[Git][security-tracker-team/security-tracker][master] Process several NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Mon Feb 7 20:57:31 GMT 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
c7f8a314 by Salvatore Bonaccorso at 2022-02-07T21:56:45+01:00
Process several NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -2126,9 +2126,9 @@ CVE-2022-0372 (Cross-site Scripting (XSS) - Stored in Packagist bytefury/crater
CVE-2021-46561 (controller/org.controller/org.controller.js in the CVE Services API 1. ...)
NOT-FOR-US: controller/org.controller/org.controller.js in the CVE Services API
CVE-2018-25029 (The Z-Wave specification requires that S2 security can be downgraded t ...)
- TODO: check
+ NOT-FOR-US: Z-Wave specification
CVE-2013-20003 (Z-Wave devices from Sierra Designs (circa 2013) and Silicon Labs (usin ...)
- TODO: check
+ NOT-FOR-US: Z-Wave devices
CVE-2022-23973
RESERVED
CVE-2022-23972
@@ -2222,7 +2222,7 @@ CVE-2022-0367
CVE-2022-0366 (An authenticated and authorized agent user could potentially gain admi ...)
NOT-FOR-US: Sophos
CVE-2022-0365 (The affected product is vulnerable to an authenticated OS command inje ...)
- TODO: check
+ NOT-FOR-US: Ricon Mobile
CVE-2022-0364
RESERVED
CVE-2022-0363
@@ -4050,7 +4050,7 @@ CVE-2022-23381
CVE-2022-23380
RESERVED
CVE-2022-23379 (Emlog v6.0 was discovered to contain a SQL injection vulnerability via ...)
- TODO: check
+ NOT-FOR-US: Emlog
CVE-2022-23378
RESERVED
CVE-2022-23377
@@ -4148,9 +4148,9 @@ CVE-2022-23332
CVE-2022-23331
RESERVED
CVE-2022-23330 (A remote code execution (RCE) vulnerability in HelloWorldAddonControll ...)
- TODO: check
+ NOT-FOR-US: jpress
CVE-2022-23329 (A vulnerability in ${"freemarker.template.utility.Execute"?new() of UJ ...)
- TODO: check
+ NOT-FOR-US: UJCMS Jspxcms
CVE-2022-23328
RESERVED
CVE-2022-23327
@@ -4168,7 +4168,7 @@ CVE-2022-23322
CVE-2022-23321
RESERVED
CVE-2022-23320 (XMPie uStore 12.3.7244.0 allows for administrators to generate reports ...)
- TODO: check
+ NOT-FOR-US: XMPie uStore
CVE-2022-23319
RESERVED
CVE-2022-23318
@@ -4226,7 +4226,7 @@ CVE-2021-46391
CVE-2021-46390
RESERVED
CVE-2021-46389 (IIPImage High Resolution Streaming Image Server prior to commit 882925 ...)
- TODO: check
+ NOT-FOR-US: IIPImage High Resolution Streaming Image Server
CVE-2021-46388
RESERVED
CVE-2021-46387
@@ -4286,7 +4286,7 @@ CVE-2021-46361
CVE-2021-46360
RESERVED
CVE-2021-46359 (FISCO-BCOS release-3.0.0-rc2 contains a denial of service vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: FISCO-BCOS
CVE-2021-46358
RESERVED
CVE-2021-46357
@@ -4636,11 +4636,11 @@ CVE-2022-23265
CVE-2022-23264
RESERVED
CVE-2022-23263 (Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-23262 (Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-23261 (Microsoft Edge (Chromium-based) Tampering Vulnerability. ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-23260
RESERVED
CVE-2022-23259
@@ -4941,7 +4941,7 @@ CVE-2022-23186
CVE-2022-23185
RESERVED
CVE-2022-23184 (In affected Octopus Server versions when the server HTTP and HTTPS bin ...)
- TODO: check
+ NOT-FOR-US: Octopus Server
CVE-2022-23181 (The fix for bug CVE-2020-9484 introduced a time of check, time of use ...)
- tomcat9 <unfixed>
- tomcat8 <removed>
@@ -5595,7 +5595,7 @@ CVE-2022-22941
CVE-2022-22940
RESERVED
CVE-2022-22939 (VMware Cloud Foundation contains an information disclosure vulnerabili ...)
- TODO: check
+ NOT-FOR-US: VMware
CVE-2022-22938 (VMware Workstation (16.x prior to 16.2.2) and Horizon Client for Windo ...)
NOT-FOR-US: VMware
CVE-2022-22937
@@ -6159,11 +6159,11 @@ CVE-2022-22835
CVE-2022-22834
RESERVED
CVE-2022-22833 (An issue was discovered in Servisnet Tessa 0.0.2. An attacker can obta ...)
- TODO: check
+ NOT-FOR-US: Servisnet Tessa
CVE-2022-22832 (An issue was discovered in Servisnet Tessa 0.0.2. Authorization data i ...)
- TODO: check
+ NOT-FOR-US: Servisnet Tessa
CVE-2022-22831 (An issue was discovered in Servisnet Tessa 0.0.2. An attacker can add ...)
- TODO: check
+ NOT-FOR-US: Servisnet Tessa
CVE-2022-22830
RESERVED
CVE-2022-22829
@@ -6272,7 +6272,7 @@ CVE-2022-22806
CVE-2022-22805
RESERVED
CVE-2022-22804 (A CWE-79: Improper Neutralization of Input During Web Page Generation ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2022-22803
RESERVED
CVE-2022-22802
@@ -6592,17 +6592,17 @@ CVE-2021-46146 (An issue was discovered in MediaWiki before 1.35.5, 1.36.x befor
CVE-2022-22728
RESERVED
CVE-2022-22727 (A CWE-20: Improper Input Validation vulnerability exists that could al ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2022-22726 (A CWE-20: Improper Input Validation vulnerability exists that could al ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2022-22725 (A CWE-120: Buffer Copy without Checking Size of Input vulnerability ex ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2022-22724 (A CWE-400: Uncontrolled Resource Consumption vulnerability exists that ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2022-22723 (A CWE-120: Buffer Copy without Checking Size of Input vulnerability ex ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2022-22722 (A CWE-798: Use of Hard-coded Credentials vulnerability exists that cou ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2022-22721
RESERVED
CVE-2022-22720
@@ -6699,7 +6699,7 @@ CVE-2022-22691 (The password reset component deployed within Umbraco uses the ho
CVE-2022-22690 (Within the Umbraco CMS, a configuration element named "UmbracoApplicat ...)
NOT-FOR-US: Umbraco CMS
CVE-2022-22689 (CA Harvest Software Change Manager versions 13.0.3, 13.0.4, 14.0.0, an ...)
- TODO: check
+ NOT-FOR-US: CA Harvest Software Change Manager
CVE-2022-22688
RESERVED
CVE-2022-22687
@@ -6717,11 +6717,11 @@ CVE-2022-22682
CVE-2022-22681
RESERVED
CVE-2022-22680 (Exposure of sensitive information to an unauthorized actor vulnerabili ...)
- TODO: check
+ NOT-FOR-US: Synology
CVE-2022-22679 (Improper limitation of a pathname to a restricted directory ('Path Tra ...)
- TODO: check
+ NOT-FOR-US: Synology
CVE-2022-22150 (A memory corruption vulnerability exists in the JavaScript engine of F ...)
- TODO: check
+ NOT-FOR-US: Foxit
CVE-2022-0130 (Tenable.sc versions 5.14.0 through 5.19.1 were found to contain a remo ...)
NOT-FOR-US: Tenable
CVE-2021-46145 (The keyfob subsystem in Honda Civic 2012 vehicles allows a replay atta ...)
@@ -10338,7 +10338,7 @@ CVE-2021-45410
CVE-2021-45409
RESERVED
CVE-2021-45408 (Open Redirect vulnerability exists in SeedDMS 6.0.15 in out.Login.php, ...)
- TODO: check
+ NOT-FOR-US: SeedDMS
CVE-2021-45407
RESERVED
CVE-2021-45406 (In SalonERP 3.0.1, a SQL injection vulnerability allows an attacker to ...)
@@ -14270,11 +14270,11 @@ CVE-2021-4018 (snipe-it is vulnerable to Improper Neutralization of Input During
CVE-2021-4017 (showdoc is vulnerable to Cross-Site Request Forgery (CSRF) ...)
NOT-FOR-US: ShowDoc
CVE-2021-44206 (Local privilege escalation due to DLL hijacking vulnerability in Acron ...)
- TODO: check
+ NOT-FOR-US: Acronis
CVE-2021-44205 (Local privilege escalation due to DLL hijacking vulnerability. The fol ...)
- TODO: check
+ NOT-FOR-US: Acronis
CVE-2021-44204 (Local privilege escalation via named pipe due to improper access contr ...)
- TODO: check
+ NOT-FOR-US: Acronis
CVE-2021-44203 (Stored cross-site scripting (XSS) was possible in protection plan deta ...)
NOT-FOR-US: Acronis
CVE-2021-44202 (Stored cross-site scripting (XSS) was possible in activity details. Th ...)
@@ -15382,15 +15382,15 @@ CVE-2021-43931 (The authentication algorithm of the WebHMI portal is sound, but
CVE-2021-43930
RESERVED
CVE-2021-43929 (Improper neutralization of special elements in output used by a downst ...)
- TODO: check
+ NOT-FOR-US: Synology
CVE-2021-43928 (Improper neutralization of special elements used in an OS command ('OS ...)
- TODO: check
+ NOT-FOR-US: Synology
CVE-2021-43927 (Improper neutralization of special elements used in an SQL command ('S ...)
- TODO: check
+ NOT-FOR-US: Synology
CVE-2021-43926 (Improper neutralization of special elements used in an SQL command ('S ...)
- TODO: check
+ NOT-FOR-US: Synology
CVE-2021-43925 (Improper neutralization of special elements used in an SQL command ('S ...)
- TODO: check
+ NOT-FOR-US: Synology
CVE-2021-43924
RESERVED
CVE-2021-43923
@@ -15582,7 +15582,7 @@ CVE-2021-43843 (jsx-slack is a package for building JSON objects for Slack block
CVE-2021-43842 (Wiki.js is a wiki app built on Node.js. Wiki.js versions 2.5.257 and e ...)
NOT-FOR-US: Wiki.js
CVE-2021-43841 (XWiki is a generic wiki platform offering runtime services for applica ...)
- TODO: check
+ NOT-FOR-US: XWiki
CVE-2021-43840 (message_bus is a messaging bus for Ruby processes and web clients. In ...)
TODO: check
CVE-2021-43839 (Cronos is a commercial implementation of a blockchain. In Cronos nodes ...)
@@ -20028,7 +20028,7 @@ CVE-2021-42835 (An issue was discovered in Plex Media Server through 1.24.4.5081
CVE-2021-42834
RESERVED
CVE-2021-42833 (A Use of Hardcoded Credentials vulnerability exists in AquaView versio ...)
- TODO: check
+ NOT-FOR-US: AquaView
CVE-2021-42832
RESERVED
CVE-2021-42831
@@ -27160,7 +27160,7 @@ CVE-2021-40422
CVE-2021-40421
RESERVED
CVE-2021-40420 (A use-after-free vulnerability exists in the JavaScript engine of Foxi ...)
- TODO: check
+ NOT-FOR-US: Foxit
CVE-2021-40419 (A firmware update vulnerability exists in the 'factory' binary of reol ...)
NOT-FOR-US: Reolink
CVE-2021-40418 (When parsing a file that is submitted to the DPDecoder service as a jo ...)
@@ -29911,7 +29911,7 @@ CVE-2021-39282 (Live555 through 1.08 has a memory leak in AC3AudioStreamParser f
CVE-2021-39281
RESERVED
CVE-2021-39280 (Certain Korenix JetWave devices allow authenticated users to execute a ...)
- TODO: check
+ NOT-FOR-US: Korenix JetWave devices
CVE-2021-39279 (Certain MOXA devices allow Authenticated Command Injection via /forms/ ...)
NOT-FOR-US: MOXA
CVE-2021-39278 (Certain MOXA devices allow reflected XSS via the Config Import menu. T ...)
@@ -32748,7 +32748,7 @@ CVE-2021-38173 (Btrbk before 0.31.2 allows command execution because of the mish
NOTE: Fixed by: https://github.com/digint/btrbk/commit/58212de771c381cd4fa05625927080bf264e9584 (v0.31.2)
NOTE: Introduced by: https://github.com/digint/btrbk/commit/ccb5ed5e7191a083da52998df4c880f693451144 (v0.23.0-rc1)
CVE-2021-38172 (perM 0.4.0 has a Buffer Overflow related to strncpy. (Debian initially ...)
- TODO: check
+ NOT-FOR-US: perM
CVE-2021-38171 (adts_decode_extradata in libavformat/adtsenc.c in FFmpeg 4.4 does not ...)
{DSA-4998-1 DSA-4990-1 DLA-2818-1}
- ffmpeg 7:4.4.1-1
@@ -45959,7 +45959,7 @@ CVE-2021-32734 (Nextcloud Server is a Nextcloud package that handles data storag
CVE-2021-32733 (Nextcloud Text is a collaborative document editing application that us ...)
NOT-FOR-US: Nextcloud Text
CVE-2021-32732 (### Impact It's possible to know if a user has or not an account in a ...)
- TODO: check
+ NOT-FOR-US: XWiki
CVE-2021-32731 (XWiki Platform is a generic wiki platform offering runtime services fo ...)
NOT-FOR-US: XWiki
CVE-2021-32730 (XWiki Platform is a generic wiki platform offering runtime services fo ...)
@@ -54998,17 +54998,17 @@ CVE-2021-29400 (A cross-site request forgery (CSRF) vulnerability in the My SMTP
CVE-2021-29399 (XMB is vulnerable to cross-site scripting (XSS) due to inadequate filt ...)
NOT-FOR-US: XMB
CVE-2021-29398 (Directory traversal in /northstar/Common/NorthFileManager/fileManagerO ...)
- TODO: check
+ NOT-FOR-US: Northstar
CVE-2021-29397 (Cleartext Transmission of Sensitive Information in /northstar/Admin/lo ...)
- TODO: check
+ NOT-FOR-US: Northstar
CVE-2021-29396 (Systemic Insecure Permissions in Northstar Technologies Inc NorthStar ...)
- TODO: check
+ NOT-FOR-US: Northstar
CVE-2021-29395 (Directory travesal in /northstar/filemanager/download.jsp in Northstar ...)
- TODO: check
+ NOT-FOR-US: Northstar
CVE-2021-29394 (Account Hijacking in /northstar/Admin/changePassword.jsp in Northstar ...)
- TODO: check
+ NOT-FOR-US: Northstar
CVE-2021-29393 (Remote Code Execution in cominput.jsp and comoutput.jsp in Northstar T ...)
- TODO: check
+ NOT-FOR-US: Northstar
CVE-2021-29392
RESERVED
CVE-2021-29391
@@ -55404,9 +55404,9 @@ CVE-2021-29221 (A local privilege escalation vulnerability was discovered in Erl
CVE-2021-29220
RESERVED
CVE-2021-29219 (A potential local buffer overflow vulnerability has been identified in ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2021-29218 (A local unquoted search path security vulnerability has been identifie ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2021-29217
RESERVED
CVE-2021-29216
@@ -57197,7 +57197,7 @@ CVE-2021-28505
CVE-2021-28504
RESERVED
CVE-2021-28503 (The impact of this vulnerability is that Arista's EOS eAPI may skip re ...)
- TODO: check
+ NOT-FOR-US: Arista
CVE-2021-28502
RESERVED
CVE-2021-28501 (An issue has recently been discovered in Arista EOS where the incorrec ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c7f8a31466c144159e960a763e21034af300ccac
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c7f8a31466c144159e960a763e21034af300ccac
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220207/ed87b94f/attachment.htm>
More information about the debian-security-tracker-commits
mailing list