[Git][security-tracker-team/security-tracker][master] 4 commits: Process NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Jan 19 20:12:36 GMT 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
a80ee7e9 by Salvatore Bonaccorso at 2022-01-19T21:11:40+01:00
Process NFUs
- - - - -
4303e2ae by Salvatore Bonaccorso at 2022-01-19T21:11:41+01:00
Add CVE-2022-0261/vim
- - - - -
3c2ac772 by Salvatore Bonaccorso at 2022-01-19T21:11:42+01:00
Add CVE-2021-44649/python-django-cms
- - - - -
9f5ec526 by Salvatore Bonaccorso at 2022-01-19T21:11:44+01:00
Add new onionshare issues
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -69,7 +69,7 @@ CVE-2021-46400
CVE-2022-23436
RESERVED
CVE-2022-23435 (decoding.c in android-gif-drawable before 1.2.24 does not limit the ma ...)
- TODO: check
+ NOT-FOR-US: android-gif-drawable
CVE-2022-23434
RESERVED
CVE-2022-23433
@@ -531,7 +531,7 @@ CVE-2022-23309
CVE-2022-23308
RESERVED
CVE-2022-0266 (Authorization Bypass Through User-Controlled Key in Packagist remdex/l ...)
- TODO: check
+ NOT-FOR-US: livehelperchat
CVE-2022-0265
RESERVED
CVE-2022-23307 (CVE-2020-9493 identified a deserialization issue that was present in A ...)
@@ -547,9 +547,11 @@ CVE-2022-0263 (Unrestricted Upload of File with Dangerous Type in Packagist pimc
CVE-2022-0262 (Cross-site Scripting (XSS) - Stored in Packagist pimcore/pimcore prior ...)
NOT-FOR-US: pimcore
CVE-2022-0261 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. ...)
- TODO: check
+ - vim <unfixed>
+ NOTE: https://huntr.dev/bounties/fa795954-8775-4f23-98c6-d4d4d3fe8a82
+ NOTE: https://github.com/vim/vim/commit/9f8c304c8a390ade133bac29963dc8e56ab14cbc (v8.2.4120)
CVE-2022-0260 (Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimco ...)
- TODO: check
+ NOT-FOR-US: pimcore
CVE-2022-0259
RESERVED
CVE-2022-0258 (pimcore is vulnerable to Improper Neutralization of Special Elements u ...)
@@ -1285,7 +1287,7 @@ CVE-2022-23085
CVE-2022-23084
RESERVED
CVE-2022-23083 (NetMaster 12.2 Network Management for TCP/IP and NetMaster File Transf ...)
- TODO: check
+ NOT-FOR-US: NetMaster
CVE-2022-23082
RESERVED
CVE-2022-23081
@@ -2598,7 +2600,7 @@ CVE-2022-22693
CVE-2022-22692
RESERVED
CVE-2022-22691 (The password reset component deployed within Umbraco uses the hostname ...)
- TODO: check
+ NOT-FOR-US: Umbraco CMS
CVE-2022-22690 (Within the Umbraco CMS, a configuration element named "UmbracoApplicat ...)
NOT-FOR-US: Umbraco CMS
CVE-2022-22689
@@ -5088,7 +5090,7 @@ CVE-2021-4173 (vim is vulnerable to Use After Free ...)
CVE-2021-4172
RESERVED
CVE-2021-4171 (calibre-web is vulnerable to Business Logic Errors ...)
- TODO: check
+ NOT-FOR-US: calibre-web
CVE-2021-45679 (Certain NETGEAR devices are affected by privilege escalation. This aff ...)
NOT-FOR-US: Netgear
CVE-2021-45678 (NETGEAR RAX200 devices before 1.0.5.132 are affected by insecure code. ...)
@@ -5527,7 +5529,7 @@ CVE-2021-4166 (vim is vulnerable to Out-of-bounds Read ...)
CVE-2021-4165
RESERVED
CVE-2021-4164 (calibre-web is vulnerable to Cross-Site Request Forgery (CSRF) ...)
- TODO: check
+ NOT-FOR-US: calibre-web
CVE-2021-4163
RESERVED
CVE-2021-4162 (archivy is vulnerable to Cross-Site Request Forgery (CSRF) ...)
@@ -5801,7 +5803,7 @@ CVE-2022-22171 (An Improper Check for Unusual or Exceptional Conditions vulnerab
CVE-2022-22170 (A Missing Release of Resource after Effective Lifetime vulnerability i ...)
NOT-FOR-US: Juniper
CVE-2022-22169 (An Improper Initialization vulnerability in the routing protocol daemo ...)
- TODO: check
+ NOT-FOR-US: Juniper
CVE-2022-22168 (An Improper Validation of Specified Type of Input vulnerability in the ...)
NOT-FOR-US: Juniper
CVE-2022-22167 (A traffic classification vulnerability in Juniper Networks Junos OS on ...)
@@ -5833,7 +5835,7 @@ CVE-2022-22155 (An Uncontrolled Resource Consumption vulnerability in the handli
CVE-2022-22154 (In a Junos Fusion scenario an External Control of Critical State Data ...)
NOT-FOR-US: Juniper
CVE-2022-22153 (An Insufficient Algorithmic Complexity combined with an Allocation of ...)
- TODO: check
+ NOT-FOR-US: Juniper
CVE-2022-22152 (A Protection Mechanism Failure vulnerability in the REST API of Junipe ...)
NOT-FOR-US: Juniper
CVE-2022-21800
@@ -8075,13 +8077,13 @@ CVE-2021-44841
CVE-2021-44840 (An issue was discovered in Delta RM 1.2. Using an privileged account, ...)
NOT-FOR-US: Delta RM
CVE-2021-44839 (An issue was discovered in Delta RM 1.2. It is possible to request a n ...)
- TODO: check
+ NOT-FOR-US: Delta RM
CVE-2021-44838 (An issue was discovered in Delta RM 1.2. Using the /risque/risque/ajax ...)
NOT-FOR-US: Delta RM
CVE-2021-44837 (An issue was discovered in Delta RM 1.2. It is possible for an unprivi ...)
TODO: check
CVE-2021-44836 (An issue was discovered in Delta RM 1.2. The /risque/risque/workflow/r ...)
- TODO: check
+ NOT-FOR-US: Delta RM
CVE-2021-44835
RESERVED
CVE-2021-44834
@@ -8722,7 +8724,7 @@ CVE-2021-44651 (Zoho ManageEngine CloudSecurityPlus before Build 4117 allows rem
CVE-2021-44650 (Zoho ManageEngine M365 Manager Plus before Build 4419 allows remote co ...)
NOT-FOR-US: Zoho ManageEngine
CVE-2021-44649 (Django CMS 3.7.3 does not validate the plugin_type parameter while gen ...)
- TODO: check
+ - python-django-cms <itp> (bug #516183)
CVE-2021-44648 (GNOME gdk-pixbuf 2.42.6 is vulnerable to a heap-buffer overflow vulner ...)
- gdk-pixbuf <unfixed>
[stretch] - gdk-pixbuf <not-affected> (Vulnerable code introduced later)
@@ -10843,23 +10845,33 @@ CVE-2022-21698
CVE-2022-21697
RESERVED
CVE-2022-21696 (OnionShare is an open source tool that lets you securely and anonymous ...)
- TODO: check
+ - onionshare <unfixed>
+ NOTE: https://github.com/onionshare/onionshare/security/advisories/GHSA-68vr-8f46-vc9f
CVE-2022-21695 (OnionShare is an open source tool that lets you securely and anonymous ...)
- TODO: check
+ - onionshare <unfixed>
+ NOTE: https://github.com/onionshare/onionshare/security/advisories/GHSA-99p8-9p2c-49j4
CVE-2022-21694 (OnionShare is an open source tool that lets you securely and anonymous ...)
- TODO: check
+ - onionshare <unfixed>
+ NOTE: https://github.com/onionshare/onionshare/security/advisories/GHSA-h29c-wcm8-883h
+ NOTE: https://github.com/onionshare/onionshare/issues/1389
CVE-2022-21693 (OnionShare is an open source tool that lets you securely and anonymous ...)
- TODO: check
+ - onionshare <unfixed>
+ NOTE: https://github.com/onionshare/onionshare/security/advisories/GHSA-jgm9-xpfj-4fq6
CVE-2022-21692 (OnionShare is an open source tool that lets you securely and anonymous ...)
- TODO: check
+ - onionshare <unfixed>
+ NOTE: https://github.com/onionshare/onionshare/security/advisories/GHSA-gjj5-998g-v36v
CVE-2022-21691 (OnionShare is an open source tool that lets you securely and anonymous ...)
- TODO: check
+ - onionshare <unfixed>
+ NOTE: https://github.com/onionshare/onionshare/security/advisories/GHSA-w9m4-7w72-r766
CVE-2022-21690 (OnionShare is an open source tool that lets you securely and anonymous ...)
- TODO: check
+ - onionshare <unfixed>
+ NOTE: https://github.com/onionshare/onionshare/security/advisories/GHSA-ch22-x2v3-v6vq
CVE-2022-21689 (OnionShare is an open source tool that lets you securely and anonymous ...)
- TODO: check
+ - onionshare <unfixed>
+ NOTE: https://github.com/onionshare/onionshare/security/advisories/GHSA-jh82-c5jw-pxpc
CVE-2022-21688 (OnionShare is an open source tool that lets you securely and anonymous ...)
- TODO: check
+ - onionshare <unfixed>
+ NOTE: https://github.com/onionshare/onionshare/security/advisories/GHSA-x7wr-283h-5h2v
CVE-2022-21687
RESERVED
CVE-2022-21686
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/7642e7686d40d162c383e5ccdcd4f534d5949389...9f5ec526d7ff3c6d8c8ef601b9da99a057efacae
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/7642e7686d40d162c383e5ccdcd4f534d5949389...9f5ec526d7ff3c6d8c8ef601b9da99a057efacae
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220119/a9e01960/attachment.htm>
More information about the debian-security-tracker-commits
mailing list