Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
13f6ffcf by Salvatore Bonaccorso at 2022-01-31T09:32:12+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -308,13 +308,13 @@ CVE-2022-24126
CVE-2022-24125
RESERVED
CVE-2022-24124 (The query API in Casdoor before 1.13.1 has a SQL injection
vulnerabili ...)
- TODO: check
+ NOT-FOR-US: Casdoor
CVE-2022-24123 (MarkText through 0.16.3 does not sanitize the input of a
mermaid block ...)
TODO: check
CVE-2022-24121
RESERVED
CVE-2021-46660 (Signiant Manager+Agents before 15.1 allows XML External Entity
(XXE) a ...)
- TODO: check
+ NOT-FOR-US: Signiant Manager+Agents
CVE-2021-46659 (MariaDB before 10.7.2 allows an application crash because it
does not ...)
- mariadb-10.6 <unfixed>
- mariadb-10.5 <unfixed>
@@ -641,7 +641,7 @@ CVE-2022-24034
CVE-2022-24033
RESERVED
CVE-2022-24032 (Adenza AxiomSL ControllerView through 10.8.1 is vulnerable to
user enu ...)
- TODO: check
+ NOT-FOR-US: Adenza AxiomSL ControllerView
CVE-2022-24031
RESERVED
CVE-2022-24030
@@ -1673,7 +1673,7 @@ CVE-2022-23850 (xhtml_translate_entity in xhtml.c in
epub2txt (aka epub2txt2) th
CVE-2022-23849
RESERVED
CVE-2022-0339 (Server-Side Request Forgery (SSRF) in Pypi calibreweb prior to
0.6.16. ...)
- TODO: check
+ NOT-FOR-US: calibre-web
CVE-2022-0338 (Improper Privilege Management in Conda loguru prior to 0.5.3.
...)
- loguru <unfixed> (unimportant)
NOTE: https://huntr.dev/bounties/359bea50-2bc6-426a-b2f9-175d401b1ed0/
@@ -2819,7 +2819,7 @@ CVE-2022-23411
CVE-2022-23410
RESERVED
CVE-2022-23409 (The Logs plugin before 3.0.4 for Craft CMS allows remote
attackers to ...)
- TODO: check
+ NOT-FOR-US: Craft CMS
CVE-2022-23408 (wolfSSL 5.x before 5.1.1 uses non-random IV values in certain
situatio ...)
- wolfssl <unfixed> (bug #1004181)
[bullseye] - wolfssl <not-affected> (Vulnerable code introduced later)
@@ -3020,7 +3020,7 @@ CVE-2022-21796 (A memory corruption vulnerability exists
in the netserver parse_
CVE-2022-0274 (Cross-site Scripting (XSS) - Stored in NuGet
OrchardCore.Application.C ...)
NOT-FOR-US: Orchard CMS
CVE-2022-0273 (Improper Access Control in Pypi calibreweb prior to 0.6.16. ...)
- TODO: check
+ NOT-FOR-US: calibre-web
CVE-2022-0272
RESERVED
CVE-2022-0271
@@ -4244,7 +4244,7 @@ CVE-2022-22996
CVE-2022-22995
RESERVED
CVE-2022-22994 (A remote code execution vulnerability was discovered on
Western Digita ...)
- TODO: check
+ NOT-FOR-US: Western Digital
CVE-2022-22993 (A limited SSRF vulnerability was discovered on Western Digital
My Clou ...)
NOT-FOR-US: Western Digital
CVE-2022-22992 (A command injection remote code execution vulnerability was
discovered ...)
@@ -4414,7 +4414,7 @@ CVE-2022-22921
CVE-2022-22920
RESERVED
CVE-2022-22919 (Adenza AxiomSL ControllerView through 10.8.1 allows
redirection for SS ...)
- TODO: check
+ NOT-FOR-US: Adenza AxiomSL ControllerView
CVE-2022-22918
RESERVED
CVE-2022-22917
@@ -9990,7 +9990,7 @@ CVE-2021-4126
- thunderbird 1:91.4.1-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2021-55/#CVE-2021-4126
CVE-2021-26264 (A specially crafted script could cause the DeltaV Distributed
Control ...)
- TODO: check
+ NOT-FOR-US: DeltaV Distributed Control System Controllers
CVE-2021-23173 (The affected product is vulnerable to an improper access
control, whic ...)
NOT-FOR-US: Philips
CVE-2021-23157 (WECON LeviStudioU Versions 2019-09-21 and prior are vulnerable
to a he ...)
@@ -25826,9 +25826,9 @@ CVE-2021-40399
CVE-2021-40398
RESERVED
CVE-2021-40397 (A privilege escalation vulnerability exists in the
installation of Adv ...)
- TODO: check
+ NOT-FOR-US: Advantech
CVE-2021-40396 (A privilege escalation vulnerability exists in the
installation of Adv ...)
- TODO: check
+ NOT-FOR-US: Advantech
CVE-2021-40395
REJECTED
CVE-2021-40394 (An out-of-bounds write vulnerability exists in the RS-274X
aperture ma ...)
@@ -25860,9 +25860,9 @@ CVE-2021-40391 (An out-of-bounds write vulnerability
exists in the drill format
CVE-2021-40390
RESERVED
CVE-2021-40389 (A privilege escalation vulnerability exists in the
installation of Adv ...)
- TODO: check
+ NOT-FOR-US: Advantech
CVE-2021-40388 (A privilege escalation vulnerability exists in Advantech SQ
Manager Se ...)
- TODO: check
+ NOT-FOR-US: Advantech
CVE-2021-40387 (An issue was discovered in the server software in Kaseya
Unitrends Bac ...)
NOT-FOR-US: Kaseya Unitrends Backup Software
CVE-2021-40386
@@ -25979,11 +25979,11 @@ CVE-2021-40342
CVE-2021-40341
RESERVED
CVE-2021-40340 (Information Exposure vulnerability in Hitachi Energy LinkOne
applicati ...)
- TODO: check
+ NOT-FOR-US: Hitachi
CVE-2021-40339 (Configuration vulnerability in Hitachi Energy LinkOne
application due ...)
- TODO: check
+ NOT-FOR-US: Hitachi
CVE-2021-40338 (Hitachi Energy LinkOne product, has a vulnerability due to a
web serve ...)
- TODO: check
+ NOT-FOR-US: Hitachi
CVE-2021-40337 (Cross-site Scripting (XSS) vulnerability in Hitachi Energy
LinkOne all ...)
NOT-FOR-US: Hitachi
CVE-2021-40336
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/13f6ffcfb73092a83700d6cba7c24e54266de942
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/13f6ffcfb73092a83700d6cba7c24e54266de942
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
