[Git][security-tracker-team/security-tracker][master] Process several NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Feb 24 20:26:40 GMT 2022 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
daace58b by Salvatore Bonaccorso at 2022-02-24T21:25:08+01:00
Process several NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -606,7 +606,7 @@ CVE-2022-0738
 CVE-2022-0737
 	RESERVED
 CVE-2022-0736 (Insecure Temporary File in GitHub repository mlflow/mlflow prior to 1. ...)
-	TODO: check
+	NOT-FOR-US: mlflow
 CVE-2022-0735
 	RESERVED
 CVE-2021-4223
@@ -1114,7 +1114,7 @@ CVE-2022-0712 (NULL Pointer Dereference in GitHub repository radareorg/radare2 p
 CVE-2022-0711
 	RESERVED
 CVE-2022-0710 (The Header Footer Code Manager plugin <= 1.1.16 for WordPress is vu ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-0709
 	RESERVED
 CVE-2022-0708 (Mattermost 6.3.0 and earlier fails to protect email addresses of the c ...)
@@ -1613,7 +1613,7 @@ CVE-2022-25371
 CVE-2022-25370
 	RESERVED
 CVE-2022-25355 (EC-CUBE 3.0.0 to 3.0.18-p3 and EC-CUBE 4.0.0 to 4.1.1 improperly handl ...)
-	TODO: check
+	NOT-FOR-US: EC-CUBE
 CVE-2022-0694
 	RESERVED
 CVE-2022-0693
@@ -1756,7 +1756,7 @@ CVE-2022-25326
 CVE-2022-23183
 	RESERVED
 CVE-2022-21179 (Cross-site request forgery (CSRF) vulnerability in EC-CUBE plugin 'Mai ...)
-	TODO: check
+	NOT-FOR-US: EC-CUBE
 CVE-2022-0683 (The Essential Addons for Elementor Lite WordPress plugin is vulnerable ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-0682
@@ -2010,13 +2010,13 @@ CVE-2022-25247
 CVE-2022-25246
 	RESERVED
 CVE-2022-24374 (Cross-site scripting vulnerability in a-blog cms Ver.2.8.x series vers ...)
-	TODO: check
+	NOT-FOR-US: a-blog cms
 CVE-2022-23916 (Cross-site scripting vulnerability in a-blog cms Ver.2.8.x series vers ...)
-	TODO: check
+	NOT-FOR-US: a-blog cms
 CVE-2022-23810 (Template injection (Improper Neutralization of Special Elements Used i ...)
-	TODO: check
+	NOT-FOR-US: a-blog cms
 CVE-2022-21142 (Authentication bypass vulnerability in a-blog cms Ver.2.8.x series ver ...)
-	TODO: check
+	NOT-FOR-US: a-blog cms
 CVE-2022-0648
 	RESERVED
 CVE-2022-0647
@@ -2189,9 +2189,9 @@ CVE-2022-25168
 CVE-2022-25167
 	RESERVED
 CVE-2022-24435 (Cross-site scripting vulnerability in phpUploader v1.2 and earlier all ...)
-	TODO: check
+	NOT-FOR-US: phpUploader
 CVE-2022-23986 (SQL injection vulnerability in the phpUploader v1.2 and earlier allows ...)
-	TODO: check
+	NOT-FOR-US: phpUploader
 CVE-2022-21159
 	RESERVED
 CVE-2022-0618
@@ -2723,9 +2723,9 @@ CVE-2022-25006
 CVE-2022-25005
 	RESERVED
 CVE-2022-25004 (Hospital Patient Record Management System v1.0 was discovered to conta ...)
-	TODO: check
+	NOT-FOR-US: Hospital Patient Record Management System
 CVE-2022-25003 (Hospital Patient Record Management System v1.0 was discovered to conta ...)
-	TODO: check
+	NOT-FOR-US: Hospital Patient Record Management System
 CVE-2022-25002
 	RESERVED
 CVE-2022-25001
@@ -3415,9 +3415,9 @@ CVE-2022-24705 (The rad_packet_recv function in radius/packet.c suffers from a m
 CVE-2022-24704 (The rad_packet_recv function in opt/src/accel-pppd/radius/packet.c suf ...)
 	NOT-FOR-US: ACCEL-PPP
 CVE-2022-23922 (WIN-911 2021 R1 and R2 are vulnerable to a permissions misconfiguratio ...)
-	TODO: check
+	NOT-FOR-US: WIN-911
 CVE-2022-23104 (WIN-911 2021 R1 and R2 are vulnerable to a permissions misconfiguratio ...)
-	TODO: check
+	NOT-FOR-US: WIN-911
 CVE-2022-0563 (A flaw was found in the util-linux chfn and chsh utilities when compil ...)
 	- util-linux <unfixed> (unimportant)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2053151
@@ -3781,7 +3781,7 @@ CVE-2022-24612
 CVE-2022-24611
 	RESERVED
 CVE-2022-24610 (Settings/network settings/wireless settings on the Alecto DVC-215IP ca ...)
-	TODO: check
+	NOT-FOR-US: Alecto
 CVE-2022-24609
 	RESERVED
 CVE-2022-24608
@@ -4955,7 +4955,7 @@ CVE-2022-24234
 CVE-2022-24233
 	RESERVED
 CVE-2022-24232 (A local file inclusion in Hospital Patient Record Management System v1 ...)
-	TODO: check
+	NOT-FOR-US: Hospital Patient Record Management System
 CVE-2022-24231
 	RESERVED
 CVE-2022-24230
@@ -8960,7 +8960,7 @@ CVE-2022-23137
 CVE-2022-23136
 	RESERVED
 CVE-2022-23135 (There is a directory traversal vulnerability in some home gateway prod ...)
-	TODO: check
+	NOT-FOR-US: ZTE
 CVE-2022-23134 (After the initial setup process, some steps of setup.php file are reac ...)
 	{DLA-2914-1}
 	- zabbix <unfixed>
@@ -10173,9 +10173,9 @@ CVE-2022-22796
 CVE-2022-22795
 	RESERVED
 CVE-2022-22794 (Cybonet - PineApp Mail Relay Unauthenticated Sql Injection. Attacker c ...)
-	TODO: check
+	NOT-FOR-US: Cybonet
 CVE-2022-22793 (Cybonet - PineApp Mail Relay Local File Inclusion. Attacker can send a ...)
-	TODO: check
+	NOT-FOR-US: Cybonet
 CVE-2022-22792 (MobiSoft - MobiPlus User Take Over and Improper Handling of url Parame ...)
 	NOT-FOR-US: MobiSoft
 CVE-2022-22791 (SYNEL - eharmony Authenticated Blind & Stored XSS. Inject JS code  ...)
@@ -16909,9 +16909,9 @@ CVE-2021-44665
 CVE-2021-44664
 	RESERVED
 CVE-2021-44663 (A Remote Code Execution (RCE) vulnerability exists in the Xerte Projec ...)
-	TODO: check
+	NOT-FOR-US: Xerte
 CVE-2021-44662 (A Site Scripting (XSS) vulnerability exists in the Xerte Project Xerte ...)
-	TODO: check
+	NOT-FOR-US: Xerte
 CVE-2021-44661
 	RESERVED
 CVE-2021-44660
@@ -124916,11 +124916,11 @@ CVE-2020-14506 (Philips Clinical Collaboration Platform, Versions 12.2.1 and pri
 CVE-2020-14505 (Advantech iView, versions 5.6 and prior, has an improper neutralizatio ...)
 	NOT-FOR-US: Advantech
 CVE-2020-14504 (The web interface of the 1734-AENTR communication module mishandles au ...)
-	TODO: check
+	NOT-FOR-US: 1734-AENTR communication module
 CVE-2020-14503 (Advantech iView, versions 5.6 and prior, has an improper input validat ...)
 	NOT-FOR-US: Advantech
 CVE-2020-14502 (The web interface of the 1734-AENTR communication module is vulnerable ...)
-	TODO: check
+	NOT-FOR-US: 1734-AENTR communication module
 CVE-2020-14501 (Advantech iView, versions 5.6 and prior, has an improper authenticatio ...)
 	NOT-FOR-US: Advantech
 CVE-2020-14500 (Secomea GateManager all versions prior to 9.2c, An attacker can send a ...)
@@ -124962,7 +124962,7 @@ CVE-2020-14483 (A timeout during a TLS handshake can result in the connection fa
 CVE-2020-14482 (Delta Industrial Automation DOPSoft, Version 4.00.08.15 and prior. Ope ...)
 	NOT-FOR-US: Delta Industrial Automation DOPSoft
 CVE-2020-14481 (The DeskLock tool provided with FactoryTalk View SE uses a weak encryp ...)
-	TODO: check
+	NOT-FOR-US: FactoryTalk View SE
 CVE-2020-14480 (Due to usernames/passwords being stored in plaintext in Random Access  ...)
 	TODO: check
 CVE-2020-14479
@@ -137314,7 +137314,7 @@ CVE-2020-10642 (In Rockwell Automation RSLinx Classic versions 4.11.00 and prior
 CVE-2020-10641 (An unprotected logging route may allow an attacker to write endless lo ...)
 	NOT-FOR-US: Inductive Automation
 CVE-2020-10640 (Emerson OpenEnterprise versions through 3.3.4 may allow an attacker to ...)
-	TODO: check
+	NOT-FOR-US: Emerson
 CVE-2020-10639 (Eaton HMiSoft VU3 (HMIVU3 runtime not impacted), Version 3.00.23 and p ...)
 	NOT-FOR-US: Eaton HMiSoft VU3
 CVE-2020-10638 (Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Mult ...)
@@ -137322,15 +137322,15 @@ CVE-2020-10638 (Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0
 CVE-2020-10637 (Eaton HMiSoft VU3 (HMIVU3 runtime not impacted), Version 3.00.23 and p ...)
 	NOT-FOR-US: Eaton HMiSoft VU3
 CVE-2020-10636 (Inadequate encryption may allow the passwords for Emerson OpenEnterpri ...)
-	TODO: check
+	NOT-FOR-US: Emerson
 CVE-2020-10635 (Simulation models for KUKA.Sim Pro version 3.1 are hosted by a server  ...)
-	TODO: check
+	NOT-FOR-US: KUKA.Sim Pro
 CVE-2020-10634 (SAE IT-systems FW-50 Remote Telemetry Unit (RTU). A specially crafted  ...)
 	NOT-FOR-US: SAE IT-systems FW-50 Remote Telemetry Unit
 CVE-2020-10633 (A non-persistent XSS (cross-site scripting) vulnerability exists in eW ...)
 	NOT-FOR-US: eWON Flexy and Cosy
 CVE-2020-10632 (Inadequate folder security permissions in Emerson OpenEnterprise versi ...)
-	TODO: check
+	NOT-FOR-US: Emerson
 CVE-2020-10631 (An attacker could use a specially crafted URL to delete or read files  ...)
 	NOT-FOR-US: WebAccess/NMS
 CVE-2020-10630 (SAE IT-systems FW-50 Remote Telemetry Unit (RTU). The software does no ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/daace58bc6bae6d009d92f3a2a7429d24e84c688

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/daace58bc6bae6d009d92f3a2a7429d24e84c688
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220224/ff0e72e2/attachment.htm>

More information about the debian-security-tracker-commits mailing list