[Git][security-tracker-team/security-tracker][master] Process some NFUs

[Neil Williams (@codehelp)]

Neil Williams pushed to branch master at Debian Security Tracker / security-tracker


Commits:
da6a56e0 by Neil Williams at 2022-08-16T11:14:41+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -139,9 +139,9 @@ CVE-2022-2823
 CVE-2022-2822 (An attacker can freely brute force username and password and can takeo ...)
 	- octoprint <itp> (bug #718591)
 CVE-2022-2821 (Missing Critical Step in Authentication in GitHub repository namelessm ...)
-	TODO: check
+	NOT-FOR-US: NamelessMC/Nameless
 CVE-2022-2820 (Improper Access Control in GitHub repository namelessmc/nameless prior ...)
-	TODO: check
+	NOT-FOR-US: NamelessMC/Nameless
 CVE-2022-2819 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0 ...)
 	- vim <unfixed>
 	NOTE: https://huntr.dev/bounties/0a9bd71e-66b8-4eb1-9566-7dfd9b097e59
@@ -36809,13 +36809,13 @@ CVE-2022-24953 (The Crypt_GPG extension before 1.6.7 for PHP does not prevent ad
 	[bullseye] - php-crypt-gpg 1.6.4-2+deb11u1
 	NOTE: https://github.com/pear/Crypt_GPG/commit/74c8f989cefbe0887274b461dc56197e121bfd04 (v1.6.7)
 CVE-2022-24952 (Several denial of service vulnerabilities exist in Eternal Terminal pr ...)
-	TODO: check
+	- et <itp> (bug #861635)
 CVE-2022-24951 (A race condition exists in Eternal Terminal prior to version 6.2.0 whi ...)
-	TODO: check
+	- et <itp> (bug #861635)
 CVE-2022-24950 (A race condition exists in Eternal Terminal prior to version 6.2.0 tha ...)
-	TODO: check
+	- et <itp> (bug #861635)
 CVE-2022-24949 (A privilege escalation to root exists in Eternal Terminal prior to ver ...)
-	TODO: check
+	- et <itp> (bug #861635)
 CVE-2022-24948 (A carefully crafted user preferences for submission could trigger an X ...)
 	- jspwiki <removed>
 CVE-2022-24947 (Apache JSPWiki user preferences form is vulnerable to CSRF attacks, wh ...)
@@ -37906,7 +37906,7 @@ CVE-2022-24656 (HexoEditor 1.1.8 is affected by Cross Site Scripting (XSS). By p
 CVE-2022-24655 (A stack overflow vulnerability exists in the upnpd service in Netgear  ...)
 	NOT-FOR-US: Netgear
 CVE-2022-24654 (Authenticated stored cross-site scripting (XSS) vulnerability in "Fiel ...)
-	TODO: check
+	NOT-FOR-US: Intelbras ATA 200
 CVE-2022-24653
 	RESERVED
 CVE-2022-24652 (sentcms 4.0.x allows remote attackers to cause arbitrary file uploads  ...)
@@ -140624,7 +140624,7 @@ CVE-2020-23624
 CVE-2020-23623
 	RESERVED
 CVE-2020-23622 (** UNSUPPORTED WHEN ASSIGNED ** An issue in the UPnP protocol in 4thli ...)
-	TODO: check
+	NOT-FOR-US: 4thline/cling
 CVE-2020-23621 (The Java Remote Management Interface of all versions of SVI MS Managem ...)
 	NOT-FOR-US: Squire Remote Management Interface
 CVE-2020-23620 (The Java Remote Management Interface of all versions of Orlansoft ERP  ...)
@@ -144906,9 +144906,9 @@ CVE-2020-21644
 CVE-2020-21643
 	RESERVED
 CVE-2020-21642 (Directory Traversal vulnerability ZDBQAREFSUBDIR parameter in /zropuse ...)
-	TODO: check
+	NOT-FOR-US: ManageEngine Analytics Plus
 CVE-2020-21641 (Out-of-Band XML External Entity (OOB-XXE) vulnerability in Zoho Manage ...)
-	TODO: check
+	NOT-FOR-US: ManageEngine Analytics Plus
 CVE-2020-21640
 	RESERVED
 CVE-2020-21639 (Ruijie RG-UAC 6000-E50 commit 9071227 was discovered to contain a cros ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/da6a56e06a488b68b0f5582d7859f7a83d38489c

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/da6a56e06a488b68b0f5582d7859f7a83d38489c
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220816/47a4ff7f/attachment.htm>