[Git][security-tracker-team/security-tracker][master] Process several NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Feb 18 20:42:17 GMT 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
a4b8f88d by Salvatore Bonaccorso at 2022-02-18T21:41:51+01:00
Process several NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,9 +1,9 @@
CVE-2022-25337 (Ibexa DXP ezsystems/ezpublish-kernel 7.5.x before 7.5.26 and 1.3.x bef ...)
- TODO: check
+ NOT-FOR-US: Ibexa
CVE-2022-25336 (Ibexa DXP ezsystems/ezpublish-kernel 7.5.x before 7.5.26 and 1.3.x bef ...)
- TODO: check
+ NOT-FOR-US: Ibexa
CVE-2022-25335 (RigoBlock Dragos through 2022-02-17 lacks the onlyOwner modifier for s ...)
- TODO: check
+ NOT-FOR-US: RigoBlock Dragos
CVE-2022-25334
RESERVED
CVE-2022-25333
@@ -43,9 +43,9 @@ CVE-2022-0677
CVE-2021-4221
RESERVED
CVE-2022-25323 (ZEROF Web Server 2.0 allows /admin.back XSS. ...)
- TODO: check
+ NOT-FOR-US: ZEROF Web Server
CVE-2022-25322 (ZEROF Web Server 2.0 allows /HandleEvent SQL Injection. ...)
- TODO: check
+ NOT-FOR-US: ZEROF Web Server
CVE-2022-25321 (An issue was discovered in Cerebrate through 1.4. XSS could occur in t ...)
NOT-FOR-US: Cerebrate
CVE-2022-25320 (An issue was discovered in Cerebrate through 1.4. Username enumeration ...)
@@ -97,9 +97,9 @@ CVE-2022-21158
CVE-2022-0674
RESERVED
CVE-2022-0673 (A flaw was found in LemMinX in versions prior to 0.19.0. Cache poisoni ...)
- TODO: check
+ NOT-FOR-US: LemMinX
CVE-2022-0672 (A flaw was found in LemMinX in versions prior to 0.19.0. Insecure redi ...)
- TODO: check
+ NOT-FOR-US: LemMinX
CVE-2022-0671 (A flaw was found in vscode-xml in versions prior to 0.19.0. Schema dow ...)
TODO: check
CVE-2022-0670
@@ -111,11 +111,11 @@ CVE-2022-0668
CVE-2022-0667
RESERVED
CVE-2022-0666 (CRLF Injection leads to Stack Trace Exposure due to lack of filtering ...)
- TODO: check
+ NOT-FOR-US: microweber
CVE-2022-0665
RESERVED
CVE-2022-0664 (Use of Hard-coded Cryptographic Key in Go github.com/gravitl/netmaker ...)
- TODO: check
+ NOT-FOR-US: Go github.com/gravitl/netmaker
CVE-2022-0663
RESERVED
CVE-2022-0662
@@ -123,7 +123,7 @@ CVE-2022-0662
CVE-2022-0661
RESERVED
CVE-2022-0660 (Generation of Error Message Containing Sensitive Information in Packag ...)
- TODO: check
+ NOT-FOR-US: microweber
CVE-2022-0659
RESERVED
CVE-2022-0658
@@ -4071,9 +4071,9 @@ CVE-2022-23984
CVE-2022-23983
RESERVED
CVE-2022-23982 (The vulnerability discovered in WordPress Perfect Brands for WooCommer ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-23981 (The vulnerability allows Subscriber+ level users to create brands in W ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-23980 (Cross-Site Scripting (XSS) vulnerability discovered in Yasr – Ye ...)
NOT-FOR-US: WordPress plugin
CVE-2022-23979 (Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability ...)
@@ -4936,11 +4936,11 @@ CVE-2022-22146 (Cross-site scripting vulnerability in TransmitMail 2.5.0 to 2.6.
CVE-2022-21193 (Directory traversal vulnerability in TransmitMail 2.5.0 to 2.6.1 allow ...)
NOT-FOR-US: TransmitMail
CVE-2022-21176 (MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior ...)
- TODO: check
+ NOT-FOR-US: Airspan Networks
CVE-2022-21143 (MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior ...)
- TODO: check
+ NOT-FOR-US: Airspan Networks
CVE-2022-21141 (MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior ...)
- TODO: check
+ NOT-FOR-US: Airspan Networks
CVE-2022-0335 (A flaw was found in Moodle in versions 3.11 to 3.11.4, 3.10 to 3.10.8, ...)
- moodle <removed>
CVE-2022-0334 (A flaw was found in Moodle in versions 3.11 to 3.11.4, 3.10 to 3.10.8, ...)
@@ -8763,7 +8763,7 @@ CVE-2022-0139 (Use After Free in GitHub repository radareorg/radare2 prior to 5.
NOTE: https://huntr.dev/bounties/3dcb6f40-45cd-403b-929f-db123fde32c0/
NOTE: https://github.com/radareorg/radare2/commit/37897226a1a31f982bfefdc4aeefc2e50355c73c (5.6.0)
CVE-2022-0138 (MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior ...)
- TODO: check
+ NOT-FOR-US: Airspan Networks
CVE-2022-0137
RESERVED
CVE-2022-0136
@@ -10110,9 +10110,9 @@ CVE-2021-46038 (A Pointer Dereference vulnerability exists in GPAC 1.0.1 in unli
NOTE: https://github.com/gpac/gpac/issues/2000
NOTE: https://github.com/gpac/gpac/commit/f5a778edd1febd574ff9558d2faa57133bdb4a5f
CVE-2021-46037 (MCMS v5.2.4 was discovered to contain an arbitrary file deletion vulne ...)
- TODO: check
+ NOT-FOR-US: MCMS
CVE-2021-46036 (An arbitrary file upload vulnerability in the component /ms/file/uploa ...)
- TODO: check
+ NOT-FOR-US: MCMS
CVE-2021-46035
RESERVED
CVE-2021-46034 (A problem was found in ForestBlog, as of 2021-12-29, there is a XSS vu ...)
@@ -12116,11 +12116,11 @@ CVE-2022-22153 (An Insufficient Algorithmic Complexity combined with an Allocati
CVE-2022-22152 (A Protection Mechanism Failure vulnerability in the REST API of Junipe ...)
NOT-FOR-US: Juniper
CVE-2022-21800 (MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior ...)
- TODO: check
+ NOT-FOR-US: Airspan Networks
CVE-2022-21215 (This vulnerability could allow an attacker to force the server to crea ...)
- TODO: check
+ NOT-FOR-US: Airspan Networks
CVE-2022-21196 (MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior ...)
- TODO: check
+ NOT-FOR-US: Airspan Networks
CVE-2022-21155
RESERVED
CVE-2022-21137 (Omron CX-One Versions 4.60 and prior are vulnerable to a stack-based b ...)
@@ -12493,7 +12493,7 @@ CVE-2021-45402 (The check_alu_op() function in kernel/bpf/verifier.c in the Linu
NOTE: https://git.kernel.org/linus/b1a7288dedc6caf9023f2676b4f5ed34cf0d4029
NOTE: https://git.kernel.org/linus/e572ff80f05c33cd0cb4860f864f5c9c044280b6
CVE-2021-45401 (A Command injection vulnerability exists in Tenda AC10U AC1200 Smart D ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2021-45400
RESERVED
CVE-2021-45399
@@ -14097,7 +14097,7 @@ CVE-2021-44970 (MiniCMS v1.11 was discovered to contain a cross-site scripting (
CVE-2021-44969 (Taocms v3.0.2 was discovered to contain a cross-site scripting (XSS) v ...)
NOT-FOR-US: Taocms
CVE-2021-44968 (A Use after Free vulnerability exists in IOBit Advanced SystemCare 15 ...)
- TODO: check
+ NOT-FOR-US: IOBit Advanced SystemCare
CVE-2021-44967
RESERVED
CVE-2021-44966 (SQL injection bypass authentication vulnerability in PHPGURUKUL Employ ...)
@@ -53597,7 +53597,7 @@ CVE-2021-30652 (A race condition was addressed with additional validation. This
CVE-2021-30651
RESERVED
CVE-2021-30650 (A reflected cross-site scripting (XSS) vulnerability in the Symantec L ...)
- TODO: check
+ NOT-FOR-US: Symantec
CVE-2021-30649
RESERVED
CVE-2021-30648 (The Symantec Advanced Secure Gateway (ASG) and ProxySG web management ...)
@@ -63990,9 +63990,9 @@ CVE-2021-26621
CVE-2021-26620
RESERVED
CVE-2021-26619 (An path traversal vulnerability leading to delete arbitrary files was ...)
- TODO: check
+ NOT-FOR-US: BigFileAgent
CVE-2021-26618 (An improper input validation leading to arbitrary file creation was di ...)
- TODO: check
+ NOT-FOR-US: ToWord of ToOffice
CVE-2021-26617
RESERVED
CVE-2021-26616 (An OS command injection was found in SecuwaySSL, when special characte ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a4b8f88d7096fc91193faa2efb8b606a86bb1e0b
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a4b8f88d7096fc91193faa2efb8b606a86bb1e0b
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220218/09fd849d/attachment.htm>
More information about the debian-security-tracker-commits
mailing list