[Git][security-tracker-team/security-tracker][master] Process some NFUs

Neil Williams (@codehelp) Wed, 18 May 2022 02:05:47 -0700


Neil Williams pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
d73ed1a3 by Neil Williams at 2022-05-18T10:04:58+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -15,7 +15,7 @@ CVE-2022-1772
 CVE-2022-1771
        RESERVED
 CVE-2019-25061 (The random_password_generator (aka RandomPasswordGenerator) 
gem throug ...)
-       TODO: check
+       NOT-FOR-US: bvsatyaram/random_password_generator
 CVE-2022-30973
        RESERVED
 CVE-2022-1770
@@ -10686,7 +10686,7 @@ CVE-2022-0998 (An integer overflow flaw was found in 
the Linux kernel&#8217;s vi
        NOTE: 
https://git.kernel.org/linus/3ed21c1451a14d139e1ceb18f2fa70865ce3195a (5.16-rc6)
        NOTE: CONFIG_VHOST_VDPA not set in Debian
 CVE-2022-0997 (Improper file permissions in the CommandPost, Collector, and 
Sensor co ...)
-       TODO: check
+       NOT-FOR-US: Fidelis
 CVE-2022-0996 (A vulnerability was found in the 389 Directory Server that 
allows expi ...)
        - 389-ds-base 2.0.15-1
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2064769
@@ -38830,7 +38830,7 @@ CVE-2021-42945 (A SQL Injection vulnerability exists in 
ZZCMS 2021 via the askbi
 CVE-2021-42944
        RESERVED
 CVE-2021-42943 (Stored cross-site scripting (XSS) in admin/usermanager.php 
over IPPlan ...)
-       TODO: check
+       - ipplan <removed>
 CVE-2021-42942
        RESERVED
 CVE-2021-42941
@@ -38929,7 +38929,7 @@ CVE-2021-42899
 CVE-2021-42898
        RESERVED
 CVE-2021-42897 (A remote command execution (RCE) vulnerability was found in 
FeMiner wm ...)
-       TODO: check
+       NOT-FOR-US: FeMiner/wms
 CVE-2021-42896
        RESERVED
 CVE-2021-42895
@@ -38983,7 +38983,7 @@ CVE-2021-42872
 CVE-2021-42871
        RESERVED
 CVE-2021-42870 (ACCEL-PPP 1.12.0 has an out-of-bounds read in post_msg when 
processing ...)
-       TODO: check
+       NOT-FOR-US: accel-ppp
 CVE-2021-42869 (A Cross Site Scripting (XSS) vulnerability exists in Chikista 
Patient  ...)
        NOT-FOR-US: Chikista Patient Management Software
 CVE-2021-42868 (A Cross Site Scripting (XSS) vulnerability exists in Chikista 
Patient  ...)
@@ -39565,9 +39565,9 @@ CVE-2021-42646 (XML External Entity (XXE) vulnerability 
in the file based servic
 CVE-2021-42645 (CMSimple_XH 1.7.4 is affected by a remote code execution (RCE) 
vulnera ...)
        NOT-FOR-US: CMSimple
 CVE-2021-42644 (cmseasy V7.7.5_20211012 is affected by an arbitrary file read 
vulnerab ...)
-       TODO: check
+       NOT-FOR-US: CmsEasy
 CVE-2021-42643 (cmseasy V7.7.5_20211012 is affected by an arbitrary file write 
vulnera ...)
-       TODO: check
+       NOT-FOR-US: CmsEasy
 CVE-2021-42642 (PrinterLogic Web Stack versions 19.1.1.13 SP9 and below are 
vulnerable ...)
        NOT-FOR-US: PrinterLogic Web Stack
 CVE-2021-42641 (PrinterLogic Web Stack versions 19.1.1.13 SP9 and below are 
vulnerable ...)
@@ -64601,7 +64601,7 @@ CVE-2021-33026 (The Flask-Caching extension through 
1.10.1 for Flask relies on P
        NOTE: https://github.com/sh4nks/flask-caching/pull/209
        NOTE: Negligible security impact
 CVE-2021-33025 (xArrow SCADA versions 7.2 and prior permits unvalidated 
registry keys  ...)
-       TODO: check
+       NOT-FOR-US: xArrow
 CVE-2021-33024 (Philips Vue PACS versions 12.2.x.x and prior transmits or 
stores authe ...)
        NOT-FOR-US: Philips Vue PACS
 CVE-2021-33023 (Advantech WebAccess versions 9.02 and prior are vulnerable to 
a heap-b ...)
@@ -64609,7 +64609,7 @@ CVE-2021-33023 (Advantech WebAccess versions 9.02 and 
prior are vulnerable to a
 CVE-2021-33022 (Philips Vue PACS versions 12.2.x.x and prior transmits 
sensitive or se ...)
        NOT-FOR-US: Philips Vue PACS
 CVE-2021-33021 (xArrow SCADA versions 7.2 and prior is vulnerable to 
cross-site script ...)
-       TODO: check
+       NOT-FOR-US: xArrow
 CVE-2021-33020 (Philips Vue PACS versions 12.2.x.x and prior uses a 
cryptographic key  ...)
        NOT-FOR-US: Philips Vue PACS
 CVE-2021-33019 (A stack-based buffer overflow vulnerability in Delta 
Electronics DOPSo ...)
@@ -64625,7 +64625,7 @@ CVE-2021-33015 (Cscape (All Versions prior to 9.90 SP5) 
lacks proper validation
 CVE-2021-33014
        RESERVED
 CVE-2021-33013 (mySCADA myPRO versions prior to 8.20.0 does not restrict 
unauthorized  ...)
-       TODO: check
+       NOT-FOR-US: mySCADA myPRO
 CVE-2021-33012 (Rockwell Automation MicroLogix 1100, all versions, allows a 
remote, un ...)
        NOT-FOR-US: Rockwell
 CVE-2021-33011 (All versions of the afffected TOYOPUC-PC10 Series,TOYOPUC-Plus 
Series, ...)
@@ -64649,7 +64649,7 @@ CVE-2021-33003 (Delta Electronics DIAEnergie Version 
1.7.5 and prior may allow a
 CVE-2021-33002 (Opening a maliciously crafted project file may cause an 
out-of-bounds  ...)
        NOT-FOR-US: WebAccess HMI Designer
 CVE-2021-33001 (xArrow SCADA versions 7.2 and prior is vulnerable to 
cross-site script ...)
-       TODO: check
+       NOT-FOR-US: xArrow
 CVE-2021-33000 (Parsing a maliciously crafted project file may cause a 
heap-based buff ...)
        NOT-FOR-US: WebAccess HMI Designer
 CVE-2021-32999 (Improper handling of exceptional conditions in SuiteLink 
server while  ...)
@@ -79188,11 +79188,11 @@ CVE-2021-27446 (The Weintek cMT product line is 
vulnerable to code injection, wh
 CVE-2021-27445 (Mesa Labs AmegaView Versions 3.0 and prior has insecure file 
permissio ...)
        NOT-FOR-US: Mesa Labs
 CVE-2021-27444 (The Weintek cMT product line is vulnerable to various improper 
access  ...)
-       TODO: check
+       NOT-FOR-US: Weintek cMT gateway
 CVE-2021-27443
        RESERVED
 CVE-2021-27442 (The Weintek cMT product line is vulnerable to a cross-site 
scripting v ...)
-       TODO: check
+       NOT-FOR-US: Weintek cMT gateway
 CVE-2021-27441
        RESERVED
 CVE-2021-27440 (The software contains a hard-coded password it uses for its 
own inboun ...)
@@ -89396,11 +89396,11 @@ CVE-2021-23269
 CVE-2021-23268
        RESERVED
 CVE-2021-23267 (Improper Control of Dynamically-Managed Code Resources 
vulnerability i ...)
-       TODO: check
+       NOT-FOR-US: Crafter CMS
 CVE-2021-23266 (An anonymous user can craft a URL with text that ends up in 
the log vi ...)
-       TODO: check
+       NOT-FOR-US: Crafter CMS
 CVE-2021-23265 (A logged-in and authenticated user with a Reviewer Role may 
lock a con ...)
-       TODO: check
+       NOT-FOR-US: Crafter CMS
 CVE-2021-23264 (Installations, where crafter-search is not protected, allow 
unauthenti ...)
        NOT-FOR-US: Crafter CMS
 CVE-2021-23263 (Unauthenticated remote attackers can read textual content via 
FreeMark ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d73ed1a33a7a52baf8997be018869b57ee3196bf

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d73ed1a33a7a52baf8997be018869b57ee3196bf
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process some NFUs

Reply via email to