Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
7d158218 by Moritz Muehlenhoff at 2023-02-17T19:47:54+01:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -44732,7 +44732,6 @@ CVE-2022-37454 (The Keccak XKCP SHA-3 reference
implementation before fdc6fef ha
NOTE: OpenSSL sha3 delegation added in
https://github.com/python/cpython/commit/d5b3f6b7f9fc74438009af63f1de01bd77be9385
(v3.9.0b1)
NOTE:
https://python-security.readthedocs.io/vuln/sha3-buffer-overflow.html
NOTE: pypy3 fix:
https://foss.heptapod.net/pypy/pypy/-/commit/860b897b2611a4099ef9c63ce848fdec89c74b31
- TODO: check affected packages
CVE-2022-37453 (An issue was discovered in Softing OPC UA C++ SDK before 6.10.
A buffe ...)
NOT-FOR-US: Softing
CVE-2022-2708 (A vulnerability, which was classified as critical, was found in
Source ...)
@@ -46055,7 +46054,7 @@ CVE-2021-4238 (Randomly-generated alphanumeric strings
contain significantly les
CVE-2021-4237
RESERVED
CVE-2021-4236 (Web Sockets do not execute any AuthenticateMethod methods which
may be ...)
- TODO: check
+ NOT-FOR-US: ecnepsnai/web
CVE-2021-4235 (Due to unbounded alias chasing, a maliciously crafted YAML file
can ca ...)
- golang-yaml.v2 2.2.8-1
[buster] - golang-yaml.v2 <postponed> (Limited support, minor issue,
DoS, follow bullseye DSAs/point-releases)
@@ -74952,7 +74951,7 @@ CVE-2022-26875
CVE-2022-26873 (A potential attacker can execute an arbitrary code at the time
of the ...)
NOT-FOR-US: AMI
CVE-2022-26872 (AMI Megarac Password reset interception via API ...)
- TODO: check
+ NOT-FOR-US: AMI
CVE-2022-26871 (An arbitrary file upload vulnerability in Trend Micro Apex
Central cou ...)
NOT-FOR-US: Trend Micro
CVE-2022-26870 (Dell PowerStore versions 2.1.0.x contain an Authentication
bypass vuln ...)
@@ -76454,7 +76453,7 @@ CVE-2022-26350
CVE-2022-26345 (Uncontrolled search path element in the Intel(R) oneAPI
Toolkit OpenMP ...)
NOT-FOR-US: Intel
CVE-2022-26343 (Improper access control in the BIOS firmware for some Intel(R)
Process ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-26337 (Trend Micro Password Manager (Consumer) installer version
5.0.0.1262 a ...)
NOT-FOR-US: Trend Micro
CVE-2022-26336 (A shortcoming in the HMEF package of poi-scratchpad (Apache
POI) allow ...)
@@ -77179,7 +77178,7 @@ CVE-2022-26117 (An empty password in configuration file
vulnerability [CWE-258]
CVE-2022-26116 (Multiple improper neutralization of special elements used in
SQL comma ...)
NOT-FOR-US: Fortiguard FortiNAC
CVE-2022-26115 (A use of password hash with insufficient computational effort
vulnerab ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2022-26114 (An improper neutralization of input during web page generation
vulnera ...)
NOT-FOR-US: FortiGuard
CVE-2022-26113 (An execution with unnecessary privileges vulnerability
[CWE-250] in Fo ...)
@@ -77358,7 +77357,7 @@ CVE-2022-25981
CVE-2022-25979 (Versions of the package jsuites before 5.0.1 are vulnerable to
Cross-s ...)
TODO: check
CVE-2022-25978 (All versions of the package github.com/usememos/memos/server
are vulne ...)
- TODO: check
+ NOT-FOR-US: github.com/usememos/memos/server
CVE-2022-25977
RESERVED
CVE-2022-25975
@@ -77372,7 +77371,7 @@ CVE-2022-25971
CVE-2022-25970
RESERVED
CVE-2022-25967 (Versions of the package eta before 2.0.0 are vulnerable to
Remote Code ...)
- TODO: check
+ NOT-FOR-US: Eta
CVE-2022-25965
RESERVED
CVE-2022-25964
@@ -77396,7 +77395,7 @@ CVE-2022-25951
CVE-2022-25950
RESERVED
CVE-2022-25948 (The package liquidjs before 10.0.0 are vulnerable to
Information Expos ...)
- TODO: check
+ NOT-FOR-US: Node liquidjs
CVE-2022-25947
RESERVED
CVE-2022-25945
@@ -77495,7 +77494,7 @@ CVE-2022-25892 (The package muhammara before 2.6.1,
from 3.0.0 and before 3.1.1;
CVE-2022-25891 (The package github.com/containrrr/shoutrrr/pkg/util before
0.6.0 are v ...)
NOT-FOR-US: github.com/containrrr/shoutrrr/pkg/util
CVE-2022-25890 (All versions of the package wifey are vulnerable to Command
Injection ...)
- TODO: check
+ NOT-FOR-US: wifey
CVE-2022-25888 (The package opcua from 0.0.0 are vulnerable to Denial of
Service (DoS) ...)
NOT-FOR-US: Rust crate opcua
CVE-2022-25887 (The package sanitize-html before 2.7.1 are vulnerable to
Regular Expre ...)
@@ -78109,7 +78108,7 @@ CVE-2022-25748 (Memory corruption in WLAN due to
integer overflow to buffer over
CVE-2022-25747
RESERVED
CVE-2022-25746 (Memory corruption in kernel due to missing checks when
updating the ac ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2022-25745
RESERVED
CVE-2022-25744
@@ -78125,41 +78124,41 @@ CVE-2022-25740
CVE-2022-25739
RESERVED
CVE-2022-25738 (Information disclosure in modem due to buffer over-red while
performin ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2022-25737
RESERVED
CVE-2022-25736 (Denial of service in WLAN due to out-of-bound read happens
while proce ...)
NOT-FOR-US: Qualcomm
CVE-2022-25735 (Denial of service in modem due to missing null check while
processing ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2022-25734 (Denial of service in modem due to missing null check while
processing ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2022-25733 (Denial of service in modem due to null pointer dereference
while proce ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2022-25732 (Information disclosure in modem due to buffer over read in dns
client ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2022-25731
RESERVED
CVE-2022-25730
RESERVED
CVE-2022-25729 (Memory corruption in modem due to improper length check while
copying ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2022-25728 (Information disclosure in modem due to buffer over-read while
processi ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2022-25727 (Memory Corruption in modem due to improper length check while
copying ...)
NOT-FOR-US: Snapdragon
CVE-2022-25726
RESERVED
CVE-2022-25725 (Denial of service in MODEM due to improper pointer handling
...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2022-25724 (Memory corruption in graphics due to buffer overflow while
validating ...)
NOT-FOR-US: Snapdragon
CVE-2022-25723 (Memory corruption in multimedia due to use after free during
callback ...)
NOT-FOR-US: Snapdragon
CVE-2022-25722 (Information exposure in DSP services due to improper handling
of freei ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2022-25721 (Memory corruption in video driver due to type confusion error
during v ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2022-25720 (Memory corruption in WLAN due to out of bound array access
during conn ...)
NOT-FOR-US: Qualcomm
CVE-2022-25719 (Information disclosure in WLAN due to improper length check
while proc ...)
@@ -78167,11 +78166,11 @@ CVE-2022-25719 (Information disclosure in WLAN due to
improper length check whil
CVE-2022-25718 (Cryptographic issue in WLAN due to improper check on return
value whil ...)
NOT-FOR-US: Qualcomm
CVE-2022-25717 (Memory corruption in display due to double free while
allocating frame ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2022-25716 (Memory corruption in Multimedia Framework due to unsafe access
to the ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2022-25715 (Memory corruption in display driver due to incorrect type
casting whil ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2022-25714
RESERVED
CVE-2022-25713
@@ -78397,7 +78396,7 @@ CVE-2022-25633
CVE-2022-25632
RESERVED
CVE-2022-25631 (Symantec Endpoint Protection, prior to 14.3 RU6
(14.3.9210.6000), may ...)
- TODO: check
+ NOT-FOR-US: Symantec
CVE-2022-25630 (An authenticated user can embed malicious content with XSS
into the ad ...)
NOT-FOR-US: Symantec Messaging Gateway
CVE-2022-25629 (An authenticated user who has the privilege to add/edit
annotations on ...)
@@ -79317,7 +79316,7 @@ CVE-2022-0669 (A flaw was found in dpdk. This flaw
allows a malicious vhost-user
NOTE: Introduced by:
https://github.com/DPDK/dpdk/commit/d87f1a1cb7b666550bb53e39c1d85d9f7b861e6f
(v19.11-rc1)
NOTE: Fixed by:
https://github.com/DPDK/dpdk/commit/af74f7db384ed149fe42b21dbd7975f8a54ef227
(v22.03-rc4)
CVE-2022-0668 (JFrog Artifactory prior to 7.37.13 is vulnerable to
Authentication Byp ...)
- TODO: check
+ NOT-FOR-US: JFrog Artifactory
CVE-2022-0667 (When the vulnerability is triggered the BIND process will exit.
BIND 9 ...)
- bind9 1:9.18.1-1
[bullseye] - bind9 <not-affected> (Vulnerable code introduced later)
@@ -79535,7 +79534,7 @@ CVE-2022-0639 (Authorization Bypass Through
User-Controlled Key in NPM url-parse
CVE-2022-0638 (Cross-Site Request Forgery (CSRF) in Packagist
microweber/microweber p ...)
NOT-FOR-US: microweber
CVE-2022-0637 (There was an open redirection vulnerability pollbot, which was
used in ...)
- TODO: check
+ NOT-FOR-US: pollbot
CVE-2022-0636 (A denial of service vulnerability was reported in Lenovo Thin
Installe ...)
NOT-FOR-US: Lenovo
CVE-2022-0635 (Versions affected: BIND 9.18.0 When a vulnerable version of
named rece ...)
@@ -80188,9 +80187,9 @@ CVE-2022-25029
CVE-2022-25028 (Home Owners Collection Management System v1.0 was discovered
to contai ...)
NOT-FOR-US: Home Owners Collection Management System
CVE-2022-25027 (The Forgotten Password functionality of Rocket TRUfusion
Portal v7.9.2 ...)
- TODO: check
+ NOT-FOR-US: Rocket TRUfusion Portal
CVE-2022-25026 (A Server-Side Request Forgery (SSRF) in Rocket TRUfusion
Portal v7.9.2 ...)
- TODO: check
+ NOT-FOR-US: Rocket TRUfusion Portal
CVE-2022-25025
RESERVED
CVE-2022-25024
@@ -80268,7 +80267,7 @@ CVE-2022-24992 (A vulnerability in the component
process.php of QR Code Generato
CVE-2022-24991
RESERVED
CVE-2022-24990 (TerraMaster NAS 4.2.29 and earlier allows remote attackers to
discover ...)
- TODO: check
+ NOT-FOR-US: TerraMaster NAS
CVE-2022-24989
RESERVED
CVE-2022-24988 (In galois_2p8 before 0.1.2, PrimitivePolynomialField::new has
an off-b ...)
@@ -82107,7 +82106,7 @@ CVE-2022-24412 (Dell EMC PowerScale OneFS 8.2.x -
9.3.0.x contain an improper ha
CVE-2022-24411 (Dell PowerScale OneFS 8.2.2 and above contain an elevation of
privileg ...)
NOT-FOR-US: Dell PowerScale OneFS
CVE-2022-24410 (Dell BIOS contains an information exposure vulnerability. An
unauthent ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2022-24409 (Dell BSAFE SSL-J contains remediation for a covert timing
channel vuln ...)
NOT-FOR-US: Dell
CVE-2022-24380
@@ -82445,7 +82444,7 @@ CVE-2022-0481 (NULL Pointer Dereference in Homebrew
mruby prior to 3.2. ...)
NOTE: https://huntr.dev/bounties/54725c8c-87f4-41b6-878c-01d8e0ee7027
NOTE:
https://github.com/mruby/mruby/commit/ae3c99767a27f5c6c584162e2adc6a5d0eb2c54e
CVE-2022-24324 (A CWE-120: Buffer Copy without Checking Size of Input
vulnerability ex ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2022-24323 (A CWE-754: Improper Check for Unusual or Exceptional
Conditions vulner ...)
NOT-FOR-US: Schneider Electric
CVE-2022-24322 (A CWE-119: Improper Restriction of Operations within the
Bounds of a M ...)
@@ -84940,7 +84939,7 @@ CVE-2022-0318 (Heap-based Buffer Overflow in vim/vim
prior to 8.2. ...)
CVE-2022-0317 (An improper input validation vulnerability in go-attestation
before 0. ...)
NOT-FOR-US: go-attestation
CVE-2022-0316 (The WeStand WordPress theme before 2.1, footysquare WordPress
theme, a ...)
- TODO: check
+ NOT-FOR-US: WordPress theme
CVE-2022-0315 (Insecure Temporary File in GitHub repository horovod/horovod
prior to ...)
NOT-FOR-US: horovod
CVE-2022-23779 (Zoho ManageEngine Desktop Central before 10.1.2137.8 exposes
the insta ...)
@@ -85043,15 +85042,15 @@ CVE-2022-23743 (Check Point ZoneAlarm before version
15.8.200.19118 allows a loc
CVE-2022-23742 (Check Point Endpoint Security Client for Windows versions
earlier than ...)
NOT-FOR-US: Check Point Enterprise Endpoint
CVE-2022-23741 (An incorrect authorization vulnerability was identified in
GitHub Ente ...)
- TODO: check
+ NOT-FOR-US: GitHub Enterprise Server
CVE-2022-23740 (CRITICAL: An improper neutralization of argument delimiters in
a comma ...)
- TODO: check
+ NOT-FOR-US: GitHub Enterprise Server
CVE-2022-23739 (An incorrect authorization vulnerability was identified in
GitHub Ente ...)
- TODO: check
+ NOT-FOR-US: GitHub Enterprise Server
CVE-2022-23738 (An improper cache key vulnerability was identified in GitHub
Enterpris ...)
NOT-FOR-US: GitHub Enterprise Server
CVE-2022-23737 (An improper privilege management vulnerability was identified
in GitHu ...)
- TODO: check
+ NOT-FOR-US: GitHub Enterprise Server
CVE-2022-23736
RESERVED
CVE-2022-23735
@@ -85532,7 +85531,7 @@ CVE-2022-23534
CVE-2022-23533
RESERVED
CVE-2022-23532 (APOC (Awesome Procedures on Cypher) is an add-on library for
Neo4j tha ...)
- TODO: check
+ NOT-FOR-US: APOC
CVE-2022-23531 (GuardDog is a CLI tool to identify malicious PyPI packages.
Versions p ...)
NOT-FOR-US: GuardDog
CVE-2022-23530 (GuardDog is a CLI tool to identify malicious PyPI packages.
Versions p ...)
@@ -85610,17 +85609,17 @@ CVE-2022-23512 (MeterSphere is a one-stop open source
continuous testing platfor
CVE-2022-23511 (A privilege escalation issue exists within the Amazon
CloudWatch Agent ...)
NOT-FOR-US: Amazon CloudWatch Agent
CVE-2022-23510 (cube-js is a headless business intelligence platform. In
version 0.31. ...)
- TODO: check
+ NOT-FOR-US: cube-js
CVE-2022-23509 (Weave GitOps is a simple open source developer platform for
people who ...)
- TODO: check
+ NOT-FOR-US: Weave GitOps
CVE-2022-23508 (Weave GitOps is a simple open source developer platform for
people who ...)
- TODO: check
+ NOT-FOR-US: Weave GitOps
CVE-2022-23507 (Tendermint is a high-performance blockchain consensus engine
for Byzan ...)
- TODO: check
+ NOT-FOR-US: Tendermint
CVE-2022-23506 (Spinnaker is an open source, multi-cloud continuous delivery
platform ...)
- TODO: check
+ NOT-FOR-US: Spinnaker
CVE-2022-23505 (Passport-wsfed-saml2 is a ws-federation protocol and SAML2
tokens auth ...)
- TODO: check
+ NOT-FOR-US: Passport-wsfed-saml2
CVE-2022-23504 (TYPO3 is an open source PHP based web content management
system. Versi ...)
NOT-FOR-US: Typo3
CVE-2022-23503 (TYPO3 is an open source PHP based web content management
system. Versi ...)
@@ -85640,7 +85639,7 @@ CVE-2022-23497 (FreshRSS is a free, self-hostable RSS
aggregator. User configura
CVE-2022-23496 (Yet Another UserAgent Analyzer (Yauaa) is a java library that
tries to ...)
NOT-FOR-US: Yet Another UserAgent Analyzer (Yauaa)
CVE-2022-23495 (go-merkledag implements the 'DAGService' interface and adds
two ipld n ...)
- TODO: check
+ NOT-FOR-US: go-merkledag
CVE-2022-23494 (tinymce is an open source rich text editor. A cross-site
scripting (XS ...)
- tinymce <removed>
NOTE:
https://github.com/tinymce/tinymce/commit/6923d85eba6de3e08ebc9c5a387b5abdaa21150e
@@ -85762,11 +85761,11 @@ CVE-2022-0299
CVE-2022-23456 (Potential arbitrary file deletion vulnerability has been
identified in ...)
NOT-FOR-US: HP
CVE-2022-23455 (Potential security vulnerabilities have been identified in HP
Support ...)
- TODO: check
+ NOT-FOR-US: HP
CVE-2022-23454 (Potential security vulnerabilities have been identified in HP
Support ...)
- TODO: check
+ NOT-FOR-US: HP
CVE-2022-23453 (Potential security vulnerabilities have been identified in HP
Support ...)
- TODO: check
+ NOT-FOR-US: HP
CVE-2022-23452 (An authorization flaw was found in openstack-barbican, where
anyone wi ...)
- barbican 1:14.0.0~rc1-2
[bullseye] - barbican <no-dsa> (Minor issue)
@@ -86168,7 +86167,7 @@ CVE-2022-23336 (S-CMS v5.0 was discovered to contain a
SQL injection vulnerabili
CVE-2022-23335 (Metinfo v7.5.0 was discovered to contain a SQL injection
vulnerability ...)
NOT-FOR-US: Metinfo
CVE-2022-23334 (The Robot application in Ip-label Newtest before v8.5R0 was
discovered ...)
- TODO: check
+ NOT-FOR-US: Ip-label Newtest
CVE-2022-23333
RESERVED
CVE-2022-23332 (Command injection vulnerability in Manual Ping Form (Web UI)
in Shenzh ...)
@@ -86892,7 +86891,7 @@ CVE-2022-0225 (A flaw was found in Keycloak. This flaw
allows a privileged attac
CVE-2022-0224 (dolibarr is vulnerable to Improper Neutralization of Special
Elements ...)
- dolibarr <removed>
CVE-2022-0223 (A CWE-22: Improper Limitation of a Pathname to a Restricted
Directory ...)
- TODO: check
+ NOT-FOR-US: Schneider
CVE-2022-0222 (A CWE-269: Improper Privilege Management vulnerability exists
that cou ...)
NOT-FOR-US: Modicon
CVE-2022-0221 (A CWE-611: Improper Restriction of XML External Entity
Reference vulne ...)
@@ -87572,7 +87571,7 @@ CVE-2022-23007
CVE-2022-23006 (A stack-based buffer overflow vulnerability was found on
Western Digit ...)
NOT-FOR-US: Western Digital
CVE-2022-23005 (Western Digital has identified a weakness in the UFS standard
that cou ...)
- TODO: check
+ NOT-FOR-US: Western Digital
CVE-2022-23004 (When computing a shared secret or point multiplication on the
NIST P-2 ...)
NOT-FOR-US: Western Digital
CVE-2022-23003 (When computing a shared secret or point multiplication on the
NIST P-2 ...)
@@ -88771,9 +88770,9 @@ CVE-2021-46152 (A vulnerability has been identified in
Simcenter Femap V2020.2 (
CVE-2021-46151 (A vulnerability has been identified in Simcenter Femap V2020.2
(All ve ...)
NOT-FOR-US: Siemens
CVE-2022-22732 (A CWE-668: Exposure of Resource to Wrong Sphere vulnerability
exists t ...)
- TODO: check
+ NOT-FOR-US: Schneider
CVE-2022-22731 (A CWE-22: Improper Limitation of a Pathname to a Restricted
Directory ...)
- TODO: check
+ NOT-FOR-US: Schneider
CVE-2022-0144 (shelljs is vulnerable to Improper Privilege Management ...)
- node-shelljs 0.8.5+~cs0.8.10-1
[bullseye] - node-shelljs <no-dsa> (Minor issue)
@@ -92059,9 +92058,9 @@ CVE-2021-45469 (In __f2fs_setxattr in fs/f2fs/xattr.c
in the Linux kernel throug
CVE-2021-45468 (Imperva Web Application Firewall (WAF) before 2021-12-23
allows remote ...)
NOT-FOR-US: Imperva Web Application Firewall
CVE-2021-45467 (In CWP (aka Control Web Panel or CentOS Web Panel) before
0.9.8.1107, ...)
- TODO: check
+ NOT-FOR-US: CentOS Web Panel
CVE-2021-45466 (In CWP (aka Control Web Panel or CentOS Web Panel) before
0.9.8.1107, ...)
- TODO: check
+ NOT-FOR-US: CentOS Web Panel
CVE-2021-45465
RESERVED
CVE-2021-4160 (There is a carry propagation bug in the MIPS32 and MIPS64
squaring pro ...)
@@ -92463,7 +92462,7 @@ CVE-2022-22090 (Memory corruption in audio due to use
after free while managing
CVE-2022-22089 (Memory corruption in audio while playing record due to
improper list h ...)
NOT-FOR-US: Qualcomm
CVE-2022-22088 (Memory corruption in Bluetooth HOST due to buffer overflow
while parsi ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2022-22087 (memory corruption in video due to buffer overflow while
parsing mkv cl ...)
NOT-FOR-US: Snapdragon
CVE-2022-22086 (Memory corruption in video due to double free while parsing
3gp clip w ...)
@@ -92481,7 +92480,7 @@ CVE-2022-22081 (Memory corruption in audio module due
to integer overflow in Sna
CVE-2022-22080 (Improper validation of backend id in PCM routing process can
lead to m ...)
NOT-FOR-US: Snapdragon
CVE-2022-22079 (Denial of service while processing fastboot flash command on
mmc due t ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2022-22078 (Denial of service in BOOT when partition size for a particular
partiti ...)
NOT-FOR-US: Snapdragon
CVE-2022-22077 (Memory corruption in graphics due to use-after-free in
graphics dispat ...)
@@ -93692,7 +93691,7 @@ CVE-2021-45379 (Glewlwyd 2.0.0, fixed in 2.6.1 is
affected by an incorrect acces
[buster] - glewlwyd <not-affected> (Vulnerable code introduced later)
NOTE:
https://github.com/babelouest/glewlwyd/commit/125281f1c0d4b6a8b49f7e55a757205a2ef01fbe
(v2.6.1)
CVE-2022-21953 (A Missing Authorization vulnerability in of SUSE Rancher
allows authen ...)
- TODO: check
+ NOT-FOR-US: Rancher
CVE-2022-21952 (An Uncontrolled Resource Consumption vulnerability in
spacewalk-java o ...)
NOT-FOR-US: Uyuni
CVE-2022-21951 (A Missing Encryption of Sensitive Data vulnerability in SUSE
Rancher, ...)
@@ -93706,7 +93705,7 @@ CVE-2022-21949 (A Improper Restriction of XML External
Entity Reference vulnerab
NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1197928
NOTE:
https://github.com/coolo/xmlhash/commit/544e614e2674ad26b97a234baa013723c829b751
(1.3.8)
CVE-2022-21948 (An Improper Neutralization of Input During Web Page Generation
('Cross ...)
- TODO: check
+ NOT-FOR-US: OpenSuSE paste
CVE-2022-21947 (A Improper Access Control vulnerability in Rancher Desktop of
SUSE all ...)
NOT-FOR-US: Rancher
CVE-2022-21946 (A Improper Privilege Management vulnerability in the sudoers
configura ...)
@@ -93740,9 +93739,9 @@ CVE-2022-21942
CVE-2022-21941 (All versions of iSTAR Ultra prior to version 6.8.9.CU01 are
vulnerable ...)
NOT-FOR-US: Sensormatic Electronics, LLC
CVE-2022-21940 (Sensitive Cookie in HTTPS Session Without 'Secure' Attribute
vulnerabi ...)
- TODO: check
+ NOT-FOR-US: Johnson Controls
CVE-2022-21939 (Sensitive Cookie Without 'HttpOnly' Flag vulnerability in
Johnson Cont ...)
- TODO: check
+ NOT-FOR-US: Johnson Controls
CVE-2022-21938 (Under certain circumstances, a vulnerability in Metasys
ADS/ADX/OAS 10 ...)
NOT-FOR-US: Metasys
CVE-2022-21937 (Under certain circumstances, a vulnerability in Metasys
ADS/ADX/OAS 10 ...)
@@ -95028,7 +95027,7 @@ CVE-2022-21175
CVE-2022-21171
RESERVED
CVE-2022-21163 (Improper access control in the Crypto API Toolkit for Intel(R)
SGX bef ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-21162
RESERVED
CVE-2022-21161
@@ -96466,7 +96465,7 @@ CVE-2021-4034 (A local privilege escalation
vulnerability was found on polkit's
CVE-2021-4033 (kimai2 is vulnerable to Cross-Site Request Forgery (CSRF) ...)
NOT-FOR-US: kimai2
CVE-2019-25053 (A path traversal vulnerability exists in Sage FRP 1000 before
November ...)
- TODO: check
+ NOT-FOR-US: Sage
CVE-2021-44353
RESERVED
CVE-2021-44352 (A Stack-based Buffer Overflow vulnerability exists in the
Tenda AC15 V ...)
@@ -98514,7 +98513,7 @@ CVE-2021-43775 (Aim is an open-source, self-hosted
machine learning experiment t
CVE-2021-3967 (Improper Access Control in GitHub repository zulip/zulip prior
to 4.10 ...)
- zulip-server <itp> (bug #800052)
CVE-2021-3966 (usb device bluetooth class includes a buffer overflow related
to imple ...)
- TODO: check
+ NOT-FOR-US: Zephyr
CVE-2021-3965 (Certain HP DesignJet products may be vulnerable to
unauthenticated HTT ...)
NOT-FOR-US: HP
CVE-2021-43774 (A risky-algorithm issue was discovered on Fujifilm
DocuCentre-VI C4471 ...)
@@ -99717,7 +99716,7 @@ CVE-2021-43659 (In halo 1.4.14, the function point of
uploading the avatar, any
CVE-2021-43658
RESERVED
CVE-2021-43657 (A Stored Cross-site scripting (XSS) vulnerability via
MAster.php in So ...)
- TODO: check
+ NOT-FOR-US: Sourcecodetester Simple Client Management System
CVE-2021-43656
RESERVED
CVE-2021-43655
@@ -100436,17 +100435,17 @@ CVE-2021-43451 (SQL Injection vulnerability exists
in PHPGURUKUL Employee Record
CVE-2021-43450
RESERVED
CVE-2021-43449 (ONLYOFFICE all versions as of 2021-11-08 is vulnerable to
Server-Side ...)
- TODO: check
+ NOT-FOR-US: ONLYOFFICE
CVE-2021-43448 (ONLYOFFICE all versions as of 2021-11-08 is vulnerable to
Improper Inp ...)
- TODO: check
+ NOT-FOR-US: ONLYOFFICE
CVE-2021-43447 (ONLYOFFICE all versions as of 2021-11-08 is affected by
Incorrect Acce ...)
- TODO: check
+ NOT-FOR-US: ONLYOFFICE
CVE-2021-43446 (ONLYOFFICE all versions as of 2021-11-08 is vulnerable to
Cross Site S ...)
- TODO: check
+ NOT-FOR-US: ONLYOFFICE
CVE-2021-43445 (ONLYOFFICE all versions as of 2021-11-08 is affected by
Incorrect Acce ...)
- TODO: check
+ NOT-FOR-US: ONLYOFFICE
CVE-2021-43444 (ONLYOFFICE all versions as of 2021-11-08 is affected by
Incorrect Acce ...)
- TODO: check
+ NOT-FOR-US: ONLYOFFICE
CVE-2021-43443
RESERVED
CVE-2021-43442 (A Logic Flaw vulnerability exists in i3 International Inc
Annexxus Cam ...)
@@ -100574,7 +100573,7 @@ CVE-2021-43398 (** DISPUTED ** Crypto++ (aka
Cryptopp) 8.6.0 and earlier contain
CVE-2021-43397 (LiquidFiles before 3.6.3 allows remote attackers to elevate
their priv ...)
NOT-FOR-US: LiquidFiles
CVE-2021-43395 (An issue was discovered in illumos before
f859e7171bb5db34321e45585839 ...)
- TODO: check
+ NOT-FOR-US: Illumos
CVE-2021-43394 (Unisys OS 2200 Messaging Integration Services (NTSI) 7R3B IC3
and IC4, ...)
NOT-FOR-US: Unisys
CVE-2021-43393 (STMicroelectronics STSAFE-J 1.1.4, J-SAFE3 1.2.5, and J-SIGN
sometimes ...)
@@ -101266,13 +101265,13 @@ CVE-2022-20969 (A vulnerability in multiple
management dashboard pages of Cisco
CVE-2022-20968 (A vulnerability in the Cisco Discovery Protocol processing
feature of ...)
NOT-FOR-US: Cisco
CVE-2022-20967 (A vulnerability in the web-based management interface of Cisco
Identit ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2022-20966 (A vulnerability in the web-based management interface of Cisco
Identit ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2022-20965 (A vulnerability in the web-based management interface of Cisco
Identit ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2022-20964 (A vulnerability in the web-based management interface of Cisco
Identit ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2022-20963 (A vulnerability in the web-based management interface of Cisco
Identit ...)
NOT-FOR-US: Cisco
CVE-2022-20962 (A vulnerability in the Localdisk Management feature of Cisco
Identity ...)
@@ -102409,7 +102408,7 @@ CVE-2021-43076 (An improper privilege management
vulnerability [CWE-269] in Fort
CVE-2021-43075 (A improper neutralization of special elements used in an os
command (' ...)
NOT-FOR-US: FortiGuard
CVE-2021-43074 (An improper verification of cryptographic signature
vulnerability [CWE ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2021-43073 (A improper neutralization of special elements used in an os
command (' ...)
NOT-FOR-US: FortiGuard
CVE-2021-43072
@@ -102970,7 +102969,6 @@ CVE-2021-3902
- php-dompdf 2.0.2+dfsg-1
NOTE: https://github.com/dompdf/dompdf/issues/2564
NOTE: https://huntr.dev/bounties/a6071c07-806f-429a-8656-a4742e4191b1
- TODO: check details, introducing version
CVE-2021-3901 (firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF)
...)
NOT-FOR-US: firefly-iii
CVE-2021-3900 (firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF)
...)
@@ -103216,7 +103214,7 @@ CVE-2021-42762 (BubblewrapLauncher.cpp in WebKitGTK
and WPE WebKit before 2.34.1
NOTE: https://bugs.webkit.org/show_bug.cgi?id=231479
NOTE:
https://github.com/flatpak/flatpak/security/advisories/GHSA-67h7-w3jq-vh4q
CVE-2021-42761 (A condition for session fixation vulnerability [CWE-384] in
the sessio ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2021-42760 (A improper neutralization of special elements used in an sql
command ( ...)
NOT-FOR-US: FortiGuard
CVE-2021-42759 (A violation of secure design principles in Fortinet Meru AP
version 8. ...)
@@ -103226,7 +103224,7 @@ CVE-2021-42758 (An improper access control
vulnerability [CWE-284] in FortiWLC 8
CVE-2021-42757 (A buffer overflow [CWE-121] in the TFTP client library of
FortiOS befo ...)
NOT-FOR-US: FortiGuard
CVE-2021-42756 (Multiple stack-based buffer overflow vulnerabilities [CWE-121]
in the ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2021-42755 (An integer overflow / wraparound vulnerability [CWE-190] in
FortiSwitc ...)
NOT-FOR-US: Fortinet
CVE-2021-42754 (An improper control of generation of code vulnerability
[CWE-94] in Fo ...)
@@ -104175,7 +104173,7 @@ CVE-2022-20460 (In (TBD) mprot_unmap? of (TBD), there
is a possible way to corru
CVE-2022-20459 (In (TBD) of (TBD), there is a possible way to redirect code
execution ...)
NOT-FOR-US: Google Pixel
CVE-2022-20458 (The logs of sensitive information (PII) or hardware identifier
should ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2022-20457 (In getMountModeInternal of StorageManagerService.java, there
is a poss ...)
NOT-FOR-US: Android
CVE-2022-20456 (In AutomaticZenRule of AutomaticZenRule.java, there is a
possible fail ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7d15821877e3905713a640d88a8b5f0223a8721b
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7d15821877e3905713a640d88a8b5f0223a8721b
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
