[Git][security-tracker-team/security-tracker][master] Process NFUs

Salvatore Bonaccorso (@carnil) Sat, 19 Feb 2022 13:04:29 -0800


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
3cbc4514 by Salvatore Bonaccorso at 2022-02-19T22:03:37+01:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -22,9 +22,9 @@ CVE-2021-4222
 CVE-2022-25367
        RESERVED
 CVE-2022-25366 (Cryptomator through 1.6.5 allows DYLIB injection because, 
although it  ...)
-       TODO: check
+       NOT-FOR-US: Cryptomator
 CVE-2022-25365 (Docker Desktop before 4.5.1 on Windows allows attackers to 
move arbitr ...)
-       TODO: check
+       NOT-FOR-US: Docker Desktop
 CVE-2022-25364
        RESERVED
 CVE-2022-25363
@@ -118,7 +118,7 @@ CVE-2022-0680
 CVE-2022-0679
        RESERVED
 CVE-2022-0678 (Cross-site Scripting (XSS) - Reflected in Packagist 
microweber/microwe ...)
-       TODO: check
+       NOT-FOR-US: microweber
 CVE-2022-0677
        RESERVED
 CVE-2021-4221
@@ -5443,7 +5443,7 @@ CVE-2022-23651
 CVE-2022-23650 (Netmaker is a platform for creating and managing virtual 
overlay netwo ...)
        TODO: check
 CVE-2022-23649 (Cosign provides container signing, verification, and storage 
in an OCI ...)
-       TODO: check
+       NOT-FOR-US: Cosign
 CVE-2022-23648
        RESERVED
 CVE-2022-23647 (Prism is a syntax highlighting library. Starting with version 
1.14.0 a ...)
@@ -5455,9 +5455,9 @@ CVE-2022-23645 (swtpm is a libtpms-based TPM emulator 
with socket, character dev
 CVE-2022-23644 (BookWyrm is a decentralized social network for tracking 
reading habits ...)
        NOT-FOR-US: BookWyrm
 CVE-2022-23643 (Sourcegraph is a code search and navigation engine. 
Sourcegraph versio ...)
-       TODO: check
+       NOT-FOR-US: Sourcegraph
 CVE-2022-23642 (Sourcegraph is a code search and navigation engine. 
Sourcegraph prior  ...)
-       TODO: check
+       NOT-FOR-US: Sourcegraph
 CVE-2022-23641 (Discourse is an open source discussion platform. In versions 
prior to  ...)
        NOT-FOR-US: Discourse
 CVE-2022-23640
@@ -5469,7 +5469,7 @@ CVE-2022-23638 (svg-sanitizer is a SVG/XML sanitizer 
written in PHP. A cross-sit
 CVE-2022-23637 (K-Box is a web-based application to manage documents, images, 
videos a ...)
        NOT-FOR-US: K-Box
 CVE-2022-23636 (Wasmtime is an open source runtime for WebAssembly &amp; WASI. 
Prior t ...)
-       TODO: check
+       NOT-FOR-US: wasmtime
 CVE-2022-23635
        RESERVED
 CVE-2022-23634 (Puma is a Ruby/Rack web server built for parallelism. Prior to 
`puma`  ...)
@@ -6182,9 +6182,9 @@ CVE-2022-23378 (A Cross-Site Scripting (XSS) 
vulnerability exists within the 3.2
 CVE-2022-23377
        RESERVED
 CVE-2022-23376 (WikiDocs version 0.1.18 has multiple reflected XSS 
vulnerabilities on  ...)
-       TODO: check
+       NOT-FOR-US: WikiDocs
 CVE-2022-23375 (WikiDocs version 0.1.18 has an authenticated remote code 
execution vul ...)
-       TODO: check
+       NOT-FOR-US: WikiDocs
 CVE-2022-23374
        RESERVED
 CVE-2022-23373
@@ -6388,7 +6388,7 @@ CVE-2021-46374
 CVE-2021-46373
        RESERVED
 CVE-2021-46372 (Scoold 1.47.2 is a Q&amp;A/knowledge base platform written in 
Java. Wh ...)
-       TODO: check
+       NOT-FOR-US: Scoold
 CVE-2021-46371 (antd-admin 5.5.0 is affected by an incorrect access control 
vulnerabil ...)
        NOT-FOR-US: antd-admin
 CVE-2021-46370
@@ -6837,7 +6837,7 @@ CVE-2022-23230
 CVE-2022-23229
        RESERVED
 CVE-2022-23228 (Pexip Infinity before 27.0 has improper WebRTC input 
validation. An un ...)
-       TODO: check
+       NOT-FOR-US: Pexip Infinity
 CVE-2022-23227 (NUUO NVRmini2 through 3.11 allows an unauthenticated attacker 
to uploa ...)
        NOT-FOR-US: NUUO NVRmini2
 CVE-2022-23226
@@ -9988,7 +9988,7 @@ CVE-2021-46112
 CVE-2021-46111
        RESERVED
 CVE-2021-46110 (Online Shopping Portal v3.1 was discovered to contain multiple 
time-ba ...)
-       TODO: check
+       NOT-FOR-US: Online Shopping Portal
 CVE-2021-46109 (Invalid input sanitizing leads to reflected Cross Site 
Scripting (XSS) ...)
        NOT-FOR-US: ASUS
 CVE-2021-46108 (D-Link DSL-2730E CT-20131125 devices allow XSS via the 
username parame ...)
@@ -10048,7 +10048,7 @@ CVE-2021-46084 (uscat, as of 2021-12-28, is vulnerable 
to Cross Site Scripting (
 CVE-2021-46083 (uscat, as of 2021-12-28, is vulnerable to Cross Site Scripting 
(XSS) v ...)
        NOT-FOR-US: uscat
 CVE-2021-46082 (Moxa TN-5900 v3.1 series routers, MGate 5109 v2.2 series 
protocol gate ...)
-       TODO: check
+       NOT-FOR-US: Moxa
 CVE-2021-46081
        RESERVED
 CVE-2021-46080 (A Cross Site Request Forgery (CSRF) vulnerability exists in 
Vehicle Se ...)
@@ -10086,9 +10086,9 @@ CVE-2021-46065 (A Cross-site scripting (XSS) 
vulnerability in Secondary Email Fi
 CVE-2021-46064
        RESERVED
 CVE-2021-46063 (MCMS v5.2.5 was discovered to contain a Server Side Template 
Injection ...)
-       TODO: check
+       NOT-FOR-US: MCMS
 CVE-2021-46062 (MCMS v5.2.5 was discovered to contain an arbitrary file 
deletion vulne ...)
-       TODO: check
+       NOT-FOR-US: MCMS
 CVE-2021-46061 (An SQL Injection vulnerability exists in Sourcecodester 
Computer and M ...)
        NOT-FOR-US: Sourcecodester
 CVE-2021-46060
@@ -16141,7 +16141,7 @@ CVE-2021-44304
 CVE-2021-44303
        RESERVED
 CVE-2021-44302 (BaiCloud-cms v2.5.7 was discovered to contain multiple SQL 
injection v ...)
-       TODO: check
+       NOT-FOR-US: BaiCloud-cms
 CVE-2021-44301
        RESERVED
 CVE-2021-44300
@@ -28403,9 +28403,9 @@ CVE-2021-40843 (Proofpoint Insider Threat Management 
Server contains an unsafe d
 CVE-2021-40842 (Proofpoint Insider Threat Management Server contains a SQL 
injection v ...)
        NOT-FOR-US: Proofpoint
 CVE-2021-40841 (A Path Traversal vulnerability for a log file in LiveConfig 
2.12.2 all ...)
-       TODO: check
+       NOT-FOR-US: LiveConfig
 CVE-2021-40840 (A Stored XSS issue exists in the admin/users user 
administration form  ...)
-       TODO: check
+       NOT-FOR-US: LiveConfig
 CVE-2021-40839 (The rencode package through 1.0.6 for Python allows an 
infinite loop i ...)
        - python-rencode 1.0.6-2
        [bullseye] - python-rencode <no-dsa> (Minor issue)
@@ -56607,9 +56607,9 @@ CVE-2021-29657 (arch/x86/kvm/svm/nested.c in the Linux 
kernel before 5.11.12 has
        NOTE: 
https://git.kernel.org/linus/a58d9166a756a0f4a6618e4f593232593d6df134
        NOTE: 
https://googleprojectzero.blogspot.com/2021/06/an-epyc-escape-case-study-of-kvm.html
 CVE-2021-29656 (Pexip Infinity Connect before 1.8.0 mishandles TLS certificate 
validat ...)
-       TODO: check
+       NOT-FOR-US: Pexip Infinity Connect
 CVE-2021-29655 (Pexip Infinity Connect before 1.8.0 omits certain provisioning 
authent ...)
-       TODO: check
+       NOT-FOR-US: Pexip Infinity Connect
 CVE-2021-29654 (AjaxSearchPro before 4.20.8 allows Deserialization of 
Untrusted Data ( ...)
        NOT-FOR-US: AjaxSearchPro
 CVE-2021-29653 (HashiCorp Vault and Vault Enterprise 1.5.1 and newer, under 
certain ci ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3cbc451474a05ce2dbbf299068d8146b67ec827d

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3cbc451474a05ce2dbbf299068d8146b67ec827d
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process NFUs

Reply via email to