[Git][security-tracker-team/security-tracker][master] Process some more new NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed Jan 26 08:40:32 GMT 2022



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
eec0ff69 by Salvatore Bonaccorso at 2022-01-26T09:40:04+01:00
Process some more new NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -61,9 +61,9 @@ CVE-2022-0370
 CVE-2022-0369
 	RESERVED
 CVE-2021-46560 (The firmware on Moxa TN-5900 devices through 3.1 allows command inject ...)
-	TODO: check
+	NOT-FOR-US: Moxa
 CVE-2021-46559 (The firmware on Moxa TN-5900 devices through 3.1 has a weak algorithm  ...)
-	TODO: check
+	NOT-FOR-US: Moxa
 CVE-2019-25056 (In Bromite through 78.0.3904.130, there are adblock rules in the relea ...)
 	NOT-FOR-US: Bromite
 CVE-2022-23947
@@ -71,9 +71,9 @@ CVE-2022-23947
 CVE-2022-23946
 	RESERVED
 CVE-2022-23945 (Missing authentication on ShenYu Admin when register by HTTP. This iss ...)
-	TODO: check
+	NOT-FOR-US: Apache ShenYu Admin
 CVE-2022-23944 (User can access /plugin api without authentication. This issue affecte ...)
-	TODO: check
+	NOT-FOR-US: Apache ShenYu Admin
 CVE-2022-23943
 	RESERVED
 CVE-2022-23942
@@ -2416,7 +2416,7 @@ CVE-2022-23260
 CVE-2022-23259
 	RESERVED
 CVE-2022-23258 (Microsoft Edge for Android Spoofing Vulnerability. ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2022-23257
 	RESERVED
 CVE-2022-23256
@@ -2486,7 +2486,7 @@ CVE-2022-23225
 CVE-2022-23224
 	RESERVED
 CVE-2022-23223 (The HTTP response will disclose the user password. This issue affected ...)
-	TODO: check
+	NOT-FOR-US: Apache ShenYu Admin
 CVE-2022-23221 (H2 Console before 2.1.210 allows remote attackers to execute arbitrary ...)
 	- h2database <unfixed>
 	NOTE: https://github.com/h2database/h2database/releases/tag/version-2.1.210
@@ -3165,11 +3165,11 @@ CVE-2022-23018 (On BIG-IP AFM version 16.1.x before 16.1.2, 15.1.x before 15.1.4
 CVE-2022-23017 (On BIG-IP version 16.x before 16.1.0, 15.1.x before 15.1.4.1, 14.1.x b ...)
 	NOT-FOR-US: F5 BIG-IP
 CVE-2022-23016 (On versions 16.1.x before 16.1.2 and 15.1.x before 15.1.4.1, when BIG- ...)
-	TODO: check
+	NOT-FOR-US: F5 BIG-IP
 CVE-2022-23015 (On BIG-IP versions 16.x before 16.1.0, 15.1.x before 15.1.4.1, and 14. ...)
 	NOT-FOR-US: F5 BIG-IP
 CVE-2022-23014 (On versions 16.1.x before 16.1.2 and 15.1.x before 15.1.4.1, when BIG- ...)
-	TODO: check
+	NOT-FOR-US: F5 BIG-IP
 CVE-2022-23013 (On BIG-IP DNS & GTM version 16.x before 16.1.0, 15.1.x before 15.1 ...)
 	NOT-FOR-US: F5 BIG-IP
 CVE-2022-23012 (On BIG-IP versions 15.1.x before 15.1.4.1 and 14.1.x before 14.1.4.5,  ...)
@@ -3181,7 +3181,7 @@ CVE-2022-23010 (On BIG-IP versions 16.x before 16.1.0, 15.1.x before 15.1.4.1, 1
 CVE-2022-23009 (On BIG-IQ Centralized Management 8.x before 8.1.0, an authenticated ad ...)
 	NOT-FOR-US: F5 BIG-IP
 CVE-2022-23008 (On NGINX Controller API Management versions 3.18.0-3.19.0, an authenti ...)
-	TODO: check
+	NOT-FOR-US: F5 BIG-IP
 CVE-2022-23007
 	RESERVED
 CVE-2022-23006
@@ -5471,7 +5471,7 @@ CVE-2021-46115
 CVE-2021-46114
 	RESERVED
 CVE-2021-46113 (In MartDevelopers KEA-Hotel-ERP open source as of 12-31-2021, a remote ...)
-	TODO: check
+	NOT-FOR-US: MartDevelopers KEA-Hotel-ERP open source
 CVE-2021-46112
 	RESERVED
 CVE-2021-46111
@@ -5519,15 +5519,15 @@ CVE-2021-46091
 CVE-2021-46090
 	RESERVED
 CVE-2021-46089 (In JeecgBoot 3.0, there is a SQL injection vulnerability that can oper ...)
-	TODO: check
+	NOT-FOR-US: JeecgBoot
 CVE-2021-46088
 	RESERVED
 CVE-2021-46087 (In jfinal_cms >= 5.1 0, there is a storage XSS vulnerability in the ...)
-	TODO: check
+	NOT-FOR-US: jfinal_cms
 CVE-2021-46086 (xzs-mysql >= t3.4.0 is vulnerable to Insecure Permissions. The fron ...)
-	TODO: check
+	NOT-FOR-US: xzs-mysql
 CVE-2021-46085 (OneBlog <= 2.2.8 is vulnerable to Insecure Permissions. Low level a ...)
-	TODO: check
+	NOT-FOR-US: OneBlog
 CVE-2021-46084 (uscat, as of 2021-12-28, is vulnerable to Cross Site Scripting (XSS) v ...)
 	TODO: check
 CVE-2021-46083 (uscat, as of 2021-12-28, is vulnerable to Cross Site Scripting (XSS) v ...)
@@ -5671,9 +5671,9 @@ CVE-2021-46036
 CVE-2021-46035
 	RESERVED
 CVE-2021-46034 (A problem was found in ForestBlog, as of 2021-12-29, there is a XSS vu ...)
-	TODO: check
+	NOT-FOR-US: ForestBlog
 CVE-2021-46033 (In ForestBlog, as of 2021-12-28, File upload can bypass verification. ...)
-	TODO: check
+	NOT-FOR-US: ForestBlog
 CVE-2021-46032
 	RESERVED
 CVE-2021-46031
@@ -6559,9 +6559,9 @@ CVE-2021-45805
 CVE-2021-45804
 	RESERVED
 CVE-2021-45803 (MartDevelopers iResturant 1.0 is vulnerable to SQL Injection. SQL Inje ...)
-	TODO: check
+	NOT-FOR-US: MartDevelopers iResturant
 CVE-2021-45802 (MartDevelopers iResturant 1.0 is vulnerable to SQL Injection. SQL Inje ...)
-	TODO: check
+	NOT-FOR-US: MartDevelopers iResturant
 CVE-2021-45801
 	RESERVED
 CVE-2021-45800
@@ -8616,15 +8616,15 @@ CVE-2021-45228
 CVE-2021-45227
 	RESERVED
 CVE-2021-45226 (An issue was discovered in COINS Construction Cloud 11.12. Due to impr ...)
-	TODO: check
+	NOT-FOR-US: COINS Construction Cloud
 CVE-2021-45225 (An issue was discovered in COINS Construction Cloud 11.12. Due to impr ...)
-	TODO: check
+	NOT-FOR-US: COINS Construction Cloud
 CVE-2021-45224 (An issue was discovered in COINS Construction Cloud 11.12. In several  ...)
-	TODO: check
+	NOT-FOR-US: COINS Construction Cloud
 CVE-2021-45223 (An issue was discovered in COINS Construction Cloud 11.12. Due to insu ...)
-	TODO: check
+	NOT-FOR-US: COINS Construction Cloud
 CVE-2021-45222 (An issue was discovered in COINS Construction Cloud 11.12. Due to logi ...)
-	TODO: check
+	NOT-FOR-US: COINS Construction Cloud
 CVE-2021-45221
 	RESERVED
 CVE-2021-45220
@@ -9550,7 +9550,7 @@ CVE-2021-44983
 CVE-2021-44982
 	RESERVED
 CVE-2021-44981 (In QuickBox Pro v2.5.8 and below, the config.php file has a variable w ...)
-	TODO: check
+	NOT-FOR-US: QuickBox Pro
 CVE-2021-44980
 	RESERVED
 CVE-2021-44979



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/eec0ff698f970822b9057c479b4412026c557bce

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/eec0ff698f970822b9057c479b4412026c557bce
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220126/742e948d/attachment-0001.htm>


More information about the debian-security-tracker-commits mailing list