[Git][security-tracker-team/security-tracker][master] Process NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Sat Jan 29 08:25:16 GMT 2022 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
0abbb35f by Salvatore Bonaccorso at 2022-01-29T09:24:49+01:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -157,7 +157,7 @@ CVE-2022-24070
 CVE-2022-0396
 	RESERVED
 CVE-2022-0395 (Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat ...)
-	TODO: check
+	NOT-FOR-US: livehelperchat
 CVE-2022-0394 (Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat ...)
 	NOT-FOR-US: livehelperchat
 CVE-2022-0393 (Out-of-bounds Read in Conda vim prior to 8.2. ...)
@@ -855,11 +855,11 @@ CVE-2022-23891
 CVE-2022-23890
 	RESERVED
 CVE-2022-23889 (The comment function in YzmCMS v6.3 was discovered as being able to be ...)
-	TODO: check
+	NOT-FOR-US: YzmCMS
 CVE-2022-23888 (YzmCMS v6.3 was discovered to contain a Cross-Site Request Forgey (CSR ...)
-	TODO: check
+	NOT-FOR-US: YzmCMS
 CVE-2022-23887 (YzmCMS v6.3 was discovered to contain a Cross-Site Request Forgery (CS ...)
-	TODO: check
+	NOT-FOR-US: YzmCMS
 CVE-2022-23886
 	RESERVED
 CVE-2022-23885
@@ -905,7 +905,7 @@ CVE-2022-23866
 CVE-2022-23865
 	RESERVED
 CVE-2022-0352 (Cross-site Scripting (XSS) - Reflected in Pypi calibreweb prior to 0.6 ...)
-	TODO: check
+	NOT-FOR-US: calibre-web
 CVE-2022-0351 (Access of Memory Location Before Start of Buffer in Conda vim prior to ...)
 	- vim <unfixed>
 	[bullseye] - vim <no-dsa> (Minor issue)
@@ -1151,15 +1151,15 @@ CVE-2021-46450
 CVE-2021-46449
 	RESERVED
 CVE-2021-46448 (H.H.G Multistore v5.1.0 and below was discovered to contain a SQL inje ...)
-	TODO: check
+	NOT-FOR-US: H.H.G Multistore
 CVE-2021-46447 (A cross-site scripting (XSS) vulnerability in H.H.G Multistore v5.1.0  ...)
-	TODO: check
+	NOT-FOR-US: H.H.G Multistore
 CVE-2021-46446 (H.H.G Multistore v5.1.0 and below was discovered to contain a SQL inje ...)
-	TODO: check
+	NOT-FOR-US: H.H.G Multistore
 CVE-2021-46445 (H.H.G Multistore v5.1.0 and below was discovered to contain a SQL inje ...)
-	TODO: check
+	NOT-FOR-US: H.H.G Multistore
 CVE-2021-46444 (H.H.G Multistore v5.1.0 and below was discovered to contain a SQL inje ...)
-	TODO: check
+	NOT-FOR-US: H.H.G Multistore
 CVE-2021-46443
 	RESERVED
 CVE-2021-46442
@@ -1624,7 +1624,7 @@ CVE-2022-23729
 CVE-2022-23728 (Attacker can reset the device with AT Command in the process of reboot ...)
 	NOT-FOR-US: LG
 CVE-2022-23727 (There is a privilege escalation vulnerability in some webOS TVs. Due t ...)
-	TODO: check
+	NOT-FOR-US: LG
 CVE-2022-23726
 	RESERVED
 CVE-2022-23725
@@ -2174,7 +2174,7 @@ CVE-2022-0312
 CVE-2022-0299
 	RESERVED
 CVE-2022-23456 (Potential arbitrary file deletion vulnerability has been identified in ...)
-	TODO: check
+	NOT-FOR-US: HP
 CVE-2022-23455
 	RESERVED
 CVE-2022-23454
@@ -3862,9 +3862,9 @@ CVE-2022-22995
 CVE-2022-22994 (A remote code execution vulnerability was discovered on Western Digita ...)
 	TODO: check
 CVE-2022-22993 (A limited SSRF vulnerability was discovered on Western Digital My Clou ...)
-	TODO: check
+	NOT-FOR-US: Western Digital
 CVE-2022-22992 (A command injection remote code execution vulnerability was discovered ...)
-	TODO: check
+	NOT-FOR-US: Western Digital
 CVE-2022-22991 (A malicious user on the same LAN could use DNS spoofing followed by a  ...)
 	NOT-FOR-US: Western Digital / My Cloud OS 5 Firmware
 CVE-2022-22990 (A limited authentication bypass vulnerability was discovered that coul ...)
@@ -3992,7 +3992,7 @@ CVE-2022-22940
 CVE-2022-22939
 	RESERVED
 CVE-2022-22938 (VMware Workstation (16.x prior to 16.2.2) and Horizon Client for Windo ...)
-	TODO: check
+	NOT-FOR-US: VMware
 CVE-2022-22937
 	RESERVED
 CVE-2022-22936
@@ -18351,7 +18351,7 @@ CVE-2021-42793
 CVE-2021-42792
 	RESERVED
 CVE-2021-42791 (An issue was discovered in VeridiumID VeridiumAD 2.5.3.0. The HTTP req ...)
-	TODO: check
+	NOT-FOR-US: VeridiumID
 CVE-2021-42790
 	RESERVED
 CVE-2021-42789



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0abbb35f3601aaf5501c8e28c12248a82ad33aa2

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0abbb35f3601aaf5501c8e28c12248a82ad33aa2
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220129/1f89f892/attachment.htm>

More information about the debian-security-tracker-commits mailing list