[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Mar 10 09:43:47 GMT 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
e21f13e3 by Salvatore Bonaccorso at 2022-03-10T10:43:26+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -472,7 +472,7 @@ CVE-2022-26654
CVE-2022-26653
RESERVED
CVE-2022-26652 (NATS nats-server before 2.7.4 allows Directory Traversal (with write a ...)
- TODO: check
+ NOT-FOR-US: nats-server
CVE-2022-26651
RESERVED
CVE-2022-25943 (The installer of WPS Office for Windows versions prior to v11.2.0.1025 ...)
@@ -5471,11 +5471,11 @@ CVE-2022-24736
CVE-2022-24735
RESERVED
CVE-2022-24734 (MyBB is a free and open source forum software. In affected versions th ...)
- TODO: check
+ NOT-FOR-US: MyBB
CVE-2022-24733
RESERVED
CVE-2022-24732 (Maddy Mail Server is an open source SMTP compatible email server. Vers ...)
- TODO: check
+ NOT-FOR-US: Maddy Mail Server
CVE-2022-24731
RESERVED
CVE-2022-24730
@@ -5912,7 +5912,7 @@ CVE-2022-24620 (Piwigo version 12.2.0 is vulnerable to stored cross-site scripti
CVE-2022-24619
RESERVED
CVE-2022-24618 (Heimdal.Wizard.exe installer in Heimdal Premium Security 2.5.395 and e ...)
- TODO: check
+ NOT-FOR-US: Heimdal Premium Security
CVE-2022-24617
RESERVED
CVE-2022-24616
@@ -6655,9 +6655,9 @@ CVE-2022-0481 (NULL Pointer Dereference in Homebrew mruby prior to 3.2. ...)
CVE-2022-24324
RESERVED
CVE-2022-24323 (A CWE-754: Improper Check for Unusual or Exceptional Conditions vulner ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2022-24322 (A CWE-119: Improper Restriction of Operations within the Bounds of a M ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2022-24321 (A CWE-754: Improper Check for Unusual or Exceptional Conditions vulner ...)
NOT-FOR-US: Schneider Electric
CVE-2022-24320 (A CWE-295: Improper Certificate Validation vulnerability exists that c ...)
@@ -6910,9 +6910,9 @@ CVE-2022-0438
CVE-2021-46670
RESERVED
CVE-2022-24286 (Acer QuickAccess 2.01.300x before 2.01.3030 and 3.00.30xx before 3.00. ...)
- TODO: check
+ NOT-FOR-US: Acer
CVE-2022-24285 (Acer Care Center 4.00.30xx before 4.00.3042 contains a local privilege ...)
- TODO: check
+ NOT-FOR-US: Acer
CVE-2022-24284
RESERVED
CVE-2022-24283
@@ -8715,7 +8715,7 @@ CVE-2021-46410
CVE-2021-46409
RESERVED
CVE-2021-46408 (Tenda AX12 v22.03.01.21 was discovered to contain a stack buffer overf ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2021-46407
RESERVED
CVE-2021-46406
@@ -10625,55 +10625,55 @@ CVE-2022-0239 (corenlp is vulnerable to Improper Restriction of XML External Ent
CVE-2022-0238 (phoronix-test-suite is vulnerable to Cross-Site Request Forgery (CSRF) ...)
- phoronix-test-suite <removed>
CVE-2022-23301 (HEVC Video Extensions Remote Code Execution Vulnerability. This CVE ID ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-23300 (Raw Image Extension Remote Code Execution Vulnerability. This CVE ID i ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-23299 (Windows PDEV Elevation of Privilege Vulnerability. ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-23298 (Windows NT OS Kernel Elevation of Privilege Vulnerability. ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-23297 (Windows NT Lan Manager Datagram Receiver Driver Information Disclosure ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-23296 (Windows Installer Elevation of Privilege Vulnerability. ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-23295 (Raw Image Extension Remote Code Execution Vulnerability. This CVE ID i ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-23294 (Windows Event Tracing Remote Code Execution Vulnerability. ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-23293 (Windows Fast FAT File System Driver Elevation of Privilege Vulnerabili ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-23292
RESERVED
CVE-2022-23291 (Windows DWM Core Library Elevation of Privilege Vulnerability. This CV ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-23290 (Windows Inking COM Elevation of Privilege Vulnerability. ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-23289
RESERVED
CVE-2022-23288 (Windows DWM Core Library Elevation of Privilege Vulnerability. This CV ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-23287 (Windows ALPC Elevation of Privilege Vulnerability. This CVE ID is uniq ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-23286 (Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerab ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-23285 (Remote Desktop Client Remote Code Execution Vulnerability. This CVE ID ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-23284 (Windows Print Spooler Elevation of Privilege Vulnerability. ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-23283 (Windows ALPC Elevation of Privilege Vulnerability. This CVE ID is uniq ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-23282 (Paint 3D Remote Code Execution Vulnerability. ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-23281 (Windows Common Log File System Driver Information Disclosure Vulnerabi ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-23280 (Microsoft Outlook for Mac Security Feature Bypass Vulnerability. ...)
NOT-FOR-US: Microsoft
CVE-2022-23279
RESERVED
CVE-2022-23278 (Microsoft Defender for Endpoint Spoofing Vulnerability. ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-23277 (Microsoft Exchange Server Remote Code Execution Vulnerability. ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-23276 (SQL Server for Linux Containers Elevation of Privilege Vulnerability. ...)
NOT-FOR-US: Microsoft
CVE-2022-23275
@@ -10695,9 +10695,9 @@ CVE-2022-23268
CVE-2022-23267
RESERVED
CVE-2022-23266 (Microsoft Defender for IoT Elevation of Privilege Vulnerability. ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-23265 (Microsoft Defender for IoT Remote Code Execution Vulnerability. ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-23264
RESERVED
CVE-2022-23263 (Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. ...)
@@ -10721,7 +10721,7 @@ CVE-2022-23255 (Microsoft OneDrive for Android Security Feature Bypass Vulnerabi
CVE-2022-23254 (Microsoft Power BI Information Disclosure Vulnerability. ...)
NOT-FOR-US: Microsoft
CVE-2022-23253 (Point-to-Point Tunneling Protocol Denial of Service Vulnerability. ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-23252 (Microsoft Office Information Disclosure Vulnerability. ...)
NOT-FOR-US: Microsoft
CVE-2022-23251
@@ -12348,9 +12348,9 @@ CVE-2022-22808 (A CWE-942: Permissive Cross-domain Policy with Untrusted Domains
CVE-2022-22807 (A CWE-1021 Improper Restriction of Rendered UI Layers or Frames vulner ...)
NOT-FOR-US: Schneider Electric
CVE-2022-22806 (A CWE-294: Authentication Bypass by Capture-replay vulnerability exist ...)
- TODO: check
+ NOT-FOR-US: schneider Electric
CVE-2022-22805 (A CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer ...)
- TODO: check
+ NOT-FOR-US: schneider Electric
CVE-2022-22804 (A CWE-79: Improper Neutralization of Input During Web Page Generation ...)
NOT-FOR-US: Schneider Electric
CVE-2022-22803
@@ -13189,7 +13189,7 @@ CVE-2022-22549
CVE-2022-22548
RESERVED
CVE-2022-22547 (Simple Diagnostics Agent - versions 1.0 (up to version 1.57.), allows ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2022-22546 (Due to improper HTML encoding in input control summary, an authorized ...)
NOT-FOR-US: SAP
CVE-2022-22545 (A high privileged user who has access to transaction SM59 can read con ...)
@@ -13443,7 +13443,7 @@ CVE-2022-22513
CVE-2022-22512
RESERVED
CVE-2022-22511 (Various configuration pages of the device are vulnerable to reflected ...)
- TODO: check
+ NOT-FOR-US: VDE
CVE-2022-22510 (Codesys Profinet in version V4.2.0.0 is prone to null pointer derefere ...)
NOT-FOR-US: Codesys
CVE-2022-22509 (In Phoenix Contact FL SWITCH Series 2xxx in version 3.00 an incorrect ...)
@@ -14725,7 +14725,7 @@ CVE-2022-0024
CVE-2022-0023
RESERVED
CVE-2022-0022 (Usage of a weak cryptographic algorithm in Palo Alto Networks PAN-OS s ...)
- TODO: check
+ NOT-FOR-US: Palo Alto Networks
CVE-2022-0021 (An information exposure through log file vulnerability exists in the P ...)
NOT-FOR-US: Palo Alto Networks
CVE-2022-0020 (A stored cross-site scripting (XSS) vulnerability in Palo Alto Network ...)
@@ -17052,15 +17052,15 @@ CVE-2022-22012
CVE-2022-22011
RESERVED
CVE-2022-22010 (Media Foundation Information Disclosure Vulnerability. This CVE ID is ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-22009
RESERVED
CVE-2022-22008
RESERVED
CVE-2022-22007 (HEVC Video Extensions Remote Code Execution Vulnerability. This CVE ID ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-22006 (HEVC Video Extensions Remote Code Execution Vulnerability. This CVE ID ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-22005 (Microsoft SharePoint Server Remote Code Execution Vulnerability. ...)
NOT-FOR-US: Microsoft
CVE-2022-22004 (Microsoft Office ClickToRun Remote Code Execution Vulnerability. ...)
@@ -17092,7 +17092,7 @@ CVE-2022-21992 (Windows Mobile Device Management Remote Code Execution Vulnerabi
CVE-2022-21991 (Visual Studio Code Remote Development Extension Remote Code Execution ...)
NOT-FOR-US: Microsoft
CVE-2022-21990 (Remote Desktop Client Remote Code Execution Vulnerability. This CVE ID ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-21989 (Windows Kernel Elevation of Privilege Vulnerability. ...)
NOT-FOR-US: Microsoft
CVE-2022-21988 (Microsoft Office Visio Remote Code Execution Vulnerability. ...)
@@ -17118,15 +17118,15 @@ CVE-2022-21979
CVE-2022-21978
RESERVED
CVE-2022-21977 (Media Foundation Information Disclosure Vulnerability. This CVE ID is ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-21976
RESERVED
CVE-2022-21975 (Windows Hyper-V Denial of Service Vulnerability. ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-21974 (Roaming Security Rights Management Services Remote Code Execution Vuln ...)
NOT-FOR-US: Microsoft
CVE-2022-21973 (Windows Media Center Update Denial of Service Vulnerability. ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-21972
RESERVED
CVE-2022-21971 (Windows Runtime Remote Code Execution Vulnerability. ...)
@@ -17138,7 +17138,7 @@ CVE-2022-21969 (Microsoft Exchange Server Remote Code Execution Vulnerability. T
CVE-2022-21968 (Microsoft SharePoint Server Security Feature BypassVulnerability. ...)
NOT-FOR-US: Microsoft
CVE-2022-21967 (Xbox Live Auth Manager for Windows Elevation of Privilege Vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-21966
RESERVED
CVE-2022-21965 (Microsoft Teams Denial of Service Vulnerability. ...)
@@ -18865,7 +18865,7 @@ CVE-2021-44752
CVE-2021-44751
RESERVED
CVE-2021-44750 (An arbitrary code execution vulnerability was found in the F-Secure Su ...)
- TODO: check
+ NOT-FOR-US: F-Secure
CVE-2021-44749 (A vulnerability affecting F-Secure SAFE browser protection was discove ...)
NOT-FOR-US: F-Secure
CVE-2021-44748 (A vulnerability affecting F-Secure SAFE browser was discovered whereby ...)
@@ -19209,27 +19209,27 @@ CVE-2021-44634
CVE-2021-44633
RESERVED
CVE-2021-44632 (A Buffer Overflow vulnerability exists in TP-LINK WR-886N 20190826 2.3 ...)
- TODO: check
+ NOT-FOR-US: TP-LINK
CVE-2021-44631 (A Buffer Overflow vulnerability exists in TP-LINK WR-886N 20190826 2.3 ...)
- TODO: check
+ NOT-FOR-US: TP-LINK
CVE-2021-44630 (A Buffer Overflow vulnerability exists in TP-LINK WR-886N 20190826 2.3 ...)
- TODO: check
+ NOT-FOR-US: TP-LINK
CVE-2021-44629 (A Buffer Overflow vulnerabilitiy exists in TP-LINK WR-886N 20190826 2. ...)
- TODO: check
+ NOT-FOR-US: TP-LINK
CVE-2021-44628 (A Buffer Overflow vulnerabiltiy exists in TP-LINK WR-886N 20190826 2.3 ...)
- TODO: check
+ NOT-FOR-US: TP-LINK
CVE-2021-44627 (A Buffer Overflow vulnerability exists in TP-LINK WR-886N 20190826 2.3 ...)
- TODO: check
+ NOT-FOR-US: TP-LINK
CVE-2021-44626 (A Buffer Overflow vulnerability exists in TP-LINK WR-886N 20190826 2.3 ...)
- TODO: check
+ NOT-FOR-US: TP-LINK
CVE-2021-44625 (A Buffer Overflow vulnerability exists in TP-LINK WR-886N 20190826 2.3 ...)
- TODO: check
+ NOT-FOR-US: TP-LINK
CVE-2021-44624
RESERVED
CVE-2021-44623 (A Buffer Overflow vulnerability exists in TP-LINK WR-886N 20190826 2.3 ...)
- TODO: check
+ NOT-FOR-US: TP-LINK
CVE-2021-44622 (A Buffer Overflow vulnerability exists in TP-LINK WR-886N 20190826 2.3 ...)
- TODO: check
+ NOT-FOR-US: TP-LINK
CVE-2021-44621
RESERVED
CVE-2021-44620
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e21f13e32b8660b33966fa069e3252c13f6f873c
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e21f13e32b8660b33966fa069e3252c13f6f873c
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220310/5dc4fc47/attachment.htm>
More information about the debian-security-tracker-commits
mailing list