[Git][security-tracker-team/security-tracker][master] Process some NFUs

Mon Feb 7 20:36:01 GMT 2022


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
df66d6a5 by Salvatore Bonaccorso at 2022-02-07T21:35:47+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -225,9 +225,9 @@ CVE-2022-24554
 CVE-2022-24553
 	RESERVED
 CVE-2022-24552 (StarWind SAN and NAS before 0.2 build 1685 allows remote code executio ...)
-	TODO: check
+	NOT-FOR-US: StarWind
 CVE-2022-24551 (StarWind SAN and NAS before 0.2 build 1685 allows users to reset other ...)
-	TODO: check
+	NOT-FOR-US: StarWind
 CVE-2022-24550
 	RESERVED
 CVE-2022-24549
@@ -520,7 +520,7 @@ CVE-2022-0504
 CVE-2022-0503
 	RESERVED
 CVE-2022-0502 (Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat ...)
-	TODO: check
+	NOT-FOR-US: livehelperchat
 CVE-2021-46675
 	RESERVED
 CVE-2021-46674
@@ -530,9 +530,9 @@ CVE-2021-46673
 CVE-2021-46672
 	RESERVED
 CVE-2013-20004 (StarWind iSCSI SAN before 6.0 build 2013-03-20 allows a memory leak. ...)
-	TODO: check
+	NOT-FOR-US: StarWind
 CVE-2007-20001 (StarWind iSCSI SAN before 3.5 build 2007-08-09 allows socket exhaustio ...)
-	TODO: check
+	NOT-FOR-US: StarWind
 CVE-2022-24408
 	RESERVED
 CVE-2022-0501 (Cross-site Scripting (XSS) - Reflected in Packagist ptrofimov/beanstal ...)
@@ -704,7 +704,7 @@ CVE-2022-24350
 CVE-2022-24349
 	RESERVED
 CVE-2022-24348 (Argo CD before 2.1.9 and 2.2.x before 2.2.4 allows directory traversal ...)
-	TODO: check
+	NOT-FOR-US: Argo CD
 CVE-2022-24347
 	RESERVED
 CVE-2022-24346
@@ -1135,13 +1135,13 @@ CVE-2022-24264 (Cuppa CMS v1.0 was discovered to contain a SQL injection vulnera
 CVE-2022-24263 (Hospital Management System v4.0 was discovered to contain a SQL inject ...)
 	NOT-FOR-US: Hospital Management System
 CVE-2022-24262 (The config restore function of Voipmonitor GUI before v24.96 does not  ...)
-	TODO: check
+	NOT-FOR-US: Voipmonitor
 CVE-2022-24261
 	RESERVED
 CVE-2022-24260 (A SQL injection vulnerability in Voipmonitor GUI before v24.96 allows  ...)
-	TODO: check
+	NOT-FOR-US: Voipmonitor
 CVE-2022-24259 (An incorrect check in the component cdr.php of Voipmonitor GUI before  ...)
-	TODO: check
+	NOT-FOR-US: Voipmonitor
 CVE-2022-24258
 	RESERVED
 CVE-2022-24257
@@ -1495,11 +1495,11 @@ CVE-2022-24117
 CVE-2022-24116
 	RESERVED
 CVE-2022-24115 (Local privilege escalation due to unrestricted loading of unsigned lib ...)
-	TODO: check
+	NOT-FOR-US: Acronis
 CVE-2022-24114 (Local privilege escalation due to race condition on application startu ...)
-	TODO: check
+	NOT-FOR-US: Acronis
 CVE-2022-24113 (Local privilege escalation due to excessive permissions assigned to ch ...)
-	TODO: check
+	NOT-FOR-US: Acronis
 CVE-2022-0409
 	RESERVED
 CVE-2022-0408 (Stack-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. ...)
@@ -1726,7 +1726,7 @@ CVE-2022-24036
 CVE-2022-23921
 	RESERVED
 CVE-2022-22987 (The affected product has a hardcoded private key available inside the  ...)
-	TODO: check
+	NOT-FOR-US: Advantech
 CVE-2022-21798
 	RESERVED
 CVE-2022-21154



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/df66d6a50fc88174020c3fa1d8d563d889031471

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/df66d6a50fc88174020c3fa1d8d563d889031471
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220207/2c40ac84/attachment.htm>
