Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
3a575e15 by Salvatore Bonaccorso at 2022-05-03T22:30:51+02:00
Process some more NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -9377,7 +9377,7 @@ CVE-2022-0918 (A vulnerability was discovered in the 389
Directory Server that a
CVE-2022-0917
RESERVED
CVE-2022-0916 (An issue was discovered in Logitech Options. The OAuth 2.0
state param ...)
- TODO: check
+ NOT-FOR-US: Logitech
CVE-2022-0915 (There is a Time-of-check Time-of-use (TOCTOU) Race Condition
Vulnerabi ...)
NOT-FOR-US: Logitech Sync for Windows
CVE-2022-0914 (The Export All URLs WordPress plugin before 4.3 does not have
CSRF in ...)
@@ -16834,7 +16834,7 @@ CVE-2022-24273
CVE-2022-24272
REJECTED
CVE-2022-23400 (A stack-based buffer overflow vulnerability exists in the
IGXMPXMLPars ...)
- TODO: check
+ NOT-FOR-US: Accusoft ImageGear
CVE-2022-0435 (A stack overflow flaw was found in the Linux kernel's TIPC
protocol fu ...)
{DSA-5096-1 DSA-5092-1 DLA-2941-1 DLA-2940-1}
- linux 5.16.10-1
@@ -18538,7 +18538,7 @@ CVE-2021-46442 (In the "webupg" binary of D-Link
DIR-825 G1, attackers can bypas
CVE-2021-46441 (In the "webupg" binary of D-Link DIR-825 G1, because of the
lack of pa ...)
NOT-FOR-US: D-Link
CVE-2021-46440 (Storing passwords in a recoverable format in the DOCUMENTATION
plugin ...)
- TODO: check
+ NOT-FOR-US: Strapi
CVE-2021-46439
REJECTED
CVE-2021-46438
@@ -20154,7 +20154,7 @@ CVE-2022-23314 (MCMS v5.2.4 was discovered to contain a
SQL injection vulnerabil
CVE-2022-23313
RESERVED
CVE-2022-22137 (A memory corruption vulnerability exists in the
ioca_mys_rgb_allocate ...)
- TODO: check
+ NOT-FOR-US: Accusoft ImageGear
CVE-2022-21801 (A denial of service vulnerability exists in the netserver
recv_command ...)
NOT-FOR-US: Reolink
CVE-2022-21796 (A memory corruption vulnerability exists in the netserver
parse_comman ...)
@@ -21326,7 +21326,7 @@ CVE-2022-23065 (In Vendure versions 0.1.0-alpha.2 to
1.5.1 are affected by Store
CVE-2022-23064 (In Snipe-IT, versions v3.0-alpha to v5.3.7 are vulnerable to
Host Head ...)
- snipe-it <itp> (bug #1005172)
CVE-2022-23063 (In Shopizer versions 2.3.0 to 3.0.1 are vulnerable to
Insufficient Ses ...)
- TODO: check
+ NOT-FOR-US: Shopizer
CVE-2022-23062
RESERVED
CVE-2022-23061 (In Shopizer versions 2.0 to 2.17.0 a regular admin can
permanently del ...)
@@ -39444,7 +39444,7 @@ CVE-2021-42167
CVE-2021-42166
RESERVED
CVE-2021-42165 (MitraStar GPT-2541GNAC-N1 (HGU) 100VNZ0b33 devices allow
remote authen ...)
- TODO: check
+ NOT-FOR-US: MitraStar
CVE-2021-42164
RESERVED
CVE-2021-42163
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3a575e15e379aa82e53fdb3f12784e30b4b71620
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3a575e15e379aa82e53fdb3f12784e30b4b71620
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
