[Git][security-tracker-team/security-tracker][master] Process NFUs

Thu, 03 Mar 2022 12:27:41 -0800 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
cf350b96 by Salvatore Bonaccorso at 2022-03-03T21:27:02+01:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -3320,19 +3320,19 @@ CVE-2022-0587 (Improper Authorization in Packagist 
librenms/librenms prior to 22
 CVE-2021-46687
        RESERVED
 CVE-2021-46270 (JFrog Artifactory before 7.31.10, is vulnerable to Broken 
Access Contr ...)
-       TODO: check
+       NOT-FOR-US: JFrog Artifactory
 CVE-2021-45730
        RESERVED
 CVE-2021-45721
        RESERVED
 CVE-2021-45074 (JFrog Artifactory before 7.29.3 and 6.23.38, is vulnerable to 
Broken A ...)
-       TODO: check
+       NOT-FOR-US: JFrog Artifactory
 CVE-2021-41834
        RESERVED
 CVE-2021-23163
        RESERVED
 CVE-2022-25146 (The Remote App module in Liferay Portal through v7.4.3.8 and 
Liferay D ...)
-       TODO: check
+       NOT-FOR-US: Liferay
 CVE-2022-25145
        RESERVED
 CVE-2022-25144
@@ -3348,7 +3348,7 @@ CVE-2022-25140
 CVE-2022-25139 (njs through 0.7.0, used in NGINX, was discovered to contain a 
heap use ...)
        NOT-FOR-US: njs
 CVE-2022-25138 (Axelor Open Suite v5.0 was discovered to contain a stored 
cross-site s ...)
-       TODO: check
+       NOT-FOR-US: Axelor Open Suite
 CVE-2022-25137 (A command injection vulnerability in the function 
recvSlaveUpgstatus o ...)
        NOT-FOR-US: TOTOLINK
 CVE-2022-25136 (A command injection vulnerability in the function 
meshSlaveUpdate of T ...)
@@ -3374,7 +3374,7 @@ CVE-2022-25127
 CVE-2022-25126
        RESERVED
 CVE-2022-25125 (MCMS v5.2.4 was discovered to contain a SQL injection 
vulnerability vi ...)
-       TODO: check
+       NOT-FOR-US: MCMS
 CVE-2022-25124
        RESERVED
 CVE-2022-25123
@@ -3394,9 +3394,9 @@ CVE-2022-25117
 CVE-2022-25116
        RESERVED
 CVE-2022-25115 (A remote code execution (RCE) vulnerability in the Avatar 
parameter un ...)
-       TODO: check
+       NOT-FOR-US: Home Owners Collection Management System
 CVE-2022-25114 (Event Management v1.0 was discovered to contain a reflected 
cross-site ...)
-       TODO: check
+       NOT-FOR-US: Event Management
 CVE-2022-25113
        RESERVED
 CVE-2022-25112
@@ -3446,7 +3446,7 @@ CVE-2022-25091
 CVE-2022-25090
        RESERVED
 CVE-2022-25089 (Printix Secure Cloud Print Management 1.3.1035.0 incorrectly 
uses Priv ...)
-       TODO: check
+       NOT-FOR-US: Printix Secure Cloud Print Management
 CVE-2022-25088
        RESERVED
 CVE-2022-25087
@@ -3540,7 +3540,7 @@ CVE-2022-25047
 CVE-2022-25046
        RESERVED
 CVE-2022-25045 (Home Owners Collection Management System v1.0 was discovered 
to contai ...)
-       TODO: check
+       NOT-FOR-US: Home Owners Collection Management System
 CVE-2022-25044
        RESERVED
 CVE-2022-25043
@@ -3568,7 +3568,7 @@ CVE-2022-25033
 CVE-2022-25032
        RESERVED
 CVE-2022-25031 (Remote Desktop Commander Suite Agent before v4.8 contains an 
unquoted  ...)
-       TODO: check
+       NOT-FOR-US: Remote Desktop Commander Suite Agent
 CVE-2022-25030
        RESERVED
 CVE-2022-25029 (Home Owners Collection Management System v1.0 was discovered 
to contai ...)
@@ -4289,7 +4289,7 @@ CVE-2022-24724
 CVE-2022-24723
        RESERVED
 CVE-2022-24722 (VIewComponent is a framework for building view components in 
Ruby on R ...)
-       TODO: check
+       NOT-FOR-US: VIewComponent
 CVE-2022-24721
        RESERVED
 CVE-2022-24720 (image_processing is an image processing wrapper for libvips 
and ImageM ...)
@@ -4788,7 +4788,7 @@ CVE-2022-24575
 CVE-2022-24574
        RESERVED
 CVE-2022-24573 (A stored cross-site scripting (XSS) vulnerability in the admin 
interfa ...)
-       TODO: check
+       NOT-FOR-US: Element-IT
 CVE-2022-24572 (Car Driving School Management System v1.0 is affected by Cross 
Site Sc ...)
        NOT-FOR-US: Car Driving School Management System
 CVE-2022-24571 (Car Driving School Management System v1.0 is affected by SQL 
injection ...)
@@ -4808,7 +4808,7 @@ CVE-2022-24565 (Checkmk <=2.0.0p19 Fixed in 2.0.0p20 
and Checkmk <=1.6.0p2
 CVE-2022-24564 (Checkmk <=2.0.0p19 contains a Cross Site Scripting (XSS) 
vulnerabil ...)
        - check-mk <removed>
 CVE-2022-24563 (In Genixcms v1.1.11, a stored Cross-Site Scripting (XSS) 
vulnerability ...)
-       TODO: check
+       NOT-FOR-US: Genixcms
 CVE-2022-24562
        RESERVED
 CVE-2022-24561
@@ -6869,17 +6869,17 @@ CVE-2022-23959 (In Varnish Cache before 6.6.2 and 7.x 
before 7.0.2, Varnish Cach
        NOTE: Fixed by: 
https://github.com/varnishcache/varnish-cache/commit/9ed39d1f796369caafb647fe37b729c07f332327
 (6.6.2)
        NOTE: Test case: 
https://github.com/varnishcache/varnish-cache/commit/ec531e16b9cd139bbf8971c5b306561c669681f4
 (6.6.2)
 CVE-2022-23958 (Potential vulnerabilities have been identified in the BIOS for 
some HP ...)
-       TODO: check
+       NOT-FOR-US: HP
 CVE-2022-23957 (Potential vulnerabilities have been identified in the BIOS for 
some HP ...)
-       TODO: check
+       NOT-FOR-US: HP
 CVE-2022-23956 (Potential vulnerabilities have been identified in the BIOS for 
some HP ...)
-       TODO: check
+       NOT-FOR-US: HP
 CVE-2022-23955 (Potential vulnerabilities have been identified in the BIOS for 
some HP ...)
-       TODO: check
+       NOT-FOR-US: HP
 CVE-2022-23954 (Potential vulnerabilities have been identified in the BIOS for 
some HP ...)
-       TODO: check
+       NOT-FOR-US: HP
 CVE-2022-23953 (Potential vulnerabilities have been identified in the BIOS for 
some HP ...)
-       TODO: check
+       NOT-FOR-US: HP
 CVE-2022-23952
        RESERVED
 CVE-2022-23951
@@ -7077,9 +7077,9 @@ CVE-2022-23901
 CVE-2022-23900
        RESERVED
 CVE-2022-23899 (MCMS v5.2.5 was discovered to contain a SQL injection 
vulnerability vi ...)
-       TODO: check
+       NOT-FOR-US: MCMS
 CVE-2022-23898 (MCMS v5.2.5 was discovered to contain a SQL injection 
vulnerability vi ...)
-       TODO: check
+       NOT-FOR-US: MCMS
 CVE-2022-23897
        RESERVED
 CVE-2022-23896
@@ -7555,7 +7555,7 @@ CVE-2022-24301 (In Minetest before 5.4.0, players can add 
or subtract items from
 CVE-2022-23850 (xhtml_translate_entity in xhtml.c in epub2txt (aka epub2txt2) 
through  ...)
        - epub2txt2 <itp> (bug #1004115)
 CVE-2022-23849 (The biometric lock in Devolutions Password Hub for iOS before 
2021.3.4 ...)
-       TODO: check
+       NOT-FOR-US: Devolutions Password Hub for iOS
 CVE-2022-0339 (Server-Side Request Forgery (SSRF) in Pypi calibreweb prior to 
0.6.16. ...)
        NOT-FOR-US: calibre-web
 CVE-2022-0338 (Improper Privilege Management in Conda loguru prior to 0.5.3. 
...)
@@ -10398,7 +10398,7 @@ CVE-2022-22946
 CVE-2022-22945 (VMware NSX Edge contains a CLI shell injection vulnerability. 
A malici ...)
        NOT-FOR-US: VMware
 CVE-2022-22944 (VMware Workspace ONE Boxer contains a stored cross-site 
scripting (XSS ...)
-       TODO: check
+       NOT-FOR-US: VMware
 CVE-2022-22943
        RESERVED
 CVE-2022-22942 [drm/vmwgfx: Fix stale file descriptors on failed usercopy]
@@ -11563,7 +11563,7 @@ CVE-2022-22702 (PartKeepr versions up to v1.4.0, in the 
functionality to upload
 CVE-2022-22701 (PartKeepr versions up to v1.4.0, loads attachments using a URL 
while c ...)
        NOT-FOR-US: PartKeepr
 CVE-2022-22700 (CyberArk Identity versions up to and including 22.1 in the 
'StartAuthe ...)
-       TODO: check
+       NOT-FOR-US: CyberArk Identity
 CVE-2022-22699
        RESERVED
 CVE-2022-22698
@@ -13769,7 +13769,7 @@ CVE-2021-45821
 CVE-2021-45820
        RESERVED
 CVE-2021-45819 (Wordline HIDCCEMonitorSVC before v5.2.4.3 contains an unquoted 
service ...)
-       TODO: check
+       NOT-FOR-US: Wordline HIDCCEMonitorSVC
 CVE-2021-45818 (SAFARI Montage 8.7.32 is affected by a CRLF injection 
vulnerability wh ...)
        NOT-FOR-US: SAFARI Montage
 CVE-2021-45817
@@ -18792,7 +18792,7 @@ CVE-2021-44345
 CVE-2021-44344
        RESERVED
 CVE-2021-44343 (David Brackeen ok-file-formats 203defd is vulnerable to Buffer 
Overflo ...)
-       TODO: check
+       NOT-FOR-US: ok-file-formats
 CVE-2021-44342 (David Brackeen ok-file-formats 203defd is vulnerable to Buffer 
Overflo ...)
        NOT-FOR-US: ok-file-formats
 CVE-2021-44341
@@ -18808,7 +18808,7 @@ CVE-2021-44337
 CVE-2021-44336
        RESERVED
 CVE-2021-44335 (David Brackeen ok-file-formats 203defd is vulnerable to Buffer 
Overflo ...)
-       TODO: check
+       NOT-FOR-US: ok-file-formats
 CVE-2021-44334 (David Brackeen ok-file-formats 97f78ca is vulnerable to Buffer 
Overflo ...)
        NOT-FOR-US: ok-file-formats
 CVE-2021-44333
@@ -20768,7 +20768,7 @@ CVE-2021-3966
 CVE-2021-3965 (Certain HP DesignJet products may be vulnerable to 
unauthenticated HTT ...)
        NOT-FOR-US: HP
 CVE-2021-43774 (A risky-algorithm issue was discovered on Fujifilm 
DocuCentre-VI C4471 ...)
-       TODO: check
+       NOT-FOR-US: Fujifilm
 CVE-2021-43773
        RESERVED
 CVE-2021-43772 (Trend Micro Security 2021 v17.0 (Consumer) contains a 
vulnerability th ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cf350b9698a0b9b61be9f14079480f639b1f7f9b

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cf350b9698a0b9b61be9f14079480f639b1f7f9b
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to