[Git][security-tracker-team/security-tracker][master] Process NFUs

Salvatore Bonaccorso (@carnil) Sat, 19 Mar 2022 02:10:45 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
769461cc by Salvatore Bonaccorso at 2022-03-19T10:10:08+01:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -112,7 +112,7 @@ CVE-2022-27228
 CVE-2022-27227
        RESERVED
 CVE-2022-27226 (A CSRF issue in /api/crontab on iRZ Mobile Routers through 
2022-03-16  ...)
-       TODO: check
+       NOT-FOR-US: iRZ Mobile Routers
 CVE-2022-0999
        RESERVED
 CVE-2022-0998
@@ -2688,7 +2688,7 @@ CVE-2022-26267 (Piwigo v12.2.0 was discovered to contain 
an information leak via
 CVE-2022-26266 (Piwigo v12.2.0 was discovered to contain a SQL injection 
vulnerability ...)
        TODO: check
 CVE-2022-26265 (Contao Managed Edition v1.5.0 was discovered to contain a 
remote comma ...)
-       TODO: check
+       NOT-FOR-US: Contao Managed Edition
 CVE-2022-26264
        RESERVED
 CVE-2022-26263
@@ -4492,13 +4492,13 @@ CVE-2022-25583
 CVE-2022-25582
        RESERVED
 CVE-2022-25581 (Classcms v2.5 and below contains an arbitrary file upload via 
the comp ...)
-       TODO: check
+       NOT-FOR-US: Classcms
 CVE-2022-25580
        RESERVED
 CVE-2022-25579
        RESERVED
 CVE-2022-25578 (taocms v3.0.2 allows attackers to execute code injection via 
arbitrari ...)
-       TODO: check
+       NOT-FOR-US: taocms
 CVE-2022-25577
        RESERVED
 CVE-2022-25576
@@ -4886,9 +4886,9 @@ CVE-2022-25392
 CVE-2022-25391
        RESERVED
 CVE-2022-25390 (DCN Firewall DCME-520 was discovered to contain a remote 
command execu ...)
-       TODO: check
+       NOT-FOR-US: DCN Firewall
 CVE-2022-25389 (DCN Firewall DCME-520 was discovered to contain an arbitrary 
file down ...)
-       TODO: check
+       NOT-FOR-US: DCN Firewall
 CVE-2022-25388
        RESERVED
 CVE-2022-25387
@@ -16413,9 +16413,9 @@ CVE-2021-45837
 CVE-2021-45836
        RESERVED
 CVE-2021-45835 (The Online Admission System 1.0 allows an unauthenticated 
attacker to  ...)
-       TODO: check
+       NOT-FOR-US: Online Admission System
 CVE-2021-45834 (An attacker can upload or transfer files of dangerous types to 
the Ope ...)
-       TODO: check
+       NOT-FOR-US: OpenDocMan
 CVE-2021-45833 (A Stack-based Buffer Overflow Vulnerability exists in HDF5 
1.13.1-1 vi ...)
        - hdf5 <undetermined>
        NOTE: https://github.com/HDFGroup/hdf5/issues/1313
@@ -20083,7 +20083,7 @@ CVE-2021-4097 (phpservermon is vulnerable to Improper 
Neutralization of CRLF Seq
 CVE-2021-4096
        RESERVED
 CVE-2022-21822 (NVIDIA FLARE contains a vulnerability in the admin interface, 
where an ...)
-       TODO: check
+       NOT-FOR-US: NVIDIA
 CVE-2022-21821
        RESERVED
 CVE-2022-21820
@@ -21732,7 +21732,7 @@ CVE-2021-4032 (A vulnerability was found in the Linux 
kernel's KVM subsystem in
        - linux <not-affected> (Vulnerable code introduced in 5.15-rc1; fixed 
in 5.15-rc7)
        NOTE: 
https://git.kernel.org/linus/f7d8a19f9a056a05c5c509fa65af472a322abfee (5.15-rc7)
 CVE-2021-4031 (Syltek application before its 10.22.00 version, does not 
correctly che ...)
-       TODO: check
+       NOT-FOR-US: Syltek
 CVE-2021-4030 (A cross-site request forgery vulnerability in the HTTP daemon 
of the Z ...)
        NOT-FOR-US: Zyxel
 CVE-2021-4029 (A command injection vulnerability in the CGI program of the 
Zyxel ARMO ...)
@@ -22304,9 +22304,9 @@ CVE-2021-44090 (An SQL Injection vulnerability exists 
in Sourcecodester Online R
 CVE-2021-44089
        RESERVED
 CVE-2021-44088 (An SQL Injection vulnerability exists in Sourcecodester 
Attendance and ...)
-       TODO: check
+       NOT-FOR-US: Sourcecodester
 CVE-2021-44087 (A Remote Code Execution (RCE) vulnerability exists in 
Sourcecodester A ...)
-       TODO: check
+       NOT-FOR-US: Sourcecodester
 CVE-2021-44086
        RESERVED
 CVE-2021-44085
@@ -22708,7 +22708,7 @@ CVE-2021-43963 (An issue was discovered in Couchbase 
Sync Gateway 2.7.0 through
 CVE-2021-43962
        RESERVED
 CVE-2021-43961 (Sonatype Nexus Repository Manager 3.36.0 allows HTML 
Injection. ...)
-       TODO: check
+       NOT-FOR-US: Sonatype
 CVE-2021-43960 (** DISPUTED ** Lorensbergs Connect2 3.13.7647.20190 is 
affected by an  ...)
        NOT-FOR-US: Lorensbergs Connect2
 CVE-2021-3974 (vim is vulnerable to Use After Free ...)
@@ -76627,7 +76627,7 @@ CVE-2021-23773
 CVE-2021-23772 (This affects all versions of package github.com/kataras/iris; 
all vers ...)
        NOT-FOR-US: iris Go web framework
 CVE-2021-23771 (This affects all versions of package notevil; all versions of 
package  ...)
-       TODO: check
+       NOT-FOR-US: notevil nodejs module
 CVE-2021-23770
        RESERVED
 CVE-2021-23769
@@ -79426,7 +79426,7 @@ CVE-2021-22573
 CVE-2021-22572
        RESERVED
 CVE-2021-22571 (A local attacker could read files from some other users' SA360 
reports ...)
-       TODO: check
+       NOT-FOR-US: SA360 reports
 CVE-2021-22570 (Nullptr dereference when a null char is present in a proto 
symbol. The ...)
        [experimental] - protobuf 3.17.1-1
        - protobuf <unfixed>
@@ -104890,7 +104890,7 @@ CVE-2020-25199 (A heap-based buffer overflow 
vulnerability exists within the WEC
 CVE-2020-25198 (The built-in WEB server for MOXA NPort IAW5000A-I/O firmware 
version 2 ...)
        NOT-FOR-US: MOXA NPort IAW5000A-I/O firmware
 CVE-2020-25197 (A code injection vulnerability exists in one of the webpages 
in GE Rea ...)
-       TODO: check
+       NOT-FOR-US: GE Reason
 CVE-2020-25196 (The built-in WEB server for MOXA NPort IAW5000A-I/O firmware 
version 2 ...)
        NOT-FOR-US: MOXA NPort IAW5000A-I/O firmware
 CVE-2020-25195 (The length of the input fields of Host Engineering H0-ECOM100, 
H2-ECOM ...)
@@ -104898,7 +104898,7 @@ CVE-2020-25195 (The length of the input fields of 
Host Engineering H0-ECOM100, H
 CVE-2020-25194 (The built-in WEB server for MOXA NPort IAW5000A-I/O firmware 
version 2 ...)
        NOT-FOR-US: MOXA NPort IAW5000A-I/O firmware
 CVE-2020-25193 (By having access to the hard-coded cryptographic key for GE 
Reason RT4 ...)
-       TODO: check
+       NOT-FOR-US: GE Reason
 CVE-2020-25192 (The built-in WEB server for MOXA NPort IAW5000A-I/O firmware 
version 2 ...)
        NOT-FOR-US: MOXA NPort IAW5000A-I/O firmware
 CVE-2020-25191 (Incorrect permissions are set by default for an API 
entry-point of a s ...)
@@ -104916,23 +104916,23 @@ CVE-2020-25186 (An XXE vulnerability exists within 
LeviStudioU Release Build 201
 CVE-2020-25185 (The affected product is vulnerable to five post-authentication 
buffer  ...)
        NOT-FOR-US: Paradox IP150
 CVE-2020-25184 (Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x 
stores the pa ...)
-       TODO: check
+       NOT-FOR-US: Rockwell Automation
 CVE-2020-25183 (Medtronic MyCareLink Smart 25000 all versions contain an 
authenticatio ...)
        NOT-FOR-US: Medtronic MyCareLink Smart 25000
 CVE-2020-25182 (Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x 
searches for  ...)
-       TODO: check
+       NOT-FOR-US: Rockwell Automation
 CVE-2020-25181 (WECON PLC Editor Versions 1.3.8 and prior has a heap-based 
buffer over ...)
        NOT-FOR-US: WECON PLC Editor
 CVE-2020-25180 (Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x 
includes the  ...)
-       TODO: check
+       NOT-FOR-US: Rockwell Automation
 CVE-2020-25179 (GE Healthcare Imaging and Ultrasound Products may allow 
specific crede ...)
        NOT-FOR-US: GE Healthcare Imaging and Ultrasound Products
 CVE-2020-25178 (ISaGRAF Workbench communicates with Rockwell Automation 
ISaGRAF Runtim ...)
-       TODO: check
+       NOT-FOR-US: Rockwell Automation
 CVE-2020-25177 (WECON PLC Editor Versions 1.3.8 and prior has a stack-based 
buffer ove ...)
        NOT-FOR-US: WECON PLC Editor
 CVE-2020-25176 (Some commands used by the Rockwell Automation ISaGRAF Runtime 
Versions ...)
-       TODO: check
+       NOT-FOR-US: Rockwell Automation
 CVE-2020-25175 (GE Healthcare Imaging and Ultrasound Products may allow 
specific crede ...)
        NOT-FOR-US: GE Healthcare Imaging and Ultrasound Products
 CVE-2020-25174 (A DLL hijacking vulnerability in the B. Braun OnlineSuite 
Version AP 3 ...)
@@ -124153,7 +124153,7 @@ CVE-2020-16234 (In PLC WinProladder Version 3.28 and 
prior, a stack-based buffer
 CVE-2020-16233 (An attacker could send a specially crafted packet that could 
have Code ...)
        NOT-FOR-US: CodeMeter
 CVE-2020-16232 (In Yokogawa WideField3 R1.01 - R4.03, a buffer overflow could 
be cause ...)
-       TODO: check
+       NOT-FOR-US: Yokogawa WideField3
 CVE-2020-16231
        RESERVED
 CVE-2020-16230 (All version of Ewon Flexy and Cosy prior to 14.1 use wildcards 
such as ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/769461cc407160817a12d619002f8784f9691796

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/769461cc407160817a12d619002f8784f9691796
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process NFUs

Reply via email to