[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) Thu, 05 May 2022 23:38:25 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
b63ca6a7 by Salvatore Bonaccorso at 2022-05-06T08:37:46+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -4942,7 +4942,7 @@ CVE-2022-28490
 CVE-2022-28489
        RESERVED
 CVE-2022-28488 (The function wav_format_write in libwav.c in libwav through 
2017-04-20 ...)
-       TODO: check
+       NOT-FOR-US: libwav
 CVE-2022-28487 (Tcpreplay version 4.4.1 contains a memory leakage flaw in 
fix_ipv6_che ...)
        - tcpreplay <unfixed> (unimportant)
        NOTE: https://github.com/appneta/tcpreplay/issues/723
@@ -4979,7 +4979,7 @@ CVE-2022-28473
 CVE-2022-28472
        RESERVED
 CVE-2022-28471 (In ffjpeg (commit hash: caade60), the function bmp_load() in 
bmp.c con ...)
-       TODO: check
+       NOT-FOR-US: ffjpeg
 CVE-2022-28470
        RESERVED
 CVE-2022-28469
@@ -7837,7 +7837,7 @@ CVE-2022-27463 (Open redirect vulnerability in 
objects/login.json.php in WWBN AV
 CVE-2022-27462 (Cross Site Scripting (XSS) vulnerability in 
objects/function.php in fu ...)
        NOT-FOR-US: WWBN AVideo
 CVE-2022-27461 (In nopCommerce 4.50.1, an open redirect vulnerability can be 
triggered ...)
-       TODO: check
+       NOT-FOR-US: nopCommerce
 CVE-2022-27460
        RESERVED
 CVE-2022-27459
@@ -8001,7 +8001,7 @@ CVE-2022-27413 (Hospital Management System v1.0 was 
discovered to contain a SQL
 CVE-2022-27412
        RESERVED
 CVE-2022-27411 (TOTOLINK N600R v5.3c.5507_B20171031 was discovered to contain 
a comman ...)
-       TODO: check
+       NOT-FOR-US: TOTOLINK
 CVE-2022-27410
        RESERVED
 CVE-2022-27409
@@ -8168,7 +8168,7 @@ CVE-2022-27361
 CVE-2022-27360 (SpringBlade v3.2.0 and below was discovered to contain a SQL 
injection ...)
        TODO: check
 CVE-2022-27359 (Foxit PDF Reader v11.2.1.53537 was discovered to contain a 
NULL pointe ...)
-       TODO: check
+       NOT-FOR-US: Foxit PDF Reader
 CVE-2022-27358
        RESERVED
 CVE-2022-27357 (Ecommerce-Website v1 was discovered to contain an arbitrary 
file uploa ...)
@@ -10917,9 +10917,9 @@ CVE-2022-26378
 CVE-2022-26377
        RESERVED
 CVE-2022-26073 (A denial of service vulnerability exists in the libxm_av.so 
DemuxCmdIn ...)
-       TODO: check
+       NOT-FOR-US: Anker Eufy Homebase
 CVE-2022-25989 (An authentication bypass vulnerability exists in the 
libxm_av.so getpe ...)
-       TODO: check
+       NOT-FOR-US: Anker Eufy Homebase
 CVE-2022-0844
        RESERVED
 CVE-2022-0843
@@ -20036,7 +20036,7 @@ CVE-2022-23445
 CVE-2022-23444
        RESERVED
 CVE-2022-23443 (An improper access control in Fortinet FortiSOAR before 7.2.0 
allows u ...)
-       TODO: check
+       NOT-FOR-US: FortiGuard
 CVE-2022-23442
        RESERVED
 CVE-2022-23441 (A use of hard-coded cryptographic key vulnerability [CWE-321] 
in Forti ...)
@@ -25444,7 +25444,7 @@ CVE-2021-45785
 CVE-2021-45784
        RESERVED
 CVE-2021-45783 (Bookeen Notea Firmware BK_R_1.0.5_20210608 is affected by a 
directory  ...)
-       TODO: check
+       NOT-FOR-US: Bookeen Notea Firmware
 CVE-2021-45782
        REJECTED
 CVE-2021-45781
@@ -31454,19 +31454,19 @@ CVE-2021-44059
 CVE-2021-44058
        RESERVED
 CVE-2021-44057 (An improper authentication vulnerability has been reported to 
affect Q ...)
-       TODO: check
+       NOT-FOR-US: QNAP
 CVE-2021-44056 (An improper authentication vulnerability has been reported to 
affect Q ...)
-       TODO: check
+       NOT-FOR-US: QNAP
 CVE-2021-44055 (An missing authorization vulnerability has been reported to 
affect QNA ...)
-       TODO: check
+       NOT-FOR-US: QNAP
 CVE-2021-44054 (An open redirect vulnerability has been reported to affect 
QNAP device ...)
-       TODO: check
+       NOT-FOR-US: QNAP
 CVE-2021-44053 (A cross-site scripting (XSS) vulnerability has been reported 
to affect ...)
-       TODO: check
+       NOT-FOR-US: QNAP
 CVE-2021-44052 (An improper link resolution before file access ('Link 
Following') vuln ...)
-       TODO: check
+       NOT-FOR-US: QNAP
 CVE-2021-44051 (A command injection vulnerability has been reported to affect 
QNAP NAS ...)
-       TODO: check
+       NOT-FOR-US: QNAP
 CVE-2021-44050 (CA Network Flow Analysis (NFA) 21.2.1 and earlier contain a 
SQL inject ...)
        NOT-FOR-US: CA Network Flow Analysis (NFA)
 CVE-2021-44049 (CyberArk Endpoint Privilege Manager (EPM) through 11.5.3.328 
before 20 ...)
@@ -34003,7 +34003,7 @@ CVE-2021-43549 (A remote authenticated attacker with 
write access to a PI Server
 CVE-2021-43548 (Patient Information Center iX (PIC iX) Versions C.02 and C.03 
receives ...)
        NOT-FOR-US: Philips
 CVE-2021-43547 (TwinOaks Computing CoreDX DDS versions prior to 5.9.1 are 
susceptible  ...)
-       TODO: check
+       NOT-FOR-US: TwinOaks Computing CoreDX DDS
 CVE-2021-43546 (It was possible to recreate previous cursor spoofing attacks 
against u ...)
        {DSA-5034-1 DSA-5026-1 DLA-2874-1 DLA-2863-1}
        - firefox 95.0-1
@@ -35509,11 +35509,11 @@ CVE-2022-20803
 CVE-2022-20802
        RESERVED
 CVE-2022-20801 (Multiple vulnerabilities in the web-based management interface 
of Cisc ...)
-       TODO: check
+       NOT-FOR-US: Cisco
 CVE-2022-20800
        RESERVED
 CVE-2022-20799 (Multiple vulnerabilities in the web-based management interface 
of Cisc ...)
-       TODO: check
+       NOT-FOR-US: Cisco
 CVE-2022-20798
        RESERVED
 CVE-2022-20797
@@ -35526,7 +35526,7 @@ CVE-2022-20796 (On May 4, 2022, the following 
vulnerability in the ClamAV scanni
 CVE-2022-20795 (A vulnerability in the implementation of the Datagram TLS 
(DTLS) proto ...)
        NOT-FOR-US: Cisco
 CVE-2022-20794 (Multiple vulnerabilities in the web engine of Cisco 
TelePresence Colla ...)
-       TODO: check
+       NOT-FOR-US: Cisco
 CVE-2022-20793
        RESERVED
 CVE-2022-20792
@@ -35561,13 +35561,13 @@ CVE-2022-20782 (A vulnerability in the web-based 
management interface of Cisco I
 CVE-2022-20781 (A vulnerability in the web-based management interface of Cisco 
AsyncOS ...)
        NOT-FOR-US: Cisco
 CVE-2022-20780 (Multiple vulnerabilities in Cisco Enterprise NFV 
Infrastructure Softwa ...)
-       TODO: check
+       NOT-FOR-US: Cisco
 CVE-2022-20779 (Multiple vulnerabilities in Cisco Enterprise NFV 
Infrastructure Softwa ...)
-       TODO: check
+       NOT-FOR-US: Cisco
 CVE-2022-20778 (A vulnerability in the authentication component of Cisco Webex 
Meeting ...)
        NOT-FOR-US: Cisco
 CVE-2022-20777 (Multiple vulnerabilities in Cisco Enterprise NFV 
Infrastructure Softwa ...)
-       TODO: check
+       NOT-FOR-US: Cisco
 CVE-2022-20776
        RESERVED
 CVE-2022-20775
@@ -35599,7 +35599,7 @@ CVE-2022-20766
 CVE-2022-20765
        RESERVED
 CVE-2022-20764 (Multiple vulnerabilities in the web engine of Cisco 
TelePresence Colla ...)
-       TODO: check
+       NOT-FOR-US: Cisco
 CVE-2022-20763 (A vulnerability in the login authorization components of Cisco 
Webex M ...)
        NOT-FOR-US: Cisco
 CVE-2022-20762 (A vulnerability in the Common Execution Environment (CEE) 
ConfD CLI of ...)
@@ -35621,7 +35621,7 @@ CVE-2022-20755 (Multiple vulnerabilities in the API and 
web-based management int
 CVE-2022-20754 (Multiple vulnerabilities in the API and web-based management 
interface ...)
        NOT-FOR-US: Cisco
 CVE-2022-20753 (A vulnerability in web-based management interface of Cisco 
Small Busin ...)
-       TODO: check
+       NOT-FOR-US: Cisco
 CVE-2022-20752
        RESERVED
 CVE-2022-20751 (A vulnerability in the Snort detection engine integration for 
Cisco Fi ...)
@@ -35659,7 +35659,7 @@ CVE-2022-20736
 CVE-2022-20735 (A vulnerability in the web-based management interface of Cisco 
SD-WAN  ...)
        NOT-FOR-US: Cisco
 CVE-2022-20734 (A vulnerability in Cisco SD-WAN vManage Software could allow 
an authen ...)
-       TODO: check
+       NOT-FOR-US: Cisco
 CVE-2022-20733
        RESERVED
 CVE-2022-20732 (A vulnerability in the configuration file protections of Cisco 
Virtual ...)
@@ -35990,7 +35990,7 @@ CVE-2021-43208 (3D Viewer Remote Code Execution 
Vulnerability This CVE ID is uni
 CVE-2021-43207 (Windows Common Log File System Driver Elevation of Privilege 
Vulnerabi ...)
        NOT-FOR-US: Microsoft
 CVE-2021-43206 (A server-generated error message containing sensitive 
information in F ...)
-       TODO: check
+       NOT-FOR-US: FortiGuard
 CVE-2021-43205 (An exposure of sensitive information to an unauthorized actor 
vulnerab ...)
        NOT-FOR-US: Fortiguard FortiClient
 CVE-2021-43204 (A improper control of a resource through its lifetime in 
Fortinet Fort ...)
@@ -36109,17 +36109,17 @@ CVE-2021-43166
 CVE-2021-43165
        RESERVED
 CVE-2021-43164 (A Remote Code Execution (RCE) vulnerability exists in Ruijie 
Networks  ...)
-       TODO: check
+       NOT-FOR-US: Ruijie
 CVE-2021-43163 (A Remote Code Execution (RCE) vulnerability exists in Ruijie 
Networks  ...)
-       TODO: check
+       NOT-FOR-US: Ruijie
 CVE-2021-43162 (A Remote Code Execution (RCE) vulnerability exists in Ruijie 
Networks  ...)
-       TODO: check
+       NOT-FOR-US: Ruijie
 CVE-2021-43161 (A Remote Code Execution (RCE) vulnerability exists in Ruijie 
Networks  ...)
-       TODO: check
+       NOT-FOR-US: Ruijie
 CVE-2021-43160 (A Remote Code Execution (RCE) vulnerability exists in Ruijie 
Networks  ...)
-       TODO: check
+       NOT-FOR-US: Ruijie
 CVE-2021-43159 (A Remote Code Execution (RCE) vulnerability exists in Ruijie 
Networks  ...)
-       TODO: check
+       NOT-FOR-US: Ruijie
 CVE-2021-43158 (In ProjectWorlds Online Shopping System PHP 1.0, a CSRF 
vulnerability  ...)
        NOT-FOR-US: ProjectWorlds Online Shopping System PHP
 CVE-2021-43157 (Projectsworlds Online Shopping System PHP 1.0 is vulnerable to 
SQL inj ...)
@@ -39625,7 +39625,7 @@ CVE-2021-42244 (A cross-site scripting (XSS) 
vulnerability in PaquitoSoftware No
 CVE-2021-42243
        RESERVED
 CVE-2021-42242 (A command execution vulnerability exists in jfinal_cms 5.0.1 
via com.j ...)
-       TODO: check
+       NOT-FOR-US: jfinal_cms
 CVE-2021-42241
        RESERVED
 CVE-2021-42240
@@ -39639,7 +39639,7 @@ CVE-2021-42237 (Sitecore XP 7.5 Initial Release to 
Sitecore XP 8.2 Update-7 is v
 CVE-2021-42236
        RESERVED
 CVE-2021-42235 (SQL injection in osTicket before 1.14.8 and 1.15.4 login and 
password  ...)
-       TODO: check
+       NOT-FOR-US: osTicket
 CVE-2021-42234
        RESERVED
 CVE-2021-42233
@@ -39743,7 +39743,7 @@ CVE-2021-42185 (wdja v2.1 is affected by a SQL 
injection vulnerability in the fo
 CVE-2021-42184
        RESERVED
 CVE-2021-42183 (MasaCMS 7.2.1 is affected by a path traversal vulnerability in 
/index. ...)
-       TODO: check
+       NOT-FOR-US: MasaCMS
 CVE-2021-42182
        RESERVED
 CVE-2021-42181



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b63ca6a7edaec3e3b06d60045adcfb0a119f7e72

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b63ca6a7edaec3e3b06d60045adcfb0a119f7e72
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process some NFUs

Reply via email to