[Git][security-tracker-team/security-tracker][master] Process some NFUs

Neil Williams (@codehelp) Wed, 03 Aug 2022 01:51:56 -0700


Neil Williams pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
732dbf14 by Neil Williams at 2022-08-03T09:51:33+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -22503,7 +22503,7 @@ CVE-2022-1295 (Prototype Pollution in GitHub repository 
alvarotrigo/fullpage.js
 CVE-2022-1294 (The IMDB info box WordPress plugin through 2.0 does not 
sanitize and e ...)
        NOT-FOR-US: WordPress plugin
 CVE-2022-1293 (The embedded neutralization of Script-Related HTML Tag, was 
by-passed  ...)
-       TODO: check
+       NOT-FOR-US: Ercom citadel
 CVE-2022-1292 (The c_rehash script does not properly sanitise shell 
metacharacters to ...)
        {DSA-5139-1 DLA-3008-1}
        - openssl 1.1.1o-1
@@ -26601,17 +26601,17 @@ CVE-2022-27623
 CVE-2022-27622
        RESERVED
 CVE-2022-27621 (Improper limitation of a pathname to a restricted directory 
('Path Tra ...)
-       TODO: check
+       NOT-FOR-US: Synology DiskStation Manager
 CVE-2022-27620 (Improper limitation of a pathname to a restricted directory 
('Path Tra ...)
-       TODO: check
+       NOT-FOR-US: Synology DiskStation Manager
 CVE-2022-27619 (Cleartext transmission of sensitive information vulnerability 
in authe ...)
-       TODO: check
+       NOT-FOR-US: Synology Note Station Client
 CVE-2022-27618 (Improper limitation of a pathname to a restricted directory 
('Path Tra ...)
-       TODO: check
+       NOT-FOR-US: Synology DiskStation Manager
 CVE-2022-27617 (Improper limitation of a pathname to a restricted directory 
('Path Tra ...)
-       TODO: check
+       NOT-FOR-US: Synology DiskStation Manager
 CVE-2022-27616 (Improper neutralization of special elements used in an OS 
command ('OS ...)
-       TODO: check
+       NOT-FOR-US: Synology DiskStation Manager
 CVE-2022-27615 (Improper limitation of a pathname to a restricted directory 
('Path Tra ...)
        NOT-FOR-US: Synology
 CVE-2022-27614 (Exposure of sensitive information to an unauthorized actor 
vulnerabili ...)
@@ -31321,7 +31321,7 @@ CVE-2022-25869 (All versions of package angular are 
vulnerable to Cross-site Scr
        - angular.js <unfixed>
        NOTE: https://security.snyk.io/vuln/SNYK-JS-ANGULAR-2949781
 CVE-2022-25867 (The package io.socket:socket.io-client before 2.0.1 are 
vulnerable to  ...)
-       TODO: check
+       NOT-FOR-US: socket.io-client-java
 CVE-2022-25866 (The package czproject/git-php before 4.0.3 are vulnerable to 
Command I ...)
        NOT-FOR-US: git-php
 CVE-2022-25865 (The package workspace-tools before 0.18.4 are vulnerable to 
Command In ...)
@@ -38761,7 +38761,7 @@ CVE-2022-23735
 CVE-2022-23734
        RESERVED
 CVE-2022-23733 (A stored XSS vulnerability was identified in GitHub Enterprise 
Server  ...)
-       TODO: check
+       NOT-FOR-US: Github Enterprise Server
 CVE-2022-23732 (A path traversal vulnerability was identified in GitHub 
Enterprise Ser ...)
        NOT-FOR-US: Github Enterprise Server
 CVE-2022-23731 (V8 javascript engine (heap vulnerability) can cause privilege 
escalati ...)
@@ -123961,11 +123961,11 @@ CVE-2020-28455 (This affects all versions of 
package markdown-it-toc. The title
 CVE-2020-28454
        RESERVED
 CVE-2020-28453 (This affects all versions of package npos-tesseract. The 
injection poi ...)
-       TODO: check
+       NOT-FOR-US: Node npos-tesseract
 CVE-2020-28452 (This affects the package 
com.softwaremill.akka-http-session:core_2.12  ...)
        NOT-FOR-US: akka-http-session
 CVE-2020-28451 (This affects the package image-tiler before 2.0.2. ...)
-       TODO: check
+       NOT-FOR-US: Node image-tiler
 CVE-2020-28450 (This affects all versions of package decal. The vulnerability 
is in th ...)
        NOT-FOR-US: Node decal
 CVE-2020-28449 (This affects all versions of package decal. The vulnerability 
is in th ...)
@@ -123993,15 +123993,15 @@ CVE-2020-28439 (This affects all versions of 
package corenlp-js-prefab. The inje
 CVE-2020-28438 (This affects all versions of package deferred-exec. The 
injection poin ...)
        NOT-FOR-US: Node deferred-exec
 CVE-2020-28437 (This affects all versions of package heroku-env. The injection 
point i ...)
-       TODO: check
+       NOT-FOR-US: Node heroku-env
 CVE-2020-28436 (This affects all versions of package 
google-cloudstorage-commands. ...)
        NOT-FOR-US: Node google-cloudstorage-commands
 CVE-2020-28435 (This affects all versions of package ffmpeg-sdk. The injection 
point i ...)
        NOT-FOR-US: Node ffmpeg-sdk
 CVE-2020-28434 (This affects all versions of package gitblame. The injection 
point is  ...)
-       TODO: check
+       NOT-FOR-US: Node gitblame
 CVE-2020-28433 (This affects all versions of package node-latex-pdf. ...)
-       TODO: check
+       NOT-FOR-US: node-latex-pdf
 CVE-2020-28432
        REJECTED
 CVE-2020-28431
@@ -124017,11 +124017,11 @@ CVE-2020-28427
 CVE-2020-28426 (All versions of package kill-process-on-port are vulnerable to 
Command ...)
        NOT-FOR-US: Node kill-process-on-port
 CVE-2020-28425 (This affects all versions of package curljs. ...)
-       TODO: check
+       NOT-FOR-US: Node curljs
 CVE-2020-28424 (This affects all versions of package s3-kilatstorage. ...)
-       TODO: check
+       NOT-FOR-US: Node s3-kilatstorage
 CVE-2020-28423 (This affects all versions of package monorepo-build. ...)
-       TODO: check
+       NOT-FOR-US: Node monorepo-build
 CVE-2020-28422 (All versions of package git-archive are vulnerable to Command 
Injectio ...)
        NOT-FOR-US: Node git-archive
 CVE-2020-28421 (CA Unified Infrastructure Management 20.1 and earlier contains 
a vulne ...)
@@ -177579,7 +177579,7 @@ CVE-2020-7797
 CVE-2020-7796 (Zimbra Collaboration Suite (ZCS) before 8.8.15 Patch 7 allows 
SSRF whe ...)
        NOT-FOR-US: Zimbra Collaboration Suite (ZCS)
 CVE-2020-7795 (The package get-npm-package-version before 1.0.7 are vulnerable 
to Com ...)
-       TODO: check
+       NOT-FOR-US: Node get-npm-package-version
 CVE-2020-7794 (This affects all versions of package buns. The injection point 
is loca ...)
        NOT-FOR-US: Node buns
 CVE-2020-7793 (The package ua-parser-js before 0.7.23 are vulnerable to 
Regular Expre ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/732dbf14790fe0c8c2a8c0aa480d5800a4979c1f

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/732dbf14790fe0c8c2a8c0aa480d5800a4979c1f
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process some NFUs

Reply via email to