[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Mon Jan 31 08:32:34 GMT 2022 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
13f6ffcf by Salvatore Bonaccorso at 2022-01-31T09:32:12+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -308,13 +308,13 @@ CVE-2022-24126
 CVE-2022-24125
 	RESERVED
 CVE-2022-24124 (The query API in Casdoor before 1.13.1 has a SQL injection vulnerabili ...)
-	TODO: check
+	NOT-FOR-US: Casdoor
 CVE-2022-24123 (MarkText through 0.16.3 does not sanitize the input of a mermaid block ...)
 	TODO: check
 CVE-2022-24121
 	RESERVED
 CVE-2021-46660 (Signiant Manager+Agents before 15.1 allows XML External Entity (XXE) a ...)
-	TODO: check
+	NOT-FOR-US: Signiant Manager+Agents
 CVE-2021-46659 (MariaDB before 10.7.2 allows an application crash because it does not  ...)
 	- mariadb-10.6 <unfixed>
 	- mariadb-10.5 <unfixed>
@@ -641,7 +641,7 @@ CVE-2022-24034
 CVE-2022-24033
 	RESERVED
 CVE-2022-24032 (Adenza AxiomSL ControllerView through 10.8.1 is vulnerable to user enu ...)
-	TODO: check
+	NOT-FOR-US: Adenza AxiomSL ControllerView
 CVE-2022-24031
 	RESERVED
 CVE-2022-24030
@@ -1673,7 +1673,7 @@ CVE-2022-23850 (xhtml_translate_entity in xhtml.c in epub2txt (aka epub2txt2) th
 CVE-2022-23849
 	RESERVED
 CVE-2022-0339 (Server-Side Request Forgery (SSRF) in Pypi calibreweb prior to 0.6.16. ...)
-	TODO: check
+	NOT-FOR-US: calibre-web
 CVE-2022-0338 (Improper Privilege Management in Conda loguru prior to 0.5.3. ...)
 	- loguru <unfixed> (unimportant)
 	NOTE: https://huntr.dev/bounties/359bea50-2bc6-426a-b2f9-175d401b1ed0/
@@ -2819,7 +2819,7 @@ CVE-2022-23411
 CVE-2022-23410
 	RESERVED
 CVE-2022-23409 (The Logs plugin before 3.0.4 for Craft CMS allows remote attackers to  ...)
-	TODO: check
+	NOT-FOR-US: Craft CMS
 CVE-2022-23408 (wolfSSL 5.x before 5.1.1 uses non-random IV values in certain situatio ...)
 	- wolfssl <unfixed> (bug #1004181)
 	[bullseye] - wolfssl <not-affected> (Vulnerable code introduced later)
@@ -3020,7 +3020,7 @@ CVE-2022-21796 (A memory corruption vulnerability exists in the netserver parse_
 CVE-2022-0274 (Cross-site Scripting (XSS) - Stored in NuGet OrchardCore.Application.C ...)
 	NOT-FOR-US: Orchard CMS
 CVE-2022-0273 (Improper Access Control in Pypi calibreweb prior to 0.6.16. ...)
-	TODO: check
+	NOT-FOR-US: calibre-web
 CVE-2022-0272
 	RESERVED
 CVE-2022-0271
@@ -4244,7 +4244,7 @@ CVE-2022-22996
 CVE-2022-22995
 	RESERVED
 CVE-2022-22994 (A remote code execution vulnerability was discovered on Western Digita ...)
-	TODO: check
+	NOT-FOR-US: Western Digital
 CVE-2022-22993 (A limited SSRF vulnerability was discovered on Western Digital My Clou ...)
 	NOT-FOR-US: Western Digital
 CVE-2022-22992 (A command injection remote code execution vulnerability was discovered ...)
@@ -4414,7 +4414,7 @@ CVE-2022-22921
 CVE-2022-22920
 	RESERVED
 CVE-2022-22919 (Adenza AxiomSL ControllerView through 10.8.1 allows redirection for SS ...)
-	TODO: check
+	NOT-FOR-US: Adenza AxiomSL ControllerView
 CVE-2022-22918
 	RESERVED
 CVE-2022-22917
@@ -9990,7 +9990,7 @@ CVE-2021-4126
 	- thunderbird 1:91.4.1-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-55/#CVE-2021-4126
 CVE-2021-26264 (A specially crafted script could cause the DeltaV Distributed Control  ...)
-	TODO: check
+	NOT-FOR-US: DeltaV Distributed Control System Controllers
 CVE-2021-23173 (The affected product is vulnerable to an improper access control, whic ...)
 	NOT-FOR-US: Philips
 CVE-2021-23157 (WECON LeviStudioU Versions 2019-09-21 and prior are vulnerable to a he ...)
@@ -25826,9 +25826,9 @@ CVE-2021-40399
 CVE-2021-40398
 	RESERVED
 CVE-2021-40397 (A privilege escalation vulnerability exists in the installation of Adv ...)
-	TODO: check
+	NOT-FOR-US: Advantech
 CVE-2021-40396 (A privilege escalation vulnerability exists in the installation of Adv ...)
-	TODO: check
+	NOT-FOR-US: Advantech
 CVE-2021-40395
 	REJECTED
 CVE-2021-40394 (An out-of-bounds write vulnerability exists in the RS-274X aperture ma ...)
@@ -25860,9 +25860,9 @@ CVE-2021-40391 (An out-of-bounds write vulnerability exists in the drill format
 CVE-2021-40390
 	RESERVED
 CVE-2021-40389 (A privilege escalation vulnerability exists in the installation of Adv ...)
-	TODO: check
+	NOT-FOR-US: Advantech
 CVE-2021-40388 (A privilege escalation vulnerability exists in Advantech SQ Manager Se ...)
-	TODO: check
+	NOT-FOR-US: Advantech
 CVE-2021-40387 (An issue was discovered in the server software in Kaseya Unitrends Bac ...)
 	NOT-FOR-US: Kaseya Unitrends Backup Software
 CVE-2021-40386
@@ -25979,11 +25979,11 @@ CVE-2021-40342
 CVE-2021-40341
 	RESERVED
 CVE-2021-40340 (Information Exposure vulnerability in Hitachi Energy LinkOne applicati ...)
-	TODO: check
+	NOT-FOR-US: Hitachi
 CVE-2021-40339 (Configuration vulnerability in Hitachi Energy LinkOne application due  ...)
-	TODO: check
+	NOT-FOR-US: Hitachi
 CVE-2021-40338 (Hitachi Energy LinkOne product, has a vulnerability due to a web serve ...)
-	TODO: check
+	NOT-FOR-US: Hitachi
 CVE-2021-40337 (Cross-site Scripting (XSS) vulnerability in Hitachi Energy LinkOne all ...)
 	NOT-FOR-US: Hitachi
 CVE-2021-40336



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/13f6ffcfb73092a83700d6cba7c24e54266de942

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/13f6ffcfb73092a83700d6cba7c24e54266de942
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220131/1b73ae3c/attachment.htm>

More information about the debian-security-tracker-commits mailing list