[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed Jan 19 20:29:05 GMT 2022 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
2c72f5ee by Salvatore Bonaccorso at 2022-01-19T21:28:43+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -317,7 +317,7 @@ CVE-2022-21801
 CVE-2022-21796
 	RESERVED
 CVE-2022-0274 (Cross-site Scripting (XSS) - Stored in NPM cypress-orchardcore prior t ...)
-	TODO: check
+	NOT-FOR-US: Orchard CMS
 CVE-2022-0273
 	RESERVED
 CVE-2022-0272
@@ -1799,7 +1799,7 @@ CVE-2022-0168
 CVE-2022-0167
 	RESERVED
 CVE-2022-0166 (A privilege escalation vulnerability in the McAfee Agent prior to 5.7. ...)
-	TODO: check
+	NOT-FOR-US: McAfee
 CVE-2022-0165
 	RESERVED
 CVE-2022-0164
@@ -1943,9 +1943,9 @@ CVE-2021-46206
 CVE-2021-46205
 	RESERVED
 CVE-2021-46204 (Taocms v3.0.2 was discovered to contain an arbitrary file read vulnera ...)
-	TODO: check
+	NOT-FOR-US: Taocms
 CVE-2021-46203 (Taocms v3.0.2 was discovered to contain an arbitrary file read vulnera ...)
-	TODO: check
+	NOT-FOR-US: Taocms
 CVE-2021-46202
 	RESERVED
 CVE-2021-46201
@@ -3619,7 +3619,7 @@ CVE-2022-22312
 CVE-2022-22311
 	RESERVED
 CVE-2022-22310 (IBM WebSphere Application Server Liberty 21.0.0.10 through 21.0.0.12 c ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2022-22309
 	RESERVED
 CVE-2022-22308
@@ -3903,7 +3903,7 @@ CVE-2021-46032
 CVE-2021-46031
 	RESERVED
 CVE-2021-46030 (There is a Cross Site Scripting attack (XSS) vulnerability in JavaQuar ...)
-	TODO: check
+	NOT-FOR-US: JavaQuarkBBS
 CVE-2021-46029
 	RESERVED
 CVE-2021-46028
@@ -4771,7 +4771,7 @@ CVE-2021-45810
 CVE-2021-45809
 	RESERVED
 CVE-2021-45808 (jpress v4.2.0 allows users to register an account by default. With the ...)
-	TODO: check
+	NOT-FOR-US: jpress
 CVE-2021-45807 (jpress v4.2.0 is vulnerable to command execution via io.jpress.web.adm ...)
 	NOT-FOR-US: jpress
 CVE-2021-45806 (jpress v4.2.0 admin panel provides a function through which attackers  ...)
@@ -8083,7 +8083,7 @@ CVE-2021-44839 (An issue was discovered in Delta RM 1.2. It is possible to reque
 CVE-2021-44838 (An issue was discovered in Delta RM 1.2. Using the /risque/risque/ajax ...)
 	NOT-FOR-US: Delta RM
 CVE-2021-44837 (An issue was discovered in Delta RM 1.2. It is possible for an unprivi ...)
-	TODO: check
+	NOT-FOR-US: Delta RM
 CVE-2021-44836 (An issue was discovered in Delta RM 1.2. The /risque/risque/workflow/r ...)
 	NOT-FOR-US: Delta RM
 CVE-2021-44835
@@ -9673,7 +9673,7 @@ CVE-2021-44301
 CVE-2021-44300
 	RESERVED
 CVE-2021-44299 (A reflected cross-site scripting (XSS) vulnerability in \lib\packages\ ...)
-	TODO: check
+	NOT-FOR-US: Navigate CMS
 CVE-2021-44298
 	RESERVED
 CVE-2021-44297
@@ -10883,7 +10883,7 @@ CVE-2022-21685 (Frontier is Substrate's Ethereum compatibility layer. Prior to c
 CVE-2022-21684 (Discourse is an open source discussion platform. Versions prior to 2.7 ...)
 	NOT-FOR-US: Discourse
 CVE-2022-21683 (Wagtail is a Django based content management system focused on flexibi ...)
-	TODO: check
+	NOT-FOR-US: Wagtail
 CVE-2022-21682 (Flatpak is a Linux application sandboxing and distribution framework.  ...)
 	- flatpak 1.12.3-1
 	NOTE: https://github.com/flatpak/flatpak/security/advisories/GHSA-8ch7-5j3h-g4fx
@@ -11909,51 +11909,51 @@ CVE-2022-21405
 CVE-2022-21404
 	RESERVED
 CVE-2022-21403 (Vulnerability in the Oracle Communications Operations Monitor product  ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2022-21402 (Vulnerability in the Oracle Communications Operations Monitor product  ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2022-21401 (Vulnerability in the Oracle Communications Operations Monitor product  ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2022-21400 (Vulnerability in the Oracle Communications Operations Monitor product  ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2022-21399 (Vulnerability in the Oracle Communications Operations Monitor product  ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2022-21398 (Vulnerability in the Oracle Communications Operations Monitor product  ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2022-21397 (Vulnerability in the Oracle Communications Operations Monitor product  ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2022-21396 (Vulnerability in the Oracle Communications Operations Monitor product  ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2022-21395 (Vulnerability in the Oracle Communications Operations Monitor product  ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2022-21394 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
 	- virtualbox <unfixed>
 CVE-2022-21393 (Vulnerability in the Java VM component of Oracle Database Server. Supp ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2022-21392 (Vulnerability in the Enterprise Manager Base Platform product of Oracl ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2022-21391 (Vulnerability in the Oracle Communications Billing and Revenue Managem ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2022-21390 (Vulnerability in the Oracle Communications Billing and Revenue Managem ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2022-21389 (Vulnerability in the Oracle Communications Billing and Revenue Managem ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2022-21388 (Vulnerability in the Oracle Communications Pricing Design Center produ ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2022-21387 (Vulnerability in the Oracle Commerce Platform product of Oracle Commer ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2022-21386 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2022-21385
 	RESERVED
 CVE-2022-21384
 	RESERVED
 CVE-2022-21383 (Vulnerability in the Oracle Enterprise Session Border Controller produ ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2022-21382 (Vulnerability in the Oracle Enterprise Session Border Controller produ ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2022-21381 (Vulnerability in the Oracle Enterprise Session Border Controller produ ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2022-21380 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...)
 	NOT-FOR-US: MySQL Cluster
 CVE-2022-21379 (Vulnerability in the MySQL Server product of Oracle MySQL (component:  ...)
@@ -11961,9 +11961,9 @@ CVE-2022-21379 (Vulnerability in the MySQL Server product of Oracle MySQL (compo
 CVE-2022-21378 (Vulnerability in the MySQL Server product of Oracle MySQL (component:  ...)
 	- mysql-8.0 <unfixed>
 CVE-2022-21377 (Vulnerability in the Primavera Portfolio Management product of Oracle  ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2022-21376 (Vulnerability in the Primavera Portfolio Management product of Oracle  ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2022-21375 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...)
 	TODO: check
 CVE-2022-21374 (Vulnerability in the MySQL Server product of Oracle MySQL (component:  ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2c72f5eecd3ea5a9be2e1e58cf18ad654d6edc2d

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2c72f5eecd3ea5a9be2e1e58cf18ad654d6edc2d
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220119/14a011a2/attachment.htm>

More information about the debian-security-tracker-commits mailing list