[Git][security-tracker-team/security-tracker][master] Process some NFUs

Neil Williams (@codehelp) codehelp at debian.org
Wed Apr 20 14:18:45 BST 2022



Neil Williams pushed to branch master at Debian Security Tracker / security-tracker


Commits:
0dd1759c by Neil Williams at 2022-04-20T14:18:01+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -11559,7 +11559,7 @@ CVE-2022-0646 (A flaw use after free in the Linux kernel Management Component Tr
 	- linux <not-affected> (Vulnerable code introduced later)
 	NOTE: https://lore.kernel.org/all/20220211011552.1861886-1-jk@codeconstruct.com.au/T/
 CVE-2022-0645 (Open redirect vulnerability via endpoint authorize_and_redirect/?redir ...)
-	TODO: check
+	NOT-FOR-US: posthog
 CVE-2022-0644 [vfs: check fd has read access in kernel_read_file_from_fd()]
 	RESERVED
 	{DSA-5096-1 DLA-2941-1}
@@ -21704,7 +21704,7 @@ CVE-2021-46124
 CVE-2021-46123
 	RESERVED
 CVE-2021-46122 (Tp-Link TL-WR840N (EU) v6.20 Firmware (0.9.1 4.17 v0001.0 Build 201124 ...)
-	TODO: check
+	NOT-FOR-US: Tp-Link TL-WR840N
 CVE-2021-46121
 	RESERVED
 CVE-2021-46120
@@ -24984,9 +24984,9 @@ CVE-2021-45230 (In Apache Airflow prior to 2.2.0. This CVE applies to a specific
 CVE-2021-45229 (It was discovered that the "Trigger DAG with config" screen was suscep ...)
 	- airflow <itp> (bug #819700)
 CVE-2021-45228 (An XSS issue was discovered in COINS Construction Cloud 11.12. Due to  ...)
-	TODO: check
+	NOT-FOR-US: COINS Construction Cloud
 CVE-2021-45227 (An issue was discovered in COINS Construction Cloud 11.12. Due to an i ...)
-	TODO: check
+	NOT-FOR-US: COINS Construction Cloud
 CVE-2021-45226 (An issue was discovered in COINS Construction Cloud 11.12. Due to impr ...)
 	NOT-FOR-US: COINS Construction Cloud
 CVE-2021-45225 (An issue was discovered in COINS Construction Cloud 11.12. Due to impr ...)
@@ -31177,7 +31177,7 @@ CVE-2021-43635 (A Cross Site Scripting (XSS) vulnerability exists in Codex befor
 CVE-2021-43634
 	RESERVED
 CVE-2021-43633 (Sourcecodester Messaging Web Application 1.0 is vulnerable to stored X ...)
-	TODO: check
+	NOT-FOR-US: Sourcecodester Messaging Web
 CVE-2021-43632
 	RESERVED
 CVE-2021-43631 (Projectworlds Hospital Management System v1.0 is vulnerable to SQL inj ...)
@@ -32238,15 +32238,15 @@ CVE-2021-43292
 CVE-2021-43291
 	RESERVED
 CVE-2021-43290 (An issue was discovered in ThoughtWorks GoCD before 21.3.0. An attacke ...)
-	TODO: check
+	NOT-FOR-US: ThoughtWorks GoCD
 CVE-2021-43289 (An issue was discovered in ThoughtWorks GoCD before 21.3.0. An attacke ...)
-	TODO: check
+	NOT-FOR-US: ThoughtWorks GoCD
 CVE-2021-43288 (An issue was discovered in ThoughtWorks GoCD before 21.3.0. An attacke ...)
-	TODO: check
+	NOT-FOR-US: ThoughtWorks GoCD
 CVE-2021-43287 (An issue was discovered in ThoughtWorks GoCD before 21.3.0. The busine ...)
-	TODO: check
+	NOT-FOR-US: ThoughtWorks GoCD
 CVE-2021-43286 (An issue was discovered in ThoughtWorks GoCD before 21.3.0. An attacke ...)
-	TODO: check
+	NOT-FOR-US: ThoughtWorks GoCD
 CVE-2021-43285
 	RESERVED
 CVE-2021-43284 (An issue was discovered on Victure WR1200 devices through 1.0.3. The r ...)
@@ -32302,7 +32302,7 @@ CVE-2021-43259
 CVE-2021-43258
 	RESERVED
 CVE-2021-43257 (Lack of Neutralization of Formula Elements in the CSV API of MantisBT  ...)
-	TODO: check
+	- mantis <removed>
 CVE-2021-3923
 	RESERVED
 CVE-2021-3922
@@ -33558,7 +33558,9 @@ CVE-2021-43156 (In ProjectWorlds Online Book Store PHP 1.0 a CSRF vulnerability
 CVE-2021-43155 (Projectsworlds Online Book Store PHP v1.0 is vulnerable to SQL injecti ...)
 	NOT-FOR-US: ProjectWorlds Online Book Store PHP
 CVE-2021-43154 (Cross Site Scripting (XSS) vulnerability exists in CMS Made Simple 2.2 ...)
-	TODO: check
+	NOT-FOR-US: CMS Made Simple
+	NOTE: CVE ref is a 404
+	NOTE: https://vuldb.com/?id.197294
 CVE-2021-43153
 	RESERVED
 CVE-2021-43152
@@ -33611,7 +33613,7 @@ CVE-2021-43131
 CVE-2021-43130 (An SQL Injection vulnerability exists in Sourcecodester Customer Relat ...)
 	NOT-FOR-US: Sourcecodester
 CVE-2021-43129 (An Access Control vulnerability exists in Desire2Learn/D2L Learning Ma ...)
-	TODO: check
+	NOT-FOR-US: D2L Brightspace LMS
 CVE-2021-43128
 	RESERVED
 CVE-2021-43127



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0dd1759cc6b96f62c2bf70062b30f1c3384b444b

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0dd1759cc6b96f62c2bf70062b30f1c3384b444b
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220420/e7303f43/attachment.htm>


More information about the debian-security-tracker-commits mailing list