[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) jmm at debian.org
Tue Feb 1 09:42:35 GMT 2022 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
1a2f3607 by Moritz Muehlenhoff at 2022-02-01T10:42:25+01:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -102,13 +102,13 @@ CVE-2022-24268
 CVE-2022-24267
 	RESERVED
 CVE-2022-24266 (Cuppa CMS v1.0 was discovered to contain a SQL injection vulnerability ...)
-	TODO: check
+	NOT-FOR-US: Cuppa CMS
 CVE-2022-24265 (Cuppa CMS v1.0 was discovered to contain a SQL injection vulnerability ...)
-	TODO: check
+	NOT-FOR-US: Cuppa CMS
 CVE-2022-24264 (Cuppa CMS v1.0 was discovered to contain a SQL injection vulnerability ...)
-	TODO: check
+	NOT-FOR-US: Cuppa CMS
 CVE-2022-24263 (Hospital Management System v4.0 was discovered to contain a SQL inject ...)
-	TODO: check
+	NOT-FOR-US: Hospital Management System
 CVE-2022-24262
 	RESERVED
 CVE-2022-24261
@@ -1362,7 +1362,7 @@ CVE-2022-23874
 CVE-2022-23873
 	RESERVED
 CVE-2022-23872 (Emlog pro v1.1.1 was discovered to contain a stored cross-site scripti ...)
-	TODO: check
+	NOT-FOR-US: Emlog pro
 CVE-2022-23871
 	RESERVED
 CVE-2022-23870
@@ -2011,7 +2011,7 @@ CVE-2022-23776
 CVE-2022-23775
 	RESERVED
 CVE-2022-23774 (Docker Desktop before 4.4.4 on Windows allows attackers to move arbitr ...)
-	TODO: check
+	NOT-FOR-US: Docker Desktop
 CVE-2022-23773
 	RESERVED
 CVE-2022-23772
@@ -2364,9 +2364,9 @@ CVE-2022-23601 [CSRF token missing in forms]
 CVE-2022-23600
 	RESERVED
 CVE-2022-23599 (Products.ATContentTypes are the core content types for Plone 2.1 - 4.3 ...)
-	TODO: check
+	NOT-FOR-US: Plone
 CVE-2022-23598 (laminas-form is a package for validating and displaying simple and com ...)
-	TODO: check
+	NOT-FOR-US: laminas-form
 CVE-2022-23597
 	RESERVED
 CVE-2022-23596
@@ -3129,11 +3129,11 @@ CVE-2022-0272
 CVE-2022-0271
 	RESERVED
 CVE-2022-0270 (Prior to v0.6.1, bored-agent failed to sanitize incoming kubernetes im ...)
-	TODO: check
+	NOT-FOR-US: bored-agent
 CVE-2022-0269 (Cross-Site Request Forgery (CSRF) in Packagist yetiforce/yetiforce-crm ...)
 	NOT-FOR-US: yetiforce-crm
 CVE-2022-0268 (Cross-site Scripting (XSS) - Stored in Packagist getgrav/grav prior to ...)
-	TODO: check
+	NOT-FOR-US: Grav CMS
 CVE-2022-0267
 	RESERVED
 CVE-2021-46399
@@ -3768,7 +3768,7 @@ CVE-2022-0221
 CVE-2022-0220
 	RESERVED
 CVE-2022-0219 (Improper Restriction of XML External Entity Reference in GitHub reposi ...)
-	TODO: check
+	NOT-FOR-US: jadx
 CVE-2022-0218
 	RESERVED
 CVE-2022-0216
@@ -5100,7 +5100,7 @@ CVE-2022-22822 (addBinding in xmlparse.c in Expat (aka libexpat) before 2.4.3 ha
 CVE-2022-22821 (NVIDIA NeMo before 1.6.0 contains a vulnerability in ASR WebApp, in wh ...)
 	NOT-FOR-US: NVIDIA NeMo
 CVE-2022-22820 (Due to the lack of media file checks before rendering, it was possible ...)
-	TODO: check
+	NOT-FOR-US: LINE
 CVE-2022-22819
 	RESERVED
 CVE-2022-22818
@@ -5173,9 +5173,9 @@ CVE-2022-22793
 CVE-2022-22792
 	RESERVED
 CVE-2022-22791 (SYNEL - eharmony Authenticated Blind & Stored XSS. Inject JS code  ...)
-	TODO: check
+	NOT-FOR-US: SYNEL
 CVE-2022-22790 (SYNEL - eharmony Directory Traversal. Directory Traversal - is an atta ...)
-	TODO: check
+	NOT-FOR-US: SYNEL
 CVE-2022-22789 (Charactell - FormStorm Enterprise Account takeover – An attacker ...)
 	NOT-FOR-US: Charactell - FormStorm Enterprise
 CVE-2022-22788
@@ -6692,7 +6692,7 @@ CVE-2021-46104 (An issue was discovered in webp_server_go 0.4.0. There is a dire
 CVE-2021-46103
 	RESERVED
 CVE-2021-46102 (From version 0.2.14 to 0.2.16 for Solana rBPF, function "relocate" in  ...)
-	TODO: check
+	NOT-FOR-US: Solana rBBP
 CVE-2021-46101 (In Git for windows through 2.34.1 when using git pull to update the lo ...)
 	TODO: check
 CVE-2021-46100
@@ -6728,9 +6728,9 @@ CVE-2021-46086 (xzs-mysql >= t3.4.0 is vulnerable to Insecure Permissions. Th
 CVE-2021-46085 (OneBlog <= 2.2.8 is vulnerable to Insecure Permissions. Low level a ...)
 	NOT-FOR-US: OneBlog
 CVE-2021-46084 (uscat, as of 2021-12-28, is vulnerable to Cross Site Scripting (XSS) v ...)
-	TODO: check
+	NOT-FOR-US: uscat
 CVE-2021-46083 (uscat, as of 2021-12-28, is vulnerable to Cross Site Scripting (XSS) v ...)
-	TODO: check
+	NOT-FOR-US: uscat
 CVE-2021-46082
 	RESERVED
 CVE-2021-46081



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1a2f3607f40efe2c1f4387198542fbb4f4f3709e

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1a2f3607f40efe2c1f4387198542fbb4f4f3709e
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220201/5be19136/attachment.htm>

More information about the debian-security-tracker-commits mailing list