[Git][security-tracker-team/security-tracker][master] Process NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Mar 8 08:41:25 GMT 2022 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
e6e106a5 by Salvatore Bonaccorso at 2022-03-08T09:40:54+01:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -907,7 +907,7 @@ CVE-2022-26313
 CVE-2022-26312
 	RESERVED
 CVE-2022-26311 (Couchbase Operator 2.2.x before 2.2.3 exposes Sensitive Information to ...)
-	TODO: check
+	NOT-FOR-US: Couchbase Operator
 CVE-2022-26310
 	RESERVED
 CVE-2022-26309
@@ -5382,7 +5382,7 @@ CVE-2022-24646 (Hospital Management System v4.0 was discovered to contain a SQL
 CVE-2022-24645
 	RESERVED
 CVE-2022-24644 (ZZ Inc. KeyMouse Windows 3.08 and prior is affected by a remote code e ...)
-	TODO: check
+	NOT-FOR-US: KeyMouse
 CVE-2022-24643
 	RESERVED
 CVE-2022-24642
@@ -6718,7 +6718,7 @@ CVE-2022-24195
 CVE-2022-24194
 	RESERVED
 CVE-2022-24193 (CasaOS before v0.2.7 was discovered to contain a command injection vul ...)
-	TODO: check
+	NOT-FOR-US: CasaOS
 CVE-2022-24192
 	RESERVED
 CVE-2022-24191
@@ -6750,7 +6750,7 @@ CVE-2022-24179
 CVE-2022-24178
 	RESERVED
 CVE-2022-24177 (A cross-site scripting (XSS) vulnerability in the component cgi-bin/ej ...)
-	TODO: check
+	NOT-FOR-US: Ex libris ALEPH 500
 CVE-2022-24176
 	RESERVED
 CVE-2022-24175
@@ -6844,7 +6844,7 @@ CVE-2022-24132
 CVE-2022-24131
 	RESERVED
 CVE-2022-21170 (Improper check for certificate revocation in i-FILTER Ver.10.45R01 and ...)
-	TODO: check
+	NOT-FOR-US: i-FILTER
 CVE-2022-0419 (NULL Pointer Dereference in GitHub repository radareorg/radare2 prior  ...)
 	- radare2 <unfixed>
 	NOTE: https://huntr.dev/bounties/1f84e79d-70e7-4b29-8b48-a108f81c89aa
@@ -7740,7 +7740,7 @@ CVE-2021-4213
 CVE-2022-23941
 	RESERVED
 CVE-2022-23940 (SuiteCRM through 7.12.1 and 8.x through 8.0.1 allows Remote Code Execu ...)
-	TODO: check
+	NOT-FOR-US: SuiteCRM
 CVE-2022-23939
 	RESERVED
 CVE-2022-23938
@@ -9602,7 +9602,7 @@ CVE-2022-23385
 CVE-2022-23384 (YzmCMS v6.3 is affected by Cross Site Request Forgery (CSRF) in /admin ...)
 	NOT-FOR-US: YzmCMS
 CVE-2022-23383 (YzmCMS v6.3 is affected by broken access control. Without login, unaut ...)
-	TODO: check
+	NOT-FOR-US: YzmCMS
 CVE-2022-23382
 	RESERVED
 CVE-2022-23381
@@ -11742,9 +11742,9 @@ CVE-2022-22837
 CVE-2022-22836 (CoreFTP Server before 727 allows directory traversal (for file creatio ...)
 	NOT-FOR-US: CoreFTP
 CVE-2022-22835 (An issue was discovered in OverIT Geocall before version 8.0. An authe ...)
-	TODO: check
+	NOT-FOR-US: OverIT Geocall
 CVE-2022-22834 (An issue was discovered in OverIT Geocall before 8.0. An authenticated ...)
-	TODO: check
+	NOT-FOR-US: OverIT Geocall
 CVE-2022-22833 (An issue was discovered in Servisnet Tessa 0.0.2. An attacker can obta ...)
 	NOT-FOR-US: Servisnet Tessa
 CVE-2022-22832 (An issue was discovered in Servisnet Tessa 0.0.2. Authorization data i ...)
@@ -12914,9 +12914,9 @@ CVE-2021-44452
 CVE-2021-43352
 	RESERVED
 CVE-2021-4199 (Incorrect Permission Assignment for Critical Resource vulnerability in ...)
-	TODO: check
+	NOT-FOR-US: Bitdefender
 CVE-2021-4198 (A NULL Pointer Dereference vulnerability in the messaging_ipc.dll comp ...)
-	TODO: check
+	NOT-FOR-US: Bitdefender
 CVE-2021-31564
 	RESERVED
 CVE-2021-23229
@@ -19139,7 +19139,7 @@ CVE-2021-44521 (When running Apache Cassandra with the following configuration:
 CVE-2021-4046 (The m_txtNom y m_txtCognoms parameters in TCMAN GIM v8.01 allow an att ...)
 	NOT-FOR-US: TCMAN GIM
 CVE-2021-4045 (TP-Link Tapo C200 IP camera, on its 1.1.15 firmware version and below, ...)
-	TODO: check
+	NOT-FOR-US: TP-Link
 CVE-2021-4044 (Internally libssl in OpenSSL calls X509_verify_cert() on the client si ...)
 	[experimental] - openssl 3.0.1-1
 	- openssl <not-affected> (Vulnerable code not present)
@@ -21148,7 +21148,7 @@ CVE-2021-43946 (Affected versions of Atlassian Jira Server and Data Center allow
 CVE-2021-43945 (Affected versions of Atlassian Jira Server and Data Center allow remot ...)
 	NOT-FOR-US: Atlassian
 CVE-2021-43944 (This issue exists to document that a security improvement in the way t ...)
-	TODO: check
+	NOT-FOR-US: Atlassian
 CVE-2021-43943 (Affected versions of Atlassian Jira Service Management Server and Data ...)
 	NOT-FOR-US: Atlassian
 CVE-2021-43942 (Affected versions of Atlassian Jira Server and Data Center allow remot ...)
@@ -28596,7 +28596,7 @@ CVE-2021-42188
 CVE-2021-42187
 	RESERVED
 CVE-2021-42186 (SAS Logon Manager v9.4 was discovered to contain a vulnerability in th ...)
-	TODO: check
+	NOT-FOR-US: SAS Logon Manager
 CVE-2021-42185
 	RESERVED
 CVE-2021-42184
@@ -29934,7 +29934,7 @@ CVE-2021-41659 (SQL injection vulnerability in Sourcecodester Banking System v1
 CVE-2021-41658 (Cross Site Scripting (XSS) in Sourcecodester Student Quarterly Grading ...)
 	NOT-FOR-US: Sourcecodester
 CVE-2021-41657 (SmartBear CodeCollaborator v6.1.6102 was discovered to contain a vulne ...)
-	TODO: check
+	NOT-FOR-US: SmartBear CodeCollaborator
 CVE-2021-41656
 	RESERVED
 CVE-2021-41655
@@ -33911,41 +33911,41 @@ CVE-2021-40066 (The access controls on the Mobility read-only API improperly val
 CVE-2021-40065
 	RESERVED
 CVE-2021-40064 (There is a heap-based buffer overflow vulnerability in system componen ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2021-40063 (There is an improper access control vulnerability in the video module. ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2021-40062 (There is a vulnerability of copying input buffer without checking its  ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2021-40061 (There is a vulnerability of accessing resources using an incompatible  ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2021-40060 (There is a heap-based buffer overflow vulnerability in the video frame ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2021-40059 (There is a permission control vulnerability in the Wi-Fi module. Succe ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2021-40058 (There is a heap-based buffer overflow vulnerability in the video frame ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2021-40057 (There is a heap-based and stack-based buffer overflow vulnerability in ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2021-40056 (There is a vulnerability of copying input buffer without checking its  ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2021-40055 (There is a man-in-the-middle attack vulnerability during system update ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2021-40054 (There is an integer underflow vulnerability in the atcmdserver module. ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2021-40053 (There is a permission control vulnerability in the Nearby module. Succ ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2021-40052 (There is an incorrect buffer size calculation vulnerability in the vid ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2021-40051 (There is an unauthorized access vulnerability in system components. Su ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2021-40050 (There is an out-of-bounds read vulnerability in the IFAA module. Succe ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2021-40049 (There is a permission control vulnerability in the PMS module. Success ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2021-40048 (There is an incorrect buffer size calculation vulnerability in the vid ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2021-40047 (There is a vulnerability of memory not being released after effective  ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2021-40046 (PCManager versions 11.1.1.95 has a privilege escalation vulnerability. ...)
 	NOT-FOR-US: Huawei
 CVE-2021-40045 (There is a vulnerability of signature verification mechanism failure i ...)
@@ -41945,7 +41945,7 @@ CVE-2021-36811
 CVE-2021-36810
 	REJECTED
 CVE-2021-36809 (A local attacker can overwrite arbitrary files on the system with VPN  ...)
-	TODO: check
+	NOT-FOR-US: Sophos
 CVE-2021-36808 (A local attacker could bypass the app password using a race condition  ...)
 	NOT-FOR-US: Sophos
 CVE-2021-36807 (An authenticated user could potentially execute code via an SQLi vulne ...)
@@ -128092,15 +128092,15 @@ CVE-2020-14117
 CVE-2020-14116
 	RESERVED
 CVE-2020-14115 (A command injection vulnerability exists in the Xiaomi Router AX3600.  ...)
-	TODO: check
+	NOT-FOR-US: Xiaomi
 CVE-2020-14114
 	RESERVED
 CVE-2020-14113
 	RESERVED
 CVE-2020-14112 (Information Leak Vulnerability exists in the Xiaomi Router AX6000. The ...)
-	TODO: check
+	NOT-FOR-US: Xiaomi
 CVE-2020-14111 (A command injection vulnerability exists in the Xiaomi Router AX3600.  ...)
-	TODO: check
+	NOT-FOR-US: Xiaomi
 CVE-2020-14110 (AX3600 router sensitive information leaked.There is an unauthorized in ...)
 	NOT-FOR-US: AX3600 router
 CVE-2020-14109 (There is command injection in the meshd program in the routing system, ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e6e106a5df557102f426834690c05b7a07ccfcd2

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e6e106a5df557102f426834690c05b7a07ccfcd2
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220308/f5e7cc08/attachment.htm>

More information about the debian-security-tracker-commits mailing list