[Git][security-tracker-team/security-tracker][master] Process NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Sat Feb 12 09:23:36 GMT 2022 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
d7357cc3 by Salvatore Bonaccorso at 2022-02-12T10:23:08+01:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -20,7 +20,7 @@ CVE-2022-24970
 CVE-2022-24969
 	RESERVED
 CVE-2022-24968 (In Mellium mellium.im/xmpp through 0.21.0, an attacker capable of spoo ...)
-	TODO: check
+	NOT-FOR-US: Mellium
 CVE-2022-24967
 	RESERVED
 CVE-2022-24966
@@ -4259,7 +4259,7 @@ CVE-2022-23630 (Gradle is a build tool with a focus on build automation and supp
 CVE-2022-23629
 	RESERVED
 CVE-2022-23628 (OPA is an open source, general-purpose policy engine. Under certain co ...)
-	TODO: check
+	NOT-FOR-US: OPA
 CVE-2022-23627 (ArchiSteamFarm (ASF) is a C# application with primary purpose of idlin ...)
 	NOT-FOR-US: ArchiSteamFarm
 CVE-2022-23626 (m1k1o/blog is a lightweight self-hosted facebook-styled PHP blog. Erro ...)
@@ -4271,21 +4271,21 @@ CVE-2022-23624 (Frourio-express is a minimal full stack framework, for TypeScrip
 CVE-2022-23623 (Frourio is a full stack framework, for TypeScript. Frourio users who u ...)
 	NOT-FOR-US: Frourio
 CVE-2022-23622 (XWiki Platform is a generic wiki platform offering runtime services fo ...)
-	TODO: check
+	NOT-FOR-US: XWiki
 CVE-2022-23621 (XWiki Platform is a generic wiki platform offering runtime services fo ...)
-	TODO: check
+	NOT-FOR-US: XWiki
 CVE-2022-23620 (XWiki Platform is a generic wiki platform offering runtime services fo ...)
-	TODO: check
+	NOT-FOR-US: XWiki
 CVE-2022-23619 (XWiki Platform is a generic wiki platform offering runtime services fo ...)
-	TODO: check
+	NOT-FOR-US: XWiki
 CVE-2022-23618 (XWiki Platform is a generic wiki platform offering runtime services fo ...)
-	TODO: check
+	NOT-FOR-US: XWiki
 CVE-2022-23617 (XWiki Platform is a generic wiki platform offering runtime services fo ...)
-	TODO: check
+	NOT-FOR-US: XWiki
 CVE-2022-23616 (XWiki Platform is a generic wiki platform offering runtime services fo ...)
-	TODO: check
+	NOT-FOR-US: XWiki
 CVE-2022-23615 (XWiki Platform is a generic wiki platform offering runtime services fo ...)
-	TODO: check
+	NOT-FOR-US: XWiki
 CVE-2022-23614 (Twig is an open source template language for PHP. When in a sandbox mo ...)
 	- php-twig 3.3.8-1
 	NOTE: https://github.com/twigphp/Twig/security/advisories/GHSA-5mv2-rx3q-4w2v
@@ -5053,7 +5053,7 @@ CVE-2022-23323
 CVE-2022-23322
 	RESERVED
 CVE-2022-23321 (A persistent cross-site scripting (XSS) vulnerability exists on two in ...)
-	TODO: check
+	NOT-FOR-US: XMPie
 CVE-2022-23320 (XMPie uStore 12.3.7244.0 allows for administrators to generate reports ...)
 	NOT-FOR-US: XMPie uStore
 CVE-2022-23319
@@ -5159,17 +5159,17 @@ CVE-2021-46368
 CVE-2021-46367
 	RESERVED
 CVE-2021-46366 (An issue in the Login page of Magnolia CMS v6.2.3 and below allows att ...)
-	TODO: check
+	NOT-FOR-US: Magnolia CMS
 CVE-2021-46365 (An issue in the Export function of Magnolia v6.2.3 and below allows at ...)
-	TODO: check
+	NOT-FOR-US: Magnolia CMS
 CVE-2021-46364 (A vulnerability in the Snake YAML parser of Magnolia CMS v6.2.3 and be ...)
-	TODO: check
+	NOT-FOR-US: Magnolia CMS
 CVE-2021-46363 (An issue in the Export function of Magnolia v6.2.3 and below allows at ...)
-	TODO: check
+	NOT-FOR-US: Magnolia CMS
 CVE-2021-46362 (A Server-Side Template Injection (SSTI) vulnerability in the Registrat ...)
-	TODO: check
+	NOT-FOR-US: Magnolia CMS
 CVE-2021-46361 (An issue in the Freemark Filter of Magnolia CMS v6.2.11 and below allo ...)
-	TODO: check
+	NOT-FOR-US: Magnolia CMS
 CVE-2021-46360 (Authenticated remote code execution (RCE) in Composr-CMS 10.0.39 and e ...)
 	NOT-FOR-US: Composr-CMS
 CVE-2021-46359 (FISCO-BCOS release-3.0.0-rc2 contains a denial of service vulnerabilit ...)
@@ -7244,7 +7244,7 @@ CVE-2022-22767
 CVE-2022-22766 (Hardcoded credentials are used in specific BD Pyxis products. If explo ...)
 	NOT-FOR-US: BD Pyxis
 CVE-2022-22765 (BD Viper LT system, versions 2.0 and later, contains hardcoded credent ...)
-	TODO: check
+	NOT-FOR-US: BD Viper LT system
 CVE-2022-22764
 	RESERVED
 	{DSA-5069-1 DLA-2916-1}
@@ -11328,7 +11328,7 @@ CVE-2021-45386 (tcpreplay 4.3.4 has a Reachable Assertion in add_tree_ipv6() at
 	NOTE: https://github.com/appneta/tcpreplay/issues/687
 	NOTE: Fixed by: https://github.com/appneta/tcpreplay/commit/46cf964a7db636da76abeebf10482acf6f682a87 (v4.4.0)
 CVE-2021-45385 (A Null Pointer Dereference vulnerability exits in ffjpeg d5cfd49 (2021 ...)
-	TODO: check
+	NOT-FOR-US: ffjpeg
 CVE-2021-45384
 	RESERVED
 CVE-2021-45383
@@ -12898,9 +12898,9 @@ CVE-2021-44959
 CVE-2021-44958
 	RESERVED
 CVE-2021-44957 (Global buffer overflow vulnerability exist in ffjpeg through 01.01.202 ...)
-	TODO: check
+	NOT-FOR-US: ffjpeg
 CVE-2021-44956 (Two Heap based buffer overflow vulnerabilities exist in ffjpeg through ...)
-	TODO: check
+	NOT-FOR-US: ffjpeg
 CVE-2021-44955
 	RESERVED
 CVE-2021-44954
@@ -13017,9 +13017,9 @@ CVE-2021-44914
 CVE-2021-44913
 	RESERVED
 CVE-2021-44912 (In XE 1.116, when uploading the Normal button, there is no restriction ...)
-	TODO: check
+	NOT-FOR-US: XE
 CVE-2021-44911 (XE before 1.11.6 is vulnerable to Unrestricted file upload via modules ...)
-	TODO: check
+	NOT-FOR-US: XE
 CVE-2021-44910
 	RESERVED
 CVE-2021-44909
@@ -13478,7 +13478,7 @@ CVE-2022-21239
 CVE-2022-21229
 	RESERVED
 CVE-2022-21226 (Out-of-bounds read in the Intel(R) Trace Analyzer and Collector before ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2022-21206
 	RESERVED
 CVE-2022-21188
@@ -13496,7 +13496,7 @@ CVE-2022-21162
 CVE-2022-21161
 	RESERVED
 CVE-2022-21156 (Access of uninitialized pointer in the Intel(R) Trace Analyzer and Col ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2022-21152
 	RESERVED
 CVE-2022-21150
@@ -13612,7 +13612,7 @@ CVE-2021-44545
 CVE-2021-44457
 	RESERVED
 CVE-2021-44454 (Improper input validation in a third-party component for Intel(R) Quar ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2021-43351
 	RESERVED
 CVE-2021-4080 (crater is vulnerable to Unrestricted Upload of File with Dangerous Typ ...)
@@ -13626,7 +13626,7 @@ CVE-2021-23188
 CVE-2021-23168
 	RESERVED
 CVE-2021-23152 (Improper access control in the Intel(R) Advisor software before versio ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2021-23145
 	RESERVED
 CVE-2021-XXXX [Rainloop stores passwords in cleartext in logfile]
@@ -14318,7 +14318,7 @@ CVE-2021-23198 (mySCADA myPRO: Versions 8.20.0 and prior has a feature where the
 CVE-2021-44521 (When running Apache Cassandra with the following configuration: enable ...)
 	- cassandra <itp> (bug #585905)
 CVE-2021-4046 (The m_txtNom y m_txtCognoms parameters in TCMAN GIM v8.01 allow an att ...)
-	TODO: check
+	NOT-FOR-US: TCMAN GIM
 CVE-2021-4045
 	RESERVED
 CVE-2021-4044 (Internally libssl in OpenSSL calls X509_verify_cert() on the client si ...)
@@ -14449,7 +14449,7 @@ CVE-2022-21240
 CVE-2022-21237
 	RESERVED
 CVE-2022-21218 (Uncaught exception in the Intel(R) Trace Analyzer and Collector before ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2022-21212
 	RESERVED
 CVE-2022-21197
@@ -14463,7 +14463,7 @@ CVE-2022-21140
 CVE-2022-21139
 	RESERVED
 CVE-2022-21133 (Out-of-bounds read in the Intel(R) Trace Analyzer and Collector before ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2021-44470
 	RESERVED
 CVE-2021-4037 [security regression for CVE-2018-13405]
@@ -15503,7 +15503,7 @@ CVE-2021-44113
 CVE-2021-44112
 	RESERVED
 CVE-2021-44111 (A Directory Traversal vulnerability exists in S-Cart 6.7 via download  ...)
-	TODO: check
+	NOT-FOR-US: S-Cart
 CVE-2021-44110
 	RESERVED
 CVE-2021-44109
@@ -15811,11 +15811,11 @@ CVE-2021-3978
 CVE-2021-3977 (invoiceninja is vulnerable to Improper Neutralization of Input During  ...)
 	NOT-FOR-US: invoiceninja
 CVE-2021-44018 (A vulnerability has been identified in JT2Go (All versions), Solid Edg ...)
-	TODO: check
+	NOT-FOR-US: JT2Go / Siemens
 CVE-2021-44017 (A vulnerability has been identified in JT2Go (All versions < V13.2. ...)
 	NOT-FOR-US: Siemens
 CVE-2021-44016 (A vulnerability has been identified in JT2Go (All versions), Solid Edg ...)
-	TODO: check
+	NOT-FOR-US: JT2Go / Siemens
 CVE-2021-44015 (A vulnerability has been identified in JT2Go (All versions < V13.2. ...)
 	NOT-FOR-US: Siemens
 CVE-2021-44014 (A vulnerability has been identified in JT2Go (All versions < V13.2. ...)
@@ -15847,7 +15847,7 @@ CVE-2021-44002 (A vulnerability has been identified in JT2Go (All versions <
 CVE-2021-44001 (A vulnerability has been identified in JT2Go (All versions < V13.2. ...)
 	NOT-FOR-US: Siemens
 CVE-2021-44000 (A vulnerability has been identified in JT2Go (All versions), Solid Edg ...)
-	TODO: check
+	NOT-FOR-US: JT2Go / Siemens
 CVE-2021-43999 (Apache Guacamole 1.2.0 and 1.3.0 do not properly validate responses re ...)
 	- guacamole-client <unfixed>
 	[stretch] - guacamole-client <not-affected> (SAML is not supported)
@@ -17630,15 +17630,15 @@ CVE-2021-3961 (snipe-it is vulnerable to Improper Neutralization of Input During
 CVE-2022-21216
 	RESERVED
 CVE-2022-21204 (Improper permissions for Intel(R) Quartus(R) Prime Pro Edition before  ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2022-21200
 	RESERVED
 CVE-2022-21174 (Improper access control in a third-party component of Intel(R) Quartus ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2022-21157 (Improper access control in the Intel(R) Smart Campus Android applicati ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2022-21153 (Improper access control in the Intel(R) Capital Global Summit Android  ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2022-21151
 	RESERVED
 CVE-2022-21138
@@ -17875,7 +17875,7 @@ CVE-2021-43637 (Amazon WorkSpaces agent is affected by Buffer Overflow. IOCTL Ha
 CVE-2021-43636
 	RESERVED
 CVE-2021-43635 (A Cross Site Scripting (XSS) vulnerability exists in Codex before 1.4. ...)
-	TODO: check
+	NOT-FOR-US: Codex
 CVE-2021-43634
 	RESERVED
 CVE-2021-43633
@@ -18027,13 +18027,13 @@ CVE-2021-43579 (A stack-based buffer overflow in image_load_bmp() in HTMLDOC &lt
 CVE-2021-3950 (django-helpdesk is vulnerable to Improper Neutralization of Input Duri ...)
 	NOT-FOR-US: django-helpdesk
 CVE-2022-21220 (Improper restriction of XML external entity for Intel(R) Quartus(R) Pr ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2022-21207
 	RESERVED
 CVE-2022-21205 (Improper restriction of XML external entity reference in DSP Builder P ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2022-21203 (Improper permissions in the SafeNet Sentinel driver for Intel(R) Quart ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2022-21181
 	RESERVED
 CVE-2022-21180
@@ -19738,7 +19738,7 @@ CVE-2022-20740
 CVE-2022-20739
 	RESERVED
 CVE-2022-20738 (A vulnerability in the Cisco Umbrella Secure Web Gateway service could ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2022-20737
 	RESERVED
 CVE-2022-20736
@@ -19859,7 +19859,7 @@ CVE-2022-20682
 CVE-2022-20681
 	RESERVED
 CVE-2022-20680 (A vulnerability in the web-based management interface of Cisco Prime S ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2022-20679
 	RESERVED
 CVE-2022-20678
@@ -19959,7 +19959,7 @@ CVE-2022-20632
 CVE-2022-20631
 	RESERVED
 CVE-2022-20630 (A vulnerability in the audit log of Cisco DNA Center could allow an au ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2022-20629
 	RESERVED
 CVE-2022-20628
@@ -20749,7 +20749,7 @@ CVE-2021-42942
 CVE-2021-42941
 	RESERVED
 CVE-2021-42940 (A Cross Site Scripting (XSS) vulnerability exists in Projeqtor 9.3.1 v ...)
-	TODO: check
+	NOT-FOR-US: Projeqtor
 CVE-2021-42939
 	RESERVED
 CVE-2021-42938
@@ -25576,15 +25576,15 @@ CVE-2021-41447
 CVE-2021-41446
 	RESERVED
 CVE-2021-41445 (A reflected cross-site-scripting attack in web application of D-Link D ...)
-	TODO: check
+	NOT-FOR-US: D-Link
 CVE-2021-41444
 	RESERVED
 CVE-2021-41443
 	RESERVED
 CVE-2021-41442 (An HTTP smuggling attack in the web application of D-Link DIR-X1860 be ...)
-	TODO: check
+	NOT-FOR-US: D-Link
 CVE-2021-41441 (A DoS attack in the web application of D-Link DIR-X1860 before v1.10WW ...)
-	TODO: check
+	NOT-FOR-US: D-Link
 CVE-2021-41440
 	RESERVED
 CVE-2021-41439
@@ -27065,7 +27065,7 @@ CVE-2021-40839 (The rencode package through 1.0.6 for Python allows an infinite
 CVE-2021-40838
 	RESERVED
 CVE-2021-40837 (A vulnerability affecting F-Secure antivirus engine before Capricorn u ...)
-	TODO: check
+	NOT-FOR-US: F-Secure
 CVE-2021-40836 (A vulnerability affecting F-Secure antivirus engine was discovered whe ...)
 	NOT-FOR-US: F-Secure
 CVE-2021-40835 (An URL Address bar spoofing vulnerability was discovered in Safe Brows ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d7357cc3d28f6318e3f6114582241125427cb786

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d7357cc3d28f6318e3f6114582241125427cb786
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220212/31846db1/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list