[Git][security-tracker-team/security-tracker][master] Process some NFUs

Neil Williams (@codehelp) codehelp at debian.org
Mon Apr 25 13:06:21 BST 2022 


Neil Williams pushed to branch master at Debian Security Tracker / security-tracker


Commits:
6d8c0c39 by Neil Williams at 2022-04-25T13:05:59+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -18692,7 +18692,7 @@ CVE-2022-0274 (Cross-site Scripting (XSS) - Stored in NuGet OrchardCore.Applicat
 CVE-2022-0273 (Improper Access Control in Pypi calibreweb prior to 0.6.16. ...)
 	NOT-FOR-US: calibre-web
 CVE-2022-0272 (Improper Restriction of XML External Entity Reference in GitHub reposi ...)
-	TODO: check
+	NOT-FOR-US: detekt for Kotlin
 CVE-2022-0271 (The LearnPress WordPress plugin before 4.1.6 does not sanitise and esc ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-0270 (Prior to v0.6.1, bored-agent failed to sanitize incoming kubernetes im ...)
@@ -20092,7 +20092,7 @@ CVE-2022-22971
 CVE-2022-22970
 	RESERVED
 CVE-2022-22969 (<Issue Description> Spring Security OAuth versions 2.5.x prior t ...)
-	TODO: check
+	NOT-FOR-US: spring-security-oauth
 CVE-2022-22968 (In Spring Framework versions 5.3.0 - 5.3.18, 5.2.0 - 5.2.20, and older ...)
 	- libspring-java <unfixed>
 	[bullseye] - libspring-java <no-dsa> (Minor issue)
@@ -32471,7 +32471,7 @@ CVE-2021-43483 (An Access Control vulnerability exists in CLARO KAON CG3000 1.00
 CVE-2021-43482
 	RESERVED
 CVE-2021-43481 (An SQL Injection vulnerability exists in Webtareas 2.4p3 and earlier v ...)
-	TODO: check
+	NOT-FOR-US: webTareas
 CVE-2021-43480
 	RESERVED
 CVE-2021-43479 (A Remote Code Execution (RCE) vulnerability exists in The-Secretary 2. ...)
@@ -41658,7 +41658,7 @@ CVE-2021-3777 (nodejs-tmpl is vulnerable to Inefficient Regular Expression Compl
 CVE-2021-40681
 	RESERVED
 CVE-2021-40680 (There is a Directory Traversal vulnerability in Artica Proxy (4.30.000 ...)
-	TODO: check
+	NOT-FOR-US: ArticaTech
 CVE-2021-40679
 	RESERVED
 CVE-2021-40678
@@ -49147,7 +49147,7 @@ CVE-2021-37742 (app/View/Elements/GalaxyClusters/view_relation_tree.ctp in MISP
 CVE-2021-37741 (ManageEngine ADManager Plus before 7111 has Pre-authentication RCE vul ...)
 	NOT-FOR-US: ManageEngine
 CVE-2021-37740 (A denial of service vulnerability exists in MDT's firmware for the KNX ...)
-	TODO: check
+	NOT-FOR-US: MDT SCN-IP100.03
 CVE-2021-37739 (A remote arbitrary command execution vulnerability was discovered in A ...)
 	NOT-FOR-US: Aruba
 CVE-2021-37738 (A remote disclosure of sensitive information vulnerability was discove ...)
@@ -55138,7 +55138,7 @@ CVE-2021-35231 (As a result of an unquoted service path vulnerability present in
 CVE-2021-35230 (As a result of an unquoted service path vulnerability present in the K ...)
 	NOT-FOR-US: Kiwi CatTools Installation Wizard
 CVE-2021-35229 (Cross-site scripting vulnerability is present in Database Performance  ...)
-	TODO: check
+	NOT-FOR-US: SolarWinds
 CVE-2021-35228 (This vulnerability occurred due to missing input sanitization for one  ...)
 	NOT-FOR-US: Solarwinds
 CVE-2021-35227 (The HTTP interface was enabled for RabbitMQ Plugin in ARM 2020.2.6 and ...)
@@ -60624,7 +60624,7 @@ CVE-2021-32929 (All versions of Uffizio GPS Tracker may allow an attacker to per
 CVE-2021-32928 (The Sentinel LDK Run-Time Environment installer (Versions 7.6 and prio ...)
 	NOT-FOR-US: Sentinel LDK Run-Time Environment installer
 CVE-2021-32927 (An attacker may be able to inject client-side JavaScript code on multi ...)
-	TODO: check
+	NOT-FOR-US: Uffizio GPS Tracker
 CVE-2021-32926 (When an authenticated password change request takes place, this vulner ...)
 	NOT-FOR-US: Rockwell Automation
 CVE-2021-3551 (A flaw was found in the PKI-server, where the spkispawn command, when  ...)
@@ -85616,7 +85616,7 @@ CVE-2021-23057
 CVE-2021-23056
 	RESERVED
 CVE-2021-23055 (On version 2.x before 2.0.3 and 1.x before 1.12.3, the command line re ...)
-	TODO: check
+	NOT-FOR-US: Kubernetes ingress-nginx component
 CVE-2021-23054 (On version 16.x before 16.1.0, 15.1.x before 15.1.4, 14.1.x before 14. ...)
 	NOT-FOR-US: F5 BIG-IP
 CVE-2021-23053 (On version 15.1.x before 15.1.3, 14.1.x before 14.1.3.1, and 13.1.x be ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6d8c0c39c12369c549fa2eb33eb7584a0749aeb3

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6d8c0c39c12369c549fa2eb33eb7584a0749aeb3
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220425/4e4d527d/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list