[Git][security-tracker-team/security-tracker][master] Process some NFUs

Neil Williams (@codehelp) Thu, 14 Apr 2022 02:41:33 -0700


Neil Williams pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
981d38b0 by Neil Williams at 2022-04-14T10:41:08+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1443,7 +1443,7 @@ CVE-2022-1265
 CVE-2022-1264
        RESERVED
 CVE-2022-1262 (A command injection vulnerability in the protest binary allows 
an atta ...)
-       TODO: check
+       NOT-FOR-US: D-Link Routers
 CVE-2022-1261
        RESERVED
 CVE-2022-1260
@@ -2887,7 +2887,7 @@ CVE-2022-1163 (Cross-site Scripting (XSS) - Stored in 
GitHub repository mineweb/
 CVE-2022-1162 (A hardcoded password was set for accounts registered using an 
OmniAuth ...)
        - gitlab <unfixed>
 CVE-2022-1161 (An attacker with the ability to modify a user program may 
change user  ...)
-       TODO: check
+       NOT-FOR-US: Rockwell Automation
 CVE-2022-1160 (heap buffer overflow in get_one_sourceline in GitHub repository 
vim/vi ...)
        - vim <not-affected> (Vulnerable code introduced later)
        NOTE: https://huntr.dev/bounties/a6f3222d-2472-439d-8881-111138a5694c/
@@ -3848,7 +3848,7 @@ CVE-2022-1069
 CVE-2022-1068 (Modbus Tools Modbus Slave (versions 7.4.2 and prior) is 
vulnerable to  ...)
        NOT-FOR-US: Modbus Tools Modbus Slave
 CVE-2022-1067 (Navigating to a specific URL with a patient ID number will 
result in t ...)
-       TODO: check
+       NOT-FOR-US: LifePoint Informatics Patient Portal
 CVE-2022-27863
        RESERVED
 CVE-2022-27862
@@ -4398,7 +4398,7 @@ CVE-2022-1047
 CVE-2022-1046
        RESERVED
 CVE-2022-1045 (Stored XSS viva .svg file upload in GitHub repository 
polonel/trudesk  ...)
-       TODO: check
+       NOT-FOR-US: Trudesk
 CVE-2022-1044
        RESERVED
 CVE-2022-1043 [Linux Kernel io_uring Use-After-Free Privilege Escalation 
Vulnerability]
@@ -5352,7 +5352,7 @@ CVE-2022-27227 (In PowerDNS Authoritative Server before 
4.4.3, 4.5.x before 4.5.
 CVE-2022-27226 (A CSRF issue in /api/crontab on iRZ Mobile Routers through 
2022-03-16  ...)
        NOT-FOR-US: iRZ Mobile Routers
 CVE-2022-0999 (An authenticated user may be able to misuse parameters to 
inject arbit ...)
-       TODO: check
+       NOT-FOR-US: mySCADA myPRO
 CVE-2022-0998 (An integer overflow flaw was found in the Linux kernel&#8217;s 
virtio  ...)
        - linux 5.15.15-1 (unimportant)
        [bullseye] - linux 5.10.92-1
@@ -6182,7 +6182,7 @@ CVE-2022-26948 (The Archer RSS feed integration for 
Archer 6.x through 6.9 SP1 (
 CVE-2022-26947 (Archer 6.x through 6.9 SP3 (6.9.3.0) contains a reflected XSS 
vulnerab ...)
        NOT-FOR-US: Archer
 CVE-2022-0936 (Cross-site Scripting (XSS) - Stored in GitHub repository 
autolab/autol ...)
-       TODO: check
+       NOT-FOR-US: Autolab
 CVE-2022-26946
        RESERVED
 CVE-2022-26945
@@ -6422,9 +6422,9 @@ CVE-2022-0922 (The software does not perform any 
authentication for critical sys
 CVE-2022-0921 (Abusing Backup/Restore feature to achieve Remote Code Execution 
in Git ...)
        NOT-FOR-US: microweber
 CVE-2022-0920 (The Salon booking system Free and Pro WordPress plugins before 
7.6.3 d ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-0919 (The Salon booking system Free and pro WordPress plugins before 
7.6.3 d ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-0918 (A vulnerability was discovered in the 389 Directory Server that 
allows ...)
        - 389-ds-base <undetermined>
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2055815
@@ -6434,7 +6434,7 @@ CVE-2022-0917
 CVE-2022-0916
        RESERVED
 CVE-2022-0915 (There is a Time-of-check Time-of-use (TOCTOU) Race Condition 
Vulnerabi ...)
-       TODO: check
+       NOT-FOR-US: Logitech Sync for Windows
 CVE-2022-0914 (The Export All URLs WordPress plugin before 4.3 does not have 
CSRF in  ...)
        NOT-FOR-US: WordPress plugin
 CVE-2022-0913 (Integer Overflow or Wraparound in GitHub repository 
microweber/microwe ...)
@@ -7195,7 +7195,7 @@ CVE-2022-25960
 CVE-2022-0879
        RESERVED
 CVE-2022-0878 (Electric Vehicle (EV) commonly utilises the Combined Charging 
System ( ...)
-       TODO: check
+       NOT-FOR-US: Combined Charging System
 CVE-2022-0877 (Cross-site Scripting (XSS) - Stored in GitHub repository 
bookstackapp/ ...)
        NOT-FOR-US: bookstack
 CVE-2022-0876
@@ -7751,7 +7751,7 @@ CVE-2022-26353 (A flaw was found in the virtio-net device 
of QEMU. This flaw was
        NOTE: Introduced by: 
https://gitlab.com/qemu-project/qemu/-/commit/bedd7e93d01961fcb16a97ae45d93acf357e11f6
 (v6.2.0-rc0)
        NOTE: Introduced by the original fix for CVE-2021-3748.
 CVE-2022-0835 (AVEVA System Platform 2020 stores sensitive information in 
cleartext,  ...)
-       TODO: check
+       NOT-FOR-US: AVEVA
 CVE-2022-0834 (The Amelia WordPress plugin is vulnerable to Cross-Site 
Scripting due  ...)
        NOT-FOR-US: WordPress plugin
 CVE-2022-0833 (The Church Admin WordPress plugin before 3.4.135 does not have 
authori ...)
@@ -11102,7 +11102,7 @@ CVE-2022-0603 (Use after free in File Manager in Google 
Chrome on Chrome OS prio
        [stretch] - chromium <end-of-life> (see DSA 4562)
        NOTE: 
https://chromereleases.googleblog.com/2022/02/stable-channel-update-for-desktop_14.html
 CVE-2022-0602 (Cross-site Scripting (XSS) - DOM in GitHub repository 
tastyigniter/tas ...)
-       TODO: check
+       NOT-FOR-US: TastyIgniter
 CVE-2022-0601 (The Countdown, Coming Soon, Maintenance WordPress plugin before 
2.2.9  ...)
        NOT-FOR-US: WordPress plugin
 CVE-2022-0600 (The Conference Scheduler WordPress plugin before 2.4.3 does not 
saniti ...)
@@ -12337,7 +12337,7 @@ CVE-2022-24701
 CVE-2022-24700
        RESERVED
 CVE-2022-0556 (A local privilege escalation vulnerability caused by incorrect 
permiss ...)
-       TODO: check
+       NOT-FOR-US: Zyxel
 CVE-2022-0555
        RESERVED
 CVE-2022-0554 (Use of Out-of-range Pointer Offset in GitHub repository vim/vim 
prior  ...)
@@ -21664,7 +21664,7 @@ CVE-2022-0025
 CVE-2022-0024
        RESERVED
 CVE-2022-0023 (An improper handling of exceptional conditions vulnerability 
exists in ...)
-       TODO: check
+       NOT-FOR-US: Palo Alto Networks
 CVE-2022-0022 (Usage of a weak cryptographic algorithm in Palo Alto Networks 
PAN-OS s ...)
        NOT-FOR-US: Palo Alto Networks
 CVE-2022-0021 (An information exposure through log file vulnerability exists 
in the P ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/981d38b0fc0ddbddd1cc4e4af678d9c9a54e85ca

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/981d38b0fc0ddbddd1cc4e4af678d9c9a54e85ca
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process some NFUs

Reply via email to