[Git][security-tracker-team/security-tracker][master] Process some NFUs

Neil Williams (@codehelp) codehelp at debian.org
Thu Jul 7 09:43:41 BST 2022 


Neil Williams pushed to branch master at Debian Security Tracker / security-tracker


Commits:
f714b048 by Neil Williams at 2022-07-07T09:43:20+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -12314,7 +12314,7 @@ CVE-2022-30621
 CVE-2022-30620
 	RESERVED
 CVE-2022-30619 (Editable SQL Queries behind Base64 encoding sending from the Client-Si ...)
-	TODO: check
+	NOT-FOR-US: Agile Point
 CVE-2022-30618 (An authenticated user with access to the Strapi admin panel can view p ...)
 	NOT-FOR-US: Strapi
 CVE-2022-30617 (An authenticated user with access to the Strapi admin panel can view p ...)
@@ -35370,9 +35370,9 @@ CVE-2022-23175
 CVE-2022-23174
 	RESERVED
 CVE-2022-23173 (this vulnerability affect user that even not allowed to access via the ...)
-	TODO: check
+	NOT-FOR-US: Priority
 CVE-2022-23172 (An attacker can access to "Forgot my password" button, as soon as he p ...)
-	TODO: check
+	NOT-FOR-US: Priority
 CVE-2022-23171 (AtlasVPN - Privilege Escalation Lack of proper security controls on na ...)
 	NOT-FOR-US: AtlasVPN
 CVE-2022-23170 (SysAid - Okta SSO integration - was found vulnerable to XML External E ...)
@@ -37273,7 +37273,7 @@ CVE-2022-22683
 CVE-2022-22682
 	RESERVED
 CVE-2022-22681 (Session fixation vulnerability in access control management in Synolog ...)
-	TODO: check
+	NOT-FOR-US: Synology
 CVE-2022-22680 (Exposure of sensitive information to an unauthorized actor vulnerabili ...)
 	NOT-FOR-US: Synology
 CVE-2022-22679 (Improper limitation of a pathname to a restricted directory ('Path Tra ...)
@@ -49619,13 +49619,13 @@ CVE-2022-20864
 CVE-2022-20863
 	RESERVED
 CVE-2022-20862 (A vulnerability in the web-based management interface of Cisco Unified ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2022-20861
 	RESERVED
 CVE-2022-20860
 	RESERVED
 CVE-2022-20859 (A vulnerability in the Disaster Recovery framework of Cisco Unified Co ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2022-20858
 	RESERVED
 CVE-2022-20857
@@ -49713,13 +49713,13 @@ CVE-2022-20817 (A vulnerability in Cisco Unified IP Phones could allow an unauth
 CVE-2022-20816
 	RESERVED
 CVE-2022-20815 (A vulnerability in the web-based management interface of Cisco Unified ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2022-20814
 	RESERVED
 CVE-2022-20813 (Multiple vulnerabilities in the API and in the web-based management in ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2022-20812 (Multiple vulnerabilities in the API and in the web-based management in ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2022-20811
 	RESERVED
 CVE-2022-20810
@@ -49745,7 +49745,7 @@ CVE-2022-20802 (A vulnerability in the web interface of Cisco Enterprise Chat an
 CVE-2022-20801 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
 	NOT-FOR-US: Cisco
 CVE-2022-20800 (A vulnerability in the web-based management interface of Cisco Unified ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2022-20799 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
 	NOT-FOR-US: Cisco
 CVE-2022-20798 (A vulnerability in the external authentication functionality of Cisco  ...)
@@ -49772,7 +49772,7 @@ CVE-2022-20792
 	[buster] - clamav <no-dsa> (clamav is updated via -updates)
 	NOTE: https://blog.clamav.net/2022/05/clamav-01050-01043-01036-released.html
 CVE-2022-20791 (A vulnerability in the database user privileges of Cisco Unified Commu ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2022-20790 (A vulnerability in the web-based management interface of Cisco Unified ...)
 	NOT-FOR-US: Cisco
 CVE-2022-20789 (A vulnerability in the software upgrade process of Cisco Unified Commu ...)
@@ -49830,7 +49830,7 @@ CVE-2022-20770 (On April 20, 2022, the following vulnerability in the ClamAV sca
 CVE-2022-20769
 	RESERVED
 CVE-2022-20768 (A vulnerability in the logging component of Cisco TelePresence Collabo ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2022-20767 (A vulnerability in the Snort rule evaluation function of Cisco Firepow ...)
 	NOT-FOR-US: Cisco Firepower
 CVE-2022-20766
@@ -49862,7 +49862,7 @@ CVE-2022-20754 (Multiple vulnerabilities in the API and web-based management int
 CVE-2022-20753 (A vulnerability in web-based management interface of Cisco Small Busin ...)
 	NOT-FOR-US: Cisco
 CVE-2022-20752 (A vulnerability in Cisco Unified Communications Manager (Unified CM),  ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2022-20751 (A vulnerability in the Snort detection engine integration for Cisco Fi ...)
 	NOT-FOR-US: Cisco Firepower
 CVE-2022-20750 (A vulnerability in the checkpoint manager implementation of Cisco Redu ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f714b048498bcaae09a11063048caf9bd06e3ca8

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f714b048498bcaae09a11063048caf9bd06e3ca8
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220707/1c2006c1/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list