[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Feb 25 20:32:45 GMT 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
76abc052 by Salvatore Bonaccorso at 2022-02-25T21:31:54+01:00
Process NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -4577,9 +4577,9 @@ CVE-2022-24330 (In JetBrains TeamCity before 2021.2.1, a redirection to an exter
CVE-2022-24329 (In JetBrains Kotlin before 1.6.0, it was not possible to lock dependen ...)
TODO: check
CVE-2022-24328 (In JetBrains Hub before 2021.1.13956, an unprivileged user could perfo ...)
- TODO: check
+ NOT-FOR-US: JetBrains Hub
CVE-2022-24327 (In JetBrains Hub before 2021.1.13890, integration with JetBrains Accou ...)
- TODO: check
+ NOT-FOR-US: JetBrains Hub
CVE-2022-24326
RESERVED
CVE-2022-24325
@@ -20917,7 +20917,7 @@ CVE-2021-3959 (A Server-Side Request Forgery (SSRF) vulnerability in the EPPUpda
CVE-2021-3958 (Due to improper sanitization iPack SCADA Automation software suffers f ...)
NOT-FOR-US: iPack SCADA Automation
CVE-2021-43745 (A Denial of Service vulnerabilty exists in Trilium Notes 0.48.6 in the ...)
- TODO: check
+ NOT-FOR-US: Trilium Notes
CVE-2021-43744
RESERVED
CVE-2021-43743
@@ -26899,7 +26899,7 @@ CVE-2021-42246
CVE-2021-42245
RESERVED
CVE-2021-42244 (A cross-site scripting (XSS) vulnerability in PaquitoSoftware Notimoo ...)
- TODO: check
+ NOT-FOR-US: PaquitoSoftware Notimoo
CVE-2021-42243
RESERVED
CVE-2021-42242
@@ -32391,13 +32391,13 @@ CVE-2021-40048
CVE-2021-40047
RESERVED
CVE-2021-40046 (PCManager versions 11.1.1.95 has a privilege escalation vulnerability. ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2021-40045 (There is a vulnerability of signature verification mechanism failure i ...)
NOT-FOR-US: Huawei
CVE-2021-40044 (There is a permission verification vulnerability in the Bluetooth modu ...)
NOT-FOR-US: Huawei
CVE-2021-40043 (The laser command injection vulnerability exists on AIS-BW80H-00 versi ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2021-40042 (There is a release of invalid pointer vulnerability in some Huawei pro ...)
NOT-FOR-US: Huawei
CVE-2021-40041 (There is a Cross-Site Scripting(XSS) vulnerability in HUAWEI WS318n pr ...)
@@ -33933,9 +33933,9 @@ CVE-2021-39365 (In GNOME grilo though 0.3.13, grl-net-wc.c does not enable TLS c
NOTE: https://blogs.gnome.org/mcatanzaro/2021/05/25/reminder-soupsessionsync-and-soupsessionasync-default-to-no-tls-certificate-verification/
NOTE: https://gitlab.gnome.org/GNOME/grilo/-/issues/146
CVE-2021-39364 (Honeywell HDZP252DI 1.00.HW02.4 and HBW2PER1 1.000.HW01.3 devices allo ...)
- TODO: check
+ NOT-FOR-US: Honeywell
CVE-2021-39363 (Honeywell HDZP252DI 1.00.HW02.4 and HBW2PER1 1.000.HW01.3 devices allo ...)
- TODO: check
+ NOT-FOR-US: Honeywell
CVE-2020-36478 (An issue was discovered in Mbed TLS before 2.25.0 (and before 2.16.9 L ...)
{DLA-2826-1}
- mbedtls 2.16.9-0.1
@@ -39766,7 +39766,7 @@ CVE-2021-37105 (There is an improper file upload control vulnerability in Fusion
CVE-2021-37104 (There is a server-side request forgery vulnerability in HUAWEI P40 ver ...)
NOT-FOR-US: Huawei
CVE-2021-37103 (There is an improper permission management vulnerability in the Wallet ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2021-37102 (There is a command injection vulnerability in CMA service module of Fu ...)
NOT-FOR-US: Huawei
CVE-2021-37101 (There is an improper authorization vulnerability in AIS-BW50-00 9.0.6. ...)
@@ -39918,7 +39918,7 @@ CVE-2021-37029 (There is an Identity verification vulnerability in Huawei Smartp
CVE-2021-37028 (There is a command injection vulnerability in the HG8045Q product. Whe ...)
NOT-FOR-US: Huawei
CVE-2021-37027 (There is a DoS vulnerability in smartphones. Successful exploitation o ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2021-37026 (There is a Improper Input Validation vulnerability in Huawei Smartphon ...)
NOT-FOR-US: Huawei
CVE-2021-37025 (There is a Improper Input Validation vulnerability in Huawei Smartphon ...)
@@ -46244,11 +46244,11 @@ CVE-2021-34363 (The thefuck (aka The Fuck) package before 3.31 for Python allows
CVE-2021-34362 (A command injection vulnerability has been reported to affect QNAP dev ...)
NOT-FOR-US: QNAP
CVE-2021-34361 (A cross-site scripting (XSS) vulnerability has been reported to affect ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2021-34360
RESERVED
CVE-2021-34359 (A cross-site scripting (XSS) vulnerability has been reported to affect ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2021-34358 (We have already fixed this vulnerability in the following versions of ...)
NOT-FOR-US: QNAP
CVE-2021-34357 (A cross-site scripting (XSS) vulnerability has been reported to affect ...)
@@ -59734,15 +59734,15 @@ CVE-2021-29222
CVE-2021-29221 (A local privilege escalation vulnerability was discovered in Erlang/OT ...)
- erlang <not-affected> (Windows-specific)
CVE-2021-29220 (Multiple buffer overflow security vulnerabilities have been identified ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2021-29219 (A potential local buffer overflow vulnerability has been identified in ...)
NOT-FOR-US: HPE
CVE-2021-29218 (A local unquoted search path security vulnerability has been identifie ...)
NOT-FOR-US: HPE
CVE-2021-29217 (A remote URL redirection vulnerability was discovered in HPE OneView G ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2021-29216 (A remote cross-site scripting vulnerability was discovered in HPE OneV ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2021-29215 (A potential security vulnerability in HPE Ezmeral Data Fabric that may ...)
NOT-FOR-US: HPE
CVE-2021-29214 (A security vulnerability has been identified in HPE StoreServ Manageme ...)
@@ -76088,7 +76088,7 @@ CVE-2021-22491 (There is an Input verification vulnerability in Huawei Smartphon
CVE-2021-22490 (There is a Permission verification vulnerability in Huawei Smartphone. ...)
NOT-FOR-US: Huawei
CVE-2021-22489 (There is a DoS vulnerability in smartphones. Successful exploitation o ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2021-22488 (There is an Unauthorized file access vulnerability in Huawei Smartphon ...)
NOT-FOR-US: Huawei
CVE-2021-22487 (There is an Out-of-bounds read vulnerability in Huawei Smartphone. Suc ...)
@@ -76106,11 +76106,11 @@ CVE-2021-22482 (There is an Uninitialized variable vulnerability in Huawei Smart
CVE-2021-22481 (There is a Verification errors vulnerability in Huawei Smartphone.Succ ...)
NOT-FOR-US: Huawei
CVE-2021-22480 (The interface of a certain HarmonyOS module has an integer overflow vu ...)
- TODO: check
+ NOT-FOR-US: HarmonyOS
CVE-2021-22479 (The interface of a certain HarmonyOS module has an invalid address acc ...)
- TODO: check
+ NOT-FOR-US: HarmonyOS
CVE-2021-22478 (The interface of a certain HarmonyOS module has a UAF vulnerability. S ...)
- TODO: check
+ NOT-FOR-US: HarmonyOS
CVE-2021-22477
RESERVED
CVE-2021-22476
@@ -76170,7 +76170,7 @@ CVE-2021-22450 (A component of the HarmonyOS has a Incomplete Cleanup vulnerabil
CVE-2021-22449 (There is a logic vulnerability in Elf-G10HN 1.0.0.608. An unauthentica ...)
NOT-FOR-US: Elf-G10HN (Huawei)
CVE-2021-22448 (There is an improper verification vulnerability in smartphones. Succes ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2021-22447 (There is an Improper Check for Unusual or Exceptional Conditions Vulne ...)
NOT-FOR-US: Huawei
CVE-2021-22446 (There is an Information Disclosure Vulnerability in Huawei Smartphone. ...)
@@ -76184,7 +76184,7 @@ CVE-2021-22443 (There is an Input Verification Vulnerability in Huawei Smartphon
CVE-2021-22442 (There is an Improper Validation of Integrity Check Value Vulnerability ...)
NOT-FOR-US: Huawei
CVE-2021-22441 (Some Huawei products have an integer overflow vulnerability. Successfu ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2021-22440 (There is a path traversal vulnerability in some Huawei products. The v ...)
NOT-FOR-US: Huawei
CVE-2021-22439 (There is a deserialization vulnerability in Huawei AnyOffice V200R006C ...)
@@ -76192,29 +76192,29 @@ CVE-2021-22439 (There is a deserialization vulnerability in Huawei AnyOffice V20
CVE-2021-22438 (There is a Memory Buffer Improper Operation Limit Vulnerability in Hua ...)
NOT-FOR-US: Huawei
CVE-2021-22437 (There is a software integer overflow leading to a TOCTOU condition in ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2021-22436 (There is a Logic Bypass vulnerability in Huawei Smartphone.Successful ...)
NOT-FOR-US: Huawei
CVE-2021-22435 (There is a Configuration Defect Vulnerability in Huawei Smartphone.Suc ...)
NOT-FOR-US: Huawei
CVE-2021-22434 (There is a memory address out of bounds vulnerability in smartphones. ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2021-22433 (There is a memory address out of bounds in smartphones. Successful exp ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2021-22432 (There is a vulnerability when configuring permission isolation in smar ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2021-22431 (There is a vulnerability when configuring permission isolation in smar ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2021-22430 (There is a logic bypass vulnerability in smartphones. Successful explo ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2021-22429 (There is a memory address out of bounds in smartphones. Successful exp ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2021-22428 (There is an Incomplete Cleanup Vulnerability in Huawei Smartphone.Succ ...)
NOT-FOR-US: Huawei
CVE-2021-22427 (There is a Heap-based Buffer Overflow Vulnerability in Huawei Smartpho ...)
NOT-FOR-US: Huawei
CVE-2021-22426 (There is a memory address out of bounds in smartphones. Successful exp ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2021-22425 (A component of the HarmonyOS has a Double Free vulnerability. Local at ...)
NOT-FOR-US: HarmonyOS
CVE-2021-22424 (A component of the HarmonyOS has a Kernel Memory Leakage Vulnerability ...)
@@ -76276,9 +76276,9 @@ CVE-2021-22397 (There is a privilege escalation vulnerability in Huawei ManageOn
CVE-2021-22396 (There is a privilege escalation vulnerability in some Huawei products. ...)
NOT-FOR-US: Huawei
CVE-2021-22395 (There is a code injection vulnerability in smartphones. Successful exp ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2021-22394 (There is a buffer overflow vulnerability in smartphones. Successful ex ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2021-22393 (There is a denial of service vulnerability in some versions of CloudEn ...)
NOT-FOR-US: CloudEngine (Huawei)
CVE-2021-22392 (There is an Incorrect Calculation of Buffer Size in Huawei Smartphone. ...)
@@ -76428,7 +76428,7 @@ CVE-2021-22321 (There is a use-after-free vulnerability in a Huawei product. A m
CVE-2021-22320 (There is a denial of service vulnerability in Huawei products. A modul ...)
NOT-FOR-US: Huawei
CVE-2021-22319 (There is an improper verification vulnerability in smartphones. Succes ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2021-22318 (A component of the HarmonyOS 2.0 has a Null Pointer Dereference Vulner ...)
NOT-FOR-US: HarmonyOS
CVE-2021-22317 (There is an Information Disclosure vulnerability in Huawei Smartphone. ...)
@@ -125170,11 +125170,11 @@ CVE-2020-14482 (Delta Industrial Automation DOPSoft, Version 4.00.08.15 and prio
CVE-2020-14481 (The DeskLock tool provided with FactoryTalk View SE uses a weak encryp ...)
NOT-FOR-US: FactoryTalk View SE
CVE-2020-14480 (Due to usernames/passwords being stored in plaintext in Random Access ...)
- TODO: check
+ NOT-FOR-US: Rockwell Automation
CVE-2020-14479
RESERVED
CVE-2020-14478 (A local, authenticated attacker could use an XML External Entity (XXE) ...)
- TODO: check
+ NOT-FOR-US: Rockwell Automation
CVE-2020-14477 (In Philips Ultrasound ClearVue Versions 3.2 and prior, Ultrasound CX V ...)
NOT-FOR-US: Philips
CVE-2020-14476
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/76abc052c2bd8508b7087ab5fe66e1d467fd66cc
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/76abc052c2bd8508b7087ab5fe66e1d467fd66cc
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220225/c33f0980/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list