Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
e6e106a5 by Salvatore Bonaccorso at 2022-03-08T09:40:54+01:00
Process NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -907,7 +907,7 @@ CVE-2022-26313
CVE-2022-26312
RESERVED
CVE-2022-26311 (Couchbase Operator 2.2.x before 2.2.3 exposes Sensitive
Information to ...)
- TODO: check
+ NOT-FOR-US: Couchbase Operator
CVE-2022-26310
RESERVED
CVE-2022-26309
@@ -5382,7 +5382,7 @@ CVE-2022-24646 (Hospital Management System v4.0 was
discovered to contain a SQL
CVE-2022-24645
RESERVED
CVE-2022-24644 (ZZ Inc. KeyMouse Windows 3.08 and prior is affected by a
remote code e ...)
- TODO: check
+ NOT-FOR-US: KeyMouse
CVE-2022-24643
RESERVED
CVE-2022-24642
@@ -6718,7 +6718,7 @@ CVE-2022-24195
CVE-2022-24194
RESERVED
CVE-2022-24193 (CasaOS before v0.2.7 was discovered to contain a command
injection vul ...)
- TODO: check
+ NOT-FOR-US: CasaOS
CVE-2022-24192
RESERVED
CVE-2022-24191
@@ -6750,7 +6750,7 @@ CVE-2022-24179
CVE-2022-24178
RESERVED
CVE-2022-24177 (A cross-site scripting (XSS) vulnerability in the component
cgi-bin/ej ...)
- TODO: check
+ NOT-FOR-US: Ex libris ALEPH 500
CVE-2022-24176
RESERVED
CVE-2022-24175
@@ -6844,7 +6844,7 @@ CVE-2022-24132
CVE-2022-24131
RESERVED
CVE-2022-21170 (Improper check for certificate revocation in i-FILTER
Ver.10.45R01 and ...)
- TODO: check
+ NOT-FOR-US: i-FILTER
CVE-2022-0419 (NULL Pointer Dereference in GitHub repository radareorg/radare2
prior ...)
- radare2 <unfixed>
NOTE: https://huntr.dev/bounties/1f84e79d-70e7-4b29-8b48-a108f81c89aa
@@ -7740,7 +7740,7 @@ CVE-2021-4213
CVE-2022-23941
RESERVED
CVE-2022-23940 (SuiteCRM through 7.12.1 and 8.x through 8.0.1 allows Remote
Code Execu ...)
- TODO: check
+ NOT-FOR-US: SuiteCRM
CVE-2022-23939
RESERVED
CVE-2022-23938
@@ -9602,7 +9602,7 @@ CVE-2022-23385
CVE-2022-23384 (YzmCMS v6.3 is affected by Cross Site Request Forgery (CSRF)
in /admin ...)
NOT-FOR-US: YzmCMS
CVE-2022-23383 (YzmCMS v6.3 is affected by broken access control. Without
login, unaut ...)
- TODO: check
+ NOT-FOR-US: YzmCMS
CVE-2022-23382
RESERVED
CVE-2022-23381
@@ -11742,9 +11742,9 @@ CVE-2022-22837
CVE-2022-22836 (CoreFTP Server before 727 allows directory traversal (for file
creatio ...)
NOT-FOR-US: CoreFTP
CVE-2022-22835 (An issue was discovered in OverIT Geocall before version 8.0.
An authe ...)
- TODO: check
+ NOT-FOR-US: OverIT Geocall
CVE-2022-22834 (An issue was discovered in OverIT Geocall before 8.0. An
authenticated ...)
- TODO: check
+ NOT-FOR-US: OverIT Geocall
CVE-2022-22833 (An issue was discovered in Servisnet Tessa 0.0.2. An attacker
can obta ...)
NOT-FOR-US: Servisnet Tessa
CVE-2022-22832 (An issue was discovered in Servisnet Tessa 0.0.2.
Authorization data i ...)
@@ -12914,9 +12914,9 @@ CVE-2021-44452
CVE-2021-43352
RESERVED
CVE-2021-4199 (Incorrect Permission Assignment for Critical Resource
vulnerability in ...)
- TODO: check
+ NOT-FOR-US: Bitdefender
CVE-2021-4198 (A NULL Pointer Dereference vulnerability in the
messaging_ipc.dll comp ...)
- TODO: check
+ NOT-FOR-US: Bitdefender
CVE-2021-31564
RESERVED
CVE-2021-23229
@@ -19139,7 +19139,7 @@ CVE-2021-44521 (When running Apache Cassandra with the
following configuration:
CVE-2021-4046 (The m_txtNom y m_txtCognoms parameters in TCMAN GIM v8.01 allow
an att ...)
NOT-FOR-US: TCMAN GIM
CVE-2021-4045 (TP-Link Tapo C200 IP camera, on its 1.1.15 firmware version and
below, ...)
- TODO: check
+ NOT-FOR-US: TP-Link
CVE-2021-4044 (Internally libssl in OpenSSL calls X509_verify_cert() on the
client si ...)
[experimental] - openssl 3.0.1-1
- openssl <not-affected> (Vulnerable code not present)
@@ -21148,7 +21148,7 @@ CVE-2021-43946 (Affected versions of Atlassian Jira
Server and Data Center allow
CVE-2021-43945 (Affected versions of Atlassian Jira Server and Data Center
allow remot ...)
NOT-FOR-US: Atlassian
CVE-2021-43944 (This issue exists to document that a security improvement in
the way t ...)
- TODO: check
+ NOT-FOR-US: Atlassian
CVE-2021-43943 (Affected versions of Atlassian Jira Service Management Server
and Data ...)
NOT-FOR-US: Atlassian
CVE-2021-43942 (Affected versions of Atlassian Jira Server and Data Center
allow remot ...)
@@ -28596,7 +28596,7 @@ CVE-2021-42188
CVE-2021-42187
RESERVED
CVE-2021-42186 (SAS Logon Manager v9.4 was discovered to contain a
vulnerability in th ...)
- TODO: check
+ NOT-FOR-US: SAS Logon Manager
CVE-2021-42185
RESERVED
CVE-2021-42184
@@ -29934,7 +29934,7 @@ CVE-2021-41659 (SQL injection vulnerability in
Sourcecodester Banking System v1
CVE-2021-41658 (Cross Site Scripting (XSS) in Sourcecodester Student Quarterly
Grading ...)
NOT-FOR-US: Sourcecodester
CVE-2021-41657 (SmartBear CodeCollaborator v6.1.6102 was discovered to contain
a vulne ...)
- TODO: check
+ NOT-FOR-US: SmartBear CodeCollaborator
CVE-2021-41656
RESERVED
CVE-2021-41655
@@ -33911,41 +33911,41 @@ CVE-2021-40066 (The access controls on the Mobility
read-only API improperly val
CVE-2021-40065
RESERVED
CVE-2021-40064 (There is a heap-based buffer overflow vulnerability in system
componen ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2021-40063 (There is an improper access control vulnerability in the video
module. ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2021-40062 (There is a vulnerability of copying input buffer without
checking its ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2021-40061 (There is a vulnerability of accessing resources using an
incompatible ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2021-40060 (There is a heap-based buffer overflow vulnerability in the
video frame ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2021-40059 (There is a permission control vulnerability in the Wi-Fi
module. Succe ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2021-40058 (There is a heap-based buffer overflow vulnerability in the
video frame ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2021-40057 (There is a heap-based and stack-based buffer overflow
vulnerability in ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2021-40056 (There is a vulnerability of copying input buffer without
checking its ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2021-40055 (There is a man-in-the-middle attack vulnerability during
system update ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2021-40054 (There is an integer underflow vulnerability in the atcmdserver
module. ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2021-40053 (There is a permission control vulnerability in the Nearby
module. Succ ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2021-40052 (There is an incorrect buffer size calculation vulnerability in
the vid ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2021-40051 (There is an unauthorized access vulnerability in system
components. Su ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2021-40050 (There is an out-of-bounds read vulnerability in the IFAA
module. Succe ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2021-40049 (There is a permission control vulnerability in the PMS module.
Success ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2021-40048 (There is an incorrect buffer size calculation vulnerability in
the vid ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2021-40047 (There is a vulnerability of memory not being released after
effective ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2021-40046 (PCManager versions 11.1.1.95 has a privilege escalation
vulnerability. ...)
NOT-FOR-US: Huawei
CVE-2021-40045 (There is a vulnerability of signature verification mechanism
failure i ...)
@@ -41945,7 +41945,7 @@ CVE-2021-36811
CVE-2021-36810
REJECTED
CVE-2021-36809 (A local attacker can overwrite arbitrary files on the system
with VPN ...)
- TODO: check
+ NOT-FOR-US: Sophos
CVE-2021-36808 (A local attacker could bypass the app password using a race
condition ...)
NOT-FOR-US: Sophos
CVE-2021-36807 (An authenticated user could potentially execute code via an
SQLi vulne ...)
@@ -128092,15 +128092,15 @@ CVE-2020-14117
CVE-2020-14116
RESERVED
CVE-2020-14115 (A command injection vulnerability exists in the Xiaomi Router
AX3600. ...)
- TODO: check
+ NOT-FOR-US: Xiaomi
CVE-2020-14114
RESERVED
CVE-2020-14113
RESERVED
CVE-2020-14112 (Information Leak Vulnerability exists in the Xiaomi Router
AX6000. The ...)
- TODO: check
+ NOT-FOR-US: Xiaomi
CVE-2020-14111 (A command injection vulnerability exists in the Xiaomi Router
AX3600. ...)
- TODO: check
+ NOT-FOR-US: Xiaomi
CVE-2020-14110 (AX3600 router sensitive information leaked.There is an
unauthorized in ...)
NOT-FOR-US: AX3600 router
CVE-2020-14109 (There is command injection in the meshd program in the routing
system, ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e6e106a5df557102f426834690c05b7a07ccfcd2
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e6e106a5df557102f426834690c05b7a07ccfcd2
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
