[Git][security-tracker-team/security-tracker][master] Process some more new NFUs

Salvatore Bonaccorso (@carnil) Wed, 26 Jan 2022 00:40:41 -0800


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
eec0ff69 by Salvatore Bonaccorso at 2022-01-26T09:40:04+01:00
Process some more new NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -61,9 +61,9 @@ CVE-2022-0370
 CVE-2022-0369
        RESERVED
 CVE-2021-46560 (The firmware on Moxa TN-5900 devices through 3.1 allows 
command inject ...)
-       TODO: check
+       NOT-FOR-US: Moxa
 CVE-2021-46559 (The firmware on Moxa TN-5900 devices through 3.1 has a weak 
algorithm  ...)
-       TODO: check
+       NOT-FOR-US: Moxa
 CVE-2019-25056 (In Bromite through 78.0.3904.130, there are adblock rules in 
the relea ...)
        NOT-FOR-US: Bromite
 CVE-2022-23947
@@ -71,9 +71,9 @@ CVE-2022-23947
 CVE-2022-23946
        RESERVED
 CVE-2022-23945 (Missing authentication on ShenYu Admin when register by HTTP. 
This iss ...)
-       TODO: check
+       NOT-FOR-US: Apache ShenYu Admin
 CVE-2022-23944 (User can access /plugin api without authentication. This issue 
affecte ...)
-       TODO: check
+       NOT-FOR-US: Apache ShenYu Admin
 CVE-2022-23943
        RESERVED
 CVE-2022-23942
@@ -2416,7 +2416,7 @@ CVE-2022-23260
 CVE-2022-23259
        RESERVED
 CVE-2022-23258 (Microsoft Edge for Android Spoofing Vulnerability. ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2022-23257
        RESERVED
 CVE-2022-23256
@@ -2486,7 +2486,7 @@ CVE-2022-23225
 CVE-2022-23224
        RESERVED
 CVE-2022-23223 (The HTTP response will disclose the user password. This issue 
affected ...)
-       TODO: check
+       NOT-FOR-US: Apache ShenYu Admin
 CVE-2022-23221 (H2 Console before 2.1.210 allows remote attackers to execute 
arbitrary ...)
        - h2database <unfixed>
        NOTE: 
https://github.com/h2database/h2database/releases/tag/version-2.1.210
@@ -3165,11 +3165,11 @@ CVE-2022-23018 (On BIG-IP AFM version 16.1.x before 
16.1.2, 15.1.x before 15.1.4
 CVE-2022-23017 (On BIG-IP version 16.x before 16.1.0, 15.1.x before 15.1.4.1, 
14.1.x b ...)
        NOT-FOR-US: F5 BIG-IP
 CVE-2022-23016 (On versions 16.1.x before 16.1.2 and 15.1.x before 15.1.4.1, 
when BIG- ...)
-       TODO: check
+       NOT-FOR-US: F5 BIG-IP
 CVE-2022-23015 (On BIG-IP versions 16.x before 16.1.0, 15.1.x before 15.1.4.1, 
and 14. ...)
        NOT-FOR-US: F5 BIG-IP
 CVE-2022-23014 (On versions 16.1.x before 16.1.2 and 15.1.x before 15.1.4.1, 
when BIG- ...)
-       TODO: check
+       NOT-FOR-US: F5 BIG-IP
 CVE-2022-23013 (On BIG-IP DNS &amp; GTM version 16.x before 16.1.0, 15.1.x 
before 15.1 ...)
        NOT-FOR-US: F5 BIG-IP
 CVE-2022-23012 (On BIG-IP versions 15.1.x before 15.1.4.1 and 14.1.x before 
14.1.4.5,  ...)
@@ -3181,7 +3181,7 @@ CVE-2022-23010 (On BIG-IP versions 16.x before 16.1.0, 
15.1.x before 15.1.4.1, 1
 CVE-2022-23009 (On BIG-IQ Centralized Management 8.x before 8.1.0, an 
authenticated ad ...)
        NOT-FOR-US: F5 BIG-IP
 CVE-2022-23008 (On NGINX Controller API Management versions 3.18.0-3.19.0, an 
authenti ...)
-       TODO: check
+       NOT-FOR-US: F5 BIG-IP
 CVE-2022-23007
        RESERVED
 CVE-2022-23006
@@ -5471,7 +5471,7 @@ CVE-2021-46115
 CVE-2021-46114
        RESERVED
 CVE-2021-46113 (In MartDevelopers KEA-Hotel-ERP open source as of 12-31-2021, 
a remote ...)
-       TODO: check
+       NOT-FOR-US: MartDevelopers KEA-Hotel-ERP open source
 CVE-2021-46112
        RESERVED
 CVE-2021-46111
@@ -5519,15 +5519,15 @@ CVE-2021-46091
 CVE-2021-46090
        RESERVED
 CVE-2021-46089 (In JeecgBoot 3.0, there is a SQL injection vulnerability that 
can oper ...)
-       TODO: check
+       NOT-FOR-US: JeecgBoot
 CVE-2021-46088
        RESERVED
 CVE-2021-46087 (In jfinal_cms &gt;= 5.1 0, there is a storage XSS 
vulnerability in the ...)
-       TODO: check
+       NOT-FOR-US: jfinal_cms
 CVE-2021-46086 (xzs-mysql &gt;= t3.4.0 is vulnerable to Insecure Permissions. 
The fron ...)
-       TODO: check
+       NOT-FOR-US: xzs-mysql
 CVE-2021-46085 (OneBlog &lt;= 2.2.8 is vulnerable to Insecure Permissions. Low 
level a ...)
-       TODO: check
+       NOT-FOR-US: OneBlog
 CVE-2021-46084 (uscat, as of 2021-12-28, is vulnerable to Cross Site Scripting 
(XSS) v ...)
        TODO: check
 CVE-2021-46083 (uscat, as of 2021-12-28, is vulnerable to Cross Site Scripting 
(XSS) v ...)
@@ -5671,9 +5671,9 @@ CVE-2021-46036
 CVE-2021-46035
        RESERVED
 CVE-2021-46034 (A problem was found in ForestBlog, as of 2021-12-29, there is 
a XSS vu ...)
-       TODO: check
+       NOT-FOR-US: ForestBlog
 CVE-2021-46033 (In ForestBlog, as of 2021-12-28, File upload can bypass 
verification. ...)
-       TODO: check
+       NOT-FOR-US: ForestBlog
 CVE-2021-46032
        RESERVED
 CVE-2021-46031
@@ -6559,9 +6559,9 @@ CVE-2021-45805
 CVE-2021-45804
        RESERVED
 CVE-2021-45803 (MartDevelopers iResturant 1.0 is vulnerable to SQL Injection. 
SQL Inje ...)
-       TODO: check
+       NOT-FOR-US: MartDevelopers iResturant
 CVE-2021-45802 (MartDevelopers iResturant 1.0 is vulnerable to SQL Injection. 
SQL Inje ...)
-       TODO: check
+       NOT-FOR-US: MartDevelopers iResturant
 CVE-2021-45801
        RESERVED
 CVE-2021-45800
@@ -8616,15 +8616,15 @@ CVE-2021-45228
 CVE-2021-45227
        RESERVED
 CVE-2021-45226 (An issue was discovered in COINS Construction Cloud 11.12. Due 
to impr ...)
-       TODO: check
+       NOT-FOR-US: COINS Construction Cloud
 CVE-2021-45225 (An issue was discovered in COINS Construction Cloud 11.12. Due 
to impr ...)
-       TODO: check
+       NOT-FOR-US: COINS Construction Cloud
 CVE-2021-45224 (An issue was discovered in COINS Construction Cloud 11.12. In 
several  ...)
-       TODO: check
+       NOT-FOR-US: COINS Construction Cloud
 CVE-2021-45223 (An issue was discovered in COINS Construction Cloud 11.12. Due 
to insu ...)
-       TODO: check
+       NOT-FOR-US: COINS Construction Cloud
 CVE-2021-45222 (An issue was discovered in COINS Construction Cloud 11.12. Due 
to logi ...)
-       TODO: check
+       NOT-FOR-US: COINS Construction Cloud
 CVE-2021-45221
        RESERVED
 CVE-2021-45220
@@ -9550,7 +9550,7 @@ CVE-2021-44983
 CVE-2021-44982
        RESERVED
 CVE-2021-44981 (In QuickBox Pro v2.5.8 and below, the config.php file has a 
variable w ...)
-       TODO: check
+       NOT-FOR-US: QuickBox Pro
 CVE-2021-44980
        RESERVED
 CVE-2021-44979



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/eec0ff698f970822b9057c479b4412026c557bce

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/eec0ff698f970822b9057c479b4412026c557bce
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process some more new NFUs

Reply via email to