Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
c71feb9f by Moritz Muehlenhoff at 2022-11-21T14:03:38+01:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -48655,7 +48655,7 @@ CVE-2022-26341 (Insufficiently protected credentials in
software in Intel(R) AMT
CVE-2022-26079 (Improper conditions check in some Intel(R) XMM(TM) 7560 Modem
software ...)
NOT-FOR-US: Intel
CVE-2022-26047 (Improper input validation for some Intel(R) PROSet/Wireless
WiFi, Inte ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-26045 (Improper buffer restrictions in some Intel(R) XMM(TM) 7560
Modem softw ...)
NOT-FOR-US: Intel
CVE-2022-25868
@@ -96044,7 +96044,7 @@ CVE-2021-37938 (It was discovered that on Windows
operating systems specifically
CVE-2021-37937
RESERVED
CVE-2021-37936 (It was discovered that Kibana was not sanitizing document
fields conta ...)
- TODO: check
+ - kibana <itp> (bug #700337)
CVE-2021-37935 (An information disclosure vulnerability in the login page of
Huntflow ...)
NOT-FOR-US: Huntflow Enterprise
CVE-2021-37934 (Due to insufficient server-side login-attempt limit
enforcement, a vul ...)
@@ -98494,7 +98494,7 @@ CVE-2021-36907
CVE-2021-36906 (Multiple Insecure Direct Object References (IDOR)
vulnerabilities in E ...)
NOT-FOR-US: WordPress plugin
CVE-2021-36905 (Multiple Auth. (contributor+) Stored Cross-Site Scripting
(XSS) vulner ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-36904
RESERVED
CVE-2021-36903
@@ -105682,7 +105682,7 @@ CVE-2021-33899
CVE-2021-33898 (In Invoice Ninja before 4.4.0, there is an unsafe call to
unserialize( ...)
NOT-FOR-US: Invoice Ninja
CVE-2021-33897 (A buffer overflow in Synthesia before 10.7.5567, when a
non-Latin loca ...)
- TODO: check
+ NOT-FOR-US: Synthesia
CVE-2021-33896 (Dino before 0.1.2 and 0.2.x before 0.2.1 allows Directory
Traversal (o ...)
- dino-im 0.2.0-3
[buster] - dino-im <no-dsa> (Minor issue)
@@ -111565,7 +111565,7 @@ CVE-2021-31741
CVE-2021-31740
RESERVED
CVE-2021-31739 (The SEPPmail solution is vulnerable to a Cross-Site Scripting
vulnerab ...)
- TODO: check
+ NOT-FOR-US: SEPPmail
CVE-2021-31738 (Adiscon LogAnalyzer 4.1.10 and 4.1.11 allow login.php XSS. ...)
NOT-FOR-US: Adiscon LogAnalyzer
CVE-2021-31737 (emlog v5.3.1 and emlog v6.0.0 have a Remote Code Execution
vulnerabili ...)
@@ -111835,7 +111835,7 @@ CVE-2021-31610 (The Bluetooth Classic implementation
on AB32VG1 devices does not
CVE-2021-31609 (The Bluetooth Classic implementation in Silicon Labs iWRAP
6.3.0 and e ...)
NOT-FOR-US: Silicon Labs Bluetooth
CVE-2021-31608 (Proofpoint Enterprise Protection before 18.8.0 allows a Bypass
of a Se ...)
- TODO: check
+ NOT-FOR-US: Proofpoint Enterprise Protection
CVE-2021-31607 (In SaltStack Salt 2016.9 through 3002.6, a command injection
vulnerabi ...)
{DLA-2815-1}
- salt 3002.6+dfsg1-2 (bug #987496)
@@ -125183,11 +125183,11 @@ CVE-2021-26395
CVE-2021-26394
RESERVED
CVE-2021-26393 (Insufficient memory cleanup in the AMD Secure Processor (ASP)
Trusted ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2021-26392 (Insufficient verification of missing size check in
'LoadModule' may le ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2021-26391 (Insufficient verification of multiple header signatures while
loading ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2021-26390 (A malicious or compromised UApp or ABL may coerce the
bootloader into ...)
NOT-FOR-US: AMD
CVE-2021-26389
@@ -125249,7 +125249,7 @@ CVE-2021-26362 (A malicious or compromised UApp or
ABL may be used by an attacke
CVE-2021-26361 (A malicious or compromised User Application (UApp) or AGESA
Boot Loade ...)
NOT-FOR-US: AMD
CVE-2021-26360 (An attacker with local access to the system can make
unauthorized modi ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2021-26359
RESERVED
CVE-2021-26358
@@ -180482,7 +180482,7 @@ CVE-2020-15855 (Two cross-site scripting
vulnerabilities were fixed in Bodhi 5.6
CVE-2020-15854
RESERVED
CVE-2020-15853 (supybot-fedora implements the command 'refresh', that
refreshes the ca ...)
- TODO: check
+ NOT-FOR-US: supybot-fedora
CVE-2020-XXXX [mpv insecure lua loadpath]
- mpv 0.32.0-2 (bug #950816)
[buster] - mpv <no-dsa> (Minor issue)
@@ -188487,9 +188487,9 @@ CVE-2020-12933 (A denial of service vulnerability
exists in the D3DKMTEscape han
CVE-2020-12932
RESERVED
CVE-2020-12931 (Improper parameters handling in the AMD Secure Processor (ASP)
kernel ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2020-12930 (Improper parameters handling in AMD Secure Processor (ASP)
drivers may ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2020-12929 (Improper parameters validation in some trusted applications of
the PSP ...)
NOT-FOR-US: AMD
CVE-2020-12928 (A vulnerability in a dynamically loaded AMD driver in AMD
Ryzen Master ...)
@@ -189622,9 +189622,9 @@ CVE-2020-12510 (The default installation path of the
TwinCAT XAR 3.1 software in
CVE-2020-12509 (In s::can moni::tools in versions below 4.2 an unauthenticated
attacke ...)
NOT-FOR-US: s::can moni::tools
CVE-2020-12508 (In s::can moni::tools in versions below 4.2 an unauthenticated
attacke ...)
- TODO: check
+ NOT-FOR-US: s::can moni::tools
CVE-2020-12507 (In s::can moni::tools before version 4.2 an authenticated
attacker cou ...)
- TODO: check
+ NOT-FOR-US: s::can moni::tools
CVE-2020-12506 (Improper Authentication vulnerability in WAGO 750-8XX series
with FW v ...)
NOT-FOR-US: WAGO
CVE-2020-12505 (Improper Authentication vulnerability in WAGO 750-8XX series
with FW v ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c71feb9f08619bc73b1e87409d8c4d3e68d2dc16
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c71feb9f08619bc73b1e87409d8c4d3e68d2dc16
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
