[Git][security-tracker-team/security-tracker][master] Process NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Apr 28 21:32:39 BST 2022 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
ae5104cc by Salvatore Bonaccorso at 2022-04-28T22:32:15+02:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -91,13 +91,13 @@ CVE-2022-1516
 CVE-2022-1515
 	RESERVED
 CVE-2022-1514 (Stored XSS via upload plugin functionality in zip format in GitHub rep ...)
-	TODO: check
+	NOT-FOR-US: facturascripts
 CVE-2022-1513
 	RESERVED
 CVE-2022-1512
 	RESERVED
 CVE-2022-1511 (Improper Access Control in GitHub repository snipe/snipe-it prior to 5 ...)
-	TODO: check
+	NOT-FOR-US: snipe-it
 CVE-2022-1510
 	RESERVED
 CVE-2022-1509 (Sed Injection Vulnerability in GitHub repository hestiacp/hestiacp pri ...)
@@ -121,7 +121,7 @@ CVE-2022-29861
 CVE-2022-29860
 	RESERVED
 CVE-2022-29859 (component/common/network/dhcp/dhcps.c in ambiot amb1_sdk (aka SDK for  ...)
-	TODO: check
+	NOT-FOR-US: SDK for Ameba1
 CVE-2022-29858
 	RESERVED
 CVE-2022-29857
@@ -199,9 +199,9 @@ CVE-2022-29823
 CVE-2022-29822
 	RESERVED
 CVE-2022-29821 (In JetBrains Rider before 2022.1 local code execution via links in ReS ...)
-	TODO: check
+	NOT-FOR-US: JetBrains Rider
 CVE-2022-29820 (In JetBrains PyCharm before 2022.1 exposure of the debugger port to th ...)
-	TODO: check
+	NOT-FOR-US: JetBrains
 CVE-2022-29819 (In JetBrains IntelliJ IDEA before 2022.1 local code execution via link ...)
 	TODO: check
 CVE-2022-29818 (In JetBrains IntelliJ IDEA before 2022.1 origin checks in the internal ...)
@@ -219,7 +219,7 @@ CVE-2022-29813 (In JetBrains IntelliJ IDEA before 2022.1 local code execution vi
 CVE-2022-29812 (In JetBrains IntelliJ IDEA before 2022.1 notification mechanisms about ...)
 	TODO: check
 CVE-2022-29811 (In JetBrains Hub before 2022.1.14638 stored XSS via project icon was p ...)
-	TODO: check
+	NOT-FOR-US: JetBrains Hub
 CVE-2022-1508
 	RESERVED
 	- linux 5.15.3-1
@@ -1435,17 +1435,17 @@ CVE-2022-29417 (Plugin Settings Update vulnerability in ShortPixel's ShortPixel
 CVE-2022-29416
 	RESERVED
 CVE-2022-29415 (Unauthenticated Reflected Cross-Site Scripting (XSS) vulnerability in  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-29414
 	RESERVED
 CVE-2022-29413 (Cross-Site Request Forgery (CSRF) leading to Stored Cross-Site Scripti ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-29412 (Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in Hermit & ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-29411 (SQL Injection (SQLi) vulnerability in Mufeng's Hermit 音乐 ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-29410 (Authenticated SQL Injection (SQLi) vulnerability in Mufeng's Hermit &# ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-29409
 	RESERVED
 CVE-2022-29408
@@ -1842,7 +1842,7 @@ CVE-2022-1351 (Stored XSS in Tooltip in GitHub repository pimcore/pimcore prior
 CVE-2022-29264 (An issue was discovered in coreboot 4.13 through 4.16. On APs, arbitra ...)
 	- coreboot <itp> (bug #381727)
 CVE-2022-28719 (Missing authentication for critical function in AssetView prior to Ver ...)
-	TODO: check
+	NOT-FOR-US: AssetView
 CVE-2022-1350 (A vulnerability classified as problematic was found in GhostPCL 9.55.0 ...)
 	- ghostscript <unfixed> (unimportant)
 	NOTE: https://vuldb.com/?id.197290
@@ -2126,7 +2126,7 @@ CVE-2022-29153 (HashiCorp Consul and Consul Enterprise through 2022-04-12 allow
 	- consul <unfixed>
 	NOTE: https://discuss.hashicorp.com/t/hcsec-2022-10-consul-s-http-health-check-may-allow-server-side-request-forgery/38393
 CVE-2022-29152 (The Ericom PowerTerm WebConnect 6.0 login portal can unsafely write an ...)
-	TODO: check
+	NOT-FOR-US: Ericom
 CVE-2022-29151
 	RESERVED
 CVE-2022-29150
@@ -5145,13 +5145,13 @@ CVE-2022-28119
 CVE-2022-28118
 	RESERVED
 CVE-2022-28117 (A Server-Side Request Forgery (SSRF) in feed_parser class of Navigate  ...)
-	TODO: check
+	NOT-FOR-US: Navigate CMS
 CVE-2022-28116 (Online Banking System v1.0 was discovered to contain a SQL injection v ...)
 	NOT-FOR-US: Online Banking System
 CVE-2022-28115 (Online Sports Complex Booking v1.0 was discovered to contain a SQL inj ...)
 	NOT-FOR-US: Online Sports Complex Booking
 CVE-2022-28114 (DSCMS v3.0 was discovered to contain an arbitrary file deletion vulner ...)
-	TODO: check
+	NOT-FOR-US: DSCMS
 CVE-2022-28113 (An issue in upload.csp of FANTEC GmbH MWiD25-DS Firmware v2.000.030 al ...)
 	NOT-FOR-US: FANTEC GmbH MWiD25-DS Firmware
 CVE-2022-28112
@@ -5175,9 +5175,9 @@ CVE-2022-28104
 CVE-2022-28103
 	RESERVED
 CVE-2022-28102 (A cross-site scripting (XSS) vulnerability in PHP MySQL Admin Panel Ge ...)
-	TODO: check
+	NOT-FOR-US: PHP MySQL Admin Panel Generator
 CVE-2022-28101 (Turtlapp Turtle Note v0.7.2.6 does not filter the <meta> tag dur ...)
-	TODO: check
+	NOT-FOR-US: Turtlapp Turtle Note
 CVE-2022-28100
 	RESERVED
 CVE-2022-28099
@@ -5806,7 +5806,7 @@ CVE-2022-27862 (Arbitrary File Upload leading to RCE in E4J s.r.l. VikBooking Ho
 CVE-2022-27861
 	RESERVED
 CVE-2022-27860 (Cross-Site Request Forgery (CSRF) leading to Cross-Site Scripting (XSS ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-27859
 	RESERVED
 CVE-2022-27858
@@ -13845,7 +13845,7 @@ CVE-2022-24937
 CVE-2022-24936
 	RESERVED
 CVE-2022-24935 (Lexmark products through 2022-02-10 have Incorrect Access Control. ...)
-	TODO: check
+	NOT-FOR-US: Lexmark
 CVE-2022-24934 (wpsupdater.exe in Kingsoft WPS Office through 11.2.0.10382 allows remo ...)
 	NOT-FOR-US: Kingsoft WPS Office
 CVE-2022-24933
@@ -13942,7 +13942,7 @@ CVE-2022-24894
 CVE-2022-24893
 	RESERVED
 CVE-2022-24892 (Shopware is an open source e-commerce software platform. Starting with ...)
-	TODO: check
+	NOT-FOR-US: Shopware
 CVE-2022-24891 (ESAPI (The OWASP Enterprise Security API) is a free, open source, web  ...)
 	TODO: check
 CVE-2022-24890
@@ -13976,7 +13976,7 @@ CVE-2022-24881 (Ballcat Codegen provides the function of online editing code to
 CVE-2022-24880 (flask-session-captcha is a package which allows users to extend Flask  ...)
 	NOT-FOR-US: flask-session-captcha
 CVE-2022-24879 (Shopware is an open source e-commerce software platform. Versions prio ...)
-	TODO: check
+	NOT-FOR-US: Shopware
 CVE-2022-24878
 	RESERVED
 CVE-2022-24877
@@ -13988,7 +13988,7 @@ CVE-2022-24875 (The CVEProject/cve-services is an open source project used to op
 CVE-2022-24874
 	REJECTED
 CVE-2022-24873 (Shopware is an open source e-commerce software platform. Prior to vers ...)
-	TODO: check
+	NOT-FOR-US: Shopware
 CVE-2022-24872 (Shopware is an open commerce platform based on Symfony Framework and V ...)
 	NOT-FOR-US: Shopware
 CVE-2022-24871 (Shopware is an open commerce platform based on Symfony Framework and V ...)
@@ -21520,11 +21520,11 @@ CVE-2022-22785
 CVE-2022-22784
 	RESERVED
 CVE-2022-22783 (A vulnerability in Zoom On-Premise Meeting Connector Controller versio ...)
-	TODO: check
+	NOT-FOR-US: Zoom
 CVE-2022-22782 (The Zoom Client for Meetings for Windows prior to version 5.9.7, Zoom  ...)
-	TODO: check
+	NOT-FOR-US: Zoom
 CVE-2022-22781 (The Zoom Client for Meetings for MacOS (Standard and for IT Admin) pri ...)
-	TODO: check
+	NOT-FOR-US: Zoom
 CVE-2022-22780 (The Zoom Client for Meetings chat functionality was susceptible to Zip ...)
 	NOT-FOR-US: Zoom
 CVE-2022-22779 (The Keybase Clients for macOS and Windows before version 5.9.0 fails t ...)
@@ -30945,7 +30945,7 @@ CVE-2021-43941 (Affected versions of Atlassian Jira Server and Data Center allow
 CVE-2021-43940 (Affected versions of Atlassian Confluence Server and Data Center allow ...)
 	NOT-FOR-US: Atlassian Confluence
 CVE-2021-43939 (Elcomplus SmartPTT is vulnerable when a low-authenticated user can acc ...)
-	TODO: check
+	NOT-FOR-US: Elcomplus SmartPTT
 CVE-2021-43938
 	RESERVED
 CVE-2021-43937
@@ -30955,15 +30955,15 @@ CVE-2021-43936 (The software allows the attacker to upload or transfer files of
 CVE-2021-43935 (The impacted products, when configured to use SSO, are affected by an  ...)
 	NOT-FOR-US: Hillrom
 CVE-2021-43934 (Elcomplus SmartPTT is vulnerable as the backup and restore system does ...)
-	TODO: check
+	NOT-FOR-US: Elcomplus SmartPTT
 CVE-2021-43933 (The affected product is vulnerable to a network-based attack by threat ...)
 	NOT-FOR-US: FANUC Roboguide
 CVE-2021-43932 (Elcomplus SmartPTT is vulnerable when an attacker injects JavaScript c ...)
-	TODO: check
+	NOT-FOR-US: Elcomplus SmartPTT
 CVE-2021-43931 (The authentication algorithm of the WebHMI portal is sound, but the im ...)
 	NOT-FOR-US: Distributed Data Systems
 CVE-2021-43930 (Elcomplus SmartPTT is vulnerable as the backup and restore system does ...)
-	TODO: check
+	NOT-FOR-US: Elcomplus SmartPTT
 CVE-2021-43929 (Improper neutralization of special elements in output used by a downst ...)
 	NOT-FOR-US: Synology
 CVE-2021-43928 (Improper neutralization of special elements used in an OS command ('OS ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ae5104ccec329888f99310a2c1e98b205df56d64

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ae5104ccec329888f99310a2c1e98b205df56d64
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220428/e9edff29/attachment.htm>

More information about the debian-security-tracker-commits mailing list