[Git][security-tracker-team/security-tracker][master] Process some NFUs

Sat Feb 26 08:23:57 GMT 2022


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
e27ab837 by Salvatore Bonaccorso at 2022-02-26T09:23:24+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -37,7 +37,7 @@ CVE-2022-0767
 CVE-2022-0766
 	RESERVED
 CVE-2021-46702 (Tor Browser 9.0.7 on Windows 10 build 10586 is vulnerable to informati ...)
-	TODO: check
+	NOT-FOR-US: Tor Browser (on Windows)
 CVE-2020-36516 (An issue was discovered in the Linux kernel through 5.16.11. The mixed ...)
 	- linux <unfixed>
 	NOTE: https://dl.acm.org/doi/10.1145/3372297.3417884
@@ -1821,7 +1821,7 @@ CVE-2022-25361
 CVE-2022-25360 (WatchGuard Firebox and XTM appliances allow an authenticated remote at ...)
 	NOT-FOR-US: WatchGuard
 CVE-2022-25359 (On ICL ScadaFlex II SCADA Controller SC-1 and SC-2 1.03.07 devices, un ...)
-	TODO: check
+	NOT-FOR-US: ICL ScadaFlex II SCADA Controller
 CVE-2022-25358 (A ..%2F path traversal vulnerability exists in the path handler of awf ...)
 	NOT-FOR-US: awful-salmonella-tar
 CVE-2022-25357
@@ -2100,17 +2100,17 @@ CVE-2022-25265 (In the Linux kernel through 5.16.10, certain binary files may ha
 	NOTE: Not considered a security flaw. If desired because no need for backward compatibility
 	NOTE: can be mitigated through a LSM.
 CVE-2022-25264 (In JetBrains TeamCity before 2021.2.3, environment variables of the "p ...)
-	TODO: check
+	NOT-FOR-US: JetBrains TeamCity
 CVE-2022-25263 (JetBrains TeamCity before 2021.2.3 was vulnerable to OS command inject ...)
-	TODO: check
+	NOT-FOR-US: JetBrains TeamCity
 CVE-2022-25262 (In JetBrains Hub before 2022.1.14434, SAML request takeover was possib ...)
-	TODO: check
+	NOT-FOR-US: JetBrains Hub
 CVE-2022-25261 (JetBrains TeamCity before 2021.2.2 was vulnerable to reflected XSS. ...)
-	TODO: check
+	NOT-FOR-US: JetBrains TeamCity
 CVE-2022-25260 (JetBrains Hub before 2021.1.14276 was vulnerable to blind Server-Side  ...)
-	TODO: check
+	NOT-FOR-US: JetBrains Hub
 CVE-2022-25259 (JetBrains Hub before 2021.1.14276 was vulnerable to reflected XSS. ...)
-	TODO: check
+	NOT-FOR-US: JetBrains Hub
 CVE-2022-25258 (An issue was discovered in drivers/usb/gadget/composite.c in the Linux ...)
 	- linux 5.16.10-1
 	NOTE: https://github.com/szymonh/d-os-descriptor
@@ -2693,11 +2693,11 @@ CVE-2022-25098 (ECTouch v2 suffers from arbitrary file deletion due to insuffici
 CVE-2022-25097
 	RESERVED
 CVE-2022-25096 (Home Owners Collection Management System v1.0 was discovered to contai ...)
-	TODO: check
+	NOT-FOR-US: Home Owners Collection Management System
 CVE-2022-25095 (Home Owners Collection Management System v1.0 allows unauthenticated a ...)
-	TODO: check
+	NOT-FOR-US: Home Owners Collection Management System
 CVE-2022-25094 (Home Owners Collection Management System v1.0 was discovered to contai ...)
-	TODO: check
+	NOT-FOR-US: Home Owners Collection Management System
 CVE-2022-25093
 	RESERVED
 CVE-2022-25092
@@ -2757,15 +2757,15 @@ CVE-2022-25066
 CVE-2022-25065
 	RESERVED
 CVE-2022-25064 (TP-LINK TL-WR840N(ES)_V6.20_180709 was discovered to contain a remote  ...)
-	TODO: check
+	NOT-FOR-US: TP-LINK
 CVE-2022-25063
 	RESERVED
 CVE-2022-25062 (TP-LINK TL-WR840N(ES)_V6.20_180709 was discovered to contain an intege ...)
-	TODO: check
+	NOT-FOR-US: TP-LINK
 CVE-2022-25061 (TP-LINK TL-WR840N(ES)_V6.20_180709 was discovered to contain a command ...)
-	TODO: check
+	NOT-FOR-US: TP-LINK
 CVE-2022-25060 (TP-LINK TL-WR840N(ES)_V6.20_180709 was discovered to contain a command ...)
-	TODO: check
+	NOT-FOR-US: TP-LINK
 CVE-2022-25059
 	RESERVED
 CVE-2022-25058
@@ -4293,7 +4293,7 @@ CVE-2022-24444
 CVE-2022-24443
 	RESERVED
 CVE-2022-24442 (JetBrains YouTrack before 2021.4.40426 was vulnerable to SSTI (Server- ...)
-	TODO: check
+	NOT-FOR-US: JetBrains YouTrack
 CVE-2022-24428
 	RESERVED
 CVE-2022-24427
@@ -18706,7 +18706,7 @@ CVE-2021-44134
 CVE-2021-44133
 	RESERVED
 CVE-2021-44132 (A command injection vulnerability in the function formImportOMCIShell  ...)
-	TODO: check
+	NOT-FOR-US: C-DATA ONU4FERW
 CVE-2021-44131
 	RESERVED
 CVE-2021-44130
@@ -24024,7 +24024,7 @@ CVE-2021-42954 (Zoho Remote Access Plus Server Windows Desktop Binary fixed from
 CVE-2021-42953
 	RESERVED
 CVE-2021-42952 (Zepl Notebooks before 2021-10-25 are affected by a sandbox escape vuln ...)
-	TODO: check
+	NOT-FOR-US: Zepl Notebooks
 CVE-2021-42951
 	RESERVED
 CVE-2021-42950



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e27ab837fa54a429503ba7ce275604c608e84385

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e27ab837fa54a429503ba7ce275604c608e84385
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220226/530a8946/attachment.htm>
