -9125,7 +9125,7 @@ CVE-2021-43713
CVE-2021-43712
RESERVED
CVE-2021-43711 (The downloadFlile.cgi binary file in TOTOLINK EX200
V4.0.3c.7646_B2020 ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2021-43710
RESERVED
CVE-2021-43709
@@ -15962,7 +15962,7 @@ CVE-2021-3846 (firefly-iii is vulnerable to
Unrestricted Upload of File with Dan
CVE-2021-23139 (A null pointer vulnerability in Trend Micro Apex One and
Worry-Free Bu ...)
NOT-FOR-US: Trend Micro
CVE-2021-3845 (ws-scrcpy is vulnerable to External Control of File Name or
Path ...)
- TODO: check
+ NOT-FOR-US: ws-scrcpy
CVE-2021-41832 (It is possible for an attacker to manipulate documents to
appear to be ...)
NOT-FOR-US: Apache OpenOffice
CVE-2021-41831 (It is possible for an attacker to manipulate the timestamp of
signed d ...)
@@ -17410,7 +17410,7 @@ CVE-2021-41238 (Hangfire is an open source system to
perform background job proc
CVE-2021-41237
RESERVED
CVE-2021-41236 (OroPlatform is a PHP Business Application Platform. In
affected versio ...)
- TODO: check
+ NOT-FOR-US: OroPlatform
CVE-2021-41235
RESERVED
CVE-2021-41234
@@ -20495,9 +20495,9 @@ CVE-2021-39976 (There is a privilege escalation
vulnerability in CloudEngine 580
CVE-2021-39975 (Hilinksvc has a Data Processing Errors
vulnerability.Successful exploi ...)
TODO: check
CVE-2021-39974 (There is an Out-of-bounds read in Smartphones.Successful
exploitation ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2021-39973 (There is a Null pointer dereference in Smartphones.Successful
exploita ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2021-39972 (MyHuawei-App has a Exposure of Sensitive Information to an
Unauthorize ...)
TODO: check
CVE-2021-39971 (Password vault has a External Control of System or
Configuration Setti ...)
@@ -22593,7 +22593,7 @@ CVE-2021-39144 (XStream is a simple library to
serialize objects to XML and back
NOTE:
https://github.com/x-stream/xstream/security/advisories/GHSA-j9h8-phrw-h4fh
NOTE: https://x-stream.github.io/CVE-2021-39144.html
CVE-2021-39143 (Spinnaker is an open source, multi-cloud continuous delivery
platform. ...)
- TODO: check
+ NOT-FOR-US: Spinnaker
CVE-2021-39142
RESERVED
CVE-2021-39141 (XStream is a simple library to serialize objects to XML and
back again ...)
@@ -23564,7 +23564,7 @@ CVE-2021-38690
CVE-2021-38689
RESERVED
CVE-2021-38688 (An improper authentication vulnerability has been reported to
affect A ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2021-38687 (A stack buffer overflow vulnerability has been reported to
affect QNAP ...)
NOT-FOR-US: QNAP
CVE-2021-38686 (An improper authentication vulnerability has been reported to
affect Q ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1af50de81857db32d22c9ce6163c64c2db74ed69
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1af50de81857db32d22c9ce6163c64c2db74ed69
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
