[Git][security-tracker-team/security-tracker][master] Process some NFUs

Neil Williams (@codehelp) codehelp at debian.org
Wed Aug 3 09:51:48 BST 2022 


Neil Williams pushed to branch master at Debian Security Tracker / security-tracker


Commits:
732dbf14 by Neil Williams at 2022-08-03T09:51:33+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -22503,7 +22503,7 @@ CVE-2022-1295 (Prototype Pollution in GitHub repository alvarotrigo/fullpage.js
 CVE-2022-1294 (The IMDB info box WordPress plugin through 2.0 does not sanitize and e ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-1293 (The embedded neutralization of Script-Related HTML Tag, was by-passed  ...)
-	TODO: check
+	NOT-FOR-US: Ercom citadel
 CVE-2022-1292 (The c_rehash script does not properly sanitise shell metacharacters to ...)
 	{DSA-5139-1 DLA-3008-1}
 	- openssl 1.1.1o-1
@@ -26601,17 +26601,17 @@ CVE-2022-27623
 CVE-2022-27622
 	RESERVED
 CVE-2022-27621 (Improper limitation of a pathname to a restricted directory ('Path Tra ...)
-	TODO: check
+	NOT-FOR-US: Synology DiskStation Manager
 CVE-2022-27620 (Improper limitation of a pathname to a restricted directory ('Path Tra ...)
-	TODO: check
+	NOT-FOR-US: Synology DiskStation Manager
 CVE-2022-27619 (Cleartext transmission of sensitive information vulnerability in authe ...)
-	TODO: check
+	NOT-FOR-US: Synology Note Station Client
 CVE-2022-27618 (Improper limitation of a pathname to a restricted directory ('Path Tra ...)
-	TODO: check
+	NOT-FOR-US: Synology DiskStation Manager
 CVE-2022-27617 (Improper limitation of a pathname to a restricted directory ('Path Tra ...)
-	TODO: check
+	NOT-FOR-US: Synology DiskStation Manager
 CVE-2022-27616 (Improper neutralization of special elements used in an OS command ('OS ...)
-	TODO: check
+	NOT-FOR-US: Synology DiskStation Manager
 CVE-2022-27615 (Improper limitation of a pathname to a restricted directory ('Path Tra ...)
 	NOT-FOR-US: Synology
 CVE-2022-27614 (Exposure of sensitive information to an unauthorized actor vulnerabili ...)
@@ -31321,7 +31321,7 @@ CVE-2022-25869 (All versions of package angular are vulnerable to Cross-site Scr
 	- angular.js <unfixed>
 	NOTE: https://security.snyk.io/vuln/SNYK-JS-ANGULAR-2949781
 CVE-2022-25867 (The package io.socket:socket.io-client before 2.0.1 are vulnerable to  ...)
-	TODO: check
+	NOT-FOR-US: socket.io-client-java
 CVE-2022-25866 (The package czproject/git-php before 4.0.3 are vulnerable to Command I ...)
 	NOT-FOR-US: git-php
 CVE-2022-25865 (The package workspace-tools before 0.18.4 are vulnerable to Command In ...)
@@ -38761,7 +38761,7 @@ CVE-2022-23735
 CVE-2022-23734
 	RESERVED
 CVE-2022-23733 (A stored XSS vulnerability was identified in GitHub Enterprise Server  ...)
-	TODO: check
+	NOT-FOR-US: Github Enterprise Server
 CVE-2022-23732 (A path traversal vulnerability was identified in GitHub Enterprise Ser ...)
 	NOT-FOR-US: Github Enterprise Server
 CVE-2022-23731 (V8 javascript engine (heap vulnerability) can cause privilege escalati ...)
@@ -123961,11 +123961,11 @@ CVE-2020-28455 (This affects all versions of package markdown-it-toc. The title
 CVE-2020-28454
 	RESERVED
 CVE-2020-28453 (This affects all versions of package npos-tesseract. The injection poi ...)
-	TODO: check
+	NOT-FOR-US: Node npos-tesseract
 CVE-2020-28452 (This affects the package com.softwaremill.akka-http-session:core_2.12  ...)
 	NOT-FOR-US: akka-http-session
 CVE-2020-28451 (This affects the package image-tiler before 2.0.2. ...)
-	TODO: check
+	NOT-FOR-US: Node image-tiler
 CVE-2020-28450 (This affects all versions of package decal. The vulnerability is in th ...)
 	NOT-FOR-US: Node decal
 CVE-2020-28449 (This affects all versions of package decal. The vulnerability is in th ...)
@@ -123993,15 +123993,15 @@ CVE-2020-28439 (This affects all versions of package corenlp-js-prefab. The inje
 CVE-2020-28438 (This affects all versions of package deferred-exec. The injection poin ...)
 	NOT-FOR-US: Node deferred-exec
 CVE-2020-28437 (This affects all versions of package heroku-env. The injection point i ...)
-	TODO: check
+	NOT-FOR-US: Node heroku-env
 CVE-2020-28436 (This affects all versions of package google-cloudstorage-commands. ...)
 	NOT-FOR-US: Node google-cloudstorage-commands
 CVE-2020-28435 (This affects all versions of package ffmpeg-sdk. The injection point i ...)
 	NOT-FOR-US: Node ffmpeg-sdk
 CVE-2020-28434 (This affects all versions of package gitblame. The injection point is  ...)
-	TODO: check
+	NOT-FOR-US: Node gitblame
 CVE-2020-28433 (This affects all versions of package node-latex-pdf. ...)
-	TODO: check
+	NOT-FOR-US: node-latex-pdf
 CVE-2020-28432
 	REJECTED
 CVE-2020-28431
@@ -124017,11 +124017,11 @@ CVE-2020-28427
 CVE-2020-28426 (All versions of package kill-process-on-port are vulnerable to Command ...)
 	NOT-FOR-US: Node kill-process-on-port
 CVE-2020-28425 (This affects all versions of package curljs. ...)
-	TODO: check
+	NOT-FOR-US: Node curljs
 CVE-2020-28424 (This affects all versions of package s3-kilatstorage. ...)
-	TODO: check
+	NOT-FOR-US: Node s3-kilatstorage
 CVE-2020-28423 (This affects all versions of package monorepo-build. ...)
-	TODO: check
+	NOT-FOR-US: Node monorepo-build
 CVE-2020-28422 (All versions of package git-archive are vulnerable to Command Injectio ...)
 	NOT-FOR-US: Node git-archive
 CVE-2020-28421 (CA Unified Infrastructure Management 20.1 and earlier contains a vulne ...)
@@ -177579,7 +177579,7 @@ CVE-2020-7797
 CVE-2020-7796 (Zimbra Collaboration Suite (ZCS) before 8.8.15 Patch 7 allows SSRF whe ...)
 	NOT-FOR-US: Zimbra Collaboration Suite (ZCS)
 CVE-2020-7795 (The package get-npm-package-version before 1.0.7 are vulnerable to Com ...)
-	TODO: check
+	NOT-FOR-US: Node get-npm-package-version
 CVE-2020-7794 (This affects all versions of package buns. The injection point is loca ...)
 	NOT-FOR-US: Node buns
 CVE-2020-7793 (The package ua-parser-js before 0.7.23 are vulnerable to Regular Expre ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/732dbf14790fe0c8c2a8c0aa480d5800a4979c1f

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/732dbf14790fe0c8c2a8c0aa480d5800a4979c1f
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220803/657b110b/attachment.htm>

More information about the debian-security-tracker-commits mailing list