[Git][security-tracker-team/security-tracker][master] 2 commits: Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu May 19 22:16:27 BST 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
05089897 by Salvatore Bonaccorso at 2022-05-19T23:16:01+02:00
Process some NFUs
- - - - -
5fe05400 by Salvatore Bonaccorso at 2022-05-19T23:16:01+02:00
Track two issues for octoprint, itp'ed
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1493,9 +1493,9 @@ CVE-2022-30620
CVE-2022-30619
RESERVED
CVE-2022-30618 (An authenticated user with access to the Strapi admin panel can view p ...)
- TODO: check
+ NOT-FOR-US: Strapi
CVE-2022-30617 (An authenticated user with access to the Strapi admin panel can view p ...)
- TODO: check
+ NOT-FOR-US: Strapi
CVE-2022-29525
RESERVED
CVE-2022-28704
@@ -1776,7 +1776,7 @@ CVE-2022-26344
CVE-2022-25976
RESERVED
CVE-2022-1670 (When generating a user invitation code in Octopus Server, the validity ...)
- TODO: check
+ NOT-FOR-US: Octopus Server
CVE-2022-1669
RESERVED
CVE-2022-1668
@@ -3224,7 +3224,7 @@ CVE-2022-30020
CVE-2022-30019
RESERVED
CVE-2022-30018 (Mobotix Control Center (MxCC) through 2.5.4.5 has Insufficiently Prote ...)
- TODO: check
+ NOT-FOR-US: Mobotix Control Center (MxCC)
CVE-2022-30017
RESERVED
CVE-2022-30016
@@ -4590,11 +4590,11 @@ CVE-2022-1432 (Cross-site Scripting (XSS) - Generic in GitHub repository octopri
CVE-2022-1431 (An issue has been discovered in GitLab affecting all versions starting ...)
TODO: check
CVE-2022-1430 (Cross-site Scripting (XSS) - DOM in GitHub repository octoprint/octopr ...)
- TODO: check
+ - octoprint <itp> (bug #718591)
CVE-2022-1429 (SQL injection in GridHelperService.php in GitHub repository pimcore/pi ...)
NOT-FOR-US: pimcore
CVE-2022-1428 (An issue has been discovered in GitLab affecting all versions before 1 ...)
- TODO: check
+ - octoprint <itp> (bug #718591)
CVE-2022-29582 (In the Linux kernel before 5.17.3, fs/io_uring.c has a use-after-free ...)
{DSA-5127-1}
- linux 5.17.3-1
@@ -4996,13 +4996,13 @@ CVE-2022-29451 (Cross-Site Request Forgery (CSRF) leading to Arbitrary File Uplo
CVE-2022-29450
RESERVED
CVE-2022-29449 (Authenticated (contributor or higher user role) Stored Cross-Site Scri ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-29448
RESERVED
CVE-2022-29447
RESERVED
CVE-2022-29446 (Authenticated (administrator or higher role) Local File Inclusion (LFI ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-29445 (Authenticated (administrator or higher role) Local File Inclusion (LFI ...)
NOT-FOR-US: WordPress plugin
CVE-2022-29444 (Plugin Settings Change leading to Cross-Site Scripting (XSS) vulnerabi ...)
@@ -7855,11 +7855,11 @@ CVE-2021-46780 (The Easy Google Maps WordPress plugin before 1.9.32 does not esc
CVE-2022-28351
RESERVED
CVE-2022-28350 (Arm Mali GPU Kernel Driver allows improper GPU operations in Valhall r ...)
- TODO: check
+ NOT-FOR-US: ARM Mali GPU driver
CVE-2022-28349 (Arm Mali GPU Kernel Driver has a use-after-free: Midgard r28p0 through ...)
- TODO: check
+ NOT-FOR-US: ARM Mali GPU driver
CVE-2022-28348 (Arm Mali GPU Kernel Driver (Midgard r4p0 through r31p0, Bifrost r0p0 t ...)
- TODO: check
+ NOT-FOR-US: ARM Mali GPU driver
CVE-2022-28347 (A SQL injection issue was discovered in QuerySet.explain() in Django 2 ...)
- python-django 2:3.2.13-1 (bug #1009677)
[stretch] - python-django <not-affected> (Vulnerable code not present)
@@ -9281,7 +9281,7 @@ CVE-2022-27949
CVE-2022-27948 (** DISPUTED ** Certain Tesla vehicles through 2022-03-26 allow attacke ...)
NOT-FOR-US: Tesla
CVE-2022-1110 (A buffer overflow vulnerability in Lenovo Smart Standby Driver prior t ...)
- TODO: check
+ NOT-FOR-US: Lenovo
CVE-2022-1109
RESERVED
CVE-2022-1108 (A potential vulnerability due to improper buffer validation in the SMI ...)
@@ -34498,7 +34498,7 @@ CVE-2021-3971 (A potential vulnerability by a driver used during older manufactu
CVE-2021-3970 (A potential vulnerability in LenovoVariable SMI Handler due to insuffi ...)
NOT-FOR-US: Lenovo
CVE-2021-3969 (A Time of Check Time of Use (TOCTOU) vulnerability was reported in IMC ...)
- TODO: check
+ NOT-FOR-US: Lenovo
CVE-2021-3968 (vim is vulnerable to Heap-based Buffer Overflow ...)
- vim 2:8.2.3995-1 (bug #1001900)
[bullseye] - vim <no-dsa> (Minor issue)
@@ -36236,9 +36236,9 @@ CVE-2022-21151 (Processor optimization removal or modification of security-criti
CVE-2022-21138
RESERVED
CVE-2022-21136 (Improper input validation for some Intel(R) Xeon(R) Processors may all ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-21131 (Improper access control for some Intel(R) Xeon(R) Processors may allow ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2021-3960 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
NOT-FOR-US: Bitdefender
CVE-2021-3959 (A Server-Side Request Forgery (SSRF) vulnerability in the EPPUpdateSer ...)
@@ -36600,7 +36600,7 @@ CVE-2021-43584
CVE-2021-43583
RESERVED
CVE-2021-3956 (A read-only authentication bypass vulnerability was reported in the Th ...)
- TODO: check
+ NOT-FOR-US: Lenovo
CVE-2021-3955
RESERVED
CVE-2021-3954
@@ -37613,7 +37613,7 @@ CVE-2021-43257 (Lack of Neutralization of Formula Elements in the CSV API of Man
CVE-2021-3923
RESERVED
CVE-2021-3922 (A race condition vulnerability was reported in IMController, a softwar ...)
- TODO: check
+ NOT-FOR-US: Lenovo
CVE-2021-43267 (An issue was discovered in net/tipc/crypto.c in the Linux kernel befor ...)
- linux 5.14.16-1
[bullseye] - linux 5.10.84-1
@@ -39629,15 +39629,15 @@ CVE-2021-3901 (firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF) ..
CVE-2021-3900 (firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF) ...)
NOT-FOR-US: firefly-iii
CVE-2021-42852 (A command injection vulnerability was reported in some Lenovo Personal ...)
- TODO: check
+ NOT-FOR-US: Lenovo
CVE-2021-42851 (A vulnerability was reported in some Lenovo Personal Cloud Storage dev ...)
- TODO: check
+ NOT-FOR-US: Lenovo
CVE-2021-42850 (A weak default administrator password for the web interface and serial ...)
- TODO: check
+ NOT-FOR-US: Lenovo
CVE-2021-42849 (A weak default password for the serial port was reported in some Lenov ...)
- TODO: check
+ NOT-FOR-US: Lenovo
CVE-2021-42848 (An information disclosure vulnerability was reported in some Lenovo Pe ...)
- TODO: check
+ NOT-FOR-US: Lenovo
CVE-2021-3899
RESERVED
CVE-2021-3898 (Versions of Motorola Ready For and Motorola Device Help Android applic ...)
@@ -40374,7 +40374,7 @@ CVE-2021-23225 (Cacti 1.1.38 allows authenticated users with User Management per
NOTE: overlap with CVE-2020-7106 (registered earlier, but issue above is from 2018) which refactors user_admin.php XSS protection
NOTE: input (not output) validation not addressed, malicious username still can be created after fix
CVE-2022-0005 (Sensitive information accessible by physical probing of JTAG interface ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-0004 (Hardware debug modes and processor INIT setting that allow override of ...)
TODO: check
CVE-2022-0003
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/90d887e936c0eb4068f88bfb557d096baf99a276...5fe054002f1ee03cdd29de9436b014341c66a7f4
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/90d887e936c0eb4068f88bfb557d096baf99a276...5fe054002f1ee03cdd29de9436b014341c66a7f4
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220519/edc278b4/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list