[Git][security-tracker-team/security-tracker][master] Process some NFUs

Mon, 25 Apr 2022 05:06:31 -0700 


Neil Williams pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
6d8c0c39 by Neil Williams at 2022-04-25T13:05:59+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -18692,7 +18692,7 @@ CVE-2022-0274 (Cross-site Scripting (XSS) - Stored in 
NuGet OrchardCore.Applicat
 CVE-2022-0273 (Improper Access Control in Pypi calibreweb prior to 0.6.16. ...)
        NOT-FOR-US: calibre-web
 CVE-2022-0272 (Improper Restriction of XML External Entity Reference in GitHub 
reposi ...)
-       TODO: check
+       NOT-FOR-US: detekt for Kotlin
 CVE-2022-0271 (The LearnPress WordPress plugin before 4.1.6 does not sanitise 
and esc ...)
        NOT-FOR-US: WordPress plugin
 CVE-2022-0270 (Prior to v0.6.1, bored-agent failed to sanitize incoming 
kubernetes im ...)
@@ -20092,7 +20092,7 @@ CVE-2022-22971
 CVE-2022-22970
        RESERVED
 CVE-2022-22969 (<Issue Description> Spring Security OAuth versions 2.5.x 
prior t ...)
-       TODO: check
+       NOT-FOR-US: spring-security-oauth
 CVE-2022-22968 (In Spring Framework versions 5.3.0 - 5.3.18, 5.2.0 - 5.2.20, 
and older ...)
        - libspring-java <unfixed>
        [bullseye] - libspring-java <no-dsa> (Minor issue)
@@ -32471,7 +32471,7 @@ CVE-2021-43483 (An Access Control vulnerability exists 
in CLARO KAON CG3000 1.00
 CVE-2021-43482
        RESERVED
 CVE-2021-43481 (An SQL Injection vulnerability exists in Webtareas 2.4p3 and 
earlier v ...)
-       TODO: check
+       NOT-FOR-US: webTareas
 CVE-2021-43480
        RESERVED
 CVE-2021-43479 (A Remote Code Execution (RCE) vulnerability exists in 
The-Secretary 2. ...)
@@ -41658,7 +41658,7 @@ CVE-2021-3777 (nodejs-tmpl is vulnerable to Inefficient 
Regular Expression Compl
 CVE-2021-40681
        RESERVED
 CVE-2021-40680 (There is a Directory Traversal vulnerability in Artica Proxy 
(4.30.000 ...)
-       TODO: check
+       NOT-FOR-US: ArticaTech
 CVE-2021-40679
        RESERVED
 CVE-2021-40678
@@ -49147,7 +49147,7 @@ CVE-2021-37742 
(app/View/Elements/GalaxyClusters/view_relation_tree.ctp in MISP
 CVE-2021-37741 (ManageEngine ADManager Plus before 7111 has Pre-authentication 
RCE vul ...)
        NOT-FOR-US: ManageEngine
 CVE-2021-37740 (A denial of service vulnerability exists in MDT's firmware for 
the KNX ...)
-       TODO: check
+       NOT-FOR-US: MDT SCN-IP100.03
 CVE-2021-37739 (A remote arbitrary command execution vulnerability was 
discovered in A ...)
        NOT-FOR-US: Aruba
 CVE-2021-37738 (A remote disclosure of sensitive information vulnerability was 
discove ...)
@@ -55138,7 +55138,7 @@ CVE-2021-35231 (As a result of an unquoted service path 
vulnerability present in
 CVE-2021-35230 (As a result of an unquoted service path vulnerability present 
in the K ...)
        NOT-FOR-US: Kiwi CatTools Installation Wizard
 CVE-2021-35229 (Cross-site scripting vulnerability is present in Database 
Performance  ...)
-       TODO: check
+       NOT-FOR-US: SolarWinds
 CVE-2021-35228 (This vulnerability occurred due to missing input sanitization 
for one  ...)
        NOT-FOR-US: Solarwinds
 CVE-2021-35227 (The HTTP interface was enabled for RabbitMQ Plugin in ARM 
2020.2.6 and ...)
@@ -60624,7 +60624,7 @@ CVE-2021-32929 (All versions of Uffizio GPS Tracker may 
allow an attacker to per
 CVE-2021-32928 (The Sentinel LDK Run-Time Environment installer (Versions 7.6 
and prio ...)
        NOT-FOR-US: Sentinel LDK Run-Time Environment installer
 CVE-2021-32927 (An attacker may be able to inject client-side JavaScript code 
on multi ...)
-       TODO: check
+       NOT-FOR-US: Uffizio GPS Tracker
 CVE-2021-32926 (When an authenticated password change request takes place, 
this vulner ...)
        NOT-FOR-US: Rockwell Automation
 CVE-2021-3551 (A flaw was found in the PKI-server, where the spkispawn 
command, when  ...)
@@ -85616,7 +85616,7 @@ CVE-2021-23057
 CVE-2021-23056
        RESERVED
 CVE-2021-23055 (On version 2.x before 2.0.3 and 1.x before 1.12.3, the command 
line re ...)
-       TODO: check
+       NOT-FOR-US: Kubernetes ingress-nginx component
 CVE-2021-23054 (On version 16.x before 16.1.0, 15.1.x before 15.1.4, 14.1.x 
before 14. ...)
        NOT-FOR-US: F5 BIG-IP
 CVE-2021-23053 (On version 15.1.x before 15.1.3, 14.1.x before 14.1.3.1, and 
13.1.x be ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6d8c0c39c12369c549fa2eb33eb7584a0749aeb3

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6d8c0c39c12369c549fa2eb33eb7584a0749aeb3
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to