[Git][security-tracker-team/security-tracker][master] Process NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed Feb 16 20:24:42 GMT 2022 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
88ee6a5b by Salvatore Bonaccorso at 2022-02-16T21:24:20+01:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1631,11 +1631,11 @@ CVE-2022-0516 [KVM: s390: Return error on SIDA memop on normal guest]
 	NOTE: Fixed by: https://git.kernel.org/linus/2c212e1baedcd782b2535a3f86bc491977677c0e
 	NOTE: https://www.openwall.com/lists/oss-security/2022/02/11/2
 CVE-2022-24665 (PHP Everywhere <= 2.0.3 included functionality that allowed executi ...)
-	TODO: check
+	NOT-FOR-US: PHP Everywhere
 CVE-2022-24664 (PHP Everywhere <= 2.0.3 included functionality that allowed executi ...)
-	TODO: check
+	NOT-FOR-US: PHP Everywhere
 CVE-2022-24663 (PHP Everywhere <= 2.0.3 included functionality that allowed executi ...)
-	TODO: check
+	NOT-FOR-US: PHP Everywhere
 CVE-2022-24662
 	RESERVED
 CVE-2022-24661
@@ -3316,7 +3316,7 @@ CVE-2022-24088
 CVE-2022-24087
 	RESERVED
 CVE-2022-24086 (Adobe Commerce versions 2.4.3-p1 (and earlier) and 2.3.7-p2 (and earli ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2022-24085
 	RESERVED
 CVE-2022-24084
@@ -5093,7 +5093,7 @@ CVE-2022-23646
 CVE-2022-23645
 	RESERVED
 CVE-2022-23644 (BookWyrm is a decentralized social network for tracking reading habits ...)
-	TODO: check
+	NOT-FOR-US: BookWyrm
 CVE-2022-23643 (Sourcegraph is a code search and navigation engine. Sourcegraph versio ...)
 	TODO: check
 CVE-2022-23642
@@ -5858,7 +5858,7 @@ CVE-2022-23360
 CVE-2022-23359
 	RESERVED
 CVE-2022-23358 (EasyCMS v1.6 allows for SQL injection via ArticlemAction.class.php. In ...)
-	TODO: check
+	NOT-FOR-US: EasyCMS
 CVE-2022-23357 (mozilo2.0 was discovered to be vulnerable to directory traversal attac ...)
 	TODO: check
 CVE-2022-23356
@@ -5994,7 +5994,7 @@ CVE-2021-46390
 CVE-2021-46389 (IIPImage High Resolution Streaming Image Server prior to commit 882925 ...)
 	NOT-FOR-US: IIPImage High Resolution Streaming Image Server
 CVE-2021-46388 (WAGO 750-8212 PFC200 G2 2ETH RS Firmware version 03.05.10(17) is affec ...)
-	TODO: check
+	NOT-FOR-US: WAGO
 CVE-2021-46387
 	RESERVED
 CVE-2021-46386 (https://gitee.com/mingSoft/MCMS MCMS <=5.2.5 is affected by: File U ...)
@@ -6673,43 +6673,43 @@ CVE-2022-23206 (In Apache Traffic Control Traffic Ops prior to 6.1.0 or 5.1.6, a
 CVE-2022-23205
 	RESERVED
 CVE-2022-23204 (Adobe Premiere Rush versions 2.0 and earlier are affected by an out-of ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2022-23203 (Adobe Photoshop versions 22.5.4 (and earlier) and 23.1 (and earlier) a ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2022-23202 (Adobe Creative Cloud Desktop version 2.7.0.13 (and earlier) is affecte ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2022-23201
 	RESERVED
 CVE-2022-23200 (Adobe After Effects versions 22.1.1 (and earlier) and 18.4.3 (and earl ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2022-23199 (Adobe Illustrator versions 25.4.3 (and earlier) and 26.0.2 (and earlie ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2022-23198 (Adobe Illustrator versions 25.4.3 (and earlier) and 26.0.2 (and earlie ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2022-23197 (Adobe Illustrator versions 25.4.3 (and earlier) and 26.0.2 (and earlie ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2022-23196 (Adobe Illustrator versions 25.4.3 (and earlier) and 26.0.2 (and earlie ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2022-23195 (Adobe Illustrator versions 25.4.3 (and earlier) and 26.0.2 (and earlie ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2022-23194 (Adobe Illustrator versions 25.4.3 (and earlier) and 26.0.2 (and earlie ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2022-23193 (Adobe Illustrator versions 25.4.3 (and earlier) and 26.0.2 (and earlie ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2022-23192 (Adobe Illustrator versions 25.4.3 (and earlier) and 26.0.2 (and earlie ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2022-23191 (Adobe Illustrator versions 25.4.3 (and earlier) and 26.0.2 (and earlie ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2022-23190 (Adobe Illustrator versions 25.4.3 (and earlier) and 26.0.2 (and earlie ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2022-23189 (Adobe Illustrator versions 25.4.3 (and earlier) and 26.0.2 (and earlie ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2022-23188 (Adobe Illustrator versions 25.4.3 (and earlier) and 26.0.2 (and earlie ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2022-23187
 	RESERVED
 CVE-2022-23186 (Adobe Illustrator versions 25.4.3 (and earlier) and 26.0.2 (and earlie ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2022-23185
 	RESERVED
 CVE-2022-23184 (In affected Octopus Server versions when the server HTTP and HTTPS bin ...)
@@ -7355,7 +7355,7 @@ CVE-2022-22947
 CVE-2022-22946
 	RESERVED
 CVE-2022-22945 (VMware NSX Edge contains a CLI shell injection vulnerability. A malici ...)
-	TODO: check
+	NOT-FOR-US: VMware
 CVE-2022-22944
 	RESERVED
 CVE-2022-22943
@@ -7572,7 +7572,7 @@ CVE-2022-22855
 CVE-2022-22854 (An access control issue in hprms/admin/?page=user/list of Hospital Pat ...)
 	NOT-FOR-US: Hospital Patient Record Management System
 CVE-2022-22853 (A stored cross-site scripting (XSS) vulnerability in Hospital Patient  ...)
-	TODO: check
+	NOT-FOR-US: Hospital Patient Record Management System
 CVE-2022-22852 (A Stored Cross Site Scripting (XSS) vulnerability exists in Sourcecodt ...)
 	NOT-FOR-US: Sourcecodtester
 CVE-2022-22851 (A Stored Cross Site Scripting (XSS) vulnerability exists in Sourcecodt ...)
@@ -8075,7 +8075,7 @@ CVE-2022-22794
 CVE-2022-22793
 	RESERVED
 CVE-2022-22792 (MobiSoft - MobiPlus User Take Over and Improper Handling of url Parame ...)
-	TODO: check
+	NOT-FOR-US: MobiSoft
 CVE-2022-22791 (SYNEL - eharmony Authenticated Blind & Stored XSS. Inject JS code  ...)
 	NOT-FOR-US: SYNEL
 CVE-2022-22790 (SYNEL - eharmony Directory Traversal. Directory Traversal - is an atta ...)
@@ -12223,7 +12223,7 @@ CVE-2021-45393
 CVE-2021-45392 (A Buffer Overflow vulnerability exists in Tenda Router AX12 V22.03.01. ...)
 	NOT-FOR-US: Tenda
 CVE-2021-45391 (A Buffer Overflow vulnerability exists in Tenda Router AX12 V22.03.01. ...)
-	TODO: check
+	NOT-FOR-US: Tenda
 CVE-2021-45390
 	RESERVED
 CVE-2021-45389 (StarWind SAN & NAS build 1578 and StarWind Command Center Build 68 ...)
@@ -31741,15 +31741,15 @@ CVE-2021-39303 (The server in Jamf Pro before 10.32.0 has an SSRF vulnerability,
 CVE-2021-39302 (MISP 2.4.148, in certain configurations, allows SQL injection via the  ...)
 	NOT-FOR-US: MISP
 CVE-2021-39301 (Potential vulnerabilities have been identified in UEFI firmware (BIOS) ...)
-	TODO: check
+	NOT-FOR-US: HP
 CVE-2021-39300 (Potential vulnerabilities have been identified in UEFI firmware (BIOS) ...)
-	TODO: check
+	NOT-FOR-US: HP
 CVE-2021-39299 (Potential vulnerabilities have been identified in UEFI firmware (BIOS) ...)
-	TODO: check
+	NOT-FOR-US: HP
 CVE-2021-39298 (Potential vulnerabilities have been identified in UEFI firmware (BIOS) ...)
-	TODO: check
+	NOT-FOR-US: HP
 CVE-2021-39297 (Potential vulnerabilities have been identified in UEFI firmware (BIOS) ...)
-	TODO: check
+	NOT-FOR-US: HP
 CVE-2021-39296 (In OpenBMC 2.9, crafted IPMI messages allow an attacker to bypass auth ...)
 	NOT-FOR-US: OpenBMC
 CVE-2021-39295
@@ -74655,7 +74655,7 @@ CVE-2021-22052
 CVE-2021-22051 (Applications using Spring Cloud Gateway are vulnerable to specifically ...)
 	NOT-FOR-US: Spring Cloud Gateway
 CVE-2021-22050 (ESXi contains a slow HTTP POST denial-of-service vulnerability in rhtt ...)
-	TODO: check
+	NOT-FOR-US: VMware
 CVE-2021-22049 (The vSphere Web Client (FLEX/Flash) contains an SSRF (Server Side Requ ...)
 	NOT-FOR-US: VMware
 CVE-2021-22048 (The vCenter Server contains a privilege escalation vulnerability in th ...)
@@ -74669,13 +74669,13 @@ CVE-2021-22045 (VMware ESXi (7.0, 6.7 before ESXi670-202111101-SG and 6.5 before
 CVE-2021-22044 (In Spring Cloud OpenFeign 3.0.0 to 3.0.4, 2.2.0.RELEASE to 2.2.9.RELEA ...)
 	NOT-FOR-US: Spring Cloud OpenFeign
 CVE-2021-22043 (VMware ESXi contains a TOCTOU (Time-of-check Time-of-use) vulnerabilit ...)
-	TODO: check
+	NOT-FOR-US: VMware
 CVE-2021-22042 (VMware ESXi contains an unauthorized access vulnerability due to VMX h ...)
-	TODO: check
+	NOT-FOR-US: VMware
 CVE-2021-22041 (VMware ESXi, Workstation, and Fusion contain a double-fetch vulnerabil ...)
-	TODO: check
+	NOT-FOR-US: VMware
 CVE-2021-22040 (VMware ESXi, Workstation, and Fusion contain a use-after-free vulnerab ...)
-	TODO: check
+	NOT-FOR-US: VMware
 CVE-2021-22039
 	RESERVED
 CVE-2021-22038 (On Windows, the uninstaller binary copies itself to a fixed temporary  ...)
@@ -74845,7 +74845,7 @@ CVE-2021-21968 (A file write vulnerability exists in the OTA update task functio
 CVE-2021-21967
 	RESERVED
 CVE-2021-21966 (An information disclosure vulnerability exists in the HTTP Server /pin ...)
-	TODO: check
+	NOT-FOR-US: Texas Instruments
 CVE-2021-21965 (A denial of service vulnerability exists in the SeaMax remote configur ...)
 	NOT-FOR-US: Sealevel Systems
 CVE-2021-21964 (A denial of service vulnerability exists in the Modbus configuration f ...)
@@ -74861,7 +74861,7 @@ CVE-2021-21960 (A stack-based buffer overflow vulnerability exists in both the L
 CVE-2021-21959 (A misconfiguration exists in the MQTTS functionality of Sealevel Syste ...)
 	NOT-FOR-US: Sealevel Systems
 CVE-2021-21958 (A heap-based buffer overflow vulnerability exists in the Hword HwordAp ...)
-	TODO: check
+	NOT-FOR-US: Hancom Office 2020
 CVE-2021-21957 (A privilege escalation vulnerability exists in the Remote Server funct ...)
 	NOT-FOR-US: Dream Report ODS Remote Connector
 CVE-2021-21956
@@ -144116,17 +144116,17 @@ CVE-2020-6924
 CVE-2020-6923
 	RESERVED
 CVE-2020-6922 (Potential security vulnerabilities including compromise of integrity,  ...)
-	TODO: check
+	NOT-FOR-US: HP
 CVE-2020-6921 (Potential security vulnerabilities including compromise of integrity,  ...)
-	TODO: check
+	NOT-FOR-US: HP
 CVE-2020-6920 (Potential security vulnerabilities including compromise of integrity,  ...)
-	TODO: check
+	NOT-FOR-US: HP
 CVE-2020-6919 (Potential security vulnerabilities including compromise of integrity,  ...)
-	TODO: check
+	NOT-FOR-US: HP
 CVE-2020-6918 (Potential security vulnerabilities including compromise of integrity,  ...)
-	TODO: check
+	NOT-FOR-US: HP
 CVE-2020-6917 (Potential security vulnerabilities including compromise of integrity,  ...)
-	TODO: check
+	NOT-FOR-US: HP
 CVE-2020-6916
 	RESERVED
 CVE-2020-6915
@@ -169208,7 +169208,7 @@ CVE-2019-16865 (An issue was discovered in Pillow before 6.2.0. When reading spe
 	NOTE: https://github.com/python-pillow/Pillow/commit/b9693a51c99c260bd66d1affeeab4a226cf7e5a5
 	NOTE: https://github.com/python-pillow/Pillow/commit/cc16025e234b7a7a4dd3a86d2fdc0980698db9cc
 CVE-2019-16864 (CompleteFTPService.exe in the server in EnterpriseDT CompleteFTP befor ...)
-	TODO: check
+	NOT-FOR-US: EnterpriseDT CompleteFTP
 CVE-2019-16863 (STMicroelectronics ST33TPHF2ESPI TPM devices before 2019-09-12 allow a ...)
 	NOT-FOR-US: STMicroelectronics
 CVE-2019-16862 (Reflected XSS in interface/forms/eye_mag/view.php in OpenEMR 5.x befor ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/88ee6a5b8bc2ea440dcc9e52e54b13efc56873a3

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/88ee6a5b8bc2ea440dcc9e52e54b13efc56873a3
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220216/54cfadec/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list