[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) Sat, 26 Feb 2022 00:24:06 -0800


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
e27ab837 by Salvatore Bonaccorso at 2022-02-26T09:23:24+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -37,7 +37,7 @@ CVE-2022-0767
 CVE-2022-0766
        RESERVED
 CVE-2021-46702 (Tor Browser 9.0.7 on Windows 10 build 10586 is vulnerable to 
informati ...)
-       TODO: check
+       NOT-FOR-US: Tor Browser (on Windows)
 CVE-2020-36516 (An issue was discovered in the Linux kernel through 5.16.11. 
The mixed ...)
        - linux <unfixed>
        NOTE: https://dl.acm.org/doi/10.1145/3372297.3417884
@@ -1821,7 +1821,7 @@ CVE-2022-25361
 CVE-2022-25360 (WatchGuard Firebox and XTM appliances allow an authenticated 
remote at ...)
        NOT-FOR-US: WatchGuard
 CVE-2022-25359 (On ICL ScadaFlex II SCADA Controller SC-1 and SC-2 1.03.07 
devices, un ...)
-       TODO: check
+       NOT-FOR-US: ICL ScadaFlex II SCADA Controller
 CVE-2022-25358 (A ..%2F path traversal vulnerability exists in the path 
handler of awf ...)
        NOT-FOR-US: awful-salmonella-tar
 CVE-2022-25357
@@ -2100,17 +2100,17 @@ CVE-2022-25265 (In the Linux kernel through 5.16.10, 
certain binary files may ha
        NOTE: Not considered a security flaw. If desired because no need for 
backward compatibility
        NOTE: can be mitigated through a LSM.
 CVE-2022-25264 (In JetBrains TeamCity before 2021.2.3, environment variables 
of the "p ...)
-       TODO: check
+       NOT-FOR-US: JetBrains TeamCity
 CVE-2022-25263 (JetBrains TeamCity before 2021.2.3 was vulnerable to OS 
command inject ...)
-       TODO: check
+       NOT-FOR-US: JetBrains TeamCity
 CVE-2022-25262 (In JetBrains Hub before 2022.1.14434, SAML request takeover 
was possib ...)
-       TODO: check
+       NOT-FOR-US: JetBrains Hub
 CVE-2022-25261 (JetBrains TeamCity before 2021.2.2 was vulnerable to reflected 
XSS. ...)
-       TODO: check
+       NOT-FOR-US: JetBrains TeamCity
 CVE-2022-25260 (JetBrains Hub before 2021.1.14276 was vulnerable to blind 
Server-Side  ...)
-       TODO: check
+       NOT-FOR-US: JetBrains Hub
 CVE-2022-25259 (JetBrains Hub before 2021.1.14276 was vulnerable to reflected 
XSS. ...)
-       TODO: check
+       NOT-FOR-US: JetBrains Hub
 CVE-2022-25258 (An issue was discovered in drivers/usb/gadget/composite.c in 
the Linux ...)
        - linux 5.16.10-1
        NOTE: https://github.com/szymonh/d-os-descriptor
@@ -2693,11 +2693,11 @@ CVE-2022-25098 (ECTouch v2 suffers from arbitrary file 
deletion due to insuffici
 CVE-2022-25097
        RESERVED
 CVE-2022-25096 (Home Owners Collection Management System v1.0 was discovered 
to contai ...)
-       TODO: check
+       NOT-FOR-US: Home Owners Collection Management System
 CVE-2022-25095 (Home Owners Collection Management System v1.0 allows 
unauthenticated a ...)
-       TODO: check
+       NOT-FOR-US: Home Owners Collection Management System
 CVE-2022-25094 (Home Owners Collection Management System v1.0 was discovered 
to contai ...)
-       TODO: check
+       NOT-FOR-US: Home Owners Collection Management System
 CVE-2022-25093
        RESERVED
 CVE-2022-25092
@@ -2757,15 +2757,15 @@ CVE-2022-25066
 CVE-2022-25065
        RESERVED
 CVE-2022-25064 (TP-LINK TL-WR840N(ES)_V6.20_180709 was discovered to contain a 
remote  ...)
-       TODO: check
+       NOT-FOR-US: TP-LINK
 CVE-2022-25063
        RESERVED
 CVE-2022-25062 (TP-LINK TL-WR840N(ES)_V6.20_180709 was discovered to contain 
an intege ...)
-       TODO: check
+       NOT-FOR-US: TP-LINK
 CVE-2022-25061 (TP-LINK TL-WR840N(ES)_V6.20_180709 was discovered to contain a 
command ...)
-       TODO: check
+       NOT-FOR-US: TP-LINK
 CVE-2022-25060 (TP-LINK TL-WR840N(ES)_V6.20_180709 was discovered to contain a 
command ...)
-       TODO: check
+       NOT-FOR-US: TP-LINK
 CVE-2022-25059
        RESERVED
 CVE-2022-25058
@@ -4293,7 +4293,7 @@ CVE-2022-24444
 CVE-2022-24443
        RESERVED
 CVE-2022-24442 (JetBrains YouTrack before 2021.4.40426 was vulnerable to SSTI 
(Server- ...)
-       TODO: check
+       NOT-FOR-US: JetBrains YouTrack
 CVE-2022-24428
        RESERVED
 CVE-2022-24427
@@ -18706,7 +18706,7 @@ CVE-2021-44134
 CVE-2021-44133
        RESERVED
 CVE-2021-44132 (A command injection vulnerability in the function 
formImportOMCIShell  ...)
-       TODO: check
+       NOT-FOR-US: C-DATA ONU4FERW
 CVE-2021-44131
        RESERVED
 CVE-2021-44130
@@ -24024,7 +24024,7 @@ CVE-2021-42954 (Zoho Remote Access Plus Server Windows 
Desktop Binary fixed from
 CVE-2021-42953
        RESERVED
 CVE-2021-42952 (Zepl Notebooks before 2021-10-25 are affected by a sandbox 
escape vuln ...)
-       TODO: check
+       NOT-FOR-US: Zepl Notebooks
 CVE-2021-42951
        RESERVED
 CVE-2021-42950



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e27ab837fa54a429503ba7ce275604c608e84385

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e27ab837fa54a429503ba7ce275604c608e84385
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process some NFUs

Reply via email to