[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Feb 2 20:46:05 GMT 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
9a03c9be by Salvatore Bonaccorso at 2022-02-02T21:45:37+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -5047,7 +5047,7 @@ CVE-2021-46255 (eyouCMS V1.5.5-UTF8-SP3_1 suffers from Arbitrary file deletion d
CVE-2021-46254
RESERVED
CVE-2021-46253 (A cross-site scripting (XSS) vulnerability in the Create Post function ...)
- TODO: check
+ NOT-FOR-US: Anchor CMS
CVE-2021-46252
RESERVED
CVE-2021-46251
@@ -6486,9 +6486,9 @@ CVE-2022-22512
CVE-2022-22511
RESERVED
CVE-2022-22510 (Codesys Profinet in version V4.2.0.0 is prone to null pointer derefere ...)
- TODO: check
+ NOT-FOR-US: Codesys
CVE-2022-22509 (In Phoenix Contact FL SWITCH Series 2xxx in version 3.00 an incorrect ...)
- TODO: check
+ NOT-FOR-US: Phoenix Contact FL SWITCH Series
CVE-2022-22508
RESERVED
CVE-2022-22507
@@ -7002,7 +7002,7 @@ CVE-2021-46095
CVE-2021-46094
RESERVED
CVE-2021-46093 (eliteCMS v1.0 is vulnerable to Insecure Permissions via manage_uploads ...)
- TODO: check
+ NOT-FOR-US: eliteCMS
CVE-2021-46092
RESERVED
CVE-2021-46091
@@ -9484,7 +9484,7 @@ CVE-2021-45417 (AIDE before 0.17.4 allows local users to obtain root privileges
NOTE: https://github.com/aide/aide/commit/175d1f2626f4500b4fc5ecb7167bba9956b174bc (v0.17.4)
NOTE: https://www.openwall.com/lists/oss-security/2022/01/20/3
CVE-2021-45416 (Reflected Cross-site scripting (XSS) vulnerability in RosarioSIS 8.2.1 ...)
- TODO: check
+ NOT-FOR-US: RosarioSIS
CVE-2021-45415
RESERVED
CVE-2021-45414
@@ -11595,7 +11595,7 @@ CVE-2022-21819
CVE-2022-21818
RESERVED
CVE-2022-21817 (NVIDIA Omniverse Launcher contains a Cross-Origin Resource Sharing (CO ...)
- TODO: check
+ NOT-FOR-US: NVIDIA
CVE-2022-21816
RESERVED
CVE-2022-21815
@@ -11635,11 +11635,11 @@ CVE-2022-21813
- nvidia-graphics-drivers-tesla-418 <unfixed> (bug #1004850)
[bullseye] - nvidia-graphics-drivers-tesla-418 <no-dsa> (Non-free not supported)
CVE-2021-44795 (Single Connect does not perform an authorization check when using the ...)
- TODO: check
+ NOT-FOR-US: Single Connect
CVE-2021-44794 (Single Connect does not perform an authorization check when using the ...)
- TODO: check
+ NOT-FOR-US: Single Connect
CVE-2021-44793 (Single Connect does not perform an authorization check when using the ...)
- TODO: check
+ NOT-FOR-US: Single Connect
CVE-2021-44792 (Single Connect does not perform an authorization check when using the ...)
NOT-FOR-US: Kron Single Connect
CVE-2021-44791
@@ -11807,7 +11807,7 @@ CVE-2021-44748
CVE-2021-44747
RESERVED
CVE-2021-44746 (UNIVERGE DT 820 V3.2.7.0 and prior, UNIVERGE DT 830 V5.2.7.0 and prior ...)
- TODO: check
+ NOT-FOR-US: UNIVERGE
CVE-2021-44745
RESERVED
CVE-2021-44744
@@ -16521,9 +16521,9 @@ CVE-2021-43512
CVE-2021-43511
RESERVED
CVE-2021-43510 (SQL Injection vulnerability exists in Sourcecodester Simple Client Man ...)
- TODO: check
+ NOT-FOR-US: Sourcecodester
CVE-2021-43509 (SQL Injection vulnerability exists in Sourcecodester Simple Client Man ...)
- TODO: check
+ NOT-FOR-US: Sourcecodester
CVE-2021-43508
RESERVED
CVE-2021-43507
@@ -18561,7 +18561,7 @@ CVE-2021-43064 (A url redirection to untrusted site ('open redirect') in Fortine
CVE-2021-43063 (A improper neutralization of input during web page generation ('cross- ...)
NOT-FOR-US: FortiGuard
CVE-2021-43062 (A improper neutralization of input during web page generation ('cross- ...)
- TODO: check
+ NOT-FOR-US: FortiGuard
CVE-2022-20621 (Jenkins Metrics Plugin 4.0.2.8 and earlier stores an access key unencr ...)
NOT-FOR-US: Jenkins plugin
CVE-2022-20620 (Missing permission checks in Jenkins SSH Agent Plugin 1.23 and earlier ...)
@@ -19302,7 +19302,7 @@ CVE-2021-42755
CVE-2021-42754 (An improper control of generation of code vulnerability [CWE-94] in Fo ...)
NOT-FOR-US: Fortiguard
CVE-2021-42753 (An improper limitation of a pathname to a restricted directory ('Path ...)
- TODO: check
+ NOT-FOR-US: FortiGuard
CVE-2021-42752 (A improper neutralization of input during web page generation ('cross- ...)
NOT-FOR-US: FortiGuard
CVE-2021-42751
@@ -19585,17 +19585,17 @@ CVE-2021-42644
CVE-2021-42643
RESERVED
CVE-2021-42642 (PrinterLogic Web Stack versions 19.1.1.13 SP9 and below are vulnerable ...)
- TODO: check
+ NOT-FOR-US: PrinterLogic Web Stack
CVE-2021-42641 (PrinterLogic Web Stack versions 19.1.1.13 SP9 and below are vulnerable ...)
- TODO: check
+ NOT-FOR-US: PrinterLogic Web Stack
CVE-2021-42640 (PrinterLogic Web Stack versions 19.1.1.13 SP9 and below are vulnerable ...)
- TODO: check
+ NOT-FOR-US: PrinterLogic Web Stack
CVE-2021-42639 (PrinterLogic Web Stack versions 19.1.1.13 SP9 and below are vulnerable ...)
- TODO: check
+ NOT-FOR-US: PrinterLogic Web Stack
CVE-2021-42638 (PrinterLogic Web Stack versions 19.1.1.13 SP9 and below do not sanitiz ...)
- TODO: check
+ NOT-FOR-US: PrinterLogic Web Stack
CVE-2021-42637 (PrinterLogic Web Stack versions 19.1.1.13 SP9 and below use user-contr ...)
- TODO: check
+ NOT-FOR-US: PrinterLogic Web Stack
CVE-2021-42636
RESERVED
CVE-2021-42635 (PrinterLogic Web Stack versions 19.1.1.13 SP9 and below use a hardcode ...)
@@ -19603,7 +19603,7 @@ CVE-2021-42635 (PrinterLogic Web Stack versions 19.1.1.13 SP9 and below use a ha
CVE-2021-42634
RESERVED
CVE-2021-42633 (PrinterLogic Web Stack versions 19.1.1.13 SP9 and below are vulnerable ...)
- TODO: check
+ NOT-FOR-US: PrinterLogic Web Stack
CVE-2021-42632
RESERVED
CVE-2021-42631 (PrinterLogic Web Stack versions 19.1.1.13 SP9 and below deserializes a ...)
@@ -24777,11 +24777,11 @@ CVE-2021-41020
CVE-2021-41019 (An improper validation of certificate with host mismatch [CWE-297] vul ...)
NOT-FOR-US: Fortiguard
CVE-2021-41018 (A improper neutralization of special elements used in an os command (' ...)
- TODO: check
+ NOT-FOR-US: FortiGuard
CVE-2021-41017 (Multiple heap-based buffer overflow vulnerabilities in some web API co ...)
NOT-FOR-US: FortiGuard
CVE-2021-41016 (A improper neutralization of special elements used in a command ('comm ...)
- TODO: check
+ NOT-FOR-US: FortiGuard
CVE-2021-41015 (A improper neutralization of input during web page generation ('cross- ...)
NOT-FOR-US: FortiGuard
CVE-2021-41014 (A uncontrolled resource consumption in Fortinet FortiWeb version 6.4.1 ...)
@@ -30743,7 +30743,7 @@ CVE-2021-38562 (Best Practical Request Tracker (RT) 4.2 before 4.2.17, 4.4 befor
CVE-2021-38561
RESERVED
CVE-2021-38560 (Ivanti Service Manager 2021.1 allows reflected XSS via the appName par ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2021-38559 (DigitalDruid HotelDruid 3.0.2 has an XSS vulnerability in prenota.php ...)
- hoteldruid 3.0.3-1
[bullseye] - hoteldruid <no-dsa> (Minor issue)
@@ -36665,7 +36665,7 @@ CVE-2021-36195 (Multiple command injection vulnerabilities in the command line i
CVE-2021-36194 (Multiple stack-based buffer overflows in the API controllers of FortiW ...)
NOT-FOR-US: FortiGuard
CVE-2021-36193 (Multiple stack-based buffer overflows in the command line interpreter ...)
- TODO: check
+ NOT-FOR-US: FortiGuard
CVE-2021-36192 (An exposure of sensitive information to an unauthorized actor [CWE-200 ...)
NOT-FOR-US: Fortiguard
CVE-2021-36191 (A url redirection to untrusted site ('open redirect') in Fortinet Fort ...)
@@ -36697,7 +36697,7 @@ CVE-2021-36179 (A stack-based buffer overflow in Fortinet FortiWeb version 6.3.1
CVE-2021-36178 (A insufficiently protected credentials in Fortinet FortiSDNConnector v ...)
NOT-FOR-US: Fortiguard
CVE-2021-36177 (An improper access control vulnerability [CWE-284] in FortiAuthenticat ...)
- TODO: check
+ NOT-FOR-US: FortiGuard
CVE-2021-36176 (Multiple uncontrolled resource consumption vulnerabilities in the web ...)
NOT-FOR-US: Fortiguard
CVE-2021-36175 (An improper neutralization of input vulnerability [CWE-79] in FortiWeb ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9a03c9beff8bf408a38731a3fe31a027a5a096d0
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9a03c9beff8bf408a38731a3fe31a027a5a096d0
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220202/0edcba73/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list