[Git][security-tracker-team/security-tracker][master] 2 commits: Process NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Sat Mar 12 07:19:07 GMT 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
80883492 by Salvatore Bonaccorso at 2022-03-12T08:18:07+01:00
Process NFUs
- - - - -
f96df1e9 by Salvatore Bonaccorso at 2022-03-12T08:18:37+01:00
Add two CVEs for nextcloud-server
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -4394,19 +4394,19 @@ CVE-2022-25221
CVE-2022-25220 (PeteReport Version 0.5 allows an authenticated admin user to inject pe ...)
NOT-FOR-US: PeteReport
CVE-2022-25219 (A null byte interaction error has been discovered in the code that the ...)
- TODO: check
+ NOT-FOR-US: Phicomm
CVE-2022-25218 (The use of the RSA algorithm without OAEP, or any other padding scheme ...)
- TODO: check
+ NOT-FOR-US: Phicomm
CVE-2022-25217 (Use of a hard-coded cryptographic key pair by the telnetd_startup serv ...)
- TODO: check
+ NOT-FOR-US: Phicomm
CVE-2022-25216 (An absolute path traversal vulnerability allows a remote attacker to d ...)
- TODO: check
+ NOT-FOR-US: DVDFab Player
CVE-2022-25215 (Improper access control on the LocalMACConfig.asp interface allows an ...)
- TODO: check
+ NOT-FOR-US: Phicomm
CVE-2022-25214 (Improper access control on the LocalClientList.asp interface allows an ...)
- TODO: check
+ NOT-FOR-US: Phicomm
CVE-2022-25213 (Improper physical access control and use of hard-coded credentials in ...)
- TODO: check
+ NOT-FOR-US: Phicomm
CVE-2022-24915 (The absence of filters when loading some sections in the web applicati ...)
NOT-FOR-US: IPCOMM
CVE-2022-24432 (Persistent cross-site scripting (XSS) in the web interface of ipDIO al ...)
@@ -5603,7 +5603,7 @@ CVE-2022-24752
CVE-2022-24751
RESERVED
CVE-2022-24750 (UltraVNC is a free and open source remote pc access software. A vulner ...)
- TODO: check
+ NOT-FOR-US: UltraVNC
CVE-2022-24749
RESERVED
CVE-2022-24748 (Shopware is an open commerce platform based on the Symfony php Framewo ...)
@@ -5627,7 +5627,7 @@ CVE-2022-24740
CVE-2022-24739 (alltube is an html front end for youtube-dl. On releases prior to 3.0. ...)
NOT-FOR-US: alltube
CVE-2022-24738 (Evmos is the Ethereum Virtual Machine (EVM) Hub on the Cosmos Network. ...)
- TODO: check
+ NOT-FOR-US: Evmos
CVE-2022-24737 (HTTPie is a command-line HTTP client. HTTPie has the practical concept ...)
TODO: check
CVE-2022-24736
@@ -8413,27 +8413,27 @@ CVE-2022-23935 (lib/Image/ExifTool.pm in ExifTool before 12.38 mishandles a $fil
[stretch] - libimage-exiftool-perl <no-dsa> (Minor issue)
NOTE: https://github.com/exiftool/exiftool/commit/74dbab1d2766d6422bb05b033ac6634bf8d1f582 (12.38)
CVE-2022-23934 (Potential vulnerabilities have been identified in the system BIOS of c ...)
- TODO: check
+ NOT-FOR-US: HP
CVE-2022-23933 (Potential vulnerabilities have been identified in the system BIOS of c ...)
- TODO: check
+ NOT-FOR-US: HP
CVE-2022-23932 (Potential vulnerabilities have been identified in the system BIOS of c ...)
- TODO: check
+ NOT-FOR-US: HP
CVE-2022-23931 (Potential vulnerabilities have been identified in the system BIOS of c ...)
- TODO: check
+ NOT-FOR-US: HP
CVE-2022-23930 (Potential vulnerabilities have been identified in the system BIOS of c ...)
- TODO: check
+ NOT-FOR-US: HP
CVE-2022-23929 (Potential vulnerabilities have been identified in the system BIOS of c ...)
- TODO: check
+ NOT-FOR-US: HP
CVE-2022-23928 (Potential vulnerabilities have been identified in the system BIOS of c ...)
- TODO: check
+ NOT-FOR-US: HP
CVE-2022-23927 (Potential vulnerabilities have been identified in the system BIOS of c ...)
- TODO: check
+ NOT-FOR-US: HP
CVE-2022-23926 (Potential vulnerabilities have been identified in the system BIOS of c ...)
- TODO: check
+ NOT-FOR-US: HP
CVE-2022-23925 (Potential vulnerabilities have been identified in the system BIOS of c ...)
- TODO: check
+ NOT-FOR-US: HP
CVE-2022-23924 (Potential vulnerabilities have been identified in the system BIOS of c ...)
- TODO: check
+ NOT-FOR-US: HP
CVE-2022-23919
RESERVED
CVE-2022-23918
@@ -9356,9 +9356,9 @@ CVE-2022-23733
CVE-2022-23732
RESERVED
CVE-2022-23731 (V8 javascript engine (heap vulnerability) can cause privilege escalati ...)
- TODO: check
+ NOT-FOR-US: LG
CVE-2022-23730 (The public API error causes for the attacker to be able to bypass API ...)
- TODO: check
+ NOT-FOR-US: LG
CVE-2022-23729 (When the device is in factory state, it can be access the shell withou ...)
NOT-FOR-US: LGE
CVE-2022-23728 (Attacker can reset the device with AT Command in the process of reboot ...)
@@ -9594,7 +9594,7 @@ CVE-2022-23627 (ArchiSteamFarm (ASF) is a C# application with primary purpose of
CVE-2022-23626 (m1k1o/blog is a lightweight self-hosted facebook-styled PHP blog. Erro ...)
NOT-FOR-US: m1k1o/blog
CVE-2022-23625 (Wire-ios is a messaging application using the wire protocol on apple's ...)
- TODO: check
+ NOT-FOR-US: Wire-ios
CVE-2022-23624 (Frourio-express is a minimal full stack framework, for TypeScript. Fro ...)
NOT-FOR-US: Frourio-express
CVE-2022-23623 (Frourio is a full stack framework, for TypeScript. Frourio users who u ...)
@@ -10147,7 +10147,7 @@ CVE-2022-0282 (Code Injection in Packagist microweber/microweber prior to 1.2.11
CVE-2022-0281 (Exposure of Sensitive Information to an Unauthorized Actor in Packagis ...)
NOT-FOR-US: microweber
CVE-2022-0280 (A race condition vulnerability exists in the QuickClean feature of McA ...)
- TODO: check
+ NOT-FOR-US: McAfee
CVE-2022-0279 (The AnyComment WordPress plugin before 0.2.18 is affected by a race co ...)
NOT-FOR-US: WordPress plugin
CVE-2022-0278 (Cross-site Scripting (XSS) - Stored in Packagist microweber/microweber ...)
@@ -11177,7 +11177,7 @@ CVE-2022-23189 (Adobe Illustrator versions 25.4.3 (and earlier) and 26.0.2 (and
CVE-2022-23188 (Adobe Illustrator versions 25.4.3 (and earlier) and 26.0.2 (and earlie ...)
NOT-FOR-US: Adobe
CVE-2022-23187 (Adobe Illustrator version 26.0.3 (and earlier) is affected by a buffer ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2022-23186 (Adobe Illustrator versions 25.4.3 (and earlier) and 26.0.2 (and earlie ...)
NOT-FOR-US: Adobe
CVE-2022-23185
@@ -12508,7 +12508,7 @@ CVE-2022-22815 (path_getbbox in path.c in Pillow before 9.0.0 improperly initial
NOTE: https://pillow.readthedocs.io/en/stable/releasenotes/9.0.0.html#fixed-imagepath-path-array-handling
NOTE: https://github.com/python-pillow/Pillow/commit/1e092419b6806495c683043ab3feb6ce264f3b9c (9.0.0)
CVE-2022-22814 (The System Diagnosis service of MyASUS before 3.1.2.0 allows privilege ...)
- TODO: check
+ NOT-FOR-US: ASUS
CVE-2022-0155 (follow-redirects is vulnerable to Exposure of Private Personal Informa ...)
- node-follow-redirects 1.14.7+~1.13.1-1
[bullseye] - node-follow-redirects <no-dsa> (Minor issue)
@@ -18840,7 +18840,7 @@ CVE-2022-21821
CVE-2022-21820
RESERVED
CVE-2022-21819 (NVIDIA distributions of Jetson Linux contain a vulnerability where an ...)
- TODO: check
+ NOT-FOR-US: NVIDIA
CVE-2022-21818 (NVIDIA License System contains a vulnerability in the installation scr ...)
NOT-FOR-US: NVIDIA License System
CVE-2022-21817 (NVIDIA Omniverse Launcher contains a Cross-Origin Resource Sharing (CO ...)
@@ -19300,7 +19300,7 @@ CVE-2021-4071
CVE-2021-44674 (An information exposure issue has been discovered in Opmantek Open-Aud ...)
NOT-FOR-US: Open-AudIT
CVE-2021-44673 (A Remote Code Execution (RCE) vulnerability exists in Croogo 3.0.2via ...)
- TODO: check
+ NOT-FOR-US: Croogo
CVE-2021-44672
RESERVED
CVE-2021-44671
@@ -19312,7 +19312,7 @@ CVE-2021-44669
CVE-2021-44668
RESERVED
CVE-2021-44667 (A Cross Site Scripting (XSS) vulnerability exists in Nacos 2.0.3 in au ...)
- TODO: check
+ NOT-FOR-US: Nacos
CVE-2021-44666
RESERVED
CVE-2021-44665 (A Directory Traversal vulnerability exists in the Xerte Project Xerte ...)
@@ -19417,11 +19417,11 @@ CVE-2021-44622 (A Buffer Overflow vulnerability exists in TP-LINK WR-886N 201908
CVE-2021-44621
RESERVED
CVE-2021-44620 (A Command Injection vulnerability exits in TOTOLINK A3100R <=V4.1.2 ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2021-44619
RESERVED
CVE-2021-44618 (A Server-side Template Injection (SSTI) vulnerability exists in Nystud ...)
- TODO: check
+ NOT-FOR-US: Nystudio107 Seomatic
CVE-2021-44617
RESERVED
CVE-2021-44616
@@ -19463,7 +19463,7 @@ CVE-2021-44599 (The id parameter from Online Enrollment Management System 1.0 sy
CVE-2021-44598 (Attendance Management System 1.0 is affected by a Cross Site Scripting ...)
NOT-FOR-US: Attendance Management System
CVE-2021-44597 (An Access Control vunerabiity exists in Gerapy v 0.9.7 via the spider ...)
- TODO: check
+ NOT-FOR-US: Gerapy
CVE-2021-44596
RESERVED
CVE-2021-44595
@@ -19489,7 +19489,7 @@ CVE-2021-44587
CVE-2021-44586 (An issue was discovered in dst-admin v1.3.0. The product has an unauth ...)
NOT-FOR-US: dst-admin
CVE-2021-44585 (A Cross Site Scripting (XSS) vulnerabilitiy exits in jeecg-boot 3.0 in ...)
- TODO: check
+ NOT-FOR-US: jeecg-boot
CVE-2021-44584 (Cross-site scripting (XSS) vulnerability in index.php in emlog version ...)
NOT-FOR-US: emlog
CVE-2021-44583
@@ -26462,15 +26462,15 @@ CVE-2021-42859
CVE-2021-42858
RESERVED
CVE-2021-42857 (It was discovered that the SteelCentral AppInternals Dynamic Sampling ...)
- TODO: check
+ NOT-FOR-US: SteelCentral AppInternals Dynamic Sampling Agent's (DSA) AgentDaServlet
CVE-2021-42856 (It was discovered that the /DsaDataTest endpoint is susceptible to Cro ...)
TODO: check
CVE-2021-42855 (It was discovered that the SteelCentral AppInternals Dynamic Sampling ...)
- TODO: check
+ NOT-FOR-US: SteelCentral AppInternals Dynamic Sampling Agent (DSA)
CVE-2021-42854 (It was discovered that the SteelCentral AppInternals Dynamic Sampling ...)
- TODO: check
+ NOT-FOR-US: SteelCentral AppInternals Dynamic Sampling Agent (DSA)
CVE-2021-42853 (It was discovered that the SteelCentral AppInternals Dynamic Sampling ...)
- TODO: check
+ NOT-FOR-US: SteelCentral AppInternals Dynamic Sampling Agent (DSA)
CVE-2021-3902
RESERVED
CVE-2021-3901 (firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF) ...)
@@ -26620,9 +26620,9 @@ CVE-2021-42789
CVE-2021-42788
RESERVED
CVE-2021-42787 (It was discovered that the SteelCentral AppInternals Dynamic Sampling ...)
- TODO: check
+ NOT-FOR-US: SteelCentral AppInternals Dynamic Sampling Agent (DSA)
CVE-2021-42786 (It was discovered that the SteelCentral AppInternals Dynamic Sampling ...)
- TODO: check
+ NOT-FOR-US: SteelCentral AppInternals Dynamic Sampling Agent (DSA)
CVE-2021-42785 (Buffer Overflow vulnerability in tvnviewer.exe of TightVNC Viewer allo ...)
NOT-FOR-US: TightVNC Viewer
CVE-2021-42784 (OS Command Injection vulnerability in debug_fcgi of D-Link DWR-932C E1 ...)
@@ -28864,33 +28864,33 @@ CVE-2022-20062
CVE-2022-20061
RESERVED
CVE-2022-20060 (In preloader (usb), there is a possible permission bypass due to a mis ...)
- TODO: check
+ NOT-FOR-US: Mediatek
CVE-2022-20059 (In preloader (usb), there is a possible out of bounds write due to a m ...)
- TODO: check
+ NOT-FOR-US: Mediatek
CVE-2022-20058 (In preloader (usb), there is a possible out of bounds write due to a m ...)
- TODO: check
+ NOT-FOR-US: Mediatek
CVE-2022-20057 (In btif, there is a possible memory corruption due to incorrect error ...)
- TODO: check
+ NOT-FOR-US: Mediatek
CVE-2022-20056 (In preloader (usb), there is a possible out of bounds write due to a m ...)
- TODO: check
+ NOT-FOR-US: Mediatek
CVE-2022-20055 (In preloader (usb), there is a possible out of bounds write due to a m ...)
- TODO: check
+ NOT-FOR-US: Mediatek
CVE-2022-20054 (In ims service, there is a possible AT command injection due to a miss ...)
- TODO: check
+ NOT-FOR-US: Mediatek
CVE-2022-20053 (In ims service, there is a possible escalation of privilege due to a m ...)
- TODO: check
+ NOT-FOR-US: Mediatek
CVE-2022-20052
RESERVED
CVE-2022-20051 (In ims service, there is a possible unexpected application behavior du ...)
- TODO: check
+ NOT-FOR-US: Mediatek
CVE-2022-20050 (In connsyslogger, there is a possible symbolic link following due to i ...)
- TODO: check
+ NOT-FOR-US: Mediatek
CVE-2022-20049 (In vpu, there is a possible escalation of privilege due to a missing p ...)
- TODO: check
+ NOT-FOR-US: Mediatek
CVE-2022-20048 (In video decoder, there is a possible out of bounds write due to a mis ...)
- TODO: check
+ NOT-FOR-US: Mediatek
CVE-2022-20047 (In video decoder, there is a possible out of bounds write due to a mis ...)
- TODO: check
+ NOT-FOR-US: Mediatek
CVE-2022-20046 (In Bluetooth, there is a possible memory corruption due to a logic err ...)
NOT-FOR-US: MediaTek
CVE-2022-20045 (In Bluetooth, there is a possible service crash due to a use after fre ...)
@@ -31606,11 +31606,11 @@ CVE-2021-41243 (There is a Potential Zip Slip Vulnerability and OS Command Injec
CVE-2021-41242 (OpenOlat is a web-basedlearning management system. A path traversal vu ...)
NOT-FOR-US: OpenOlat
CVE-2021-41241 (Nextcloud server is a self hosted system designed to provide cloud sty ...)
- TODO: check
+ - nextcloud-server <itp> (bug #941708)
CVE-2021-41240
RESERVED
CVE-2021-41239 (Nextcloud server is a self hosted system designed to provide cloud sty ...)
- TODO: check
+ - nextcloud-server <itp> (bug #941708)
CVE-2021-41238 (Hangfire is an open source system to perform background job processing ...)
NOT-FOR-US: Hangfire
CVE-2021-41237
@@ -46436,7 +46436,7 @@ CVE-2021-35253
CVE-2021-35252
RESERVED
CVE-2021-35251 (Sensitive information could be displayed when a detailed technical err ...)
- TODO: check
+ NOT-FOR-US: Solarwinds
CVE-2021-35250
RESERVED
CVE-2021-35249
@@ -49014,7 +49014,7 @@ CVE-2021-34124
CVE-2021-34123
RESERVED
CVE-2021-34122 (The function bitstr_tell at bitstr.c in ffjpeg commit 4ab404e has a NU ...)
- TODO: check
+ NOT-FOR-US: ffjpeg
CVE-2021-34121
RESERVED
CVE-2021-34120
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/4c013dc4882528a35f0bead9f3048b99ea337f10...f96df1e9b050349dd1d8cc1d017545734ee0bbcc
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/4c013dc4882528a35f0bead9f3048b99ea337f10...f96df1e9b050349dd1d8cc1d017545734ee0bbcc
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220312/8d28c3c8/attachment.htm>
More information about the debian-security-tracker-commits
mailing list