[Git][security-tracker-team/security-tracker][master] Process two NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Sat Mar 5 08:56:11 GMT 2022 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
6f893989 by Salvatore Bonaccorso at 2022-03-05T09:55:44+01:00
Process two NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -3,9 +3,9 @@ CVE-2022-26486
 CVE-2022-26485
 	RESERVED
 CVE-2022-26484 (An issue was discovered in Veritas InfoScale Operations Manager (VIOM) ...)
-	TODO: check
+	NOT-FOR-US: Veritas InfoScale Operations Manager (VIOM)
 CVE-2022-26483 (An issue was discovered in Veritas InfoScale Operations Manager (VIOM) ...)
-	TODO: check
+	NOT-FOR-US: Veritas InfoScale Operations Manager (VIOM)
 CVE-2022-26482
 	RESERVED
 CVE-2022-26481
@@ -189,7 +189,7 @@ CVE-2022-0857
 CVE-2022-0856
 	RESERVED
 CVE-2022-0855 (Improper Resolution of Path Equivalence in GitHub repository microwebe ...)
-	TODO: check
+	NOT-FOR-US: microweber (whmcs_plugin)
 CVE-2022-0854
 	RESERVED
 CVE-2022-0853
@@ -469,7 +469,7 @@ CVE-2022-26320
 CVE-2022-26319
 	RESERVED
 CVE-2022-26318 (On WatchGuard Firebox and XTM appliances, an unauthenticated user can  ...)
-	TODO: check
+	NOT-FOR-US: WatchGuard
 CVE-2022-26317
 	RESERVED
 CVE-2022-26316
@@ -2195,7 +2195,7 @@ CVE-2022-25625
 CVE-2022-25624
 	RESERVED
 CVE-2022-25623 (The Symantec Management Agent is susceptible to a privilege escalation ...)
-	TODO: check
+	NOT-FOR-US: Symantec
 CVE-2022-25325
 	RESERVED
 CVE-2022-25234
@@ -2578,7 +2578,7 @@ CVE-2022-25467
 CVE-2022-25466
 	RESERVED
 CVE-2022-25465 (Espruino 2v11 release was discovered to contain a stack buffer overflo ...)
-	TODO: check
+	NOT-FOR-US: Espruino
 CVE-2022-25464
 	RESERVED
 CVE-2022-25463
@@ -3706,7 +3706,7 @@ CVE-2022-25108
 CVE-2022-25107
 	RESERVED
 CVE-2022-25106 (D-Link DIR-859 v1.05 was discovered to contain a stack-based buffer ov ...)
-	TODO: check
+	NOT-FOR-US: D-Link
 CVE-2022-25105
 	RESERVED
 CVE-2022-25104 (HorizontCMS v1.0.0-beta.2 was discovered to contain an arbitrary file  ...)
@@ -3836,7 +3836,7 @@ CVE-2022-25046
 CVE-2022-25045 (Home Owners Collection Management System v1.0 was discovered to contai ...)
 	NOT-FOR-US: Home Owners Collection Management System
 CVE-2022-25044 (Espruino 2v11.251 was discovered to contain a stack buffer overflow vi ...)
-	TODO: check
+	NOT-FOR-US: Espruino
 CVE-2022-25043
 	RESERVED
 CVE-2022-25042
@@ -9361,15 +9361,15 @@ CVE-2021-46386 (https://gitee.com/mingSoft/MCMS MCMS <=5.2.5 is affected by:
 CVE-2021-46385 (https://gitee.com/mingSoft/MCMS MCMS <=5.2.5 is affected by: SQL In ...)
 	NOT-FOR-US: MCMS
 CVE-2021-46384 (https://gitee.com/mingSoft/MCMS MCMS <=5.2.5 is affected by: RCE. T ...)
-	TODO: check
+	NOT-FOR-US: MCMS
 CVE-2021-46383 (https://gitee.com/mingSoft/MCMS MCMS <=5.2.5 is affected by: SQL In ...)
 	NOT-FOR-US: MCMS
 CVE-2021-46382 (Unauthenticated cross-site scripting (XSS) in Netgear WAC120 AC Access ...)
-	TODO: check
+	NOT-FOR-US: Netgear
 CVE-2021-46381 (Local File Inclusion due to path traversal in D-Link DAP-1620 leads to ...)
-	TODO: check
+	NOT-FOR-US: D-Link
 CVE-2021-46380 (Chained Cross Site Request Forgery (CSRF) with Reflected Cross Site Sc ...)
-	TODO: check
+	NOT-FOR-US: WAGO
 CVE-2021-46379 (DLink DIR850 ET850-1.08TRb03 is affected by an incorrect access contro ...)
 	NOT-FOR-US: D-Link
 CVE-2021-46378 (DLink DIR850 ET850-1.08TRb03 is affected by an incorrect access contro ...)
@@ -9423,7 +9423,7 @@ CVE-2021-46355 (OCS Inventory 2.9.1 is affected by Cross Site Scripting (XSS). T
 CVE-2021-46354 (Thinfinity VirtualUI 2.1.28.0, 2.1.32.1 and 2.5.26.2, fixed in version ...)
 	NOT-FOR-US: Thinfinity VirtualUI
 CVE-2021-46353 (An information disclosure in web interface in D-Link DIR-X1860 before  ...)
-	TODO: check
+	NOT-FOR-US: D-Link
 CVE-2021-46352
 	RESERVED
 CVE-2021-46351 (There is an Assertion 'local_tza == ecma_date_local_time_zone_adjustme ...)
@@ -9828,9 +9828,9 @@ CVE-2022-23235
 CVE-2022-23234
 	RESERVED
 CVE-2022-23233 (StorageGRID (formerly StorageGRID Webscale) versions prior to 11.6.0 a ...)
-	TODO: check
+	NOT-FOR-US: StorageGRID Webscale
 CVE-2022-23232 (StorageGRID (formerly StorageGRID Webscale) versions prior to 11.6.0 a ...)
-	TODO: check
+	NOT-FOR-US: StorageGRID Webscale
 CVE-2022-23231
 	RESERVED
 CVE-2022-23230
@@ -17599,7 +17599,7 @@ CVE-2022-21830
 CVE-2022-21829
 	RESERVED
 CVE-2022-21828 (A user with high privilege access to the Incapptic Connect web console ...)
-	TODO: check
+	NOT-FOR-US: Ivanti
 CVE-2022-21827
 	RESERVED
 CVE-2022-21826
@@ -17617,7 +17617,7 @@ CVE-2021-44829 (Cross Site Scripting (XSS) vulnerability exists in index.html in
 CVE-2021-44828 (Arm Mali GPU Kernel Driver (Midgard r26p0 through r30p0, Bifrost r0p0  ...)
 	NOT-FOR-US: ARM
 CVE-2021-44827 (There is remote authenticated OS command injection on TP-Link Archer C ...)
-	TODO: check
+	NOT-FOR-US: TP-Link
 CVE-2021-44826
 	RESERVED
 CVE-2021-44825
@@ -31463,7 +31463,7 @@ CVE-2021-40848 (In Mahara before 20.04.5, 20.10.3, 21.04.2, and 21.10.0, exporte
 CVE-2021-40847 (The update process of the Circle Parental Control Service on various N ...)
 	NOT-FOR-US: Netgear
 CVE-2021-40846 (An issue was discovered in Rhinode Trading Paints through 2.0.36. TP U ...)
-	TODO: check
+	NOT-FOR-US: Rhinode Trading Paints
 CVE-2021-40845 (The web part of Zenitel AlphaCom XE Audio Server through 11.2.3.10, ca ...)
 	NOT-FOR-US: Zenitel
 CVE-2021-40844
@@ -53283,7 +53283,7 @@ CVE-2021-32010
 CVE-2021-32009
 	RESERVED
 CVE-2021-32008 (This issue affects: Secomea GateManager Version 9.6.621421014 and all  ...)
-	TODO: check
+	NOT-FOR-US: Secomea GateManager
 CVE-2021-32007
 	RESERVED
 CVE-2021-32006
@@ -64451,9 +64451,9 @@ CVE-2021-27759
 CVE-2021-27758
 	RESERVED
 CVE-2021-27757 (" Insecure password storage issue.The application stores sensitive inf ...)
-	TODO: check
+	NOT-FOR-US: HCL
 CVE-2021-27756 ("TLS-RSA cipher suites are not disabled in BigFix Compliance up to v2. ...)
-	TODO: check
+	NOT-FOR-US: HCL
 CVE-2021-27755 ("Sametime Android potential path traversal vulnerability when using Fi ...)
 	NOT-FOR-US: HCL
 CVE-2021-27754
@@ -117251,7 +117251,7 @@ CVE-2020-18329
 CVE-2020-18328
 	RESERVED
 CVE-2020-18327 (Cross Site Scripting (XSS) vulnerability exists in Alfresco Alfresco C ...)
-	TODO: check
+	NOT-FOR-US: Alfresco
 CVE-2020-18326 (Cross Site Request Forgery (CSRF) vulnerability exists in Intelliants  ...)
 	NOT-FOR-US: Subrion CMS
 CVE-2020-18325 (Multilple Cross Site Scripting (XSS) vulnerability exists in Intellian ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6f89398967f6c49933ca600545952ae4112d8281

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6f89398967f6c49933ca600545952ae4112d8281
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220305/3babbdbc/attachment.htm>

More information about the debian-security-tracker-commits mailing list