[Git][security-tracker-team/security-tracker][master] Process some NFUs

Tue Jan 4 20:32:38 GMT 2022


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
1af50de8 by Salvatore Bonaccorso at 2022-01-04T21:32:13+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -661,7 +661,7 @@ CVE-2022-22295
 CVE-2022-22294
 	RESERVED
 CVE-2022-0086 (uppy is vulnerable to Server-Side Request Forgery (SSRF) ...)
-	TODO: check
+	NOT-FOR-US: Node uppy
 CVE-2022-0085
 	RESERVED
 CVE-2022-0084
@@ -984,11 +984,11 @@ CVE-2021-45982
 CVE-2021-45981
 	RESERVED
 CVE-2021-45980 (Foxit PDF Reader and PDF Editor before 11.1 on macOS allow remote atta ...)
-	TODO: check
+	NOT-FOR-US: Foxit
 CVE-2021-45979 (Foxit PDF Reader and PDF Editor before 11.1 on macOS allow remote atta ...)
-	TODO: check
+	NOT-FOR-US: Foxit
 CVE-2021-45978 (Foxit PDF Reader and PDF Editor before 11.1 on macOS allow remote atta ...)
-	TODO: check
+	NOT-FOR-US: Foxit
 CVE-2021-45977
 	RESERVED
 CVE-2021-45976
@@ -1445,9 +1445,9 @@ CVE-2021-4188 (mruby is vulnerable to NULL Pointer Dereference ...)
 	NOTE: https://huntr.dev/bounties/78533fb9-f3e0-47c2-86dc-d1f96d5bea28
 	NOTE: Fixed by: https://github.com/mruby/mruby/commit/27d1e0132a0804581dca28df042e7047fd27eaa8
 CVE-2021-45913 (A hardcoded key in ControlUp Real-Time Agent (cuAgent.exe) before 8.2. ...)
-	TODO: check
+	NOT-FOR-US: ControlUp Real-Time Agent
 CVE-2021-45912 (An unauthenticated Named Pipe channel in Controlup Real-Time Agent (cu ...)
-	TODO: check
+	NOT-FOR-US: ControlUp Real-Time Agent
 CVE-2021-44775
 	RESERVED
 CVE-2021-44465
@@ -3156,7 +3156,7 @@ CVE-2021-45391
 CVE-2021-45390
 	RESERVED
 CVE-2021-45389 (StarWind SAN & NAS build 1578 and StarWind Command Center Build 68 ...)
-	TODO: check
+	NOT-FOR-US: StarWind
 CVE-2021-45388
 	RESERVED
 CVE-2021-45387
@@ -6959,7 +6959,7 @@ CVE-2021-44170
 CVE-2021-44169
 	RESERVED
 CVE-2021-44168 (A download of code without integrity check vulnerability in the "execu ...)
-	TODO: check
+	NOT-FOR-US: FortiGuard
 CVE-2021-44167
 	RESERVED
 CVE-2021-44166
@@ -7959,9 +7959,9 @@ CVE-2021-43860
 CVE-2021-43859
 	RESERVED
 CVE-2021-43858 (MinIO is a Kubernetes native application for cloud storage. Prior to v ...)
-	TODO: check
+	NOT-FOR-US: MinIO
 CVE-2021-43857 (Gerapy is a distributed crawler management framework. Gerapy prior to  ...)
-	TODO: check
+	NOT-FOR-US: Gerapy
 CVE-2021-43856 (Wiki.js is a wiki app built on Node.js. Wiki.js 2.5.263 and earlier is ...)
 	NOT-FOR-US: Wiki.js
 CVE-2021-43855 (Wiki.js is a wiki app built on node.js. Wiki.js 2.5.263 and earlier is ...)
@@ -9125,7 +9125,7 @@ CVE-2021-43713
 CVE-2021-43712
 	RESERVED
 CVE-2021-43711 (The downloadFlile.cgi binary file in TOTOLINK EX200 V4.0.3c.7646_B2020 ...)
-	TODO: check
+	NOT-FOR-US: TOTOLINK
 CVE-2021-43710
 	RESERVED
 CVE-2021-43709
@@ -15962,7 +15962,7 @@ CVE-2021-3846 (firefly-iii is vulnerable to Unrestricted Upload of File with Dan
 CVE-2021-23139 (A null pointer vulnerability in Trend Micro Apex One and Worry-Free Bu ...)
 	NOT-FOR-US: Trend Micro
 CVE-2021-3845 (ws-scrcpy is vulnerable to External Control of File Name or Path ...)
-	TODO: check
+	NOT-FOR-US: ws-scrcpy
 CVE-2021-41832 (It is possible for an attacker to manipulate documents to appear to be ...)
 	NOT-FOR-US: Apache OpenOffice
 CVE-2021-41831 (It is possible for an attacker to manipulate the timestamp of signed d ...)
@@ -17410,7 +17410,7 @@ CVE-2021-41238 (Hangfire is an open source system to perform background job proc
 CVE-2021-41237
 	RESERVED
 CVE-2021-41236 (OroPlatform is a PHP Business Application Platform. In affected versio ...)
-	TODO: check
+	NOT-FOR-US: OroPlatform
 CVE-2021-41235
 	RESERVED
 CVE-2021-41234
@@ -20495,9 +20495,9 @@ CVE-2021-39976 (There is a privilege escalation vulnerability in CloudEngine 580
 CVE-2021-39975 (Hilinksvc has a Data Processing Errors vulnerability.Successful exploi ...)
 	TODO: check
 CVE-2021-39974 (There is an Out-of-bounds read in Smartphones.Successful exploitation  ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2021-39973 (There is a Null pointer dereference in Smartphones.Successful exploita ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2021-39972 (MyHuawei-App has a Exposure of Sensitive Information to an Unauthorize ...)
 	TODO: check
 CVE-2021-39971 (Password vault has a External Control of System or Configuration Setti ...)
@@ -22593,7 +22593,7 @@ CVE-2021-39144 (XStream is a simple library to serialize objects to XML and back
 	NOTE: https://github.com/x-stream/xstream/security/advisories/GHSA-j9h8-phrw-h4fh
 	NOTE: https://x-stream.github.io/CVE-2021-39144.html
 CVE-2021-39143 (Spinnaker is an open source, multi-cloud continuous delivery platform. ...)
-	TODO: check
+	NOT-FOR-US: Spinnaker
 CVE-2021-39142
 	RESERVED
 CVE-2021-39141 (XStream is a simple library to serialize objects to XML and back again ...)
@@ -23564,7 +23564,7 @@ CVE-2021-38690
 CVE-2021-38689
 	RESERVED
 CVE-2021-38688 (An improper authentication vulnerability has been reported to affect A ...)
-	TODO: check
+	NOT-FOR-US: QNAP
 CVE-2021-38687 (A stack buffer overflow vulnerability has been reported to affect QNAP ...)
 	NOT-FOR-US: QNAP
 CVE-2021-38686 (An improper authentication vulnerability has been reported to affect Q ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1af50de81857db32d22c9ce6163c64c2db74ed69

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1af50de81857db32d22c9ce6163c64c2db74ed69
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220104/02c6d044/attachment.htm>
