[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Mar 2 21:10:39 GMT 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
e748e338 by Salvatore Bonaccorso at 2022-03-02T22:10:09+01:00
Process NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -3531,7 +3531,7 @@ CVE-2022-25018 (Pluxml v5.8.7 was discovered to allow attackers to execute arbit
CVE-2022-25017
RESERVED
CVE-2022-25016 (Home Owners Collection Management System v1.0 was discovered to contai ...)
- TODO: check
+ NOT-FOR-US: Home Owners Collection Management System
CVE-2022-25015 (A stored cross-site scripting (XSS) vulnerability in Ice Hrm 30.0.0.OS ...)
NOT-FOR-US: Ice Hrm
CVE-2022-25014 (Ice Hrm 30.0.0.OS was discovered to contain a reflected cross-site scr ...)
@@ -4967,7 +4967,7 @@ CVE-2022-24448 (An issue was discovered in fs/nfs/dir.c in the Linux kernel befo
- linux 5.16.7-1
NOTE: Fixed by: https://git.kernel.org/linus/ac795161c93699d600db16c1a8cc23a65a1eceaf (5.17-rc2)
CVE-2022-24447 (An issue was discovered in Zoho ManageEngine Key Manager Plus before 6 ...)
- TODO: check
+ NOT-FOR-US: Zoho ManageEngine
CVE-2022-24446 (An issue was discovered in Zoho ManageEngine Key Manager Plus 6.1.6. A ...)
NOT-FOR-US: Zoho ManageEngine
CVE-2022-24445
@@ -5405,9 +5405,9 @@ CVE-2022-24308
CVE-2022-24307 (Mastodon before 3.3.2 and 3.4.x before 3.4.6 has incorrect access cont ...)
NOT-FOR-US: Mastodon
CVE-2022-24306 (Zoho ManageEngine SharePoint Manager Plus before 4329 allows account t ...)
- TODO: check
+ NOT-FOR-US: Zoho ManageEngine
CVE-2022-24305 (Zoho ManageEngine SharePoint Manager Plus before 4329 is vulnerable to ...)
- TODO: check
+ NOT-FOR-US: Zoho ManageEngine
CVE-2022-24304
RESERVED
CVE-2022-24303
@@ -5762,15 +5762,15 @@ CVE-2022-24257
CVE-2022-24256
RESERVED
CVE-2022-24255 (Extensis Portfolio v4.0 was discovered to contain hardcoded credential ...)
- TODO: check
+ NOT-FOR-US: Extensis Portfolio
CVE-2022-24254 (An unrestricted file upload vulnerability in the Backup/Restore Archiv ...)
- TODO: check
+ NOT-FOR-US: Extensis Portfolio
CVE-2022-24253 (Extensis Portfolio v4.0 was discovered to contain an authenticated unr ...)
- TODO: check
+ NOT-FOR-US: Extensis Portfolio
CVE-2022-24252 (An unrestricted file upload vulnerability in the FileTransferServlet c ...)
- TODO: check
+ NOT-FOR-US: Extensis Portfolio
CVE-2022-24251 (Extensis Portfolio v4.0 was discovered to contain an authenticated unr ...)
- TODO: check
+ NOT-FOR-US: Extensis Portfolio
CVE-2022-24250
RESERVED
CVE-2022-24249 (A Null Pointer Dereference vulnerability exists in GPAC 1.1.0 via the ...)
@@ -6698,9 +6698,9 @@ CVE-2022-23990 (Expat (aka libexpat) before 2.4.4 has an integer overflow in the
CVE-2022-23989
RESERVED
CVE-2022-23988 (The WS Form LITE and Pro WordPress plugins before 1.8.176 do not sanit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-23987 (The WS Form LITE and Pro WordPress plugins before 1.8.176 do not sanit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-23984 (Sensitive information disclosure discovered in wpDiscuz WordPress plug ...)
NOT-FOR-US: WordPress plugin
CVE-2022-23983 (Cross-Site Request Forgery (CSRF) vulnerability leading to plugin Sett ...)
@@ -6988,9 +6988,9 @@ CVE-2022-23909
CVE-2022-23908
RESERVED
CVE-2022-23907 (CMS Made Simple v2.2.15 was discovered to contain a reflected cross-si ...)
- TODO: check
+ NOT-FOR-US: CMS Made Simple
CVE-2022-23906 (CMS Made Simple v2.2.15 was discovered to contain a Remote Command Exe ...)
- TODO: check
+ NOT-FOR-US: CMS Made Simple
CVE-2022-23905
RESERVED
CVE-2022-23904
@@ -7046,7 +7046,7 @@ CVE-2022-23880
CVE-2022-23879
RESERVED
CVE-2022-23878 (seacms V11.5 is affected by an arbitrary code execution vulnerability ...)
- TODO: check
+ NOT-FOR-US: seacms
CVE-2022-23877
RESERVED
CVE-2022-23876
@@ -7744,7 +7744,7 @@ CVE-2022-0316
CVE-2022-0315
RESERVED
CVE-2022-23779 (Zoho ManageEngine Desktop Central before 10.1.2137.8 exposes the insta ...)
- TODO: check
+ NOT-FOR-US: Zoho ManageEngine
CVE-2022-23778
RESERVED
CVE-2022-23777
@@ -8759,7 +8759,7 @@ CVE-2022-23389 (PublicCMS v4.0 was discovered to contain a remote code execution
CVE-2022-23388
RESERVED
CVE-2022-23387 (An issue was discovered in taocms 3.0.2. This is a SQL blind injection ...)
- TODO: check
+ NOT-FOR-US: taocms
CVE-2022-23386
RESERVED
CVE-2022-23385
@@ -8773,13 +8773,13 @@ CVE-2022-23382
CVE-2022-23381
RESERVED
CVE-2022-23380 (There is a SQL injection vulnerability in the background of taocms 3.0 ...)
- TODO: check
+ NOT-FOR-US: taocms
CVE-2022-23379 (Emlog v6.0 was discovered to contain a SQL injection vulnerability via ...)
NOT-FOR-US: Emlog
CVE-2022-23378 (A Cross-Site Scripting (XSS) vulnerability exists within the 3.2.2 ver ...)
NOT-FOR-US: TastyIgniter
CVE-2022-23377 (Archeevo below 5.0 is affected by local file inclusion through file=~/ ...)
- TODO: check
+ NOT-FOR-US: Archeevo
CVE-2022-23376 (WikiDocs version 0.1.18 has multiple reflected XSS vulnerabilities on ...)
NOT-FOR-US: WikiDocs
CVE-2022-23375 (WikiDocs version 0.1.18 has an authenticated remote code execution vul ...)
@@ -8963,7 +8963,7 @@ CVE-2021-46389 (IIPImage High Resolution Streaming Image Server prior to commit
CVE-2021-46388 (** DISPUTED ** WAGO 750-8212 PFC200 G2 2ETH RS Firmware version 03.05. ...)
NOT-FOR-US: WAGO
CVE-2021-46387 (ZyXEL ZyWALL 2 Plus Internet Security Appliance is affected by Cross S ...)
- TODO: check
+ NOT-FOR-US: ZyXEL
CVE-2021-46386 (https://gitee.com/mingSoft/MCMS MCMS <=5.2.5 is affected by: File U ...)
NOT-FOR-US: MCMS
CVE-2021-46385 (https://gitee.com/mingSoft/MCMS MCMS <=5.2.5 is affected by: SQL In ...)
@@ -12533,13 +12533,13 @@ CVE-2022-22305
CVE-2022-22304
RESERVED
CVE-2022-22303 (An exposure of sensitive system information to an unauthorized control ...)
- TODO: check
+ NOT-FOR-US: FortiGuard
CVE-2022-22302
RESERVED
CVE-2022-22301 (An improper neutralization of special elements used in an OS Command v ...)
- TODO: check
+ NOT-FOR-US: FortiGuard
CVE-2022-22300 (A improper handling of insufficient permissions or privileges in Forti ...)
- TODO: check
+ NOT-FOR-US: FortiGuard
CVE-2022-22299
RESERVED
CVE-2022-22298
@@ -13283,7 +13283,7 @@ CVE-2021-4189 [ftplib should not use the host from the PASV response]
NOTE: https://github.com/python/cpython/commit/4134f154ae2f621f25c5d698cc0f1748035a1b88 (v3.6.14)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2036020
CVE-2022-22262 (ROG Live Service’s function for deleting temp files created by i ...)
- TODO: check
+ NOT-FOR-US: ROG Live
CVE-2022-0077
RESERVED
CVE-2022-0076
@@ -13587,15 +13587,15 @@ CVE-2021-45866
CVE-2021-45865
RESERVED
CVE-2021-45864 (tsMuxer git-c6a0277 was discovered to contain a segmentation fault via ...)
- TODO: check
+ NOT-FOR-US: tsMuxer
CVE-2021-45863 (tsMuxer git-2678966 was discovered to contain a heap-based buffer over ...)
- TODO: check
+ NOT-FOR-US: tsMuxer
CVE-2021-45862
RESERVED
CVE-2021-45861 (There is an Assertion `num <= INT_BIT' failed at BitStreamReader::s ...)
- TODO: check
+ NOT-FOR-US: tsMuxer
CVE-2021-45860 (An integer overflow in DTSStreamReader::findFrame() of tsMuxer git-267 ...)
- TODO: check
+ NOT-FOR-US: tsMuxer
CVE-2021-45859
RESERVED
CVE-2021-45858
@@ -14600,7 +14600,7 @@ CVE-2021-4155
NOTE: https://git.kernel.org/linus/983d8e60f50806f90534cc5373d0ce867e5aaf79 (5.16)
NOTE: https://www.openwall.com/lists/oss-security/2022/01/10/1
CVE-2020-36510 (The 15Zine WordPress theme before 3.3.0 does not sanitise and escape t ...)
- TODO: check
+ NOT-FOR-US: WordPress theme
CVE-2022-22261
RESERVED
CVE-2022-22260
@@ -15170,7 +15170,7 @@ CVE-2021-45416 (Reflected Cross-site scripting (XSS) vulnerability in RosarioSIS
CVE-2021-45415
RESERVED
CVE-2021-45414 (A Remote Code Execution (RCE) vulnerability exists in DataRobot throug ...)
- TODO: check
+ NOT-FOR-US: DataRobot
CVE-2021-45413
RESERVED
CVE-2021-45412
@@ -17526,7 +17526,7 @@ CVE-2021-44749
CVE-2021-44748
RESERVED
CVE-2021-44747 (A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Lin ...)
- TODO: check
+ NOT-FOR-US: F-Secure
CVE-2021-44746 (UNIVERGE DT 820 V3.2.7.0 and prior, UNIVERGE DT 830 V5.2.7.0 and prior ...)
NOT-FOR-US: UNIVERGE
CVE-2021-44745
@@ -18307,7 +18307,7 @@ CVE-2021-4040
RESERVED
NOT-FOR-US: Red Hat AMQ Broker
CVE-2021-4039 (A command injection vulnerability in the web interface of the Zyxel NW ...)
- TODO: check
+ NOT-FOR-US: Zyxel
CVE-2021-44520
RESERVED
CVE-2021-44519
@@ -18719,13 +18719,13 @@ CVE-2021-44344
CVE-2021-44343
RESERVED
CVE-2021-44342 (David Brackeen ok-file-formats 203defd is vulnerable to Buffer Overflo ...)
- TODO: check
+ NOT-FOR-US: ok-file-formats
CVE-2021-44341
RESERVED
CVE-2021-44340 (David Brackeen ok-file-formats dev version is vulnerable to Buffer Ove ...)
- TODO: check
+ NOT-FOR-US: ok-file-formats
CVE-2021-44339 (David Brackeen ok-file-formats 203defd is vulnerable to Buffer Overflo ...)
- TODO: check
+ NOT-FOR-US: ok-file-formats
CVE-2021-44338
RESERVED
CVE-2021-44337
@@ -18735,13 +18735,13 @@ CVE-2021-44336
CVE-2021-44335
RESERVED
CVE-2021-44334 (David Brackeen ok-file-formats 97f78ca is vulnerable to Buffer Overflo ...)
- TODO: check
+ NOT-FOR-US: ok-file-formats
CVE-2021-44333
RESERVED
CVE-2021-44332
RESERVED
CVE-2021-44331 (ARM astcenc 3.2.0 is vulnerable to Buffer Overflow in function encode_ ...)
- TODO: check
+ NOT-FOR-US: ARM astcenc
CVE-2021-44330
RESERVED
CVE-2021-44329
@@ -18933,7 +18933,7 @@ CVE-2021-44240
CVE-2021-44239
RESERVED
CVE-2021-44238 (AyaCMS 3.1.2 is vulnerable to Remote Code Execution (RCE) via /aya/mod ...)
- TODO: check
+ NOT-FOR-US: AyaCMS
CVE-2021-44237
RESERVED
CVE-2021-44236
@@ -19278,7 +19278,7 @@ CVE-2021-44168 (A download of code without integrity check vulnerability in the
CVE-2021-44167
RESERVED
CVE-2021-44166 (An improper access control vulnerability [CWE-284 ] in FortiToken Mobi ...)
- TODO: check
+ NOT-FOR-US: FortiGuard
CVE-2021-44165 (A vulnerability has been identified in POWER METER SICAM Q100 (All ver ...)
NOT-FOR-US: Siemens
CVE-2021-44164 (Chain Sea ai chatbot system’s file upload function has insuffici ...)
@@ -20283,7 +20283,7 @@ CVE-2021-43947 (Affected versions of Atlassian Jira Server and Data Center allow
CVE-2021-43946 (Affected versions of Atlassian Jira Server and Data Center allow authe ...)
NOT-FOR-US: Atlassian
CVE-2021-43945 (Affected versions of Atlassian Jira Server and Data Center allow remot ...)
- TODO: check
+ NOT-FOR-US: Atlassian
CVE-2021-43944
RESERVED
CVE-2021-43943 (Affected versions of Atlassian Jira Service Management Server and Data ...)
@@ -24351,7 +24351,7 @@ CVE-2021-43088
CVE-2021-43087
RESERVED
CVE-2021-43086 (ARM astcenc 3.2.0 is vulnerable to Buffer Overflow. When the compressi ...)
- TODO: check
+ NOT-FOR-US: ARM astcenc
CVE-2021-43085
RESERVED
CVE-2021-43084
@@ -24386,11 +24386,11 @@ CVE-2021-43079
CVE-2021-43078
RESERVED
CVE-2021-43077 (A improper neutralization of special elements used in an sql command ( ...)
- TODO: check
+ NOT-FOR-US: FortiGuard
CVE-2021-43076
RESERVED
CVE-2021-43075 (A improper neutralization of special elements used in an os command (' ...)
- TODO: check
+ NOT-FOR-US: FortiGuard
CVE-2021-43074
RESERVED
CVE-2021-43073 (A improper neutralization of special elements used in an os command (' ...)
@@ -24400,7 +24400,7 @@ CVE-2021-43072
CVE-2021-43071 (A heap-based buffer overflow in Fortinet FortiWeb version 6.4.1 and 6. ...)
NOT-FOR-US: FortiGuard
CVE-2021-43070 (Multiple relative path traversal vulnerabilities [CWE-23] in FortiWLM ...)
- TODO: check
+ NOT-FOR-US: FortiGuard
CVE-2021-43069
RESERVED
CVE-2021-43068 (A improper authentication in Fortinet FortiAuthenticator version 6.4.0 ...)
@@ -24730,7 +24730,7 @@ CVE-2021-42953
CVE-2021-42952 (Zepl Notebooks before 2021-10-25 are affected by a sandbox escape vuln ...)
NOT-FOR-US: Zepl Notebooks
CVE-2021-42951 (A Remote Code Execution (RCE) vulnerability exists in Algorithmia MSOL ...)
- TODO: check
+ NOT-FOR-US: Algorithmia MSOL
CVE-2021-42950
RESERVED
CVE-2021-42949
@@ -29083,7 +29083,7 @@ CVE-2021-41654
CVE-2021-41653 (The PING function on the TP-Link TL-WR840N EU v5 router with firmware ...)
NOT-FOR-US: TP-Link
CVE-2021-41652 (Insecure permissions in the file database.sdb of BatFlat CMS v1.3.6 al ...)
- TODO: check
+ NOT-FOR-US: BatFlat CMS
CVE-2021-41651 (A blind SQL injection vulnerability exists in the Raymart DG / Ahmed H ...)
NOT-FOR-US: Raymart DG / Ahmed Helal Hotel-mgmt-system
CVE-2021-41650
@@ -29957,7 +29957,7 @@ CVE-2021-41284
CVE-2021-41283
RESERVED
CVE-2021-41282 (diag_routes.php in pfSense 2.5.2 allows sed data injection. Authentica ...)
- TODO: check
+ NOT-FOR-US: pfSense
CVE-2021-41281 (Synapse is a package for Matrix homeservers written in Python 3/Twiste ...)
- matrix-synapse 1.47.1-1 (bug #1000451)
NOTE: https://github.com/matrix-org/synapse/security/advisories/GHSA-3hfw-x7gx-437c
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e748e3382915f3d12ea583e3e4707e659ea47195
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e748e3382915f3d12ea583e3e4707e659ea47195
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220302/0a67ad1d/attachment.htm>
More information about the debian-security-tracker-commits
mailing list