[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Mon Jun 20 14:23:21 BST 2022
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
baef09b2 by Moritz Muehlenhoff at 2022-06-20T15:21:43+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -16030,7 +16030,7 @@ CVE-2022-28226 (Local privilege vulnerability in Yandex Browser for Windows prio
CVE-2022-28225 (Local privilege vulnerability in Yandex Browser for Windows prior to 2 ...)
NOT-FOR-US: Yandex Browser
CVE-2022-28224 (Clusters using Calico (version 3.22.1 and below), Calico Enterprise (v ...)
- TODO: check
+ NOT-FOR-US: Calico
CVE-2022-1191 (SSRF on index.php/cobrowse/proxycss/ in GitHub repository livehelperch ...)
NOT-FOR-US: livehelperchat
CVE-2022-1190 (Improper handling of user input in GitLab CE/EE versions 8.3 prior to ...)
@@ -17150,7 +17150,7 @@ CVE-2022-27891
CVE-2022-27890
RESERVED
CVE-2022-27889 (The Multipass service was found to have code paths that could be abuse ...)
- TODO: check
+ NOT-FOR-US: Palantir
CVE-2022-27888 (Foundry Issues service versions 2.244.0 to 2.249.0 was found to be log ...)
NOT-FOR-US: Foundry Issues service
CVE-2022-1102
@@ -20624,9 +20624,9 @@ CVE-2022-26671 (Taiwan Secom Dr.ID Access Control system’s login page has
CVE-2022-26670 (D-Link DIR-878 has inadequate filtering for special characters in the ...)
NOT-FOR-US: D-Link
CVE-2022-26669 (ASUS Control Center is vulnerable to SQL injection. An authenticated r ...)
- TODO: check
+ NOT-FOR-US: ASUS
CVE-2022-26668 (ASUS Control Center API has a broken access control vulnerability. An ...)
- TODO: check
+ NOT-FOR-US: ASUS
CVE-2022-26665 (An Insecure Direct Object Reference issue exists in the Tyler Odyssey ...)
NOT-FOR-US: Tyler Odyssey platform
CVE-2022-26664
@@ -21019,7 +21019,7 @@ CVE-2022-26495 (In nbd-server in nbd before 3.24, there is an integer overflow w
CVE-2022-26494 (An XSS was identified in the Admin Web interface of PrimeKey SignServe ...)
NOT-FOR-US: PrimeKey SignServer
CVE-2022-26493 (Multiple vulnerabilities vulnerability in Drupal SAML SP 2.0 Single Si ...)
- TODO: check
+ NOT-FOR-US: Drupal SAML provider
CVE-2022-26492
RESERVED
CVE-2022-26491 (An issue was discovered in Pidgin before 2.14.9. A remote attacker who ...)
@@ -21994,7 +21994,7 @@ CVE-2022-26150
CVE-2022-26080
RESERVED
CVE-2022-26057 (Vulnerabilities in the Mint WorkBench allow a low privileged attacker ...)
- TODO: check
+ NOT-FOR-US: Mind Workbench
CVE-2022-0812 [NFS over RDMA random memory leakage]
RESERVED
- linux 5.7.10-1
@@ -22601,9 +22601,9 @@ CVE-2022-25874
CVE-2022-25873
RESERVED
CVE-2022-25872 (All versions of package fast-string-search are vulnerable to Out-of-bo ...)
- TODO: check
+ NOT-FOR-US: Node fast-string-search
CVE-2022-25871 (All versions of package querymen are vulnerable to Prototype Pollution ...)
- TODO: check
+ NOT-FOR-US: Node querymen
CVE-2022-25869
RESERVED
CVE-2022-25867
@@ -22613,7 +22613,7 @@ CVE-2022-25866 (The package czproject/git-php before 4.0.3 are vulnerable to Com
CVE-2022-25865 (The package workspace-tools before 0.18.4 are vulnerable to Command In ...)
NOT-FOR-US: microsoft/workspace-tools
CVE-2022-25863 (The package gatsby-plugin-mdx before 2.14.1, from 3.0.0 and before 3.1 ...)
- TODO: check
+ NOT-FOR-US: Node gatsby-plugin-mdx
CVE-2022-25862 (This affects the package sds from 0.0.0. The library could be tricked ...)
NOT-FOR-US: Node sds
CVE-2022-25861
@@ -22627,7 +22627,7 @@ CVE-2022-25858
CVE-2022-25857
RESERVED
CVE-2022-25856 (The package github.com/argoproj/argo-events/sensors/artifacts before 1 ...)
- TODO: check
+ NOT-FOR-US: github.com/argoproj/argo-events/sensors/artifacts
CVE-2022-25855
RESERVED
CVE-2022-25854 (This affects the package @yaireo/tagify before 4.9.8. The package is u ...)
@@ -22635,9 +22635,9 @@ CVE-2022-25854 (This affects the package @yaireo/tagify before 4.9.8. The packag
CVE-2022-25853
RESERVED
CVE-2022-25852 (All versions of package pg-native; all versions of package libpq are v ...)
- TODO: check
+ NOT-FOR-US: Node pgnative
CVE-2022-25851 (The package jpeg-js before 0.4.4 are vulnerable to Denial of Service ( ...)
- TODO: check
+ NOT-FOR-US: jpeg-js
CVE-2022-25850 (The package github.com/hoppscotch/proxyscotch before 1.0.0 are vulnera ...)
NOT-FOR-US: hoppscotch proxyscotch
CVE-2022-25849
@@ -22649,7 +22649,7 @@ CVE-2022-25847
CVE-2022-25846
RESERVED
CVE-2022-25845 (The package com.alibaba:fastjson before 1.2.83 are vulnerable to Deser ...)
- TODO: check
+ NOT-FOR-US: com.alibaba:fastjson
CVE-2022-25844 (The package angular after 1.7.0 are vulnerable to Regular Expression D ...)
- angular.js <unfixed>
[stretch] - angular.js <ignored> (Nodejs in stretch not covered by security support)
@@ -22715,7 +22715,7 @@ CVE-2022-25349 (All versions of package materialize-css are vulnerable to Cross-
CVE-2022-25346
RESERVED
CVE-2022-25345 (All versions of package @discordjs/opus are vulnerable to Denial of Se ...)
- TODO: check
+ NOT-FOR-US: @discordjs/opus
CVE-2022-25324 (All versions of package bignum are vulnerable to Denial of Service (Do ...)
NOT-FOR-US: justmoon/node-bignum
CVE-2022-25304
@@ -22765,13 +22765,13 @@ CVE-2022-24431
CVE-2022-24430
RESERVED
CVE-2022-24429 (The package convert-svg-core before 0.6.3 are vulnerable to Arbitrary ...)
- TODO: check
+ NOT-FOR-US: Node convert-svg-core
CVE-2022-24381
RESERVED
CVE-2022-24377
RESERVED
CVE-2022-24376 (All versions of package git-promise are vulnerable to Command Injectio ...)
- TODO: check
+ NOT-FOR-US: Node git-promise
CVE-2022-24375
RESERVED
CVE-2022-24373
@@ -22781,7 +22781,7 @@ CVE-2022-24298
CVE-2022-24279 (The package madlib-object-utils before 0.1.8 are vulnerable to Prototy ...)
NOT-FOR-US: madlib-object-utils
CVE-2022-24278 (The package convert-svg-core before 0.6.4 are vulnerable to Directory ...)
- TODO: check
+ NOT-FOR-US: Node convert-svg-core
CVE-2022-24068
RESERVED
CVE-2022-24066 (The package simple-git before 3.5.0 are vulnerable to Command Injectio ...)
@@ -22803,7 +22803,7 @@ CVE-2022-22984
CVE-2022-22143 (The package convict before 6.2.2 are vulnerable to Prototype Pollution ...)
NOT-FOR-US: Node convict
CVE-2022-22138 (All versions of package fast-string-search are vulnerable to Denial of ...)
- TODO: check
+ NOT-FOR-US: Node fast-string-search
CVE-2022-21811
RESERVED
CVE-2022-21810
@@ -22837,9 +22837,9 @@ CVE-2022-21222
CVE-2022-21221 (The package github.com/valyala/fasthttp before 1.34.0 are vulnerable t ...)
NOT-FOR-US: github.com/valyala/fasthttp
CVE-2022-21213 (This affects all versions of package mout. The deepFillIn function can ...)
- TODO: check
+ NOT-FOR-US: mout
CVE-2022-21211 (This affects all versions of package posix. When invoking the toString ...)
- TODO: check
+ NOT-FOR-US: Node posix
CVE-2022-21208
RESERVED
CVE-2022-21195 (All versions of package url-regex are vulnerable to Regular Expression ...)
@@ -22873,7 +22873,7 @@ CVE-2022-21129
CVE-2022-21126
RESERVED
CVE-2022-21122 (The package metacalc before 0.0.2 are vulnerable to Arbitrary Code Exe ...)
- TODO: check
+ NOT-FOR-US: Node metacalc
CVE-2022-0758 (Rapid7 Nexpose versions 6.6.129 and earlier suffer from a reflected cr ...)
NOT-FOR-US: Rapid7 Nexpose
CVE-2022-0757 (Rapid7 Nexpose versions 6.6.93 and earlier are susceptible to an SQL I ...)
@@ -23325,7 +23325,7 @@ CVE-2022-25653
CVE-2022-25652
RESERVED
CVE-2022-25651 (Memory corruption in bluetooth host due to integer overflow while proc ...)
- TODO: check
+ NOT-FOR-US: Qualcomm components for Android
CVE-2022-25650 (A vulnerability has been identified in Mendix Applications using Mendi ...)
NOT-FOR-US: Siemens
CVE-2022-25172 (An information disclosure vulnerability exists in the web interface se ...)
@@ -25489,7 +25489,7 @@ CVE-2022-24948 (A carefully crafted user preferences for submission could trigge
CVE-2022-24947 (Apache JSPWiki user preferences form is vulnerable to CSRF attacks, wh ...)
- jspwiki <removed>
CVE-2022-24946 (Improper Resource Locking vulnerability in Mitsubishi Electric MELSEC- ...)
- TODO: check
+ NOT-FOR-US: Mitsubishi
CVE-2022-24945
RESERVED
CVE-2022-24944
@@ -25738,7 +25738,7 @@ CVE-2022-24850 (Discourse is an open source platform for community discussion. A
CVE-2022-24849 (DisCatSharp is a Discord API wrapper for .NET. Users of versions 9.8.5 ...)
NOT-FOR-US: DisCatSharp
CVE-2022-24848 (DHIS2 is an information system for data capture, management, validatio ...)
- TODO: check
+ NOT-FOR-US: DHIS2i
CVE-2022-24847 (GeoServer is an open source software server written in Java that allow ...)
NOT-FOR-US: geoserver
CVE-2022-24846 (GeoWebCache is a tile caching server implemented in Java. The GeoWebCa ...)
@@ -25754,7 +25754,7 @@ CVE-2022-24842 (MinIO is a High Performance Object Storage released under GNU Af
CVE-2022-24841 (fleetdm/fleet is an open source device management, built on osquery. A ...)
NOT-FOR-US: Fleet
CVE-2022-24840 (django-s3file is a lightweight file upload input for Django and Amazon ...)
- TODO: check
+ NOT-FOR-US: django-s3file
CVE-2022-24839 (org.cyberneko.html is an html parser written in Java. The fork of `org ...)
- nekohtml <unfixed>
[bullseye] - nekohtml <no-dsa> (Minor issue)
@@ -26748,7 +26748,7 @@ CVE-2022-24564 (Checkmk <=2.0.0p19 contains a Cross Site Scripting (XSS) vuln
CVE-2022-24563 (In Genixcms v1.1.11, a stored Cross-Site Scripting (XSS) vulnerability ...)
NOT-FOR-US: Genixcms
CVE-2022-24562 (In IOBit IOTransfer 4.3.1.1561, an unauthenticated attacker can send G ...)
- TODO: check
+ NOT-FOR-US: IOBit
CVE-2022-24561
RESERVED
CVE-2022-24560
@@ -27448,7 +27448,7 @@ CVE-2022-24302 (In Paramiko before 2.10.1, a race condition (between creation an
- paramiko 2.10.3-1 (bug #1008012)
NOTE: https://github.com/paramiko/paramiko/commit/4c491e299c9b800358b16fa4886d8d94f45abe2e (2.10.1)
CVE-2022-24296 (Use of a Broken or Risky Cryptographic Algorithm vulnerability in Air ...)
- TODO: check
+ NOT-FOR-US: Mitsubishi
CVE-2022-24295 (Okta Advanced Server Access Client for Windows prior to version 1.57.0 ...)
NOT-FOR-US: Okta Advanced Server Access Client
CVE-2022-22986 (Netcommunity OG410X and OG810X series (Netcommunity OG410Xa, OG410Xi, ...)
@@ -28090,7 +28090,7 @@ CVE-2022-24129 (The OIDC OP plugin before 3.0.4 for Shibboleth Identity Provider
CVE-2022-24128 (Timescale TimescaleDB 1.x and 2.x before 2.5.2 may allow privilege esc ...)
NOT-FOR-US: Timescale TimescaleDB
CVE-2022-24127 (A Stored Cross-Site Scripting (XSS) vulnerability was discovered in Pr ...)
- TODO: check
+ NOT-FOR-US: REDCap
CVE-2022-24126 (A buffer overflow in the NRSessionSearchResult parser in Bandai Namco ...)
NOT-FOR-US: Bandai Namco FromSoftware Dark Souls III
CVE-2022-24125 (The matchmaking servers of Bandai Namco FromSoftware Dark Souls III th ...)
@@ -28304,7 +28304,7 @@ CVE-2022-24079
CVE-2022-24078
RESERVED
CVE-2022-24077 (Naver Cloud Explorer Beta allows the attacker to execute arbitrary cod ...)
- TODO: check
+ NOT-FOR-US: Naver Cloud Explorer
CVE-2022-24076
RESERVED
CVE-2022-24075 (Whale browser before 3.12.129.18 allowed extensions to replace JavaScr ...)
@@ -28730,7 +28730,7 @@ CVE-2021-46563 (This vulnerability allows remote attackers to execute arbitrary
CVE-2021-46562 (This vulnerability allows remote attackers to execute arbitrary code o ...)
NOT-FOR-US: Bentley
CVE-2022-24004 (A Stored Cross-Site Scripting (XSS) vulnerability was discovered in Me ...)
- TODO: check
+ NOT-FOR-US: REDCap
CVE-2022-24003 (Exposure of Sensitive Information vulnerability in Bixby Vision prior ...)
NOT-FOR-US: Samsung
CVE-2022-24002 (Improper Authorization vulnerability in Link Sharing prior to version ...)
@@ -28935,7 +28935,7 @@ CVE-2022-23943 (Out-of-bounds Write vulnerability in mod_sed of Apache HTTP Serv
CVE-2022-23942 (Apache Doris, prior to 1.0.0, used a hardcoded key and IV to initializ ...)
NOT-FOR-US: Apache Doris (different from src:doris)
CVE-2022-21184 (An information disclosure vulnerability exists in the License registra ...)
- TODO: check
+ NOT-FOR-US: Bachmann Visutec GmbH Atvise
CVE-2022-0368 (Out-of-bounds Read in GitHub repository vim/vim prior to 8.2. ...)
{DLA-2947-1}
- vim 2:8.2.4659-1
@@ -31924,11 +31924,11 @@ CVE-2022-23171
CVE-2022-23170
RESERVED
CVE-2022-23169 (attacker needs to craft a SQL payload. the vulnerable parameter is "ag ...)
- TODO: check
+ NOT-FOR-US: Amodat
CVE-2022-23168 (The attacker could get access to the database. The SQL injection is in ...)
- TODO: check
+ NOT-FOR-US: Amodat
CVE-2022-23167 (Attacker crafts a GET request to: /mobile/downloadfile.aspx? Filename ...)
- TODO: check
+ NOT-FOR-US: Amodat
CVE-2022-23166 (Sysaid – Sysaid Local File Inclusion (LFI) – An unauthenti ...)
NOT-FOR-US: SysAid
CVE-2022-23165 (Sysaid – Sysaid 14.2.0 Reflected Cross-Site Scripting (XSS) - Th ...)
@@ -32219,7 +32219,7 @@ CVE-2022-23073
CVE-2022-23072
RESERVED
CVE-2022-23071 (In Recipes, versions 0.9.1 through 1.2.5 are vulnerable to Server Side ...)
- TODO: check
+ NOT-FOR-US: Recipes
CVE-2022-23070
RESERVED
CVE-2022-23069
@@ -32516,7 +32516,7 @@ CVE-2022-22955 (VMware Workspace ONE Access has two authentication bypass vulner
CVE-2022-22954 (VMware Workspace ONE Access and Identity Manager contain a remote code ...)
NOT-FOR-US: VMware
CVE-2022-22953 (VMware HCX update addresses an information disclosure vulnerability. A ...)
- TODO: check
+ NOT-FOR-US: VMware
CVE-2022-22952 (VMware Carbon Black App Control (8.5.x prior to 8.5.14, 8.6.x prior to ...)
NOT-FOR-US: VMware
CVE-2022-22951 (VMware Carbon Black App Control (8.5.x prior to 8.5.14, 8.6.x prior to ...)
@@ -33287,7 +33287,7 @@ CVE-2022-22790 (SYNEL - eharmony Directory Traversal. Directory Traversal - is a
CVE-2022-22789 (Charactell - FormStorm Enterprise Account takeover – An attacker ...)
NOT-FOR-US: Charactell - FormStorm Enterprise
CVE-2022-22788 (The Zoom Opener installer is downloaded by a user from the Launch meet ...)
- TODO: check
+ NOT-FOR-US: Zoom
CVE-2022-22787 (The Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Wind ...)
NOT-FOR-US: Zoom
CVE-2022-22786 (The Zoom Client for Meetings for Windows before version 5.10.0 and Zoo ...)
@@ -33331,7 +33331,7 @@ CVE-2022-22769 (The Web server component of TIBCO Software Inc.'s TIBCO EBX, TIB
CVE-2022-22768
RESERVED
CVE-2022-22767 (Specific BD Pyxis™ products were installed with default credenti ...)
- TODO: check
+ NOT-FOR-US: BD Pyxis
CVE-2022-22766 (Hardcoded credentials are used in specific BD Pyxis products. If explo ...)
NOT-FOR-US: BD Pyxis
CVE-2022-22765 (BD Viper LT system, versions 2.0 and later, contains hardcoded credent ...)
@@ -33691,7 +33691,7 @@ CVE-2022-22710 (Windows Common Log File System Driver Denial of Service Vulnerab
CVE-2022-22709 (VP9 Video Extensions Remote Code Execution Vulnerability. ...)
NOT-FOR-US: Microsoft
CVE-2022-21806 (A use-after-free vulnerability exists in the mips_collector appsrv_ser ...)
- TODO: check
+ NOT-FOR-US: Anker Eufy Homebase
CVE-2022-0139 (Use After Free in GitHub repository radareorg/radare2 prior to 5.6.0. ...)
- radare2 <unfixed>
NOTE: https://huntr.dev/bounties/3dcb6f40-45cd-403b-929f-db123fde32c0/
@@ -35714,7 +35714,7 @@ CVE-2022-0012 (An improper link resolution before file access vulnerability exis
CVE-2022-0011 (PAN-OS software provides options to exclude specific websites from URL ...)
NOT-FOR-US: Palo Alto Networks
CVE-2021-45918 (NHI’s health insurance web service component has insufficient va ...)
- TODO: check
+ NOT-FOR-US: NHIs health insurance web service component
CVE-2021-45917 (The server-request receiver function of Shockwall system has an improp ...)
NOT-FOR-US: Shockwall system
CVE-2021-45916 (The programming function of Shockwall system has an improper input val ...)
@@ -36933,7 +36933,7 @@ CVE-2022-22261 (The HiAIserver has a vulnerability in verifying the validity of
CVE-2022-22260 (The kernel module has a UAF vulnerability.Successful exploitation of t ...)
NOT-FOR-US: HarmonyOS
CVE-2022-22259 (There is an improper authentication vulnerability in FLMG-10 10.0.1.0( ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2022-22258 (The Wi-Fi module has an event notification vulnerability.Successful ex ...)
NOT-FOR-US: Harmony OS
CVE-2022-22257 (The customization framework has a vulnerability of improper permission ...)
@@ -37239,7 +37239,7 @@ CVE-2022-22105
CVE-2022-22104
RESERVED
CVE-2022-22103 (Memory corruption in multimedia driver due to double free while proces ...)
- TODO: check
+ NOT-FOR-US: Snapdragon
CVE-2022-22102
RESERVED
CVE-2022-22101
@@ -37265,23 +37265,23 @@ CVE-2022-22092
CVE-2022-22091
RESERVED
CVE-2022-22090 (Memory corruption in audio due to use after free while managing buffer ...)
- TODO: check
+ NOT-FOR-US: Snapdragon
CVE-2022-22089
RESERVED
CVE-2022-22088
RESERVED
CVE-2022-22087 (memory corruption in video due to buffer overflow while parsing mkv cl ...)
- TODO: check
+ NOT-FOR-US: Snapdragon
CVE-2022-22086 (Memory corruption in video due to double free while parsing 3gp clip w ...)
- TODO: check
+ NOT-FOR-US: Snapdragon
CVE-2022-22085 (Memory corruption in video due to buffer overflow while reading the dt ...)
- TODO: check
+ NOT-FOR-US: Snapdragon
CVE-2022-22084 (Memory corruption when extracting qcp audio file due to lack of check ...)
- TODO: check
+ NOT-FOR-US: Snapdragon
CVE-2022-22083 (Denial of service due to memory corruption while extracting ape header ...)
- TODO: check
+ NOT-FOR-US: Snapdragon
CVE-2022-22082 (Memory corruption due to possible buffer overflow while parsing DSF he ...)
- TODO: check
+ NOT-FOR-US: Snapdragon
CVE-2022-22081
RESERVED
CVE-2022-22080
@@ -37301,23 +37301,23 @@ CVE-2022-22074
CVE-2022-22073
RESERVED
CVE-2022-22072 (Buffer overflow can occur due to improper validation of NDP applicatio ...)
- TODO: check
+ NOT-FOR-US: Snapdragon
CVE-2022-22071 (Possible use after free when process shell memory is freed using IOCTL ...)
- TODO: check
+ NOT-FOR-US: Snapdragon
CVE-2022-22070
RESERVED
CVE-2022-22069
RESERVED
CVE-2022-22068 (kernel event may contain unexpected content which is not generated by ...)
- TODO: check
+ NOT-FOR-US: Snapdragon
CVE-2022-22067
RESERVED
CVE-2022-22066
RESERVED
CVE-2022-22065 (Out of bound read in WLAN HOST due to improper length check can lead t ...)
- TODO: check
+ NOT-FOR-US: Snapdragon
CVE-2022-22064 (Possible buffer over read due to lack of size validation while unpacki ...)
- TODO: check
+ NOT-FOR-US: Snapdragon
CVE-2022-22063
RESERVED
CVE-2022-22062
@@ -37331,7 +37331,7 @@ CVE-2022-22059
CVE-2022-22058
RESERVED
CVE-2022-22057 (Use after free in graphics fence due to a race condition while closing ...)
- TODO: check
+ NOT-FOR-US: Snapdragon
CVE-2022-22056 (The Le-yan dental management system contains a hard-coded credentials ...)
NOT-FOR-US: Le-yan dental management system
CVE-2022-22055 (The Le-yan dental management system contains an SQL-injection vulnerab ...)
@@ -38033,13 +38033,13 @@ CVE-2022-22023
CVE-2022-22022
RESERVED
CVE-2022-22021 (Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability. ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-22020
RESERVED
CVE-2022-22019 (Remote Procedure Call Runtime Remote Code Execution Vulnerability. ...)
NOT-FOR-US: Microsoft
CVE-2022-22018 (HEVC Video Extensions Remote Code Execution Vulnerability. This CVE ID ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-22017 (Remote Desktop Client Remote Code Execution Vulnerability. ...)
NOT-FOR-US: Microsoft
CVE-2022-22016 (Windows PlayToManager Elevation of Privilege Vulnerability. ...)
@@ -38531,13 +38531,13 @@ CVE-2022-21940
CVE-2022-21939
RESERVED
CVE-2022-21938 (Under certain circumstances, a vulnerability in Metasys ADS/ADX/OAS 10 ...)
- TODO: check
+ NOT-FOR-US: Metasys
CVE-2022-21937 (Under certain circumstances, a vulnerability in Metasys ADS/ADX/OAS 10 ...)
- TODO: check
+ NOT-FOR-US: Metasys
CVE-2022-21936
RESERVED
CVE-2022-21935 (A vulnerability in Metasys ADS/ADX/OAS 10 versions prior to 10.1.5 and ...)
- TODO: check
+ NOT-FOR-US: Metasys
CVE-2022-21934 (Under certain circumstances an authenticated user could lock other use ...)
NOT-FOR-US: Johnson Controls Metasys
CVE-2021-45104 (An issue was discovered in HTCondor 9.0.x before 9.0.10 and 9.1.x befo ...)
@@ -39036,11 +39036,11 @@ CVE-2021-45028
CVE-2021-45027
RESERVED
CVE-2021-45026 (ASG technologies ASG-Zena Cross Platform Server Enterprise Edition 4.2 ...)
- TODO: check
+ NOT-FOR-US: ASG technologies
CVE-2021-45025 (ASG technologies ( A Rocket Software Company) ASG-Zena Cross Platform ...)
- TODO: check
+ NOT-FOR-US: ASG technologies
CVE-2021-45024 (ASG technologies ( A Rocket Software Company) ASG-Zena Cross Platform ...)
- TODO: check
+ NOT-FOR-US: ASG technologies
CVE-2021-45023
RESERVED
CVE-2021-45022
@@ -41346,7 +41346,7 @@ CVE-2021-44268
CVE-2021-44267
RESERVED
CVE-2021-44266 (GUnet Open eClass (aka openeclass) before 3.12.2 allows XSS via the mo ...)
- TODO: check
+ NOT-FOR-US: GUnet Open eClass
CVE-2021-44265
RESERVED
CVE-2021-44264
@@ -42176,7 +42176,7 @@ CVE-2021-3984 (vim is vulnerable to Heap-based Buffer Overflow ...)
CVE-2021-3983 (kimai2 is vulnerable to Improper Neutralization of Input During Web Pa ...)
NOT-FOR-US: kimai2
CVE-2022-21742 (Realtek USB driver has a buffer overflow vulnerability due to insuffic ...)
- TODO: check
+ NOT-FOR-US: Realtek
CVE-2021-44040 (Improper Input Validation vulnerability in request line parsing of Apa ...)
{DSA-5153-1}
- trafficserver 9.1.2+ds-1
@@ -43485,9 +43485,9 @@ CVE-2022-21506
CVE-2022-21505
RESERVED
CVE-2022-21504 (The code in UEK6 U3 was missing an appropiate file descriptor count to ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2022-21503 (Vulnerability in the Oracle Cloud Infrastructure product of Oracle Clo ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2022-21502
RESERVED
CVE-2022-21501
@@ -44123,11 +44123,11 @@ CVE-2021-43758
CVE-2021-43757
RESERVED
CVE-2021-43756 (Adobe Media Encoder versions 22.0, 15.4.2 (and earlier) are affected b ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2021-43755 (Adobe After Effects versions 22.0 (and earlier) and 18.4.2 (and earlie ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2021-43754 (Adobe Prelude version 22.1.1 (and earlier) is affected by a memory cor ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2021-43753
RESERVED
CVE-2021-43752 (Adobe Illustrator versions 25.4.2 (and earlier) and 26.0.1 (and earlie ...)
@@ -45403,11 +45403,11 @@ CVE-2021-43310
CVE-2021-43309
RESERVED
CVE-2021-43308 (An exponential ReDoS (Regular Expression Denial of Service) can be tri ...)
- TODO: check
+ NOT-FOR-US: Node markdown-link-extractor
CVE-2021-43307 (An exponential ReDoS (Regular Expression Denial of Service) can be tri ...)
- TODO: check
+ NOT-FOR-US: Node semver-regex
CVE-2021-43306 (An exponential ReDoS (Regular Expression Denial of Service) can be tri ...)
- TODO: check
+ NOT-FOR-US: Node jquery-validation
CVE-2021-43305 (Heap buffer overflow in Clickhouse's LZ4 compression codec when parsin ...)
- clickhouse <unfixed> (bug #1008216)
NOTE: https://github.com/ClickHouse/ClickHouse/commit/2aea1c8d4a5be320365472052d8a48bf69fd9fe9 (v21.9.1.7685)
@@ -46163,7 +46163,7 @@ CVE-2022-20827
CVE-2022-20826
RESERVED
CVE-2022-20825 (A vulnerability in the web-based management interface of Cisco Small B ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2022-20824
RESERVED
CVE-2022-20823
@@ -46175,11 +46175,11 @@ CVE-2022-20821 (A vulnerability in the health check RPM of Cisco IOS XR Software
CVE-2022-20820
RESERVED
CVE-2022-20819 (A vulnerability in the web-based management interface of Cisco Identit ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2022-20818
RESERVED
CVE-2022-20817 (A vulnerability in Cisco Unified IP Phones could allow an unauthentica ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2022-20816
RESERVED
CVE-2022-20815
@@ -46219,7 +46219,7 @@ CVE-2022-20800
CVE-2022-20799 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
NOT-FOR-US: Cisco
CVE-2022-20798 (A vulnerability in the external authentication functionality of Cisco ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2022-20797 (A vulnerability in the web-based management interface of Cisco Secure ...)
NOT-FOR-US: Cisco
CVE-2022-20796 (On May 4, 2022, the following vulnerability in the ClamAV scanning lib ...)
@@ -46364,13 +46364,13 @@ CVE-2022-20738 (A vulnerability in the Cisco Umbrella Secure Web Gateway service
CVE-2022-20737 (A vulnerability in the handler for HTTP authentication for resources a ...)
NOT-FOR-US: Cisco
CVE-2022-20736 (A vulnerability in the web-based management interface of Cisco AppDyna ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2022-20735 (A vulnerability in the web-based management interface of Cisco SD-WAN ...)
NOT-FOR-US: Cisco
CVE-2022-20734 (A vulnerability in Cisco SD-WAN vManage Software could allow an authen ...)
NOT-FOR-US: Cisco
CVE-2022-20733 (A vulnerability in the login page of Cisco Identity Services Engine (I ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2022-20732 (A vulnerability in the configuration file protections of Cisco Virtual ...)
NOT-FOR-US: Cisco
CVE-2022-20731 (Multiple vulnerabilities that affect Cisco Catalyst Digital Building S ...)
@@ -46513,7 +46513,7 @@ CVE-2022-20666 (Multiple vulnerabilities in the web-based management interface o
CVE-2022-20665 (A vulnerability in the CLI of Cisco StarOS could allow an authenticate ...)
NOT-FOR-US: Cisco
CVE-2022-20664 (A vulnerability in the web management interface of Cisco Secure Email ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2022-20663
RESERVED
CVE-2022-20662
@@ -47917,13 +47917,13 @@ CVE-2021-42737 (Adobe Prelude version 10.1 (and earlier) is affected by a memory
CVE-2021-42736
RESERVED
CVE-2021-42735 (Adobe Photoshop version 22.5.1 (and earlier versions ) is affected by ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2021-42734
RESERVED
CVE-2021-42733 (Adobe Bridge version 11.1.1 (and earlier) is affected by a Null pointe ...)
NOT-FOR-US: Adobe
CVE-2021-42732 (Access of Memory Location After End of Buffer (CWE-788) ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2021-42731 (Adobe InDesign versions 16.4 (and earlier) are affected by a Buffer Ov ...)
NOT-FOR-US: Adobe
CVE-2021-42730 (Adobe Bridge version 11.1.1 (and earlier) is affected by a memory corr ...)
@@ -48069,7 +48069,7 @@ CVE-2021-42677
CVE-2021-42676
RESERVED
CVE-2021-42675 (Kreado Kreasfero 1.5 does not properly sanitize uploaded files to the ...)
- TODO: check
+ NOT-FOR-US: Kreado Kreasfero
CVE-2021-42674
RESERVED
CVE-2021-42673
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/baef09b221d088534cbf2a4300e5374fa3db2354
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/baef09b221d088534cbf2a4300e5374fa3db2354
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220620/132eb9db/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list