Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
a476057f by Salvatore Bonaccorso at 2022-01-23T14:46:22+01:00
Process NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -191,7 +191,7 @@ CVE-2022-23780
CVE-2022-21147
RESERVED
CVE-2022-0323 (Improper Neutralization of Special Elements Used in a Template
Engine ...)
- TODO: check
+ NOT-FOR-US: Mustache (implementation in PHP)
CVE-2022-0322 [DoS in sctp_addto_chunk in net/sctp/sm_make_chunk.c]
RESERVED
- linux 5.14.16-1
@@ -1595,7 +1595,7 @@ CVE-2022-0245 (Cross-Site Request Forgery (CSRF) in
GitHub repository livehelper
CVE-2022-0244 (An issue has been discovered in GitLab CE/EE affecting all
versions st ...)
- gitlab <unfixed>
CVE-2022-0243 (Cross-site Scripting (XSS) - Stored in NuGet
OrchardCore.Application.C ...)
- TODO: check
+ NOT-FOR-US: Orchard CMS
CVE-2022-23302 (JMSSink in all versions of Log4j 1.x is vulnerable to
deserialization ...)
- apache-log4j1.2 <unfixed>
NOTE: https://www.openwall.com/lists/oss-security/2022/01/18/3
@@ -9146,7 +9146,7 @@ CVE-2021-4104 (JMSAppender in Log4j 1.2 is vulnerable to
deserialization of untr
NOTE: Issue for Log4j 1.2 when specifically configured to use
JMSAppender (not the default)
NOTE: https://www.openwall.com/lists/oss-security/2021/12/13/2
CVE-2021-4103 (Cross-site Scripting (XSS) - Stored in GitHub repository
vanessa219/vd ...)
- TODO: check
+ NOT-FOR-US: vditor
CVE-2021-44832 (Apache Log4j2 versions 2.0-beta7 through 2.17.0 (excluding
security fi ...)
{DLA-2870-1}
- apache-log4j2 2.17.1-1 (bug #1002813)
@@ -10426,7 +10426,7 @@ CVE-2021-33843 (Fresenius Kabi Agilia Link + version
3.0 has a default configura
CVE-2021-31562 (The SSL/TLS configuration of Fresenius Kabi Agilia Link +
version 3.0 ...)
NOT-FOR-US: Fresenius Kabi Agilia Link
CVE-2021-23236 (Requests may be used to interrupt the normal operation of the
device. ...)
- TODO: check
+ NOT-FOR-US: Fresenius Kabi Agilia Link+
CVE-2021-23233 (Sensitive endpoints in Fresenius Kabi Agilia Link+ v3.0 and
prior can ...)
NOT-FOR-US: Fresenius Kabi Agilia Link
CVE-2021-23207 (An attacker with physical access to the host can extract the
secrets f ...)
@@ -11861,7 +11861,7 @@ CVE-2022-21709
CVE-2022-21708 (graphql-go is a GraphQL server with a focus on ease of use. In
version ...)
TODO: check
CVE-2022-21707 (wasmCloud Host Runtime is a server process that securely hosts
and pro ...)
- TODO: check
+ NOT-FOR-US: wasmCloud Host Runtime
CVE-2022-21706
RESERVED
CVE-2022-21705
@@ -20232,7 +20232,7 @@ CVE-2021-41866 (MyBB before 1.8.28 allows stored XSS
because the displayed Templ
CVE-2021-3853 (chaskiq is vulnerable to Improper Neutralization of Input
During Web P ...)
NOT-FOR-US: chaskiq
CVE-2021-3852 (growi is vulnerable to Authorization Bypass Through
User-Controlled Ke ...)
- TODO: check
+ NOT-FOR-US: GROWI
CVE-2021-41865 (HashiCorp Nomad and Nomad Enterprise 1.1.1 through 1.1.5
allowed authe ...)
- nomad <not-affected> (Only affects 1.1.x)
NOTE:
https://discuss.hashicorp.com/t/hcsec-2021-26-nomad-denial-of-service-via-submission-of-incomplete-job-specification-using-consul-mesh-gateway-host-network/30311
@@ -26033,7 +26033,7 @@ CVE-2021-39482
CVE-2021-39481
RESERVED
CVE-2021-39480 (Bingrep v0.8.5 was discovered to contain a memory allocation
failure w ...)
- TODO: check
+ NOT-FOR-US: bingrep
CVE-2021-39479
RESERVED
CVE-2021-39478
@@ -27941,13 +27941,13 @@ CVE-2021-38698 (HashiCorp Consul and Consul
Enterprise 1.10.1 Txn.Apply endpoint
NOTE:
https://discuss.hashicorp.com/t/hcsec-2021-24-consul-missing-authorization-check-on-txn-apply-endpoint/29026
NOTE:
https://github.com/hashicorp/consul/commit/747844bad6410091f2c6e961216c0c5fc285a44d
(v1.8.15)
CVE-2021-38697 (SoftVibe SARABAN for INFOMA 1.1 allows Unauthenticated
unrestricted Fi ...)
- TODO: check
+ NOT-FOR-US: SoftVibe SARABAN for INFOMA
CVE-2021-38696 (SoftVibe SARABAN for INFOMA 1.1 has Incorrect Access Control
vulnerabi ...)
- TODO: check
+ NOT-FOR-US: SoftVibe SARABAN for INFOMA
CVE-2021-38695 (SoftVibe SARABAN for INFOMA 1.1 is vulnerable to stored
cross-site scr ...)
- TODO: check
+ NOT-FOR-US: SoftVibe SARABAN for INFOMA
CVE-2021-38694 (SoftVibe SARABAN for INFOMA 1.1 allows SQL Injection. ...)
- TODO: check
+ NOT-FOR-US: SoftVibe SARABAN for INFOMA
CVE-2020-36473 (UCWeb UC 12.12.3.1219 through 12.12.3.1226 uses cleartext
HTTP, and th ...)
NOT-FOR-US: UCWeb UC
CVE-2021-38693
@@ -33863,7 +33863,7 @@ CVE-2021-36340 (Dell EMC SCG 5.00.00.10 and earlier,
contain a sensitive informa
CVE-2021-36339 (The Dell EMC Virtual Appliances before 9.2.2.2 contain
undocumented us ...)
NOT-FOR-US: EMC
CVE-2021-36338 (Unisphere for PowerMax versions prior to 9.2.2.2 contains a
privilege ...)
- TODO: check
+ NOT-FOR-US: Unisphere for PowerMax
CVE-2021-36337 (Dell Wyse Management Suite version 3.3.1 and prior support
insecure Tr ...)
NOT-FOR-US: Dell
CVE-2021-36336 (Wyse Management Suite 3.3.1 and below versions contain a
deserializati ...)
@@ -37052,7 +37052,7 @@ CVE-2021-35006
CVE-2021-35005
RESERVED
CVE-2021-35004 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: TP-Link
CVE-2021-35003 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
NOT-FOR-US: TP-Link
CVE-2021-35002
@@ -97626,7 +97626,7 @@ CVE-2020-23317
CVE-2020-23316
RESERVED
CVE-2020-23315 (There is an ASSERTION (pFuncBody->GetYieldRegister() ==
oldYieldReg ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2020-23314 (There is an Assertion 'block_found' failed at
js-parser-statm.c:2003 p ...)
- iotjs <unfixed> (bug #989991)
[bullseye] - iotjs <no-dsa> (Minor issue)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a476057fccc1a15bfc4975b8edb4724ee167e8d9
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a476057fccc1a15bfc4975b8edb4724ee167e8d9
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
