Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
05089897 by Salvatore Bonaccorso at 2022-05-19T23:16:01+02:00
Process some NFUs
- - - - -
5fe05400 by Salvatore Bonaccorso at 2022-05-19T23:16:01+02:00
Track two issues for octoprint, itp'ed
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1493,9 +1493,9 @@ CVE-2022-30620
CVE-2022-30619
RESERVED
CVE-2022-30618 (An authenticated user with access to the Strapi admin panel
can view p ...)
- TODO: check
+ NOT-FOR-US: Strapi
CVE-2022-30617 (An authenticated user with access to the Strapi admin panel
can view p ...)
- TODO: check
+ NOT-FOR-US: Strapi
CVE-2022-29525
RESERVED
CVE-2022-28704
@@ -1776,7 +1776,7 @@ CVE-2022-26344
CVE-2022-25976
RESERVED
CVE-2022-1670 (When generating a user invitation code in Octopus Server, the
validity ...)
- TODO: check
+ NOT-FOR-US: Octopus Server
CVE-2022-1669
RESERVED
CVE-2022-1668
@@ -3224,7 +3224,7 @@ CVE-2022-30020
CVE-2022-30019
RESERVED
CVE-2022-30018 (Mobotix Control Center (MxCC) through 2.5.4.5 has
Insufficiently Prote ...)
- TODO: check
+ NOT-FOR-US: Mobotix Control Center (MxCC)
CVE-2022-30017
RESERVED
CVE-2022-30016
@@ -4590,11 +4590,11 @@ CVE-2022-1432 (Cross-site Scripting (XSS) - Generic in
GitHub repository octopri
CVE-2022-1431 (An issue has been discovered in GitLab affecting all versions
starting ...)
TODO: check
CVE-2022-1430 (Cross-site Scripting (XSS) - DOM in GitHub repository
octoprint/octopr ...)
- TODO: check
+ - octoprint <itp> (bug #718591)
CVE-2022-1429 (SQL injection in GridHelperService.php in GitHub repository
pimcore/pi ...)
NOT-FOR-US: pimcore
CVE-2022-1428 (An issue has been discovered in GitLab affecting all versions
before 1 ...)
- TODO: check
+ - octoprint <itp> (bug #718591)
CVE-2022-29582 (In the Linux kernel before 5.17.3, fs/io_uring.c has a
use-after-free ...)
{DSA-5127-1}
- linux 5.17.3-1
@@ -4996,13 +4996,13 @@ CVE-2022-29451 (Cross-Site Request Forgery (CSRF)
leading to Arbitrary File Uplo
CVE-2022-29450
RESERVED
CVE-2022-29449 (Authenticated (contributor or higher user role) Stored
Cross-Site Scri ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-29448
RESERVED
CVE-2022-29447
RESERVED
CVE-2022-29446 (Authenticated (administrator or higher role) Local File
Inclusion (LFI ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-29445 (Authenticated (administrator or higher role) Local File
Inclusion (LFI ...)
NOT-FOR-US: WordPress plugin
CVE-2022-29444 (Plugin Settings Change leading to Cross-Site Scripting (XSS)
vulnerabi ...)
@@ -7855,11 +7855,11 @@ CVE-2021-46780 (The Easy Google Maps WordPress plugin
before 1.9.32 does not esc
CVE-2022-28351
RESERVED
CVE-2022-28350 (Arm Mali GPU Kernel Driver allows improper GPU operations in
Valhall r ...)
- TODO: check
+ NOT-FOR-US: ARM Mali GPU driver
CVE-2022-28349 (Arm Mali GPU Kernel Driver has a use-after-free: Midgard r28p0
through ...)
- TODO: check
+ NOT-FOR-US: ARM Mali GPU driver
CVE-2022-28348 (Arm Mali GPU Kernel Driver (Midgard r4p0 through r31p0,
Bifrost r0p0 t ...)
- TODO: check
+ NOT-FOR-US: ARM Mali GPU driver
CVE-2022-28347 (A SQL injection issue was discovered in QuerySet.explain() in
Django 2 ...)
- python-django 2:3.2.13-1 (bug #1009677)
[stretch] - python-django <not-affected> (Vulnerable code not present)
@@ -9281,7 +9281,7 @@ CVE-2022-27949
CVE-2022-27948 (** DISPUTED ** Certain Tesla vehicles through 2022-03-26 allow
attacke ...)
NOT-FOR-US: Tesla
CVE-2022-1110 (A buffer overflow vulnerability in Lenovo Smart Standby Driver
prior t ...)
- TODO: check
+ NOT-FOR-US: Lenovo
CVE-2022-1109
RESERVED
CVE-2022-1108 (A potential vulnerability due to improper buffer validation in
the SMI ...)
@@ -34498,7 +34498,7 @@ CVE-2021-3971 (A potential vulnerability by a driver
used during older manufactu
CVE-2021-3970 (A potential vulnerability in LenovoVariable SMI Handler due to
insuffi ...)
NOT-FOR-US: Lenovo
CVE-2021-3969 (A Time of Check Time of Use (TOCTOU) vulnerability was reported
in IMC ...)
- TODO: check
+ NOT-FOR-US: Lenovo
CVE-2021-3968 (vim is vulnerable to Heap-based Buffer Overflow ...)
- vim 2:8.2.3995-1 (bug #1001900)
[bullseye] - vim <no-dsa> (Minor issue)
@@ -36236,9 +36236,9 @@ CVE-2022-21151 (Processor optimization removal or
modification of security-criti
CVE-2022-21138
RESERVED
CVE-2022-21136 (Improper input validation for some Intel(R) Xeon(R) Processors
may all ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-21131 (Improper access control for some Intel(R) Xeon(R) Processors
may allow ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2021-3960 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
NOT-FOR-US: Bitdefender
CVE-2021-3959 (A Server-Side Request Forgery (SSRF) vulnerability in the
EPPUpdateSer ...)
@@ -36600,7 +36600,7 @@ CVE-2021-43584
CVE-2021-43583
RESERVED
CVE-2021-3956 (A read-only authentication bypass vulnerability was reported in
the Th ...)
- TODO: check
+ NOT-FOR-US: Lenovo
CVE-2021-3955
RESERVED
CVE-2021-3954
@@ -37613,7 +37613,7 @@ CVE-2021-43257 (Lack of Neutralization of Formula
Elements in the CSV API of Man
CVE-2021-3923
RESERVED
CVE-2021-3922 (A race condition vulnerability was reported in IMController, a
softwar ...)
- TODO: check
+ NOT-FOR-US: Lenovo
CVE-2021-43267 (An issue was discovered in net/tipc/crypto.c in the Linux
kernel befor ...)
- linux 5.14.16-1
[bullseye] - linux 5.10.84-1
@@ -39629,15 +39629,15 @@ CVE-2021-3901 (firefly-iii is vulnerable to
Cross-Site Request Forgery (CSRF) ..
CVE-2021-3900 (firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF)
...)
NOT-FOR-US: firefly-iii
CVE-2021-42852 (A command injection vulnerability was reported in some Lenovo
Personal ...)
- TODO: check
+ NOT-FOR-US: Lenovo
CVE-2021-42851 (A vulnerability was reported in some Lenovo Personal Cloud
Storage dev ...)
- TODO: check
+ NOT-FOR-US: Lenovo
CVE-2021-42850 (A weak default administrator password for the web interface
and serial ...)
- TODO: check
+ NOT-FOR-US: Lenovo
CVE-2021-42849 (A weak default password for the serial port was reported in
some Lenov ...)
- TODO: check
+ NOT-FOR-US: Lenovo
CVE-2021-42848 (An information disclosure vulnerability was reported in some
Lenovo Pe ...)
- TODO: check
+ NOT-FOR-US: Lenovo
CVE-2021-3899
RESERVED
CVE-2021-3898 (Versions of Motorola Ready For and Motorola Device Help Android
applic ...)
@@ -40374,7 +40374,7 @@ CVE-2021-23225 (Cacti 1.1.38 allows authenticated users
with User Management per
NOTE: overlap with CVE-2020-7106 (registered earlier, but issue above
is from 2018) which refactors user_admin.php XSS protection
NOTE: input (not output) validation not addressed, malicious username
still can be created after fix
CVE-2022-0005 (Sensitive information accessible by physical probing of JTAG
interface ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-0004 (Hardware debug modes and processor INIT setting that allow
override of ...)
TODO: check
CVE-2022-0003
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/90d887e936c0eb4068f88bfb557d096baf99a276...5fe054002f1ee03cdd29de9436b014341c66a7f4
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/90d887e936c0eb4068f88bfb557d096baf99a276...5fe054002f1ee03cdd29de9436b014341c66a7f4
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
