[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Jan 27 07:06:56 GMT 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
0cf973bb by Salvatore Bonaccorso at 2022-01-27T08:06:30+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -68,9 +68,9 @@ CVE-2022-0381
CVE-2022-0380
RESERVED
CVE-2022-0379 (Cross-site Scripting (XSS) - Stored in Packagist microweber/microweber ...)
- TODO: check
+ NOT-FOR-US: microweber
CVE-2022-0378 (Cross-site Scripting (XSS) - Reflected in Packagist microweber/microwe ...)
- TODO: check
+ NOT-FOR-US: microweber
CVE-2022-0377
RESERVED
CVE-2022-0376
@@ -4115,7 +4115,7 @@ CVE-2022-22791
CVE-2022-22790
RESERVED
CVE-2022-22789 (Charactell - FormStorm Enterprise Account takeover – An attacker ...)
- TODO: check
+ NOT-FOR-US: Charactell - FormStorm Enterprise
CVE-2022-22788
RESERVED
CVE-2022-22787
@@ -10582,7 +10582,7 @@ CVE-2021-4076 [keys: move signing part out of find_by_thp() and to find_jws()]
NOTE: Introduced by: https://github.com/latchset/tang/commit/609050586e4863329d2db9b7cb73da5c09eeea2b (v8)
NOTE: Fixed by: https://github.com/latchset/tang/commit/e82459fda10f0630c3414ed2afbc6320bb9ea7c9 (v11)
CVE-2021-44692 (BuddyBoss Platform through 1.8.0 allows remote attackers to obtain the ...)
- TODO: check
+ NOT-FOR-US: BuddyBoss Platform
CVE-2021-44691
RESERVED
CVE-2021-44690
@@ -12806,7 +12806,7 @@ CVE-2022-21713
CVE-2022-21712
RESERVED
CVE-2022-21711 (elfspirit is an ELF static analysis and injection framework that parse ...)
- TODO: check
+ NOT-FOR-US: elfspirit
CVE-2022-21710 (ShortDescription is a MediaWiki extension that provides local short de ...)
TODO: check
CVE-2022-21709
@@ -13184,7 +13184,7 @@ CVE-2021-43865
CVE-2021-43864
RESERVED
CVE-2021-43863 (The Nextcloud Android app is the Android client for Nextcloud, a self- ...)
- TODO: check
+ NOT-FOR-US: Nextcloud Android app
CVE-2021-43862 (jQuery Terminal Emulator is a plugin for creating command line interpr ...)
NOT-FOR-US: jQuery Terminal Emulator
CVE-2021-43861 (Mermaid is a Javascript based diagramming and charting tool that uses ...)
@@ -15254,7 +15254,7 @@ CVE-2021-43422
CVE-2021-43421
RESERVED
CVE-2021-43420 (SQL injection vulnerability in Login.php in Sourcecodester Online Paym ...)
- TODO: check
+ NOT-FOR-US: Sourcecodester
CVE-2021-43419
RESERVED
CVE-2021-43418
@@ -15334,7 +15334,7 @@ CVE-2021-43397 (LiquidFiles before 3.6.3 allows remote attackers to elevate thei
CVE-2021-43395
RESERVED
CVE-2021-43394 (Unisys OS 2200 Messaging Integration Services (NTSI) 7R3B IC3 and IC4, ...)
- TODO: check
+ NOT-FOR-US: Unisys
CVE-2021-43393
RESERVED
CVE-2021-43392
@@ -15478,7 +15478,7 @@ CVE-2021-43336 (An Out-of-Bounds Write vulnerability exists when reading a DXF f
CVE-2021-43335
RESERVED
CVE-2021-43334 (BuddyBoss Platform through 1.8.0 allows XSS via the Group Name or Grou ...)
- TODO: check
+ NOT-FOR-US: BuddyBoss
CVE-2021-43333 (The Datalogic DXU service on (for example) DL-Axist devices does not r ...)
NOT-FOR-US: Datalogic
CVE-2021-43332 (In GNU Mailman before 2.1.36, the CSRF token for the Cgi/admindb.py ad ...)
@@ -25004,7 +25004,7 @@ CVE-2021-40339
CVE-2021-40338
RESERVED
CVE-2021-40337 (Cross-site Scripting (XSS) vulnerability in Hitachi Energy LinkOne all ...)
- TODO: check
+ NOT-FOR-US: Hitachi
CVE-2021-40336
RESERVED
CVE-2021-40335
@@ -25404,7 +25404,7 @@ CVE-2021-40169
CVE-2021-40168
RESERVED
CVE-2021-40167 (A Memory Corruption Vulnerability in Autodesk Design Review 2018, 2017 ...)
- TODO: check
+ NOT-FOR-US: Autodesk
CVE-2021-40166
RESERVED
CVE-2021-40165
@@ -25420,9 +25420,9 @@ CVE-2021-40161 (A Memory Corruption vulnerability may lead to code execution thr
CVE-2021-40160 (A maliciously crafted PDF file prior to 9.0.7 may be forced to read be ...)
NOT-FOR-US: Autodesk
CVE-2021-40159 (An Information Disclosure vulnerability for JT files in Autodesk Inven ...)
- TODO: check
+ NOT-FOR-US: Autodesk
CVE-2021-40158 (A maliciously crafted JT file in Autodesk Inventor 2022, 2021, 2020, 2 ...)
- TODO: check
+ NOT-FOR-US: Autodesk
CVE-2021-40157 (A user may be tricked into opening a malicious FBX file which may expl ...)
NOT-FOR-US: Autodesk
CVE-2021-40156 (A maliciously crafted DWG file in Autodesk Navisworks 2019, 2020, 2021 ...)
@@ -31276,9 +31276,9 @@ CVE-2021-37869
CVE-2021-37868
RESERVED
CVE-2021-37867 (Mattermost Boards plugin v0.10.0 and earlier fails to protect email ad ...)
- TODO: check
+ NOT-FOR-US: Mattermost Boards plugin
CVE-2021-37866 (Mattermost Boards plugin v0.10.0 and earlier fails to invalidate a ses ...)
- TODO: check
+ NOT-FOR-US: Mattermost Boards plugin
CVE-2021-37865 (Mattermost 6.2 and earlier fails to sufficiently process a specificall ...)
TODO: check
CVE-2021-37864 (Mattermost 6.1 and earlier fails to sufficiently validate permissions ...)
@@ -34861,19 +34861,19 @@ CVE-2021-36350 (Dell PowerScale OneFS, versions 8.2.2-9.3.0.x, contain an authen
CVE-2021-36349 (Dell EMC Data Protection Central versions 19.5 and prior contain a Ser ...)
NOT-FOR-US: EMC
CVE-2021-36348 (iDRAC9 versions prior to 5.00.20.00 contain an input injection vulnera ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2021-36347 (iDRAC9 versions prior to 5.00.20.00 and iDRAC8 versions prior to 2.82. ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2021-36346 (Dell iDRAC 8 prior to version 2.82.82.82 contain a denial of service v ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2021-36345
RESERVED
CVE-2021-36344
RESERVED
CVE-2021-36343 (Dell BIOS contains an improper input validation vulnerability. A local ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2021-36342 (Dell BIOS contains an improper input validation vulnerability. A local ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2021-36341 (Dell Wyse Device Agent version 14.5.4.1 and below contain a sensitive ...)
NOT-FOR-US: Dell
CVE-2021-36340 (Dell EMC SCG 5.00.00.10 and earlier, contain a sensitive information d ...)
@@ -34965,11 +34965,11 @@ CVE-2021-36298 (Dell EMC InsightIQ, versions prior to 4.1.4, contain risky crypt
CVE-2021-36297 (SupportAssist Client version 3.8 and 3.9 contains an Untrusted search ...)
NOT-FOR-US: SupportAssist Client (Dell)
CVE-2021-36296 (Dell VNX2 OE for File versions 8.1.21.266 and earlier, contain an auth ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2021-36295 (Dell VNX2 OE for File versions 8.1.21.266 and earlier, contain an auth ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2021-36294 (Dell VNX2 OE for File versions 8.1.21.266 and earlier, contain an auth ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2021-36293
RESERVED
CVE-2021-36292
@@ -34979,7 +34979,7 @@ CVE-2021-36291
CVE-2021-36290
RESERVED
CVE-2021-36289 (Dell VNX2 OE for File versions 8.1.21.266 and earlier, contain a sensi ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2021-36288
RESERVED
CVE-2021-36287
@@ -38069,7 +38069,7 @@ CVE-2021-35007
CVE-2021-35006
RESERVED
CVE-2021-35005 (This vulnerability allows local attackers to disclose sensitive inform ...)
- TODO: check
+ NOT-FOR-US: TeamViewer
CVE-2021-35004 (This vulnerability allows remote attackers to execute arbitrary code o ...)
NOT-FOR-US: TP-Link
CVE-2021-35003 (This vulnerability allows remote attackers to execute arbitrary code o ...)
@@ -38344,13 +38344,13 @@ CVE-2021-34872 (This vulnerability allows remote attackers to execute arbitrary
CVE-2021-34871 (This vulnerability allows remote attackers to execute arbitrary code o ...)
NOT-FOR-US: Bentley View
CVE-2021-34870 (This vulnerability allows network-adjacent attackers to disclose sensi ...)
- TODO: check
+ NOT-FOR-US: Netgear
CVE-2021-34869 (This vulnerability allows local attackers to escalate privileges on af ...)
- TODO: check
+ NOT-FOR-US: Parallels Desktop
CVE-2021-34868 (This vulnerability allows local attackers to escalate privileges on af ...)
- TODO: check
+ NOT-FOR-US: Parallels Desktop
CVE-2021-34867 (This vulnerability allows local attackers to escalate privileges on af ...)
- TODO: check
+ NOT-FOR-US: Parallels Desktop
CVE-2021-34866 (This vulnerability allows local attackers to escalate privileges on af ...)
- linux 5.14.6-1
[bullseye] - linux 5.10.70-1
@@ -38358,7 +38358,7 @@ CVE-2021-34866 (This vulnerability allows local attackers to escalate privileges
[stretch] - linux <not-affected> (Vulnerable code introduced later)
NOTE: Fixed by: https://git.kernel.org/linus/5b029a32cfe4600f5e10e36b41778506b90fd4de (5.14)
CVE-2021-34865 (This vulnerability allows network-adjacent attackers to bypass authent ...)
- TODO: check
+ NOT-FOR-US: Netgear
CVE-2021-34864 (This vulnerability allows local attackers to escalate privileges on af ...)
NOT-FOR-US: Parallels Desktop
CVE-2021-34863 (This vulnerability allows network-adjacent attackers to execute arbitr ...)
@@ -49101,7 +49101,7 @@ CVE-2021-30638 (Information Exposure vulnerability in context asset handling of
CVE-2021-30637 (htmly 2.8.0 allows stored XSS via the blog title, Tagline, or Descript ...)
NOT-FOR-US: htmly
CVE-2021-30636 (In MediaTek LinkIt SDK before 4.6.1, there is a possible memory corrup ...)
- TODO: check
+ NOT-FOR-US: MediaTek LinkIt SDK
CVE-2021-30635 (Sonatype Nexus Repository Manager 3.x before 3.30.1 allows a remote at ...)
NOT-FOR-US: Sonatype Nexus Repository Manager
CVE-2021-30634
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0cf973bbb84e89e6b440356b582ea7be582e84bb
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0cf973bbb84e89e6b440356b582ea7be582e84bb
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220127/77b84c33/attachment.htm>
More information about the debian-security-tracker-commits
mailing list