[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Mon Oct 3 07:08:36 BST 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
0ffec4fe by Salvatore Bonaccorso at 2022-10-03T07:42:22+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -17259,7 +17259,7 @@ CVE-2022-35255 [Weak randomness in WebCrypto keygen]
CVE-2022-35254
RESERVED
CVE-2022-35253 (A vulnerability exists in Hyperledger Fabric <2.4 could allow an at ...)
- TODO: check
+ NOT-FOR-US: Hyperledger Fabric
CVE-2022-35252 (When curl is used to retrieve and parse cookies from a HTTP(S) server, ...)
- curl 7.85.0-1 (bug #1018831)
[bullseye] - curl 7.74.0-1.3+deb11u3
@@ -24337,7 +24337,7 @@ CVE-2022-32542
CVE-2022-32541
RESERVED
CVE-2022-32540 (Information Disclosure in Operator Client application in BVMS 10.1.1, ...)
- TODO: check
+ NOT-FOR-US: Information Disclosure in Operator Client application in BVMS nd VIDEOJET Decoder VJD-7513
CVE-2022-32539
RESERVED
CVE-2022-32538
@@ -30748,7 +30748,7 @@ CVE-2022-30428 (In ginadmin through 05-10-2022, the incoming path value is not f
CVE-2022-30427 (In ginadmin through 05-10-2022 the incoming path value is not filtered ...)
NOT-FOR-US: ginadmin
CVE-2022-30426 (There is a stack buffer overflow vulnerability, which could lead to ar ...)
- TODO: check
+ NOT-FOR-US: Acer
CVE-2022-30425 (Tenda Technology Co.,Ltd HG6 3.3.0-210926 was discovered to contain a ...)
NOT-FOR-US: Tenda
CVE-2022-30424
@@ -31651,7 +31651,7 @@ CVE-2022-30122 [Denial of Service Vulnerability in Rack Multipart Parsing]
NOTE: https://groups.google.com/g/ruby-security-ann/c/L2Axto442qk
NOTE: https://github.com/advisories/GHSA-hxqx-xwvh-44m2
CVE-2022-30121 (The “LANDesk(R) Management Agent” service exposes a socket ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2022-30120 (XSS in /dashboard/blocks/stacks/view_details/ - old browsers only. Whe ...)
NOT-FOR-US: Concrete CMS
CVE-2022-30119 (XSS in /dashboard/reports/logs/view - old browsers only. When using In ...)
@@ -48434,7 +48434,7 @@ CVE-2022-0496 (A vulnerbiility was found in Openscad, where a DXF-format drawing
NOTE: https://github.com/openscad/openscad/issues/4037
NOTE: Crash in CLI tool, no security impact
CVE-2022-0495 (The library automation system product KOHA developed by Parantez Tekno ...)
- TODO: check
+ NOT-FOR-US: KOHA library automation system
CVE-2022-0494 (A kernel information leak flaw was identified in the scsi_ioctl functi ...)
{DSA-5173-1 DSA-5161-1 DLA-3065-1}
- linux 5.16.14-1
@@ -60438,7 +60438,7 @@ CVE-2021-45037
CVE-2021-45036
RESERVED
CVE-2021-45035 (Velneo vClient on its 28.1.3 version, does not correctly check the cer ...)
- TODO: check
+ NOT-FOR-US: Velneo vClient
CVE-2021-45034 (A vulnerability has been identified in CP-8000 MASTER MODULE WITH I/O ...)
NOT-FOR-US: Siemens
CVE-2021-45033 (A vulnerability has been identified in CP-8000 MASTER MODULE WITH I/O ...)
@@ -74042,15 +74042,15 @@ CVE-2021-41439
CVE-2021-41438
REJECTED
CVE-2021-41437 (An HTTP response splitting attack in web application in ASUS RT-AX88U ...)
- TODO: check
+ NOT-FOR-US: ASUS
CVE-2021-41436 (An HTTP request smuggling in web application in ASUS ROG Rapture GT-AX ...)
NOT-FOR-US: ASUS
CVE-2021-41435 (A brute-force protection bypass in CAPTCHA protection in ASUS ROG Rapt ...)
NOT-FOR-US: ASUS
CVE-2021-41434 (A stored Cross-Site Scripting (XSS) vulnerability exists in version 1. ...)
- TODO: check
+ NOT-FOR-US: Expense Management System application
CVE-2021-41433 (SQL Injection vulnerability exists in version 1.0 of the Resumes Manag ...)
- TODO: check
+ NOT-FOR-US: Resumes Management and Job Application Website application
CVE-2021-41432 (A stored cross-site scripting (XSS) vulnerability exists in FlatPress ...)
NOT-FOR-US: FlatPress
CVE-2021-41431
@@ -77695,7 +77695,7 @@ CVE-2021-40026 (There is a Heap-based buffer overflow vulnerability in the AOD m
CVE-2021-40025 (The eID module has a vulnerability that causes the memory to be used w ...)
NOT-FOR-US: Huawei
CVE-2021-40024 (Implementation of the WLAN module interfaces has the information discl ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2021-40023 (Configuration defects in the secure OS module. Successful exploitation ...)
NOT-FOR-US: Huawei
CVE-2021-40022 (The weaver module has a vulnerability in parameter type verification,S ...)
@@ -77709,7 +77709,7 @@ CVE-2021-40019 (Out-of-bounds heap read vulnerability in the HW_KEYMASTER module
CVE-2021-40018 (The eID module has a null pointer reference vulnerability. Successful ...)
NOT-FOR-US: Huawei
CVE-2021-40017 (The HW_KEYMASTER module lacks the validity check of the key format. Su ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2021-40016 (Improper permission control vulnerability in the Bluetooth module.Succ ...)
NOT-FOR-US: Huawei
CVE-2021-40015 (There is a race condition vulnerability in the binder driver subsystem ...)
@@ -79798,7 +79798,7 @@ CVE-2021-39191 (mod_auth_openidc is an authentication/authorization module for t
NOTE: https://github.com/zmartzone/mod_auth_openidc/commit/03e6bfb446f4e3f27c003d30d6a433e5dd8e2b3d
NOTE: https://github.com/zmartzone/mod_auth_openidc/issues/672
CVE-2021-39190 (The SCCM plugin for GLPI is a plugin to synchronize computers from SCC ...)
- TODO: check
+ NOT-FOR-US: SCCM plugin for GLPI
CVE-2021-39189 (Pimcore is an open source data & experience management platform. I ...)
NOT-FOR-US: Pimcore
CVE-2021-39188
@@ -85628,7 +85628,7 @@ CVE-2021-36867 (Stored Cross-Site Scripting (XSS) vulnerability in Alexander Ust
CVE-2021-36866 (Authenticated (author or higher role) Stored Cross-Site Scripting (XSS ...)
NOT-FOR-US: WordPress plugin
CVE-2021-36865 (Insecure direct object references (IDOR) vulnerability in ExpressTech ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-36864
RESERVED
CVE-2021-36863
@@ -85648,9 +85648,9 @@ CVE-2021-36857 (Authenticated (editor+) Stored Cross-Site Scripting (XSS) vulner
CVE-2021-36856
RESERVED
CVE-2021-36855 (Cross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF) vulne ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-36854 (Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in Booking ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-36853
RESERVED
CVE-2021-36852 (Cross-Site Request Forgery (CSRF) vulnerability in ThimPress WP Hotel ...)
@@ -85680,7 +85680,7 @@ CVE-2021-36841 (Authenticated Stored Cross-Site Scripting (XSS) vulnerability in
CVE-2021-36840
RESERVED
CVE-2021-36839 (Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-36838
RESERVED
CVE-2021-36837
@@ -85698,7 +85698,7 @@ CVE-2021-36832 (WordPress Popups, Welcome Bar, Optins and Lead Generation Plugin
CVE-2021-36831
RESERVED
CVE-2021-36830 (Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-36829 (Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability ...)
NOT-FOR-US: WordPress plugin
CVE-2021-36828 (Authenticated (admin+) Stored Cross-Site Scripting (XSS) in WP Mainten ...)
@@ -90101,7 +90101,7 @@ CVE-2021-35038
CVE-2021-35037 (Jamf Pro before 10.30.1 allows for an unvalidated URL redirect vulnera ...)
NOT-FOR-US: Jamf Pro
CVE-2021-35036 (A cleartext storage of information vulnerability in the Zyxel VMG3625- ...)
- TODO: check
+ NOT-FOR-US: Zyxel
CVE-2021-35035 (A cleartext storage of sensitive information vulnerability in the Zyxe ...)
NOT-FOR-US: Zyxel
CVE-2021-35034 (An insufficient session expiration vulnerability in the CGI program of ...)
@@ -94171,7 +94171,7 @@ CVE-2021-33356 (Multiple privilege escalation vulnerabilities in RaspAP 1.5 to 2
CVE-2021-33355
RESERVED
CVE-2021-33354 (Directory Traversal vulnerability in htmly before 2.8.1 allows remote ...)
- TODO: check
+ NOT-FOR-US: htmly
CVE-2021-33353
RESERVED
CVE-2021-33352
@@ -108268,7 +108268,7 @@ CVE-2021-28054 (An issue was discovered in Centreon-Web in Centreon Platform 20.
CVE-2021-28053 (An issue was discovered in Centreon-Web in Centreon Platform 20.10.0. ...)
- centreon-web <itp> (bug #913903)
CVE-2021-28052 (A tenant administrator Hitachi Content Platform (HCP) may modify the c ...)
- TODO: check
+ NOT-FOR-US: Hitachi
CVE-2021-28051
RESERVED
CVE-2021-28050
@@ -137234,9 +137234,9 @@ CVE-2021-0945
CVE-2021-0944
RESERVED
CVE-2021-0943 (In MMU_MapPages of TBD, there is a possible out of bounds write due to ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2021-0942 (The path in this case is a little bit convoluted. The end result is th ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2021-0941 (In bpf_skb_change_head of filter.c, there is a possible out of bounds ...)
- linux 5.10.28-1
[buster] - linux 4.19.194-1
@@ -137407,7 +137407,7 @@ CVE-2021-0873
CVE-2021-0872
RESERVED
CVE-2021-0871 (In PVRSRVBridgePMRPDumpSymbolicAddr of the PowerVR kernel driver, a mi ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2021-0870 (In RW_SetActivatedTagType of rw_main.cc, there is possible memory corr ...)
NOT-FOR-US: Android
CVE-2021-0869 (In GetTimeStampAndPkt of DumpstateDevice.cpp, there is a possible out ...)
@@ -137758,7 +137758,7 @@ CVE-2021-0699
CVE-2021-0698 (In PVRSRVBridgeHeapCfgHeapDetails, there is a possible leak of kernel ...)
NOT-FOR-US: Android
CVE-2021-0697 (In PVRSRVRGXSubmitTransferKM of rgxtransfer.c, there is a possible use ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2021-0696
RESERVED
CVE-2021-0695 (In get_sock_stat of xt_qtaguid.c, there is a possible out of bounds re ...)
@@ -181906,7 +181906,7 @@ CVE-2020-11017 (In FreeRDP less than or equal to 2.0.0, by providing manipulated
CVE-2020-11016 (IntelMQ Manager from version 1.1.0 and before version 2.1.1 has a vuln ...)
NOT-FOR-US: IntelMQ Manager
CVE-2020-11015 (A vulnerability has been disclosed in thinx-device-api IoT Device Mana ...)
- TODO: check
+ NOT-FOR-US: thinx-device-api IoT Device Management Server
CVE-2020-11014 (Electron-Cash-SLP before version 3.6.2 has a vulnerability. All token ...)
NOT-FOR-US: Electron-Cash-SLP
CVE-2020-11013 (Their is an information disclosure vulnerability in Helm from version ...)
@@ -251904,7 +251904,7 @@ CVE-2019-5643 (Computing For Good's Basic Laboratory Information System (also kn
CVE-2019-5642 (Rapid7 Metasploit Pro version 4.16.0-2019081901 and prior suffers from ...)
NOT-FOR-US: Rapid7 Metasploit Pro
CVE-2019-5641 (Rapid7 InsightVM suffers from an information exposure issue whereby, w ...)
- TODO: check
+ NOT-FOR-US: Rapid7 InsightVM
CVE-2019-5640 (Rapid7 Nexpose versions prior to 6.6.114 suffer from an information ex ...)
NOT-FOR-US: Rapid7 Nexpose
CVE-2019-5639
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0ffec4fe0504136a29a9e330d49246575ce27d29
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0ffec4fe0504136a29a9e330d49246575ce27d29
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221003/85e62c20/attachment.htm>
More information about the debian-security-tracker-commits
mailing list