[Git][security-tracker-team/security-tracker][master] Process NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Sat Mar 19 09:10:37 GMT 2022 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
769461cc by Salvatore Bonaccorso at 2022-03-19T10:10:08+01:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -112,7 +112,7 @@ CVE-2022-27228
 CVE-2022-27227
 	RESERVED
 CVE-2022-27226 (A CSRF issue in /api/crontab on iRZ Mobile Routers through 2022-03-16  ...)
-	TODO: check
+	NOT-FOR-US: iRZ Mobile Routers
 CVE-2022-0999
 	RESERVED
 CVE-2022-0998
@@ -2688,7 +2688,7 @@ CVE-2022-26267 (Piwigo v12.2.0 was discovered to contain an information leak via
 CVE-2022-26266 (Piwigo v12.2.0 was discovered to contain a SQL injection vulnerability ...)
 	TODO: check
 CVE-2022-26265 (Contao Managed Edition v1.5.0 was discovered to contain a remote comma ...)
-	TODO: check
+	NOT-FOR-US: Contao Managed Edition
 CVE-2022-26264
 	RESERVED
 CVE-2022-26263
@@ -4492,13 +4492,13 @@ CVE-2022-25583
 CVE-2022-25582
 	RESERVED
 CVE-2022-25581 (Classcms v2.5 and below contains an arbitrary file upload via the comp ...)
-	TODO: check
+	NOT-FOR-US: Classcms
 CVE-2022-25580
 	RESERVED
 CVE-2022-25579
 	RESERVED
 CVE-2022-25578 (taocms v3.0.2 allows attackers to execute code injection via arbitrari ...)
-	TODO: check
+	NOT-FOR-US: taocms
 CVE-2022-25577
 	RESERVED
 CVE-2022-25576
@@ -4886,9 +4886,9 @@ CVE-2022-25392
 CVE-2022-25391
 	RESERVED
 CVE-2022-25390 (DCN Firewall DCME-520 was discovered to contain a remote command execu ...)
-	TODO: check
+	NOT-FOR-US: DCN Firewall
 CVE-2022-25389 (DCN Firewall DCME-520 was discovered to contain an arbitrary file down ...)
-	TODO: check
+	NOT-FOR-US: DCN Firewall
 CVE-2022-25388
 	RESERVED
 CVE-2022-25387
@@ -16413,9 +16413,9 @@ CVE-2021-45837
 CVE-2021-45836
 	RESERVED
 CVE-2021-45835 (The Online Admission System 1.0 allows an unauthenticated attacker to  ...)
-	TODO: check
+	NOT-FOR-US: Online Admission System
 CVE-2021-45834 (An attacker can upload or transfer files of dangerous types to the Ope ...)
-	TODO: check
+	NOT-FOR-US: OpenDocMan
 CVE-2021-45833 (A Stack-based Buffer Overflow Vulnerability exists in HDF5 1.13.1-1 vi ...)
 	- hdf5 <undetermined>
 	NOTE: https://github.com/HDFGroup/hdf5/issues/1313
@@ -20083,7 +20083,7 @@ CVE-2021-4097 (phpservermon is vulnerable to Improper Neutralization of CRLF Seq
 CVE-2021-4096
 	RESERVED
 CVE-2022-21822 (NVIDIA FLARE contains a vulnerability in the admin interface, where an ...)
-	TODO: check
+	NOT-FOR-US: NVIDIA
 CVE-2022-21821
 	RESERVED
 CVE-2022-21820
@@ -21732,7 +21732,7 @@ CVE-2021-4032 (A vulnerability was found in the Linux kernel's KVM subsystem in
 	- linux <not-affected> (Vulnerable code introduced in 5.15-rc1; fixed in 5.15-rc7)
 	NOTE: https://git.kernel.org/linus/f7d8a19f9a056a05c5c509fa65af472a322abfee (5.15-rc7)
 CVE-2021-4031 (Syltek application before its 10.22.00 version, does not correctly che ...)
-	TODO: check
+	NOT-FOR-US: Syltek
 CVE-2021-4030 (A cross-site request forgery vulnerability in the HTTP daemon of the Z ...)
 	NOT-FOR-US: Zyxel
 CVE-2021-4029 (A command injection vulnerability in the CGI program of the Zyxel ARMO ...)
@@ -22304,9 +22304,9 @@ CVE-2021-44090 (An SQL Injection vulnerability exists in Sourcecodester Online R
 CVE-2021-44089
 	RESERVED
 CVE-2021-44088 (An SQL Injection vulnerability exists in Sourcecodester Attendance and ...)
-	TODO: check
+	NOT-FOR-US: Sourcecodester
 CVE-2021-44087 (A Remote Code Execution (RCE) vulnerability exists in Sourcecodester A ...)
-	TODO: check
+	NOT-FOR-US: Sourcecodester
 CVE-2021-44086
 	RESERVED
 CVE-2021-44085
@@ -22708,7 +22708,7 @@ CVE-2021-43963 (An issue was discovered in Couchbase Sync Gateway 2.7.0 through
 CVE-2021-43962
 	RESERVED
 CVE-2021-43961 (Sonatype Nexus Repository Manager 3.36.0 allows HTML Injection. ...)
-	TODO: check
+	NOT-FOR-US: Sonatype
 CVE-2021-43960 (** DISPUTED ** Lorensbergs Connect2 3.13.7647.20190 is affected by an  ...)
 	NOT-FOR-US: Lorensbergs Connect2
 CVE-2021-3974 (vim is vulnerable to Use After Free ...)
@@ -76627,7 +76627,7 @@ CVE-2021-23773
 CVE-2021-23772 (This affects all versions of package github.com/kataras/iris; all vers ...)
 	NOT-FOR-US: iris Go web framework
 CVE-2021-23771 (This affects all versions of package notevil; all versions of package  ...)
-	TODO: check
+	NOT-FOR-US: notevil nodejs module
 CVE-2021-23770
 	RESERVED
 CVE-2021-23769
@@ -79426,7 +79426,7 @@ CVE-2021-22573
 CVE-2021-22572
 	RESERVED
 CVE-2021-22571 (A local attacker could read files from some other users' SA360 reports ...)
-	TODO: check
+	NOT-FOR-US: SA360 reports
 CVE-2021-22570 (Nullptr dereference when a null char is present in a proto symbol. The ...)
 	[experimental] - protobuf 3.17.1-1
 	- protobuf <unfixed>
@@ -104890,7 +104890,7 @@ CVE-2020-25199 (A heap-based buffer overflow vulnerability exists within the WEC
 CVE-2020-25198 (The built-in WEB server for MOXA NPort IAW5000A-I/O firmware version 2 ...)
 	NOT-FOR-US: MOXA NPort IAW5000A-I/O firmware
 CVE-2020-25197 (A code injection vulnerability exists in one of the webpages in GE Rea ...)
-	TODO: check
+	NOT-FOR-US: GE Reason
 CVE-2020-25196 (The built-in WEB server for MOXA NPort IAW5000A-I/O firmware version 2 ...)
 	NOT-FOR-US: MOXA NPort IAW5000A-I/O firmware
 CVE-2020-25195 (The length of the input fields of Host Engineering H0-ECOM100, H2-ECOM ...)
@@ -104898,7 +104898,7 @@ CVE-2020-25195 (The length of the input fields of Host Engineering H0-ECOM100, H
 CVE-2020-25194 (The built-in WEB server for MOXA NPort IAW5000A-I/O firmware version 2 ...)
 	NOT-FOR-US: MOXA NPort IAW5000A-I/O firmware
 CVE-2020-25193 (By having access to the hard-coded cryptographic key for GE Reason RT4 ...)
-	TODO: check
+	NOT-FOR-US: GE Reason
 CVE-2020-25192 (The built-in WEB server for MOXA NPort IAW5000A-I/O firmware version 2 ...)
 	NOT-FOR-US: MOXA NPort IAW5000A-I/O firmware
 CVE-2020-25191 (Incorrect permissions are set by default for an API entry-point of a s ...)
@@ -104916,23 +104916,23 @@ CVE-2020-25186 (An XXE vulnerability exists within LeviStudioU Release Build 201
 CVE-2020-25185 (The affected product is vulnerable to five post-authentication buffer  ...)
 	NOT-FOR-US: Paradox IP150
 CVE-2020-25184 (Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x stores the pa ...)
-	TODO: check
+	NOT-FOR-US: Rockwell Automation
 CVE-2020-25183 (Medtronic MyCareLink Smart 25000 all versions contain an authenticatio ...)
 	NOT-FOR-US: Medtronic MyCareLink Smart 25000
 CVE-2020-25182 (Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x searches for  ...)
-	TODO: check
+	NOT-FOR-US: Rockwell Automation
 CVE-2020-25181 (WECON PLC Editor Versions 1.3.8 and prior has a heap-based buffer over ...)
 	NOT-FOR-US: WECON PLC Editor
 CVE-2020-25180 (Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x includes the  ...)
-	TODO: check
+	NOT-FOR-US: Rockwell Automation
 CVE-2020-25179 (GE Healthcare Imaging and Ultrasound Products may allow specific crede ...)
 	NOT-FOR-US: GE Healthcare Imaging and Ultrasound Products
 CVE-2020-25178 (ISaGRAF Workbench communicates with Rockwell Automation ISaGRAF Runtim ...)
-	TODO: check
+	NOT-FOR-US: Rockwell Automation
 CVE-2020-25177 (WECON PLC Editor Versions 1.3.8 and prior has a stack-based buffer ove ...)
 	NOT-FOR-US: WECON PLC Editor
 CVE-2020-25176 (Some commands used by the Rockwell Automation ISaGRAF Runtime Versions ...)
-	TODO: check
+	NOT-FOR-US: Rockwell Automation
 CVE-2020-25175 (GE Healthcare Imaging and Ultrasound Products may allow specific crede ...)
 	NOT-FOR-US: GE Healthcare Imaging and Ultrasound Products
 CVE-2020-25174 (A DLL hijacking vulnerability in the B. Braun OnlineSuite Version AP 3 ...)
@@ -124153,7 +124153,7 @@ CVE-2020-16234 (In PLC WinProladder Version 3.28 and prior, a stack-based buffer
 CVE-2020-16233 (An attacker could send a specially crafted packet that could have Code ...)
 	NOT-FOR-US: CodeMeter
 CVE-2020-16232 (In Yokogawa WideField3 R1.01 - R4.03, a buffer overflow could be cause ...)
-	TODO: check
+	NOT-FOR-US: Yokogawa WideField3
 CVE-2020-16231
 	RESERVED
 CVE-2020-16230 (All version of Ewon Flexy and Cosy prior to 14.1 use wildcards such as ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/769461cc407160817a12d619002f8784f9691796

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/769461cc407160817a12d619002f8784f9691796
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220319/f4dd40f3/attachment.htm>

More information about the debian-security-tracker-commits mailing list