[Git][security-tracker-team/security-tracker][master] Process several NFUs

Salvatore Bonaccorso (@carnil) Fri, 25 Feb 2022 12:27:56 -0800


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
9642c7a1 by Salvatore Bonaccorso at 2022-02-25T21:27:17+01:00
Process several NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1036,17 +1036,17 @@ CVE-2022-25650
 CVE-2022-25172
        RESERVED
 CVE-2022-25170 (The affected product is vulnerable to a stack-based buffer 
overflow wh ...)
-       TODO: check
+       NOT-FOR-US: FATEK Automation
 CVE-2022-24910
        RESERVED
 CVE-2022-23985 (The affected product is vulnerable to an out-of-bounds write 
while pro ...)
-       TODO: check
+       NOT-FOR-US: FATEK Automation
 CVE-2022-21809
        RESERVED
 CVE-2022-21238
        RESERVED
 CVE-2022-21209 (The affected product is vulnerable to an out-of-bounds read 
while proc ...)
-       TODO: check
+       NOT-FOR-US: FATEK Automation
 CVE-2022-0730
        RESERVED
 CVE-2022-0729 (Use of Out-of-range Pointer Offset in GitHub repository vim/vim 
prior  ...)
@@ -1693,7 +1693,7 @@ CVE-2022-25375 (An issue was discovered in 
drivers/usb/gadget/function/rndis.c i
        NOTE: https://www.openwall.com/lists/oss-security/2022/02/21/1
        NOTE: 
https://git.kernel.org/linus/38ea1eac7d88072bbffb630e2b3db83ca649b826 (5.17-rc4)
 CVE-2022-25374 (HashiCorp Terraform Enterprise before 202202-1 inserts 
Sensitive Infor ...)
-       TODO: check
+       NOT-FOR-US: HashiCorp Terraform Enterprise
 CVE-2022-25373
        RESERVED
 CVE-2022-25372 (Pritunl Client through 1.2.3019.52 on Windows allows local 
privilege e ...)
@@ -2314,7 +2314,7 @@ CVE-2022-0617 (A flaw null pointer dereference in the 
Linux kernel UDF file syst
 CVE-2022-0616
        RESERVED
 CVE-2022-0615 (Use-after-free in eset_rtp kernel module used in ESET products 
for Lin ...)
-       TODO: check
+       NOT-FOR-US: ESET
 CVE-2022-0614 (Use of Out-of-range Pointer Offset in Homebrew mruby prior to 
3.2. ...)
        - mruby <not-affected> (Vulnerable code introduced later)
        NOTE: https://huntr.dev/bounties/a980ce4d-c359-4425-92c4-e844c0055879
@@ -3901,7 +3901,7 @@ CVE-2022-24613 (metadata-extractor up to 2.16.0 can throw 
various uncaught excep
        - libmetadata-extractor-java <unfixed>
        NOTE: https://github.com/drewnoakes/metadata-extractor/issues/561
 CVE-2022-24612 (An authenticated user can upload an XML file containing an XSS 
via the ...)
-       TODO: check
+       NOT-FOR-US: EyesOfNetwork (EON) eonweb
 CVE-2022-24611
        RESERVED
 CVE-2022-24610 (Settings/network settings/wireless settings on the Alecto 
DVC-215IP ca ...)
@@ -4539,41 +4539,41 @@ CVE-2022-24349
 CVE-2022-24348 (Argo CD before 2.1.9 and 2.2.x before 2.2.4 allows directory 
traversal ...)
        NOT-FOR-US: Argo CD
 CVE-2022-24347 (JetBrains YouTrack before 2021.4.36872 was vulnerable to 
stored XSS vi ...)
-       TODO: check
+       NOT-FOR-US: JetBrains YouTrack
 CVE-2022-24346 (In JetBrains IntelliJ IDEA before 2021.3.1, local code 
execution via R ...)
        TODO: check
 CVE-2022-24345 (In JetBrains IntelliJ IDEA before 2021.2.4, local code 
execution (with ...)
        TODO: check
 CVE-2022-24344 (JetBrains YouTrack before 2021.4.31698 was vulnerable to 
stored XSS on ...)
-       TODO: check
+       NOT-FOR-US: JetBrains YouTrack
 CVE-2022-24343 (In JetBrains YouTrack before 2021.4.31698, a custom logo could 
be set  ...)
-       TODO: check
+       NOT-FOR-US: JetBrains YouTrack
 CVE-2022-24342 (In JetBrains TeamCity before 2021.2.1, URL injection leading 
to CSRF w ...)
-       TODO: check
+       NOT-FOR-US: JetBrains TeamCity
 CVE-2022-24341 (In JetBrains TeamCity before 2021.2.1, editing a user account 
to chang ...)
-       TODO: check
+       NOT-FOR-US: JetBrains TeamCity
 CVE-2022-24340 (In JetBrains TeamCity before 2021.2.1, XXE during the parsing 
of the c ...)
-       TODO: check
+       NOT-FOR-US: JetBrains TeamCity
 CVE-2022-24339 (JetBrains TeamCity before 2021.2.1 was vulnerable to stored 
XSS. ...)
-       TODO: check
+       NOT-FOR-US: JetBrains TeamCity
 CVE-2022-24338 (JetBrains TeamCity before 2021.2.1 was vulnerable to reflected 
XSS. ...)
-       TODO: check
+       NOT-FOR-US: JetBrains TeamCity
 CVE-2022-24337 (In JetBrains TeamCity before 2021.2, health items of pull 
requests wer ...)
-       TODO: check
+       NOT-FOR-US: JetBrains TeamCity
 CVE-2022-24336 (In JetBrains TeamCity before 2021.2.1, an unauthenticated 
attacker can ...)
-       TODO: check
+       NOT-FOR-US: JetBrains TeamCity
 CVE-2022-24335 (JetBrains TeamCity before 2021.2 was vulnerable to a 
Time-of-check/Tim ...)
-       TODO: check
+       NOT-FOR-US: JetBrains TeamCity
 CVE-2022-24334 (In JetBrains TeamCity before 2021.2.1, the Agent Push feature 
allowed  ...)
-       TODO: check
+       NOT-FOR-US: JetBrains TeamCity
 CVE-2022-24333 (In JetBrains TeamCity before 2021.2, blind SSRF via an XML-RPC 
call wa ...)
-       TODO: check
+       NOT-FOR-US: JetBrains TeamCity
 CVE-2022-24332 (In JetBrains TeamCity before 2021.2, a logout action didn't 
remove a R ...)
-       TODO: check
+       NOT-FOR-US: JetBrains TeamCity
 CVE-2022-24331 (In JetBrains TeamCity before 2021.1.4, GitLab authentication 
impersona ...)
-       TODO: check
+       NOT-FOR-US: JetBrains TeamCity
 CVE-2022-24330 (In JetBrains TeamCity before 2021.2.1, a redirection to an 
external si ...)
-       TODO: check
+       NOT-FOR-US: JetBrains TeamCity
 CVE-2022-24329 (In JetBrains Kotlin before 1.6.0, it was not possible to lock 
dependen ...)
        TODO: check
 CVE-2022-24328 (In JetBrains Hub before 2021.1.13956, an unprivileged user 
could perfo ...)
@@ -5628,11 +5628,11 @@ CVE-2022-24037
 CVE-2022-24036
        RESERVED
 CVE-2022-23921 (Exploitation of this vulnerability may result in local 
privilege escal ...)
-       TODO: check
+       NOT-FOR-US: GE
 CVE-2022-22987 (The affected product has a hardcoded private key available 
inside the  ...)
        NOT-FOR-US: Advantech
 CVE-2022-21798 (The affected product is vulnerable due to cleartext 
transmission of cr ...)
-       TODO: check
+       NOT-FOR-US: GE
 CVE-2022-21154
        RESERVED
 CVE-2022-0392 (Heap-based Buffer Overflow in GitHub repository vim prior to 
8.2. ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9642c7a168dccca09bb24c63ea1fd07982852dc5

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9642c7a168dccca09bb24c63ea1fd07982852dc5
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process several NFUs

Reply via email to