Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
bfe47dfc by Salvatore Bonaccorso at 2022-02-18T09:59:16+01:00
Process NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -3,15 +3,15 @@ CVE-2022-25323
CVE-2022-25322
RESERVED
CVE-2022-25321 (An issue was discovered in Cerebrate through 1.4. XSS could
occur in t ...)
- TODO: check
+ NOT-FOR-US: Cerebrate
CVE-2022-25320 (An issue was discovered in Cerebrate through 1.4. Username
enumeration ...)
- TODO: check
+ NOT-FOR-US: Cerebrate
CVE-2022-25319 (An issue was discovered in Cerebrate through 1.4. Endpoints
could be o ...)
- TODO: check
+ NOT-FOR-US: Cerebrate
CVE-2022-25318 (An issue was discovered in Cerebrate through 1.4. An incorrect
sharing ...)
- TODO: check
+ NOT-FOR-US: Cerebrate
CVE-2022-25317 (An issue was discovered in Cerebrate through 1.4. genericForm
allows r ...)
- TODO: check
+ NOT-FOR-US: Cerebrate
CVE-2022-25316
RESERVED
CVE-2022-25312
@@ -5355,7 +5355,7 @@ CVE-2022-23633 (Action Pack is a framework for handling
and responding to web re
NOTE: Fixed by:
https://github.com/rails/rails/commit/ddaf5058350b3a72f59b7c3e0d713678354b9a08
(v5.2.6.1)
NOTE: Followup:
https://github.com/rails/rails/commit/676ad96fa5d9d0213babc32c9bad8190597a00d1
(v5.2.6.2)
CVE-2022-23632 (Traefik is an HTTP reverse proxy and load balancer. Prior to
version 2 ...)
- TODO: check
+ NOT-FOR-US: Traefik
CVE-2022-23631 (superjson is a program to allow JavaScript expressions to be
serialize ...)
TODO: check
CVE-2022-23630 (Gradle is a build tool with a focus on build automation and
support fo ...)
@@ -6410,9 +6410,9 @@ CVE-2021-46317
CVE-2021-46316
RESERVED
CVE-2021-46315 (Remote Command Execution (RCE) vulnerability exists in
HNAP1/control/S ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2021-46314 (A Remote Command Execution (RCE) vulnerability exists in
HNAP1/control ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2021-46313 (The binary MP4Box in GPAC v1.0.1 was discovered to contain a
segmentat ...)
- gpac <unfixed>
[bullseye] - gpac <ignored> (Minor issue)
@@ -7636,7 +7636,7 @@ CVE-2022-22924
CVE-2022-22923
RESERVED
CVE-2022-22922 (TP-Link TL-WA850RE Wi-Fi Range Extender before v6_200923 was
discovere ...)
- TODO: check
+ NOT-FOR-US: TP-Link
CVE-2022-22921
RESERVED
CVE-2022-22920
@@ -7648,11 +7648,11 @@ CVE-2022-22918
CVE-2022-22917
RESERVED
CVE-2022-22916 (O2OA v6.4.7 was discovered to contain a remote code execution
(RCE) vu ...)
- TODO: check
+ NOT-FOR-US: O2OA
CVE-2022-22915
RESERVED
CVE-2022-22914 (An incorrect access control issue in the component FileManager
of Ovid ...)
- TODO: check
+ NOT-FOR-US: Ovidentia CMS
CVE-2022-22913
RESERVED
CVE-2022-22912 (Prototype pollution vulnerability via .parse() in Plist before
v3.0.4 ...)
@@ -9858,7 +9858,7 @@ CVE-2021-46110
CVE-2021-46109 (Invalid input sanitizing leads to reflected Cross Site
Scripting (XSS) ...)
NOT-FOR-US: ASUS
CVE-2021-46108 (D-Link DSL-2730E CT-20131125 devices allow XSS via the
username parame ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2021-46107
RESERVED
CVE-2021-46106
@@ -12481,7 +12481,7 @@ CVE-2021-45384
CVE-2021-45383
RESERVED
CVE-2021-45382 (A Remote Command Execution (RCE) vulnerability exists in all
series H/ ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2021-45381
RESERVED
CVE-2021-45380 (AppCMS 2.0.101 has a XSS injection vulnerability in
\templates\m\inc_h ...)
@@ -63640,7 +63640,7 @@ CVE-2021-26728
CVE-2021-26727
RESERVED
CVE-2021-26726 (A remote code execution vulnerability affecting a Valmet DNA
service l ...)
- TODO: check
+ NOT-FOR-US: Valmet
CVE-2021-26725 (Path Traversal vulnerability when changing timezone using web
GUI of N ...)
NOT-FOR-US: Nozomi Networks Guardian
CVE-2021-26724 (OS Command Injection vulnerability when changing date settings
or host ...)
@@ -65940,7 +65940,7 @@ CVE-2021-3244
CVE-2021-3243 (Wfilter ICF 5.0.117 contains a cross-site scripting (XSS)
vulnerabilit ...)
NOT-FOR-US: Wfilter ICF
CVE-2021-3242 (DuxCMS v3.1.3 was discovered to contain a SQL injection
vulnerability ...)
- TODO: check
+ NOT-FOR-US: DuxCMS
CVE-2021-3241
RESERVED
CVE-2021-3240
@@ -384129,7 +384129,7 @@ CVE-2014-8600 (Multiple cross-site scripting (XSS)
vulnerabilities in KDE-Runtim
CVE-2014-8599
RESERVED
CVE-2014-8597 (A reflected cross-site scripting (XSS) vulnerability in
PHP-Fusion 7.0 ...)
- TODO: check
+ NOT-FOR-US: PHP-Fusion
CVE-2014-8596 (Multiple SQL injection vulnerabilities in PHP-Fusion 7.02.07
allow rem ...)
NOT-FOR-US: PHP-Fusion
CVE-2014-8595 (arch/x86/x86_emulate/x86_emulate.c in Xen 3.2.1 through 4.4.x
does not ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bfe47dfc5602c7c4ce76d3e0c2df8c20beb2740d
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bfe47dfc5602c7c4ce76d3e0c2df8c20beb2740d
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
