[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) jmm at debian.org
Fri Feb 25 21:31:31 GMT 2022 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
cdc5f508 by Moritz Muehlenhoff at 2022-02-25T22:31:01+01:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -4541,9 +4541,9 @@ CVE-2022-24348 (Argo CD before 2.1.9 and 2.2.x before 2.2.4 allows directory tra
 CVE-2022-24347 (JetBrains YouTrack before 2021.4.36872 was vulnerable to stored XSS vi ...)
 	NOT-FOR-US: JetBrains YouTrack
 CVE-2022-24346 (In JetBrains IntelliJ IDEA before 2021.3.1, local code execution via R ...)
-	TODO: check
+	- intellij-idea <itp> (bug #747616)
 CVE-2022-24345 (In JetBrains IntelliJ IDEA before 2021.2.4, local code execution (with ...)
-	TODO: check
+	- intellij-idea <itp> (bug #747616)
 CVE-2022-24344 (JetBrains YouTrack before 2021.4.31698 was vulnerable to stored XSS on ...)
 	NOT-FOR-US: JetBrains YouTrack
 CVE-2022-24343 (In JetBrains YouTrack before 2021.4.31698, a custom logo could be set  ...)
@@ -7287,11 +7287,11 @@ CVE-2022-23655 (Octobercms is a self-hosted CMS platform based on the Laravel PH
 CVE-2022-23654 (Wiki.js is a wiki app built on Node.js. In affected versions an authen ...)
 	NOT-FOR-US: Wiki.js
 CVE-2022-23653 (B2 Command Line Tool is the official command line tool for the backbla ...)
-	TODO: check
+	NOT-FOR-US: B2 (CLI tool for Backblaze)
 CVE-2022-23652 (capsule-proxy is a reverse proxy for Capsule Operator which provides m ...)
 	NOT-FOR-US: capsule-proxy
 CVE-2022-23651 (b2-sdk-python is a python library to access cloud storage provided by  ...)
-	TODO: check
+	NOT-FOR-US: b2-sdk-python
 CVE-2022-23650 (Netmaker is a platform for creating and managing virtual overlay netwo ...)
 	NOT-FOR-US: Netmaker
 CVE-2022-23649 (Cosign provides container signing, verification, and storage in an OCI ...)
@@ -8085,7 +8085,7 @@ CVE-2022-23359
 CVE-2022-23358 (EasyCMS v1.6 allows for SQL injection via ArticlemAction.class.php. In ...)
 	NOT-FOR-US: EasyCMS
 CVE-2022-23357 (mozilo2.0 was discovered to be vulnerable to directory traversal attac ...)
-	TODO: check
+	NOT-FOR-US: mozilo
 CVE-2022-23356
 	RESERVED
 CVE-2022-23355
@@ -8509,7 +8509,7 @@ CVE-2022-0249
 CVE-2022-0248
 	RESERVED
 CVE-2022-0247 (An issue exists in Fuchsia where VMO data can be modified through acce ...)
-	TODO: check
+	NOT-FOR-US: Fuchsia
 CVE-2022-0246
 	RESERVED
 CVE-2022-23304 (The implementations of EAP-pwd in hostapd before 2.10 and wpa_supplica ...)
@@ -12240,7 +12240,7 @@ CVE-2021-45979 (Foxit PDF Reader and PDF Editor before 11.1 on macOS allow remot
 CVE-2021-45978 (Foxit PDF Reader and PDF Editor before 11.1 on macOS allow remote atta ...)
 	NOT-FOR-US: Foxit
 CVE-2021-45977 (JetBrains IntelliJ IDEA 2021.3.1 Preview, IntelliJ IDEA 2021.3.1 RC, P ...)
-	TODO: check
+	- intellij-idea <itp> (bug #747616)
 CVE-2021-45976
 	RESERVED
 CVE-2021-45975 (In ListCheck.exe in Acer Care Center 4.x before 4.00.3038, a vulnerabi ...)
@@ -17360,9 +17360,9 @@ CVE-2021-44552
 CVE-2021-44551
 	RESERVED
 CVE-2021-44550 (An Incorrect Access Control vulnerability exists in CoreNLP 4.3.2 via  ...)
-	TODO: check
+	NOT-FOR-US: CoreNLP
 CVE-2021-4070 (Off-by-one Error in GitHub repository v2fly/v2ray-core prior to 4.44.0 ...)
-	TODO: check
+	NOT-FOR-US: v2fly/v2ray-core
 CVE-2021-44549 (Apache Sling Commons Messaging Mail provides a simple layer on top of  ...)
 	NOT-FOR-US: Apache Sling
 CVE-2021-4069 (vim is vulnerable to Use After Free ...)
@@ -32620,7 +32620,6 @@ CVE-2021-39944 (An issue has been discovered in GitLab CE/EE affecting all versi
 	- gitlab <unfixed>
 CVE-2021-39943 (An authorization logic error in the External Status Check API in GitLa ...)
 	- gitlab <unfixed>
-	TODO: reach out for details
 CVE-2021-39942 (A denial of service vulnerability in GitLab CE/EE affecting all versio ...)
 	- gitlab <unfixed>
 CVE-2021-39941 (An information disclosure vulnerability in GitLab CE/EE versions 12.0  ...)
@@ -32790,7 +32789,7 @@ CVE-2021-39881 (In all versions of GitLab CE/EE since version 7.7, the applicati
 CVE-2021-39880 (A Denial Of Service vulnerability in the apollo_upload_server Ruby gem ...)
 	- gitlab <unfixed>
 	- ruby-apollo-upload-server <unfixed>
-	TODO: reach out for details
+	TODO: reach out for details for ruby-apollo-upload-server
 CVE-2021-39879 (Missing authentication in all versions of GitLab CE/EE since version 7 ...)
 	- gitlab <unfixed>
 CVE-2021-39878 (A stored Reflected Cross-Site Scripting vulnerability in the Jira inte ...)
@@ -56370,7 +56369,7 @@ CVE-2021-30506 (Incorrect security UI in Web App Installs in Google Chrome on An
 CVE-2021-30505
 	RESERVED
 CVE-2021-30504 (In JetBrains IntelliJ IDEA before 2021.1, DoS was possible because of  ...)
-	NOT-FOR-US: JetBrains
+	- intellij-idea <itp> (bug #747616)
 CVE-2021-30503 (The unofficial GLSL Linting extension before 1.4.0 for Visual Studio C ...)
 	NOT-FOR-US: GLSL Linting extension for Visual Studio Code
 CVE-2021-30502 (The unofficial vscode-ghc-simple (aka Simple Glasgow Haskell Compiler) ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cdc5f5083696158f97b7b0888ef1351035275d39

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cdc5f5083696158f97b7b0888ef1351035275d39
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220225/2f4653c4/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list