[Git][security-tracker-team/security-tracker][master] Process some NFUs

Neil Williams (@codehelp) codehelp at debian.org
Thu Apr 14 08:54:54 BST 2022 


Neil Williams pushed to branch master at Debian Security Tracker / security-tracker


Commits:
7e43f485 by Neil Williams at 2022-04-14T08:54:22+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -8216,7 +8216,7 @@ CVE-2022-26153
 CVE-2022-26152
 	RESERVED
 CVE-2022-26151 (Citrix XenMobile Server 10.12 through RP11, 10.13 through RP6, and 10. ...)
-	TODO: check
+	NOT-FOR-US: Citrix XenMobile Server
 CVE-2022-26150
 	RESERVED
 CVE-2022-26080
@@ -26616,7 +26616,7 @@ CVE-2021-4040
 CVE-2021-4039 (A command injection vulnerability in the web interface of the Zyxel NW ...)
 	NOT-FOR-US: Zyxel
 CVE-2021-44520 (In Citrix XenMobile Server through 10.12 RP9, there is an Authenticate ...)
-	TODO: check
+	NOT-FOR-US: Citrix XenMobile Server
 CVE-2021-44519
 	RESERVED
 CVE-2021-44518 (An issue was discovered in the eGeeTouch 3rd Generation Travel Padlock ...)
@@ -27582,7 +27582,7 @@ CVE-2021-44171
 CVE-2021-44170
 	RESERVED
 CVE-2021-44169 (A improper initialization in Fortinet FortiClient (Windows) version 6. ...)
-	TODO: check
+	NOT-FOR-US: Fortinet FortiClient
 CVE-2021-44168 (A download of code without integrity check vulnerability in the "execu ...)
 	NOT-FOR-US: FortiGuard
 CVE-2021-44167
@@ -29981,9 +29981,9 @@ CVE-2021-43744
 CVE-2021-43743
 	RESERVED
 CVE-2021-43742 (CMSimple 5.4 is vulnerable to Cross Site Scripting (XSS) via the file  ...)
-	TODO: check
+	NOT-FOR-US: CMSimple
 CVE-2021-43741 (CMSimple 5.4 is vulnerable to Directory Traversal. The vulnerability e ...)
-	TODO: check
+	NOT-FOR-US: CMSimple
 CVE-2021-43740
 	RESERVED
 CVE-2021-43739
@@ -30654,7 +30654,7 @@ CVE-2021-3933 (An integer overflow could occur when OpenEXR processes a crafted
 	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=38912
 	NOTE: Fixed by: https://github.com/AcademySoftwareFoundation/openexr/commit/5a0adf1aba7d41c6b94ba167c0c4308d2eecfd17
 CVE-2021-43521 (A Buffer Overflow vulnerability exists in zlog 1.2.15 via zlog_conf_bu ...)
-	TODO: check
+	NOT-FOR-US: zlog
 CVE-2021-43520
 	RESERVED
 CVE-2021-43519 (Stack overflow in lua_resume of ldo.c in Lua Interpreter 5.1.0~5.4.4 a ...)
@@ -30685,11 +30685,11 @@ CVE-2021-43518 (Teeworlds up to and including 0.7.5 is vulnerable to Buffer Over
 	NOTE: https://github.com/teeworlds/teeworlds/commit/91e5492d4c210f82f1ca6b43a73417fef5463368
 	NOTE: https://mmmds.pl/fuzzing-map-parser-part-1-teeworlds/
 CVE-2021-43517 (FOSCAM Camera FI9805E with firmware V4.02.R12.00018510.10012.143900.00 ...)
-	TODO: check
+	NOT-FOR-US: Xiaongmai
 CVE-2021-43516
 	RESERVED
 CVE-2021-43515 (CSV Injection (aka Excel Macro Injection or Formula Injection) exists  ...)
-	TODO: check
+	NOT-FOR-US: kimai2
 CVE-2021-43514
 	RESERVED
 CVE-2021-43513
@@ -36236,7 +36236,7 @@ CVE-2021-42138 (A user of a machine protected by SafeNet Agent for Windows Logon
 CVE-2021-42137 (An issue was discovered in Zammad before 5.0.1. In some cases, there i ...)
 	- zammad <itp> (bug #841355)
 CVE-2021-42136 (A stored Cross-Site Scripting (XSS) vulnerability in the Missing Data  ...)
-	TODO: check
+	NOT-FOR-US: REDCap
 CVE-2021-42135 (HashiCorp Vault and Vault Enterprise 1.8.x through 1.8.4 may have an u ...)
 	NOT-FOR-US: HashiCorp Vault
 CVE-2021-42134 (The Unicorn framework before 0.36.1 for Django allows XSS via a compon ...)
@@ -95322,7 +95322,7 @@ CVE-2020-29655 (An injection vulnerability exists in RT-AC88U Download Master be
 CVE-2020-29654 (Western Digital Dashboard before 3.2.2.9 allows DLL Hijacking that lea ...)
 	NOT-FOR-US: Western Digital Dashboard
 CVE-2020-29653 (Froxlor through 0.10.22 does not perform validation on user input pass ...)
-	TODO: check
+	NOT-FOR-US: Froxlor
 CVE-2020-29652 (A nil pointer dereference in the golang.org/x/crypto/ssh component thr ...)
 	- golang-go.crypto 1:0.0~git20201221.eec23a3-1
 	[buster] - golang-go.crypto <not-affected> (Vulnerable code not present)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7e43f4856093cd724e9a5b0b95b4162a4967ca9e

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7e43f4856093cd724e9a5b0b95b4162a4967ca9e
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220414/aed203ea/attachment.htm>

More information about the debian-security-tracker-commits mailing list