Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
80883492 by Salvatore Bonaccorso at 2022-03-12T08:18:07+01:00
Process NFUs
- - - - -
f96df1e9 by Salvatore Bonaccorso at 2022-03-12T08:18:37+01:00
Add two CVEs for nextcloud-server
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -4394,19 +4394,19 @@ CVE-2022-25221
CVE-2022-25220 (PeteReport Version 0.5 allows an authenticated admin user to
inject pe ...)
NOT-FOR-US: PeteReport
CVE-2022-25219 (A null byte interaction error has been discovered in the code
that the ...)
- TODO: check
+ NOT-FOR-US: Phicomm
CVE-2022-25218 (The use of the RSA algorithm without OAEP, or any other
padding scheme ...)
- TODO: check
+ NOT-FOR-US: Phicomm
CVE-2022-25217 (Use of a hard-coded cryptographic key pair by the
telnetd_startup serv ...)
- TODO: check
+ NOT-FOR-US: Phicomm
CVE-2022-25216 (An absolute path traversal vulnerability allows a remote
attacker to d ...)
- TODO: check
+ NOT-FOR-US: DVDFab Player
CVE-2022-25215 (Improper access control on the LocalMACConfig.asp interface
allows an ...)
- TODO: check
+ NOT-FOR-US: Phicomm
CVE-2022-25214 (Improper access control on the LocalClientList.asp interface
allows an ...)
- TODO: check
+ NOT-FOR-US: Phicomm
CVE-2022-25213 (Improper physical access control and use of hard-coded
credentials in ...)
- TODO: check
+ NOT-FOR-US: Phicomm
CVE-2022-24915 (The absence of filters when loading some sections in the web
applicati ...)
NOT-FOR-US: IPCOMM
CVE-2022-24432 (Persistent cross-site scripting (XSS) in the web interface of
ipDIO al ...)
@@ -5603,7 +5603,7 @@ CVE-2022-24752
CVE-2022-24751
RESERVED
CVE-2022-24750 (UltraVNC is a free and open source remote pc access software.
A vulner ...)
- TODO: check
+ NOT-FOR-US: UltraVNC
CVE-2022-24749
RESERVED
CVE-2022-24748 (Shopware is an open commerce platform based on the Symfony php
Framewo ...)
@@ -5627,7 +5627,7 @@ CVE-2022-24740
CVE-2022-24739 (alltube is an html front end for youtube-dl. On releases prior
to 3.0. ...)
NOT-FOR-US: alltube
CVE-2022-24738 (Evmos is the Ethereum Virtual Machine (EVM) Hub on the Cosmos
Network. ...)
- TODO: check
+ NOT-FOR-US: Evmos
CVE-2022-24737 (HTTPie is a command-line HTTP client. HTTPie has the practical
concept ...)
TODO: check
CVE-2022-24736
@@ -8413,27 +8413,27 @@ CVE-2022-23935 (lib/Image/ExifTool.pm in ExifTool
before 12.38 mishandles a $fil
[stretch] - libimage-exiftool-perl <no-dsa> (Minor issue)
NOTE:
https://github.com/exiftool/exiftool/commit/74dbab1d2766d6422bb05b033ac6634bf8d1f582
(12.38)
CVE-2022-23934 (Potential vulnerabilities have been identified in the system
BIOS of c ...)
- TODO: check
+ NOT-FOR-US: HP
CVE-2022-23933 (Potential vulnerabilities have been identified in the system
BIOS of c ...)
- TODO: check
+ NOT-FOR-US: HP
CVE-2022-23932 (Potential vulnerabilities have been identified in the system
BIOS of c ...)
- TODO: check
+ NOT-FOR-US: HP
CVE-2022-23931 (Potential vulnerabilities have been identified in the system
BIOS of c ...)
- TODO: check
+ NOT-FOR-US: HP
CVE-2022-23930 (Potential vulnerabilities have been identified in the system
BIOS of c ...)
- TODO: check
+ NOT-FOR-US: HP
CVE-2022-23929 (Potential vulnerabilities have been identified in the system
BIOS of c ...)
- TODO: check
+ NOT-FOR-US: HP
CVE-2022-23928 (Potential vulnerabilities have been identified in the system
BIOS of c ...)
- TODO: check
+ NOT-FOR-US: HP
CVE-2022-23927 (Potential vulnerabilities have been identified in the system
BIOS of c ...)
- TODO: check
+ NOT-FOR-US: HP
CVE-2022-23926 (Potential vulnerabilities have been identified in the system
BIOS of c ...)
- TODO: check
+ NOT-FOR-US: HP
CVE-2022-23925 (Potential vulnerabilities have been identified in the system
BIOS of c ...)
- TODO: check
+ NOT-FOR-US: HP
CVE-2022-23924 (Potential vulnerabilities have been identified in the system
BIOS of c ...)
- TODO: check
+ NOT-FOR-US: HP
CVE-2022-23919
RESERVED
CVE-2022-23918
@@ -9356,9 +9356,9 @@ CVE-2022-23733
CVE-2022-23732
RESERVED
CVE-2022-23731 (V8 javascript engine (heap vulnerability) can cause privilege
escalati ...)
- TODO: check
+ NOT-FOR-US: LG
CVE-2022-23730 (The public API error causes for the attacker to be able to
bypass API ...)
- TODO: check
+ NOT-FOR-US: LG
CVE-2022-23729 (When the device is in factory state, it can be access the
shell withou ...)
NOT-FOR-US: LGE
CVE-2022-23728 (Attacker can reset the device with AT Command in the process
of reboot ...)
@@ -9594,7 +9594,7 @@ CVE-2022-23627 (ArchiSteamFarm (ASF) is a C# application
with primary purpose of
CVE-2022-23626 (m1k1o/blog is a lightweight self-hosted facebook-styled PHP
blog. Erro ...)
NOT-FOR-US: m1k1o/blog
CVE-2022-23625 (Wire-ios is a messaging application using the wire protocol on
apple's ...)
- TODO: check
+ NOT-FOR-US: Wire-ios
CVE-2022-23624 (Frourio-express is a minimal full stack framework, for
TypeScript. Fro ...)
NOT-FOR-US: Frourio-express
CVE-2022-23623 (Frourio is a full stack framework, for TypeScript. Frourio
users who u ...)
@@ -10147,7 +10147,7 @@ CVE-2022-0282 (Code Injection in Packagist
microweber/microweber prior to 1.2.11
CVE-2022-0281 (Exposure of Sensitive Information to an Unauthorized Actor in
Packagis ...)
NOT-FOR-US: microweber
CVE-2022-0280 (A race condition vulnerability exists in the QuickClean feature
of McA ...)
- TODO: check
+ NOT-FOR-US: McAfee
CVE-2022-0279 (The AnyComment WordPress plugin before 0.2.18 is affected by a
race co ...)
NOT-FOR-US: WordPress plugin
CVE-2022-0278 (Cross-site Scripting (XSS) - Stored in Packagist
microweber/microweber ...)
@@ -11177,7 +11177,7 @@ CVE-2022-23189 (Adobe Illustrator versions 25.4.3 (and
earlier) and 26.0.2 (and
CVE-2022-23188 (Adobe Illustrator versions 25.4.3 (and earlier) and 26.0.2
(and earlie ...)
NOT-FOR-US: Adobe
CVE-2022-23187 (Adobe Illustrator version 26.0.3 (and earlier) is affected by
a buffer ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2022-23186 (Adobe Illustrator versions 25.4.3 (and earlier) and 26.0.2
(and earlie ...)
NOT-FOR-US: Adobe
CVE-2022-23185
@@ -12508,7 +12508,7 @@ CVE-2022-22815 (path_getbbox in path.c in Pillow before
9.0.0 improperly initial
NOTE:
https://pillow.readthedocs.io/en/stable/releasenotes/9.0.0.html#fixed-imagepath-path-array-handling
NOTE:
https://github.com/python-pillow/Pillow/commit/1e092419b6806495c683043ab3feb6ce264f3b9c
(9.0.0)
CVE-2022-22814 (The System Diagnosis service of MyASUS before 3.1.2.0 allows
privilege ...)
- TODO: check
+ NOT-FOR-US: ASUS
CVE-2022-0155 (follow-redirects is vulnerable to Exposure of Private Personal
Informa ...)
- node-follow-redirects 1.14.7+~1.13.1-1
[bullseye] - node-follow-redirects <no-dsa> (Minor issue)
@@ -18840,7 +18840,7 @@ CVE-2022-21821
CVE-2022-21820
RESERVED
CVE-2022-21819 (NVIDIA distributions of Jetson Linux contain a vulnerability
where an ...)
- TODO: check
+ NOT-FOR-US: NVIDIA
CVE-2022-21818 (NVIDIA License System contains a vulnerability in the
installation scr ...)
NOT-FOR-US: NVIDIA License System
CVE-2022-21817 (NVIDIA Omniverse Launcher contains a Cross-Origin Resource
Sharing (CO ...)
@@ -19300,7 +19300,7 @@ CVE-2021-4071
CVE-2021-44674 (An information exposure issue has been discovered in Opmantek
Open-Aud ...)
NOT-FOR-US: Open-AudIT
CVE-2021-44673 (A Remote Code Execution (RCE) vulnerability exists in Croogo
3.0.2via ...)
- TODO: check
+ NOT-FOR-US: Croogo
CVE-2021-44672
RESERVED
CVE-2021-44671
@@ -19312,7 +19312,7 @@ CVE-2021-44669
CVE-2021-44668
RESERVED
CVE-2021-44667 (A Cross Site Scripting (XSS) vulnerability exists in Nacos
2.0.3 in au ...)
- TODO: check
+ NOT-FOR-US: Nacos
CVE-2021-44666
RESERVED
CVE-2021-44665 (A Directory Traversal vulnerability exists in the Xerte
Project Xerte ...)
@@ -19417,11 +19417,11 @@ CVE-2021-44622 (A Buffer Overflow vulnerability
exists in TP-LINK WR-886N 201908
CVE-2021-44621
RESERVED
CVE-2021-44620 (A Command Injection vulnerability exits in TOTOLINK A3100R
<=V4.1.2 ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2021-44619
RESERVED
CVE-2021-44618 (A Server-side Template Injection (SSTI) vulnerability exists
in Nystud ...)
- TODO: check
+ NOT-FOR-US: Nystudio107 Seomatic
CVE-2021-44617
RESERVED
CVE-2021-44616
@@ -19463,7 +19463,7 @@ CVE-2021-44599 (The id parameter from Online Enrollment
Management System 1.0 sy
CVE-2021-44598 (Attendance Management System 1.0 is affected by a Cross Site
Scripting ...)
NOT-FOR-US: Attendance Management System
CVE-2021-44597 (An Access Control vunerabiity exists in Gerapy v 0.9.7 via the
spider ...)
- TODO: check
+ NOT-FOR-US: Gerapy
CVE-2021-44596
RESERVED
CVE-2021-44595
@@ -19489,7 +19489,7 @@ CVE-2021-44587
CVE-2021-44586 (An issue was discovered in dst-admin v1.3.0. The product has
an unauth ...)
NOT-FOR-US: dst-admin
CVE-2021-44585 (A Cross Site Scripting (XSS) vulnerabilitiy exits in
jeecg-boot 3.0 in ...)
- TODO: check
+ NOT-FOR-US: jeecg-boot
CVE-2021-44584 (Cross-site scripting (XSS) vulnerability in index.php in emlog
version ...)
NOT-FOR-US: emlog
CVE-2021-44583
@@ -26462,15 +26462,15 @@ CVE-2021-42859
CVE-2021-42858
RESERVED
CVE-2021-42857 (It was discovered that the SteelCentral AppInternals Dynamic
Sampling ...)
- TODO: check
+ NOT-FOR-US: SteelCentral AppInternals Dynamic Sampling Agent's (DSA)
AgentDaServlet
CVE-2021-42856 (It was discovered that the /DsaDataTest endpoint is
susceptible to Cro ...)
TODO: check
CVE-2021-42855 (It was discovered that the SteelCentral AppInternals Dynamic
Sampling ...)
- TODO: check
+ NOT-FOR-US: SteelCentral AppInternals Dynamic Sampling Agent (DSA)
CVE-2021-42854 (It was discovered that the SteelCentral AppInternals Dynamic
Sampling ...)
- TODO: check
+ NOT-FOR-US: SteelCentral AppInternals Dynamic Sampling Agent (DSA)
CVE-2021-42853 (It was discovered that the SteelCentral AppInternals Dynamic
Sampling ...)
- TODO: check
+ NOT-FOR-US: SteelCentral AppInternals Dynamic Sampling Agent (DSA)
CVE-2021-3902
RESERVED
CVE-2021-3901 (firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF)
...)
@@ -26620,9 +26620,9 @@ CVE-2021-42789
CVE-2021-42788
RESERVED
CVE-2021-42787 (It was discovered that the SteelCentral AppInternals Dynamic
Sampling ...)
- TODO: check
+ NOT-FOR-US: SteelCentral AppInternals Dynamic Sampling Agent (DSA)
CVE-2021-42786 (It was discovered that the SteelCentral AppInternals Dynamic
Sampling ...)
- TODO: check
+ NOT-FOR-US: SteelCentral AppInternals Dynamic Sampling Agent (DSA)
CVE-2021-42785 (Buffer Overflow vulnerability in tvnviewer.exe of TightVNC
Viewer allo ...)
NOT-FOR-US: TightVNC Viewer
CVE-2021-42784 (OS Command Injection vulnerability in debug_fcgi of D-Link
DWR-932C E1 ...)
@@ -28864,33 +28864,33 @@ CVE-2022-20062
CVE-2022-20061
RESERVED
CVE-2022-20060 (In preloader (usb), there is a possible permission bypass due
to a mis ...)
- TODO: check
+ NOT-FOR-US: Mediatek
CVE-2022-20059 (In preloader (usb), there is a possible out of bounds write
due to a m ...)
- TODO: check
+ NOT-FOR-US: Mediatek
CVE-2022-20058 (In preloader (usb), there is a possible out of bounds write
due to a m ...)
- TODO: check
+ NOT-FOR-US: Mediatek
CVE-2022-20057 (In btif, there is a possible memory corruption due to
incorrect error ...)
- TODO: check
+ NOT-FOR-US: Mediatek
CVE-2022-20056 (In preloader (usb), there is a possible out of bounds write
due to a m ...)
- TODO: check
+ NOT-FOR-US: Mediatek
CVE-2022-20055 (In preloader (usb), there is a possible out of bounds write
due to a m ...)
- TODO: check
+ NOT-FOR-US: Mediatek
CVE-2022-20054 (In ims service, there is a possible AT command injection due
to a miss ...)
- TODO: check
+ NOT-FOR-US: Mediatek
CVE-2022-20053 (In ims service, there is a possible escalation of privilege
due to a m ...)
- TODO: check
+ NOT-FOR-US: Mediatek
CVE-2022-20052
RESERVED
CVE-2022-20051 (In ims service, there is a possible unexpected application
behavior du ...)
- TODO: check
+ NOT-FOR-US: Mediatek
CVE-2022-20050 (In connsyslogger, there is a possible symbolic link following
due to i ...)
- TODO: check
+ NOT-FOR-US: Mediatek
CVE-2022-20049 (In vpu, there is a possible escalation of privilege due to a
missing p ...)
- TODO: check
+ NOT-FOR-US: Mediatek
CVE-2022-20048 (In video decoder, there is a possible out of bounds write due
to a mis ...)
- TODO: check
+ NOT-FOR-US: Mediatek
CVE-2022-20047 (In video decoder, there is a possible out of bounds write due
to a mis ...)
- TODO: check
+ NOT-FOR-US: Mediatek
CVE-2022-20046 (In Bluetooth, there is a possible memory corruption due to a
logic err ...)
NOT-FOR-US: MediaTek
CVE-2022-20045 (In Bluetooth, there is a possible service crash due to a use
after fre ...)
@@ -31606,11 +31606,11 @@ CVE-2021-41243 (There is a Potential Zip Slip
Vulnerability and OS Command Injec
CVE-2021-41242 (OpenOlat is a web-basedlearning management system. A path
traversal vu ...)
NOT-FOR-US: OpenOlat
CVE-2021-41241 (Nextcloud server is a self hosted system designed to provide
cloud sty ...)
- TODO: check
+ - nextcloud-server <itp> (bug #941708)
CVE-2021-41240
RESERVED
CVE-2021-41239 (Nextcloud server is a self hosted system designed to provide
cloud sty ...)
- TODO: check
+ - nextcloud-server <itp> (bug #941708)
CVE-2021-41238 (Hangfire is an open source system to perform background job
processing ...)
NOT-FOR-US: Hangfire
CVE-2021-41237
@@ -46436,7 +46436,7 @@ CVE-2021-35253
CVE-2021-35252
RESERVED
CVE-2021-35251 (Sensitive information could be displayed when a detailed
technical err ...)
- TODO: check
+ NOT-FOR-US: Solarwinds
CVE-2021-35250
RESERVED
CVE-2021-35249
@@ -49014,7 +49014,7 @@ CVE-2021-34124
CVE-2021-34123
RESERVED
CVE-2021-34122 (The function bitstr_tell at bitstr.c in ffjpeg commit 4ab404e
has a NU ...)
- TODO: check
+ NOT-FOR-US: ffjpeg
CVE-2021-34121
RESERVED
CVE-2021-34120
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/4c013dc4882528a35f0bead9f3048b99ea337f10...f96df1e9b050349dd1d8cc1d017545734ee0bbcc
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/4c013dc4882528a35f0bead9f3048b99ea337f10...f96df1e9b050349dd1d8cc1d017545734ee0bbcc
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
