[Git][security-tracker-team/security-tracker][master] Process more NFUs

Salvatore Bonaccorso (@carnil) Mon, 04 Apr 2022 00:27:21 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
01de54e6 by Salvatore Bonaccorso at 2022-04-04T09:26:46+02:00
Process more NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -9716,7 +9716,7 @@ CVE-2022-24800
 CVE-2022-24799
        RESERVED
 CVE-2022-24798 (Internet Routing Registry daemon version 4 is an IRR database 
server,  ...)
-       TODO: check
+       NOT-FOR-US: Internet Routing Registry daemon (iird)
 CVE-2022-24797 (Pomerium is an identity-aware access proxy. In distributed 
service mod ...)
        TODO: check
 CVE-2022-24796 (RaspberryMatic is a free and open-source operating system for 
running  ...)
@@ -9730,7 +9730,7 @@ CVE-2022-24793
 CVE-2022-24792
        RESERVED
 CVE-2022-24791 (Wasmtime is a standalone JIT-style runtime for WebAssembly, 
using Cran ...)
-       TODO: check
+       NOT-FOR-US: wasmtime
 CVE-2022-24790 (Puma is a simple, fast, multi-threaded, parallel HTTP 1.1 
server for R ...)
        - puma <unfixed> (bug #1008723)
        NOTE: 
https://github.com/puma/puma/security/advisories/GHSA-h99w-9q5r-gjq9
@@ -11936,7 +11936,7 @@ CVE-2022-24112 (An attacker can abuse the 
batch-requests plugin to send requests
 CVE-2022-0406 (Improper Authorization in GitHub repository 
janeczku/calibre-web prior ...)
        TODO: check
 CVE-2022-0405 (Improper Access Control in GitHub repository 
janeczku/calibre-web prio ...)
-       TODO: check
+       NOT-FOR-US: calibre-web
 CVE-2022-0404
        RESERVED
 CVE-2022-0403
@@ -17747,7 +17747,7 @@ CVE-2022-22572
 CVE-2022-22571
        RESERVED
 CVE-2022-22570 (A buffer overflow vulnerability found in the UniFi Door Access 
Reader  ...)
-       TODO: check
+       NOT-FOR-US: UniFi Door Access Reader Lite
 CVE-2022-22569
        RESERVED
 CVE-2022-22568
@@ -17975,7 +17975,7 @@ CVE-2022-0090 (An issue has been discovered affecting 
GitLab versions prior to 1
 CVE-2022-0089
        RESERVED
 CVE-2022-0088 (Cross-Site Request Forgery (CSRF) in GitHub repository 
yourls/yourls p ...)
-       TODO: check
+       NOT-FOR-US: yourls
 CVE-2021-46140
        RESERVED
 CVE-2021-46139
@@ -56321,19 +56321,19 @@ CVE-2021-33026 (The Flask-Caching extension through 
1.10.1 for Flask relies on P
 CVE-2021-33025
        RESERVED
 CVE-2021-33024 (Philips Vue PACS versions 12.2.x.x and prior transmits or 
stores authe ...)
-       TODO: check
+       NOT-FOR-US: Philips Vue PACS
 CVE-2021-33023 (Advantech WebAccess versions 9.02 and prior are vulnerable to 
a heap-b ...)
        NOT-FOR-US: Advantech WebAccess
 CVE-2021-33022 (Philips Vue PACS versions 12.2.x.x and prior transmits 
sensitive or se ...)
-       TODO: check
+       NOT-FOR-US: Philips Vue PACS
 CVE-2021-33021
        RESERVED
 CVE-2021-33020 (Philips Vue PACS versions 12.2.x.x and prior uses a 
cryptographic key  ...)
-       TODO: check
+       NOT-FOR-US: Philips Vue PACS
 CVE-2021-33019 (A stack-based buffer overflow vulnerability in Delta 
Electronics DOPSo ...)
        NOT-FOR-US: Delta Electronics
 CVE-2021-33018 (The use of a broken or risky cryptographic algorithm in 
Philips Vue PA ...)
-       TODO: check
+       NOT-FOR-US: Philips Vue PACS
 CVE-2021-33017 (The standard access path of the IntelliBridge EC 40 and 60 Hub 
(C.00.0 ...)
        NOT-FOR-US: Philips
 CVE-2021-33016
@@ -56417,11 +56417,11 @@ CVE-2021-32978
 CVE-2021-32977
        RESERVED
 CVE-2021-32976 (Five buffer overflows in the built-in web server in Moxa NPort 
IAW5000 ...)
-       TODO: check
+       NOT-FOR-US: Moxa
 CVE-2021-32975 (Cscape (All Versions prior to 9.90 SP5) lacks proper 
validation of use ...)
        NOT-FOR-US: Cscape
 CVE-2021-32974 (Improper input validation in the built-in web server in Moxa 
NPort IAW ...)
-       TODO: check
+       NOT-FOR-US: Moxa
 CVE-2021-32973
        RESERVED
 CVE-2021-32972 (Panasonic FPWIN Pro, all Versions 7.5.1.1 and prior, allows an 
attacke ...)
@@ -56429,11 +56429,11 @@ CVE-2021-32972 (Panasonic FPWIN Pro, all Versions 
7.5.1.1 and prior, allows an a
 CVE-2021-32971 (Null pointer dereference in SuiteLink server while processing 
command  ...)
        NOT-FOR-US: Suitelink
 CVE-2021-32970 (Data can be copied without validation in the built-in web 
server in Mo ...)
-       TODO: check
+       NOT-FOR-US: Moxa
 CVE-2021-32969
        RESERVED
 CVE-2021-32968 (Two buffer overflows in the built-in web server in Moxa NPort 
IAW5000A ...)
-       TODO: check
+       NOT-FOR-US: Moxa
 CVE-2021-32967 (Delta Electronics DIAEnergie Version 1.7.5 and prior may allow 
an atta ...)
        NOT-FOR-US: Delta Electronics
 CVE-2021-32966



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/01de54e626c3087fc4f37704672780a60649f295

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/01de54e626c3087fc4f37704672780a60649f295
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process more NFUs

Reply via email to