[Git][security-tracker-team/security-tracker][master] 2 commits: Add CVE-2022-1507/chafa
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Apr 28 08:07:27 BST 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
9ae9d654 by Salvatore Bonaccorso at 2022-04-28T09:06:14+02:00
Add CVE-2022-1507/chafa
- - - - -
24a0fd0e by Salvatore Bonaccorso at 2022-04-28T09:06:15+02:00
Process NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -27,19 +27,21 @@ CVE-2022-29811
CVE-2022-1508
RESERVED
CVE-2022-1507 (chafa: NULL Pointer Dereference in function gif_internal_decode_frame ...)
- TODO: check
+ - chafa 1.10.2-1
+ NOTE: https://huntr.dev/bounties/104d8c5d-cac5-4baa-9ac9-291ea0bcab95/
+ NOTE: https://github.com/hpjansson/chafa/commit/e4b777c7b7c144cd16a0ea96108267b1004fe6c9 (1.10.2)
CVE-2022-1506
RESERVED
CVE-2022-1505
RESERVED
CVE-2022-1504 (XSS in /demo/module/?module=HERE in GitHub repository microweber/micro ...)
- TODO: check
+ NOT-FOR-US: microweber
CVE-2022-29810 (The Hashicorp go-getter library before 1.5.11 could write SSH credenti ...)
TODO: check
CVE-2022-29809
RESERVED
CVE-2022-1503 (A vulnerability, which was classified as problematic, has been found i ...)
- TODO: check
+ NOT-FOR-US: GetSimple CMS
CVE-2022-1502
RESERVED
CVE-2022-1501
@@ -971,7 +973,7 @@ CVE-2022-1407
CVE-2022-29510
RESERVED
CVE-2022-29505 (Due to build misconfiguration in openssl dependency, LINE for Windows ...)
- TODO: check
+ NOT-FOR-US: LINE for Windows
CVE-2022-29486
RESERVED
CVE-2022-29469
@@ -3691,7 +3693,7 @@ CVE-2022-28466
CVE-2022-28465
RESERVED
CVE-2022-28464 (Apifox through 2.1.6 is vulnerable to Cross Site Scripting (XSS) which ...)
- TODO: check
+ NOT-FOR-US: Apifox
CVE-2022-28463
RESERVED
CVE-2022-28462
@@ -4561,15 +4563,15 @@ CVE-2022-28199
CVE-2022-28198
RESERVED
CVE-2022-28197 (NVIDIA Jetson Linux Driver Package contains a vulnerability in the Cbo ...)
- TODO: check
+ NOT-FOR-US: NVIDIA Jetson Linux Driver Package
CVE-2022-28196 (NVIDIA Jetson Linux Driver Package contains a vulnerability in the Cbo ...)
- TODO: check
+ NOT-FOR-US: NVIDIA Jetson Linux Driver Package
CVE-2022-28195 (NVIDIA Jetson Linux Driver Package contains a vulnerability in the Cbo ...)
- TODO: check
+ NOT-FOR-US: NVIDIA Jetson Linux Driver Package
CVE-2022-28194 (NVIDIA Jetson Linux Driver Package contains a vulnerability in the Cbo ...)
- TODO: check
+ NOT-FOR-US: NVIDIA Jetson Linux Driver Package
CVE-2022-28193 (NVIDIA Jetson Linux Driver Package contains a vulnerability in the Cbo ...)
- TODO: check
+ NOT-FOR-US: NVIDIA Jetson Linux Driver Package
CVE-2022-28192
RESERVED
CVE-2022-28191
@@ -5422,7 +5424,7 @@ CVE-2022-27907 (Sonatype Nexus Repository Manager 3.x before 3.38.0 allows SSRF.
CVE-2022-27906 (Mendelson OFTP2 before 1.1 b43 is affected by directory traversal. To ...)
NOT-FOR-US: Mendelson OFTP2
CVE-2022-27905 (In ControlUp Real-Time Agent before 8.6, an unquoted path can result i ...)
- TODO: check
+ NOT-FOR-US: ControlUp Real-Time Agent
CVE-2022-27904
RESERVED
CVE-2022-27903
@@ -6900,7 +6902,7 @@ CVE-2022-27338
CVE-2022-27337
RESERVED
CVE-2022-27336 (Seacms v11.6 was discovered to contain a remote code execution (RCE) v ...)
- TODO: check
+ NOT-FOR-US: Seacms
CVE-2022-27335
RESERVED
CVE-2022-27334
@@ -15291,7 +15293,7 @@ CVE-2022-0483 (Local privilege escalation due to insecure folder permissions. Th
CVE-2022-0482 (Exposure of Private Personal Information to an Unauthorized Actor in G ...)
NOT-FOR-US: easyappointments
CVE-2022-24372 (Linksys MR9600 devices before 2.0.5 allow attackers to read arbitrary ...)
- TODO: check
+ NOT-FOR-US: Linksys
CVE-2022-24371
RESERVED
CVE-2022-24370 (This vulnerability allows remote attackers to disclose sensitive infor ...)
@@ -17471,9 +17473,9 @@ CVE-2021-46444 (H.H.G Multistore v5.1.0 and below was discovered to contain a SQ
CVE-2021-46443
REJECTED
CVE-2021-46442 (In the "webupg" binary of D-Link DIR-825 G1, attackers can bypass auth ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2021-46441 (In the "webupg" binary of D-Link DIR-825 G1, because of the lack of pa ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2021-46440
RESERVED
CVE-2021-46439
@@ -17507,15 +17509,15 @@ CVE-2021-46426 (phpIPAM 1.4.4 allows Reflected XSS and CSRF via app/admin/subnet
CVE-2021-46425
RESERVED
CVE-2021-46424 (Telesquare TLR-2005KSH 1.0.0 is affected by an arbitrary file deletion ...)
- TODO: check
+ NOT-FOR-US: Telesquare
CVE-2021-46423 (Telesquare TLR-2005KSH 1.0.0 is affected by an unauthenticated file do ...)
- TODO: check
+ NOT-FOR-US: Telesquare
CVE-2021-46422 (Telesquare SDT-CW3B1 1.1.0 is affected by an OS command injection vuln ...)
- TODO: check
+ NOT-FOR-US: Telesquare
CVE-2021-46421 (Franklin Fueling Systems FFS T5 Series 1.8.7.7299 is affected by an un ...)
- TODO: check
+ NOT-FOR-US: Franklin Fueling Systems
CVE-2021-46420 (Franklin Fueling Systems FFS TS-550 evo 2.23.4.8936 is affected by an ...)
- TODO: check
+ NOT-FOR-US: Franklin Fueling Systems
CVE-2021-46419 (An unauthorized file deletion vulnerability in Telesquare TLR-2855KS6 ...)
NOT-FOR-US: Telesquare
CVE-2021-46418 (An unauthorized file creation vulnerability in Telesquare TLR-2855KS6 ...)
@@ -17710,7 +17712,7 @@ CVE-2022-23824
CVE-2022-23823
RESERVED
CVE-2022-23822 (In this physical attack, an attacker may potentially exploit the Zynq- ...)
- TODO: check
+ NOT-FOR-US: Zynq-7000 SoC First Stage Boot Loader (FSBL)
CVE-2022-23821
RESERVED
CVE-2022-23820
@@ -22367,7 +22369,7 @@ CVE-2022-22523
CVE-2022-22522
RESERVED
CVE-2022-22521 (In Miele Benchmark Programming Tool with versions Prior to 1.2.71, exe ...)
- TODO: check
+ NOT-FOR-US: Miele
CVE-2022-22520
RESERVED
CVE-2022-22519 (A remote, unauthenticated attacker can send a specific crafted HTTP or ...)
@@ -23505,13 +23507,13 @@ CVE-2022-22280
CVE-2022-22279 (** UNSUPPORTED WHEN ASSIGNED ** A post-authentication arbitrary file r ...)
NOT-FOR-US: Sonicwall
CVE-2022-22278 (A vulnerability in SonicOS CFS (Content filtering service) returns a l ...)
- TODO: check
+ NOT-FOR-US: SonicWall
CVE-2022-22277 (A vulnerability in SonicOS SNMP service resulting exposure of Wireless ...)
- TODO: check
+ NOT-FOR-US: SonicWall
CVE-2022-22276 (A vulnerability in SonicOS SNMP service resulting exposure of sensitiv ...)
- TODO: check
+ NOT-FOR-US: SonicWall
CVE-2022-22275 (Improper Restriction of TCP Communication Channel in HTTP/S inbound tr ...)
- TODO: check
+ NOT-FOR-US: SonicWall
CVE-2022-22274 (A Stack-based buffer overflow vulnerability in the SonicOS via HTTP re ...)
NOT-FOR-US: Sonicwall
CVE-2022-22273 (** UNSUPPORTED WHEN ASSIGNED ** Improper neutralization of Special Ele ...)
@@ -56984,9 +56986,9 @@ CVE-2021-34604
CVE-2021-34603
RESERVED
CVE-2021-34602 (In Bender/ebee Charge Controllers in multiple versions are prone to Co ...)
- TODO: check
+ NOT-FOR-US: Bender/ebee Charge Controllers
CVE-2021-34601 (In Bender/ebee Charge Controllers in multiple versions are prone to Ha ...)
- TODO: check
+ NOT-FOR-US: Bender/ebee Charge Controllers
CVE-2021-34600 (Telenot CompasX versions prior to 32.0 use a weak seed for random numb ...)
NOT-FOR-US: Telenot CompasX
CVE-2021-34599 (Affected versions of CODESYS Git in Versions prior to V1.1.0.0 lack ce ...)
@@ -57004,17 +57006,17 @@ CVE-2021-34594 (TwinCAT OPC UA Server in TF6100 and TS6100 in product versions b
CVE-2021-34593 (In CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT prior to versio ...)
NOT-FOR-US: CODESYS
CVE-2021-34592 (In Bender/ebee Charge Controllers in multiple versions are prone to Co ...)
- TODO: check
+ NOT-FOR-US: Bender/ebee Charge Controllers
CVE-2021-34591 (In Bender/ebee Charge Controllers in multiple versions are prone to Lo ...)
- TODO: check
+ NOT-FOR-US: Bender/ebee Charge Controllers
CVE-2021-34590 (In Bender/ebee Charge Controllers in multiple versions are prone to Cr ...)
- TODO: check
+ NOT-FOR-US: Bender/ebee Charge Controllers
CVE-2021-34589 (In Bender/ebee Charge Controllers in multiple versions are prone to an ...)
- TODO: check
+ NOT-FOR-US: Bender/ebee Charge Controllers
CVE-2021-34588 (In Bender/ebee Charge Controllers in multiple versions are prone to un ...)
- TODO: check
+ NOT-FOR-US: Bender/ebee Charge Controllers
CVE-2021-34587 (In Bender/ebee Charge Controllers in multiple versions a long URL coul ...)
- TODO: check
+ NOT-FOR-US: Bender/ebee Charge Controllers
CVE-2021-34586 (In the CODESYS V2 web server prior to V1.1.9.22 crafted web server req ...)
NOT-FOR-US: CODESYS
CVE-2021-34585 (In the CODESYS V2 web server prior to V1.1.9.22 crafted web server req ...)
@@ -81119,7 +81121,7 @@ CVE-2021-25268
CVE-2021-25267
RESERVED
CVE-2021-25266 (An insecure data storage vulnerability allows a physical attacker with ...)
- TODO: check
+ NOT-FOR-US: Sophos Authenticator for Android
CVE-2021-25265 (A malicious website could execute code remotely in Sophos Connect Clie ...)
NOT-FOR-US: Sophos Connect Client
CVE-2021-25264 (In multiple versions of Sophos Endpoint products for MacOS, a local at ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/64ce55053ebfc2eecc47d764ebc8e15976d4eca0...24a0fd0e17ac8997c4269fb224923fa9d90d4210
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/64ce55053ebfc2eecc47d764ebc8e15976d4eca0...24a0fd0e17ac8997c4269fb224923fa9d90d4210
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220428/f584ce3d/attachment.htm>
More information about the debian-security-tracker-commits
mailing list