[Git][security-tracker-team/security-tracker][master] Process NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed Jan 26 21:36:53 GMT 2022 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
57b860f5 by Salvatore Bonaccorso at 2022-01-26T22:36:28+01:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -560,25 +560,25 @@ CVE-2021-46485
 CVE-2021-46484
 	RESERVED
 CVE-2021-46483 (Jsish v3.5.0 was discovered to contain a heap buffer overflow via Bool ...)
-	TODO: check
+	NOT-FOR-US: Jsish
 CVE-2021-46482 (Jsish v3.5.0 was discovered to contain a heap buffer overflow via Numb ...)
-	TODO: check
+	NOT-FOR-US: Jsish
 CVE-2021-46481 (Jsish v3.5.0 was discovered to contain a memory leak via linenoise at  ...)
-	TODO: check
+	NOT-FOR-US: Jsish
 CVE-2021-46480 (Jsish v3.5.0 was discovered to contain a heap buffer overflow via jsiV ...)
-	TODO: check
+	NOT-FOR-US: Jsish
 CVE-2021-46479
 	RESERVED
 CVE-2021-46478 (Jsish v3.5.0 was discovered to contain a heap buffer overflow via jsiC ...)
-	TODO: check
+	NOT-FOR-US: Jsish
 CVE-2021-46477 (Jsish v3.5.0 was discovered to contain a heap buffer overflow via RegE ...)
-	TODO: check
+	NOT-FOR-US: Jsish
 CVE-2021-46476
 	RESERVED
 CVE-2021-46475 (Jsish v3.5.0 was discovered to contain a heap buffer overflow via jsi_ ...)
-	TODO: check
+	NOT-FOR-US: Jsish
 CVE-2021-46474 (Jsish v3.5.0 was discovered to contain a heap buffer overflow via jsiE ...)
-	TODO: check
+	NOT-FOR-US: Jsish
 CVE-2021-46473
 	RESERVED
 CVE-2021-46472
@@ -2108,7 +2108,7 @@ CVE-2022-0271
 CVE-2022-0270 (Prior to v0.6.1, bored-agent failed to sanitize incoming kubernetes im ...)
 	TODO: check
 CVE-2022-0269 (Cross-Site Request Forgery (CSRF) in Packagist yetiforce/yetiforce-crm ...)
-	TODO: check
+	NOT-FOR-US: yetiforce-crm
 CVE-2022-0268 (Cross-site Scripting (XSS) - Stored in Packagist getgrav/grav prior to ...)
 	TODO: check
 CVE-2022-0267
@@ -2140,13 +2140,13 @@ CVE-2021-46388
 CVE-2021-46387
 	RESERVED
 CVE-2021-46386 (https://gitee.com/mingSoft/MCMS MCMS <=5.2.5 is affected by: File U ...)
-	TODO: check
+	NOT-FOR-US: MCMS
 CVE-2021-46385 (https://gitee.com/mingSoft/MCMS MCMS <=5.2.5 is affected by: SQL In ...)
-	TODO: check
+	NOT-FOR-US: MCMS
 CVE-2021-46384
 	RESERVED
 CVE-2021-46383 (https://gitee.com/mingSoft/MCMS MCMS <=5.2.5 is affected by: SQL In ...)
-	TODO: check
+	NOT-FOR-US: MCMS
 CVE-2021-46382
 	RESERVED
 CVE-2021-46381
@@ -2389,7 +2389,7 @@ CVE-2022-0253 (livehelperchat is vulnerable to Improper Neutralization of Input
 CVE-2022-0252
 	RESERVED
 CVE-2022-0251 (Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimco ...)
-	TODO: check
+	NOT-FOR-US: pimcore
 CVE-2022-0250
 	RESERVED
 CVE-2022-0249
@@ -3650,11 +3650,11 @@ CVE-2022-22854
 CVE-2022-22853
 	RESERVED
 CVE-2022-22852 (A Stored Cross Site Scripting (XSS) vulnerability exists in Sourcecodt ...)
-	TODO: check
+	NOT-FOR-US: Sourcecodtester
 CVE-2022-22851 (A Stored Cross Site Scripting (XSS) vulnerability exists in Sourcecodt ...)
-	TODO: check
+	NOT-FOR-US: Sourcecodtester
 CVE-2022-22850 (A Stored Cross Site Scripting (XSS) vulnerability exists in Sourcecodt ...)
-	TODO: check
+	NOT-FOR-US: Sourcecodtester
 CVE-2022-22849
 	RESERVED
 CVE-2022-22149
@@ -5584,15 +5584,15 @@ CVE-2021-46120
 CVE-2021-46119
 	RESERVED
 CVE-2021-46118 (jpress 4.2.0 is vulnerable to remote code execution via io.jpress.modu ...)
-	TODO: check
+	NOT-FOR-US: jpress
 CVE-2021-46117 (jpress 4.2.0 is vulnerable to remote code execution via io.jpress.modu ...)
-	TODO: check
+	NOT-FOR-US: jpress
 CVE-2021-46116 (jpress 4.2.0 is vulnerable to remote code execution via io.jpress.web. ...)
-	TODO: check
+	NOT-FOR-US: jpress
 CVE-2021-46115 (jpress 4.2.0 is vulnerable to RCE via io.jpress.web.admin._TemplateCon ...)
-	TODO: check
+	NOT-FOR-US: jpress
 CVE-2021-46114 (jpress v 4.2.0 is vulnerable to RCE via io.jpress.module.product.Produ ...)
-	TODO: check
+	NOT-FOR-US: jpress
 CVE-2021-46113 (In MartDevelopers KEA-Hotel-ERP open source as of 12-31-2021, a remote ...)
 	NOT-FOR-US: MartDevelopers KEA-Hotel-ERP open source
 CVE-2021-46112
@@ -5940,7 +5940,7 @@ CVE-2021-45977
 CVE-2021-45976
 	RESERVED
 CVE-2021-45975 (In ListCheck.exe in Acer Care Center 4.x before 4.00.3038, a vulnerabi ...)
-	TODO: check
+	NOT-FOR-US: Acer
 CVE-2021-45974
 	RESERVED
 CVE-2021-45973



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/57b860f5834513193558c10bd14bd28eff6d9406

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/57b860f5834513193558c10bd14bd28eff6d9406
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220126/a6e12645/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list