[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri Feb 18 06:32:42 GMT 2022 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
338b347b by Salvatore Bonaccorso at 2022-02-18T07:32:01+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -225,7 +225,7 @@ CVE-2022-0639 (Authorization Bypass Through User-Controlled Key in NPM url-parse
 	NOTE: https://huntr.dev/bounties/83a6bc9a-b542-4a38-82cd-d995a1481155
 	NOTE: https://github.com/unshiftio/url-parse/commit/ef45a1355375a8244063793a19059b4f62fc8788 (1.5.7)
 CVE-2022-0638 (Cross-Site Request Forgery (CSRF) in Packagist microweber/microweber p ...)
-	TODO: check
+	NOT-FOR-US: microweber
 CVE-2022-0637
 	RESERVED
 CVE-2022-0636
@@ -6220,7 +6220,7 @@ CVE-2021-46370
 CVE-2021-46369
 	RESERVED
 CVE-2021-46368 (TRIGONE Remote System Monitor 3.61 is vulnerable to an unquoted path s ...)
-	TODO: check
+	NOT-FOR-US: TRIGONE Remote System Monitor
 CVE-2021-46367
 	RESERVED
 CVE-2021-46366 (An issue in the Login page of Magnolia CMS v6.2.3 and below allows att ...)
@@ -7638,7 +7638,7 @@ CVE-2022-22901 (There is an Assertion in 'context_p->next_scanner_info_p->
 CVE-2022-22900
 	RESERVED
 CVE-2022-22899 (Core FTP / SFTP Server v2 Build 725 was discovered to allow unauthenti ...)
-	TODO: check
+	NOT-FOR-US: Core FTP / SFTP Server
 CVE-2022-22898
 	RESERVED
 CVE-2022-22897
@@ -7694,7 +7694,7 @@ CVE-2022-22887
 CVE-2022-22886
 	RESERVED
 CVE-2022-22885 (Hutool v5.7.18's HttpRequest was discovered to ignore all TLS/SSL cert ...)
-	TODO: check
+	NOT-FOR-US: Hutool
 CVE-2022-22884
 	RESERVED
 CVE-2022-22883
@@ -7856,7 +7856,7 @@ CVE-2021-46249 (An authorization bypass exploited by a user-controlled key in Sp
 CVE-2021-46248
 	RESERVED
 CVE-2021-46247 (The use of a hard-coded cryptographic key significantly increases the  ...)
-	TODO: check
+	NOT-FOR-US: ASUS
 CVE-2021-46246
 	RESERVED
 CVE-2021-46245
@@ -14226,7 +14226,7 @@ CVE-2021-44870
 CVE-2021-44869
 	RESERVED
 CVE-2021-44868 (A problem was found in ming-soft MCMS v5.1. There is a sql injection v ...)
-	TODO: check
+	NOT-FOR-US: ming-soft MCMS
 CVE-2021-44867
 	RESERVED
 CVE-2021-44866 (An issue was discovered in Online-Movie-Ticket-Booking-System 1.0. The ...)
@@ -20848,7 +20848,7 @@ CVE-2022-20752
 CVE-2022-20751
 	RESERVED
 CVE-2022-20750 (A vulnerability in the checkpoint manager implementation of Cisco Redu ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2022-20749 (Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340,  ...)
 	NOT-FOR-US: Cisco Small Business RV Series Routers
 CVE-2022-20748
@@ -21035,7 +21035,7 @@ CVE-2022-20661
 CVE-2022-20660 (A vulnerability in the information storage architecture of several Cis ...)
 	NOT-FOR-US: Cisco
 CVE-2022-20659 (A vulnerability in the web-based management interface of Cisco Prime I ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2022-20658 (A vulnerability in the web-based management interface of Cisco Unified ...)
 	NOT-FOR-US: Cisco
 CVE-2022-20657
@@ -21047,7 +21047,7 @@ CVE-2022-20655
 CVE-2022-20654
 	RESERVED
 CVE-2022-20653 (A vulnerability in the DNS-based Authentication of Named Entities (DAN ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2022-20652
 	RESERVED
 CVE-2022-20651
@@ -47046,7 +47046,7 @@ CVE-2021-33149
 CVE-2021-33148
 	RESERVED
 CVE-2021-33147 (Improper conditions check in the Intel(R) IPP Crypto library before ve ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2021-33146
 	RESERVED
 CVE-2021-33145
@@ -47123,7 +47123,7 @@ CVE-2021-33112
 CVE-2021-33111
 	RESERVED
 CVE-2021-33110 (Improper input validation for some Intel(R) Wireless Bluetooth(R) prod ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2021-33109
 	RESERVED
 CVE-2021-33108



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/338b347bdeec728c388817d02b8782d090d11db4

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/338b347bdeec728c388817d02b8782d090d11db4
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220218/71ef23a9/attachment.htm>

More information about the debian-security-tracker-commits mailing list