[Git][security-tracker-team/security-tracker][master] Process NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Mar 3 20:27:31 GMT 2022 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
cf350b96 by Salvatore Bonaccorso at 2022-03-03T21:27:02+01:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -3320,19 +3320,19 @@ CVE-2022-0587 (Improper Authorization in Packagist librenms/librenms prior to 22
 CVE-2021-46687
 	RESERVED
 CVE-2021-46270 (JFrog Artifactory before 7.31.10, is vulnerable to Broken Access Contr ...)
-	TODO: check
+	NOT-FOR-US: JFrog Artifactory
 CVE-2021-45730
 	RESERVED
 CVE-2021-45721
 	RESERVED
 CVE-2021-45074 (JFrog Artifactory before 7.29.3 and 6.23.38, is vulnerable to Broken A ...)
-	TODO: check
+	NOT-FOR-US: JFrog Artifactory
 CVE-2021-41834
 	RESERVED
 CVE-2021-23163
 	RESERVED
 CVE-2022-25146 (The Remote App module in Liferay Portal through v7.4.3.8 and Liferay D ...)
-	TODO: check
+	NOT-FOR-US: Liferay
 CVE-2022-25145
 	RESERVED
 CVE-2022-25144
@@ -3348,7 +3348,7 @@ CVE-2022-25140
 CVE-2022-25139 (njs through 0.7.0, used in NGINX, was discovered to contain a heap use ...)
 	NOT-FOR-US: njs
 CVE-2022-25138 (Axelor Open Suite v5.0 was discovered to contain a stored cross-site s ...)
-	TODO: check
+	NOT-FOR-US: Axelor Open Suite
 CVE-2022-25137 (A command injection vulnerability in the function recvSlaveUpgstatus o ...)
 	NOT-FOR-US: TOTOLINK
 CVE-2022-25136 (A command injection vulnerability in the function meshSlaveUpdate of T ...)
@@ -3374,7 +3374,7 @@ CVE-2022-25127
 CVE-2022-25126
 	RESERVED
 CVE-2022-25125 (MCMS v5.2.4 was discovered to contain a SQL injection vulnerability vi ...)
-	TODO: check
+	NOT-FOR-US: MCMS
 CVE-2022-25124
 	RESERVED
 CVE-2022-25123
@@ -3394,9 +3394,9 @@ CVE-2022-25117
 CVE-2022-25116
 	RESERVED
 CVE-2022-25115 (A remote code execution (RCE) vulnerability in the Avatar parameter un ...)
-	TODO: check
+	NOT-FOR-US: Home Owners Collection Management System
 CVE-2022-25114 (Event Management v1.0 was discovered to contain a reflected cross-site ...)
-	TODO: check
+	NOT-FOR-US: Event Management
 CVE-2022-25113
 	RESERVED
 CVE-2022-25112
@@ -3446,7 +3446,7 @@ CVE-2022-25091
 CVE-2022-25090
 	RESERVED
 CVE-2022-25089 (Printix Secure Cloud Print Management 1.3.1035.0 incorrectly uses Priv ...)
-	TODO: check
+	NOT-FOR-US: Printix Secure Cloud Print Management
 CVE-2022-25088
 	RESERVED
 CVE-2022-25087
@@ -3540,7 +3540,7 @@ CVE-2022-25047
 CVE-2022-25046
 	RESERVED
 CVE-2022-25045 (Home Owners Collection Management System v1.0 was discovered to contai ...)
-	TODO: check
+	NOT-FOR-US: Home Owners Collection Management System
 CVE-2022-25044
 	RESERVED
 CVE-2022-25043
@@ -3568,7 +3568,7 @@ CVE-2022-25033
 CVE-2022-25032
 	RESERVED
 CVE-2022-25031 (Remote Desktop Commander Suite Agent before v4.8 contains an unquoted  ...)
-	TODO: check
+	NOT-FOR-US: Remote Desktop Commander Suite Agent
 CVE-2022-25030
 	RESERVED
 CVE-2022-25029 (Home Owners Collection Management System v1.0 was discovered to contai ...)
@@ -4289,7 +4289,7 @@ CVE-2022-24724
 CVE-2022-24723
 	RESERVED
 CVE-2022-24722 (VIewComponent is a framework for building view components in Ruby on R ...)
-	TODO: check
+	NOT-FOR-US: VIewComponent
 CVE-2022-24721
 	RESERVED
 CVE-2022-24720 (image_processing is an image processing wrapper for libvips and ImageM ...)
@@ -4788,7 +4788,7 @@ CVE-2022-24575
 CVE-2022-24574
 	RESERVED
 CVE-2022-24573 (A stored cross-site scripting (XSS) vulnerability in the admin interfa ...)
-	TODO: check
+	NOT-FOR-US: Element-IT
 CVE-2022-24572 (Car Driving School Management System v1.0 is affected by Cross Site Sc ...)
 	NOT-FOR-US: Car Driving School Management System
 CVE-2022-24571 (Car Driving School Management System v1.0 is affected by SQL injection ...)
@@ -4808,7 +4808,7 @@ CVE-2022-24565 (Checkmk <=2.0.0p19 Fixed in 2.0.0p20 and Checkmk <=1.6.0p2
 CVE-2022-24564 (Checkmk <=2.0.0p19 contains a Cross Site Scripting (XSS) vulnerabil ...)
 	- check-mk <removed>
 CVE-2022-24563 (In Genixcms v1.1.11, a stored Cross-Site Scripting (XSS) vulnerability ...)
-	TODO: check
+	NOT-FOR-US: Genixcms
 CVE-2022-24562
 	RESERVED
 CVE-2022-24561
@@ -6869,17 +6869,17 @@ CVE-2022-23959 (In Varnish Cache before 6.6.2 and 7.x before 7.0.2, Varnish Cach
 	NOTE: Fixed by: https://github.com/varnishcache/varnish-cache/commit/9ed39d1f796369caafb647fe37b729c07f332327 (6.6.2)
 	NOTE: Test case: https://github.com/varnishcache/varnish-cache/commit/ec531e16b9cd139bbf8971c5b306561c669681f4 (6.6.2)
 CVE-2022-23958 (Potential vulnerabilities have been identified in the BIOS for some HP ...)
-	TODO: check
+	NOT-FOR-US: HP
 CVE-2022-23957 (Potential vulnerabilities have been identified in the BIOS for some HP ...)
-	TODO: check
+	NOT-FOR-US: HP
 CVE-2022-23956 (Potential vulnerabilities have been identified in the BIOS for some HP ...)
-	TODO: check
+	NOT-FOR-US: HP
 CVE-2022-23955 (Potential vulnerabilities have been identified in the BIOS for some HP ...)
-	TODO: check
+	NOT-FOR-US: HP
 CVE-2022-23954 (Potential vulnerabilities have been identified in the BIOS for some HP ...)
-	TODO: check
+	NOT-FOR-US: HP
 CVE-2022-23953 (Potential vulnerabilities have been identified in the BIOS for some HP ...)
-	TODO: check
+	NOT-FOR-US: HP
 CVE-2022-23952
 	RESERVED
 CVE-2022-23951
@@ -7077,9 +7077,9 @@ CVE-2022-23901
 CVE-2022-23900
 	RESERVED
 CVE-2022-23899 (MCMS v5.2.5 was discovered to contain a SQL injection vulnerability vi ...)
-	TODO: check
+	NOT-FOR-US: MCMS
 CVE-2022-23898 (MCMS v5.2.5 was discovered to contain a SQL injection vulnerability vi ...)
-	TODO: check
+	NOT-FOR-US: MCMS
 CVE-2022-23897
 	RESERVED
 CVE-2022-23896
@@ -7555,7 +7555,7 @@ CVE-2022-24301 (In Minetest before 5.4.0, players can add or subtract items from
 CVE-2022-23850 (xhtml_translate_entity in xhtml.c in epub2txt (aka epub2txt2) through  ...)
 	- epub2txt2 <itp> (bug #1004115)
 CVE-2022-23849 (The biometric lock in Devolutions Password Hub for iOS before 2021.3.4 ...)
-	TODO: check
+	NOT-FOR-US: Devolutions Password Hub for iOS
 CVE-2022-0339 (Server-Side Request Forgery (SSRF) in Pypi calibreweb prior to 0.6.16. ...)
 	NOT-FOR-US: calibre-web
 CVE-2022-0338 (Improper Privilege Management in Conda loguru prior to 0.5.3. ...)
@@ -10398,7 +10398,7 @@ CVE-2022-22946
 CVE-2022-22945 (VMware NSX Edge contains a CLI shell injection vulnerability. A malici ...)
 	NOT-FOR-US: VMware
 CVE-2022-22944 (VMware Workspace ONE Boxer contains a stored cross-site scripting (XSS ...)
-	TODO: check
+	NOT-FOR-US: VMware
 CVE-2022-22943
 	RESERVED
 CVE-2022-22942 [drm/vmwgfx: Fix stale file descriptors on failed usercopy]
@@ -11563,7 +11563,7 @@ CVE-2022-22702 (PartKeepr versions up to v1.4.0, in the functionality to upload
 CVE-2022-22701 (PartKeepr versions up to v1.4.0, loads attachments using a URL while c ...)
 	NOT-FOR-US: PartKeepr
 CVE-2022-22700 (CyberArk Identity versions up to and including 22.1 in the 'StartAuthe ...)
-	TODO: check
+	NOT-FOR-US: CyberArk Identity
 CVE-2022-22699
 	RESERVED
 CVE-2022-22698
@@ -13769,7 +13769,7 @@ CVE-2021-45821
 CVE-2021-45820
 	RESERVED
 CVE-2021-45819 (Wordline HIDCCEMonitorSVC before v5.2.4.3 contains an unquoted service ...)
-	TODO: check
+	NOT-FOR-US: Wordline HIDCCEMonitorSVC
 CVE-2021-45818 (SAFARI Montage 8.7.32 is affected by a CRLF injection vulnerability wh ...)
 	NOT-FOR-US: SAFARI Montage
 CVE-2021-45817
@@ -18792,7 +18792,7 @@ CVE-2021-44345
 CVE-2021-44344
 	RESERVED
 CVE-2021-44343 (David Brackeen ok-file-formats 203defd is vulnerable to Buffer Overflo ...)
-	TODO: check
+	NOT-FOR-US: ok-file-formats
 CVE-2021-44342 (David Brackeen ok-file-formats 203defd is vulnerable to Buffer Overflo ...)
 	NOT-FOR-US: ok-file-formats
 CVE-2021-44341
@@ -18808,7 +18808,7 @@ CVE-2021-44337
 CVE-2021-44336
 	RESERVED
 CVE-2021-44335 (David Brackeen ok-file-formats 203defd is vulnerable to Buffer Overflo ...)
-	TODO: check
+	NOT-FOR-US: ok-file-formats
 CVE-2021-44334 (David Brackeen ok-file-formats 97f78ca is vulnerable to Buffer Overflo ...)
 	NOT-FOR-US: ok-file-formats
 CVE-2021-44333
@@ -20768,7 +20768,7 @@ CVE-2021-3966
 CVE-2021-3965 (Certain HP DesignJet products may be vulnerable to unauthenticated HTT ...)
 	NOT-FOR-US: HP
 CVE-2021-43774 (A risky-algorithm issue was discovered on Fujifilm DocuCentre-VI C4471 ...)
-	TODO: check
+	NOT-FOR-US: Fujifilm
 CVE-2021-43773
 	RESERVED
 CVE-2021-43772 (Trend Micro Security 2021 v17.0 (Consumer) contains a vulnerability th ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cf350b9698a0b9b61be9f14079480f639b1f7f9b

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cf350b9698a0b9b61be9f14079480f639b1f7f9b
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220303/6fe27234/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list