[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Mar 8 08:26:09 GMT 2022 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
9189c0c1 by Salvatore Bonaccorso at 2022-03-08T09:25:43+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -394,7 +394,7 @@ CVE-2021-46704 (In GenieACS 1.2.x before 1.2.8, the UI interface API is vulnerab
 CVE-2021-46703 (** UNSUPPORTED WHEN ASSIGNED ** In the IsolatedRazorEngine component o ...)
 	NOT-FOR-US: Antaris RazorEngine
 CVE-2020-36517 (An information leak in Nabu Casa Home Assistant Operating System and H ...)
-	TODO: check
+	NOT-FOR-US: Nabu
 CVE-2022-0868 (Open Redirect in GitHub repository medialize/uri.js prior to 1.19.10. ...)
 	NOT-FOR-US: Node urijs
 CVE-2022-26490 (st21nfca_connectivity_event_received in drivers/nfc/st21nfca/se.c in t ...)
@@ -803,7 +803,7 @@ CVE-2022-26334
 CVE-2022-26304
 	RESERVED
 CVE-2022-26131 (Power Line Communications PLC4TRUCKS J2497 trailer receivers are susce ...)
-	TODO: check
+	NOT-FOR-US: Power Line Communications PLC4TRUCKS J2497 trailer receivers
 CVE-2022-26124
 	RESERVED
 CVE-2022-26086
@@ -831,7 +831,7 @@ CVE-2022-25992
 CVE-2022-25966
 	RESERVED
 CVE-2022-25922 (Power Line Communications PLC4TRUCKS J2497 trailer brake controllers i ...)
-	TODO: check
+	NOT-FOR-US: Power Line Communications PLC4TRUCKS J2497 trailer brake controllers
 CVE-2022-25917
 	RESERVED
 CVE-2022-25909
@@ -2083,11 +2083,11 @@ CVE-2022-0758
 CVE-2022-0757
 	RESERVED
 CVE-2022-0756 (Improper Authorization in GitHub repository salesagility/suitecrm prio ...)
-	TODO: check
+	NOT-FOR-US: suitecrm
 CVE-2022-0755 (Improper Access Control in GitHub repository salesagility/suitecrm pri ...)
-	TODO: check
+	NOT-FOR-US: suitecrm
 CVE-2022-0754 (SQL Injection in GitHub repository salesagility/suitecrm prior to 7.12 ...)
-	TODO: check
+	NOT-FOR-US: suitecrm
 CVE-2022-0753 (Cross-site Scripting (XSS) - Reflected in GitHub repository hestiacp/h ...)
 	NOT-FOR-US: Hestia Control Panel
 CVE-2022-0752 (Cross-site Scripting (XSS) - Generic in GitHub repository hestiacp/hes ...)
@@ -2620,15 +2620,15 @@ CVE-2022-25624
 CVE-2022-25623 (The Symantec Management Agent is susceptible to a privilege escalation ...)
 	NOT-FOR-US: Symantec
 CVE-2022-25325 (Use after free vulnerability in CX-Programmer v9.76.1 and earlier whic ...)
-	TODO: check
+	NOT-FOR-US: CX-Programmer
 CVE-2022-25234 (Out-of-bounds write vulnerability in CX-Programmer v9.76.1 and earlier ...)
-	TODO: check
+	NOT-FOR-US: CX-Programmer
 CVE-2022-25230 (Use after free vulnerability in CX-Programmer v9.76.1 and earlier whic ...)
-	TODO: check
+	NOT-FOR-US: CX-Programmer
 CVE-2022-21219 (Out-of-bounds read vulnerability in CX-Programmer v9.76.1 and earlier  ...)
-	TODO: check
+	NOT-FOR-US: CX-Programmer
 CVE-2022-21124 (Out-of-bounds write vulnerability in CX-Programmer v9.76.1 and earlier ...)
-	TODO: check
+	NOT-FOR-US: CX-Programmer
 CVE-2022-0717 (Out-of-bounds Read in GitHub repository mruby/mruby prior to 3.2. ...)
 	- mruby <not-affected> (Vulnerable code introduced later)
 	NOTE: https://huntr.dev/bounties/27a851a5-7ebf-409b-854f-b2614771e8f9
@@ -3494,7 +3494,7 @@ CVE-2022-25296
 CVE-2022-25295
 	RESERVED
 CVE-2022-25294 (Proofpoint Insider Threat Management Agent for Windows relies on an in ...)
-	TODO: check
+	NOT-FOR-US: Proofpoint Insider Threat Management Agent for Windows
 CVE-2022-25293 (A systemd stack-based buffer overflow in WatchGuard Firebox and XTM ap ...)
 	NOT-FOR-US: WatchGuard
 CVE-2022-25292 (A wgagent stack-based buffer overflow in WatchGuard Firebox and XTM ap ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9189c0c18f6e971beb93b9aa2856413b675be503

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9189c0c18f6e971beb93b9aa2856413b675be503
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220308/3e1d5589/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list