[Git][security-tracker-team/security-tracker][master] Process several NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Feb 25 20:27:46 GMT 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
9642c7a1 by Salvatore Bonaccorso at 2022-02-25T21:27:17+01:00
Process several NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1036,17 +1036,17 @@ CVE-2022-25650
CVE-2022-25172
RESERVED
CVE-2022-25170 (The affected product is vulnerable to a stack-based buffer overflow wh ...)
- TODO: check
+ NOT-FOR-US: FATEK Automation
CVE-2022-24910
RESERVED
CVE-2022-23985 (The affected product is vulnerable to an out-of-bounds write while pro ...)
- TODO: check
+ NOT-FOR-US: FATEK Automation
CVE-2022-21809
RESERVED
CVE-2022-21238
RESERVED
CVE-2022-21209 (The affected product is vulnerable to an out-of-bounds read while proc ...)
- TODO: check
+ NOT-FOR-US: FATEK Automation
CVE-2022-0730
RESERVED
CVE-2022-0729 (Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior ...)
@@ -1693,7 +1693,7 @@ CVE-2022-25375 (An issue was discovered in drivers/usb/gadget/function/rndis.c i
NOTE: https://www.openwall.com/lists/oss-security/2022/02/21/1
NOTE: https://git.kernel.org/linus/38ea1eac7d88072bbffb630e2b3db83ca649b826 (5.17-rc4)
CVE-2022-25374 (HashiCorp Terraform Enterprise before 202202-1 inserts Sensitive Infor ...)
- TODO: check
+ NOT-FOR-US: HashiCorp Terraform Enterprise
CVE-2022-25373
RESERVED
CVE-2022-25372 (Pritunl Client through 1.2.3019.52 on Windows allows local privilege e ...)
@@ -2314,7 +2314,7 @@ CVE-2022-0617 (A flaw null pointer dereference in the Linux kernel UDF file syst
CVE-2022-0616
RESERVED
CVE-2022-0615 (Use-after-free in eset_rtp kernel module used in ESET products for Lin ...)
- TODO: check
+ NOT-FOR-US: ESET
CVE-2022-0614 (Use of Out-of-range Pointer Offset in Homebrew mruby prior to 3.2. ...)
- mruby <not-affected> (Vulnerable code introduced later)
NOTE: https://huntr.dev/bounties/a980ce4d-c359-4425-92c4-e844c0055879
@@ -3901,7 +3901,7 @@ CVE-2022-24613 (metadata-extractor up to 2.16.0 can throw various uncaught excep
- libmetadata-extractor-java <unfixed>
NOTE: https://github.com/drewnoakes/metadata-extractor/issues/561
CVE-2022-24612 (An authenticated user can upload an XML file containing an XSS via the ...)
- TODO: check
+ NOT-FOR-US: EyesOfNetwork (EON) eonweb
CVE-2022-24611
RESERVED
CVE-2022-24610 (Settings/network settings/wireless settings on the Alecto DVC-215IP ca ...)
@@ -4539,41 +4539,41 @@ CVE-2022-24349
CVE-2022-24348 (Argo CD before 2.1.9 and 2.2.x before 2.2.4 allows directory traversal ...)
NOT-FOR-US: Argo CD
CVE-2022-24347 (JetBrains YouTrack before 2021.4.36872 was vulnerable to stored XSS vi ...)
- TODO: check
+ NOT-FOR-US: JetBrains YouTrack
CVE-2022-24346 (In JetBrains IntelliJ IDEA before 2021.3.1, local code execution via R ...)
TODO: check
CVE-2022-24345 (In JetBrains IntelliJ IDEA before 2021.2.4, local code execution (with ...)
TODO: check
CVE-2022-24344 (JetBrains YouTrack before 2021.4.31698 was vulnerable to stored XSS on ...)
- TODO: check
+ NOT-FOR-US: JetBrains YouTrack
CVE-2022-24343 (In JetBrains YouTrack before 2021.4.31698, a custom logo could be set ...)
- TODO: check
+ NOT-FOR-US: JetBrains YouTrack
CVE-2022-24342 (In JetBrains TeamCity before 2021.2.1, URL injection leading to CSRF w ...)
- TODO: check
+ NOT-FOR-US: JetBrains TeamCity
CVE-2022-24341 (In JetBrains TeamCity before 2021.2.1, editing a user account to chang ...)
- TODO: check
+ NOT-FOR-US: JetBrains TeamCity
CVE-2022-24340 (In JetBrains TeamCity before 2021.2.1, XXE during the parsing of the c ...)
- TODO: check
+ NOT-FOR-US: JetBrains TeamCity
CVE-2022-24339 (JetBrains TeamCity before 2021.2.1 was vulnerable to stored XSS. ...)
- TODO: check
+ NOT-FOR-US: JetBrains TeamCity
CVE-2022-24338 (JetBrains TeamCity before 2021.2.1 was vulnerable to reflected XSS. ...)
- TODO: check
+ NOT-FOR-US: JetBrains TeamCity
CVE-2022-24337 (In JetBrains TeamCity before 2021.2, health items of pull requests wer ...)
- TODO: check
+ NOT-FOR-US: JetBrains TeamCity
CVE-2022-24336 (In JetBrains TeamCity before 2021.2.1, an unauthenticated attacker can ...)
- TODO: check
+ NOT-FOR-US: JetBrains TeamCity
CVE-2022-24335 (JetBrains TeamCity before 2021.2 was vulnerable to a Time-of-check/Tim ...)
- TODO: check
+ NOT-FOR-US: JetBrains TeamCity
CVE-2022-24334 (In JetBrains TeamCity before 2021.2.1, the Agent Push feature allowed ...)
- TODO: check
+ NOT-FOR-US: JetBrains TeamCity
CVE-2022-24333 (In JetBrains TeamCity before 2021.2, blind SSRF via an XML-RPC call wa ...)
- TODO: check
+ NOT-FOR-US: JetBrains TeamCity
CVE-2022-24332 (In JetBrains TeamCity before 2021.2, a logout action didn't remove a R ...)
- TODO: check
+ NOT-FOR-US: JetBrains TeamCity
CVE-2022-24331 (In JetBrains TeamCity before 2021.1.4, GitLab authentication impersona ...)
- TODO: check
+ NOT-FOR-US: JetBrains TeamCity
CVE-2022-24330 (In JetBrains TeamCity before 2021.2.1, a redirection to an external si ...)
- TODO: check
+ NOT-FOR-US: JetBrains TeamCity
CVE-2022-24329 (In JetBrains Kotlin before 1.6.0, it was not possible to lock dependen ...)
TODO: check
CVE-2022-24328 (In JetBrains Hub before 2021.1.13956, an unprivileged user could perfo ...)
@@ -5628,11 +5628,11 @@ CVE-2022-24037
CVE-2022-24036
RESERVED
CVE-2022-23921 (Exploitation of this vulnerability may result in local privilege escal ...)
- TODO: check
+ NOT-FOR-US: GE
CVE-2022-22987 (The affected product has a hardcoded private key available inside the ...)
NOT-FOR-US: Advantech
CVE-2022-21798 (The affected product is vulnerable due to cleartext transmission of cr ...)
- TODO: check
+ NOT-FOR-US: GE
CVE-2022-21154
RESERVED
CVE-2022-0392 (Heap-based Buffer Overflow in GitHub repository vim prior to 8.2. ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9642c7a168dccca09bb24c63ea1fd07982852dc5
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9642c7a168dccca09bb24c63ea1fd07982852dc5
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220225/dca098f0/attachment.htm>
More information about the debian-security-tracker-commits
mailing list