diff options
author | Salvatore Bonaccorso <carnil@debian.org> | 2022-05-19 23:15:04 +0200 |
---|---|---|
committer | Salvatore Bonaccorso <carnil@debian.org> | 2022-05-19 23:16:01 +0200 |
commit | 050898978bc2996e81fcd7a68e7c091bf0691fd2 (patch) | |
tree | 4891196f4557bfcf14c27f310fb794672c644698 | |
parent | 90d887e936c0eb4068f88bfb557d096baf99a276 (diff) |
Process some NFUs
-rw-r--r-- | data/CVE/list | 42 |
1 files changed, 21 insertions, 21 deletions
diff --git a/data/CVE/list b/data/CVE/list index bc5987beb5..2705c7538a 100644 --- a/data/CVE/list +++ b/data/CVE/list @@ -1493,9 +1493,9 @@ CVE-2022-30620 CVE-2022-30619 RESERVED CVE-2022-30618 (An authenticated user with access to the Strapi admin panel can view p ...) - TODO: check + NOT-FOR-US: Strapi CVE-2022-30617 (An authenticated user with access to the Strapi admin panel can view p ...) - TODO: check + NOT-FOR-US: Strapi CVE-2022-29525 RESERVED CVE-2022-28704 @@ -1776,7 +1776,7 @@ CVE-2022-26344 CVE-2022-25976 RESERVED CVE-2022-1670 (When generating a user invitation code in Octopus Server, the validity ...) - TODO: check + NOT-FOR-US: Octopus Server CVE-2022-1669 RESERVED CVE-2022-1668 @@ -3224,7 +3224,7 @@ CVE-2022-30020 CVE-2022-30019 RESERVED CVE-2022-30018 (Mobotix Control Center (MxCC) through 2.5.4.5 has Insufficiently Prote ...) - TODO: check + NOT-FOR-US: Mobotix Control Center (MxCC) CVE-2022-30017 RESERVED CVE-2022-30016 @@ -4996,13 +4996,13 @@ CVE-2022-29451 (Cross-Site Request Forgery (CSRF) leading to Arbitrary File Uplo CVE-2022-29450 RESERVED CVE-2022-29449 (Authenticated (contributor or higher user role) Stored Cross-Site Scri ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-29448 RESERVED CVE-2022-29447 RESERVED CVE-2022-29446 (Authenticated (administrator or higher role) Local File Inclusion (LFI ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-29445 (Authenticated (administrator or higher role) Local File Inclusion (LFI ...) NOT-FOR-US: WordPress plugin CVE-2022-29444 (Plugin Settings Change leading to Cross-Site Scripting (XSS) vulnerabi ...) @@ -7855,11 +7855,11 @@ CVE-2021-46780 (The Easy Google Maps WordPress plugin before 1.9.32 does not esc CVE-2022-28351 RESERVED CVE-2022-28350 (Arm Mali GPU Kernel Driver allows improper GPU operations in Valhall r ...) - TODO: check + NOT-FOR-US: ARM Mali GPU driver CVE-2022-28349 (Arm Mali GPU Kernel Driver has a use-after-free: Midgard r28p0 through ...) - TODO: check + NOT-FOR-US: ARM Mali GPU driver CVE-2022-28348 (Arm Mali GPU Kernel Driver (Midgard r4p0 through r31p0, Bifrost r0p0 t ...) - TODO: check + NOT-FOR-US: ARM Mali GPU driver CVE-2022-28347 (A SQL injection issue was discovered in QuerySet.explain() in Django 2 ...) - python-django 2:3.2.13-1 (bug #1009677) [stretch] - python-django <not-affected> (Vulnerable code not present) @@ -9281,7 +9281,7 @@ CVE-2022-27949 CVE-2022-27948 (** DISPUTED ** Certain Tesla vehicles through 2022-03-26 allow attacke ...) NOT-FOR-US: Tesla CVE-2022-1110 (A buffer overflow vulnerability in Lenovo Smart Standby Driver prior t ...) - TODO: check + NOT-FOR-US: Lenovo CVE-2022-1109 RESERVED CVE-2022-1108 (A potential vulnerability due to improper buffer validation in the SMI ...) @@ -34498,7 +34498,7 @@ CVE-2021-3971 (A potential vulnerability by a driver used during older manufactu CVE-2021-3970 (A potential vulnerability in LenovoVariable SMI Handler due to insuffi ...) NOT-FOR-US: Lenovo CVE-2021-3969 (A Time of Check Time of Use (TOCTOU) vulnerability was reported in IMC ...) - TODO: check + NOT-FOR-US: Lenovo CVE-2021-3968 (vim is vulnerable to Heap-based Buffer Overflow ...) - vim 2:8.2.3995-1 (bug #1001900) [bullseye] - vim <no-dsa> (Minor issue) @@ -36236,9 +36236,9 @@ CVE-2022-21151 (Processor optimization removal or modification of security-criti CVE-2022-21138 RESERVED CVE-2022-21136 (Improper input validation for some Intel(R) Xeon(R) Processors may all ...) - TODO: check + NOT-FOR-US: Intel CVE-2022-21131 (Improper access control for some Intel(R) Xeon(R) Processors may allow ...) - TODO: check + NOT-FOR-US: Intel CVE-2021-3960 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...) NOT-FOR-US: Bitdefender CVE-2021-3959 (A Server-Side Request Forgery (SSRF) vulnerability in the EPPUpdateSer ...) @@ -36600,7 +36600,7 @@ CVE-2021-43584 CVE-2021-43583 RESERVED CVE-2021-3956 (A read-only authentication bypass vulnerability was reported in the Th ...) - TODO: check + NOT-FOR-US: Lenovo CVE-2021-3955 RESERVED CVE-2021-3954 @@ -37613,7 +37613,7 @@ CVE-2021-43257 (Lack of Neutralization of Formula Elements in the CSV API of Man CVE-2021-3923 RESERVED CVE-2021-3922 (A race condition vulnerability was reported in IMController, a softwar ...) - TODO: check + NOT-FOR-US: Lenovo CVE-2021-43267 (An issue was discovered in net/tipc/crypto.c in the Linux kernel befor ...) - linux 5.14.16-1 [bullseye] - linux 5.10.84-1 @@ -39629,15 +39629,15 @@ CVE-2021-3901 (firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF) .. CVE-2021-3900 (firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF) ...) NOT-FOR-US: firefly-iii CVE-2021-42852 (A command injection vulnerability was reported in some Lenovo Personal ...) - TODO: check + NOT-FOR-US: Lenovo CVE-2021-42851 (A vulnerability was reported in some Lenovo Personal Cloud Storage dev ...) - TODO: check + NOT-FOR-US: Lenovo CVE-2021-42850 (A weak default administrator password for the web interface and serial ...) - TODO: check + NOT-FOR-US: Lenovo CVE-2021-42849 (A weak default password for the serial port was reported in some Lenov ...) - TODO: check + NOT-FOR-US: Lenovo CVE-2021-42848 (An information disclosure vulnerability was reported in some Lenovo Pe ...) - TODO: check + NOT-FOR-US: Lenovo CVE-2021-3899 RESERVED CVE-2021-3898 (Versions of Motorola Ready For and Motorola Device Help Android applic ...) @@ -40374,7 +40374,7 @@ CVE-2021-23225 (Cacti 1.1.38 allows authenticated users with User Management per NOTE: overlap with CVE-2020-7106 (registered earlier, but issue above is from 2018) which refactors user_admin.php XSS protection NOTE: input (not output) validation not addressed, malicious username still can be created after fix CVE-2022-0005 (Sensitive information accessible by physical probing of JTAG interface ...) - TODO: check + NOT-FOR-US: Intel CVE-2022-0004 (Hardware debug modes and processor INIT setting that allow override of ...) TODO: check CVE-2022-0003 |