[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri Jan 14 20:01:27 GMT 2022 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
04a7a3ae by Salvatore Bonaccorso at 2022-01-14T21:00:56+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -122,7 +122,7 @@ CVE-2021-31567
 CVE-2021-26256
 	RESERVED
 CVE-2021-23227 (Cross-Site Request Forgery (CSRF) vulnerability discovered in PHP Ever ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-23209
 	RESERVED
 CVE-2021-23174
@@ -324,7 +324,7 @@ CVE-2022-23127
 CVE-2022-23126
 	RESERVED
 CVE-2022-0198 (corenlp is vulnerable to Improper Restriction of XML External Entity R ...)
-	TODO: check
+	NOT-FOR-US: corenlp
 CVE-2022-0197 (phoronix-test-suite is vulnerable to Cross-Site Request Forgery (CSRF) ...)
 	- phoronix-test-suite <removed>
 CVE-2022-0196 (phoronix-test-suite is vulnerable to Cross-Site Request Forgery (CSRF) ...)
@@ -640,13 +640,13 @@ CVE-2022-22993
 CVE-2022-22992
 	RESERVED
 CVE-2022-22991 (A malicious user on the same LAN could use DNS spoofing followed by a  ...)
-	TODO: check
+	NOT-FOR-US: Western Digital / My Cloud OS 5 Firmware
 CVE-2022-22990 (A limited authentication bypass vulnerability was discovered that coul ...)
-	TODO: check
+	NOT-FOR-US: Western Digital / My Cloud OS 5 Firmware
 CVE-2022-22989 (My Cloud OS 5 was vulnerable to a pre-authenticated stack overflow vul ...)
-	TODO: check
+	NOT-FOR-US: Western Digital / My Cloud OS 5 Firmware
 CVE-2022-22988 (File and directory permissions have been corrected to prevent unintend ...)
-	TODO: check
+	NOT-FOR-US: Western Digital
 CVE-2022-21234
 	RESERVED
 CVE-2022-21210
@@ -662,7 +662,7 @@ CVE-2022-0180
 CVE-2022-0179 (snipe-it is vulnerable to Improper Access Control ...)
 	NOT-FOR-US: snipe-it
 CVE-2022-0178 (snipe-it is vulnerable to Improper Access Control ...)
-	TODO: check
+	NOT-FOR-US: snipe-it
 CVE-2022-0177
 	RESERVED
 CVE-2021-4204 [eBPF Improper Input Validation Vulnerability]
@@ -1007,7 +1007,7 @@ CVE-2021-46257
 CVE-2021-46256
 	RESERVED
 CVE-2021-46255 (eyouCMS V1.5.5-UTF8-SP3_1 suffers from Arbitrary file deletion due to  ...)
-	TODO: check
+	NOT-FOR-US: eyouCMS
 CVE-2021-46254
 	RESERVED
 CVE-2021-46253



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/04a7a3aecc03243f7a0cd313917de5cbfe27c35d

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/04a7a3aecc03243f7a0cd313917de5cbfe27c35d
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220114/c32d5768/attachment.htm>

More information about the debian-security-tracker-commits mailing list