Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
9ae9d654 by Salvatore Bonaccorso at 2022-04-28T09:06:14+02:00
Add CVE-2022-1507/chafa
- - - - -
24a0fd0e by Salvatore Bonaccorso at 2022-04-28T09:06:15+02:00
Process NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -27,19 +27,21 @@ CVE-2022-29811
CVE-2022-1508
RESERVED
CVE-2022-1507 (chafa: NULL Pointer Dereference in function
gif_internal_decode_frame ...)
- TODO: check
+ - chafa 1.10.2-1
+ NOTE: https://huntr.dev/bounties/104d8c5d-cac5-4baa-9ac9-291ea0bcab95/
+ NOTE:
https://github.com/hpjansson/chafa/commit/e4b777c7b7c144cd16a0ea96108267b1004fe6c9
(1.10.2)
CVE-2022-1506
RESERVED
CVE-2022-1505
RESERVED
CVE-2022-1504 (XSS in /demo/module/?module=HERE in GitHub repository
microweber/micro ...)
- TODO: check
+ NOT-FOR-US: microweber
CVE-2022-29810 (The Hashicorp go-getter library before 1.5.11 could write SSH
credenti ...)
TODO: check
CVE-2022-29809
RESERVED
CVE-2022-1503 (A vulnerability, which was classified as problematic, has been
found i ...)
- TODO: check
+ NOT-FOR-US: GetSimple CMS
CVE-2022-1502
RESERVED
CVE-2022-1501
@@ -971,7 +973,7 @@ CVE-2022-1407
CVE-2022-29510
RESERVED
CVE-2022-29505 (Due to build misconfiguration in openssl dependency, LINE for
Windows ...)
- TODO: check
+ NOT-FOR-US: LINE for Windows
CVE-2022-29486
RESERVED
CVE-2022-29469
@@ -3691,7 +3693,7 @@ CVE-2022-28466
CVE-2022-28465
RESERVED
CVE-2022-28464 (Apifox through 2.1.6 is vulnerable to Cross Site Scripting
(XSS) which ...)
- TODO: check
+ NOT-FOR-US: Apifox
CVE-2022-28463
RESERVED
CVE-2022-28462
@@ -4561,15 +4563,15 @@ CVE-2022-28199
CVE-2022-28198
RESERVED
CVE-2022-28197 (NVIDIA Jetson Linux Driver Package contains a vulnerability in
the Cbo ...)
- TODO: check
+ NOT-FOR-US: NVIDIA Jetson Linux Driver Package
CVE-2022-28196 (NVIDIA Jetson Linux Driver Package contains a vulnerability in
the Cbo ...)
- TODO: check
+ NOT-FOR-US: NVIDIA Jetson Linux Driver Package
CVE-2022-28195 (NVIDIA Jetson Linux Driver Package contains a vulnerability in
the Cbo ...)
- TODO: check
+ NOT-FOR-US: NVIDIA Jetson Linux Driver Package
CVE-2022-28194 (NVIDIA Jetson Linux Driver Package contains a vulnerability in
the Cbo ...)
- TODO: check
+ NOT-FOR-US: NVIDIA Jetson Linux Driver Package
CVE-2022-28193 (NVIDIA Jetson Linux Driver Package contains a vulnerability in
the Cbo ...)
- TODO: check
+ NOT-FOR-US: NVIDIA Jetson Linux Driver Package
CVE-2022-28192
RESERVED
CVE-2022-28191
@@ -5422,7 +5424,7 @@ CVE-2022-27907 (Sonatype Nexus Repository Manager 3.x
before 3.38.0 allows SSRF.
CVE-2022-27906 (Mendelson OFTP2 before 1.1 b43 is affected by directory
traversal. To ...)
NOT-FOR-US: Mendelson OFTP2
CVE-2022-27905 (In ControlUp Real-Time Agent before 8.6, an unquoted path can
result i ...)
- TODO: check
+ NOT-FOR-US: ControlUp Real-Time Agent
CVE-2022-27904
RESERVED
CVE-2022-27903
@@ -6900,7 +6902,7 @@ CVE-2022-27338
CVE-2022-27337
RESERVED
CVE-2022-27336 (Seacms v11.6 was discovered to contain a remote code execution
(RCE) v ...)
- TODO: check
+ NOT-FOR-US: Seacms
CVE-2022-27335
RESERVED
CVE-2022-27334
@@ -15291,7 +15293,7 @@ CVE-2022-0483 (Local privilege escalation due to
insecure folder permissions. Th
CVE-2022-0482 (Exposure of Private Personal Information to an Unauthorized
Actor in G ...)
NOT-FOR-US: easyappointments
CVE-2022-24372 (Linksys MR9600 devices before 2.0.5 allow attackers to read
arbitrary ...)
- TODO: check
+ NOT-FOR-US: Linksys
CVE-2022-24371
RESERVED
CVE-2022-24370 (This vulnerability allows remote attackers to disclose
sensitive infor ...)
@@ -17471,9 +17473,9 @@ CVE-2021-46444 (H.H.G Multistore v5.1.0 and below was
discovered to contain a SQ
CVE-2021-46443
REJECTED
CVE-2021-46442 (In the "webupg" binary of D-Link DIR-825 G1, attackers can
bypass auth ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2021-46441 (In the "webupg" binary of D-Link DIR-825 G1, because of the
lack of pa ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2021-46440
RESERVED
CVE-2021-46439
@@ -17507,15 +17509,15 @@ CVE-2021-46426 (phpIPAM 1.4.4 allows Reflected XSS
and CSRF via app/admin/subnet
CVE-2021-46425
RESERVED
CVE-2021-46424 (Telesquare TLR-2005KSH 1.0.0 is affected by an arbitrary file
deletion ...)
- TODO: check
+ NOT-FOR-US: Telesquare
CVE-2021-46423 (Telesquare TLR-2005KSH 1.0.0 is affected by an unauthenticated
file do ...)
- TODO: check
+ NOT-FOR-US: Telesquare
CVE-2021-46422 (Telesquare SDT-CW3B1 1.1.0 is affected by an OS command
injection vuln ...)
- TODO: check
+ NOT-FOR-US: Telesquare
CVE-2021-46421 (Franklin Fueling Systems FFS T5 Series 1.8.7.7299 is affected
by an un ...)
- TODO: check
+ NOT-FOR-US: Franklin Fueling Systems
CVE-2021-46420 (Franklin Fueling Systems FFS TS-550 evo 2.23.4.8936 is
affected by an ...)
- TODO: check
+ NOT-FOR-US: Franklin Fueling Systems
CVE-2021-46419 (An unauthorized file deletion vulnerability in Telesquare
TLR-2855KS6 ...)
NOT-FOR-US: Telesquare
CVE-2021-46418 (An unauthorized file creation vulnerability in Telesquare
TLR-2855KS6 ...)
@@ -17710,7 +17712,7 @@ CVE-2022-23824
CVE-2022-23823
RESERVED
CVE-2022-23822 (In this physical attack, an attacker may potentially exploit
the Zynq- ...)
- TODO: check
+ NOT-FOR-US: Zynq-7000 SoC First Stage Boot Loader (FSBL)
CVE-2022-23821
RESERVED
CVE-2022-23820
@@ -22367,7 +22369,7 @@ CVE-2022-22523
CVE-2022-22522
RESERVED
CVE-2022-22521 (In Miele Benchmark Programming Tool with versions Prior to
1.2.71, exe ...)
- TODO: check
+ NOT-FOR-US: Miele
CVE-2022-22520
RESERVED
CVE-2022-22519 (A remote, unauthenticated attacker can send a specific crafted
HTTP or ...)
@@ -23505,13 +23507,13 @@ CVE-2022-22280
CVE-2022-22279 (** UNSUPPORTED WHEN ASSIGNED ** A post-authentication
arbitrary file r ...)
NOT-FOR-US: Sonicwall
CVE-2022-22278 (A vulnerability in SonicOS CFS (Content filtering service)
returns a l ...)
- TODO: check
+ NOT-FOR-US: SonicWall
CVE-2022-22277 (A vulnerability in SonicOS SNMP service resulting exposure of
Wireless ...)
- TODO: check
+ NOT-FOR-US: SonicWall
CVE-2022-22276 (A vulnerability in SonicOS SNMP service resulting exposure of
sensitiv ...)
- TODO: check
+ NOT-FOR-US: SonicWall
CVE-2022-22275 (Improper Restriction of TCP Communication Channel in HTTP/S
inbound tr ...)
- TODO: check
+ NOT-FOR-US: SonicWall
CVE-2022-22274 (A Stack-based buffer overflow vulnerability in the SonicOS via
HTTP re ...)
NOT-FOR-US: Sonicwall
CVE-2022-22273 (** UNSUPPORTED WHEN ASSIGNED ** Improper neutralization of
Special Ele ...)
@@ -56984,9 +56986,9 @@ CVE-2021-34604
CVE-2021-34603
RESERVED
CVE-2021-34602 (In Bender/ebee Charge Controllers in multiple versions are
prone to Co ...)
- TODO: check
+ NOT-FOR-US: Bender/ebee Charge Controllers
CVE-2021-34601 (In Bender/ebee Charge Controllers in multiple versions are
prone to Ha ...)
- TODO: check
+ NOT-FOR-US: Bender/ebee Charge Controllers
CVE-2021-34600 (Telenot CompasX versions prior to 32.0 use a weak seed for
random numb ...)
NOT-FOR-US: Telenot CompasX
CVE-2021-34599 (Affected versions of CODESYS Git in Versions prior to V1.1.0.0
lack ce ...)
@@ -57004,17 +57006,17 @@ CVE-2021-34594 (TwinCAT OPC UA Server in TF6100 and
TS6100 in product versions b
CVE-2021-34593 (In CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT prior
to versio ...)
NOT-FOR-US: CODESYS
CVE-2021-34592 (In Bender/ebee Charge Controllers in multiple versions are
prone to Co ...)
- TODO: check
+ NOT-FOR-US: Bender/ebee Charge Controllers
CVE-2021-34591 (In Bender/ebee Charge Controllers in multiple versions are
prone to Lo ...)
- TODO: check
+ NOT-FOR-US: Bender/ebee Charge Controllers
CVE-2021-34590 (In Bender/ebee Charge Controllers in multiple versions are
prone to Cr ...)
- TODO: check
+ NOT-FOR-US: Bender/ebee Charge Controllers
CVE-2021-34589 (In Bender/ebee Charge Controllers in multiple versions are
prone to an ...)
- TODO: check
+ NOT-FOR-US: Bender/ebee Charge Controllers
CVE-2021-34588 (In Bender/ebee Charge Controllers in multiple versions are
prone to un ...)
- TODO: check
+ NOT-FOR-US: Bender/ebee Charge Controllers
CVE-2021-34587 (In Bender/ebee Charge Controllers in multiple versions a long
URL coul ...)
- TODO: check
+ NOT-FOR-US: Bender/ebee Charge Controllers
CVE-2021-34586 (In the CODESYS V2 web server prior to V1.1.9.22 crafted web
server req ...)
NOT-FOR-US: CODESYS
CVE-2021-34585 (In the CODESYS V2 web server prior to V1.1.9.22 crafted web
server req ...)
@@ -81119,7 +81121,7 @@ CVE-2021-25268
CVE-2021-25267
RESERVED
CVE-2021-25266 (An insecure data storage vulnerability allows a physical
attacker with ...)
- TODO: check
+ NOT-FOR-US: Sophos Authenticator for Android
CVE-2021-25265 (A malicious website could execute code remotely in Sophos
Connect Clie ...)
NOT-FOR-US: Sophos Connect Client
CVE-2021-25264 (In multiple versions of Sophos Endpoint products for MacOS, a
local at ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/64ce55053ebfc2eecc47d764ebc8e15976d4eca0...24a0fd0e17ac8997c4269fb224923fa9d90d4210
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/64ce55053ebfc2eecc47d764ebc8e15976d4eca0...24a0fd0e17ac8997c4269fb224923fa9d90d4210
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
