[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Feb 8 20:50:27 GMT 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
212cff3e by Salvatore Bonaccorso at 2022-02-08T21:50:01+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -956,9 +956,9 @@ CVE-2022-24288
CVE-2022-24287
RESERVED
CVE-2022-21799 (Cross-site scripting vulnerability in ELECOM LAN router WRC-300FEBK-R ...)
- TODO: check
+ NOT-FOR-US: ELECOM
CVE-2022-21173 (Hidden functionality vulnerability in ELECOM LAN routers (WRH-300BK3 f ...)
- TODO: check
+ NOT-FOR-US: ELECOM
CVE-2022-0470
RESERVED
{DSA-5068-1}
@@ -3026,9 +3026,9 @@ CVE-2022-23814
CVE-2022-23813
RESERVED
CVE-2022-22146 (Cross-site scripting vulnerability in TransmitMail 2.5.0 to 2.6.1 allo ...)
- TODO: check
+ NOT-FOR-US: TransmitMail
CVE-2022-21193 (Directory traversal vulnerability in TransmitMail 2.5.0 to 2.6.1 allow ...)
- TODO: check
+ NOT-FOR-US: TransmitMail
CVE-2022-21176
RESERVED
CVE-2022-21143
@@ -3481,9 +3481,9 @@ CVE-2022-23626
CVE-2022-23625
RESERVED
CVE-2022-23624 (Frourio-express is a minimal full stack framework, for TypeScript. Fro ...)
- TODO: check
+ NOT-FOR-US: Frourio-express
CVE-2022-23623 (Frourio is a full stack framework, for TypeScript. Frourio users who u ...)
- TODO: check
+ NOT-FOR-US: Frourio
CVE-2022-23622
RESERVED
CVE-2022-23621
@@ -3513,11 +3513,11 @@ CVE-2022-23613 (xrdp is an open source remote desktop protocol (RDP) server. In
CVE-2022-23612
RESERVED
CVE-2022-23611 (iTunesRPC-Remastered is a Discord Rich Presence for iTunes on Windows ...)
- TODO: check
+ NOT-FOR-US: iTunesRPC-Remastered
CVE-2022-23610
RESERVED
CVE-2022-23609 (iTunesRPC-Remastered is a Discord Rich Presence for iTunes on Windows ...)
- TODO: check
+ NOT-FOR-US: iTunesRPC-Remastered
CVE-2022-23608
RESERVED
CVE-2022-23607 (treq is an HTTP library inspired by requests but written on top of Twi ...)
@@ -4246,7 +4246,7 @@ CVE-2022-23342
CVE-2022-23341
RESERVED
CVE-2022-23340 (Joplin 2.6.10 allows remote attackers to execute system commands throu ...)
- TODO: check
+ NOT-FOR-US: Joplin
CVE-2022-23339
RESERVED
CVE-2022-23338
@@ -4264,7 +4264,7 @@ CVE-2022-23333
CVE-2022-23332
RESERVED
CVE-2022-23331 (In DataEase v1.6.1, an authenticated user can gain unauthorized access ...)
- TODO: check
+ NOT-FOR-US: DataEase
CVE-2022-23330 (A remote code execution (RCE) vulnerability in HelloWorldAddonControll ...)
NOT-FOR-US: jpress
CVE-2022-23329 (A vulnerability in ${"freemarker.template.utility.Execute"?new() of UJ ...)
@@ -10794,7 +10794,7 @@ CVE-2021-45283
CVE-2021-45282
RESERVED
CVE-2021-45281 (QuickBox Pro v2.4.8 contains a cross-site scripting (XSS) vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: QuickBox Pro
CVE-2021-45280
RESERVED
CVE-2021-45279
@@ -12337,7 +12337,7 @@ CVE-2021-44866 (An issue was discovered in Online-Movie-Ticket-Booking-System 1.
CVE-2021-44865
RESERVED
CVE-2021-44864 (TP-Link WR886N 3.0 1.0.1 Build 150127 Rel.34123n is vulnerable to Buff ...)
- TODO: check
+ NOT-FOR-US: TP-Link
CVE-2021-44863
RESERVED
CVE-2021-44862
@@ -12607,9 +12607,9 @@ CVE-2022-21818
CVE-2022-21817 (NVIDIA Omniverse Launcher contains a Cross-Origin Resource Sharing (CO ...)
NOT-FOR-US: NVIDIA
CVE-2022-21816 (NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manag ...)
- TODO: check
+ NOT-FOR-US: NVIDIA vGPU software
CVE-2022-21815 (NVIDIA GPU Display Driver for Windows contains a vulnerability in the ...)
- TODO: check
+ NOT-FOR-US: NVIDIA GPU Display Driver for Windows
CVE-2022-21814 (NVIDIA GPU Display Driver for Linux contains a vulnerability in the ke ...)
- nvidia-graphics-drivers 470.103.01-1 (bug #1004847)
[bullseye] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
@@ -72336,15 +72336,15 @@ CVE-2021-22290
CVE-2021-22289
RESERVED
CVE-2021-22288 (Improper Input Validation vulnerability in the ABB SPIET800 and PNI800 ...)
- TODO: check
+ NOT-FOR-US: ABB
CVE-2021-22287
RESERVED
CVE-2021-22286 (Improper Input Validation vulnerability in the ABB SPIET800 and PNI800 ...)
- TODO: check
+ NOT-FOR-US: ABB
CVE-2021-22285 (Improper Handling of Exceptional Conditions, Improper Check for Unusua ...)
- TODO: check
+ NOT-FOR-US: ABB
CVE-2021-22284 (Incorrect Permission Assignment for Critical Resource vulnerability in ...)
- TODO: check
+ NOT-FOR-US: ABB
CVE-2021-22283
RESERVED
CVE-2021-22282
@@ -73078,31 +73078,31 @@ CVE-2021-3009
CVE-2021-3008
RESERVED
CVE-2021-21971 (An out-of-bounds write vulnerability exists in the URL_decode function ...)
- TODO: check
+ NOT-FOR-US: Sealevel Systems
CVE-2021-21970 (An out-of-bounds write vulnerability exists in the HandleSeaCloudMessa ...)
- TODO: check
+ NOT-FOR-US: Sealevel Systems
CVE-2021-21969 (An out-of-bounds write vulnerability exists in the HandleSeaCloudMessa ...)
- TODO: check
+ NOT-FOR-US: Sealevel Systems
CVE-2021-21968 (A file write vulnerability exists in the OTA update task functionality ...)
- TODO: check
+ NOT-FOR-US: Sealevel Systems
CVE-2021-21967
RESERVED
CVE-2021-21966
RESERVED
CVE-2021-21965 (A denial of service vulnerability exists in the SeaMax remote configur ...)
- TODO: check
+ NOT-FOR-US: Sealevel Systems
CVE-2021-21964 (A denial of service vulnerability exists in the Modbus configuration f ...)
- TODO: check
+ NOT-FOR-US: Sealevel Systems
CVE-2021-21963 (An information disclosure vulnerability exists in the Web Server funct ...)
- TODO: check
+ NOT-FOR-US: Sealevel Systems
CVE-2021-21962 (A heap-based buffer overflow vulnerability exists in the OTA Update u- ...)
- TODO: check
+ NOT-FOR-US: Sealevel Systems
CVE-2021-21961 (A stack-based buffer overflow vulnerability exists in the NBNS functio ...)
- TODO: check
+ NOT-FOR-US: Sealevel Systems
CVE-2021-21960 (A stack-based buffer overflow vulnerability exists in both the LLMNR f ...)
- TODO: check
+ NOT-FOR-US: Sealevel Systems
CVE-2021-21959 (A misconfiguration exists in the MQTTS functionality of Sealevel Syste ...)
- TODO: check
+ NOT-FOR-US: Sealevel Systems
CVE-2021-21958
RESERVED
CVE-2021-21957 (A privilege escalation vulnerability exists in the Remote Server funct ...)
@@ -125347,7 +125347,7 @@ CVE-2020-12967 (The lack of nested page table protection in the AMD SEV/SEV-ES f
CVE-2020-12966 (AMD EPYC™ Processors contain an information disclosure vulnerabi ...)
TODO: check
CVE-2020-12965 (When combined with specific software sequences, AMD CPUs may transient ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2020-12964 (A potential privilege escalation/denial of service issue exists in the ...)
NOT-FOR-US: Intel / AMD
CVE-2020-12963 (An insufficient pointer validation vulnerability in the AMD Graphics D ...)
@@ -140886,7 +140886,7 @@ CVE-2020-7536 (A CWE-754:Improper Check for Unusual or Exceptional Conditions vu
CVE-2020-7535 (A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ...)
NOT-FOR-US: Modicon
CVE-2020-7534 (A CWE-352: Cross-Site Request Forgery (CSRF) vulnerability exists on t ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2020-7533 (A CWE-255: Credentials Management vulnerability exists in Web Server o ...)
NOT-FOR-US: Modicon
CVE-2020-7532 (A CWE-502 Deserialization of Untrusted Data vulnerability exists in SC ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/212cff3eee43188eeb07a314488a5ec8ba8ab9a8
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/212cff3eee43188eeb07a314488a5ec8ba8ab9a8
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220208/e8b411f1/attachment.htm>
More information about the debian-security-tracker-commits
mailing list