Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
d93da876 by Salvatore Bonaccorso at 2022-01-08T09:25:32+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -17,7 +17,7 @@ CVE-2022-22822 (addBinding in xmlparse.c in Expat (aka
libexpat) before 2.4.3 ha
- expat <unfixed>
NOTE: https://github.com/libexpat/libexpat/pull/539
CVE-2022-22821 (NVIDIA NeMo before 1.6.0 contains a vulnerability in ASR
WebApp, in wh ...)
- TODO: check
+ NOT-FOR-US: NVIDIA NeMo
CVE-2022-22820
RESERVED
CVE-2022-22819
@@ -340,9 +340,9 @@ CVE-2022-22704 (The zabbix-agent2 package before 5.4.9-r1
for Alpine Linux somet
CVE-2022-22703
RESERVED
CVE-2022-22702 (PartKeepr versions up to v1.4.0, in the functionality to
upload attach ...)
- TODO: check
+ NOT-FOR-US: PartKeepr
CVE-2022-22701 (PartKeepr versions up to v1.4.0, loads attachments using a URL
while c ...)
- TODO: check
+ NOT-FOR-US: PartKeepr
CVE-2022-22700
RESERVED
CVE-2022-22699
@@ -1911,17 +1911,17 @@ CVE-2022-22290
CVE-2022-22289 (Improper access control vulnerability in S Assistant prior to
version ...)
TODO: check
CVE-2022-22288 (Improper authorization vulnerability in Galaxy Store prior to
4.5.36.5 ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-22287 (Abitrary file access vulnerability in Samsung Email prior to
6.1.60.16 ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-22286 (A vulnerability using PendingIntent in Bixby Routines prior to
version ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-22285 (A vulnerability using PendingIntent in Reminder prior to
version 12.2. ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-22284 (Improper authentication vulnerability in Samsung Internet
prior to 16. ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-22283 (Improper session management vulnerability in Samsung Health
prior to 6 ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2021-45732 (Netgear Nighthawk R6700 version 1.0.4.120 makes use of a
hardcoded cre ...)
NOT-FOR-US: Netgear
CVE-2021-45077 (Netgear Nighthawk R6700 version 1.0.4.120 stores sensitive
information ...)
@@ -1967,25 +1967,25 @@ CVE-2022-22274
CVE-2022-22273
RESERVED
CVE-2022-22272 (Improper authorization in TelephonyManager prior to SMR
Jan-2022 Relea ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-22271 (A missing input validation before memory copy in TIMA trustlet
prior t ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-22270 (An implicit Intent hijacking vulnerability in Dialer prior to
SMR Jan- ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-22269 (Keeping sensitive data in unprotected
BluetoothSettingsProvider prior ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-22268 (Incorrect implementation of Knox Guard prior to SMR Jan-2022
Release 1 ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-22267 (Implicit Intent hijacking vulnerability in
ActivityMetricsLogger prior ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-22266 ((Applicable to China models only) Unprotected
WifiEvaluationService in ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-22265 (An improper check or handling of exceptional conditions in NPU
driver ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-22264 (Improper sanitization of incoming intent in Dressroom prior to
SMR Jan ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-22263 (Unprotected dynamic receiver in SecSettings prior to SMR
Jan-2022 Rele ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2021-45919
RESERVED
CVE-2021-4190 (Large loop in the Kafka dissector in Wireshark 3.6.0 allows
denial of ...)
@@ -5768,7 +5768,7 @@ CVE-2022-21825
CVE-2022-21824
RESERVED
CVE-2022-21823 (A insecure storage of sensitive information vulnerability
exists in Iv ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2021-44831
RESERVED
CVE-2021-44830
@@ -21125,49 +21125,49 @@ CVE-2021-40041 (There is a Cross-Site Scripting(XSS)
vulnerability in HUAWEI WS3
CVE-2021-40040
RESERVED
CVE-2021-40039 (There is a Null pointer dereference vulnerability in the
camera module ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2021-40038 (There is a Double free vulnerability in the AOD module in
smartphones. ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2021-40037 (There is a Vulnerability of accessing resources using an
incompatible ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2021-40036
RESERVED
CVE-2021-40035 (There is a Buffer overflow vulnerability due to a boundary
error with ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2021-40034
RESERVED
CVE-2021-40033
RESERVED
CVE-2021-40032 (The bone voice ID TA has a vulnerability in information
management,Suc ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2021-40031 (There is a Null pointer dereference vulnerability in the
camera module ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2021-40030
RESERVED
CVE-2021-40029 (There is a Buffer overflow vulnerability due to a boundary
error with ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2021-40028 (The eID module has an out-of-bounds memory write
vulnerability,Success ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2021-40027 (The bone voice ID TA has a vulnerability in calculating the
buffer len ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2021-40026 (There is a Heap-based buffer overflow vulnerability in the AOD
module ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2021-40025 (The eID module has a vulnerability that causes the memory to
be used w ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2021-40024
RESERVED
CVE-2021-40023
RESERVED
CVE-2021-40022 (The weaver module has a vulnerability in parameter type
verification,S ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2021-40021 (The eID module has an out-of-bounds memory write
vulnerability,Success ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2021-40020 (There is an Out-of-bounds array read vulnerability in the
security sto ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2021-40019
RESERVED
CVE-2021-40018 (The eID module has a null pointer reference vulnerability.
Successful ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2021-40017
RESERVED
CVE-2021-40016
@@ -21175,57 +21175,57 @@ CVE-2021-40016
CVE-2021-40015
RESERVED
CVE-2021-40014 (The bone voice ID trusted application (TA) has a heap overflow
vulnera ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2021-40013
RESERVED
CVE-2021-40012
RESERVED
CVE-2021-40011 (There is an Uncontrolled resource consumption vulnerability in
the dis ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2021-40010 (The bone voice ID trusted application (TA) has a heap overflow
vulnera ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2021-40009 (There is an Out-of-bounds write vulnerability in the AOD
module in sma ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2021-40008 (There is a memory leak vulnerability in CloudEngine 12800
V200R019C00S ...)
NOT-FOR-US: Huawei
CVE-2021-40007 (There is an information leak vulnerability in eCNS280_TD
V100R005C10SP ...)
NOT-FOR-US: Huawei
CVE-2021-40006 (The fingerprint module has a security risk of brute force
cracking. Su ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2021-40005 (The distributed data service component has a vulnerability in
data acc ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2021-40004 (The cellular module has a vulnerability in permission
management. Succ ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2021-40003 (HwPCAssistant has a path traversal vulnerability. Successful
exploitat ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2021-40002 (The Bluetooth module has an out-of-bounds write vulnerability.
Success ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2021-40001 (The CaasKit module has a path traversal vulnerability.
Successful expl ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2021-40000 (The Bluetooth module has an out-of-bounds write vulnerability.
Success ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2021-39999
RESERVED
CVE-2021-39998 (There is Vulnerability of APIs being concurrently called for
multiple ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2021-39997
RESERVED
CVE-2021-39996 (There is a Heap-based buffer overflow vulnerability with the
NFC modul ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2021-39995 (Some Huawei products use the OpenHpi software for hardware
management. ...)
NOT-FOR-US: Huawei
CVE-2021-39994
RESERVED
CVE-2021-39993 (There is an Integer overflow vulnerability with ACPU in
smartphones. S ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2021-39992
RESERVED
CVE-2021-39991
RESERVED
CVE-2021-39990 (The screen lock module has a Stack-based Buffer Overflow
vulnerability ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2021-39989 (The HwNearbyMain module has a Exposure of Sensitive
Information to an ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2021-39988 (The HwNearbyMain module has a NULL Pointer Dereference
vulnerability.S ...)
NOT-FOR-US: Huawei
CVE-2021-39987 (The HwNearbyMain module has a Data Processing Errors
vulnerability.Suc ...)
@@ -29257,19 +29257,19 @@ CVE-2021-36726
CVE-2021-36725
RESERVED
CVE-2021-36724 (ForeScout - SecureConnector Local Service DoS - A low
privilaged user ...)
- TODO: check
+ NOT-FOR-US: ForeScout - SecureConnector
CVE-2021-36723 (Emuse - eServices / eNvoice Exposure Of Private Personal
Information d ...)
- TODO: check
+ NOT-FOR-US: Emuse - eServices / eNvoice
CVE-2021-36722 (Emuse - eServices / eNvoice SQL injection can be used in
various ways ...)
- TODO: check
+ NOT-FOR-US: Emuse - eServices / eNvoice
CVE-2021-36721 (Sysaid API User Enumeration - Attacker sending requests to
specific ap ...)
- TODO: check
+ NOT-FOR-US: Sysaid API
CVE-2021-36720 (PineApp - Mail Secure - Attacker sending a request to
:/blocking.php?u ...)
NOT-FOR-US: PineApp - Mail Secure
CVE-2021-36719 (PineApp - Mail Secure - The attacker must be logged in as a
user to th ...)
NOT-FOR-US: PineApp - Mail Secure
CVE-2021-36718 (SYNEL - eharmonynew / Synel Reports - The attacker can log in
to the s ...)
- TODO: check
+ NOT-FOR-US: SYNEL - eharmonynew / Synel Reports
CVE-2021-36717 (Synerion TimeNet version 9.21 contains a directory traversal
vulnerabi ...)
NOT-FOR-US: Synerion TimeNet
CVE-2021-36716 (A ReDoS (regular expression denial of service) flaw was found
in the S ...)
@@ -32729,7 +32729,7 @@ CVE-2021-35249
CVE-2021-35248 (It has been reported that any Orion user, e.g. guest accounts
can quer ...)
NOT-FOR-US: SolarWinds
CVE-2021-35247 (Serv-U web login screen was allowing characters that were not
sanitize ...)
- TODO: check
+ NOT-FOR-US: SolarWinds
CVE-2021-35246
RESERVED
CVE-2021-35245 (When a user has admin rights in Serv-U Console, the user can
move, cre ...)
@@ -38059,11 +38059,11 @@ CVE-2021-33000 (Parsing a maliciously crafted project
file may cause a heap-base
CVE-2021-32999 (Improper handling of exceptional conditions in SuiteLink
server while ...)
NOT-FOR-US: Suitelink
CVE-2021-32998 (The FANUC R-30iA and R-30iB series controllers are vulnerable
to an ou ...)
- TODO: check
+ NOT-FOR-US: FANUC
CVE-2021-32997
RESERVED
CVE-2021-32996 (The FANUC R-30iA and R-30iB series controllers are vulnerable
to integ ...)
- TODO: check
+ NOT-FOR-US: FANUC
CVE-2021-32995 (Cscape (All Versions prior to 9.90 SP5) lacks proper
validation of use ...)
NOT-FOR-US: Cscape
CVE-2021-32994
@@ -69885,17 +69885,17 @@ CVE-2021-20875 (Open redirect vulnerability in
GroupSession Free edition ver5.1.
CVE-2021-20874 (Incorrect permission assignment for critical resource
vulnerability in ...)
NOT-FOR-US: GroupSession
CVE-2021-20873 (Yappli is an application development platform which provides
the funct ...)
- TODO: check
+ NOT-FOR-US: Yappli
CVE-2021-20872 (Protection mechanism failure vulnerability in KONICA MINOLTA
bizhub se ...)
- TODO: check
+ NOT-FOR-US: KONICA MINOLTA
CVE-2021-20871 (Exposure of sensitive information to an unauthorized actor
vulnerabili ...)
- TODO: check
+ NOT-FOR-US: KONICA MINOLTA
CVE-2021-20870 (Improper handling of exceptional conditions vulnerability in
KONICA MI ...)
- TODO: check
+ NOT-FOR-US: KONICA MINOLTA
CVE-2021-20869 (Exposure of sensitive information to an unauthorized actor
vulnerabili ...)
- TODO: check
+ NOT-FOR-US: KONICA MINOLTA
CVE-2021-20868 (Incorrect authorization vulnerability in KONICA MINOLTA bizhub
series ...)
- TODO: check
+ NOT-FOR-US: KONICA MINOLTA
CVE-2021-20867 (Advanced Custom Fields versions prior to 5.11 and Advanced
Custom Fiel ...)
NOT-FOR-US: WordPress plugin
CVE-2021-20866 (Advanced Custom Fields versions prior to 5.11 and Advanced
Custom Fiel ...)
@@ -72261,11 +72261,11 @@ CVE-2021-20050 (An Improper Access Control
Vulnerability in the SMA100 series le
CVE-2021-20049 (A vulnerability in SonicWall SMA100 password change API allows
a remot ...)
NOT-FOR-US: SonicWall
CVE-2021-20048 (A Stack-based buffer overflow in the SonicOS SessionID HTTP
response h ...)
- TODO: check
+ NOT-FOR-US: Sonicwall
CVE-2021-20047 (SonicWall Global VPN client version 4.10.6 (32-bit and 64-bit)
and ear ...)
NOT-FOR-US: SonicWall
CVE-2021-20046 (A Stack-based buffer overflow in the SonicOS HTTP
Content-Length respo ...)
- TODO: check
+ NOT-FOR-US: Sonicwall
CVE-2021-20045 (A buffer overflow vulnerability in SMA100 sonicfiles
RAC_COPY_TO (RacN ...)
NOT-FOR-US: SonicWall
CVE-2021-20044 (A post-authentication remote command injection vulnerability
in SonicW ...)
@@ -76051,7 +76051,7 @@ CVE-2020-29294
CVE-2020-29293
RESERVED
CVE-2020-29292 (iBall WRD12EN 1.0.0 devices allow cross-site request forgery
(CSRF) at ...)
- TODO: check
+ NOT-FOR-US: iBall WRD12EN
CVE-2020-29291
RESERVED
CVE-2020-29290
@@ -96282,7 +96282,7 @@ CVE-2020-22063
CVE-2020-22062
RESERVED
CVE-2020-22061 (SUPERAntispyware v8.0.0.1050 was discovered to contain an
issue in the ...)
- TODO: check
+ NOT-FOR-US: SUPERAntispyware
CVE-2020-22060
RESERVED
CVE-2020-22059
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d93da876c00904ed64e12eddb526f4be6523204b
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d93da876c00904ed64e12eddb526f4be6523204b
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
