[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Jun 7 08:22:06 BST 2022 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
1c1aa1f2 by Salvatore Bonaccorso at 2022-06-07T09:21:43+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -4785,7 +4785,7 @@ CVE-2022-30708 (Webmin through 1.991, when the Authentic theme is used, allows r
 CVE-2022-1717
 	RESERVED
 CVE-2022-1716 (Keep My Notes v1.80.147 allows an attacker with physical access to the ...)
-	TODO: check
+	NOT-FOR-US: Keep My Notes
 CVE-2022-30703
 	RESERVED
 CVE-2022-30702
@@ -7707,7 +7707,7 @@ CVE-2022-29786
 CVE-2022-29785
 	RESERVED
 CVE-2022-29784 (PublicCMS V4.0.202204.a and below contains an information leak via the ...)
-	TODO: check
+	NOT-FOR-US: PublicCMS
 CVE-2022-29783
 	RESERVED
 CVE-2022-29782
@@ -7719,7 +7719,7 @@ CVE-2022-29780 (Nginx NJS v0.7.2 was discovered to contain a segmentation violat
 CVE-2022-29779 (Nginx NJS v0.7.2 was discovered to contain a segmentation violation in ...)
 	NOT-FOR-US: njs
 CVE-2022-29778 (** UNSUPPORTED WHEN ASSIGNED ** D-Link DIR-890L 1.20b01 allows attacke ...)
-	TODO: check
+	NOT-FOR-US: D-Link
 CVE-2022-29777 (Onlyoffice Document Server v6.0.0 and below and Core 6.1.0.26 and belo ...)
 	NOT-FOR-US: Onlyoffice Document Server
 CVE-2022-29776 (Onlyoffice Document Server v6.0.0 and below and Core 6.1.0.26 and belo ...)
@@ -7729,13 +7729,13 @@ CVE-2022-29775
 CVE-2022-29774
 	RESERVED
 CVE-2022-29773 (An access control issue in aleksis/core/util/auth_helpers.py: ClientPr ...)
-	TODO: check
+	NOT-FOR-US: AlekSIS
 CVE-2022-29772
 	RESERVED
 CVE-2022-29771
 	RESERVED
 CVE-2022-29770 (XXL-Job v2.3.0 was discovered to contain a stored cross-site scripting ...)
-	TODO: check
+	NOT-FOR-US: XXL-Job
 CVE-2022-29769
 	RESERVED
 CVE-2022-29768
@@ -8261,13 +8261,13 @@ CVE-2022-1426 (An issue has been discovered in GitLab affecting all versions sta
 CVE-2022-1425 (The WPQA Builder Plugin WordPress plugin before 5.2, used as a compani ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-1424 (The Ask me WordPress theme before 6.8.2 does not perform CSRF checks f ...)
-	TODO: check
+	NOT-FOR-US: WordPress theme
 CVE-2022-1423 (Improper access control in the CI/CD cache mechanism in GitLab CE/EE a ...)
 	TODO: check
 CVE-2022-1422 (The Discy WordPress theme before 5.2 does not check for CSRF tokens in ...)
-	TODO: check
+	NOT-FOR-US: WordPress theme
 CVE-2022-1421 (The Discy WordPress theme before 5.2 lacks CSRF checks in some AJAX ac ...)
-	TODO: check
+	NOT-FOR-US: WordPress theme
 CVE-2022-1420 (Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior  ...)
 	- vim 2:8.2.4793-1
 	[bullseye] - vim <no-dsa> (Minor issue)
@@ -10741,7 +10741,7 @@ CVE-2022-1243 (CRHTLF can lead to invalid protocol extraction potentially leadin
 CVE-2022-1242
 	RESERVED
 CVE-2022-1241 (The Ask me WordPress theme before 6.8.2 does not properly sanitise and ...)
-	TODO: check
+	NOT-FOR-US: WordPress theme
 CVE-2022-28796 (jbd2_journal_wait_updates in fs/jbd2/transaction.c in the Linux kernel ...)
 	- linux <not-affected> (Vulnerable code not present)
 	NOTE: https:/git.kernel.org/linus/cc16eecae687912238ee6efbff71ad31e2bc414e (5.18-rc1)
@@ -18157,7 +18157,7 @@ CVE-2022-26136
 CVE-2022-26135
 	RESERVED
 CVE-2022-26134 (In affected versions of Confluence Server and Data Center, an OGNL inj ...)
-	TODO: check
+	NOT-FOR-US: Atlassian Confluence Server and Data Center
 CVE-2022-26133 (SharedSecretClusterAuthenticator in Atlassian Bitbucket Data Center ve ...)
 	NOT-FOR-US: Atlassian Bitbucket Data Center
 CVE-2022-26132
@@ -41465,7 +41465,7 @@ CVE-2021-43273 (An Out-of-bounds Read vulnerability exists in the DGN file readi
 CVE-2021-43272 (An improper handling of exceptional conditions vulnerability exists in ...)
 	NOT-FOR-US: Open Design Alliance ODA Viewer
 CVE-2021-43271 (Riverbed AppResponse 11.8.0, 11.8.5, 11.8.5a, 11.9.0, 11.9.0a, 11.10.0 ...)
-	TODO: check
+	NOT-FOR-US: Riverbed AppResponse
 CVE-2021-43270 (Datalust Seq.App.EmailPlus (aka seq-app-htmlemail) 3.1.0-dev-00148, 3. ...)
 	NOT-FOR-US: Datalust Seq.App.HtmlEmail (aka Seq.App.EmailPlus)
 CVE-2021-43269 (In Code42 app before 8.8.0, eval injection allows an attacker to chang ...)
@@ -46302,7 +46302,7 @@ CVE-2021-42247
 CVE-2021-42246
 	RESERVED
 CVE-2021-42245 (FlatCore-CMS 2.0.9 has a cross-site scripting (XSS) vulnerability in p ...)
-	TODO: check
+	NOT-FOR-US: FlatCore-CMS
 CVE-2021-42244 (A cross-site scripting (XSS) vulnerability in PaquitoSoftware Notimoo  ...)
 	NOT-FOR-US: PaquitoSoftware Notimoo
 CVE-2021-42243
@@ -66506,7 +66506,7 @@ CVE-2021-34081 (OS Command Injection vulnerability in bbultman gitsome through 0
 CVE-2021-34080 (OS Command Injection vulnerability in es128 ssl-utils 1.0.0 for Node.j ...)
 	TODO: check
 CVE-2021-34079 (OS Command injection vulnerability in Mintzo Docker-Tester through 1.2 ...)
-	TODO: check
+	NOT-FOR-US: Mintzo Docker-Tester
 CVE-2021-34078 (lifion-verify-dependencies through 1.1.0 is vulnerable to OS command i ...)
 	TODO: check
 CVE-2021-34077



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1c1aa1f2ac5505f6ea7fc98ac63568262d7dc6bd

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1c1aa1f2ac5505f6ea7fc98ac63568262d7dc6bd
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220607/f2df6965/attachment.htm>

More information about the debian-security-tracker-commits mailing list