Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
048fb394 by Salvatore Bonaccorso at 2022-10-24T22:36:30+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -150,7 +150,7 @@ CVE-2022-3678
CVE-2022-3677
RESERVED
CVE-2022-3676 (In Eclipse Openj9 before version 0.35.0, interface calls can be
inline ...)
- TODO: check
+ NOT-FOR-US: Eclipse Openj9
CVE-2022-3675
RESERVED
CVE-2022-3674
@@ -180,7 +180,7 @@ CVE-2022-3663
CVE-2022-3662
RESERVED
CVE-2021-46850 (myVesta Control Panel before 0.9.8-26-43 and Vesta Control
Panel befor ...)
- TODO: check
+ NOT-FOR-US: myVesta Control Panel
CVE-2021-46849 (pikepdf before 2.10.0 allows an XXE attack against PDF XMP
metadata pa ...)
TODO: check
CVE-2021-46848 (GNU Libtasn1 before 4.19.0 has an ETYPE_OK off-by-one array
size check ...)
@@ -2651,7 +2651,7 @@ CVE-2022-42737
CVE-2022-42736
RESERVED
CVE-2022-41797 (Improper authorization in handler for custom URL scheme
vulnerability ...)
- TODO: check
+ NOT-FOR-US: Lemon8 App
CVE-2022-3451
RESERVED
CVE-2022-3450
@@ -3321,7 +3321,7 @@ CVE-2022-42001
CVE-2022-42000
RESERVED
CVE-2022-41986 (Information disclosure vulnerability in Android App 'IIJ
SmartKey' ver ...)
- TODO: check
+ NOT-FOR-US: Android App 'IIJ SmartKey'
CVE-2022-41814
RESERVED
CVE-2022-41796 (Untrusted search path vulnerability in the installer of
Content Transf ...)
@@ -4731,7 +4731,7 @@ CVE-2022-41803
CVE-2022-41801
RESERVED
CVE-2022-41799 (Improper access control vulnerability in GROWI prior to v5.1.4
(v5 ser ...)
- TODO: check
+ NOT-FOR-US: GROWI
CVE-2022-41782
RESERVED
CVE-2022-41771
@@ -5418,7 +5418,7 @@ CVE-2022-41556 (A resource leak in gw_backend.c in
lighttpd 1.4.56 through 1.4.6
NOTE: Introduced by:
https://github.com/lighttpd/lighttpd1.4/commit/bcddbe186f010e2964f7551141c0b8350b36817d
(lighttpd-1.4.56-rc1)
NOTE: Fixed by:
https://github.com/lighttpd/lighttpd1.4/commit/b18de6f9264f914f7bf493abd3b6059343548e50
(lighttpd-1.4.67)
CVE-2022-40690 (Cross-site scripting vulnerability in BookStack versions prior
to v22. ...)
- TODO: check
+ NOT-FOR-US: BookStack
CVE-2022-3322
RESERVED
CVE-2022-3321
@@ -5943,7 +5943,7 @@ CVE-2022-41344
RESERVED
NOT-FOR-US: Mediawiki extension PageTriage
CVE-2022-40984 (Stack-based buffer overflow in WTViewerE series WTViewerE
761941 from ...)
- TODO: check
+ NOT-FOR-US: WTViewerE
CVE-2022-3299 (A vulnerability was found in Open5GS up to 2.4.10. It has been
declare ...)
NOT-FOR-US: Open5GS
CVE-2022-3298 (Allocation of Resources Without Limits or Throttling in GitHub
reposit ...)
@@ -5955,7 +5955,7 @@ CVE-2022-41343 (registerFont in FontMetrics.php in Dompdf
before 2.0.1 allows re
NOTE: https://github.com/dompdf/dompdf/releases/tag/v2.0.1
NOTE: https://tantosec.com/blog/cve-2022-41343/
CVE-2022-36368 (Multiple stored cross-site scripting vulnerabilities in the
web user i ...)
- TODO: check
+ NOT-FOR-US: IPFire
CVE-2022-41340 (The secp256k1-js package before 1.1.0 for Node.js implements
ECDSA wit ...)
NOT-FOR-US: Node secp256k1-js
CVE-2022-41339
@@ -10721,7 +10721,7 @@ CVE-2022-39316
CVE-2022-39315
RESERVED
CVE-2022-39314 (Kirby is a flat-file CMS. In versions prior to 3.5.8.2,
3.6.6.2, 3.7.5 ...)
- TODO: check
+ NOT-FOR-US: Kirby CMS
CVE-2022-39313 (Parse Server is an open source backend that can be deployed to
any inf ...)
TODO: check
CVE-2022-39312
@@ -10739,7 +10739,7 @@ CVE-2022-39307
CVE-2022-39306
RESERVED
CVE-2022-39305 (Gin-vue-admin is a backstage management system based on vue
and gin, w ...)
- TODO: check
+ NOT-FOR-US: Gin-vue-admin
CVE-2022-39304
RESERVED
CVE-2022-39303 (Ree6 is a moderation bot. This vulnerability allows
manipulation of SQ ...)
@@ -14400,7 +14400,7 @@ CVE-2022-38119
CVE-2022-38118 (OAKlouds Portal website’s Meeting Room has insufficient
validati ...)
NOT-FOR-US: OAKlouds
CVE-2022-38117 (Juiker app hard-coded its AES key in the source code. A
physical attac ...)
- TODO: check
+ NOT-FOR-US: Juiker app
CVE-2022-38116 (Le-yan Personnel and Salary Management System has hard-coded
database ...)
NOT-FOR-US: Le-yan Personnel and Salary Management System
CVE-2022-38103
@@ -34423,17 +34423,17 @@ CVE-2022-1706 (A vulnerability was found in Ignition
where ignition configs are
NOTE: https://github.com/coreos/ignition/issues/1300
NOTE: https://github.com/coreos/ignition/pull/1350
CVE-2021-46279 (Session fixation and insufficient session expiration
vulnerabilities a ...)
- TODO: check
+ NOT-FOR-US: Lanner Inc IAC-AST2500A standard firmware
CVE-2021-45925 (Observable discrepancies in the login process allow an
attacker to gue ...)
- TODO: check
+ NOT-FOR-US: Lanner Inc IAC-AST2500A standard firmware
CVE-2021-44776 (A broken access control vulnerability in the
SubNet_handler_func funct ...)
- TODO: check
+ NOT-FOR-US: Lanner Inc IAC-AST2500A standard firmware
CVE-2021-44769 (An improper input validation vulnerability in the TLS
certificate gene ...)
- TODO: check
+ NOT-FOR-US: Lanner Inc IAC-AST2500A standard firmware
CVE-2021-44467 (A broken access control vulnerability in the KillDupUsr_func
function ...)
- TODO: check
+ NOT-FOR-US: Lanner Inc IAC-AST2500A standard firmware
CVE-2021-4228 (Use of hard-coded TLS certificate by default allows an attacker
to per ...)
- TODO: check
+ NOT-FOR-US: Lanner Inc IAC-AST2500A standard firmware
CVE-2022-30689 (HashiCorp Vault and Vault Enterprise from 1.10.0 to 1.10.2 did
not cor ...)
NOT-FOR-US: HashiCorp Vault
CVE-2022-30688 (needrestart 0.8 through 3.5 before 3.6 is prone to local
privilege esc ...)
@@ -116045,19 +116045,19 @@ CVE-2021-26735
CVE-2021-26734
RESERVED
CVE-2021-26733 (A broken access control vulnerability in the
FirstReset_handler_func f ...)
- TODO: check
+ NOT-FOR-US: Lanner Inc IAC-AST2500A standard firmware
CVE-2021-26732 (A broken access control vulnerability in the
First_network_func functi ...)
- TODO: check
+ NOT-FOR-US: Lanner Inc IAC-AST2500A standard firmware
CVE-2021-26731 (Command injection and multiple stack-based buffer overflows
vulnerabil ...)
- TODO: check
+ NOT-FOR-US: Lanner Inc IAC-AST2500A standard firmware
CVE-2021-26730 (A stack-based buffer overflow vulnerability in a subfunction
of the Lo ...)
- TODO: check
+ NOT-FOR-US: Lanner Inc IAC-AST2500A standard firmware
CVE-2021-26729 (Command injection and multiple stack-based buffer overflows
vulnerabil ...)
- TODO: check
+ NOT-FOR-US: Lanner Inc IAC-AST2500A standard firmware
CVE-2021-26728 (Command injection and stack-based buffer overflow
vulnerabilities in t ...)
- TODO: check
+ NOT-FOR-US: Lanner Inc IAC-AST2500A standard firmware
CVE-2021-26727 (Multiple command injections and stack-based buffer overflows
vulnerabi ...)
- TODO: check
+ NOT-FOR-US: Lanner Inc IAC-AST2500A standard firmware
CVE-2021-26726 (A remote code execution vulnerability affecting a Valmet DNA
service l ...)
NOT-FOR-US: Valmet
CVE-2021-26725 (Path Traversal vulnerability when changing timezone using web
GUI of N ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/048fb3943b662d7026a573a943cb3998bb6e8aec
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/048fb3943b662d7026a573a943cb3998bb6e8aec
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
