[Git][security-tracker-team/security-tracker][master] NFUs

Tue, 01 Feb 2022 01:42:44 -0800 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
1a2f3607 by Moritz Muehlenhoff at 2022-02-01T10:42:25+01:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -102,13 +102,13 @@ CVE-2022-24268
 CVE-2022-24267
        RESERVED
 CVE-2022-24266 (Cuppa CMS v1.0 was discovered to contain a SQL injection 
vulnerability ...)
-       TODO: check
+       NOT-FOR-US: Cuppa CMS
 CVE-2022-24265 (Cuppa CMS v1.0 was discovered to contain a SQL injection 
vulnerability ...)
-       TODO: check
+       NOT-FOR-US: Cuppa CMS
 CVE-2022-24264 (Cuppa CMS v1.0 was discovered to contain a SQL injection 
vulnerability ...)
-       TODO: check
+       NOT-FOR-US: Cuppa CMS
 CVE-2022-24263 (Hospital Management System v4.0 was discovered to contain a 
SQL inject ...)
-       TODO: check
+       NOT-FOR-US: Hospital Management System
 CVE-2022-24262
        RESERVED
 CVE-2022-24261
@@ -1362,7 +1362,7 @@ CVE-2022-23874
 CVE-2022-23873
        RESERVED
 CVE-2022-23872 (Emlog pro v1.1.1 was discovered to contain a stored cross-site 
scripti ...)
-       TODO: check
+       NOT-FOR-US: Emlog pro
 CVE-2022-23871
        RESERVED
 CVE-2022-23870
@@ -2011,7 +2011,7 @@ CVE-2022-23776
 CVE-2022-23775
        RESERVED
 CVE-2022-23774 (Docker Desktop before 4.4.4 on Windows allows attackers to 
move arbitr ...)
-       TODO: check
+       NOT-FOR-US: Docker Desktop
 CVE-2022-23773
        RESERVED
 CVE-2022-23772
@@ -2364,9 +2364,9 @@ CVE-2022-23601 [CSRF token missing in forms]
 CVE-2022-23600
        RESERVED
 CVE-2022-23599 (Products.ATContentTypes are the core content types for Plone 
2.1 - 4.3 ...)
-       TODO: check
+       NOT-FOR-US: Plone
 CVE-2022-23598 (laminas-form is a package for validating and displaying simple 
and com ...)
-       TODO: check
+       NOT-FOR-US: laminas-form
 CVE-2022-23597
        RESERVED
 CVE-2022-23596
@@ -3129,11 +3129,11 @@ CVE-2022-0272
 CVE-2022-0271
        RESERVED
 CVE-2022-0270 (Prior to v0.6.1, bored-agent failed to sanitize incoming 
kubernetes im ...)
-       TODO: check
+       NOT-FOR-US: bored-agent
 CVE-2022-0269 (Cross-Site Request Forgery (CSRF) in Packagist 
yetiforce/yetiforce-crm ...)
        NOT-FOR-US: yetiforce-crm
 CVE-2022-0268 (Cross-site Scripting (XSS) - Stored in Packagist getgrav/grav 
prior to ...)
-       TODO: check
+       NOT-FOR-US: Grav CMS
 CVE-2022-0267
        RESERVED
 CVE-2021-46399
@@ -3768,7 +3768,7 @@ CVE-2022-0221
 CVE-2022-0220
        RESERVED
 CVE-2022-0219 (Improper Restriction of XML External Entity Reference in GitHub 
reposi ...)
-       TODO: check
+       NOT-FOR-US: jadx
 CVE-2022-0218
        RESERVED
 CVE-2022-0216
@@ -5100,7 +5100,7 @@ CVE-2022-22822 (addBinding in xmlparse.c in Expat (aka 
libexpat) before 2.4.3 ha
 CVE-2022-22821 (NVIDIA NeMo before 1.6.0 contains a vulnerability in ASR 
WebApp, in wh ...)
        NOT-FOR-US: NVIDIA NeMo
 CVE-2022-22820 (Due to the lack of media file checks before rendering, it was 
possible ...)
-       TODO: check
+       NOT-FOR-US: LINE
 CVE-2022-22819
        RESERVED
 CVE-2022-22818
@@ -5173,9 +5173,9 @@ CVE-2022-22793
 CVE-2022-22792
        RESERVED
 CVE-2022-22791 (SYNEL - eharmony Authenticated Blind & Stored XSS. Inject 
JS code  ...)
-       TODO: check
+       NOT-FOR-US: SYNEL
 CVE-2022-22790 (SYNEL - eharmony Directory Traversal. Directory Traversal - is 
an atta ...)
-       TODO: check
+       NOT-FOR-US: SYNEL
 CVE-2022-22789 (Charactell - FormStorm Enterprise Account takeover – An 
attacker ...)
        NOT-FOR-US: Charactell - FormStorm Enterprise
 CVE-2022-22788
@@ -6692,7 +6692,7 @@ CVE-2021-46104 (An issue was discovered in webp_server_go 
0.4.0. There is a dire
 CVE-2021-46103
        RESERVED
 CVE-2021-46102 (From version 0.2.14 to 0.2.16 for Solana rBPF, function 
"relocate" in  ...)
-       TODO: check
+       NOT-FOR-US: Solana rBBP
 CVE-2021-46101 (In Git for windows through 2.34.1 when using git pull to 
update the lo ...)
        TODO: check
 CVE-2021-46100
@@ -6728,9 +6728,9 @@ CVE-2021-46086 (xzs-mysql >= t3.4.0 is vulnerable to 
Insecure Permissions. Th
 CVE-2021-46085 (OneBlog <= 2.2.8 is vulnerable to Insecure Permissions. Low 
level a ...)
        NOT-FOR-US: OneBlog
 CVE-2021-46084 (uscat, as of 2021-12-28, is vulnerable to Cross Site Scripting 
(XSS) v ...)
-       TODO: check
+       NOT-FOR-US: uscat
 CVE-2021-46083 (uscat, as of 2021-12-28, is vulnerable to Cross Site Scripting 
(XSS) v ...)
-       TODO: check
+       NOT-FOR-US: uscat
 CVE-2021-46082
        RESERVED
 CVE-2021-46081



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1a2f3607f40efe2c1f4387198542fbb4f4f3709e

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1a2f3607f40efe2c1f4387198542fbb4f4f3709e
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to