Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 1af50de8 by Salvatore Bonaccorso at 2022-01-04T21:32:13+01:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -661,7 +661,7 @@ CVE-2022-22295 CVE-2022-22294 RESERVED CVE-2022-0086 (uppy is vulnerable to Server-Side Request Forgery (SSRF) ...) - TODO: check + NOT-FOR-US: Node uppy CVE-2022-0085 RESERVED CVE-2022-0084 @@ -984,11 +984,11 @@ CVE-2021-45982 CVE-2021-45981 RESERVED CVE-2021-45980 (Foxit PDF Reader and PDF Editor before 11.1 on macOS allow remote atta ...) - TODO: check + NOT-FOR-US: Foxit CVE-2021-45979 (Foxit PDF Reader and PDF Editor before 11.1 on macOS allow remote atta ...) - TODO: check + NOT-FOR-US: Foxit CVE-2021-45978 (Foxit PDF Reader and PDF Editor before 11.1 on macOS allow remote atta ...) - TODO: check + NOT-FOR-US: Foxit CVE-2021-45977 RESERVED CVE-2021-45976 @@ -1445,9 +1445,9 @@ CVE-2021-4188 (mruby is vulnerable to NULL Pointer Dereference ...) NOTE: https://huntr.dev/bounties/78533fb9-f3e0-47c2-86dc-d1f96d5bea28 NOTE: Fixed by: https://github.com/mruby/mruby/commit/27d1e0132a0804581dca28df042e7047fd27eaa8 CVE-2021-45913 (A hardcoded key in ControlUp Real-Time Agent (cuAgent.exe) before 8.2. ...) - TODO: check + NOT-FOR-US: ControlUp Real-Time Agent CVE-2021-45912 (An unauthenticated Named Pipe channel in Controlup Real-Time Agent (cu ...) - TODO: check + NOT-FOR-US: ControlUp Real-Time Agent CVE-2021-44775 RESERVED CVE-2021-44465 @@ -3156,7 +3156,7 @@ CVE-2021-45391 CVE-2021-45390 RESERVED CVE-2021-45389 (StarWind SAN & NAS build 1578 and StarWind Command Center Build 68 ...) - TODO: check + NOT-FOR-US: StarWind CVE-2021-45388 RESERVED CVE-2021-45387 @@ -6959,7 +6959,7 @@ CVE-2021-44170 CVE-2021-44169 RESERVED CVE-2021-44168 (A download of code without integrity check vulnerability in the "execu ...) - TODO: check + NOT-FOR-US: FortiGuard CVE-2021-44167 RESERVED CVE-2021-44166 @@ -7959,9 +7959,9 @@ CVE-2021-43860 CVE-2021-43859 RESERVED CVE-2021-43858 (MinIO is a Kubernetes native application for cloud storage. Prior to v ...) - TODO: check + NOT-FOR-US: MinIO CVE-2021-43857 (Gerapy is a distributed crawler management framework. Gerapy prior to ...) - TODO: check + NOT-FOR-US: Gerapy CVE-2021-43856 (Wiki.js is a wiki app built on Node.js. Wiki.js 2.5.263 and earlier is ...) NOT-FOR-US: Wiki.js CVE-2021-43855 (Wiki.js is a wiki app built on node.js. Wiki.js 2.5.263 and earlier is ...) @@ -9125,7 +9125,7 @@ CVE-2021-43713 CVE-2021-43712 RESERVED CVE-2021-43711 (The downloadFlile.cgi binary file in TOTOLINK EX200 V4.0.3c.7646_B2020 ...) - TODO: check + NOT-FOR-US: TOTOLINK CVE-2021-43710 RESERVED CVE-2021-43709 @@ -15962,7 +15962,7 @@ CVE-2021-3846 (firefly-iii is vulnerable to Unrestricted Upload of File with Dan CVE-2021-23139 (A null pointer vulnerability in Trend Micro Apex One and Worry-Free Bu ...) NOT-FOR-US: Trend Micro CVE-2021-3845 (ws-scrcpy is vulnerable to External Control of File Name or Path ...) - TODO: check + NOT-FOR-US: ws-scrcpy CVE-2021-41832 (It is possible for an attacker to manipulate documents to appear to be ...) NOT-FOR-US: Apache OpenOffice CVE-2021-41831 (It is possible for an attacker to manipulate the timestamp of signed d ...) @@ -17410,7 +17410,7 @@ CVE-2021-41238 (Hangfire is an open source system to perform background job proc CVE-2021-41237 RESERVED CVE-2021-41236 (OroPlatform is a PHP Business Application Platform. In affected versio ...) - TODO: check + NOT-FOR-US: OroPlatform CVE-2021-41235 RESERVED CVE-2021-41234 @@ -20495,9 +20495,9 @@ CVE-2021-39976 (There is a privilege escalation vulnerability in CloudEngine 580 CVE-2021-39975 (Hilinksvc has a Data Processing Errors vulnerability.Successful exploi ...) TODO: check CVE-2021-39974 (There is an Out-of-bounds read in Smartphones.Successful exploitation ...) - TODO: check + NOT-FOR-US: Huawei CVE-2021-39973 (There is a Null pointer dereference in Smartphones.Successful exploita ...) - TODO: check + NOT-FOR-US: Huawei CVE-2021-39972 (MyHuawei-App has a Exposure of Sensitive Information to an Unauthorize ...) TODO: check CVE-2021-39971 (Password vault has a External Control of System or Configuration Setti ...) @@ -22593,7 +22593,7 @@ CVE-2021-39144 (XStream is a simple library to serialize objects to XML and back NOTE: https://github.com/x-stream/xstream/security/advisories/GHSA-j9h8-phrw-h4fh NOTE: https://x-stream.github.io/CVE-2021-39144.html CVE-2021-39143 (Spinnaker is an open source, multi-cloud continuous delivery platform. ...) - TODO: check + NOT-FOR-US: Spinnaker CVE-2021-39142 RESERVED CVE-2021-39141 (XStream is a simple library to serialize objects to XML and back again ...) @@ -23564,7 +23564,7 @@ CVE-2021-38690 CVE-2021-38689 RESERVED CVE-2021-38688 (An improper authentication vulnerability has been reported to affect A ...) - TODO: check + NOT-FOR-US: QNAP CVE-2021-38687 (A stack buffer overflow vulnerability has been reported to affect QNAP ...) NOT-FOR-US: QNAP CVE-2021-38686 (An improper authentication vulnerability has been reported to affect Q ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1af50de81857db32d22c9ce6163c64c2db74ed69 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1af50de81857db32d22c9ce6163c64c2db74ed69 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits