[Git][security-tracker-team/security-tracker][master] Process NFUs

Fri Feb 18 08:59:41 GMT 2022


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
bfe47dfc by Salvatore Bonaccorso at 2022-02-18T09:59:16+01:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -3,15 +3,15 @@ CVE-2022-25323
 CVE-2022-25322
 	RESERVED
 CVE-2022-25321 (An issue was discovered in Cerebrate through 1.4. XSS could occur in t ...)
-	TODO: check
+	NOT-FOR-US: Cerebrate
 CVE-2022-25320 (An issue was discovered in Cerebrate through 1.4. Username enumeration ...)
-	TODO: check
+	NOT-FOR-US: Cerebrate
 CVE-2022-25319 (An issue was discovered in Cerebrate through 1.4. Endpoints could be o ...)
-	TODO: check
+	NOT-FOR-US: Cerebrate
 CVE-2022-25318 (An issue was discovered in Cerebrate through 1.4. An incorrect sharing ...)
-	TODO: check
+	NOT-FOR-US: Cerebrate
 CVE-2022-25317 (An issue was discovered in Cerebrate through 1.4. genericForm allows r ...)
-	TODO: check
+	NOT-FOR-US: Cerebrate
 CVE-2022-25316
 	RESERVED
 CVE-2022-25312
@@ -5355,7 +5355,7 @@ CVE-2022-23633 (Action Pack is a framework for handling and responding to web re
 	NOTE: Fixed by: https://github.com/rails/rails/commit/ddaf5058350b3a72f59b7c3e0d713678354b9a08 (v5.2.6.1)
 	NOTE: Followup: https://github.com/rails/rails/commit/676ad96fa5d9d0213babc32c9bad8190597a00d1 (v5.2.6.2)
 CVE-2022-23632 (Traefik is an HTTP reverse proxy and load balancer. Prior to version 2 ...)
-	TODO: check
+	NOT-FOR-US: Traefik
 CVE-2022-23631 (superjson is a program to allow JavaScript expressions to be serialize ...)
 	TODO: check
 CVE-2022-23630 (Gradle is a build tool with a focus on build automation and support fo ...)
@@ -6410,9 +6410,9 @@ CVE-2021-46317
 CVE-2021-46316
 	RESERVED
 CVE-2021-46315 (Remote Command Execution (RCE) vulnerability exists in HNAP1/control/S ...)
-	TODO: check
+	NOT-FOR-US: D-Link
 CVE-2021-46314 (A Remote Command Execution (RCE) vulnerability exists in HNAP1/control ...)
-	TODO: check
+	NOT-FOR-US: D-Link
 CVE-2021-46313 (The binary MP4Box in GPAC v1.0.1 was discovered to contain a segmentat ...)
 	- gpac <unfixed>
 	[bullseye] - gpac <ignored> (Minor issue)
@@ -7636,7 +7636,7 @@ CVE-2022-22924
 CVE-2022-22923
 	RESERVED
 CVE-2022-22922 (TP-Link TL-WA850RE Wi-Fi Range Extender before v6_200923 was discovere ...)
-	TODO: check
+	NOT-FOR-US: TP-Link
 CVE-2022-22921
 	RESERVED
 CVE-2022-22920
@@ -7648,11 +7648,11 @@ CVE-2022-22918
 CVE-2022-22917
 	RESERVED
 CVE-2022-22916 (O2OA v6.4.7 was discovered to contain a remote code execution (RCE) vu ...)
-	TODO: check
+	NOT-FOR-US: O2OA
 CVE-2022-22915
 	RESERVED
 CVE-2022-22914 (An incorrect access control issue in the component FileManager of Ovid ...)
-	TODO: check
+	NOT-FOR-US: Ovidentia CMS
 CVE-2022-22913
 	RESERVED
 CVE-2022-22912 (Prototype pollution vulnerability via .parse() in Plist before v3.0.4  ...)
@@ -9858,7 +9858,7 @@ CVE-2021-46110
 CVE-2021-46109 (Invalid input sanitizing leads to reflected Cross Site Scripting (XSS) ...)
 	NOT-FOR-US: ASUS
 CVE-2021-46108 (D-Link DSL-2730E CT-20131125 devices allow XSS via the username parame ...)
-	TODO: check
+	NOT-FOR-US: D-Link
 CVE-2021-46107
 	RESERVED
 CVE-2021-46106
@@ -12481,7 +12481,7 @@ CVE-2021-45384
 CVE-2021-45383
 	RESERVED
 CVE-2021-45382 (A Remote Command Execution (RCE) vulnerability exists in all series H/ ...)
-	TODO: check
+	NOT-FOR-US: D-Link
 CVE-2021-45381
 	RESERVED
 CVE-2021-45380 (AppCMS 2.0.101 has a XSS injection vulnerability in \templates\m\inc_h ...)
@@ -63640,7 +63640,7 @@ CVE-2021-26728
 CVE-2021-26727
 	RESERVED
 CVE-2021-26726 (A remote code execution vulnerability affecting a Valmet DNA service l ...)
-	TODO: check
+	NOT-FOR-US: Valmet
 CVE-2021-26725 (Path Traversal vulnerability when changing timezone using web GUI of N ...)
 	NOT-FOR-US: Nozomi Networks Guardian
 CVE-2021-26724 (OS Command Injection vulnerability when changing date settings or host ...)
@@ -65940,7 +65940,7 @@ CVE-2021-3244
 CVE-2021-3243 (Wfilter ICF 5.0.117 contains a cross-site scripting (XSS) vulnerabilit ...)
 	NOT-FOR-US: Wfilter ICF
 CVE-2021-3242 (DuxCMS v3.1.3 was discovered to contain a SQL injection vulnerability  ...)
-	TODO: check
+	NOT-FOR-US: DuxCMS
 CVE-2021-3241
 	RESERVED
 CVE-2021-3240
@@ -384129,7 +384129,7 @@ CVE-2014-8600 (Multiple cross-site scripting (XSS) vulnerabilities in KDE-Runtim
 CVE-2014-8599
 	RESERVED
 CVE-2014-8597 (A reflected cross-site scripting (XSS) vulnerability in PHP-Fusion 7.0 ...)
-	TODO: check
+	NOT-FOR-US: PHP-Fusion
 CVE-2014-8596 (Multiple SQL injection vulnerabilities in PHP-Fusion 7.02.07 allow rem ...)
 	NOT-FOR-US: PHP-Fusion
 CVE-2014-8595 (arch/x86/x86_emulate/x86_emulate.c in Xen 3.2.1 through 4.4.x does not ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bfe47dfc5602c7c4ce76d3e0c2df8c20beb2740d

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bfe47dfc5602c7c4ce76d3e0c2df8c20beb2740d
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220218/3d575ee9/attachment.htm>
