[Git][security-tracker-team/security-tracker][master] Process some NFUs

Wed, 20 Apr 2022 06:18:59 -0700 


Neil Williams pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
0dd1759c by Neil Williams at 2022-04-20T14:18:01+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -11559,7 +11559,7 @@ CVE-2022-0646 (A flaw use after free in the Linux 
kernel Management Component Tr
        - linux <not-affected> (Vulnerable code introduced later)
        NOTE: 
https://lore.kernel.org/all/[email protected]/T/
 CVE-2022-0645 (Open redirect vulnerability via endpoint 
authorize_and_redirect/?redir ...)
-       TODO: check
+       NOT-FOR-US: posthog
 CVE-2022-0644 [vfs: check fd has read access in kernel_read_file_from_fd()]
        RESERVED
        {DSA-5096-1 DLA-2941-1}
@@ -21704,7 +21704,7 @@ CVE-2021-46124
 CVE-2021-46123
        RESERVED
 CVE-2021-46122 (Tp-Link TL-WR840N (EU) v6.20 Firmware (0.9.1 4.17 v0001.0 
Build 201124 ...)
-       TODO: check
+       NOT-FOR-US: Tp-Link TL-WR840N
 CVE-2021-46121
        RESERVED
 CVE-2021-46120
@@ -24984,9 +24984,9 @@ CVE-2021-45230 (In Apache Airflow prior to 2.2.0. This 
CVE applies to a specific
 CVE-2021-45229 (It was discovered that the "Trigger DAG with config" screen 
was suscep ...)
        - airflow <itp> (bug #819700)
 CVE-2021-45228 (An XSS issue was discovered in COINS Construction Cloud 11.12. 
Due to  ...)
-       TODO: check
+       NOT-FOR-US: COINS Construction Cloud
 CVE-2021-45227 (An issue was discovered in COINS Construction Cloud 11.12. Due 
to an i ...)
-       TODO: check
+       NOT-FOR-US: COINS Construction Cloud
 CVE-2021-45226 (An issue was discovered in COINS Construction Cloud 11.12. Due 
to impr ...)
        NOT-FOR-US: COINS Construction Cloud
 CVE-2021-45225 (An issue was discovered in COINS Construction Cloud 11.12. Due 
to impr ...)
@@ -31177,7 +31177,7 @@ CVE-2021-43635 (A Cross Site Scripting (XSS) 
vulnerability exists in Codex befor
 CVE-2021-43634
        RESERVED
 CVE-2021-43633 (Sourcecodester Messaging Web Application 1.0 is vulnerable to 
stored X ...)
-       TODO: check
+       NOT-FOR-US: Sourcecodester Messaging Web
 CVE-2021-43632
        RESERVED
 CVE-2021-43631 (Projectworlds Hospital Management System v1.0 is vulnerable to 
SQL inj ...)
@@ -32238,15 +32238,15 @@ CVE-2021-43292
 CVE-2021-43291
        RESERVED
 CVE-2021-43290 (An issue was discovered in ThoughtWorks GoCD before 21.3.0. An 
attacke ...)
-       TODO: check
+       NOT-FOR-US: ThoughtWorks GoCD
 CVE-2021-43289 (An issue was discovered in ThoughtWorks GoCD before 21.3.0. An 
attacke ...)
-       TODO: check
+       NOT-FOR-US: ThoughtWorks GoCD
 CVE-2021-43288 (An issue was discovered in ThoughtWorks GoCD before 21.3.0. An 
attacke ...)
-       TODO: check
+       NOT-FOR-US: ThoughtWorks GoCD
 CVE-2021-43287 (An issue was discovered in ThoughtWorks GoCD before 21.3.0. 
The busine ...)
-       TODO: check
+       NOT-FOR-US: ThoughtWorks GoCD
 CVE-2021-43286 (An issue was discovered in ThoughtWorks GoCD before 21.3.0. An 
attacke ...)
-       TODO: check
+       NOT-FOR-US: ThoughtWorks GoCD
 CVE-2021-43285
        RESERVED
 CVE-2021-43284 (An issue was discovered on Victure WR1200 devices through 
1.0.3. The r ...)
@@ -32302,7 +32302,7 @@ CVE-2021-43259
 CVE-2021-43258
        RESERVED
 CVE-2021-43257 (Lack of Neutralization of Formula Elements in the CSV API of 
MantisBT  ...)
-       TODO: check
+       - mantis <removed>
 CVE-2021-3923
        RESERVED
 CVE-2021-3922
@@ -33558,7 +33558,9 @@ CVE-2021-43156 (In ProjectWorlds Online Book Store PHP 
1.0 a CSRF vulnerability
 CVE-2021-43155 (Projectsworlds Online Book Store PHP v1.0 is vulnerable to SQL 
injecti ...)
        NOT-FOR-US: ProjectWorlds Online Book Store PHP
 CVE-2021-43154 (Cross Site Scripting (XSS) vulnerability exists in CMS Made 
Simple 2.2 ...)
-       TODO: check
+       NOT-FOR-US: CMS Made Simple
+       NOTE: CVE ref is a 404
+       NOTE: https://vuldb.com/?id.197294
 CVE-2021-43153
        RESERVED
 CVE-2021-43152
@@ -33611,7 +33613,7 @@ CVE-2021-43131
 CVE-2021-43130 (An SQL Injection vulnerability exists in Sourcecodester 
Customer Relat ...)
        NOT-FOR-US: Sourcecodester
 CVE-2021-43129 (An Access Control vulnerability exists in Desire2Learn/D2L 
Learning Ma ...)
-       TODO: check
+       NOT-FOR-US: D2L Brightspace LMS
 CVE-2021-43128
        RESERVED
 CVE-2021-43127



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0dd1759cc6b96f62c2bf70062b30f1c3384b444b

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0dd1759cc6b96f62c2bf70062b30f1c3384b444b
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to