[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Jan 14 20:22:35 GMT 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
e4f85065 by Salvatore Bonaccorso at 2022-01-14T21:22:09+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -7,7 +7,7 @@ CVE-2022-23229
CVE-2022-23228
RESERVED
CVE-2022-23227 (NUUO NVRmini2 through 3.11 allows an unauthenticated attacker to uploa ...)
- TODO: check
+ NOT-FOR-US: NUUO NVRmini2
CVE-2022-23226
RESERVED
CVE-2022-23225
@@ -33,7 +33,7 @@ CVE-2022-0233
CVE-2022-0232
RESERVED
CVE-2022-0231 (livehelperchat is vulnerable to Cross-Site Request Forgery (CSRF) ...)
- TODO: check
+ NOT-FOR-US: livehelperchat
CVE-2022-0230
RESERVED
CVE-2022-0229
@@ -118,7 +118,7 @@ CVE-2021-46285
CVE-2021-46284
RESERVED
CVE-2022-0226 (livehelperchat is vulnerable to Cross-Site Request Forgery (CSRF) ...)
- TODO: check
+ NOT-FOR-US: livehelperchat
CVE-2022-0225
RESERVED
CVE-2022-0224 (dolibarr is vulnerable to Improper Neutralization of Special Elements ...)
@@ -3960,9 +3960,9 @@ CVE-2021-45809
CVE-2021-45808
RESERVED
CVE-2021-45807 (jpress v4.2.0 is vulnerable to command execution via io.jpress.web.adm ...)
- TODO: check
+ NOT-FOR-US: jpress
CVE-2021-45806 (jpress v4.2.0 admin panel provides a function through which attackers ...)
- TODO: check
+ NOT-FOR-US: jpress
CVE-2021-45805
RESERVED
CVE-2021-45804
@@ -4746,7 +4746,7 @@ CVE-2021-45469 (In __f2fs_setxattr in fs/f2fs/xattr.c in the Linux kernel throug
- linux <unfixed>
NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=215235
CVE-2021-45468 (Imperva Web Application Firewall (WAF) before 2021-12-31 allows remote ...)
- TODO: check
+ NOT-FOR-US: Imperva Web Application Firewall
CVE-2021-45467
RESERVED
CVE-2021-45466
@@ -5098,13 +5098,13 @@ CVE-2022-22127
CVE-2022-22126
RESERVED
CVE-2022-22125 (In Halo, versions v1.0.0 to v1.4.17 (latest) are vulnerable to Stored ...)
- TODO: check
+ NOT-FOR-US: Halo
CVE-2022-22124 (In Halo, versions v1.0.0 to v1.4.17 (latest) are vulnerable to Stored ...)
- TODO: check
+ NOT-FOR-US: Halo
CVE-2022-22123 (In Halo, versions v1.0.0 to v1.4.17 (latest) are vulnerable to Stored ...)
- TODO: check
+ NOT-FOR-US: Halo
CVE-2022-22122 (In Mattermost Focalboard, versions prior to v0.7.5, v0.8.4, v0.9.5, v0 ...)
- TODO: check
+ NOT-FOR-US: Mattermost Focalboard
CVE-2022-22121 (In NocoDB, versions 0.81.0 through 0.83.8 are affected by CSV Injectio ...)
NOT-FOR-US: NocoDB
CVE-2022-22120 (In NocoDB, versions 0.9 to 0.83.8 are vulnerable to Observable Discrep ...)
@@ -5122,9 +5122,9 @@ CVE-2022-22115 (In Teedy, versions v1.5 through v1.9 are vulnerable to Stored Cr
CVE-2022-22114 (In Teedy, versions v1.5 through v1.9 are vulnerable to Reflected Cross ...)
NOT-FOR-US: Teedy
CVE-2022-22113 (In DayByDay CRM, versions 2.2.0 through 2.2.1 (latest) are vulnerable ...)
- TODO: check
+ NOT-FOR-US: DayByDay CRM
CVE-2022-22112 (In DayByDay CRM, versions 1.1 through 2.2.1 (latest) suffer from an ap ...)
- TODO: check
+ NOT-FOR-US: DayByDay CRM
CVE-2022-22111 (In DayByDay CRM, version 2.2.0 is vulnerable to missing authorization. ...)
NOT-FOR-US: DayByDay CRM
CVE-2022-22110 (In Daybyday CRM, versions 1.1 through 2.2.0 enforce weak password requ ...)
@@ -5236,11 +5236,11 @@ CVE-2022-22058
CVE-2022-22057
RESERVED
CVE-2022-22056 (The Le-yan dental management system contains a hard-coded credentials ...)
- TODO: check
+ NOT-FOR-US: Le-yan dental management system
CVE-2022-22055 (The Le-yan dental management system contains an SQL-injection vulnerab ...)
- TODO: check
+ NOT-FOR-US: Le-yan dental management system
CVE-2022-22054 (ASUS RT-AX56U’s login function contains a path traversal vulnera ...)
- TODO: check
+ NOT-FOR-US: ASUS
CVE-2021-45458 (Apache Kylin provides encryption classes PasswordPlaceholderConfigurer ...)
NOT-FOR-US: Apache Kylin (different from Kylin desktop environment)
CVE-2021-45457 (In Apache Kylin, Cross-origin requests with credentials are allowed to ...)
@@ -5372,7 +5372,7 @@ CVE-2021-45424
CVE-2021-45423
RESERVED
CVE-2021-45422 (Reprise License Manager 14.2 is affected by a reflected cross-site scr ...)
- TODO: check
+ NOT-FOR-US: Reprise License Manager
CVE-2021-45421
RESERVED
CVE-2021-45420
@@ -6506,41 +6506,41 @@ CVE-2021-45070
CVE-2021-45069
RESERVED
CVE-2021-45068 (Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (an ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2021-45067 (Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (an ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2021-45066
RESERVED
CVE-2021-45065
RESERVED
CVE-2021-45064 (Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (an ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2021-45063 (Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (an ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2021-45062 (Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (an ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2021-45061 (Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (an ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2021-45060 (Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (an ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2021-45059 (Adobe InDesign version 16.4 (and earlier) is affected by a use-after-f ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2021-45058 (Adobe InDesign version 16.4 (and earlier) is affected by an out-of-bou ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2021-45057 (Adobe InDesign version 16.4 (and earlier) is affected by an out-of-bou ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2021-45056 (Adobe InCopy version 16.4 (and earlier) is affected by an out-of-bound ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2021-45055 (Adobe InCopy version 16.4 (and earlier) is affected by an out-of-bound ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2021-45054 (Adobe InCopy version 16.4 (and earlier) is affected by a use-after-fre ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2021-45053 (Adobe InCopy version 16.4 (and earlier) is affected by an out-of-bound ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2021-45052 (Adobe Bridge version 11.1.2 (and earlier) and version 12.0 (and earlie ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2021-45051 (Adobe Bridge version 11.1.2 (and earlier) and version 12.0 (and earlie ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2021-4120
RESERVED
CVE-2021-45050
@@ -7651,15 +7651,15 @@ CVE-2021-44745
CVE-2021-44744
RESERVED
CVE-2021-44743 (Adobe Bridge version 11.1.2 (and earlier) and version 12.0 (and earlie ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2021-44742 (Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (an ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2021-44741 (Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (an ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2021-44740 (Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (an ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2021-44739 (Acrobat Reader DC ActiveX Control versions 21.007.20099 (and earlier), ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2021-44545
RESERVED
CVE-2021-44457
@@ -7760,37 +7760,37 @@ CVE-2021-44716 (net/http in Go before 1.16.12 and 1.17.x before 1.17.5 allows un
NOTE: https://github.com/golang/go/commit/d0aebe3e74fe14799f97ddd3f01129697c6a290a (go1.16.12)
NOTE: https://github.com/golang/net/commit/491a49abca63de5e07ef554052d180a1b5fe2d70
CVE-2021-44715 (Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (an ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2021-44714 (Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (an ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2021-44713 (Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (an ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2021-44712 (Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (an ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2021-44711 (Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (an ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2021-44710 (Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (an ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2021-44709 (Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (an ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2021-44708 (Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (an ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2021-44707 (Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (an ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2021-44706 (Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (an ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2021-44705 (Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (an ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2021-44704 (Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (an ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2021-44703 (Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (an ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2021-44702 (Acrobat Reader DC ActiveX Control versions 21.007.20099 (and earlier), ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2021-44701 (Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (an ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2021-44700 (Adobe Illustrator versions 25.4.2 (and earlier) and 26.0.1 (and earlie ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2021-44699 (Adobe Audition versions 14.4 (and earlier), and 22.0 (and earlier)are ...)
NOT-FOR-US: Adobe
CVE-2021-44698 (Adobe Audition versions 14.4 (and earlier), and 22.0 (and earlier)are ...)
@@ -7919,11 +7919,11 @@ CVE-2021-44654
CVE-2021-44653 (Online Magazine Management System 1.0 contains a SQL injection authent ...)
NOT-FOR-US: Online Magazine Management System
CVE-2021-44652 (Zoho ManageEngine O365 Manager Plus before Build 4416 allows remote co ...)
- TODO: check
+ NOT-FOR-US: Zoho ManageEngine
CVE-2021-44651 (Zoho ManageEngine CloudSecurityPlus before Build 4117 allows remote co ...)
- TODO: check
+ NOT-FOR-US: Zoho ManageEngine
CVE-2021-44650 (Zoho ManageEngine M365 Manager Plus before Build 4419 allows remote co ...)
- TODO: check
+ NOT-FOR-US: Zoho ManageEngine
CVE-2021-44649 (Django CMS 3.7.3 does not validate the plugin_type parameter while gen ...)
TODO: check
CVE-2021-44648 (GNOME gdk-pixbuf 2.42.6 is vulnerable to a heap-buffer overflow vulner ...)
@@ -9295,11 +9295,11 @@ CVE-2021-44180 (Adobe Dimension versions 3.4.3 (and earlier) are affected by an
CVE-2021-44179 (Adobe Dimension versions 3.4.3 (and earlier) is affected by a memory c ...)
NOT-FOR-US: Adobe
CVE-2021-44178 (AEM's Cloud Service offering, as well as version 6.5.10.0 (and below) ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2021-44177 (AEM's Cloud Service offering, as well as version 6.5.10.0 (and below) ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2021-44176 (AEM's Cloud Service offering, as well as version 6.5.10.0 (and below) ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2021-44175
RESERVED
CVE-2021-44174
@@ -9900,7 +9900,7 @@ CVE-2021-43962
CVE-2021-43961
RESERVED
CVE-2021-43960 (** DISPUTED ** Lorensbergs Connect2 3.13.7647.20190 is affected by an ...)
- TODO: check
+ NOT-FOR-US: Lorensbergs Connect2
CVE-2021-3974 (vim is vulnerable to Use After Free ...)
- vim 2:8.2.3995-1 (bug #1001897)
[bullseye] - vim <no-dsa> (Minor issue)
@@ -10045,7 +10045,7 @@ CVE-2022-21686
CVE-2022-21685 (Frontier is Substrate's Ethereum compatibility layer. Prior to commit ...)
TODO: check
CVE-2022-21684 (Discourse is an open source discussion platform. Versions prior to 2.7 ...)
- TODO: check
+ NOT-FOR-US: Discourse
CVE-2022-21683
RESERVED
CVE-2022-21682 (Flatpak is a Linux application sandboxing and distribution framework. ...)
@@ -10060,9 +10060,9 @@ CVE-2022-21680 (Marked is a markdown parser and compiler. Prior to version 4.0.1
CVE-2022-21679
RESERVED
CVE-2022-21678 (Discourse is an open source discussion platform. Prior to version 2.8. ...)
- TODO: check
+ NOT-FOR-US: Discourse
CVE-2022-21677 (Discourse is an open source discussion platform. Discourse groups can ...)
- TODO: check
+ NOT-FOR-US: Discourse
CVE-2022-21676 (Engine.IO is the implementation of transport-based cross-browser/cross ...)
TODO: check
CVE-2022-21675 (Bytecode Viewer (BCV) is a Java/Android reverse engineering suite. Ver ...)
@@ -11404,15 +11404,15 @@ CVE-2021-43767
CVE-2021-43766
RESERVED
CVE-2021-43765 (AEM's Cloud Service offering, as well as version 6.5.10.0 (and below) ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2021-43764 (AEM's Cloud Service offering, as well as version 6.5.10.0 (and below) ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2021-43763 (Adobe Dimension versions 3.4.3 (and earlier) are affected by an out-of ...)
NOT-FOR-US: Adobe
CVE-2021-43762 (AEM's Cloud Service offering, as well as version 6.5.10.0 (and below) ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2021-43761 (AEM's Cloud Service offering, as well as versions 6.5.7.0 (and below), ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2021-43760
RESERVED
CVE-2021-43759
@@ -11430,7 +11430,7 @@ CVE-2021-43754
CVE-2021-43753
RESERVED
CVE-2021-43752 (Adobe Illustrator versions 25.4.2 (and earlier) and 26.0.1 (and earlie ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2021-43751
RESERVED
CVE-2021-43750 (Adobe Premiere Rush versions 1.5.16 (and earlier) are affected by a Nu ...)
@@ -12335,7 +12335,7 @@ CVE-2021-43438 (Stored XSS in Signup Form in iResturant 1.0 Allows Remote Attack
CVE-2021-43437 (In sourcecodetester Engineers Online Portal as of 10-21-21, an attacke ...)
NOT-FOR-US: sourcecodetester Engineers Online Portal
CVE-2021-43436 (MartDevelopers Inc iResturant v1.0 allows Stored XSS by placing a payl ...)
- TODO: check
+ NOT-FOR-US: MartDevelopers Inc iResturant
CVE-2021-43435
RESERVED
CVE-2021-43434
@@ -13710,11 +13710,11 @@ CVE-2022-20662
CVE-2022-20661
RESERVED
CVE-2022-20660 (A vulnerability in the information storage architecture of several Cis ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2022-20659
RESERVED
CVE-2022-20658 (A vulnerability in the web-based management interface of Cisco Unified ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2022-20657
RESERVED
CVE-2022-20656
@@ -13736,31 +13736,31 @@ CVE-2022-20649
CVE-2022-20648
RESERVED
CVE-2022-20647 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2022-20646 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2022-20645 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2022-20644 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2022-20643 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2022-20642 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2022-20641 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2022-20640 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2022-20639 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2022-20638 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2022-20637 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2022-20636 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2022-20635 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2022-20634
RESERVED
CVE-2022-20633
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e4f850651d1fddb70032257c457a61d5112b8d4e
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e4f850651d1fddb70032257c457a61d5112b8d4e
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220114/6931cb18/attachment.htm>
More information about the debian-security-tracker-commits
mailing list