[Git][security-tracker-team/security-tracker][master] Process some NFUs

Neil Williams (@codehelp) codehelp at debian.org
Thu Aug 18 09:45:51 BST 2022 


Neil Williams pushed to branch master at Debian Security Tracker / security-tracker


Commits:
a5b30f6c by Neil Williams at 2022-08-18T09:45:12+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -4180,7 +4180,7 @@ CVE-2022-35401
 CVE-2022-2548
 	RESERVED
 CVE-2022-2547 (A crafted HTTP packet without a content-type header can create a denia ...)
-	TODO: check
+	NOT-FOR-US: Softing Industrial Automation
 CVE-2022-36787
 	RESERVED
 CVE-2022-36786
@@ -7855,15 +7855,15 @@ CVE-2022-33150
 CVE-2022-2339 (With this SSRF vulnerability, an attacker can reach internal addresses ...)
 	NOT-FOR-US: nocodb
 CVE-2022-2338 (Softing Secure Integration Server V1.22 is vulnerable to authenticatio ...)
-	TODO: check
+	NOT-FOR-US: Softing Industrial Automation
 CVE-2022-2337 (A crafted HTTP packet with a missing HTTP URI can create a denial-of-s ...)
-	TODO: check
+	NOT-FOR-US: Softing Industrial Automation
 CVE-2022-2336 (Softing Secure Integration Server, edgeConnector, and edgeAggregator s ...)
-	TODO: check
+	NOT-FOR-US: Softing Industrial Automation
 CVE-2022-2335 (A crafted HTTP packet with a -1 content-length header can create a den ...)
-	TODO: check
+	NOT-FOR-US: Softing Industrial Automation
 CVE-2022-2334 (The application searches for a library dll that is not found. If an at ...)
-	TODO: check
+	NOT-FOR-US: Softing Industrial Automation
 CVE-2022-2333
 	RESERVED
 CVE-2022-2332
@@ -19541,7 +19541,7 @@ CVE-2022-1750 (The Sticky Popup plugin for WordPress is vulnerable to Stored Cro
 CVE-2022-1749 (The WPMK Ajax Finder WordPress plugin is vulnerable to Cross-Site Requ ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-1748 (Softing OPC UA C++ Server SDK, Secure Integration Server, edgeConnecto ...)
-	TODO: check
+	NOT-FOR-US: Softing Industrial Automation
 CVE-2022-1747 (The authentication mechanism used by voters to activate a voting sessi ...)
 	NOT-FOR-US: Dominion
 CVE-2022-1746 (The authentication mechanism used by poll workers to administer voting ...)
@@ -24537,7 +24537,7 @@ CVE-2022-1375 (Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) h
 CVE-2022-1374 (Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a  ...)
 	NOT-FOR-US: Delta Electronics
 CVE-2022-1373 (The “restore configuration” feature of Softing Secure Inte ...)
-	TODO: check
+	NOT-FOR-US: Softing Industrial Automation
 CVE-2022-1372 (Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a  ...)
 	NOT-FOR-US: Delta Electronics
 CVE-2022-1371 (Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a  ...)
@@ -28820,7 +28820,7 @@ CVE-2022-1071 (User after free in mrb_vm_exec in GitHub repository mruby/mruby p
 CVE-2022-1070
 	RESERVED
 CVE-2022-1069 (A crafted HTTP packet with a large content-length header can create a  ...)
-	TODO: check
+	NOT-FOR-US: Softing Industrial Automation
 CVE-2022-1068 (Modbus Tools Modbus Slave (versions 7.4.2 and prior) is vulnerable to  ...)
 	NOT-FOR-US: Modbus Tools Modbus Slave
 CVE-2022-1067 (Navigating to a specific URL with a patient ID number will result in t ...)
@@ -93310,9 +93310,9 @@ CVE-2021-30073
 CVE-2021-30072 (An issue was discovered in prog.cgi on D-Link DIR-878 1.30B08 devices. ...)
 	NOT-FOR-US: D-Link
 CVE-2021-30071 (A cross-site scripting (XSS) vulnerability in /admin/list_key.html of  ...)
-	TODO: check
+	NOT-FOR-US: Hestia Control Panel
 CVE-2021-30070 (An issue was discovered in HestiaCP before v1.3.5. Attackers are able  ...)
-	TODO: check
+	NOT-FOR-US: Hestia Control Panel
 CVE-2021-30069
 	RESERVED
 CVE-2021-30068
@@ -101846,7 +101846,7 @@ CVE-2021-26641
 CVE-2021-26640
 	RESERVED
 CVE-2021-26639 (This vulnerability is caused by the lack of validation of input values ...)
-	TODO: check
+	NOT-FOR-US: WISA Smart Wing CMS
 CVE-2021-26638 (Improper Authentication vulnerability in S&D smarthome(smartcare)  ...)
 	NOT-FOR-US: SmartHome Android app
 CVE-2021-26637 (There is no account authentication and permission check logic in the f ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a5b30f6ca04b0f20f473cc2511dc2c82a10b9393

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a5b30f6ca04b0f20f473cc2511dc2c82a10b9393
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220818/357ca680/attachment.htm>

More information about the debian-security-tracker-commits mailing list