[Git][security-tracker-team/security-tracker][master] Process NFUs

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
b4cbd4a9 by Salvatore Bonaccorso at 2022-03-08T21:26:33+01:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -4836,15 +4836,15 @@ CVE-2022-24934
 CVE-2022-24933
        RESERVED
 CVE-2022-24932 (Improper Protection of Alternate Path vulnerability in Setup 
wizard pr ...)
-       TODO: check
+       NOT-FOR-US: Samsung
 CVE-2022-24931 (Improper access control vulnerability in dynamic receiver in 
ApkInstal ...)
-       TODO: check
+       NOT-FOR-US: Samsung
 CVE-2022-24930 (An Improper access control vulnerability in 
StRetailModeReceiver in We ...)
-       TODO: check
+       NOT-FOR-US: Samsung
 CVE-2022-24929 (Unprotected Activity in AppLock prior to SMR Mar-2022 Release 
1 allows ...)
-       TODO: check
+       NOT-FOR-US: Samsung
 CVE-2022-24928 (Security misconfiguration of RKP in kernel prior to SMR 
Mar-2022 Relea ...)
-       TODO: check
+       NOT-FOR-US: Samsung
 CVE-2022-24927 (Improper privilege management vulnerability in Samsung Video 
Player pr ...)
        NOT-FOR-US: Samsung
 CVE-2022-24926 (Improper input validation vulnerability in SmartTagPlugin 
prior to ver ...)
@@ -5580,7 +5580,7 @@ CVE-2022-24663 (PHP Everywhere <= 2.0.3 included 
functionality that allowed e
 CVE-2022-24662
        RESERVED
 CVE-2022-24661 (A vulnerability has been identified in Simcenter STAR-CCM+ 
Viewer (All ...)
-       TODO: check
+       NOT-FOR-US: Siemens
 CVE-2022-24660
        RESERVED
 CVE-2022-24659
@@ -6132,7 +6132,7 @@ CVE-2013-20004 (StarWind iSCSI SAN before 6.0 build 
2013-03-20 allows a memory l
 CVE-2007-20001 (StarWind iSCSI SAN before 3.5 build 2007-08-09 allows socket 
exhaustio ...)
        NOT-FOR-US: StarWind
 CVE-2022-24408 (A vulnerability has been identified in SINUMERIK MC (All 
versions < ...)
-       TODO: check
+       NOT-FOR-US: Siemens
 CVE-2022-0501 (Cross-site Scripting (XSS) - Reflected in Packagist 
ptrofimov/beanstal ...)
        NOT-FOR-US: beanstalk_console
 CVE-2022-0500
@@ -6228,7 +6228,7 @@ CVE-2022-24398 (Under certain conditions SAP Business 
Objects Business Intellige
 CVE-2022-24397
        RESERVED
 CVE-2022-24396 (The Simple Diagnostics Agent - versions 1.0 up to version 
1.57, does n ...)
-       TODO: check
+       NOT-FOR-US: SAP
 CVE-2022-24395 (SAP NetWeaver Enterprise Portal - versions 7.10, 7.11, 7.20, 
7.30, 7.3 ...)
        NOT-FOR-US: SAP
 CVE-2022-24394
@@ -6433,7 +6433,7 @@ CVE-2022-24311 (A CWE-22: Improper Limitation of a 
Pathname to a Restricted Dire
 CVE-2022-24310 (A CWE-190: Integer Overflow or Wraparound vulnerability exists 
that co ...)
        NOT-FOR-US: Schneider Electric
 CVE-2022-24309 (A vulnerability has been identified in Mendix Applications 
using Mendi ...)
-       TODO: check
+       NOT-FOR-US: Siemens
 CVE-2022-0480
        RESERVED
        - linux 5.15.3-1
@@ -6733,9 +6733,9 @@ CVE-2021-4218
        NOTE: Issue is specific to CentOS/RHEL. In mainline, xprtrdma always 
used copy_to_user()
        NOTE: until the general conversion of sysctls to use a kernel buffer.
 CVE-2022-24282 (A vulnerability has been identified in SINEC NMS (All 
versions). The a ...)
-       TODO: check
+       NOT-FOR-US: Siemens
 CVE-2022-24281 (A vulnerability has been identified in SINEC NMS (All 
versions). A pri ...)
-       TODO: check
+       NOT-FOR-US: Siemens
 CVE-2022-24280
        RESERVED
 CVE-2022-24277
@@ -19496,7 +19496,7 @@ CVE-2021-44480 (Wokka Lokka Q50 devices through 
2021-11-30 allow remote attacker
 CVE-2021-44479 (NXP Kinetis K82 devices have a buffer over-read via a crafted 
wlength  ...)
        NOT-FOR-US: NXP Kinetis K82 devices
 CVE-2021-44478 (A vulnerability has been identified in Polarion Subversion 
Webclient ( ...)
-       TODO: check
+       NOT-FOR-US: Siemens
 CVE-2021-4038 (Cross Site Scripting (XSS) vulnerability in McAfee Network 
Security Ma ...)
        NOT-FOR-US: McAfee
 CVE-2022-21240
@@ -20988,9 +20988,9 @@ CVE-2021-43972 (An unrestricted file copy vulnerability 
in /UserSelfServiceSetti
 CVE-2021-43971 (A SQL injection vulnerability in /mobile/SelectUsers.jsp in 
SysAid ITI ...)
        NOT-FOR-US: SysAid ITIL
 CVE-2021-43970 (An arbitrary file upload vulnerability exists in 
albumimages.jsp in Qu ...)
-       TODO: check
+       NOT-FOR-US: Digium
 CVE-2021-43969 (The login.jsp page of Quicklert for Digium 10.0.0 (1043) is 
affected b ...)
-       TODO: check
+       NOT-FOR-US: Digium
 CVE-2021-43968
        RESERVED
 CVE-2021-43967
@@ -29268,15 +29268,15 @@ CVE-2021-42022 (A vulnerability has been identified 
in SIMATIC eaSie PCS 7 Skill
 CVE-2021-42021 (A vulnerability has been identified in Siveillance Video DLNA 
Server ( ...)
        NOT-FOR-US: Siemens
 CVE-2021-42020 (A vulnerability has been identified in RUGGEDCOM ROS M2100 
(All versio ...)
-       TODO: check
+       NOT-FOR-US: Siemens
 CVE-2021-42019 (A vulnerability has been identified in RUGGEDCOM ROS M2100 
(All versio ...)
-       TODO: check
+       NOT-FOR-US: Siemens
 CVE-2021-42018 (A vulnerability has been identified in RUGGEDCOM ROS M2100 
(All versio ...)
-       TODO: check
+       NOT-FOR-US: Siemens
 CVE-2021-42017 (A vulnerability has been identified in RUGGEDCOM ROS M2100 
(All versio ...)
-       TODO: check
+       NOT-FOR-US: Siemens
 CVE-2021-42016 (A vulnerability has been identified in RUGGEDCOM ROS M2100 
(All versio ...)
-       TODO: check
+       NOT-FOR-US: Siemens
 CVE-2021-42015 (A vulnerability has been identified in Mendix Applications 
using Mendi ...)
        NOT-FOR-US: Siemens
 CVE-2021-42014
@@ -30450,11 +30450,11 @@ CVE-2021-41545
 CVE-2021-41544
        RESERVED
 CVE-2021-41543 (A vulnerability has been identified in Climatix POL909 (AWB 
module) (A ...)
-       TODO: check
+       NOT-FOR-US: Siemens
 CVE-2021-41542 (A vulnerability has been identified in Climatix POL909 (AWB 
module) (A ...)
-       TODO: check
+       NOT-FOR-US: Siemens
 CVE-2021-41541 (A vulnerability has been identified in Climatix POL909 (AWB 
module) (A ...)
-       TODO: check
+       NOT-FOR-US: Siemens
 CVE-2021-41540 (A vulnerability has been identified in Solid Edge SE2021 (All 
versions ...)
        NOT-FOR-US: Siemens
 CVE-2021-41539 (A vulnerability has been identified in Solid Edge SE2021 (All 
versions ...)
@@ -41311,9 +41311,9 @@ CVE-2021-37211 (The bulletin function of Flygo does not 
filter special character
 CVE-2021-37210
        RESERVED
 CVE-2021-37209 (A vulnerability has been identified in RUGGEDCOM ROS M2100 
(All versio ...)
-       TODO: check
+       NOT-FOR-US: Siemens
 CVE-2021-37208 (A vulnerability has been identified in RUGGEDCOM ROS M2100 
(All versio ...)
-       TODO: check
+       NOT-FOR-US: Siemens
 CVE-2021-37207 (A vulnerability has been identified in SENTRON powermanager V3 
(All ve ...)
        NOT-FOR-US: Siemens
 CVE-2021-37206 (A vulnerability has been identified in SIPROTEC 5 relays with 
CPU vari ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b4cbd4a9a7988fa469b5811232e821a9c68c7374

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b4cbd4a9a7988fa469b5811232e821a9c68c7374
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits