[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Sat Jan 8 08:25:56 GMT 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
d93da876 by Salvatore Bonaccorso at 2022-01-08T09:25:32+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -17,7 +17,7 @@ CVE-2022-22822 (addBinding in xmlparse.c in Expat (aka libexpat) before 2.4.3 ha
- expat <unfixed>
NOTE: https://github.com/libexpat/libexpat/pull/539
CVE-2022-22821 (NVIDIA NeMo before 1.6.0 contains a vulnerability in ASR WebApp, in wh ...)
- TODO: check
+ NOT-FOR-US: NVIDIA NeMo
CVE-2022-22820
RESERVED
CVE-2022-22819
@@ -340,9 +340,9 @@ CVE-2022-22704 (The zabbix-agent2 package before 5.4.9-r1 for Alpine Linux somet
CVE-2022-22703
RESERVED
CVE-2022-22702 (PartKeepr versions up to v1.4.0, in the functionality to upload attach ...)
- TODO: check
+ NOT-FOR-US: PartKeepr
CVE-2022-22701 (PartKeepr versions up to v1.4.0, loads attachments using a URL while c ...)
- TODO: check
+ NOT-FOR-US: PartKeepr
CVE-2022-22700
RESERVED
CVE-2022-22699
@@ -1911,17 +1911,17 @@ CVE-2022-22290
CVE-2022-22289 (Improper access control vulnerability in S Assistant prior to version ...)
TODO: check
CVE-2022-22288 (Improper authorization vulnerability in Galaxy Store prior to 4.5.36.5 ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-22287 (Abitrary file access vulnerability in Samsung Email prior to 6.1.60.16 ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-22286 (A vulnerability using PendingIntent in Bixby Routines prior to version ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-22285 (A vulnerability using PendingIntent in Reminder prior to version 12.2. ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-22284 (Improper authentication vulnerability in Samsung Internet prior to 16. ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-22283 (Improper session management vulnerability in Samsung Health prior to 6 ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2021-45732 (Netgear Nighthawk R6700 version 1.0.4.120 makes use of a hardcoded cre ...)
NOT-FOR-US: Netgear
CVE-2021-45077 (Netgear Nighthawk R6700 version 1.0.4.120 stores sensitive information ...)
@@ -1967,25 +1967,25 @@ CVE-2022-22274
CVE-2022-22273
RESERVED
CVE-2022-22272 (Improper authorization in TelephonyManager prior to SMR Jan-2022 Relea ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-22271 (A missing input validation before memory copy in TIMA trustlet prior t ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-22270 (An implicit Intent hijacking vulnerability in Dialer prior to SMR Jan- ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-22269 (Keeping sensitive data in unprotected BluetoothSettingsProvider prior ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-22268 (Incorrect implementation of Knox Guard prior to SMR Jan-2022 Release 1 ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-22267 (Implicit Intent hijacking vulnerability in ActivityMetricsLogger prior ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-22266 ((Applicable to China models only) Unprotected WifiEvaluationService in ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-22265 (An improper check or handling of exceptional conditions in NPU driver ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-22264 (Improper sanitization of incoming intent in Dressroom prior to SMR Jan ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-22263 (Unprotected dynamic receiver in SecSettings prior to SMR Jan-2022 Rele ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2021-45919
RESERVED
CVE-2021-4190 (Large loop in the Kafka dissector in Wireshark 3.6.0 allows denial of ...)
@@ -5768,7 +5768,7 @@ CVE-2022-21825
CVE-2022-21824
RESERVED
CVE-2022-21823 (A insecure storage of sensitive information vulnerability exists in Iv ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2021-44831
RESERVED
CVE-2021-44830
@@ -21125,49 +21125,49 @@ CVE-2021-40041 (There is a Cross-Site Scripting(XSS) vulnerability in HUAWEI WS3
CVE-2021-40040
RESERVED
CVE-2021-40039 (There is a Null pointer dereference vulnerability in the camera module ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2021-40038 (There is a Double free vulnerability in the AOD module in smartphones. ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2021-40037 (There is a Vulnerability of accessing resources using an incompatible ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2021-40036
RESERVED
CVE-2021-40035 (There is a Buffer overflow vulnerability due to a boundary error with ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2021-40034
RESERVED
CVE-2021-40033
RESERVED
CVE-2021-40032 (The bone voice ID TA has a vulnerability in information management,Suc ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2021-40031 (There is a Null pointer dereference vulnerability in the camera module ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2021-40030
RESERVED
CVE-2021-40029 (There is a Buffer overflow vulnerability due to a boundary error with ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2021-40028 (The eID module has an out-of-bounds memory write vulnerability,Success ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2021-40027 (The bone voice ID TA has a vulnerability in calculating the buffer len ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2021-40026 (There is a Heap-based buffer overflow vulnerability in the AOD module ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2021-40025 (The eID module has a vulnerability that causes the memory to be used w ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2021-40024
RESERVED
CVE-2021-40023
RESERVED
CVE-2021-40022 (The weaver module has a vulnerability in parameter type verification,S ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2021-40021 (The eID module has an out-of-bounds memory write vulnerability,Success ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2021-40020 (There is an Out-of-bounds array read vulnerability in the security sto ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2021-40019
RESERVED
CVE-2021-40018 (The eID module has a null pointer reference vulnerability. Successful ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2021-40017
RESERVED
CVE-2021-40016
@@ -21175,57 +21175,57 @@ CVE-2021-40016
CVE-2021-40015
RESERVED
CVE-2021-40014 (The bone voice ID trusted application (TA) has a heap overflow vulnera ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2021-40013
RESERVED
CVE-2021-40012
RESERVED
CVE-2021-40011 (There is an Uncontrolled resource consumption vulnerability in the dis ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2021-40010 (The bone voice ID trusted application (TA) has a heap overflow vulnera ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2021-40009 (There is an Out-of-bounds write vulnerability in the AOD module in sma ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2021-40008 (There is a memory leak vulnerability in CloudEngine 12800 V200R019C00S ...)
NOT-FOR-US: Huawei
CVE-2021-40007 (There is an information leak vulnerability in eCNS280_TD V100R005C10SP ...)
NOT-FOR-US: Huawei
CVE-2021-40006 (The fingerprint module has a security risk of brute force cracking. Su ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2021-40005 (The distributed data service component has a vulnerability in data acc ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2021-40004 (The cellular module has a vulnerability in permission management. Succ ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2021-40003 (HwPCAssistant has a path traversal vulnerability. Successful exploitat ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2021-40002 (The Bluetooth module has an out-of-bounds write vulnerability. Success ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2021-40001 (The CaasKit module has a path traversal vulnerability. Successful expl ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2021-40000 (The Bluetooth module has an out-of-bounds write vulnerability. Success ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2021-39999
RESERVED
CVE-2021-39998 (There is Vulnerability of APIs being concurrently called for multiple ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2021-39997
RESERVED
CVE-2021-39996 (There is a Heap-based buffer overflow vulnerability with the NFC modul ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2021-39995 (Some Huawei products use the OpenHpi software for hardware management. ...)
NOT-FOR-US: Huawei
CVE-2021-39994
RESERVED
CVE-2021-39993 (There is an Integer overflow vulnerability with ACPU in smartphones. S ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2021-39992
RESERVED
CVE-2021-39991
RESERVED
CVE-2021-39990 (The screen lock module has a Stack-based Buffer Overflow vulnerability ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2021-39989 (The HwNearbyMain module has a Exposure of Sensitive Information to an ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2021-39988 (The HwNearbyMain module has a NULL Pointer Dereference vulnerability.S ...)
NOT-FOR-US: Huawei
CVE-2021-39987 (The HwNearbyMain module has a Data Processing Errors vulnerability.Suc ...)
@@ -29257,19 +29257,19 @@ CVE-2021-36726
CVE-2021-36725
RESERVED
CVE-2021-36724 (ForeScout - SecureConnector Local Service DoS - A low privilaged user ...)
- TODO: check
+ NOT-FOR-US: ForeScout - SecureConnector
CVE-2021-36723 (Emuse - eServices / eNvoice Exposure Of Private Personal Information d ...)
- TODO: check
+ NOT-FOR-US: Emuse - eServices / eNvoice
CVE-2021-36722 (Emuse - eServices / eNvoice SQL injection can be used in various ways ...)
- TODO: check
+ NOT-FOR-US: Emuse - eServices / eNvoice
CVE-2021-36721 (Sysaid API User Enumeration - Attacker sending requests to specific ap ...)
- TODO: check
+ NOT-FOR-US: Sysaid API
CVE-2021-36720 (PineApp - Mail Secure - Attacker sending a request to :/blocking.php?u ...)
NOT-FOR-US: PineApp - Mail Secure
CVE-2021-36719 (PineApp - Mail Secure - The attacker must be logged in as a user to th ...)
NOT-FOR-US: PineApp - Mail Secure
CVE-2021-36718 (SYNEL - eharmonynew / Synel Reports - The attacker can log in to the s ...)
- TODO: check
+ NOT-FOR-US: SYNEL - eharmonynew / Synel Reports
CVE-2021-36717 (Synerion TimeNet version 9.21 contains a directory traversal vulnerabi ...)
NOT-FOR-US: Synerion TimeNet
CVE-2021-36716 (A ReDoS (regular expression denial of service) flaw was found in the S ...)
@@ -32729,7 +32729,7 @@ CVE-2021-35249
CVE-2021-35248 (It has been reported that any Orion user, e.g. guest accounts can quer ...)
NOT-FOR-US: SolarWinds
CVE-2021-35247 (Serv-U web login screen was allowing characters that were not sanitize ...)
- TODO: check
+ NOT-FOR-US: SolarWinds
CVE-2021-35246
RESERVED
CVE-2021-35245 (When a user has admin rights in Serv-U Console, the user can move, cre ...)
@@ -38059,11 +38059,11 @@ CVE-2021-33000 (Parsing a maliciously crafted project file may cause a heap-base
CVE-2021-32999 (Improper handling of exceptional conditions in SuiteLink server while ...)
NOT-FOR-US: Suitelink
CVE-2021-32998 (The FANUC R-30iA and R-30iB series controllers are vulnerable to an ou ...)
- TODO: check
+ NOT-FOR-US: FANUC
CVE-2021-32997
RESERVED
CVE-2021-32996 (The FANUC R-30iA and R-30iB series controllers are vulnerable to integ ...)
- TODO: check
+ NOT-FOR-US: FANUC
CVE-2021-32995 (Cscape (All Versions prior to 9.90 SP5) lacks proper validation of use ...)
NOT-FOR-US: Cscape
CVE-2021-32994
@@ -69885,17 +69885,17 @@ CVE-2021-20875 (Open redirect vulnerability in GroupSession Free edition ver5.1.
CVE-2021-20874 (Incorrect permission assignment for critical resource vulnerability in ...)
NOT-FOR-US: GroupSession
CVE-2021-20873 (Yappli is an application development platform which provides the funct ...)
- TODO: check
+ NOT-FOR-US: Yappli
CVE-2021-20872 (Protection mechanism failure vulnerability in KONICA MINOLTA bizhub se ...)
- TODO: check
+ NOT-FOR-US: KONICA MINOLTA
CVE-2021-20871 (Exposure of sensitive information to an unauthorized actor vulnerabili ...)
- TODO: check
+ NOT-FOR-US: KONICA MINOLTA
CVE-2021-20870 (Improper handling of exceptional conditions vulnerability in KONICA MI ...)
- TODO: check
+ NOT-FOR-US: KONICA MINOLTA
CVE-2021-20869 (Exposure of sensitive information to an unauthorized actor vulnerabili ...)
- TODO: check
+ NOT-FOR-US: KONICA MINOLTA
CVE-2021-20868 (Incorrect authorization vulnerability in KONICA MINOLTA bizhub series ...)
- TODO: check
+ NOT-FOR-US: KONICA MINOLTA
CVE-2021-20867 (Advanced Custom Fields versions prior to 5.11 and Advanced Custom Fiel ...)
NOT-FOR-US: WordPress plugin
CVE-2021-20866 (Advanced Custom Fields versions prior to 5.11 and Advanced Custom Fiel ...)
@@ -72261,11 +72261,11 @@ CVE-2021-20050 (An Improper Access Control Vulnerability in the SMA100 series le
CVE-2021-20049 (A vulnerability in SonicWall SMA100 password change API allows a remot ...)
NOT-FOR-US: SonicWall
CVE-2021-20048 (A Stack-based buffer overflow in the SonicOS SessionID HTTP response h ...)
- TODO: check
+ NOT-FOR-US: Sonicwall
CVE-2021-20047 (SonicWall Global VPN client version 4.10.6 (32-bit and 64-bit) and ear ...)
NOT-FOR-US: SonicWall
CVE-2021-20046 (A Stack-based buffer overflow in the SonicOS HTTP Content-Length respo ...)
- TODO: check
+ NOT-FOR-US: Sonicwall
CVE-2021-20045 (A buffer overflow vulnerability in SMA100 sonicfiles RAC_COPY_TO (RacN ...)
NOT-FOR-US: SonicWall
CVE-2021-20044 (A post-authentication remote command injection vulnerability in SonicW ...)
@@ -76051,7 +76051,7 @@ CVE-2020-29294
CVE-2020-29293
RESERVED
CVE-2020-29292 (iBall WRD12EN 1.0.0 devices allow cross-site request forgery (CSRF) at ...)
- TODO: check
+ NOT-FOR-US: iBall WRD12EN
CVE-2020-29291
RESERVED
CVE-2020-29290
@@ -96282,7 +96282,7 @@ CVE-2020-22063
CVE-2020-22062
RESERVED
CVE-2020-22061 (SUPERAntispyware v8.0.0.1050 was discovered to contain an issue in the ...)
- TODO: check
+ NOT-FOR-US: SUPERAntispyware
CVE-2020-22060
RESERVED
CVE-2020-22059
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d93da876c00904ed64e12eddb526f4be6523204b
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d93da876c00904ed64e12eddb526f4be6523204b
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220108/4406eaf0/attachment.htm>
More information about the debian-security-tracker-commits
mailing list