[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed Apr 20 21:34:54 BST 2022 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
949dc847 by Salvatore Bonaccorso at 2022-04-20T22:34:29+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,5 +1,5 @@
 CVE-2022-29527 (Amazon AWS amazon-ssm-agent before 3.1.1208.0 creates a world-writable ...)
-	TODO: check
+	NOT-FOR-US: Amazon AWS amazon-ssm-agent
 CVE-2022-29526
 	RESERVED
 CVE-2022-1417
@@ -617,7 +617,7 @@ CVE-2022-1380 (Stored Cross Site Scripting vulnerability in Item name parameter
 CVE-2022-1379
 	RESERVED
 CVE-2022-29266 (In APache APISIX before 3.13.1, an attacker can obtain a plugin-config ...)
-	TODO: check
+	NOT-FOR-US: Apache APISIX
 CVE-2022-1378
 	RESERVED
 CVE-2022-1377
@@ -1177,7 +1177,7 @@ CVE-2022-29064
 CVE-2022-1319
 	RESERVED
 CVE-2022-1318 (Hills ComNav version 3002-19 suffers from a weak communication channel ...)
-	TODO: check
+	NOT-FOR-US: Hills ComNav
 CVE-2022-1317
 	RESERVED
 CVE-2022-1316 (ZeroTierOne for windows local privilege escalation because of incorrec ...)
@@ -5430,7 +5430,7 @@ CVE-2022-25841
 CVE-2022-1040 (An authentication bypass vulnerability in the User Portal and Webadmin ...)
 	NOT-FOR-US: Sophos
 CVE-2022-1039 (The weak password on the web user interface can be exploited via HTTP  ...)
-	TODO: check
+	NOT-FOR-US: Red Lion
 CVE-2022-1038
 	RESERVED
 CVE-2022-27492
@@ -6009,11 +6009,11 @@ CVE-2022-27259
 CVE-2022-27232
 	RESERVED
 CVE-2022-27179 (A malicious actor having access to the exported configuration file may ...)
-	TODO: check
+	NOT-FOR-US: Red Lion
 CVE-2022-26519 (There is no limit to the number of attempts to authenticate for the lo ...)
-	TODO: check
+	NOT-FOR-US: Hills ComNav
 CVE-2022-26516 (Authorized users may install a maliciously modified package file when  ...)
-	TODO: check
+	NOT-FOR-US: Red Lion
 CVE-2022-26419 (Omron CX-Position (versions 2.5.3 and prior) is vulnerable to multiple ...)
 	NOT-FOR-US: Omron CX-Position
 CVE-2022-26417 (Omron CX-Position (versions 2.5.3 and prior) is vulnerable to a use af ...)
@@ -7864,7 +7864,7 @@ CVE-2022-26626
 CVE-2022-26625
 	RESERVED
 CVE-2022-26624 (Bootstrap v3.1.11 and v3.3.7 was discovered to contain a cross-site sc ...)
-	TODO: check
+	NOT-FOR-US: Ecommerce-CodeIgniter-Bootstrap
 CVE-2022-26623
 	RESERVED
 CVE-2022-26622
@@ -9312,7 +9312,7 @@ CVE-2022-26135
 CVE-2022-26134
 	RESERVED
 CVE-2022-26133 (SharedSecretClusterAuthenticator in Atlassian Bitbucket Data Center ve ...)
-	TODO: check
+	NOT-FOR-US: Atlassian Bitbucket Data Center
 CVE-2022-26132
 	RESERVED
 CVE-2022-0767 (Server-Side Request Forgery (SSRF) in GitHub repository janeczku/calib ...)
@@ -11200,11 +11200,11 @@ CVE-2022-25357
 CVE-2022-25356 (Alt-N MDaemon Security Gateway through 8.5.0 allows SecurityGateway.dl ...)
 	NOT-FOR-US: Alt-N Technologies Mdaemon
 CVE-2022-25344 (An XSS issue was discovered on Kyocera d-COLOR MF3555 2XD_S000.002.271 ...)
-	TODO: check
+	NOT-FOR-US: Kyocera
 CVE-2022-25343 (An issue was discovered on Kyocera d-COLOR MF3555 2XD_S000.002.271 dev ...)
-	TODO: check
+	NOT-FOR-US: Kyocera
 CVE-2022-25342 (An issue was discovered on Kyocera d-COLOR MF3555 2XD_S000.002.271 dev ...)
-	TODO: check
+	NOT-FOR-US: Kyocera
 CVE-2022-25341
 	RESERVED
 CVE-2022-25340
@@ -12701,7 +12701,7 @@ CVE-2022-24873
 CVE-2022-24872
 	RESERVED
 CVE-2022-24871 (Shopware is an open commerce platform based on Symfony Framework and V ...)
-	TODO: check
+	NOT-FOR-US: Shopware
 CVE-2022-24870
 	RESERVED
 CVE-2022-24869



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/949dc8479eff2bb64c854a21a63be408105a2632

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/949dc8479eff2bb64c854a21a63be408105a2632
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220420/dbf6aea9/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list