[Git][security-tracker-team/security-tracker][master] Process some NFUs

Neil Williams (@codehelp) codehelp at debian.org
Thu Apr 14 10:41:24 BST 2022 


Neil Williams pushed to branch master at Debian Security Tracker / security-tracker


Commits:
981d38b0 by Neil Williams at 2022-04-14T10:41:08+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1443,7 +1443,7 @@ CVE-2022-1265
 CVE-2022-1264
 	RESERVED
 CVE-2022-1262 (A command injection vulnerability in the protest binary allows an atta ...)
-	TODO: check
+	NOT-FOR-US: D-Link Routers
 CVE-2022-1261
 	RESERVED
 CVE-2022-1260
@@ -2887,7 +2887,7 @@ CVE-2022-1163 (Cross-site Scripting (XSS) - Stored in GitHub repository mineweb/
 CVE-2022-1162 (A hardcoded password was set for accounts registered using an OmniAuth ...)
 	- gitlab <unfixed>
 CVE-2022-1161 (An attacker with the ability to modify a user program may change user  ...)
-	TODO: check
+	NOT-FOR-US: Rockwell Automation
 CVE-2022-1160 (heap buffer overflow in get_one_sourceline in GitHub repository vim/vi ...)
 	- vim <not-affected> (Vulnerable code introduced later)
 	NOTE: https://huntr.dev/bounties/a6f3222d-2472-439d-8881-111138a5694c/
@@ -3848,7 +3848,7 @@ CVE-2022-1069
 CVE-2022-1068 (Modbus Tools Modbus Slave (versions 7.4.2 and prior) is vulnerable to  ...)
 	NOT-FOR-US: Modbus Tools Modbus Slave
 CVE-2022-1067 (Navigating to a specific URL with a patient ID number will result in t ...)
-	TODO: check
+	NOT-FOR-US: LifePoint Informatics Patient Portal
 CVE-2022-27863
 	RESERVED
 CVE-2022-27862
@@ -4398,7 +4398,7 @@ CVE-2022-1047
 CVE-2022-1046
 	RESERVED
 CVE-2022-1045 (Stored XSS viva .svg file upload in GitHub repository polonel/trudesk  ...)
-	TODO: check
+	NOT-FOR-US: Trudesk
 CVE-2022-1044
 	RESERVED
 CVE-2022-1043 [Linux Kernel io_uring Use-After-Free Privilege Escalation Vulnerability]
@@ -5352,7 +5352,7 @@ CVE-2022-27227 (In PowerDNS Authoritative Server before 4.4.3, 4.5.x before 4.5.
 CVE-2022-27226 (A CSRF issue in /api/crontab on iRZ Mobile Routers through 2022-03-16  ...)
 	NOT-FOR-US: iRZ Mobile Routers
 CVE-2022-0999 (An authenticated user may be able to misuse parameters to inject arbit ...)
-	TODO: check
+	NOT-FOR-US: mySCADA myPRO
 CVE-2022-0998 (An integer overflow flaw was found in the Linux kernel’s virtio  ...)
 	- linux 5.15.15-1 (unimportant)
 	[bullseye] - linux 5.10.92-1
@@ -6182,7 +6182,7 @@ CVE-2022-26948 (The Archer RSS feed integration for Archer 6.x through 6.9 SP1 (
 CVE-2022-26947 (Archer 6.x through 6.9 SP3 (6.9.3.0) contains a reflected XSS vulnerab ...)
 	NOT-FOR-US: Archer
 CVE-2022-0936 (Cross-site Scripting (XSS) - Stored in GitHub repository autolab/autol ...)
-	TODO: check
+	NOT-FOR-US: Autolab
 CVE-2022-26946
 	RESERVED
 CVE-2022-26945
@@ -6422,9 +6422,9 @@ CVE-2022-0922 (The software does not perform any authentication for critical sys
 CVE-2022-0921 (Abusing Backup/Restore feature to achieve Remote Code Execution in Git ...)
 	NOT-FOR-US: microweber
 CVE-2022-0920 (The Salon booking system Free and Pro WordPress plugins before 7.6.3 d ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-0919 (The Salon booking system Free and pro WordPress plugins before 7.6.3 d ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-0918 (A vulnerability was discovered in the 389 Directory Server that allows ...)
 	- 389-ds-base <undetermined>
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2055815
@@ -6434,7 +6434,7 @@ CVE-2022-0917
 CVE-2022-0916
 	RESERVED
 CVE-2022-0915 (There is a Time-of-check Time-of-use (TOCTOU) Race Condition Vulnerabi ...)
-	TODO: check
+	NOT-FOR-US: Logitech Sync for Windows
 CVE-2022-0914 (The Export All URLs WordPress plugin before 4.3 does not have CSRF in  ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-0913 (Integer Overflow or Wraparound in GitHub repository microweber/microwe ...)
@@ -7195,7 +7195,7 @@ CVE-2022-25960
 CVE-2022-0879
 	RESERVED
 CVE-2022-0878 (Electric Vehicle (EV) commonly utilises the Combined Charging System ( ...)
-	TODO: check
+	NOT-FOR-US: Combined Charging System
 CVE-2022-0877 (Cross-site Scripting (XSS) - Stored in GitHub repository bookstackapp/ ...)
 	NOT-FOR-US: bookstack
 CVE-2022-0876
@@ -7751,7 +7751,7 @@ CVE-2022-26353 (A flaw was found in the virtio-net device of QEMU. This flaw was
 	NOTE: Introduced by: https://gitlab.com/qemu-project/qemu/-/commit/bedd7e93d01961fcb16a97ae45d93acf357e11f6 (v6.2.0-rc0)
 	NOTE: Introduced by the original fix for CVE-2021-3748.
 CVE-2022-0835 (AVEVA System Platform 2020 stores sensitive information in cleartext,  ...)
-	TODO: check
+	NOT-FOR-US: AVEVA
 CVE-2022-0834 (The Amelia WordPress plugin is vulnerable to Cross-Site Scripting due  ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-0833 (The Church Admin WordPress plugin before 3.4.135 does not have authori ...)
@@ -11102,7 +11102,7 @@ CVE-2022-0603 (Use after free in File Manager in Google Chrome on Chrome OS prio
 	[stretch] - chromium <end-of-life> (see DSA 4562)
 	NOTE: https://chromereleases.googleblog.com/2022/02/stable-channel-update-for-desktop_14.html
 CVE-2022-0602 (Cross-site Scripting (XSS) - DOM in GitHub repository tastyigniter/tas ...)
-	TODO: check
+	NOT-FOR-US: TastyIgniter
 CVE-2022-0601 (The Countdown, Coming Soon, Maintenance WordPress plugin before 2.2.9  ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-0600 (The Conference Scheduler WordPress plugin before 2.4.3 does not saniti ...)
@@ -12337,7 +12337,7 @@ CVE-2022-24701
 CVE-2022-24700
 	RESERVED
 CVE-2022-0556 (A local privilege escalation vulnerability caused by incorrect permiss ...)
-	TODO: check
+	NOT-FOR-US: Zyxel
 CVE-2022-0555
 	RESERVED
 CVE-2022-0554 (Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior  ...)
@@ -21664,7 +21664,7 @@ CVE-2022-0025
 CVE-2022-0024
 	RESERVED
 CVE-2022-0023 (An improper handling of exceptional conditions vulnerability exists in ...)
-	TODO: check
+	NOT-FOR-US: Palo Alto Networks
 CVE-2022-0022 (Usage of a weak cryptographic algorithm in Palo Alto Networks PAN-OS s ...)
 	NOT-FOR-US: Palo Alto Networks
 CVE-2022-0021 (An information exposure through log file vulnerability exists in the P ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/981d38b0fc0ddbddd1cc4e4af678d9c9a54e85ca

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/981d38b0fc0ddbddd1cc4e4af678d9c9a54e85ca
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220414/ddadb50f/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list