[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Sat Apr 23 11:12:20 BST 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
d94282cb by Salvatore Bonaccorso at 2022-04-23T12:11:51+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -4536,9 +4536,9 @@ CVE-2022-1110
CVE-2022-1109
RESERVED
CVE-2022-1108 (A potential vulnerability due to improper buffer validation in the SMI ...)
- TODO: check
+ NOT-FOR-US: Lenovo
CVE-2022-1107 (A potential vulnerability due to use of Boot Services in the SmmOEMInt ...)
- TODO: check
+ NOT-FOR-US: Lenovo
CVE-2022-27947 (NETGEAR R8500 1.0.2.158 devices allow remote authenticated users to ex ...)
NOT-FOR-US: NETGEAR
CVE-2022-27946 (NETGEAR R8500 1.0.2.158 devices allow remote authenticated users to ex ...)
@@ -6081,11 +6081,11 @@ CVE-2022-27344
CVE-2022-27343
RESERVED
CVE-2022-27342 (Link-Admin v0.0.1 was discovered to contain a SQL injection vulnerabil ...)
- TODO: check
+ NOT-FOR-US: Link-Admin
CVE-2022-27341 (JFinalCMS v2.0 was discovered to contain a SQL injection vulnerability ...)
- TODO: check
+ NOT-FOR-US: JFinalCMS
CVE-2022-27340 (MCMS v5.2.7 contains a Cross-Site Request Forgery (CSRF) via /role/sav ...)
- TODO: check
+ NOT-FOR-US: MCMS
CVE-2022-27339
RESERVED
CVE-2022-27338
@@ -11870,7 +11870,7 @@ CVE-2022-0638 (Cross-Site Request Forgery (CSRF) in Packagist microweber/microwe
CVE-2022-0637
RESERVED
CVE-2022-0636 (A denial of service vulnerability was reported in Lenovo Thin Installe ...)
- TODO: check
+ NOT-FOR-US: Lenovo
CVE-2022-0635 (Versions affected: BIND 9.18.0 When a vulnerable version of named rece ...)
- bind9 1:9.18.1-1
[bullseye] - bind9 <not-affected> (Vulnerable code introduced later)
@@ -16251,15 +16251,15 @@ CVE-2022-21178
CVE-2022-0355 (Exposure of Sensitive Information to an Unauthorized Actor in NPM simp ...)
NOT-FOR-US: simple-get nodejs module
CVE-2022-0354 (A vulnerability was reported in Lenovo System Update that could allow ...)
- TODO: check
+ NOT-FOR-US: Lenovo
CVE-2022-0353
RESERVED
CVE-2021-4212 (A potential vulnerability in the SMI callback function used in the Leg ...)
- TODO: check
+ NOT-FOR-US: Lenovo
CVE-2021-4211 (A potential vulnerability in the SMI callback function used in the SMB ...)
- TODO: check
+ NOT-FOR-US: Lenovo
CVE-2021-4210 (A potential vulnerability in the SMI callback function used in the NVM ...)
- TODO: check
+ NOT-FOR-US: Lenovo
CVE-2022-23913 (In Apache ActiveMQ Artemis prior to 2.20.0 or 2.19.1, an attacker coul ...)
NOT-FOR-US: Apache ActiveMQ Artemis
CVE-2022-23912 (The Testimonial WordPress Plugin WordPress plugin before 1.4.7 does no ...)
@@ -19282,7 +19282,7 @@ CVE-2022-0194
CVE-2022-0193 (The Complianz WordPress plugin before 6.0.0 does not escape the s para ...)
NOT-FOR-US: WordPress plugin
CVE-2022-0192 (A DLL search path vulnerability was reported in Lenovo PCManager prior ...)
- TODO: check
+ NOT-FOR-US: Lenovo
CVE-2022-0191
RESERVED
CVE-2022-0190 (The Ad Invalid Click Protector (AICP) WordPress plugin before 1.2.6 is ...)
@@ -21262,7 +21262,7 @@ CVE-2022-22560 (Dell EMC PowerScale OneFS 8.1.x - 9.1.x contain hard coded crede
CVE-2022-22559 (Dell PowerScale OneFS, version 9.3.0, contains a use of a broken or ri ...)
NOT-FOR-US: Dell PowerScale OneFS
CVE-2022-22558 (Dell PowerEdge Server BIOS contains an Improper SMM communication buff ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2022-22557
RESERVED
CVE-2022-22556
@@ -29429,7 +29429,7 @@ CVE-2021-43988 (The affected product is vulnerable to a network-based attack by
CVE-2021-43987 (An additional, nondocumented administrative account exists in mySCADA ...)
NOT-FOR-US: mySCADA myPRO
CVE-2021-43986 (The setup program for the affected product configures its files and fo ...)
- TODO: check
+ NOT-FOR-US: ROBOGUIDE
CVE-2021-43985 (An unauthenticated remote attacker can access mySCADA myPRO Versions 8 ...)
NOT-FOR-US: mySCADA myPRO
CVE-2021-43984 (mySCADA myPRO: Versions 8.20.0 and prior has a feature where the firmw ...)
@@ -29502,11 +29502,11 @@ CVE-2021-3973 (vim is vulnerable to Heap-based Buffer Overflow ...)
NOTE: https://huntr.dev/bounties/ce6e8609-77c6-4e17-b9fc-a2e5abed052e
NOTE: https://github.com/vim/vim/commit/615ddd5342b50a6878a907062aa471740bd9a847 (v8.2.3611)
CVE-2021-3972 (A potential vulnerability by a driver used during manufacturing proces ...)
- TODO: check
+ NOT-FOR-US: Lenovo
CVE-2021-3971 (A potential vulnerability by a driver used during older manufacturing ...)
- TODO: check
+ NOT-FOR-US: Lenovo
CVE-2021-3970 (A potential vulnerability in LenovoVariable SMI Handler due to insuffi ...)
- TODO: check
+ NOT-FOR-US: Lenovo
CVE-2021-3969
RESERVED
CVE-2021-3968 (vim is vulnerable to Heap-based Buffer Overflow ...)
@@ -31321,7 +31321,7 @@ CVE-2021-43710
CVE-2021-43709
RESERVED
CVE-2021-43708 (The Labeling tool in Titus Classification Suite 18.8.1910.140 allows u ...)
- TODO: check
+ NOT-FOR-US: Titus Classification Suite
CVE-2021-43707 (Cross Site Scripting (XSS) vulnerability exists in Maccms v10 via link ...)
NOT-FOR-US: Maccms
CVE-2021-43706
@@ -33243,9 +33243,9 @@ CVE-2022-20807
CVE-2022-20806
RESERVED
CVE-2022-20805 (A vulnerability in the automatic decryption process in Cisco Umbrella ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2022-20804 (A vulnerability in the Cisco Discovery Protocol of Cisco Unified Commu ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2022-20803
RESERVED
CVE-2022-20802
@@ -33263,7 +33263,7 @@ CVE-2022-20797
CVE-2022-20796
RESERVED
CVE-2022-20795 (A vulnerability in the implementation of the Datagram TLS (DTLS) proto ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2022-20794
RESERVED
CVE-2022-20793
@@ -33273,21 +33273,21 @@ CVE-2022-20792
CVE-2022-20791
RESERVED
CVE-2022-20790 (A vulnerability in the web-based management interface of Cisco Unified ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2022-20789 (A vulnerability in the software upgrade process of Cisco Unified Commu ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2022-20788 (A vulnerability in the web-based management interface of Cisco Unified ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2022-20787 (A vulnerability in the web-based management interface of Cisco Unified ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2022-20786 (A vulnerability in the web-based management interface of Cisco Unified ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2022-20785
RESERVED
CVE-2022-20784 (A vulnerability in the Web-Based Reputation Score (WBRS) engine of Cis ...)
NOT-FOR-US: Cisco
CVE-2022-20783 (A vulnerability in the packet processing functionality of Cisco TelePr ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2022-20782 (A vulnerability in the web-based management interface of Cisco Identit ...)
NOT-FOR-US: Cisco
CVE-2022-20781 (A vulnerability in the web-based management interface of Cisco AsyncOS ...)
@@ -33297,7 +33297,7 @@ CVE-2022-20780
CVE-2022-20779
RESERVED
CVE-2022-20778 (A vulnerability in the authentication component of Cisco Webex Meeting ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2022-20777
RESERVED
CVE-2022-20776
@@ -33307,7 +33307,7 @@ CVE-2022-20775
CVE-2022-20774 (A vulnerability in the web-based management interface of Cisco IP Phon ...)
NOT-FOR-US: Cisco
CVE-2022-20773 (A vulnerability in the key-based SSH authentication mechanism of Cisco ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2022-20772
RESERVED
CVE-2022-20771
@@ -33389,7 +33389,7 @@ CVE-2022-20734
CVE-2022-20733
RESERVED
CVE-2022-20732 (A vulnerability in the configuration file protections of Cisco Virtual ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2022-20731 (Multiple vulnerabilities that affect Cisco Catalyst Digital Building S ...)
NOT-FOR-US: Cisco
CVE-2022-20730
@@ -34606,9 +34606,9 @@ CVE-2021-42848
CVE-2021-3899
RESERVED
CVE-2021-3898 (Versions of Motorola Ready For and Motorola Device Help Android applic ...)
- TODO: check
+ NOT-FOR-US: Lenovo
CVE-2021-3897 (An authentication bypass vulnerability was discovered in an internal s ...)
- TODO: check
+ NOT-FOR-US: Lenovo
CVE-2021-42847 (Zoho ManageEngine ADAudit Plus before 7006 allows attackers to write t ...)
NOT-FOR-US: Zoho ManageEngine
CVE-2021-42846
@@ -38265,7 +38265,7 @@ CVE-2021-3850 (Authentication Bypass by Primary Weakness in GitHub repository ad
NOTE: https://github.com/ADOdb/ADOdb/security/advisories/GHSA-65mj-7c86-79jf
NOTE: https://huntr.dev/bounties/bdf5f216-4499-4225-a737-b28bc6f5801c/
CVE-2021-3849 (An authentication bypass vulnerability was discovered in the web inter ...)
- TODO: check
+ NOT-FOR-US: Lenovo
CVE-2021-41850 (An issue was discovered in Luna Simo PPR1.180610.011/202001031830. A p ...)
NOT-FOR-US: Luna Simo
CVE-2021-41849 (An issue was discovered in Luna Simo PPR1.180610.011/202001031830. It ...)
@@ -39991,9 +39991,9 @@ CVE-2021-41164 (CKEditor4 is an open source WYSIWYG HTML editor. In affected ver
CVE-2021-41163 (Discourse is an open source platform for community discussion. In affe ...)
NOT-FOR-US: Discourse
CVE-2021-41162 (Combodo iTop is a web based IT Service Management tool. In 3.0.0 beta ...)
- TODO: check
+ NOT-FOR-US: Combodo iTop
CVE-2021-41161 (Combodo iTop is a web based IT Service Management tool. In versions pr ...)
- TODO: check
+ NOT-FOR-US: Combodo iTop
CVE-2021-41160 (FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), ...)
- freerdp2 2.4.1+dfsg1-1 (bug #1001062)
[bullseye] - freerdp2 <no-dsa> (Minor issue)
@@ -44619,9 +44619,9 @@ CVE-2021-39292
CVE-2021-3723 (A command injection vulnerability was reported in the Integrated Manag ...)
NOT-FOR-US: IBM
CVE-2021-3722 (A denial of service vulnerability was reported in Lenovo PCManager pri ...)
- TODO: check
+ NOT-FOR-US: Lenovo
CVE-2021-3721 (A denial of service vulnerability was reported in Lenovo PCManager pri ...)
- TODO: check
+ NOT-FOR-US: Lenovo
CVE-2021-3720 (An information disclosure vulnerability was reported in the Time Weath ...)
NOT-FOR-US: Lenovo
CVE-2021-3719 (A potential vulnerability in the SMI callback function that saves and ...)
@@ -46667,7 +46667,7 @@ CVE-2021-38485 (The affected product is vulnerable to improper input validation
CVE-2021-38484 (InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 do ...)
NOT-FOR-US: InHand Networks IR615 Router
CVE-2021-38483 (The affected product is vulnerable to misconfigured binaries, allowing ...)
- TODO: check
+ NOT-FOR-US: ROBOGUIDE
CVE-2021-38482 (InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 we ...)
NOT-FOR-US: InHand Networks IR615 Router
CVE-2021-38481 (The scheduler service running on a specific TCP port enables the user ...)
@@ -52312,7 +52312,7 @@ CVE-2021-36207
CVE-2021-36206
RESERVED
CVE-2021-36205 (Under certain circumstances the session token is not cleared on logout ...)
- TODO: check
+ NOT-FOR-US: Johnson Controls
CVE-2021-36204
RESERVED
CVE-2021-36203 (A vulnerability in all versions of SCT/SCT Pro prior to version 14.2.2 ...)
@@ -60175,7 +60175,7 @@ CVE-2021-32931 (An uninitialized pointer in FATEK Automation FvDesigner, Version
CVE-2021-32930 (The affected product’s configuration is vulnerable due to missin ...)
NOT-FOR-US: Advantech
CVE-2021-32929 (All versions of Uffizio GPS Tracker may allow an attacker to perform u ...)
- TODO: check
+ NOT-FOR-US: Uffizio GPS Tracker
CVE-2021-32928 (The Sentinel LDK Run-Time Environment installer (Versions 7.6 and prio ...)
NOT-FOR-US: Sentinel LDK Run-Time Environment installer
CVE-2021-32927 (An attacker may be able to inject client-side JavaScript code on multi ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d94282cbba9bb21f49e3d94b547ae2f43fddde39
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d94282cbba9bb21f49e3d94b547ae2f43fddde39
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220423/d62be1c6/attachment.htm>
More information about the debian-security-tracker-commits
mailing list