[Git][security-tracker-team/security-tracker][master] Process NFUs

Salvatore Bonaccorso (@carnil) Tue, 17 May 2022 13:31:31 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
fa6c14eb by Salvatore Bonaccorso at 2022-05-17T22:30:57+02:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -297,7 +297,7 @@ CVE-2022-1725 (NULL Pointer Dereference in GitHub 
repository vim/vim prior to 8.
 CVE-2022-1724
        RESERVED
 CVE-2022-1723 (Server-Side Request Forgery (SSRF) in GitHub repository 
jgraph/drawio  ...)
-       TODO: check
+       NOT-FOR-US: jgraph/drawio
 CVE-2022-1722 (SSRF in editor's proxy via IPv6 link-local address in GitHub 
repositor ...)
        NOT-FOR-US: jgraph/drawio
 CVE-2022-1721 (Path Traversal in WellKnownServlet in GitHub repository 
jgraph/drawio  ...)
@@ -719,7 +719,7 @@ CVE-2022-1713 (SSRF on /proxy in GitHub repository 
jgraph/drawio prior to 18.0.4
 CVE-2022-1712
        RESERVED
 CVE-2022-1711 (Server-Side Request Forgery (SSRF) in GitHub repository 
jgraph/drawio  ...)
-       TODO: check
+       NOT-FOR-US: jgraph/drawio
 CVE-2022-1710
        RESERVED
 CVE-2022-1709
@@ -745,7 +745,7 @@ CVE-2021-44467
 CVE-2021-4228
        RESERVED
 CVE-2022-30689 (HashiCorp Vault and Vault Enterprise from 1.10.0 to 1.10.2 did 
not cor ...)
-       TODO: check
+       NOT-FOR-US: HashiCorp
 CVE-2022-30688 (needrestart 0.8 through 3.5 before 3.6 is prone to local 
privilege esc ...)
        {DSA-5137-1}
        - needrestart 3.6-1 (bug #1011154)
@@ -2369,7 +2369,7 @@ CVE-2022-30126 (In Apache Tika, a regular expression in 
our StandardsText class,
        - tika <unfixed>
        NOTE: https://www.openwall.com/lists/oss-security/2022/05/16/3
 CVE-2022-1553 (Leaking password protected articles content due to improper 
access con ...)
-       TODO: check
+       NOT-FOR-US: Publify
 CVE-2022-1552
        RESERVED
        {DSA-5136-1 DSA-5135-1}
@@ -2507,9 +2507,9 @@ CVE-2022-30075
 CVE-2022-30074
        RESERVED
 CVE-2022-30073 (WBCE CMS 1.5.2 is vulnerable to Cross Site Scripting (XSS) via 
/admin/ ...)
-       TODO: check
+       NOT-FOR-US: WBCE CMS
 CVE-2022-30072 (WBCE CMS 1.5.2 is vulnerable to Cross Site Scripting (XSS) via 
\admin\ ...)
-       TODO: check
+       NOT-FOR-US: WBCE CMS
 CVE-2022-30071
        RESERVED
 CVE-2022-30070
@@ -2642,7 +2642,7 @@ CVE-2022-30009
 CVE-2022-30008
        RESERVED
 CVE-2022-30007 (GXCMS V1.5 has a file upload vulnerability in the background. 
The vuln ...)
-       TODO: check
+       NOT-FOR-US: GXCMS
 CVE-2022-30006
        RESERVED
 CVE-2022-30005
@@ -4657,7 +4657,7 @@ CVE-2022-29334
 CVE-2022-29333
        RESERVED
 CVE-2022-29332 (D-LINK DIR-825 AC1200 R2 is vulnerable to Directory Traversal. 
An atta ...)
-       TODO: check
+       NOT-FOR-US: D-LINK
 CVE-2022-29331
        RESERVED
 CVE-2022-29330
@@ -5595,7 +5595,7 @@ CVE-2022-29019
 CVE-2022-29018
        RESERVED
 CVE-2022-29017 (Bento4 v1.6.0.0 was discovered to contain a segmentation fault 
via the ...)
-       TODO: check
+       NOT-FOR-US: Bento4
 CVE-2022-29016
        RESERVED
 CVE-2022-29015
@@ -14448,7 +14448,7 @@ CVE-2022-21192
 CVE-2022-21191
        RESERVED
 CVE-2022-21190 (This affects the package convict before 6.2.3. This is a 
bypass of [CV ...)
-       TODO: check
+       NOT-FOR-US: Node convict
 CVE-2022-21189 (The package dexie before 3.2.2, from 4.0.0-alpha.1 and before 
4.0.0-al ...)
        NOT-FOR-US: dexie
 CVE-2022-21187 (The package libvcs before 0.11.1 are vulnerable to Command 
Injection v ...)
@@ -16957,7 +16957,7 @@ CVE-2022-24977 (ImpressCMS before 1.4.2 allows 
unauthenticated remote code execu
 CVE-2022-0579 (Improper Privilege Management in Packagist snipe/snipe-it prior 
to 5.3 ...)
        - snipe-it <itp> (bug #1005172)
 CVE-2022-0578 (Code Injection in GitHub repository publify/publify prior to 
9.2.8. ...)
-       TODO: check
+       NOT-FOR-US: Publify
 CVE-2022-24976 (Atheme IRC Services before 7.2.12, when used in conjunction 
with InspI ...)
        - atheme-services 7.2.12-1
        [bullseye] - atheme-services <no-dsa> (Minor issue; can be fixed via 
point release)
@@ -16976,9 +16976,9 @@ CVE-2022-0576 (Cross-site Scripting (XSS) - Generic in 
Packagist librenms/libren
 CVE-2022-0575 (Cross-site Scripting (XSS) - Stored in Packagist 
librenms/librenms pri ...)
        NOT-FOR-US: LibreNMS
 CVE-2022-0574 (Improper Access Control in GitHub repository publify/publify 
prior to  ...)
-       TODO: check
+       NOT-FOR-US: Publify
 CVE-2022-0573 (JFrog Artifactory before 7.36.1 and 6.23.41, is vulnerable to 
Insecure ...)
-       TODO: check
+       NOT-FOR-US: JFrog Artifactory
 CVE-2022-0572 (Heap-based Buffer Overflow in GitHub repository vim/vim prior 
to 8.2. ...)
        {DLA-3011-1}
        - vim 2:8.2.4659-1



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fa6c14eb1be4374db99f26a925c9189a3802ad2c

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fa6c14eb1be4374db99f26a925c9189a3802ad2c
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process NFUs

Reply via email to