Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
c7f8a314 by Salvatore Bonaccorso at 2022-02-07T21:56:45+01:00
Process several NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -2126,9 +2126,9 @@ CVE-2022-0372 (Cross-site Scripting (XSS) - Stored in
Packagist bytefury/crater
CVE-2021-46561 (controller/org.controller/org.controller.js in the CVE
Services API 1. ...)
NOT-FOR-US: controller/org.controller/org.controller.js in the CVE
Services API
CVE-2018-25029 (The Z-Wave specification requires that S2 security can be
downgraded t ...)
- TODO: check
+ NOT-FOR-US: Z-Wave specification
CVE-2013-20003 (Z-Wave devices from Sierra Designs (circa 2013) and Silicon
Labs (usin ...)
- TODO: check
+ NOT-FOR-US: Z-Wave devices
CVE-2022-23973
RESERVED
CVE-2022-23972
@@ -2222,7 +2222,7 @@ CVE-2022-0367
CVE-2022-0366 (An authenticated and authorized agent user could potentially
gain admi ...)
NOT-FOR-US: Sophos
CVE-2022-0365 (The affected product is vulnerable to an authenticated OS
command inje ...)
- TODO: check
+ NOT-FOR-US: Ricon Mobile
CVE-2022-0364
RESERVED
CVE-2022-0363
@@ -4050,7 +4050,7 @@ CVE-2022-23381
CVE-2022-23380
RESERVED
CVE-2022-23379 (Emlog v6.0 was discovered to contain a SQL injection
vulnerability via ...)
- TODO: check
+ NOT-FOR-US: Emlog
CVE-2022-23378
RESERVED
CVE-2022-23377
@@ -4148,9 +4148,9 @@ CVE-2022-23332
CVE-2022-23331
RESERVED
CVE-2022-23330 (A remote code execution (RCE) vulnerability in
HelloWorldAddonControll ...)
- TODO: check
+ NOT-FOR-US: jpress
CVE-2022-23329 (A vulnerability in
${"freemarker.template.utility.Execute"?new() of UJ ...)
- TODO: check
+ NOT-FOR-US: UJCMS Jspxcms
CVE-2022-23328
RESERVED
CVE-2022-23327
@@ -4168,7 +4168,7 @@ CVE-2022-23322
CVE-2022-23321
RESERVED
CVE-2022-23320 (XMPie uStore 12.3.7244.0 allows for administrators to generate
reports ...)
- TODO: check
+ NOT-FOR-US: XMPie uStore
CVE-2022-23319
RESERVED
CVE-2022-23318
@@ -4226,7 +4226,7 @@ CVE-2021-46391
CVE-2021-46390
RESERVED
CVE-2021-46389 (IIPImage High Resolution Streaming Image Server prior to
commit 882925 ...)
- TODO: check
+ NOT-FOR-US: IIPImage High Resolution Streaming Image Server
CVE-2021-46388
RESERVED
CVE-2021-46387
@@ -4286,7 +4286,7 @@ CVE-2021-46361
CVE-2021-46360
RESERVED
CVE-2021-46359 (FISCO-BCOS release-3.0.0-rc2 contains a denial of service
vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: FISCO-BCOS
CVE-2021-46358
RESERVED
CVE-2021-46357
@@ -4636,11 +4636,11 @@ CVE-2022-23265
CVE-2022-23264
RESERVED
CVE-2022-23263 (Microsoft Edge (Chromium-based) Elevation of Privilege
Vulnerability. ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-23262 (Microsoft Edge (Chromium-based) Elevation of Privilege
Vulnerability. ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-23261 (Microsoft Edge (Chromium-based) Tampering Vulnerability. ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-23260
RESERVED
CVE-2022-23259
@@ -4941,7 +4941,7 @@ CVE-2022-23186
CVE-2022-23185
RESERVED
CVE-2022-23184 (In affected Octopus Server versions when the server HTTP and
HTTPS bin ...)
- TODO: check
+ NOT-FOR-US: Octopus Server
CVE-2022-23181 (The fix for bug CVE-2020-9484 introduced a time of check, time
of use ...)
- tomcat9 <unfixed>
- tomcat8 <removed>
@@ -5595,7 +5595,7 @@ CVE-2022-22941
CVE-2022-22940
RESERVED
CVE-2022-22939 (VMware Cloud Foundation contains an information disclosure
vulnerabili ...)
- TODO: check
+ NOT-FOR-US: VMware
CVE-2022-22938 (VMware Workstation (16.x prior to 16.2.2) and Horizon Client
for Windo ...)
NOT-FOR-US: VMware
CVE-2022-22937
@@ -6159,11 +6159,11 @@ CVE-2022-22835
CVE-2022-22834
RESERVED
CVE-2022-22833 (An issue was discovered in Servisnet Tessa 0.0.2. An attacker
can obta ...)
- TODO: check
+ NOT-FOR-US: Servisnet Tessa
CVE-2022-22832 (An issue was discovered in Servisnet Tessa 0.0.2.
Authorization data i ...)
- TODO: check
+ NOT-FOR-US: Servisnet Tessa
CVE-2022-22831 (An issue was discovered in Servisnet Tessa 0.0.2. An attacker
can add ...)
- TODO: check
+ NOT-FOR-US: Servisnet Tessa
CVE-2022-22830
RESERVED
CVE-2022-22829
@@ -6272,7 +6272,7 @@ CVE-2022-22806
CVE-2022-22805
RESERVED
CVE-2022-22804 (A CWE-79: Improper Neutralization of Input During Web Page
Generation ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2022-22803
RESERVED
CVE-2022-22802
@@ -6592,17 +6592,17 @@ CVE-2021-46146 (An issue was discovered in MediaWiki
before 1.35.5, 1.36.x befor
CVE-2022-22728
RESERVED
CVE-2022-22727 (A CWE-20: Improper Input Validation vulnerability exists that
could al ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2022-22726 (A CWE-20: Improper Input Validation vulnerability exists that
could al ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2022-22725 (A CWE-120: Buffer Copy without Checking Size of Input
vulnerability ex ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2022-22724 (A CWE-400: Uncontrolled Resource Consumption vulnerability
exists that ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2022-22723 (A CWE-120: Buffer Copy without Checking Size of Input
vulnerability ex ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2022-22722 (A CWE-798: Use of Hard-coded Credentials vulnerability exists
that cou ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2022-22721
RESERVED
CVE-2022-22720
@@ -6699,7 +6699,7 @@ CVE-2022-22691 (The password reset component deployed
within Umbraco uses the ho
CVE-2022-22690 (Within the Umbraco CMS, a configuration element named
"UmbracoApplicat ...)
NOT-FOR-US: Umbraco CMS
CVE-2022-22689 (CA Harvest Software Change Manager versions 13.0.3, 13.0.4,
14.0.0, an ...)
- TODO: check
+ NOT-FOR-US: CA Harvest Software Change Manager
CVE-2022-22688
RESERVED
CVE-2022-22687
@@ -6717,11 +6717,11 @@ CVE-2022-22682
CVE-2022-22681
RESERVED
CVE-2022-22680 (Exposure of sensitive information to an unauthorized actor
vulnerabili ...)
- TODO: check
+ NOT-FOR-US: Synology
CVE-2022-22679 (Improper limitation of a pathname to a restricted directory
('Path Tra ...)
- TODO: check
+ NOT-FOR-US: Synology
CVE-2022-22150 (A memory corruption vulnerability exists in the JavaScript
engine of F ...)
- TODO: check
+ NOT-FOR-US: Foxit
CVE-2022-0130 (Tenable.sc versions 5.14.0 through 5.19.1 were found to contain
a remo ...)
NOT-FOR-US: Tenable
CVE-2021-46145 (The keyfob subsystem in Honda Civic 2012 vehicles allows a
replay atta ...)
@@ -10338,7 +10338,7 @@ CVE-2021-45410
CVE-2021-45409
RESERVED
CVE-2021-45408 (Open Redirect vulnerability exists in SeedDMS 6.0.15 in
out.Login.php, ...)
- TODO: check
+ NOT-FOR-US: SeedDMS
CVE-2021-45407
RESERVED
CVE-2021-45406 (In SalonERP 3.0.1, a SQL injection vulnerability allows an
attacker to ...)
@@ -14270,11 +14270,11 @@ CVE-2021-4018 (snipe-it is vulnerable to Improper
Neutralization of Input During
CVE-2021-4017 (showdoc is vulnerable to Cross-Site Request Forgery (CSRF) ...)
NOT-FOR-US: ShowDoc
CVE-2021-44206 (Local privilege escalation due to DLL hijacking vulnerability
in Acron ...)
- TODO: check
+ NOT-FOR-US: Acronis
CVE-2021-44205 (Local privilege escalation due to DLL hijacking vulnerability.
The fol ...)
- TODO: check
+ NOT-FOR-US: Acronis
CVE-2021-44204 (Local privilege escalation via named pipe due to improper
access contr ...)
- TODO: check
+ NOT-FOR-US: Acronis
CVE-2021-44203 (Stored cross-site scripting (XSS) was possible in protection
plan deta ...)
NOT-FOR-US: Acronis
CVE-2021-44202 (Stored cross-site scripting (XSS) was possible in activity
details. Th ...)
@@ -15382,15 +15382,15 @@ CVE-2021-43931 (The authentication algorithm of the
WebHMI portal is sound, but
CVE-2021-43930
RESERVED
CVE-2021-43929 (Improper neutralization of special elements in output used by
a downst ...)
- TODO: check
+ NOT-FOR-US: Synology
CVE-2021-43928 (Improper neutralization of special elements used in an OS
command ('OS ...)
- TODO: check
+ NOT-FOR-US: Synology
CVE-2021-43927 (Improper neutralization of special elements used in an SQL
command ('S ...)
- TODO: check
+ NOT-FOR-US: Synology
CVE-2021-43926 (Improper neutralization of special elements used in an SQL
command ('S ...)
- TODO: check
+ NOT-FOR-US: Synology
CVE-2021-43925 (Improper neutralization of special elements used in an SQL
command ('S ...)
- TODO: check
+ NOT-FOR-US: Synology
CVE-2021-43924
RESERVED
CVE-2021-43923
@@ -15582,7 +15582,7 @@ CVE-2021-43843 (jsx-slack is a package for building
JSON objects for Slack block
CVE-2021-43842 (Wiki.js is a wiki app built on Node.js. Wiki.js versions
2.5.257 and e ...)
NOT-FOR-US: Wiki.js
CVE-2021-43841 (XWiki is a generic wiki platform offering runtime services for
applica ...)
- TODO: check
+ NOT-FOR-US: XWiki
CVE-2021-43840 (message_bus is a messaging bus for Ruby processes and web
clients. In ...)
TODO: check
CVE-2021-43839 (Cronos is a commercial implementation of a blockchain. In
Cronos nodes ...)
@@ -20028,7 +20028,7 @@ CVE-2021-42835 (An issue was discovered in Plex Media
Server through 1.24.4.5081
CVE-2021-42834
RESERVED
CVE-2021-42833 (A Use of Hardcoded Credentials vulnerability exists in
AquaView versio ...)
- TODO: check
+ NOT-FOR-US: AquaView
CVE-2021-42832
RESERVED
CVE-2021-42831
@@ -27160,7 +27160,7 @@ CVE-2021-40422
CVE-2021-40421
RESERVED
CVE-2021-40420 (A use-after-free vulnerability exists in the JavaScript engine
of Foxi ...)
- TODO: check
+ NOT-FOR-US: Foxit
CVE-2021-40419 (A firmware update vulnerability exists in the 'factory' binary
of reol ...)
NOT-FOR-US: Reolink
CVE-2021-40418 (When parsing a file that is submitted to the DPDecoder service
as a jo ...)
@@ -29911,7 +29911,7 @@ CVE-2021-39282 (Live555 through 1.08 has a memory leak
in AC3AudioStreamParser f
CVE-2021-39281
RESERVED
CVE-2021-39280 (Certain Korenix JetWave devices allow authenticated users to
execute a ...)
- TODO: check
+ NOT-FOR-US: Korenix JetWave devices
CVE-2021-39279 (Certain MOXA devices allow Authenticated Command Injection via
/forms/ ...)
NOT-FOR-US: MOXA
CVE-2021-39278 (Certain MOXA devices allow reflected XSS via the Config Import
menu. T ...)
@@ -32748,7 +32748,7 @@ CVE-2021-38173 (Btrbk before 0.31.2 allows command
execution because of the mish
NOTE: Fixed by:
https://github.com/digint/btrbk/commit/58212de771c381cd4fa05625927080bf264e9584
(v0.31.2)
NOTE: Introduced by:
https://github.com/digint/btrbk/commit/ccb5ed5e7191a083da52998df4c880f693451144
(v0.23.0-rc1)
CVE-2021-38172 (perM 0.4.0 has a Buffer Overflow related to strncpy. (Debian
initially ...)
- TODO: check
+ NOT-FOR-US: perM
CVE-2021-38171 (adts_decode_extradata in libavformat/adtsenc.c in FFmpeg 4.4
does not ...)
{DSA-4998-1 DSA-4990-1 DLA-2818-1}
- ffmpeg 7:4.4.1-1
@@ -45959,7 +45959,7 @@ CVE-2021-32734 (Nextcloud Server is a Nextcloud package
that handles data storag
CVE-2021-32733 (Nextcloud Text is a collaborative document editing application
that us ...)
NOT-FOR-US: Nextcloud Text
CVE-2021-32732 (### Impact It's possible to know if a user has or not an
account in a ...)
- TODO: check
+ NOT-FOR-US: XWiki
CVE-2021-32731 (XWiki Platform is a generic wiki platform offering runtime
services fo ...)
NOT-FOR-US: XWiki
CVE-2021-32730 (XWiki Platform is a generic wiki platform offering runtime
services fo ...)
@@ -54998,17 +54998,17 @@ CVE-2021-29400 (A cross-site request forgery (CSRF)
vulnerability in the My SMTP
CVE-2021-29399 (XMB is vulnerable to cross-site scripting (XSS) due to
inadequate filt ...)
NOT-FOR-US: XMB
CVE-2021-29398 (Directory traversal in
/northstar/Common/NorthFileManager/fileManagerO ...)
- TODO: check
+ NOT-FOR-US: Northstar
CVE-2021-29397 (Cleartext Transmission of Sensitive Information in
/northstar/Admin/lo ...)
- TODO: check
+ NOT-FOR-US: Northstar
CVE-2021-29396 (Systemic Insecure Permissions in Northstar Technologies Inc
NorthStar ...)
- TODO: check
+ NOT-FOR-US: Northstar
CVE-2021-29395 (Directory travesal in /northstar/filemanager/download.jsp in
Northstar ...)
- TODO: check
+ NOT-FOR-US: Northstar
CVE-2021-29394 (Account Hijacking in /northstar/Admin/changePassword.jsp in
Northstar ...)
- TODO: check
+ NOT-FOR-US: Northstar
CVE-2021-29393 (Remote Code Execution in cominput.jsp and comoutput.jsp in
Northstar T ...)
- TODO: check
+ NOT-FOR-US: Northstar
CVE-2021-29392
RESERVED
CVE-2021-29391
@@ -55404,9 +55404,9 @@ CVE-2021-29221 (A local privilege escalation
vulnerability was discovered in Erl
CVE-2021-29220
RESERVED
CVE-2021-29219 (A potential local buffer overflow vulnerability has been
identified in ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2021-29218 (A local unquoted search path security vulnerability has been
identifie ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2021-29217
RESERVED
CVE-2021-29216
@@ -57197,7 +57197,7 @@ CVE-2021-28505
CVE-2021-28504
RESERVED
CVE-2021-28503 (The impact of this vulnerability is that Arista's EOS eAPI may
skip re ...)
- TODO: check
+ NOT-FOR-US: Arista
CVE-2021-28502
RESERVED
CVE-2021-28501 (An issue has recently been discovered in Arista EOS where the
incorrec ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c7f8a31466c144159e960a763e21034af300ccac
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c7f8a31466c144159e960a763e21034af300ccac
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
