[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri Jan 21 20:34:59 GMT 2022 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
c5dc0066 by Salvatore Bonaccorso at 2022-01-21T21:34:28+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -265,7 +265,7 @@ CVE-2022-23730
 CVE-2022-23729
 	RESERVED
 CVE-2022-23728 (Attacker can reset the device with AT Command in the process of reboot ...)
-	TODO: check
+	NOT-FOR-US: LG
 CVE-2022-23727
 	RESERVED
 CVE-2022-23726
@@ -1441,11 +1441,11 @@ CVE-2021-46311
 CVE-2021-46310
 	RESERVED
 CVE-2021-46309 (An SQL Injection vulnerability exists in Sourcecodester Employee and V ...)
-	TODO: check
+	NOT-FOR-US: Sourcecodester
 CVE-2021-46308 (An SQL Injection vulnerability exists in Sourcecodester Online Railway ...)
-	TODO: check
+	NOT-FOR-US: Sourcecodester
 CVE-2021-46307 (An SQL Injection vulnerability exists in Projectworlds Online Examinat ...)
-	TODO: check
+	NOT-FOR-US: Projectworlds Online Examination System
 CVE-2021-46306
 	RESERVED
 CVE-2021-46305
@@ -2081,13 +2081,13 @@ CVE-2022-23131 (In the case of instances where the SAML SSO authentication is en
 	NOTE: https://support.zabbix.com/browse/ZBX-20350
 	TODO: check, possibly only affecting 5.4.0 onwards
 CVE-2022-23130 (Buffer Over-read vulnerability in Mitsubishi Electric MC Works64 versi ...)
-	TODO: check
+	NOT-FOR-US: Mitsubishi
 CVE-2022-23129 (Plaintext Storage of a Password vulnerability in Mitsubishi Electric M ...)
-	TODO: check
+	NOT-FOR-US: Mitsubishi
 CVE-2022-23128 (Incomplete List of Disallowed Inputs vulnerability in Mitsubishi Elect ...)
-	TODO: check
+	NOT-FOR-US: Mitsubishi
 CVE-2022-23127 (Cross-site Scripting vulnerability in Mitsubishi Electric MC Works64 v ...)
-	TODO: check
+	NOT-FOR-US: Mitsubishi
 CVE-2022-23126
 	RESERVED
 CVE-2022-0198 (corenlp is vulnerable to Improper Restriction of XML External Entity R ...)
@@ -2889,13 +2889,13 @@ CVE-2021-46203 (Taocms v3.0.2 was discovered to contain an arbitrary file read v
 CVE-2021-46202
 	RESERVED
 CVE-2021-46201 (An SQL Injection vulnerability exists in Sourcecodester Online Resort  ...)
-	TODO: check
+	NOT-FOR-US: Sourcecodester Online Resort Management System
 CVE-2021-46200 (An SQL Injection vulnerability exists in Sourcecodester Simple Music C ...)
-	TODO: check
+	NOT-FOR-US: Sourcecodester
 CVE-2021-46199
 	RESERVED
 CVE-2021-46198 (An SQL Injection vulnerability exists in Sourceodester Courier Managem ...)
-	TODO: check
+	NOT-FOR-US: Sourcecodester
 CVE-2021-46197
 	RESERVED
 CVE-2021-46196
@@ -7034,7 +7034,7 @@ CVE-2021-4147 [deadlock and crash in libxl driver]
 	NOTE: https://gitlab.com/libvirt/libvirt/-/commit/5c5df5310f72be4878a71ace47074c54e0d1a27d
 	NOTE: https://gitlab.com/libvirt/libvirt/-/commit/a7a03324d86e111f81687b5315b8f296dde84340
 CVE-2021-4146 (Business Logic Errors in GitHub repository pimcore/pimcore prior to 10 ...)
-	TODO: check
+	NOT-FOR-US: pimcore
 CVE-2021-4145 [NULL pointer dereference in mirror_wait_on_conflicts() in block/mirror.c]
 	RESERVED
 	- qemu 1:6.2+dfsg-1
@@ -7067,7 +7067,7 @@ CVE-2021-45444
 CVE-2021-45443
 	RESERVED
 CVE-2021-4143 (Cross-site Scripting (XSS) - Generic in GitHub repository bigbluebutto ...)
-	TODO: check
+	NOT-FOR-US: BigBlueButton
 CVE-2017-20010
 	RESERVED
 	NOT-FOR-US: MODX Revolution
@@ -8349,7 +8349,7 @@ CVE-2021-31558 (DIAEnergie Version 1.7.5 and prior is vulnerable to stored cross
 CVE-2021-23228 (DIAEnergie Version 1.7.5 and prior is vulnerable to a reflected cross- ...)
 	NOT-FOR-US: DIAEnergie
 CVE-2022-21933 (ASUS VivoMini/Mini PC device has an improper input validation vulnerab ...)
-	TODO: check
+	NOT-FOR-US: ASUS
 CVE-2022-21932 (Microsoft Dynamics 365 Customer Engagement Cross-Site Scripting Vulner ...)
 	NOT-FOR-US: Microsoft
 CVE-2022-21931 (Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability. T ...)
@@ -9805,7 +9805,7 @@ CVE-2021-44595
 CVE-2021-44594
 	RESERVED
 CVE-2021-44593 (Simple College Website 1.0 is vulnerable to unauthenticated file uploa ...)
-	TODO: check
+	NOT-FOR-US: Simple College Website
 CVE-2021-44592
 	RESERVED
 CVE-2021-44591 (In libming 0.4.8, the parseSWF_DEFINELOSSLESS2 function in util/parser ...)
@@ -10291,7 +10291,7 @@ CVE-2021-23223
 CVE-2021-23179
 	RESERVED
 CVE-2021-44464 (Vigilant Software Suite (Mastermed Dashboard) version 2.0.1.3 contains ...)
-	TODO: check
+	NOT-FOR-US: Vigilant Software Suite (Mastermed Dashboard)
 CVE-2021-44453 (mySCADA myPRO: Versions 8.20.0 and prior has a vulnerable debug interf ...)
 	NOT-FOR-US: mySCADA myPRO
 CVE-2021-44451
@@ -10339,29 +10339,29 @@ CVE-2021-44431 (A vulnerability has been identified in JT Utilities (All version
 CVE-2021-44430 (A vulnerability has been identified in JT Utilities (All versions < ...)
 	NOT-FOR-US: Siemens
 CVE-2021-43355 (Fresenius Kabi Vigilant Software Suite (Mastermed Dashboard) version 2 ...)
-	TODO: check
+	NOT-FOR-US: Fresenius Kabi Vigilant Software Suite (Mastermed Dashboard)
 CVE-2021-41835 (Fresenius Kabi Agilia Link + version 3.0 does not enforce transport la ...)
-	TODO: check
+	NOT-FOR-US: Fresenius Kabi Agilia Link
 CVE-2021-4035
 	RESERVED
 CVE-2021-33848 (Fresenius Kabi Vigilant Software Suite (Mastermed Dashboard) version 2 ...)
-	TODO: check
+	NOT-FOR-US: Fresenius Kabi Vigilant Software Suite (Mastermed Dashboard)
 CVE-2021-33846 (Fresenius Kabi Vigilant Software Suite (Mastermed Dashboard) version 2 ...)
-	TODO: check
+	NOT-FOR-US: Fresenius Kabi Vigilant Software Suite (Mastermed Dashboard)
 CVE-2021-33843 (Fresenius Kabi Agilia Link + version 3.0 has a default configuration p ...)
-	TODO: check
+	NOT-FOR-US: Fresenius Kabi Agilia Link
 CVE-2021-31562 (The SSL/TLS configuration of Fresenius Kabi Agilia Link + version 3.0  ...)
-	TODO: check
+	NOT-FOR-US: Fresenius Kabi Agilia Link
 CVE-2021-23236 (Requests may be used to interrupt the normal operation of the device.  ...)
 	TODO: check
 CVE-2021-23233 (Sensitive endpoints in Fresenius Kabi Agilia Link+ v3.0 and prior can  ...)
-	TODO: check
+	NOT-FOR-US: Fresenius Kabi Agilia Link
 CVE-2021-23207 (An attacker with physical access to the host can extract the secrets f ...)
-	TODO: check
+	NOT-FOR-US: Fresenius Kabi Vigilant MasterMed
 CVE-2021-23196 (The web application on Agilia Link+ version 3.0 implements authenticat ...)
-	TODO: check
+	NOT-FOR-US: Agilia Link+
 CVE-2021-23195 (Fresenius Kabi Vigilant Software Suite (Mastermed Dashboard) version 2 ...)
-	TODO: check
+	NOT-FOR-US: Fresenius Kabi Vigilant Software Suite (Mastermed Dashboard)
 CVE-2021-44429 (Serva 4.4.0 allows remote attackers to cause a denial of service (daem ...)
 	NOT-FOR-US: Serva
 CVE-2021-44428 (Pinkie 2.15 allows remote attackers to cause a denial of service (daem ...)
@@ -11032,7 +11032,7 @@ CVE-2021-44197
 CVE-2021-44196
 	RESERVED
 CVE-2021-4016 (Rapid7 Insight Agent, versions prior to 3.1.3, suffer from an improper ...)
-	TODO: check
+	NOT-FOR-US: Rapid7 Insight Agent
 CVE-2021-4015 (firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF) ...)
 	NOT-FOR-US: firefly-iii
 CVE-2017-20008 (The myCred WordPress plugin before 1.7.8 does not sanitise and escape  ...)
@@ -22650,7 +22650,7 @@ CVE-2021-40857 (Auerswald COMpact 5500R devices before 8.2B allow Privilege Esca
 CVE-2021-40856 (Auerswald COMfortel 1400 IP and 2600 IP before 2.8G devices allow Auth ...)
 	NOT-FOR-US: Auerswald
 CVE-2021-40855 (The EU Technical Specifications for Digital COVID Certificates before  ...)
-	TODO: check
+	NOT-FOR-US: EU Technical Specifications for Digital COVID Certificates
 CVE-2021-40854 (AnyDesk before 6.2.6 and 6.3.x before 6.3.3 allows a local user to obt ...)
 	NOT-FOR-US: AnyDesk
 CVE-2021-40853 (TCMAN GIM does not perform an authorization check when trying to acces ...)
@@ -23257,7 +23257,7 @@ CVE-2021-40597
 CVE-2021-40596
 	RESERVED
 CVE-2021-40595 (SQL injection vulnerability in Sourcecodester Online Leave Management  ...)
-	TODO: check
+	NOT-FOR-US: Sourcecodester
 CVE-2021-40594
 	RESERVED
 CVE-2021-40593
@@ -24158,7 +24158,7 @@ CVE-2021-40249
 CVE-2021-40248
 	RESERVED
 CVE-2021-40247 (SQL injection vulnerability in Sourcecodester Budget and Expense Track ...)
-	TODO: check
+	NOT-FOR-US: Sourcecodester
 CVE-2021-40246
 	RESERVED
 CVE-2021-40245
@@ -36977,7 +36977,7 @@ CVE-2021-35005
 CVE-2021-35004 (This vulnerability allows remote attackers to execute arbitrary code o ...)
 	TODO: check
 CVE-2021-35003 (This vulnerability allows remote attackers to execute arbitrary code o ...)
-	TODO: check
+	NOT-FOR-US: TP-Link
 CVE-2021-35002
 	RESERVED
 CVE-2021-35001



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c5dc006663a8169309899a6930c82372a740dba8

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c5dc006663a8169309899a6930c82372a740dba8
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220121/b5669d05/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list