[Git][security-tracker-team/security-tracker][master] 2 commits: Process NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Jan 20 21:38:25 GMT 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
ad21bc85 by Salvatore Bonaccorso at 2022-01-20T22:37:12+01:00
Process NFUs
- - - - -
a6a192df by Salvatore Bonaccorso at 2022-01-20T22:37:57+01:00
Fix typo in NFU entry
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -855,23 +855,23 @@ CVE-2022-0287
CVE-2022-0286
RESERVED
CVE-2022-0285 (Cross-site Scripting (XSS) - Stored in Packagist pimcore/pimcore prior ...)
- TODO: check
+ NOT-FOR-US: pimcore
CVE-2022-0284
RESERVED
CVE-2022-0283
RESERVED
CVE-2022-0282 (Code Injection in Packagist microweber/microweber prior to 1.2.11. ...)
- TODO: check
+ NOT-FOR-US: microweber
CVE-2022-0281 (Exposure of Sensitive Information to an Unauthorized Actor in Packagis ...)
- TODO: check
+ NOT-FOR-US: microweber
CVE-2022-0280
RESERVED
CVE-2022-0279
RESERVED
CVE-2022-0278 (Cross-site Scripting (XSS) - Stored in Packagist microweber/microweber ...)
- TODO: check
+ NOT-FOR-US: microweber
CVE-2022-0277 (Improper Access Control in Packagist microweber/microweber prior to 1. ...)
- TODO: check
+ NOT-FOR-US: microweber
CVE-2021-46401
RESERVED
CVE-2021-46400
@@ -1738,7 +1738,7 @@ CVE-2021-45729
CVE-2021-44779
RESERVED
CVE-2021-44777 (Cross-Site Request Forgery (CSRF) vulnerabilities leading to single or ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-44760
RESERVED
CVE-2021-4207
@@ -4527,7 +4527,7 @@ CVE-2021-46106
CVE-2021-46105
RESERVED
CVE-2021-46104 (An issue was discovered in webp_server_go 0.4.0. There is a directory ...)
- TODO: check
+ NOT-FOR-US: webp_server_go
CVE-2021-46103
RESERVED
CVE-2021-46102
@@ -4721,13 +4721,13 @@ CVE-2021-46030 (There is a Cross Site Scripting attack (XSS) vulnerability in Ja
CVE-2021-46029
RESERVED
CVE-2021-46028 (In mblog <= 3.5.0 there is a CSRF vulnerability in the background a ...)
- TODO: check
+ NOT-FOR-US: mblog
CVE-2021-46027 (mysiteforme, as of 19-12-2022, has a CSRF vulnerability in the backgro ...)
- TODO: check
+ NOT-FOR-US: mysiteforme
CVE-2021-46026 (mysiteforme, as of 19-12-2022, is vulnerable to Cross Site Scripting ( ...)
- TODO: check
+ NOT-FOR-US: mysiteforme
CVE-2021-46025 (A Cross SIte Scripting (XSS) vulnerability exists in OneBlog <= 2.2 ...)
- TODO: check
+ NOT-FOR-US: OneBlog
CVE-2021-46024
RESERVED
CVE-2021-46023
@@ -8983,7 +8983,7 @@ CVE-2021-44831
CVE-2021-44830
RESERVED
CVE-2021-44829 (Cross Site Scripting (XSS) vulnerability exists in index.html in AFI W ...)
- TODO: check
+ NOT-FOR-US: AFI WebACMS
CVE-2021-44828 (Arm Mali GPU Kernel Driver (Midgard r26p0 through r30p0, Bifrost r0p0 ...)
NOT-FOR-US: ARM
CVE-2021-44827
@@ -9316,15 +9316,15 @@ CVE-2021-XXXX [Rainloop stores passwords in cleartext in logfile]
[buster] - rainloop <no-dsa> (Minor issue)
NOTE: https://github.com/RainLoop/rainloop-webmail/issues/1872
CVE-2021-44738 (Buffer overflow vulnerability has been identified in Lexmark devices t ...)
- TODO: check
+ NOT-FOR-US: Lexmark
CVE-2021-44737 (PJL directory traversal vulnerability in Lexmark devices through 2021- ...)
- TODO: check
+ NOT-FOR-US: Lexmark
CVE-2021-44736 (The initial admin account setup wizard on Lexmark devices allow unauth ...)
- TODO: check
+ NOT-FOR-US: Lexmark
CVE-2021-44735 (Embedded web server command injection vulnerability in Lexmark devices ...)
- TODO: check
+ NOT-FOR-US: Lexmark
CVE-2021-44734 (Embedded web server input sanitization vulnerability in Lexmark device ...)
- TODO: check
+ NOT-FOR-US: Lexmark
CVE-2021-44733 (A use-after-free exists in drivers/tee/tee_shm.c in the TEE subsystem ...)
- linux <unfixed>
[stretch] - linux <not-affected> (Vulnerable code not present)
@@ -10619,9 +10619,9 @@ CVE-2021-44247
CVE-2021-44246
RESERVED
CVE-2021-44245 (An SQL Injection vulnerability exists in Courcecodester COVID 19 Testi ...)
- TODO: check
+ NOT-FOR-US: Sourcecodester COVID 19 Testing Management System (CTMS)
CVE-2021-44244 (An SQL Injection vulnerabiity exists in Sourcecodester Logistic Hub Pa ...)
- TODO: check
+ NOT-FOR-US: Sourcecodester Logistic Hub Parcel's Management System
CVE-2021-44243
RESERVED
CVE-2021-44242
@@ -11175,11 +11175,11 @@ CVE-2021-44094 (ZrLog 2.2.2 has a remote command execution vulnerability at plug
CVE-2021-44093 (A Remote Command Execution vulnerability on the background in zrlog 2. ...)
NOT-FOR-US: zrlog
CVE-2021-44092 (An SQL Injection vulnerability exists in code-projects Pharmacy Manage ...)
- TODO: check
+ NOT-FOR-US: code-projects Pharmacy Management
CVE-2021-44091 (A Cross-Site Scripting (XSS) vulnerability exists in Courcecodester Mu ...)
- TODO: check
+ NOT-FOR-US: Sourcecodester Multi Restaurant Table Reservation System
CVE-2021-44090 (An SQL Injection vulnerability exists in Sourcecodester Online Reviewe ...)
- TODO: check
+ NOT-FOR-US: Sourcecodester Online Reviewer System
CVE-2021-44089
RESERVED
CVE-2021-44088
@@ -11673,7 +11673,7 @@ CVE-2022-21703
CVE-2022-21702
RESERVED
CVE-2022-21701 (Istio is an open platform to connect, manage, and secure microservices ...)
- TODO: check
+ NOT-FOR-US: Istio
CVE-2022-21700 (Micronaut is a JVM-based, full stack Java framework designed for build ...)
TODO: check
CVE-2022-21699 (IPython (Interactive Python) is a command shell for interactive comput ...)
@@ -11732,7 +11732,7 @@ CVE-2022-21681 (Marked is a markdown parser and compiler. Prior to version 4.0.1
CVE-2022-21680 (Marked is a markdown parser and compiler. Prior to version 4.0.10, the ...)
TODO: check
CVE-2022-21679 (Istio is an open platform to connect, manage, and secure microservices ...)
- TODO: check
+ NOT-FOR-US: Istio
CVE-2022-21678 (Discourse is an open source discussion platform. Prior to version 2.8. ...)
NOT-FOR-US: Discourse
CVE-2022-21677 (Discourse is an open source discussion platform. Discourse groups can ...)
@@ -14463,7 +14463,7 @@ CVE-2021-43271
CVE-2021-43270 (Datalust Seq.App.EmailPlus (aka seq-app-htmlemail) 3.1.0-dev-00148, 3. ...)
NOT-FOR-US: Datalust Seq.App.HtmlEmail (aka Seq.App.EmailPlus)
CVE-2021-43269 (In Code42 app before 8.8.0, eval injection allows an attacker to chang ...)
- TODO: check
+ NOT-FOR-US: Code42 app
CVE-2021-43268 (An issue was discovered in VxWorks 6.9 through 7. In the IKE component ...)
NOT-FOR-US: Wind River VxWorks
CVE-2021-43266 (In Mahara before 20.04.5, 20.10.3, 21.04.2, and 21.10.0, exporting col ...)
@@ -19702,7 +19702,7 @@ CVE-2021-42010
CVE-2021-42009 (An authenticated Apache Traffic Control Traffic Ops user with Portal-l ...)
NOT-FOR-US: Apache Traffic Control
CVE-2021-3862 (icecoder is vulnerable to Improper Neutralization of Input During Web ...)
- TODO: check
+ NOT-FOR-US: icecoder
CVE-2021-3861
RESERVED
CVE-2021-3860 (JFrog Artifactory before 7.25.4 (Enterprise+ deployments only), is vul ...)
@@ -19793,7 +19793,7 @@ CVE-2021-41974 (Tad Book3 editing book page does not perform identity verificati
CVE-2021-3858 (snipe-it is vulnerable to Cross-Site Request Forgery (CSRF) ...)
NOT-FOR-US: snipe-it
CVE-2021-3857 (chaskiq is vulnerable to Improper Neutralization of Input During Web P ...)
- TODO: check
+ NOT-FOR-US: chaskiq
CVE-2021-41973 (In Apache MINA, a specifically crafted, malformed HTTP request may cau ...)
NOT-FOR-US: Apache MINA
CVE-2021-41972 (Apache Superset up to and including 1.3.1 allowed for database connect ...)
@@ -20026,7 +20026,7 @@ CVE-2021-41867 (An information disclosure vulnerability in OnionShare 2.3 before
CVE-2021-41866 (MyBB before 1.8.28 allows stored XSS because the displayed Template Na ...)
NOT-FOR-US: MyBB
CVE-2021-3853 (chaskiq is vulnerable to Improper Neutralization of Input During Web P ...)
- TODO: check
+ NOT-FOR-US: chaskiq
CVE-2021-3852 (growi is vulnerable to Authorization Bypass Through User-Controlled Ke ...)
TODO: check
CVE-2021-41865 (HashiCorp Nomad and Nomad Enterprise 1.1.1 through 1.1.5 allowed authe ...)
@@ -35236,15 +35236,15 @@ CVE-2021-35689
CVE-2021-35688
RESERVED
CVE-2021-35687 (Vulnerability in the Oracle Financial Services Analytical Applications ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2021-35686 (Vulnerability in the Oracle Financial Services Analytical Applications ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2021-35685
RESERVED
CVE-2021-35684
RESERVED
CVE-2021-35683 (Vulnerability in the Oracle Essbase Administration Services product of ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2021-35682
RESERVED
CVE-2021-35681
@@ -35447,7 +35447,7 @@ CVE-2021-35588 (Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition
{DLA-2814-1}
- openjdk-8 8u312-b07-1
CVE-2021-35587 (Vulnerability in the Oracle Access Manager product of Oracle Fusion Mi ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2021-35586 (Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition produc ...)
{DSA-5000-2 DSA-5012-1 DSA-5000-1 DLA-2814-1}
- openjdk-17 17.0.1+12-1
@@ -37143,7 +37143,7 @@ CVE-2021-34860 (This vulnerability allows network-adjacent attackers to disclose
CVE-2021-34859 (This vulnerability allows remote attackers to execute arbitrary code o ...)
NOT-FOR-US: TeamViewer
CVE-2021-34858 (This vulnerability allows remote attackers to execute arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: TeamViewer
CVE-2021-34857 (This vulnerability allows local attackers to escalate privileges on af ...)
NOT-FOR-US: Parallels Desktop
CVE-2021-34856 (This vulnerability allows local attackers to escalate privileges on af ...)
@@ -37755,7 +37755,7 @@ CVE-2021-34602
CVE-2021-34601
RESERVED
CVE-2021-34600 (Telenot CompasX versions prior to 32.0 use a weak seed for random numb ...)
- TODO: check
+ NOT-FOR-US: Telenot CompasX
CVE-2021-34599 (Affected versions of CODESYS Git in Versions prior to V1.1.0.0 lack ce ...)
NOT-FOR-US: CODESYS
CVE-2021-34598 (In Phoenix Contact FL MGUARD 1102 and 1105 in Versions 1.4.0, 1.4.1 an ...)
@@ -41530,7 +41530,7 @@ CVE-2021-33042
CVE-2021-33041 (vmd through 1.34.0 allows 'div class="markdown-body"' XSS, as demonstr ...)
NOT-FOR-US: vmd
CVE-2021-33040 (managers/views/iframe.js in FuturePress EPub.js before 0.3.89 allows X ...)
- TODO: check
+ NOT-FOR-US: FuturePress EPub.js
CVE-2021-33039
RESERVED
CVE-2021-33038 (An issue was discovered in management/commands/hyperkitty_import.py in ...)
@@ -44684,7 +44684,7 @@ CVE-2021-31855 (KDE Messagelib through 5.17.0 reveals cleartext of encrypted mes
NOTE: https://kde.org/info/security/advisory-20210429-1.txt
NOTE: https://commits.kde.org/messagelib/3b5b171e91ce78b966c98b1292a1bcbc8d984799
CVE-2021-31854 (A command Injection Vulnerability in McAfee Agent (MA) for Windows pri ...)
- TODO: check
+ NOT-FOR-US: McAfee
CVE-2021-31853 (DLL Search Order Hijacking Vulnerability in McAfee Drive Encryption (M ...)
NOT-FOR-US: McAfee
CVE-2021-31852 (A Reflected Cross-Site Scripting vulnerability in McAfee Policy Audito ...)
@@ -51759,7 +51759,7 @@ CVE-2021-29217
CVE-2021-29216
RESERVED
CVE-2021-29215 (A potential security vulnerability in HPE Ezmeral Data Fabric that may ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2021-29214 (A security vulnerability has been identified in HPE StoreServ Manageme ...)
NOT-FOR-US: HPE
CVE-2021-29213 (A potential local bypass of security restrictions vulnerability has be ...)
@@ -64895,7 +64895,7 @@ CVE-2021-23845 (This vulnerability could allow an attacker to hijack a session w
CVE-2021-23844
RESERVED
CVE-2021-23843 (The Bosch software tools AccessIPConfig.exe and AmcIpConfig.exe are us ...)
- TODO: check
+ NOT-FOR-US: Bosch
CVE-2021-23842 (Communication to the AMC2 uses a state-of-the-art cryptographic algori ...)
TODO: check
CVE-2021-23841 (The OpenSSL public API function X509_issuer_and_serial_hash() attempts ...)
@@ -87696,7 +87696,7 @@ CVE-2020-27430
CVE-2020-27429
RESERVED
CVE-2020-27428 (A DOM-based cross-site scripting (XSS) vulnerability in Scratch-Svg-Re ...)
- TODO: check
+ NOT-FOR-US: Scratch-Svg-Renderer
CVE-2020-27427
RESERVED
CVE-2020-27426
@@ -108498,7 +108498,7 @@ CVE-2020-18079
CVE-2020-18078 (A vulnerability in /include/web_check.php of SEMCMS v3.8 allows attack ...)
NOT-FOR-US: SEMCMS
CVE-2020-18077 (A buffer overflow vulnerability in the Virtual Path Mapping component ...)
- TODO: check
+ NOT-FOR-US: FTPShell Server
CVE-2020-18076
RESERVED
CVE-2020-18075
@@ -118393,7 +118393,7 @@ CVE-2020-14112
CVE-2020-14111
RESERVED
CVE-2020-14110 (AX3600 router sensitive information leaked.There is an unauthorized in ...)
- TODO: check
+ NOT-FOR-US: AX3600 router
CVE-2020-14109 (There is command injection in the meshd program in the routing system, ...)
NOT-FOR-US: Xiaomi
CVE-2020-14108
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/df873965d9a7fc874cbd9029f79af5fb1121227f...a6a192dfc7137cb149c0d9c1a030146d8daf7221
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/df873965d9a7fc874cbd9029f79af5fb1121227f...a6a192dfc7137cb149c0d9c1a030146d8daf7221
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220120/6e5b4c64/attachment.htm>
More information about the debian-security-tracker-commits
mailing list