[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Sat Mar 12 09:45:50 GMT 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
bead6034 by Salvatore Bonaccorso at 2022-03-12T10:45:25+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -747,7 +747,7 @@ CVE-2022-26651
CVE-2022-25943 (The installer of WPS Office for Windows versions prior to v11.2.0.1025 ...)
NOT-FOR-US: WPS Office for Windows
CVE-2022-0880 (Cross-site Scripting (XSS) - Stored in GitHub repository star7th/showd ...)
- TODO: check
+ NOT-FOR-US: ShowDoc
CVE-2022-26650
RESERVED
CVE-2022-26649
@@ -983,7 +983,7 @@ CVE-2022-26535
CVE-2022-26534
RESERVED
CVE-2022-26533 (Alist v2.1.0 and below was discovered to contain a cross-site scriptin ...)
- TODO: check
+ NOT-FOR-US: Alist
CVE-2022-25960
RESERVED
CVE-2022-0879
@@ -1715,7 +1715,7 @@ CVE-2022-26278
CVE-2022-26277
RESERVED
CVE-2022-26276 (An issue in index.php of OneNav v0.9.14 allows attackers to perform di ...)
- TODO: check
+ NOT-FOR-US: OneNav
CVE-2022-26275
RESERVED
CVE-2022-26274
@@ -4465,9 +4465,9 @@ CVE-2022-25271 (Drupal core's form API has a vulnerability where certain contrib
CVE-2022-25245
RESERVED
CVE-2022-25244 (Vault Enterprise clusters using the tokenization transform feature can ...)
- TODO: check
+ NOT-FOR-US: HashiCorp Vault
CVE-2022-25243 ("Vault and Vault Enterprise 1.8.0 through 1.8.8, and 1.9.3 allowed the ...)
- TODO: check
+ NOT-FOR-US: HashiCorp Vault
CVE-2022-25242 (In FileCloud before 21.3, file upload is not protected against Cross-S ...)
NOT-FOR-US: FileCloud
CVE-2022-25241 (In FileCloud before 21.3, the CSV user import functionality is vulnera ...)
@@ -6593,19 +6593,19 @@ CVE-2022-24423
CVE-2022-24422
RESERVED
CVE-2022-24421 (Dell BIOS contains an improper input validation vulnerability. A local ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2022-24420 (Dell BIOS contains an improper input validation vulnerability. A local ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2022-24419 (Dell BIOS contains an improper input validation vulnerability. A local ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2022-24418
RESERVED
CVE-2022-24417
RESERVED
CVE-2022-24416 (Dell BIOS contains an improper input validation vulnerability. A local ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2022-24415 (Dell BIOS contains an improper input validation vulnerability. A local ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2022-24414
RESERVED
CVE-2022-24413
@@ -27256,7 +27256,7 @@ CVE-2021-42579
CVE-2021-42578
RESERVED
CVE-2021-42577 (An issue was discovered in Softing OPC UA C++ SDK before 5.70. A malfo ...)
- TODO: check
+ NOT-FOR-US: Softing OPC UA C++ SDK
CVE-2021-42576 (The bluemonday sanitizer before 1.0.16 for Go, and before 0.0.8 for Py ...)
- golang-github-microcosm-cc-bluemonday 1.0.16-1
[bullseye] - golang-github-microcosm-cc-bluemonday <no-dsa> (Minor issue)
@@ -29260,7 +29260,7 @@ CVE-2021-3880
CVE-2021-3879 (snipe-it is vulnerable to Improper Neutralization of Input During Web ...)
NOT-FOR-US: snipe-it
CVE-2021-42262 (An issue was discovered in Softing OPC UA C++ SDK before 5.70. An inva ...)
- TODO: check
+ NOT-FOR-US: Softing OPC UA C++ SDK
CVE-2021-42261 (Revisor Video Management System (VMS) before 2.0.0 has a directory tra ...)
NOT-FOR-US: Revisor Video Management System (VMS)
CVE-2021-42260 (TinyXML through 2.6.2 has an infinite loop in TiXmlParsingData::Stamp ...)
@@ -30259,11 +30259,11 @@ CVE-2021-3850 (Authentication Bypass by Primary Weakness in GitHub repository ad
CVE-2021-3849
RESERVED
CVE-2021-41850 (An issue was discovered in Luna Simo PPR1.180610.011/202001031830. A p ...)
- TODO: check
+ NOT-FOR-US: Luna Simo
CVE-2021-41849 (An issue was discovered in Luna Simo PPR1.180610.011/202001031830. It ...)
- TODO: check
+ NOT-FOR-US: Luna Simo
CVE-2021-41848 (An issue was discovered in Luna Simo PPR1.180610.011/202001031830. It ...)
- TODO: check
+ NOT-FOR-US: Luna Simo
CVE-2021-41847 (An issue was discovered in 3xLogic Infinias Access Control through 6.7 ...)
NOT-FOR-US: 3xLogic
CVE-2021-41846
@@ -51595,7 +51595,7 @@ CVE-2021-33152
CVE-2021-33151
RESERVED
CVE-2021-33150 (Hardware allows activation of test or debug logic at runtime for some ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2021-33149
RESERVED
CVE-2021-33148
@@ -66496,11 +66496,11 @@ CVE-2021-27418
CVE-2021-27417
RESERVED
CVE-2021-27416 (An attacker could exploit this vulnerability in Hitachi ABB Power Grid ...)
- TODO: check
+ NOT-FOR-US: Hitachi ABB Power Grids Ellipse Enterprise Asset Management (EAM)
CVE-2021-27415
RESERVED
CVE-2021-27414 (An attacker could trick a user of Hitachi ABB Power Grids Ellipse Ente ...)
- TODO: check
+ NOT-FOR-US: Hitachi ABB Power Grids Ellipse Enterprise Asset Management (EAM)
CVE-2021-27413 (Omron CX-One Versions 4.60 and prior, including CX-Server Versions 5.0 ...)
NOT-FOR-US: Omron CX-One
CVE-2021-27412 (Delta Electronics DOPSoft Versions 4.0.10.17 and prior are vulnerable ...)
@@ -76652,7 +76652,7 @@ CVE-2021-23248
CVE-2021-23247
RESERVED
CVE-2021-23246 (In ACE2 ColorOS11, the attacker can obtain the foreground package name ...)
- TODO: check
+ NOT-FOR-US: ACE2 ColorOS11
CVE-2021-23245
RESERVED
CVE-2021-23244 (ColorOS pregrant dangerous permissions to apps which are listed in a w ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bead60345c5dcf840c111a862e72060915ffa24a
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bead60345c5dcf840c111a862e72060915ffa24a
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220312/624ae9b9/attachment.htm>
More information about the debian-security-tracker-commits
mailing list