[Git][security-tracker-team/security-tracker][master] Process more NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Mon Apr 4 08:27:11 BST 2022 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
01de54e6 by Salvatore Bonaccorso at 2022-04-04T09:26:46+02:00
Process more NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -9716,7 +9716,7 @@ CVE-2022-24800
 CVE-2022-24799
 	RESERVED
 CVE-2022-24798 (Internet Routing Registry daemon version 4 is an IRR database server,  ...)
-	TODO: check
+	NOT-FOR-US: Internet Routing Registry daemon (iird)
 CVE-2022-24797 (Pomerium is an identity-aware access proxy. In distributed service mod ...)
 	TODO: check
 CVE-2022-24796 (RaspberryMatic is a free and open-source operating system for running  ...)
@@ -9730,7 +9730,7 @@ CVE-2022-24793
 CVE-2022-24792
 	RESERVED
 CVE-2022-24791 (Wasmtime is a standalone JIT-style runtime for WebAssembly, using Cran ...)
-	TODO: check
+	NOT-FOR-US: wasmtime
 CVE-2022-24790 (Puma is a simple, fast, multi-threaded, parallel HTTP 1.1 server for R ...)
 	- puma <unfixed> (bug #1008723)
 	NOTE: https://github.com/puma/puma/security/advisories/GHSA-h99w-9q5r-gjq9
@@ -11936,7 +11936,7 @@ CVE-2022-24112 (An attacker can abuse the batch-requests plugin to send requests
 CVE-2022-0406 (Improper Authorization in GitHub repository janeczku/calibre-web prior ...)
 	TODO: check
 CVE-2022-0405 (Improper Access Control in GitHub repository janeczku/calibre-web prio ...)
-	TODO: check
+	NOT-FOR-US: calibre-web
 CVE-2022-0404
 	RESERVED
 CVE-2022-0403
@@ -17747,7 +17747,7 @@ CVE-2022-22572
 CVE-2022-22571
 	RESERVED
 CVE-2022-22570 (A buffer overflow vulnerability found in the UniFi Door Access Reader  ...)
-	TODO: check
+	NOT-FOR-US: UniFi Door Access Reader Lite
 CVE-2022-22569
 	RESERVED
 CVE-2022-22568
@@ -17975,7 +17975,7 @@ CVE-2022-0090 (An issue has been discovered affecting GitLab versions prior to 1
 CVE-2022-0089
 	RESERVED
 CVE-2022-0088 (Cross-Site Request Forgery (CSRF) in GitHub repository yourls/yourls p ...)
-	TODO: check
+	NOT-FOR-US: yourls
 CVE-2021-46140
 	RESERVED
 CVE-2021-46139
@@ -56321,19 +56321,19 @@ CVE-2021-33026 (The Flask-Caching extension through 1.10.1 for Flask relies on P
 CVE-2021-33025
 	RESERVED
 CVE-2021-33024 (Philips Vue PACS versions 12.2.x.x and prior transmits or stores authe ...)
-	TODO: check
+	NOT-FOR-US: Philips Vue PACS
 CVE-2021-33023 (Advantech WebAccess versions 9.02 and prior are vulnerable to a heap-b ...)
 	NOT-FOR-US: Advantech WebAccess
 CVE-2021-33022 (Philips Vue PACS versions 12.2.x.x and prior transmits sensitive or se ...)
-	TODO: check
+	NOT-FOR-US: Philips Vue PACS
 CVE-2021-33021
 	RESERVED
 CVE-2021-33020 (Philips Vue PACS versions 12.2.x.x and prior uses a cryptographic key  ...)
-	TODO: check
+	NOT-FOR-US: Philips Vue PACS
 CVE-2021-33019 (A stack-based buffer overflow vulnerability in Delta Electronics DOPSo ...)
 	NOT-FOR-US: Delta Electronics
 CVE-2021-33018 (The use of a broken or risky cryptographic algorithm in Philips Vue PA ...)
-	TODO: check
+	NOT-FOR-US: Philips Vue PACS
 CVE-2021-33017 (The standard access path of the IntelliBridge EC 40 and 60 Hub (C.00.0 ...)
 	NOT-FOR-US: Philips
 CVE-2021-33016
@@ -56417,11 +56417,11 @@ CVE-2021-32978
 CVE-2021-32977
 	RESERVED
 CVE-2021-32976 (Five buffer overflows in the built-in web server in Moxa NPort IAW5000 ...)
-	TODO: check
+	NOT-FOR-US: Moxa
 CVE-2021-32975 (Cscape (All Versions prior to 9.90 SP5) lacks proper validation of use ...)
 	NOT-FOR-US: Cscape
 CVE-2021-32974 (Improper input validation in the built-in web server in Moxa NPort IAW ...)
-	TODO: check
+	NOT-FOR-US: Moxa
 CVE-2021-32973
 	RESERVED
 CVE-2021-32972 (Panasonic FPWIN Pro, all Versions 7.5.1.1 and prior, allows an attacke ...)
@@ -56429,11 +56429,11 @@ CVE-2021-32972 (Panasonic FPWIN Pro, all Versions 7.5.1.1 and prior, allows an a
 CVE-2021-32971 (Null pointer dereference in SuiteLink server while processing command  ...)
 	NOT-FOR-US: Suitelink
 CVE-2021-32970 (Data can be copied without validation in the built-in web server in Mo ...)
-	TODO: check
+	NOT-FOR-US: Moxa
 CVE-2021-32969
 	RESERVED
 CVE-2021-32968 (Two buffer overflows in the built-in web server in Moxa NPort IAW5000A ...)
-	TODO: check
+	NOT-FOR-US: Moxa
 CVE-2021-32967 (Delta Electronics DIAEnergie Version 1.7.5 and prior may allow an atta ...)
 	NOT-FOR-US: Delta Electronics
 CVE-2021-32966



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/01de54e626c3087fc4f37704672780a60649f295

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/01de54e626c3087fc4f37704672780a60649f295
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220404/ea260bfd/attachment.htm>

More information about the debian-security-tracker-commits mailing list