[Git][security-tracker-team/security-tracker][master] Process NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Mar 8 20:27:05 GMT 2022 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
b4cbd4a9 by Salvatore Bonaccorso at 2022-03-08T21:26:33+01:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -4836,15 +4836,15 @@ CVE-2022-24934
 CVE-2022-24933
 	RESERVED
 CVE-2022-24932 (Improper Protection of Alternate Path vulnerability in Setup wizard pr ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2022-24931 (Improper access control vulnerability in dynamic receiver in ApkInstal ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2022-24930 (An Improper access control vulnerability in StRetailModeReceiver in We ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2022-24929 (Unprotected Activity in AppLock prior to SMR Mar-2022 Release 1 allows ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2022-24928 (Security misconfiguration of RKP in kernel prior to SMR Mar-2022 Relea ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2022-24927 (Improper privilege management vulnerability in Samsung Video Player pr ...)
 	NOT-FOR-US: Samsung
 CVE-2022-24926 (Improper input validation vulnerability in SmartTagPlugin prior to ver ...)
@@ -5580,7 +5580,7 @@ CVE-2022-24663 (PHP Everywhere <= 2.0.3 included functionality that allowed e
 CVE-2022-24662
 	RESERVED
 CVE-2022-24661 (A vulnerability has been identified in Simcenter STAR-CCM+ Viewer (All ...)
-	TODO: check
+	NOT-FOR-US: Siemens
 CVE-2022-24660
 	RESERVED
 CVE-2022-24659
@@ -6132,7 +6132,7 @@ CVE-2013-20004 (StarWind iSCSI SAN before 6.0 build 2013-03-20 allows a memory l
 CVE-2007-20001 (StarWind iSCSI SAN before 3.5 build 2007-08-09 allows socket exhaustio ...)
 	NOT-FOR-US: StarWind
 CVE-2022-24408 (A vulnerability has been identified in SINUMERIK MC (All versions < ...)
-	TODO: check
+	NOT-FOR-US: Siemens
 CVE-2022-0501 (Cross-site Scripting (XSS) - Reflected in Packagist ptrofimov/beanstal ...)
 	NOT-FOR-US: beanstalk_console
 CVE-2022-0500
@@ -6228,7 +6228,7 @@ CVE-2022-24398 (Under certain conditions SAP Business Objects Business Intellige
 CVE-2022-24397
 	RESERVED
 CVE-2022-24396 (The Simple Diagnostics Agent - versions 1.0 up to version 1.57, does n ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2022-24395 (SAP NetWeaver Enterprise Portal - versions 7.10, 7.11, 7.20, 7.30, 7.3 ...)
 	NOT-FOR-US: SAP
 CVE-2022-24394
@@ -6433,7 +6433,7 @@ CVE-2022-24311 (A CWE-22: Improper Limitation of a Pathname to a Restricted Dire
 CVE-2022-24310 (A CWE-190: Integer Overflow or Wraparound vulnerability exists that co ...)
 	NOT-FOR-US: Schneider Electric
 CVE-2022-24309 (A vulnerability has been identified in Mendix Applications using Mendi ...)
-	TODO: check
+	NOT-FOR-US: Siemens
 CVE-2022-0480
 	RESERVED
 	- linux 5.15.3-1
@@ -6733,9 +6733,9 @@ CVE-2021-4218
 	NOTE: Issue is specific to CentOS/RHEL. In mainline, xprtrdma always used copy_to_user()
 	NOTE: until the general conversion of sysctls to use a kernel buffer.
 CVE-2022-24282 (A vulnerability has been identified in SINEC NMS (All versions). The a ...)
-	TODO: check
+	NOT-FOR-US: Siemens
 CVE-2022-24281 (A vulnerability has been identified in SINEC NMS (All versions). A pri ...)
-	TODO: check
+	NOT-FOR-US: Siemens
 CVE-2022-24280
 	RESERVED
 CVE-2022-24277
@@ -19496,7 +19496,7 @@ CVE-2021-44480 (Wokka Lokka Q50 devices through 2021-11-30 allow remote attacker
 CVE-2021-44479 (NXP Kinetis K82 devices have a buffer over-read via a crafted wlength  ...)
 	NOT-FOR-US: NXP Kinetis K82 devices
 CVE-2021-44478 (A vulnerability has been identified in Polarion Subversion Webclient ( ...)
-	TODO: check
+	NOT-FOR-US: Siemens
 CVE-2021-4038 (Cross Site Scripting (XSS) vulnerability in McAfee Network Security Ma ...)
 	NOT-FOR-US: McAfee
 CVE-2022-21240
@@ -20988,9 +20988,9 @@ CVE-2021-43972 (An unrestricted file copy vulnerability in /UserSelfServiceSetti
 CVE-2021-43971 (A SQL injection vulnerability in /mobile/SelectUsers.jsp in SysAid ITI ...)
 	NOT-FOR-US: SysAid ITIL
 CVE-2021-43970 (An arbitrary file upload vulnerability exists in albumimages.jsp in Qu ...)
-	TODO: check
+	NOT-FOR-US: Digium
 CVE-2021-43969 (The login.jsp page of Quicklert for Digium 10.0.0 (1043) is affected b ...)
-	TODO: check
+	NOT-FOR-US: Digium
 CVE-2021-43968
 	RESERVED
 CVE-2021-43967
@@ -29268,15 +29268,15 @@ CVE-2021-42022 (A vulnerability has been identified in SIMATIC eaSie PCS 7 Skill
 CVE-2021-42021 (A vulnerability has been identified in Siveillance Video DLNA Server ( ...)
 	NOT-FOR-US: Siemens
 CVE-2021-42020 (A vulnerability has been identified in RUGGEDCOM ROS M2100 (All versio ...)
-	TODO: check
+	NOT-FOR-US: Siemens
 CVE-2021-42019 (A vulnerability has been identified in RUGGEDCOM ROS M2100 (All versio ...)
-	TODO: check
+	NOT-FOR-US: Siemens
 CVE-2021-42018 (A vulnerability has been identified in RUGGEDCOM ROS M2100 (All versio ...)
-	TODO: check
+	NOT-FOR-US: Siemens
 CVE-2021-42017 (A vulnerability has been identified in RUGGEDCOM ROS M2100 (All versio ...)
-	TODO: check
+	NOT-FOR-US: Siemens
 CVE-2021-42016 (A vulnerability has been identified in RUGGEDCOM ROS M2100 (All versio ...)
-	TODO: check
+	NOT-FOR-US: Siemens
 CVE-2021-42015 (A vulnerability has been identified in Mendix Applications using Mendi ...)
 	NOT-FOR-US: Siemens
 CVE-2021-42014
@@ -30450,11 +30450,11 @@ CVE-2021-41545
 CVE-2021-41544
 	RESERVED
 CVE-2021-41543 (A vulnerability has been identified in Climatix POL909 (AWB module) (A ...)
-	TODO: check
+	NOT-FOR-US: Siemens
 CVE-2021-41542 (A vulnerability has been identified in Climatix POL909 (AWB module) (A ...)
-	TODO: check
+	NOT-FOR-US: Siemens
 CVE-2021-41541 (A vulnerability has been identified in Climatix POL909 (AWB module) (A ...)
-	TODO: check
+	NOT-FOR-US: Siemens
 CVE-2021-41540 (A vulnerability has been identified in Solid Edge SE2021 (All versions ...)
 	NOT-FOR-US: Siemens
 CVE-2021-41539 (A vulnerability has been identified in Solid Edge SE2021 (All versions ...)
@@ -41311,9 +41311,9 @@ CVE-2021-37211 (The bulletin function of Flygo does not filter special character
 CVE-2021-37210
 	RESERVED
 CVE-2021-37209 (A vulnerability has been identified in RUGGEDCOM ROS M2100 (All versio ...)
-	TODO: check
+	NOT-FOR-US: Siemens
 CVE-2021-37208 (A vulnerability has been identified in RUGGEDCOM ROS M2100 (All versio ...)
-	TODO: check
+	NOT-FOR-US: Siemens
 CVE-2021-37207 (A vulnerability has been identified in SENTRON powermanager V3 (All ve ...)
 	NOT-FOR-US: Siemens
 CVE-2021-37206 (A vulnerability has been identified in SIPROTEC 5 relays with CPU vari ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b4cbd4a9a7988fa469b5811232e821a9c68c7374

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b4cbd4a9a7988fa469b5811232e821a9c68c7374
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220308/ab27357b/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list