[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Feb 15 08:41:38 GMT 2022 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
4878a678 by Salvatore Bonaccorso at 2022-02-15T09:41:18+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -491,7 +491,7 @@ CVE-2022-0581 (Crash in the CMS protocol dissector in Wireshark 3.6.0 to 3.6.1 a
 	NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17935
 	NOTE: https://www.wireshark.org/security/wnpa-sec-2022-05.html
 CVE-2022-0580 (Improper Access Control in Packagist librenms/librenms prior to 22.2.0 ...)
-	TODO: check
+	NOT-FOR-US: LibreNMS
 CVE-2022-24980
 	RESERVED
 CVE-2022-24979
@@ -501,7 +501,7 @@ CVE-2022-24978
 CVE-2022-24977 (ImpressCMS before 1.4.2 allows unauthenticated remote code execution v ...)
 	NOT-FOR-US: ImpressCMS
 CVE-2022-0579 (Improper Privilege Management in Packagist snipe/snipe-it prior to 5.3 ...)
-	TODO: check
+	NOT-FOR-US: snipe-it
 CVE-2022-0578
 	RESERVED
 CVE-2022-24976 (Atheme IRC Services before 7.2.12, when used in conjunction with InspI ...)
@@ -1237,7 +1237,7 @@ CVE-2022-0541
 CVE-2022-0540
 	RESERVED
 CVE-2022-0539 (Cross-site Scripting (XSS) - Stored in Packagist ptrofimov/beanstalk_c ...)
-	TODO: check
+	NOT-FOR-US: beanstalk_console
 CVE-2022-0538 (Jenkins 2.333 and earlier, LTS 2.319.2 and earlier defines custom XStr ...)
 	- jenkins <removed>
 CVE-2022-0537
@@ -1290,15 +1290,15 @@ CVE-2022-24666 (A program using swift-nio-http2 is vulnerable to a denial of ser
 CVE-2022-0528
 	RESERVED
 CVE-2022-0527 (Cross-site Scripting (XSS) - Stored in GitHub repository chatwoot/chat ...)
-	TODO: check
+	NOT-FOR-US: chatwoot
 CVE-2022-0526 (Cross-site Scripting (XSS) - Stored in GitHub repository chatwoot/chat ...)
-	TODO: check
+	NOT-FOR-US: chatwoot
 CVE-2022-0525 (Out-of-bounds Read in Homebrew mruby prior to 3.2. ...)
 	- mruby <not-affected> (Vulnerable code introduced later)
 	NOTE: https://huntr.dev/bounties/e19e109f-acf0-4048-8ee8-1b10a870f1e9
 	NOTE: https://github.com/mruby/mruby/commit/0849a2885f81cfd82134992c06df3ccd59052ac7
 CVE-2022-0524 (Business Logic Errors in GitHub repository publify/publify prior to 9. ...)
-	TODO: check
+	NOT-FOR-US: Publify
 CVE-2022-0523 (Expired Pointer Dereference in GitHub repository radareorg/radare2 pri ...)
 	- radare2 <unfixed>
 	NOTE: https://huntr.dev/bounties/9d8d6ae0-fe00-40b9-ae1e-b0e8103bac69
@@ -1868,7 +1868,7 @@ CVE-2007-20001 (StarWind iSCSI SAN before 3.5 build 2007-08-09 allows socket exh
 CVE-2022-24408
 	RESERVED
 CVE-2022-0501 (Cross-site Scripting (XSS) - Reflected in Packagist ptrofimov/beanstal ...)
-	TODO: check
+	NOT-FOR-US: beanstalk_console
 CVE-2022-0500
 	RESERVED
 CVE-2022-0499
@@ -2635,7 +2635,7 @@ CVE-2022-24208
 CVE-2022-24207
 	RESERVED
 CVE-2022-24206 (Tongda2000 v11.10 was discovered to contain a SQL injection vulnerabil ...)
-	TODO: check
+	NOT-FOR-US: Tongda2000
 CVE-2022-24205
 	RESERVED
 CVE-2022-24204
@@ -3457,7 +3457,7 @@ CVE-2022-23994 (An Improper access control vulnerability in StBedtimeModeReceive
 CVE-2022-23993 (/usr/local/www/pkg.php in pfSense through 2.5.2 uses $_REQUEST['pkg_fi ...)
 	NOT-FOR-US: pfSense
 CVE-2022-23992 (XCOM Data Transport for Windows, Linux, and UNIX 11.6 releases contain ...)
-	TODO: check
+	NOT-FOR-US: XCOM Data Transport
 CVE-2022-23991
 	RESERVED
 CVE-2022-23990 (Expat (aka libexpat) before 2.4.4 has an integer overflow in the doPro ...)
@@ -3754,7 +3754,7 @@ CVE-2022-23904
 CVE-2022-23903
 	RESERVED
 CVE-2022-23902 (Tongda2000 v11.10 was discovered to contain a SQL injection vulnerabil ...)
-	TODO: check
+	NOT-FOR-US: Tongda2000
 CVE-2022-23901
 	RESERVED
 CVE-2022-23900
@@ -5443,7 +5443,7 @@ CVE-2022-23412
 CVE-2022-23411
 	RESERVED
 CVE-2022-23410 (AXIS IP Utility prior to 4.17.0 allows for remote code execution and l ...)
-	TODO: check
+	NOT-FOR-US: AXIS IP Utility
 CVE-2022-23409 (The Logs plugin before 3.0.4 for Craft CMS allows remote attackers to  ...)
 	NOT-FOR-US: Craft CMS
 CVE-2022-23408 (wolfSSL 5.x before 5.1.1 uses non-random IV values in certain situatio ...)
@@ -5481,11 +5481,11 @@ CVE-2022-23393
 CVE-2022-23392
 	RESERVED
 CVE-2022-23391 (A cross-site scripting (XSS) vulnerability in Pybbs v6.0 allows attack ...)
-	TODO: check
+	NOT-FOR-US: Pybbs
 CVE-2022-23390 (An issue in the getType function of BBS Forum v5.3 and below allows at ...)
-	TODO: check
+	NOT-FOR-US: BBS Forum
 CVE-2022-23389 (PublicCMS v4.0 was discovered to contain a remote code execution (RCE) ...)
-	TODO: check
+	NOT-FOR-US: PublicCMS
 CVE-2022-23388
 	RESERVED
 CVE-2022-23387
@@ -5589,11 +5589,11 @@ CVE-2022-23339
 CVE-2022-23338
 	RESERVED
 CVE-2022-23337 (DedeCMS v5.7.87 was discovered to contain a SQL injection vulnerabilit ...)
-	TODO: check
+	NOT-FOR-US: DedeCMS
 CVE-2022-23336 (S-CMS v5.0 was discovered to contain a SQL injection vulnerability in  ...)
-	TODO: check
+	NOT-FOR-US: S-CMS
 CVE-2022-23335 (Metinfo v7.5.0 was discovered to contain a SQL injection vulnerability ...)
-	TODO: check
+	NOT-FOR-US: Metinfo
 CVE-2022-23334
 	RESERVED
 CVE-2022-23333
@@ -8187,7 +8187,7 @@ CVE-2022-0132 (peertube is vulnerable to Server-Side Request Forgery (SSRF) ...)
 CVE-2022-0131 (Jimoty App for Android versions prior to 3.7.42 uses a hard-coded API  ...)
 	NOT-FOR-US: Jimoty App for Android
 CVE-2021-4201 (Missing access control in ForgeRock Access Management 7.1.0 and earlie ...)
-	TODO: check
+	NOT-FOR-US: ForgeRock
 CVE-2022-22708
 	RESERVED
 CVE-2022-22707 (In lighttpd 1.4.46 through 1.4.63, the mod_extforward_Forwarded functi ...)
@@ -9261,7 +9261,7 @@ CVE-2022-22297
 CVE-2022-22296 (Sourcecodester Hospital's Patient Records Management System 1.0 is vul ...)
 	NOT-FOR-US: Sourcecodester
 CVE-2022-22295 (Metinfo v7.5.0 was discovered to contain a SQL injection vulnerability ...)
-	TODO: check
+	NOT-FOR-US: Metinfo
 CVE-2022-22294 (A SQL injection vulnerability exists in ZFAKA<=1.43 which an attack ...)
 	NOT-FOR-US: zfaka
 CVE-2022-0086 (uppy is vulnerable to Server-Side Request Forgery (SSRF) ...)
@@ -11998,9 +11998,9 @@ CVE-2021-45350
 CVE-2021-45349
 	RESERVED
 CVE-2021-45348 (An Arbitrary File Deletion vulnerability exists in SourceCodester Atte ...)
-	TODO: check
+	NOT-FOR-US: SourceCodester
 CVE-2021-45347 (An Incorrect Access Control vulnerability exists in zzcms 8.2, which l ...)
-	TODO: check
+	NOT-FOR-US: zzcms
 CVE-2021-45346 (A Memory Leak vulnerabilty exists in SQLite Project SQLite3 3.35.1 and ...)
 	TODO: check
 CVE-2021-45345
@@ -12091,7 +12091,7 @@ CVE-2021-45312
 CVE-2021-45311
 	RESERVED
 CVE-2021-45310 (Sangoma Technologies Corporation Switchvox Version 102409 is affected  ...)
-	TODO: check
+	NOT-FOR-US: Sangoma Technologies Corporation Switchvox
 CVE-2021-45309
 	RESERVED
 CVE-2021-45308
@@ -13982,7 +13982,7 @@ CVE-2022-21820
 CVE-2022-21819
 	RESERVED
 CVE-2022-21818 (NVIDIA License System contains a vulnerability in the installation scr ...)
-	TODO: check
+	NOT-FOR-US: NVIDIA License System
 CVE-2022-21817 (NVIDIA Omniverse Launcher contains a Cross-Origin Resource Sharing (CO ...)
 	NOT-FOR-US: NVIDIA
 CVE-2022-21816 (NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manag ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4878a6784c52da0e41cec28aba768e2f41d71a99

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4878a6784c52da0e41cec28aba768e2f41d71a99
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220215/966eb1ec/attachment.htm>

More information about the debian-security-tracker-commits mailing list