[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) Mon, 28 Mar 2022 01:24:04 -0700


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
fd9cae75 by Moritz Muehlenhoff at 2022-03-28T10:23:33+02:00
NFUs
libstb non-issue

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -394,7 +394,8 @@ CVE-2022-27939 (tcprewrite in Tcpreplay 4.4.1 has a 
reachable assertion in get_l
        NOTE: https://github.com/appneta/tcpreplay/issues/717
        NOTE: Crash in CLI tool, no security impact
 CVE-2022-27938 (stb_image.h (aka the stb image loader) 2.19, as used in 
libsixel and o ...)
-       TODO: check
+       - libstb <unfixed> (unimportant)
+       NOTE: Negligible security impact
 CVE-2022-27937
        RESERVED
 CVE-2022-27936
@@ -4692,17 +4693,17 @@ CVE-2022-26275
 CVE-2022-26274
        RESERVED
 CVE-2022-26273 (EyouCMS v1.5.4 was discovered to lack parameter filtering in 
\user\con ...)
-       TODO: check
+       NOT-FOR-US: EyouCMS
 CVE-2022-26272 (A remote code execution (RCE) vulnerability in Ionize v1.0.8.1 
allows  ...)
        NOT-FOR-US: Ionize CMS
 CVE-2022-26271 (74cmsSE v3.4.1 was discovered to contain an arbitrary file 
read vulner ...)
-       TODO: check
+       NOT-FOR-US: 74cmsSE
 CVE-2022-26270
        RESERVED
 CVE-2022-26269
        RESERVED
 CVE-2022-26268 (Xiaohuanxiong v1.0 was discovered to contain a SQL injection 
vulnerabi ...)
-       TODO: check
+       NOT-FOR-US: Xiaohuanxiong
 CVE-2022-26267 (Piwigo v12.2.0 was discovered to contain an information leak 
via the a ...)
        - piwigo <removed>
 CVE-2022-26266 (Piwigo v12.2.0 was discovered to contain a SQL injection 
vulnerability ...)
@@ -4720,15 +4721,15 @@ CVE-2022-26261
 CVE-2022-26260 (Simple-Plist v1.3.0 was discovered to contain a prototype 
pollution vu ...)
        NOT-FOR-US: Simple-Plist
 CVE-2022-26259 (A buffer over flow in Xiongmai DVR devices NBD80X16S-KL, 
NBD80X09S-KL, ...)
-       TODO: check
+       NOT-FOR-US: Xiongmai
 CVE-2022-26258 (D-Link DIR-820L 1.05B03 was discovered to contain a remote 
command exe ...)
-       TODO: check
+       NOT-FOR-US: D-Link
 CVE-2022-26257
        RESERVED
 CVE-2022-26256
        RESERVED
 CVE-2022-26255 (Clash for Windows v0.19.8 was discovered to allow arbitrary 
code execu ...)
-       TODO: check
+       NOT-FOR-US: Clash for Windows
 CVE-2022-26254 (WoWonder The Ultimate PHP Social Network Platform v4.0.0 was 
discovere ...)
        NOT-FOR-US: WoWonder
 CVE-2022-26253
@@ -6050,7 +6051,7 @@ CVE-2022-26874 (lib/Horde/Mime/Viewer/Ooo.php in Horde 
Mime_Viewer before 2.2.4
 CVE-2022-25762
        RESERVED
 CVE-2022-25757 (In Apache APISIX before 2.13.0, when decoding JSON with 
duplicate keys ...)
-       TODO: check
+       NOT-FOR-US: Apache APISIX
 CVE-2022-25756
        RESERVED
 CVE-2022-25755
@@ -8766,7 +8767,7 @@ CVE-2022-24771 (Forge (also called `node-forge`) is a 
native implementation of T
        NOTE: 
https://github.com/digitalbazaar/forge/security/advisories/GHSA-cfm4-qjh2-4765
        NOTE: 
https://github.com/digitalbazaar/forge/commit/3f0b49a0573ef1bb7af7f5673c0cfebf00424df1
 (v1.3.0)
 CVE-2022-24770 (`gradio` is an open source framework for building interactive 
machine  ...)
-       TODO: check
+       NOT-FOR-US: gradio
 CVE-2022-24769 (Moby is an open-source project created by Docker to enable and 
acceler ...)
        - containerd 1.6.2~ds1-1
        [bullseye] - containerd <no-dsa> (Minor issue)
@@ -12951,7 +12952,7 @@ CVE-2022-23612 (OpenMRS is a patient-based medical 
record system focusing on giv
 CVE-2022-23611 (iTunesRPC-Remastered is a Discord Rich Presence for iTunes on 
Windows  ...)
        NOT-FOR-US: iTunesRPC-Remastered
 CVE-2022-23610 (wire-server provides back end services for Wire, an open 
source messen ...)
-       TODO: check
+       NOT-FOR-US: wire-server
 CVE-2022-23609 (iTunesRPC-Remastered is a Discord Rich Presence for iTunes on 
Windows  ...)
        NOT-FOR-US: iTunesRPC-Remastered
 CVE-2022-23608 (PJSIP is a free and open source multimedia communication 
library writt ...)
@@ -19323,9 +19324,9 @@ CVE-2021-45492
 CVE-2021-4168 (showdoc is vulnerable to Cross-Site Request Forgery (CSRF) ...)
        NOT-FOR-US: ShowDoc
 CVE-2021-45491 (3CX System through 2022-03-17 stores cleartext passwords in a 
database ...)
-       TODO: check
+       NOT-FOR-US: 3CX
 CVE-2021-45490 (The client applications in 3CX on Windows, the 3CX app for 
iOS, and th ...)
-       TODO: check
+       NOT-FOR-US: 3CX
 CVE-2021-45489 (In NetBSD through 9.2, the IPv6 Flow Label generation 
algorithm employ ...)
        NOT-FOR-US: NetBSD
 CVE-2021-45488 (In NetBSD through 9.2, there is an information leak in the TCP 
ISN (IS ...)
@@ -22817,7 +22818,7 @@ CVE-2021-44619
 CVE-2021-44618 (A Server-side Template Injection (SSTI) vulnerability exists 
in Nystud ...)
        NOT-FOR-US: Nystudio107 Seomatic
 CVE-2021-44617 (A SQL Injection vulnerability exits in the Ramo plugin for 
GLPI 9.4.6  ...)
-       TODO: check
+       NOT-FOR-US: GLPI plugin
 CVE-2021-44616
        RESERVED
 CVE-2021-44615
@@ -24100,17 +24101,17 @@ CVE-2021-44215 (Northern.tech CFEngine Enterprise 
3.15.4 before 3.15.5 has Insec
 CVE-2021-44214
        RESERVED
 CVE-2021-44213 (OX App Suite through 7.10.5 allows XSS via uuencoding in a 
multipart/a ...)
-       TODO: check
+       NOT-FOR-US: OX App Suite
 CVE-2021-44212 (OX App Suite through 7.10.5 allows XSS via a trailing control 
characte ...)
-       TODO: check
+       NOT-FOR-US: OX App Suite
 CVE-2021-44211 (OX App Suite through 7.10.5 allows XSS via the class attribute 
of an e ...)
-       TODO: check
+       NOT-FOR-US: OX App Suite
 CVE-2021-44210 (OX App Suite through 7.10.5 allows XSS via NIFF (Notation 
Interchange  ...)
-       TODO: check
+       NOT-FOR-US: OX App Suite
 CVE-2021-44209 (OX App Suite through 7.10.5 allows XSS via an HTML 5 element 
such as A ...)
-       TODO: check
+       NOT-FOR-US: OX App Suite
 CVE-2021-44208 (OX App Suite through 7.10.5 allows XSS via an unknown system 
message i ...)
-       TODO: check
+       NOT-FOR-US: OX App Suite
 CVE-2021-44207 (Acclaim USAHERDS through 7.4.0.1 uses hard-coded credentials. 
...)
        NOT-FOR-US: Acclaim USAHERDS
 CVE-2021-4018 (snipe-it is vulnerable to Improper Neutralization of Input 
During Web  ...)
@@ -24351,7 +24352,7 @@ CVE-2021-44129
 CVE-2021-44128
        RESERVED
 CVE-2021-44127 (In DLink DAP-1360 F1 firmware version &lt;=v6.10 in the 
"webupg" binar ...)
-       TODO: check
+       NOT-FOR-US: D-Link
 CVE-2021-44126
        RESERVED
 CVE-2021-44125



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fd9cae7542d6bf73d38f7c96d643c702cf8fdf0d

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fd9cae7542d6bf73d38f7c96d643c702cf8fdf0d
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] NFUs

Reply via email to