Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
76abc052 by Salvatore Bonaccorso at 2022-02-25T21:31:54+01:00
Process NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -4577,9 +4577,9 @@ CVE-2022-24330 (In JetBrains TeamCity before 2021.2.1, a
redirection to an exter
CVE-2022-24329 (In JetBrains Kotlin before 1.6.0, it was not possible to lock
dependen ...)
TODO: check
CVE-2022-24328 (In JetBrains Hub before 2021.1.13956, an unprivileged user
could perfo ...)
- TODO: check
+ NOT-FOR-US: JetBrains Hub
CVE-2022-24327 (In JetBrains Hub before 2021.1.13890, integration with
JetBrains Accou ...)
- TODO: check
+ NOT-FOR-US: JetBrains Hub
CVE-2022-24326
RESERVED
CVE-2022-24325
@@ -20917,7 +20917,7 @@ CVE-2021-3959 (A Server-Side Request Forgery (SSRF)
vulnerability in the EPPUpda
CVE-2021-3958 (Due to improper sanitization iPack SCADA Automation software
suffers f ...)
NOT-FOR-US: iPack SCADA Automation
CVE-2021-43745 (A Denial of Service vulnerabilty exists in Trilium Notes
0.48.6 in the ...)
- TODO: check
+ NOT-FOR-US: Trilium Notes
CVE-2021-43744
RESERVED
CVE-2021-43743
@@ -26899,7 +26899,7 @@ CVE-2021-42246
CVE-2021-42245
RESERVED
CVE-2021-42244 (A cross-site scripting (XSS) vulnerability in PaquitoSoftware
Notimoo ...)
- TODO: check
+ NOT-FOR-US: PaquitoSoftware Notimoo
CVE-2021-42243
RESERVED
CVE-2021-42242
@@ -32391,13 +32391,13 @@ CVE-2021-40048
CVE-2021-40047
RESERVED
CVE-2021-40046 (PCManager versions 11.1.1.95 has a privilege escalation
vulnerability. ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2021-40045 (There is a vulnerability of signature verification mechanism
failure i ...)
NOT-FOR-US: Huawei
CVE-2021-40044 (There is a permission verification vulnerability in the
Bluetooth modu ...)
NOT-FOR-US: Huawei
CVE-2021-40043 (The laser command injection vulnerability exists on
AIS-BW80H-00 versi ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2021-40042 (There is a release of invalid pointer vulnerability in some
Huawei pro ...)
NOT-FOR-US: Huawei
CVE-2021-40041 (There is a Cross-Site Scripting(XSS) vulnerability in HUAWEI
WS318n pr ...)
@@ -33933,9 +33933,9 @@ CVE-2021-39365 (In GNOME grilo though 0.3.13,
grl-net-wc.c does not enable TLS c
NOTE:
https://blogs.gnome.org/mcatanzaro/2021/05/25/reminder-soupsessionsync-and-soupsessionasync-default-to-no-tls-certificate-verification/
NOTE: https://gitlab.gnome.org/GNOME/grilo/-/issues/146
CVE-2021-39364 (Honeywell HDZP252DI 1.00.HW02.4 and HBW2PER1 1.000.HW01.3
devices allo ...)
- TODO: check
+ NOT-FOR-US: Honeywell
CVE-2021-39363 (Honeywell HDZP252DI 1.00.HW02.4 and HBW2PER1 1.000.HW01.3
devices allo ...)
- TODO: check
+ NOT-FOR-US: Honeywell
CVE-2020-36478 (An issue was discovered in Mbed TLS before 2.25.0 (and before
2.16.9 L ...)
{DLA-2826-1}
- mbedtls 2.16.9-0.1
@@ -39766,7 +39766,7 @@ CVE-2021-37105 (There is an improper file upload
control vulnerability in Fusion
CVE-2021-37104 (There is a server-side request forgery vulnerability in HUAWEI
P40 ver ...)
NOT-FOR-US: Huawei
CVE-2021-37103 (There is an improper permission management vulnerability in
the Wallet ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2021-37102 (There is a command injection vulnerability in CMA service
module of Fu ...)
NOT-FOR-US: Huawei
CVE-2021-37101 (There is an improper authorization vulnerability in
AIS-BW50-00 9.0.6. ...)
@@ -39918,7 +39918,7 @@ CVE-2021-37029 (There is an Identity verification
vulnerability in Huawei Smartp
CVE-2021-37028 (There is a command injection vulnerability in the HG8045Q
product. Whe ...)
NOT-FOR-US: Huawei
CVE-2021-37027 (There is a DoS vulnerability in smartphones. Successful
exploitation o ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2021-37026 (There is a Improper Input Validation vulnerability in Huawei
Smartphon ...)
NOT-FOR-US: Huawei
CVE-2021-37025 (There is a Improper Input Validation vulnerability in Huawei
Smartphon ...)
@@ -46244,11 +46244,11 @@ CVE-2021-34363 (The thefuck (aka The Fuck) package
before 3.31 for Python allows
CVE-2021-34362 (A command injection vulnerability has been reported to affect
QNAP dev ...)
NOT-FOR-US: QNAP
CVE-2021-34361 (A cross-site scripting (XSS) vulnerability has been reported
to affect ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2021-34360
RESERVED
CVE-2021-34359 (A cross-site scripting (XSS) vulnerability has been reported
to affect ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2021-34358 (We have already fixed this vulnerability in the following
versions of ...)
NOT-FOR-US: QNAP
CVE-2021-34357 (A cross-site scripting (XSS) vulnerability has been reported
to affect ...)
@@ -59734,15 +59734,15 @@ CVE-2021-29222
CVE-2021-29221 (A local privilege escalation vulnerability was discovered in
Erlang/OT ...)
- erlang <not-affected> (Windows-specific)
CVE-2021-29220 (Multiple buffer overflow security vulnerabilities have been
identified ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2021-29219 (A potential local buffer overflow vulnerability has been
identified in ...)
NOT-FOR-US: HPE
CVE-2021-29218 (A local unquoted search path security vulnerability has been
identifie ...)
NOT-FOR-US: HPE
CVE-2021-29217 (A remote URL redirection vulnerability was discovered in HPE
OneView G ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2021-29216 (A remote cross-site scripting vulnerability was discovered in
HPE OneV ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2021-29215 (A potential security vulnerability in HPE Ezmeral Data Fabric
that may ...)
NOT-FOR-US: HPE
CVE-2021-29214 (A security vulnerability has been identified in HPE StoreServ
Manageme ...)
@@ -76088,7 +76088,7 @@ CVE-2021-22491 (There is an Input verification
vulnerability in Huawei Smartphon
CVE-2021-22490 (There is a Permission verification vulnerability in Huawei
Smartphone. ...)
NOT-FOR-US: Huawei
CVE-2021-22489 (There is a DoS vulnerability in smartphones. Successful
exploitation o ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2021-22488 (There is an Unauthorized file access vulnerability in Huawei
Smartphon ...)
NOT-FOR-US: Huawei
CVE-2021-22487 (There is an Out-of-bounds read vulnerability in Huawei
Smartphone. Suc ...)
@@ -76106,11 +76106,11 @@ CVE-2021-22482 (There is an Uninitialized variable
vulnerability in Huawei Smart
CVE-2021-22481 (There is a Verification errors vulnerability in Huawei
Smartphone.Succ ...)
NOT-FOR-US: Huawei
CVE-2021-22480 (The interface of a certain HarmonyOS module has an integer
overflow vu ...)
- TODO: check
+ NOT-FOR-US: HarmonyOS
CVE-2021-22479 (The interface of a certain HarmonyOS module has an invalid
address acc ...)
- TODO: check
+ NOT-FOR-US: HarmonyOS
CVE-2021-22478 (The interface of a certain HarmonyOS module has a UAF
vulnerability. S ...)
- TODO: check
+ NOT-FOR-US: HarmonyOS
CVE-2021-22477
RESERVED
CVE-2021-22476
@@ -76170,7 +76170,7 @@ CVE-2021-22450 (A component of the HarmonyOS has a
Incomplete Cleanup vulnerabil
CVE-2021-22449 (There is a logic vulnerability in Elf-G10HN 1.0.0.608. An
unauthentica ...)
NOT-FOR-US: Elf-G10HN (Huawei)
CVE-2021-22448 (There is an improper verification vulnerability in
smartphones. Succes ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2021-22447 (There is an Improper Check for Unusual or Exceptional
Conditions Vulne ...)
NOT-FOR-US: Huawei
CVE-2021-22446 (There is an Information Disclosure Vulnerability in Huawei
Smartphone. ...)
@@ -76184,7 +76184,7 @@ CVE-2021-22443 (There is an Input Verification
Vulnerability in Huawei Smartphon
CVE-2021-22442 (There is an Improper Validation of Integrity Check Value
Vulnerability ...)
NOT-FOR-US: Huawei
CVE-2021-22441 (Some Huawei products have an integer overflow vulnerability.
Successfu ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2021-22440 (There is a path traversal vulnerability in some Huawei
products. The v ...)
NOT-FOR-US: Huawei
CVE-2021-22439 (There is a deserialization vulnerability in Huawei AnyOffice
V200R006C ...)
@@ -76192,29 +76192,29 @@ CVE-2021-22439 (There is a deserialization
vulnerability in Huawei AnyOffice V20
CVE-2021-22438 (There is a Memory Buffer Improper Operation Limit
Vulnerability in Hua ...)
NOT-FOR-US: Huawei
CVE-2021-22437 (There is a software integer overflow leading to a TOCTOU
condition in ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2021-22436 (There is a Logic Bypass vulnerability in Huawei
Smartphone.Successful ...)
NOT-FOR-US: Huawei
CVE-2021-22435 (There is a Configuration Defect Vulnerability in Huawei
Smartphone.Suc ...)
NOT-FOR-US: Huawei
CVE-2021-22434 (There is a memory address out of bounds vulnerability in
smartphones. ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2021-22433 (There is a memory address out of bounds in smartphones.
Successful exp ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2021-22432 (There is a vulnerability when configuring permission isolation
in smar ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2021-22431 (There is a vulnerability when configuring permission isolation
in smar ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2021-22430 (There is a logic bypass vulnerability in smartphones.
Successful explo ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2021-22429 (There is a memory address out of bounds in smartphones.
Successful exp ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2021-22428 (There is an Incomplete Cleanup Vulnerability in Huawei
Smartphone.Succ ...)
NOT-FOR-US: Huawei
CVE-2021-22427 (There is a Heap-based Buffer Overflow Vulnerability in Huawei
Smartpho ...)
NOT-FOR-US: Huawei
CVE-2021-22426 (There is a memory address out of bounds in smartphones.
Successful exp ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2021-22425 (A component of the HarmonyOS has a Double Free vulnerability.
Local at ...)
NOT-FOR-US: HarmonyOS
CVE-2021-22424 (A component of the HarmonyOS has a Kernel Memory Leakage
Vulnerability ...)
@@ -76276,9 +76276,9 @@ CVE-2021-22397 (There is a privilege escalation
vulnerability in Huawei ManageOn
CVE-2021-22396 (There is a privilege escalation vulnerability in some Huawei
products. ...)
NOT-FOR-US: Huawei
CVE-2021-22395 (There is a code injection vulnerability in smartphones.
Successful exp ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2021-22394 (There is a buffer overflow vulnerability in smartphones.
Successful ex ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2021-22393 (There is a denial of service vulnerability in some versions of
CloudEn ...)
NOT-FOR-US: CloudEngine (Huawei)
CVE-2021-22392 (There is an Incorrect Calculation of Buffer Size in Huawei
Smartphone. ...)
@@ -76428,7 +76428,7 @@ CVE-2021-22321 (There is a use-after-free vulnerability
in a Huawei product. A m
CVE-2021-22320 (There is a denial of service vulnerability in Huawei products.
A modul ...)
NOT-FOR-US: Huawei
CVE-2021-22319 (There is an improper verification vulnerability in
smartphones. Succes ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2021-22318 (A component of the HarmonyOS 2.0 has a Null Pointer
Dereference Vulner ...)
NOT-FOR-US: HarmonyOS
CVE-2021-22317 (There is an Information Disclosure vulnerability in Huawei
Smartphone. ...)
@@ -125170,11 +125170,11 @@ CVE-2020-14482 (Delta Industrial Automation
DOPSoft, Version 4.00.08.15 and prio
CVE-2020-14481 (The DeskLock tool provided with FactoryTalk View SE uses a
weak encryp ...)
NOT-FOR-US: FactoryTalk View SE
CVE-2020-14480 (Due to usernames/passwords being stored in plaintext in Random
Access ...)
- TODO: check
+ NOT-FOR-US: Rockwell Automation
CVE-2020-14479
RESERVED
CVE-2020-14478 (A local, authenticated attacker could use an XML External
Entity (XXE) ...)
- TODO: check
+ NOT-FOR-US: Rockwell Automation
CVE-2020-14477 (In Philips Ultrasound ClearVue Versions 3.2 and prior,
Ultrasound CX V ...)
NOT-FOR-US: Philips
CVE-2020-14476
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/76abc052c2bd8508b7087ab5fe66e1d467fd66cc
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/76abc052c2bd8508b7087ab5fe66e1d467fd66cc
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
