[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Fri Feb 17 18:49:14 GMT 2023
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
7d158218 by Moritz Muehlenhoff at 2023-02-17T19:47:54+01:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -44732,7 +44732,6 @@ CVE-2022-37454 (The Keccak XKCP SHA-3 reference implementation before fdc6fef ha
NOTE: OpenSSL sha3 delegation added in https://github.com/python/cpython/commit/d5b3f6b7f9fc74438009af63f1de01bd77be9385 (v3.9.0b1)
NOTE: https://python-security.readthedocs.io/vuln/sha3-buffer-overflow.html
NOTE: pypy3 fix: https://foss.heptapod.net/pypy/pypy/-/commit/860b897b2611a4099ef9c63ce848fdec89c74b31
- TODO: check affected packages
CVE-2022-37453 (An issue was discovered in Softing OPC UA C++ SDK before 6.10. A buffe ...)
NOT-FOR-US: Softing
CVE-2022-2708 (A vulnerability, which was classified as critical, was found in Source ...)
@@ -46055,7 +46054,7 @@ CVE-2021-4238 (Randomly-generated alphanumeric strings contain significantly les
CVE-2021-4237
RESERVED
CVE-2021-4236 (Web Sockets do not execute any AuthenticateMethod methods which may be ...)
- TODO: check
+ NOT-FOR-US: ecnepsnai/web
CVE-2021-4235 (Due to unbounded alias chasing, a maliciously crafted YAML file can ca ...)
- golang-yaml.v2 2.2.8-1
[buster] - golang-yaml.v2 <postponed> (Limited support, minor issue, DoS, follow bullseye DSAs/point-releases)
@@ -74952,7 +74951,7 @@ CVE-2022-26875
CVE-2022-26873 (A potential attacker can execute an arbitrary code at the time of the ...)
NOT-FOR-US: AMI
CVE-2022-26872 (AMI Megarac Password reset interception via API ...)
- TODO: check
+ NOT-FOR-US: AMI
CVE-2022-26871 (An arbitrary file upload vulnerability in Trend Micro Apex Central cou ...)
NOT-FOR-US: Trend Micro
CVE-2022-26870 (Dell PowerStore versions 2.1.0.x contain an Authentication bypass vuln ...)
@@ -76454,7 +76453,7 @@ CVE-2022-26350
CVE-2022-26345 (Uncontrolled search path element in the Intel(R) oneAPI Toolkit OpenMP ...)
NOT-FOR-US: Intel
CVE-2022-26343 (Improper access control in the BIOS firmware for some Intel(R) Process ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-26337 (Trend Micro Password Manager (Consumer) installer version 5.0.0.1262 a ...)
NOT-FOR-US: Trend Micro
CVE-2022-26336 (A shortcoming in the HMEF package of poi-scratchpad (Apache POI) allow ...)
@@ -77179,7 +77178,7 @@ CVE-2022-26117 (An empty password in configuration file vulnerability [CWE-258]
CVE-2022-26116 (Multiple improper neutralization of special elements used in SQL comma ...)
NOT-FOR-US: Fortiguard FortiNAC
CVE-2022-26115 (A use of password hash with insufficient computational effort vulnerab ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2022-26114 (An improper neutralization of input during web page generation vulnera ...)
NOT-FOR-US: FortiGuard
CVE-2022-26113 (An execution with unnecessary privileges vulnerability [CWE-250] in Fo ...)
@@ -77358,7 +77357,7 @@ CVE-2022-25981
CVE-2022-25979 (Versions of the package jsuites before 5.0.1 are vulnerable to Cross-s ...)
TODO: check
CVE-2022-25978 (All versions of the package github.com/usememos/memos/server are vulne ...)
- TODO: check
+ NOT-FOR-US: github.com/usememos/memos/server
CVE-2022-25977
RESERVED
CVE-2022-25975
@@ -77372,7 +77371,7 @@ CVE-2022-25971
CVE-2022-25970
RESERVED
CVE-2022-25967 (Versions of the package eta before 2.0.0 are vulnerable to Remote Code ...)
- TODO: check
+ NOT-FOR-US: Eta
CVE-2022-25965
RESERVED
CVE-2022-25964
@@ -77396,7 +77395,7 @@ CVE-2022-25951
CVE-2022-25950
RESERVED
CVE-2022-25948 (The package liquidjs before 10.0.0 are vulnerable to Information Expos ...)
- TODO: check
+ NOT-FOR-US: Node liquidjs
CVE-2022-25947
RESERVED
CVE-2022-25945
@@ -77495,7 +77494,7 @@ CVE-2022-25892 (The package muhammara before 2.6.1, from 3.0.0 and before 3.1.1;
CVE-2022-25891 (The package github.com/containrrr/shoutrrr/pkg/util before 0.6.0 are v ...)
NOT-FOR-US: github.com/containrrr/shoutrrr/pkg/util
CVE-2022-25890 (All versions of the package wifey are vulnerable to Command Injection ...)
- TODO: check
+ NOT-FOR-US: wifey
CVE-2022-25888 (The package opcua from 0.0.0 are vulnerable to Denial of Service (DoS) ...)
NOT-FOR-US: Rust crate opcua
CVE-2022-25887 (The package sanitize-html before 2.7.1 are vulnerable to Regular Expre ...)
@@ -78109,7 +78108,7 @@ CVE-2022-25748 (Memory corruption in WLAN due to integer overflow to buffer over
CVE-2022-25747
RESERVED
CVE-2022-25746 (Memory corruption in kernel due to missing checks when updating the ac ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2022-25745
RESERVED
CVE-2022-25744
@@ -78125,41 +78124,41 @@ CVE-2022-25740
CVE-2022-25739
RESERVED
CVE-2022-25738 (Information disclosure in modem due to buffer over-red while performin ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2022-25737
RESERVED
CVE-2022-25736 (Denial of service in WLAN due to out-of-bound read happens while proce ...)
NOT-FOR-US: Qualcomm
CVE-2022-25735 (Denial of service in modem due to missing null check while processing ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2022-25734 (Denial of service in modem due to missing null check while processing ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2022-25733 (Denial of service in modem due to null pointer dereference while proce ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2022-25732 (Information disclosure in modem due to buffer over read in dns client ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2022-25731
RESERVED
CVE-2022-25730
RESERVED
CVE-2022-25729 (Memory corruption in modem due to improper length check while copying ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2022-25728 (Information disclosure in modem due to buffer over-read while processi ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2022-25727 (Memory Corruption in modem due to improper length check while copying ...)
NOT-FOR-US: Snapdragon
CVE-2022-25726
RESERVED
CVE-2022-25725 (Denial of service in MODEM due to improper pointer handling ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2022-25724 (Memory corruption in graphics due to buffer overflow while validating ...)
NOT-FOR-US: Snapdragon
CVE-2022-25723 (Memory corruption in multimedia due to use after free during callback ...)
NOT-FOR-US: Snapdragon
CVE-2022-25722 (Information exposure in DSP services due to improper handling of freei ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2022-25721 (Memory corruption in video driver due to type confusion error during v ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2022-25720 (Memory corruption in WLAN due to out of bound array access during conn ...)
NOT-FOR-US: Qualcomm
CVE-2022-25719 (Information disclosure in WLAN due to improper length check while proc ...)
@@ -78167,11 +78166,11 @@ CVE-2022-25719 (Information disclosure in WLAN due to improper length check whil
CVE-2022-25718 (Cryptographic issue in WLAN due to improper check on return value whil ...)
NOT-FOR-US: Qualcomm
CVE-2022-25717 (Memory corruption in display due to double free while allocating frame ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2022-25716 (Memory corruption in Multimedia Framework due to unsafe access to the ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2022-25715 (Memory corruption in display driver due to incorrect type casting whil ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2022-25714
RESERVED
CVE-2022-25713
@@ -78397,7 +78396,7 @@ CVE-2022-25633
CVE-2022-25632
RESERVED
CVE-2022-25631 (Symantec Endpoint Protection, prior to 14.3 RU6 (14.3.9210.6000), may ...)
- TODO: check
+ NOT-FOR-US: Symantec
CVE-2022-25630 (An authenticated user can embed malicious content with XSS into the ad ...)
NOT-FOR-US: Symantec Messaging Gateway
CVE-2022-25629 (An authenticated user who has the privilege to add/edit annotations on ...)
@@ -79317,7 +79316,7 @@ CVE-2022-0669 (A flaw was found in dpdk. This flaw allows a malicious vhost-user
NOTE: Introduced by: https://github.com/DPDK/dpdk/commit/d87f1a1cb7b666550bb53e39c1d85d9f7b861e6f (v19.11-rc1)
NOTE: Fixed by: https://github.com/DPDK/dpdk/commit/af74f7db384ed149fe42b21dbd7975f8a54ef227 (v22.03-rc4)
CVE-2022-0668 (JFrog Artifactory prior to 7.37.13 is vulnerable to Authentication Byp ...)
- TODO: check
+ NOT-FOR-US: JFrog Artifactory
CVE-2022-0667 (When the vulnerability is triggered the BIND process will exit. BIND 9 ...)
- bind9 1:9.18.1-1
[bullseye] - bind9 <not-affected> (Vulnerable code introduced later)
@@ -79535,7 +79534,7 @@ CVE-2022-0639 (Authorization Bypass Through User-Controlled Key in NPM url-parse
CVE-2022-0638 (Cross-Site Request Forgery (CSRF) in Packagist microweber/microweber p ...)
NOT-FOR-US: microweber
CVE-2022-0637 (There was an open redirection vulnerability pollbot, which was used in ...)
- TODO: check
+ NOT-FOR-US: pollbot
CVE-2022-0636 (A denial of service vulnerability was reported in Lenovo Thin Installe ...)
NOT-FOR-US: Lenovo
CVE-2022-0635 (Versions affected: BIND 9.18.0 When a vulnerable version of named rece ...)
@@ -80188,9 +80187,9 @@ CVE-2022-25029
CVE-2022-25028 (Home Owners Collection Management System v1.0 was discovered to contai ...)
NOT-FOR-US: Home Owners Collection Management System
CVE-2022-25027 (The Forgotten Password functionality of Rocket TRUfusion Portal v7.9.2 ...)
- TODO: check
+ NOT-FOR-US: Rocket TRUfusion Portal
CVE-2022-25026 (A Server-Side Request Forgery (SSRF) in Rocket TRUfusion Portal v7.9.2 ...)
- TODO: check
+ NOT-FOR-US: Rocket TRUfusion Portal
CVE-2022-25025
RESERVED
CVE-2022-25024
@@ -80268,7 +80267,7 @@ CVE-2022-24992 (A vulnerability in the component process.php of QR Code Generato
CVE-2022-24991
RESERVED
CVE-2022-24990 (TerraMaster NAS 4.2.29 and earlier allows remote attackers to discover ...)
- TODO: check
+ NOT-FOR-US: TerraMaster NAS
CVE-2022-24989
RESERVED
CVE-2022-24988 (In galois_2p8 before 0.1.2, PrimitivePolynomialField::new has an off-b ...)
@@ -82107,7 +82106,7 @@ CVE-2022-24412 (Dell EMC PowerScale OneFS 8.2.x - 9.3.0.x contain an improper ha
CVE-2022-24411 (Dell PowerScale OneFS 8.2.2 and above contain an elevation of privileg ...)
NOT-FOR-US: Dell PowerScale OneFS
CVE-2022-24410 (Dell BIOS contains an information exposure vulnerability. An unauthent ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2022-24409 (Dell BSAFE SSL-J contains remediation for a covert timing channel vuln ...)
NOT-FOR-US: Dell
CVE-2022-24380
@@ -82445,7 +82444,7 @@ CVE-2022-0481 (NULL Pointer Dereference in Homebrew mruby prior to 3.2. ...)
NOTE: https://huntr.dev/bounties/54725c8c-87f4-41b6-878c-01d8e0ee7027
NOTE: https://github.com/mruby/mruby/commit/ae3c99767a27f5c6c584162e2adc6a5d0eb2c54e
CVE-2022-24324 (A CWE-120: Buffer Copy without Checking Size of Input vulnerability ex ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2022-24323 (A CWE-754: Improper Check for Unusual or Exceptional Conditions vulner ...)
NOT-FOR-US: Schneider Electric
CVE-2022-24322 (A CWE-119: Improper Restriction of Operations within the Bounds of a M ...)
@@ -84940,7 +84939,7 @@ CVE-2022-0318 (Heap-based Buffer Overflow in vim/vim prior to 8.2. ...)
CVE-2022-0317 (An improper input validation vulnerability in go-attestation before 0. ...)
NOT-FOR-US: go-attestation
CVE-2022-0316 (The WeStand WordPress theme before 2.1, footysquare WordPress theme, a ...)
- TODO: check
+ NOT-FOR-US: WordPress theme
CVE-2022-0315 (Insecure Temporary File in GitHub repository horovod/horovod prior to ...)
NOT-FOR-US: horovod
CVE-2022-23779 (Zoho ManageEngine Desktop Central before 10.1.2137.8 exposes the insta ...)
@@ -85043,15 +85042,15 @@ CVE-2022-23743 (Check Point ZoneAlarm before version 15.8.200.19118 allows a loc
CVE-2022-23742 (Check Point Endpoint Security Client for Windows versions earlier than ...)
NOT-FOR-US: Check Point Enterprise Endpoint
CVE-2022-23741 (An incorrect authorization vulnerability was identified in GitHub Ente ...)
- TODO: check
+ NOT-FOR-US: GitHub Enterprise Server
CVE-2022-23740 (CRITICAL: An improper neutralization of argument delimiters in a comma ...)
- TODO: check
+ NOT-FOR-US: GitHub Enterprise Server
CVE-2022-23739 (An incorrect authorization vulnerability was identified in GitHub Ente ...)
- TODO: check
+ NOT-FOR-US: GitHub Enterprise Server
CVE-2022-23738 (An improper cache key vulnerability was identified in GitHub Enterpris ...)
NOT-FOR-US: GitHub Enterprise Server
CVE-2022-23737 (An improper privilege management vulnerability was identified in GitHu ...)
- TODO: check
+ NOT-FOR-US: GitHub Enterprise Server
CVE-2022-23736
RESERVED
CVE-2022-23735
@@ -85532,7 +85531,7 @@ CVE-2022-23534
CVE-2022-23533
RESERVED
CVE-2022-23532 (APOC (Awesome Procedures on Cypher) is an add-on library for Neo4j tha ...)
- TODO: check
+ NOT-FOR-US: APOC
CVE-2022-23531 (GuardDog is a CLI tool to identify malicious PyPI packages. Versions p ...)
NOT-FOR-US: GuardDog
CVE-2022-23530 (GuardDog is a CLI tool to identify malicious PyPI packages. Versions p ...)
@@ -85610,17 +85609,17 @@ CVE-2022-23512 (MeterSphere is a one-stop open source continuous testing platfor
CVE-2022-23511 (A privilege escalation issue exists within the Amazon CloudWatch Agent ...)
NOT-FOR-US: Amazon CloudWatch Agent
CVE-2022-23510 (cube-js is a headless business intelligence platform. In version 0.31. ...)
- TODO: check
+ NOT-FOR-US: cube-js
CVE-2022-23509 (Weave GitOps is a simple open source developer platform for people who ...)
- TODO: check
+ NOT-FOR-US: Weave GitOps
CVE-2022-23508 (Weave GitOps is a simple open source developer platform for people who ...)
- TODO: check
+ NOT-FOR-US: Weave GitOps
CVE-2022-23507 (Tendermint is a high-performance blockchain consensus engine for Byzan ...)
- TODO: check
+ NOT-FOR-US: Tendermint
CVE-2022-23506 (Spinnaker is an open source, multi-cloud continuous delivery platform ...)
- TODO: check
+ NOT-FOR-US: Spinnaker
CVE-2022-23505 (Passport-wsfed-saml2 is a ws-federation protocol and SAML2 tokens auth ...)
- TODO: check
+ NOT-FOR-US: Passport-wsfed-saml2
CVE-2022-23504 (TYPO3 is an open source PHP based web content management system. Versi ...)
NOT-FOR-US: Typo3
CVE-2022-23503 (TYPO3 is an open source PHP based web content management system. Versi ...)
@@ -85640,7 +85639,7 @@ CVE-2022-23497 (FreshRSS is a free, self-hostable RSS aggregator. User configura
CVE-2022-23496 (Yet Another UserAgent Analyzer (Yauaa) is a java library that tries to ...)
NOT-FOR-US: Yet Another UserAgent Analyzer (Yauaa)
CVE-2022-23495 (go-merkledag implements the 'DAGService' interface and adds two ipld n ...)
- TODO: check
+ NOT-FOR-US: go-merkledag
CVE-2022-23494 (tinymce is an open source rich text editor. A cross-site scripting (XS ...)
- tinymce <removed>
NOTE: https://github.com/tinymce/tinymce/commit/6923d85eba6de3e08ebc9c5a387b5abdaa21150e
@@ -85762,11 +85761,11 @@ CVE-2022-0299
CVE-2022-23456 (Potential arbitrary file deletion vulnerability has been identified in ...)
NOT-FOR-US: HP
CVE-2022-23455 (Potential security vulnerabilities have been identified in HP Support ...)
- TODO: check
+ NOT-FOR-US: HP
CVE-2022-23454 (Potential security vulnerabilities have been identified in HP Support ...)
- TODO: check
+ NOT-FOR-US: HP
CVE-2022-23453 (Potential security vulnerabilities have been identified in HP Support ...)
- TODO: check
+ NOT-FOR-US: HP
CVE-2022-23452 (An authorization flaw was found in openstack-barbican, where anyone wi ...)
- barbican 1:14.0.0~rc1-2
[bullseye] - barbican <no-dsa> (Minor issue)
@@ -86168,7 +86167,7 @@ CVE-2022-23336 (S-CMS v5.0 was discovered to contain a SQL injection vulnerabili
CVE-2022-23335 (Metinfo v7.5.0 was discovered to contain a SQL injection vulnerability ...)
NOT-FOR-US: Metinfo
CVE-2022-23334 (The Robot application in Ip-label Newtest before v8.5R0 was discovered ...)
- TODO: check
+ NOT-FOR-US: Ip-label Newtest
CVE-2022-23333
RESERVED
CVE-2022-23332 (Command injection vulnerability in Manual Ping Form (Web UI) in Shenzh ...)
@@ -86892,7 +86891,7 @@ CVE-2022-0225 (A flaw was found in Keycloak. This flaw allows a privileged attac
CVE-2022-0224 (dolibarr is vulnerable to Improper Neutralization of Special Elements ...)
- dolibarr <removed>
CVE-2022-0223 (A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ...)
- TODO: check
+ NOT-FOR-US: Schneider
CVE-2022-0222 (A CWE-269: Improper Privilege Management vulnerability exists that cou ...)
NOT-FOR-US: Modicon
CVE-2022-0221 (A CWE-611: Improper Restriction of XML External Entity Reference vulne ...)
@@ -87572,7 +87571,7 @@ CVE-2022-23007
CVE-2022-23006 (A stack-based buffer overflow vulnerability was found on Western Digit ...)
NOT-FOR-US: Western Digital
CVE-2022-23005 (Western Digital has identified a weakness in the UFS standard that cou ...)
- TODO: check
+ NOT-FOR-US: Western Digital
CVE-2022-23004 (When computing a shared secret or point multiplication on the NIST P-2 ...)
NOT-FOR-US: Western Digital
CVE-2022-23003 (When computing a shared secret or point multiplication on the NIST P-2 ...)
@@ -88771,9 +88770,9 @@ CVE-2021-46152 (A vulnerability has been identified in Simcenter Femap V2020.2 (
CVE-2021-46151 (A vulnerability has been identified in Simcenter Femap V2020.2 (All ve ...)
NOT-FOR-US: Siemens
CVE-2022-22732 (A CWE-668: Exposure of Resource to Wrong Sphere vulnerability exists t ...)
- TODO: check
+ NOT-FOR-US: Schneider
CVE-2022-22731 (A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ...)
- TODO: check
+ NOT-FOR-US: Schneider
CVE-2022-0144 (shelljs is vulnerable to Improper Privilege Management ...)
- node-shelljs 0.8.5+~cs0.8.10-1
[bullseye] - node-shelljs <no-dsa> (Minor issue)
@@ -92059,9 +92058,9 @@ CVE-2021-45469 (In __f2fs_setxattr in fs/f2fs/xattr.c in the Linux kernel throug
CVE-2021-45468 (Imperva Web Application Firewall (WAF) before 2021-12-23 allows remote ...)
NOT-FOR-US: Imperva Web Application Firewall
CVE-2021-45467 (In CWP (aka Control Web Panel or CentOS Web Panel) before 0.9.8.1107, ...)
- TODO: check
+ NOT-FOR-US: CentOS Web Panel
CVE-2021-45466 (In CWP (aka Control Web Panel or CentOS Web Panel) before 0.9.8.1107, ...)
- TODO: check
+ NOT-FOR-US: CentOS Web Panel
CVE-2021-45465
RESERVED
CVE-2021-4160 (There is a carry propagation bug in the MIPS32 and MIPS64 squaring pro ...)
@@ -92463,7 +92462,7 @@ CVE-2022-22090 (Memory corruption in audio due to use after free while managing
CVE-2022-22089 (Memory corruption in audio while playing record due to improper list h ...)
NOT-FOR-US: Qualcomm
CVE-2022-22088 (Memory corruption in Bluetooth HOST due to buffer overflow while parsi ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2022-22087 (memory corruption in video due to buffer overflow while parsing mkv cl ...)
NOT-FOR-US: Snapdragon
CVE-2022-22086 (Memory corruption in video due to double free while parsing 3gp clip w ...)
@@ -92481,7 +92480,7 @@ CVE-2022-22081 (Memory corruption in audio module due to integer overflow in Sna
CVE-2022-22080 (Improper validation of backend id in PCM routing process can lead to m ...)
NOT-FOR-US: Snapdragon
CVE-2022-22079 (Denial of service while processing fastboot flash command on mmc due t ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2022-22078 (Denial of service in BOOT when partition size for a particular partiti ...)
NOT-FOR-US: Snapdragon
CVE-2022-22077 (Memory corruption in graphics due to use-after-free in graphics dispat ...)
@@ -93692,7 +93691,7 @@ CVE-2021-45379 (Glewlwyd 2.0.0, fixed in 2.6.1 is affected by an incorrect acces
[buster] - glewlwyd <not-affected> (Vulnerable code introduced later)
NOTE: https://github.com/babelouest/glewlwyd/commit/125281f1c0d4b6a8b49f7e55a757205a2ef01fbe (v2.6.1)
CVE-2022-21953 (A Missing Authorization vulnerability in of SUSE Rancher allows authen ...)
- TODO: check
+ NOT-FOR-US: Rancher
CVE-2022-21952 (An Uncontrolled Resource Consumption vulnerability in spacewalk-java o ...)
NOT-FOR-US: Uyuni
CVE-2022-21951 (A Missing Encryption of Sensitive Data vulnerability in SUSE Rancher, ...)
@@ -93706,7 +93705,7 @@ CVE-2022-21949 (A Improper Restriction of XML External Entity Reference vulnerab
NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1197928
NOTE: https://github.com/coolo/xmlhash/commit/544e614e2674ad26b97a234baa013723c829b751 (1.3.8)
CVE-2022-21948 (An Improper Neutralization of Input During Web Page Generation ('Cross ...)
- TODO: check
+ NOT-FOR-US: OpenSuSE paste
CVE-2022-21947 (A Improper Access Control vulnerability in Rancher Desktop of SUSE all ...)
NOT-FOR-US: Rancher
CVE-2022-21946 (A Improper Privilege Management vulnerability in the sudoers configura ...)
@@ -93740,9 +93739,9 @@ CVE-2022-21942
CVE-2022-21941 (All versions of iSTAR Ultra prior to version 6.8.9.CU01 are vulnerable ...)
NOT-FOR-US: Sensormatic Electronics, LLC
CVE-2022-21940 (Sensitive Cookie in HTTPS Session Without 'Secure' Attribute vulnerabi ...)
- TODO: check
+ NOT-FOR-US: Johnson Controls
CVE-2022-21939 (Sensitive Cookie Without 'HttpOnly' Flag vulnerability in Johnson Cont ...)
- TODO: check
+ NOT-FOR-US: Johnson Controls
CVE-2022-21938 (Under certain circumstances, a vulnerability in Metasys ADS/ADX/OAS 10 ...)
NOT-FOR-US: Metasys
CVE-2022-21937 (Under certain circumstances, a vulnerability in Metasys ADS/ADX/OAS 10 ...)
@@ -95028,7 +95027,7 @@ CVE-2022-21175
CVE-2022-21171
RESERVED
CVE-2022-21163 (Improper access control in the Crypto API Toolkit for Intel(R) SGX bef ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-21162
RESERVED
CVE-2022-21161
@@ -96466,7 +96465,7 @@ CVE-2021-4034 (A local privilege escalation vulnerability was found on polkit's
CVE-2021-4033 (kimai2 is vulnerable to Cross-Site Request Forgery (CSRF) ...)
NOT-FOR-US: kimai2
CVE-2019-25053 (A path traversal vulnerability exists in Sage FRP 1000 before November ...)
- TODO: check
+ NOT-FOR-US: Sage
CVE-2021-44353
RESERVED
CVE-2021-44352 (A Stack-based Buffer Overflow vulnerability exists in the Tenda AC15 V ...)
@@ -98514,7 +98513,7 @@ CVE-2021-43775 (Aim is an open-source, self-hosted machine learning experiment t
CVE-2021-3967 (Improper Access Control in GitHub repository zulip/zulip prior to 4.10 ...)
- zulip-server <itp> (bug #800052)
CVE-2021-3966 (usb device bluetooth class includes a buffer overflow related to imple ...)
- TODO: check
+ NOT-FOR-US: Zephyr
CVE-2021-3965 (Certain HP DesignJet products may be vulnerable to unauthenticated HTT ...)
NOT-FOR-US: HP
CVE-2021-43774 (A risky-algorithm issue was discovered on Fujifilm DocuCentre-VI C4471 ...)
@@ -99717,7 +99716,7 @@ CVE-2021-43659 (In halo 1.4.14, the function point of uploading the avatar, any
CVE-2021-43658
RESERVED
CVE-2021-43657 (A Stored Cross-site scripting (XSS) vulnerability via MAster.php in So ...)
- TODO: check
+ NOT-FOR-US: Sourcecodetester Simple Client Management System
CVE-2021-43656
RESERVED
CVE-2021-43655
@@ -100436,17 +100435,17 @@ CVE-2021-43451 (SQL Injection vulnerability exists in PHPGURUKUL Employee Record
CVE-2021-43450
RESERVED
CVE-2021-43449 (ONLYOFFICE all versions as of 2021-11-08 is vulnerable to Server-Side ...)
- TODO: check
+ NOT-FOR-US: ONLYOFFICE
CVE-2021-43448 (ONLYOFFICE all versions as of 2021-11-08 is vulnerable to Improper Inp ...)
- TODO: check
+ NOT-FOR-US: ONLYOFFICE
CVE-2021-43447 (ONLYOFFICE all versions as of 2021-11-08 is affected by Incorrect Acce ...)
- TODO: check
+ NOT-FOR-US: ONLYOFFICE
CVE-2021-43446 (ONLYOFFICE all versions as of 2021-11-08 is vulnerable to Cross Site S ...)
- TODO: check
+ NOT-FOR-US: ONLYOFFICE
CVE-2021-43445 (ONLYOFFICE all versions as of 2021-11-08 is affected by Incorrect Acce ...)
- TODO: check
+ NOT-FOR-US: ONLYOFFICE
CVE-2021-43444 (ONLYOFFICE all versions as of 2021-11-08 is affected by Incorrect Acce ...)
- TODO: check
+ NOT-FOR-US: ONLYOFFICE
CVE-2021-43443
RESERVED
CVE-2021-43442 (A Logic Flaw vulnerability exists in i3 International Inc Annexxus Cam ...)
@@ -100574,7 +100573,7 @@ CVE-2021-43398 (** DISPUTED ** Crypto++ (aka Cryptopp) 8.6.0 and earlier contain
CVE-2021-43397 (LiquidFiles before 3.6.3 allows remote attackers to elevate their priv ...)
NOT-FOR-US: LiquidFiles
CVE-2021-43395 (An issue was discovered in illumos before f859e7171bb5db34321e45585839 ...)
- TODO: check
+ NOT-FOR-US: Illumos
CVE-2021-43394 (Unisys OS 2200 Messaging Integration Services (NTSI) 7R3B IC3 and IC4, ...)
NOT-FOR-US: Unisys
CVE-2021-43393 (STMicroelectronics STSAFE-J 1.1.4, J-SAFE3 1.2.5, and J-SIGN sometimes ...)
@@ -101266,13 +101265,13 @@ CVE-2022-20969 (A vulnerability in multiple management dashboard pages of Cisco
CVE-2022-20968 (A vulnerability in the Cisco Discovery Protocol processing feature of ...)
NOT-FOR-US: Cisco
CVE-2022-20967 (A vulnerability in the web-based management interface of Cisco Identit ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2022-20966 (A vulnerability in the web-based management interface of Cisco Identit ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2022-20965 (A vulnerability in the web-based management interface of Cisco Identit ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2022-20964 (A vulnerability in the web-based management interface of Cisco Identit ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2022-20963 (A vulnerability in the web-based management interface of Cisco Identit ...)
NOT-FOR-US: Cisco
CVE-2022-20962 (A vulnerability in the Localdisk Management feature of Cisco Identity ...)
@@ -102409,7 +102408,7 @@ CVE-2021-43076 (An improper privilege management vulnerability [CWE-269] in Fort
CVE-2021-43075 (A improper neutralization of special elements used in an os command (' ...)
NOT-FOR-US: FortiGuard
CVE-2021-43074 (An improper verification of cryptographic signature vulnerability [CWE ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2021-43073 (A improper neutralization of special elements used in an os command (' ...)
NOT-FOR-US: FortiGuard
CVE-2021-43072
@@ -102970,7 +102969,6 @@ CVE-2021-3902
- php-dompdf 2.0.2+dfsg-1
NOTE: https://github.com/dompdf/dompdf/issues/2564
NOTE: https://huntr.dev/bounties/a6071c07-806f-429a-8656-a4742e4191b1
- TODO: check details, introducing version
CVE-2021-3901 (firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF) ...)
NOT-FOR-US: firefly-iii
CVE-2021-3900 (firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF) ...)
@@ -103216,7 +103214,7 @@ CVE-2021-42762 (BubblewrapLauncher.cpp in WebKitGTK and WPE WebKit before 2.34.1
NOTE: https://bugs.webkit.org/show_bug.cgi?id=231479
NOTE: https://github.com/flatpak/flatpak/security/advisories/GHSA-67h7-w3jq-vh4q
CVE-2021-42761 (A condition for session fixation vulnerability [CWE-384] in the sessio ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2021-42760 (A improper neutralization of special elements used in an sql command ( ...)
NOT-FOR-US: FortiGuard
CVE-2021-42759 (A violation of secure design principles in Fortinet Meru AP version 8. ...)
@@ -103226,7 +103224,7 @@ CVE-2021-42758 (An improper access control vulnerability [CWE-284] in FortiWLC 8
CVE-2021-42757 (A buffer overflow [CWE-121] in the TFTP client library of FortiOS befo ...)
NOT-FOR-US: FortiGuard
CVE-2021-42756 (Multiple stack-based buffer overflow vulnerabilities [CWE-121] in the ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2021-42755 (An integer overflow / wraparound vulnerability [CWE-190] in FortiSwitc ...)
NOT-FOR-US: Fortinet
CVE-2021-42754 (An improper control of generation of code vulnerability [CWE-94] in Fo ...)
@@ -104175,7 +104173,7 @@ CVE-2022-20460 (In (TBD) mprot_unmap? of (TBD), there is a possible way to corru
CVE-2022-20459 (In (TBD) of (TBD), there is a possible way to redirect code execution ...)
NOT-FOR-US: Google Pixel
CVE-2022-20458 (The logs of sensitive information (PII) or hardware identifier should ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2022-20457 (In getMountModeInternal of StorageManagerService.java, there is a poss ...)
NOT-FOR-US: Android
CVE-2022-20456 (In AutomaticZenRule of AutomaticZenRule.java, there is a possible fail ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7d15821877e3905713a640d88a8b5f0223a8721b
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7d15821877e3905713a640d88a8b5f0223a8721b
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230217/da2bb1d9/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list