[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Sun Apr 3 19:55:41 BST 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
58797533 by Salvatore Bonaccorso at 2022-04-03T20:54:59+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -49,7 +49,7 @@ CVE-2022-28356 (In the Linux kernel before 5.17.1, a refcount leak bug was found
- linux 5.16.18-1
NOTE: https://git.kernel.org/linus/764f4eb6846f5475f1244767d24d25dd86528a4a
CVE-2022-28355 (randomUUID in Scala.js before 1.10.0 generates predictable values. ...)
- TODO: check
+ NOT-FOR-US: Scala.js
CVE-2022-28354
RESERVED
CVE-2022-28353
@@ -1478,7 +1478,7 @@ CVE-2022-27864
CVE-2022-27186
RESERVED
CVE-2022-27177 (A Python format string issue leading to information disclosure and pot ...)
- TODO: check
+ NOT-FOR-US: Netflix ConsoleMe
CVE-2022-27171
RESERVED
CVE-2022-26371
@@ -2998,7 +2998,7 @@ CVE-2022-25880 (Delta Electronics DIAEnergie (All versions prior to 1.8.02.004)
CVE-2022-1019
RESERVED
CVE-2022-1018 (When opening a malicious solution file provided by an attacker, the ap ...)
- TODO: check
+ NOT-FOR-US: Rockwell Automation
CVE-2022-27172
RESERVED
CVE-2022-1017
@@ -4125,7 +4125,7 @@ CVE-2022-26850
CVE-2022-0923 (Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a ...)
NOT-FOR-US: Delta Electronics
CVE-2022-0922 (The software does not perform any authentication for critical system f ...)
- TODO: check
+ NOT-FOR-US: Rockwell Automation
CVE-2022-0921 (Abusing Backup/Restore feature to achieve Remote Code Execution in Git ...)
NOT-FOR-US: microweber
CVE-2022-0920
@@ -10705,7 +10705,7 @@ CVE-2022-24428
CVE-2022-24427
RESERVED
CVE-2022-24426 (Dell Command | Update, Dell Update, and Alienware Update versions prio ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2022-24425
RESERVED
CVE-2022-24424
@@ -11666,7 +11666,7 @@ CVE-2022-24183
CVE-2022-24182
RESERVED
CVE-2022-24181 (Cross-site scripting (XSS) via Host Header injection in PKP Open Journ ...)
- TODO: check
+ NOT-FOR-US: PKP Open Journals System
CVE-2022-24180
RESERVED
CVE-2022-24179
@@ -13128,7 +13128,7 @@ CVE-2021-46445 (H.H.G Multistore v5.1.0 and below was discovered to contain a SQ
CVE-2021-46444 (H.H.G Multistore v5.1.0 and below was discovered to contain a SQL inje ...)
NOT-FOR-US: H.H.G Multistore
CVE-2021-46443 (Spoofer 1.4.6 suffers from unquoted service paths vulnerability. An at ...)
- TODO: check
+ NOT-FOR-US: Spoofer
CVE-2021-46442
RESERVED
CVE-2021-46441
@@ -13136,7 +13136,7 @@ CVE-2021-46441
CVE-2021-46440
RESERVED
CVE-2021-46439 (The WinSEGAV AutoConfig service in EG Free Antivirus v2020 suffers fro ...)
- TODO: check
+ NOT-FOR-US: EG Free Antivirus
CVE-2021-46438
RESERVED
CVE-2021-46437
@@ -15622,13 +15622,13 @@ CVE-2022-23160
CVE-2022-23159
RESERVED
CVE-2022-23158 (Wyse Device Agent version 14.6.1.4 and below contain a sensitive data ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2022-23157 (Wyse Device Agent version 14.6.1.4 and below contain a sensitive data ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2022-23156 (Wyse Device Agent version 14.6.1.4 and below contain an Improper Authe ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2022-23155 (Dell Wyse Management Suite versions 2.0 through 3.5.2 contain an unres ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2022-23154
RESERVED
CVE-2022-23153
@@ -22060,7 +22060,7 @@ CVE-2022-21949
CVE-2022-21948
RESERVED
CVE-2022-21947 (A Improper Access Control vulnerability in Rancher Desktop of SUSE all ...)
- TODO: check
+ NOT-FOR-US: Rancher
CVE-2022-21946 (A Improper Privilege Management vulnerability in the sudoers configura ...)
NOT-FOR-US: SUSE cscreen
CVE-2022-21945 (A Insecure Temporary File vulnerability in cscreen of openSUSE Factory ...)
@@ -27668,7 +27668,7 @@ CVE-2021-43724 (A Cross Site Scripting (XSS) vulnerability exits in Subrion CMS
CVE-2021-43723
RESERVED
CVE-2021-43722 (D-Link DIR-645 1.03 A1 is vulnerable to Buffer Overflow. The hnap_main ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2021-43721 (Leanote 2.7.0 is vulnerable to Cross Site Scripting (XSS) in the markd ...)
NOT-FOR-US: Leanote
CVE-2021-43720
@@ -27698,7 +27698,7 @@ CVE-2021-43709
CVE-2021-43708
RESERVED
CVE-2021-43707 (Cross Site Scripting (XSS) vulnerability exists in Maccms v10 via link ...)
- TODO: check
+ NOT-FOR-US: Maccms
CVE-2021-43706
RESERVED
CVE-2021-43705
@@ -47261,9 +47261,9 @@ CVE-2021-36778
CVE-2021-36777 (A Reliance on Untrusted Inputs in a Security Decision vulnerability in ...)
NOT-FOR-US: OpenSuSE infrastructure
CVE-2021-36776 (A Improper Access Control vulnerability in SUSE Rancher allows remote ...)
- TODO: check
+ NOT-FOR-US: Rancher
CVE-2021-36775 (a Improper Access Control vulnerability in SUSE Rancher allows users t ...)
- TODO: check
+ NOT-FOR-US: Rancher
CVE-2021-3653 (A flaw was found in the KVM's AMD code for supporting SVM nested virtu ...)
{DSA-4978-1 DLA-2843-1 DLA-2785-1}
- linux 5.14.6-1
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/58797533a13c752b1b66fb47c69934fecf58883e
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/58797533a13c752b1b66fb47c69934fecf58883e
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220403/9238412d/attachment.htm>
More information about the debian-security-tracker-commits
mailing list