[Git][security-tracker-team/security-tracker][master] Process NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Sun Jan 23 13:46:51 GMT 2022 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
a476057f by Salvatore Bonaccorso at 2022-01-23T14:46:22+01:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -191,7 +191,7 @@ CVE-2022-23780
 CVE-2022-21147
 	RESERVED
 CVE-2022-0323 (Improper Neutralization of Special Elements Used in a Template Engine  ...)
-	TODO: check
+	NOT-FOR-US: Mustache (implementation in PHP)
 CVE-2022-0322 [DoS in sctp_addto_chunk in net/sctp/sm_make_chunk.c]
 	RESERVED
 	- linux 5.14.16-1
@@ -1595,7 +1595,7 @@ CVE-2022-0245 (Cross-Site Request Forgery (CSRF) in GitHub repository livehelper
 CVE-2022-0244 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
 	- gitlab <unfixed>
 CVE-2022-0243 (Cross-site Scripting (XSS) - Stored in NuGet OrchardCore.Application.C ...)
-	TODO: check
+	NOT-FOR-US: Orchard CMS
 CVE-2022-23302 (JMSSink in all versions of Log4j 1.x is vulnerable to deserialization  ...)
 	- apache-log4j1.2 <unfixed>
 	NOTE: https://www.openwall.com/lists/oss-security/2022/01/18/3
@@ -9146,7 +9146,7 @@ CVE-2021-4104 (JMSAppender in Log4j 1.2 is vulnerable to deserialization of untr
 	NOTE: Issue for Log4j 1.2 when specifically configured to use JMSAppender (not the default)
 	NOTE: https://www.openwall.com/lists/oss-security/2021/12/13/2
 CVE-2021-4103 (Cross-site Scripting (XSS) - Stored in GitHub repository vanessa219/vd ...)
-	TODO: check
+	NOT-FOR-US: vditor
 CVE-2021-44832 (Apache Log4j2 versions 2.0-beta7 through 2.17.0 (excluding security fi ...)
 	{DLA-2870-1}
 	- apache-log4j2 2.17.1-1 (bug #1002813)
@@ -10426,7 +10426,7 @@ CVE-2021-33843 (Fresenius Kabi Agilia Link + version 3.0 has a default configura
 CVE-2021-31562 (The SSL/TLS configuration of Fresenius Kabi Agilia Link + version 3.0  ...)
 	NOT-FOR-US: Fresenius Kabi Agilia Link
 CVE-2021-23236 (Requests may be used to interrupt the normal operation of the device.  ...)
-	TODO: check
+	NOT-FOR-US: Fresenius Kabi Agilia Link+
 CVE-2021-23233 (Sensitive endpoints in Fresenius Kabi Agilia Link+ v3.0 and prior can  ...)
 	NOT-FOR-US: Fresenius Kabi Agilia Link
 CVE-2021-23207 (An attacker with physical access to the host can extract the secrets f ...)
@@ -11861,7 +11861,7 @@ CVE-2022-21709
 CVE-2022-21708 (graphql-go is a GraphQL server with a focus on ease of use. In version ...)
 	TODO: check
 CVE-2022-21707 (wasmCloud Host Runtime is a server process that securely hosts and pro ...)
-	TODO: check
+	NOT-FOR-US: wasmCloud Host Runtime
 CVE-2022-21706
 	RESERVED
 CVE-2022-21705
@@ -20232,7 +20232,7 @@ CVE-2021-41866 (MyBB before 1.8.28 allows stored XSS because the displayed Templ
 CVE-2021-3853 (chaskiq is vulnerable to Improper Neutralization of Input During Web P ...)
 	NOT-FOR-US: chaskiq
 CVE-2021-3852 (growi is vulnerable to Authorization Bypass Through User-Controlled Ke ...)
-	TODO: check
+	NOT-FOR-US: GROWI
 CVE-2021-41865 (HashiCorp Nomad and Nomad Enterprise 1.1.1 through 1.1.5 allowed authe ...)
 	- nomad <not-affected> (Only affects 1.1.x)
 	NOTE: https://discuss.hashicorp.com/t/hcsec-2021-26-nomad-denial-of-service-via-submission-of-incomplete-job-specification-using-consul-mesh-gateway-host-network/30311
@@ -26033,7 +26033,7 @@ CVE-2021-39482
 CVE-2021-39481
 	RESERVED
 CVE-2021-39480 (Bingrep v0.8.5 was discovered to contain a memory allocation failure w ...)
-	TODO: check
+	NOT-FOR-US: bingrep
 CVE-2021-39479
 	RESERVED
 CVE-2021-39478
@@ -27941,13 +27941,13 @@ CVE-2021-38698 (HashiCorp Consul and Consul Enterprise 1.10.1 Txn.Apply endpoint
 	NOTE: https://discuss.hashicorp.com/t/hcsec-2021-24-consul-missing-authorization-check-on-txn-apply-endpoint/29026
 	NOTE: https://github.com/hashicorp/consul/commit/747844bad6410091f2c6e961216c0c5fc285a44d (v1.8.15)
 CVE-2021-38697 (SoftVibe SARABAN for INFOMA 1.1 allows Unauthenticated unrestricted Fi ...)
-	TODO: check
+	NOT-FOR-US: SoftVibe SARABAN for INFOMA
 CVE-2021-38696 (SoftVibe SARABAN for INFOMA 1.1 has Incorrect Access Control vulnerabi ...)
-	TODO: check
+	NOT-FOR-US: SoftVibe SARABAN for INFOMA
 CVE-2021-38695 (SoftVibe SARABAN for INFOMA 1.1 is vulnerable to stored cross-site scr ...)
-	TODO: check
+	NOT-FOR-US: SoftVibe SARABAN for INFOMA
 CVE-2021-38694 (SoftVibe SARABAN for INFOMA 1.1 allows SQL Injection. ...)
-	TODO: check
+	NOT-FOR-US: SoftVibe SARABAN for INFOMA
 CVE-2020-36473 (UCWeb UC 12.12.3.1219 through 12.12.3.1226 uses cleartext HTTP, and th ...)
 	NOT-FOR-US: UCWeb UC
 CVE-2021-38693
@@ -33863,7 +33863,7 @@ CVE-2021-36340 (Dell EMC SCG 5.00.00.10 and earlier, contain a sensitive informa
 CVE-2021-36339 (The Dell EMC Virtual Appliances before 9.2.2.2 contain undocumented us ...)
 	NOT-FOR-US: EMC
 CVE-2021-36338 (Unisphere for PowerMax versions prior to 9.2.2.2 contains a privilege  ...)
-	TODO: check
+	NOT-FOR-US: Unisphere for PowerMax
 CVE-2021-36337 (Dell Wyse Management Suite version 3.3.1 and prior support insecure Tr ...)
 	NOT-FOR-US: Dell
 CVE-2021-36336 (Wyse Management Suite 3.3.1 and below versions contain a deserializati ...)
@@ -37052,7 +37052,7 @@ CVE-2021-35006
 CVE-2021-35005
 	RESERVED
 CVE-2021-35004 (This vulnerability allows remote attackers to execute arbitrary code o ...)
-	TODO: check
+	NOT-FOR-US: TP-Link
 CVE-2021-35003 (This vulnerability allows remote attackers to execute arbitrary code o ...)
 	NOT-FOR-US: TP-Link
 CVE-2021-35002
@@ -97626,7 +97626,7 @@ CVE-2020-23317
 CVE-2020-23316
 	RESERVED
 CVE-2020-23315 (There is an ASSERTION (pFuncBody->GetYieldRegister() == oldYieldReg ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2020-23314 (There is an Assertion 'block_found' failed at js-parser-statm.c:2003 p ...)
 	- iotjs <unfixed> (bug #989991)
 	[bullseye] - iotjs <no-dsa> (Minor issue)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a476057fccc1a15bfc4975b8edb4724ee167e8d9

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a476057fccc1a15bfc4975b8edb4724ee167e8d9
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220123/a4ce9b43/attachment.htm>

More information about the debian-security-tracker-commits mailing list