[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Feb 11 20:56:41 GMT 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
617caa02 by Salvatore Bonaccorso at 2022-02-11T21:56:17+01:00
Process NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -113,15 +113,15 @@ CVE-2022-24929
CVE-2022-24928
RESERVED
CVE-2022-24927 (Improper privilege management vulnerability in Samsung Video Player pr ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-24926 (Improper input validation vulnerability in SmartTagPlugin prior to ver ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-24925 (Improper input validation vulnerability in SettingsProvider prior to A ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-24924 (An improper access control in LiveWallpaperService prior to versions 3 ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-24923 (Improper access control vulnerability in Samsung SearchWidget prior to ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-24922
RESERVED
CVE-2022-24921
@@ -561,13 +561,13 @@ CVE-2022-0562 (Null source pointer passed as an argument to memcpy() function wi
CVE-2022-0561 (Null source pointer passed as an argument to memcpy() function within ...)
TODO: check
CVE-2022-0560 (Open Redirect in Packagist microweber/microweber prior to 1.2.11. ...)
- TODO: check
+ NOT-FOR-US: microweber
CVE-2022-0559
RESERVED
CVE-2022-0558 (Cross-site Scripting (XSS) - Stored in Packagist microweber/microweber ...)
NOT-FOR-US: microweber
CVE-2022-0557 (OS Command Injection in Packagist microweber/microweber prior to 1.2.1 ...)
- TODO: check
+ NOT-FOR-US: microweber
CVE-2022-24703
RESERVED
CVE-2022-24702
@@ -811,9 +811,9 @@ CVE-2022-24649
CVE-2022-24648
RESERVED
CVE-2022-24647 (Cuppa CMS v1.0 was discovered to contain an arbitrary file deletion vu ...)
- TODO: check
+ NOT-FOR-US: Cuppa CMS
CVE-2022-24646 (Hospital Management System v4.0 was discovered to contain a SQL inject ...)
- TODO: check
+ NOT-FOR-US: Hospital Management System
CVE-2022-24645
RESERVED
CVE-2022-24644
@@ -969,7 +969,7 @@ CVE-2022-24570
CVE-2022-24569
RESERVED
CVE-2022-24568 (Novel-plus v3.6.0 was discovered to be vulnerable to Server-Side Reque ...)
- TODO: check
+ NOT-FOR-US: Novel-plus
CVE-2022-24567
RESERVED
CVE-2022-24566
@@ -1438,7 +1438,7 @@ CVE-2022-0485 [nbdcopy: missing error handling may create corrupted destination
CVE-2022-0484 (Lack of validation of URLs causes Mirantis Container Cloud Lens Extens ...)
NOT-FOR-US: Mirantis Container Cloud Lens
CVE-2022-0483 (Local privilege escalation due to insecure folder permissions. The fol ...)
- TODO: check
+ NOT-FOR-US: Acronis VSS Doctor
CVE-2022-0482
RESERVED
CVE-2022-24372
@@ -1572,29 +1572,29 @@ CVE-2022-24323
CVE-2022-24322
RESERVED
CVE-2022-24321 (A CWE-754: Improper Check for Unusual or Exceptional Conditions vulner ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2022-24320 (A CWE-295: Improper Certificate Validation vulnerability exists that c ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2022-24319 (A CWE-295: Improper Certificate Validation vulnerability exists that c ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2022-24318 (A CWE-326: Inadequate Encryption Strength vulnerability exists that co ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2022-24317 (A CWE-862: Missing Authorization vulnerability exists that could cause ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2022-24316 (A CWE-665: Improper Initialization vulnerability exists that could cau ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2022-24315 (A CWE-125: Out-of-bounds Read vulnerability exists that could cause de ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2022-24314 (A CWE-125: Out-of-bounds Read vulnerability exists that could cause me ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2022-24313 (A CWE-120: Buffer Copy without Checking Size of Input vulnerability ex ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2022-24312 (A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2022-24311 (A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2022-24310 (A CWE-190: Integer Overflow or Wraparound vulnerability exists that co ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2022-24309
RESERVED
CVE-2022-0480
@@ -2868,25 +2868,25 @@ CVE-2021-46562
CVE-2022-24004
RESERVED
CVE-2022-24003 (Exposure of Sensitive Information vulnerability in Bixby Vision prior ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-24002 (Improper Authorization vulnerability in Link Sharing prior to version ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-24001 (Information disclosure vulnerability in Edge Panel prior to Android S( ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-24000 (PendingIntent hijacking vulnerability in DataUsageReminderReceiver pri ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-23999 (PendingIntent hijacking vulnerability in CpaReceiver prior to SMR Feb- ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-23998 (Improper access control vulnerability in Camera prior to versions 11.1 ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-23997 (Unprotected component vulnerability in StTheaterModeDurationAlarmRecei ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-23996 (Unprotected component vulnerability in StTheaterModeReceiver in Wear O ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-23995 (Unprotected component vulnerability in StBedtimeModeAlarmReceiver in W ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-23994 (An Improper access control vulnerability in StBedtimeModeReceiver in W ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-23993 (/usr/local/www/pkg.php in pfSense through 2.5.2 uses $_REQUEST['pkg_fi ...)
NOT-FOR-US: pfSense
CVE-2022-23992
@@ -4833,25 +4833,25 @@ CVE-2022-23436
CVE-2022-23435 (decoding.c in android-gif-drawable before 1.2.24 does not limit the ma ...)
NOT-FOR-US: android-gif-drawable
CVE-2022-23434 (A vulnerability using PendingIntent in Bixby Vision prior to versions ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-23433 (Improper access control vulnerability in Reminder prior to versions 12 ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-23432 (An improper input validation in SMC_SRPMB_WSM handler of RPMB ldfw pri ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-23431 (An improper boundary check in RPMB ldfw prior to SMR Feb-2022 Release ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-23430
RESERVED
CVE-2022-23429 (An improper boundary check in audio hal service prior to SMR Feb-2022 ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-23428 (An improper boundary check in eden_runtime hal service prior to SMR Fe ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-23427 (PendingIntent hijacking vulnerability in KnoxPrivacyNoticeReceiver pri ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-23426 (A vulnerability using PendingIntent in DeX Home and DeX for PC prior t ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-23425 (Improper input validation in Exynos baseband prior to SMR Feb-2022 Rel ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-23424
RESERVED
CVE-2022-23423
@@ -4945,7 +4945,7 @@ CVE-2022-23380
CVE-2022-23379 (Emlog v6.0 was discovered to contain a SQL injection vulnerability via ...)
NOT-FOR-US: Emlog
CVE-2022-23378 (A Cross-Site Scripting (XSS) vulnerability exists within the 3.2.2 ver ...)
- TODO: check
+ NOT-FOR-US: TastyIgniter
CVE-2022-23377
RESERVED
CVE-2022-23376
@@ -6241,11 +6241,11 @@ CVE-2022-23051
CVE-2022-23050
RESERVED
CVE-2022-23049 (Exponent CMS 2.6.0patch2 allows an authenticated user to inject persis ...)
- TODO: check
+ NOT-FOR-US: Exponent CMS
CVE-2022-23048 (Exponent CMS 2.6.0patch2 allows an authenticated admin user to upload ...)
- TODO: check
+ NOT-FOR-US: Exponent CMS
CVE-2022-23047 (Exponent CMS 2.6.0patch2 allows an authenticated admin user to inject ...)
- TODO: check
+ NOT-FOR-US: Exponent CMS
CVE-2022-23046 (PhpIPAM v1.4.4 allows an authenticated admin user to inject SQL senten ...)
NOT-FOR-US: PhpIPAM
CVE-2022-23045 (PhpIPAM v1.4.4 allows an authenticated admin user to inject persistent ...)
@@ -6742,7 +6742,7 @@ CVE-2022-0164
CVE-2022-0163
RESERVED
CVE-2022-0162 (The vulnerability exists in TP-Link TL-WR841N V11 3.16.9 Build 160325 ...)
- TODO: check
+ NOT-FOR-US: TP-Link
CVE-2022-0161
RESERVED
CVE-2022-0160
@@ -7154,19 +7154,19 @@ CVE-2022-0155 (follow-redirects is vulnerable to Exposure of Private Personal In
NOTE: https://github.com/follow-redirects/follow-redirects/issues/183
NOTE: https://github.com/follow-redirects/follow-redirects/commit/8b347cbcef7c7b72a6e9be20f5710c17d6163c22 (v1.14.7)
CVE-2022-22813 (A CWE-798: Use of Hard-coded Credentials vulnerability exists. If an a ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2022-22812 (A CWE-79: Improper Neutralization of Input During Web Page Generation ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2022-22811 (A CWE-352: Cross-Site Request Forgery (CSRF) vulnerability exists that ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2022-22810 (A CWE-307: Improper Restriction of Excessive Authentication Attempts v ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2022-22809 (A CWE-306: Missing Authentication for Critical Function vulnerability ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2022-22808 (A CWE-942: Permissive Cross-domain Policy with Untrusted Domains vulne ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2022-22807 (A CWE-1021 Improper Restriction of Rendered UI Layers or Frames vulner ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2022-22806
RESERVED
CVE-2022-22805
@@ -7220,7 +7220,7 @@ CVE-2022-22782
CVE-2022-22781
RESERVED
CVE-2022-22780 (The Zoom Client for Meetings chat functionality was susceptible to Zip ...)
- TODO: check
+ NOT-FOR-US: Zoom
CVE-2022-22779 (The Keybase Clients for macOS and Windows before version 5.9.0 fails t ...)
TODO: check
CVE-2022-22778
@@ -7248,7 +7248,7 @@ CVE-2022-22768
CVE-2022-22767
RESERVED
CVE-2022-22766 (Hardcoded credentials are used in specific BD Pyxis products. If explo ...)
- TODO: check
+ NOT-FOR-US: BD Pyxis
CVE-2022-22765
RESERVED
CVE-2022-22764
@@ -7947,9 +7947,9 @@ CVE-2022-0122 (forge is vulnerable to URL Redirection to Untrusted Site ...)
CVE-2022-0121 (hoppscotch is vulnerable to Exposure of Sensitive Information to an Un ...)
NOT-FOR-US: hoppscotch
CVE-2022-22567 (Select Dell Client Commercial and Consumer platforms are vulnerable to ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2022-22566 (Select Dell Client Commercial and Consumer platforms contain a pre-boo ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2022-22565
RESERVED
CVE-2022-22564
@@ -7997,7 +7997,7 @@ CVE-2022-22544 (Solution Manager (Diagnostics Root Cause Analysis Tools) - versi
CVE-2022-22543 (SAP NetWeaver Application Server for ABAP (Kernel) and ABAP Platform ( ...)
NOT-FOR-US: SAP
CVE-2022-22542 (S/4HANA Supplier Factsheet exposes the private address and bank detail ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2022-22541
RESERVED
CVE-2022-22540 (SAP NetWeaver AS ABAP (Workplace Server) - versions 700, 701, 702, 731 ...)
@@ -8013,7 +8013,7 @@ CVE-2022-22536 (SAP NetWeaver Application Server ABAP, SAP NetWeaver Application
CVE-2022-22535 (SAP ERP HCM Portugal - versions 600, 604, 608, does not perform necess ...)
NOT-FOR-US: SAP
CVE-2022-22534 (Due to insufficient encoding of user input, SAP NetWeaver allows an un ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2022-22533 (Due to improper error handling in SAP NetWeaver Application Server Jav ...)
NOT-FOR-US: SAP
CVE-2022-22532 (In SAP NetWeaver Application Server Java - versions KRNL64NUC 7.22, 7. ...)
@@ -9305,9 +9305,9 @@ CVE-2021-4196
CVE-2021-4195
RESERVED
CVE-2022-22292 (Unprotected dynamic receiver in Telecom prior to SMR Feb-2022 Release ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-22291 (Logging of excessive data vulnerability in telephony prior to SMR Feb- ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-22290 (Incorrect download source UI in Downloads in Samsung Internet prior to ...)
NOT-FOR-US: Samsung
CVE-2022-22289 (Improper access control vulnerability in S Assistant prior to version ...)
@@ -9531,17 +9531,17 @@ CVE-2022-0023
CVE-2022-0022
RESERVED
CVE-2022-0021 (An information exposure through log file vulnerability exists in the P ...)
- TODO: check
+ NOT-FOR-US: Palo Alto Networks
CVE-2022-0020 (A stored cross-site scripting (XSS) vulnerability in Palo Alto Network ...)
- TODO: check
+ NOT-FOR-US: Palo Alto Networks
CVE-2022-0019 (An insufficiently protected credentials vulnerability exists in the Pa ...)
- TODO: check
+ NOT-FOR-US: Palo Alto Networks
CVE-2022-0018 (An information exposure vulnerability exists in the Palo Alto Networks ...)
- TODO: check
+ NOT-FOR-US: Palo Alto Networks
CVE-2022-0017 (An improper link resolution before file access ('link following') vuln ...)
- TODO: check
+ NOT-FOR-US: Palo Alto Networks
CVE-2022-0016 (An improper handling of exceptional conditions vulnerability exists wi ...)
- TODO: check
+ NOT-FOR-US: Palo Alto Networks
CVE-2022-0015 (A local privilege escalation (PE) vulnerability exists in the Palo Alt ...)
NOT-FOR-US: Palo Alto Networks
CVE-2022-0014 (An untrusted search path vulnerability exists in the Palo Alto Network ...)
@@ -9551,7 +9551,7 @@ CVE-2022-0013 (A file information exposure vulnerability exists in the Palo Alto
CVE-2022-0012 (An improper link resolution before file access vulnerability exists in ...)
NOT-FOR-US: Palo Alto Networks
CVE-2022-0011 (PAN-OS software provides options to exclude specific websites from URL ...)
- TODO: check
+ NOT-FOR-US: Palo Alto Networks
CVE-2021-45918
RESERVED
CVE-2021-45917 (The server-request receiver function of Shockwall system has an improp ...)
@@ -9605,7 +9605,7 @@ CVE-2021-45903 (A persistent cross-site scripting (XSS) issue in the web interfa
CVE-2021-45902
RESERVED
CVE-2021-45901 (The password-reset form in ServiceNow Orlando provides different respo ...)
- TODO: check
+ NOT-FOR-US: ServiceNow Orlando
CVE-2021-45900
RESERVED
CVE-2021-45899 (SuiteCRM before 7.12.3 and 8.x before 8.0.2 allows PHAR deserializatio ...)
@@ -11392,7 +11392,7 @@ CVE-2021-45366
CVE-2021-45365
RESERVED
CVE-2021-45364 (A Code Execution vulnerability exists in Statamic Version through 3.2. ...)
- TODO: check
+ NOT-FOR-US: Statamic
CVE-2021-45363
RESERVED
CVE-2021-45362
@@ -11583,7 +11583,7 @@ CVE-2021-45288 (A Double Free vulnerability exists in filedump.c in GPAC 1.0.1,
CVE-2021-45287
RESERVED
CVE-2021-45286 (Directory Traversal vulnerability exists in ZZCMS 2021 via the skin pa ...)
- TODO: check
+ NOT-FOR-US: ZZCMS
CVE-2021-45285
RESERVED
CVE-2021-45284
@@ -12896,9 +12896,9 @@ CVE-2021-44972
CVE-2021-44971 (Multiple Tenda devices are affected by authentication bypass, such as ...)
NOT-FOR-US: Tenda
CVE-2021-44970 (MiniCMS v1.11 was discovered to contain a cross-site scripting (XSS) v ...)
- TODO: check
+ NOT-FOR-US: MiniCMS
CVE-2021-44969 (Taocms v3.0.2 was discovered to contain a cross-site scripting (XSS) v ...)
- TODO: check
+ NOT-FOR-US: Taocms
CVE-2021-44968
RESERVED
CVE-2021-44967
@@ -13081,7 +13081,7 @@ CVE-2021-44894
CVE-2021-44893
RESERVED
CVE-2021-44892 (A Remote Code Execution (RCE) vulnerability exists in ThinkPHP 3.x.x v ...)
- TODO: check
+ NOT-FOR-US: ThinkPHP
CVE-2021-44891
RESERVED
CVE-2021-44890
@@ -13192,7 +13192,7 @@ CVE-2021-44852 (An issue was discovered in BS_RCIO64.sys in Biostar RACING GT Ev
CVE-2021-44851
RESERVED
CVE-2021-44850 (On Xilinx Zynq-7000 SoC devices, physical modification of an SD boot i ...)
- TODO: check
+ NOT-FOR-US: Xilinx Zynq-7000 SoC device
CVE-2021-44849
RESERVED
CVE-2021-44848 (In Cibele Thinfinity VirtualUI before 3.0, /changePassword returns dif ...)
@@ -13285,7 +13285,7 @@ CVE-2022-21827
CVE-2022-21826
RESERVED
CVE-2022-21825 (An Improper Access Control vulnerability exists in Citrix Workspace Ap ...)
- TODO: check
+ NOT-FOR-US: Citrix
CVE-2022-21823 (A insecure storage of sensitive information vulnerability exists in Iv ...)
NOT-FOR-US: Ivanti
CVE-2021-44831
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/617caa02f49f6e95d55f820d58bbb595bba0a10e
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/617caa02f49f6e95d55f820d58bbb595bba0a10e
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220211/aa1100df/attachment.htm>
More information about the debian-security-tracker-commits
mailing list