[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Sat Apr 30 08:32:08 BST 2022 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
5d9d93ee by Salvatore Bonaccorso at 2022-04-30T09:31:26+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -61,7 +61,7 @@ CVE-2022-29492
 CVE-2022-29490
 	RESERVED
 CVE-2022-1543 (Improper handling of Length parameter in GitHub repository erudika/sco ...)
-	TODO: check
+	NOT-FOR-US: scoold
 CVE-2022-1542
 	RESERVED
 CVE-2022-1541
@@ -75,7 +75,7 @@ CVE-2022-1538
 CVE-2022-1537
 	RESERVED
 CVE-2022-1536 (A vulnerability has been found in automad up to 1.10.9 and classified  ...)
-	TODO: check
+	NOT-FOR-US: automad
 CVE-2022-1535
 	RESERVED
 CVE-2022-1534 (Buffer Over-read at parse_rawml.c:1416 in GitHub repository bfabiszews ...)
@@ -89,7 +89,7 @@ CVE-2022-1533 (Buffer Over-read in GitHub repository bfabiszewski/libmobi prior
 CVE-2022-1532
 	RESERVED
 CVE-2022-1531 (SQL injection vulnerability in ARAX-UI Synonym Lookup functionality in ...)
-	TODO: check
+	NOT-FOR-US: RTX
 CVE-2022-1530 (Cross-site Scripting (XSS) in GitHub repository livehelperchat/livehel ...)
 	NOT-FOR-US: livehelperchat
 CVE-2022-1529
@@ -2713,7 +2713,7 @@ CVE-2022-28996
 CVE-2022-28995
 	RESERVED
 CVE-2022-28994 (Small HTTP Server version 3.06 suffers from a remote buffer overflow v ...)
-	TODO: check
+	NOT-FOR-US: Small HTTP Server
 CVE-2022-28993
 	RESERVED
 CVE-2022-28992
@@ -14057,7 +14057,7 @@ CVE-2022-24902
 CVE-2022-24901
 	RESERVED
 CVE-2022-24900 (Piano LED Visualizer is software that allows LED lights to light up as ...)
-	TODO: check
+	NOT-FOR-US: Piano LED Visualizer
 CVE-2022-24899
 	RESERVED
 CVE-2022-24898 (org.xwiki.commons:xwiki-commons-xml is a common module used by other X ...)
@@ -28627,9 +28627,9 @@ CVE-2021-44598 (Attendance Management System 1.0 is affected by a Cross Site Scr
 CVE-2021-44597 (An Access Control vunerabiity exists in Gerapy v 0.9.7 via the spider  ...)
 	NOT-FOR-US: Gerapy
 CVE-2021-44596 (Wondershare LTD Dr. Fone as of 2021-12-06 version is affected by Remot ...)
-	TODO: check
+	NOT-FOR-US: Wondershare
 CVE-2021-44595 (Wondershare Dr. Fone Latest version as of 2021-12-06 is vulnerable to  ...)
-	TODO: check
+	NOT-FOR-US: Wondershare
 CVE-2021-44594
 	RESERVED
 CVE-2021-44593 (Simple College Website 1.0 is vulnerable to unauthenticated file uploa ...)
@@ -31089,9 +31089,9 @@ CVE-2021-43940 (Affected versions of Atlassian Confluence Server and Data Center
 CVE-2021-43939 (Elcomplus SmartPTT is vulnerable when a low-authenticated user can acc ...)
 	NOT-FOR-US: Elcomplus SmartPTT
 CVE-2021-43938 (Elcomplus SmartPTT SCADA Server is vulnerable to an unauthenticated us ...)
-	TODO: check
+	NOT-FOR-US: Elcomplus SmartPTT SCADA Server
 CVE-2021-43937 (Elcomplus SmartPTT SCADA Server web application does not, or cannot, s ...)
-	TODO: check
+	NOT-FOR-US: Elcomplus SmartPTT SCADA Server
 CVE-2021-43936 (The software allows the attacker to upload or transfer files of danger ...)
 	NOT-FOR-US: Distributed Data Systems
 CVE-2021-43935 (The impacted products, when configured to use SSO, are affected by an  ...)
@@ -39279,7 +39279,7 @@ CVE-2021-41950 (A directory traversal issue in ResourceSpace 9.6 before 9.6 rev
 CVE-2021-41949
 	RESERVED
 CVE-2021-41948 (A cross-site scripting (XSS) vulnerability exists in the "contact us"  ...)
-	TODO: check
+	NOT-FOR-US: Subrion CMS plugin
 CVE-2021-41947 (A SQL injection vulnerability exists in Subrion CMS v4.2.1 in the visu ...)
 	NOT-FOR-US: Subrion CMS
 CVE-2021-41946
@@ -39296,7 +39296,7 @@ CVE-2021-41944
 CVE-2021-41943
 	RESERVED
 CVE-2021-41942 (The Magic CMS MSVOD v10 video system has a SQL injection vulnerability ...)
-	TODO: check
+	NOT-FOR-US: Magic CMS
 CVE-2021-41941
 	RESERVED
 CVE-2021-41940
@@ -46491,7 +46491,7 @@ CVE-2021-39084
 CVE-2021-39083
 	RESERVED
 CVE-2021-39082 (IBM UrbanCode Deploy (UCD) 7.1.1.2 uses weaker than expected cryptogra ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2021-39081
 	RESERVED
 CVE-2021-39080 (Due to weak obfuscation, IBM Cognos Analytics Mobile for Android appli ...)
@@ -53567,7 +53567,7 @@ CVE-2021-36209 (In JetBrains Hub before 2021.1.13389, account takeover was possi
 CVE-2021-36208
 	RESERVED
 CVE-2021-36207 (Under certain circumstances improper privilege management in Metasys A ...)
-	TODO: check
+	NOT-FOR-US: Metasys
 CVE-2021-36206
 	RESERVED
 CVE-2021-36205 (Under certain circumstances the session token is not cleared on logout ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5d9d93eeeceb32346054cd2ff1284c643203db2c

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5d9d93eeeceb32346054cd2ff1284c643203db2c
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220430/1889f320/attachment.htm>

More information about the debian-security-tracker-commits mailing list