[Git][security-tracker-team/security-tracker][master] Process several NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Mar 24 21:10:40 GMT 2022 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
c41effd4 by Salvatore Bonaccorso at 2022-03-24T22:09:50+01:00
Process several NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -5883,7 +5883,7 @@ CVE-2022-25570 (In Click Studios (SA) Pty Ltd Passwordstate 9435, users with acc
 CVE-2022-25569
 	RESERVED
 CVE-2022-25568 (MotionEye v0.42.1 and below allows attackers to access sensitive infor ...)
-	TODO: check
+	NOT-FOR-US: MotionEye
 CVE-2022-25567
 	RESERVED
 CVE-2022-25566 (Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow in th ...)
@@ -8084,7 +8084,7 @@ CVE-2022-24769
 	[bullseye] - containerd <no-dsa> (Minor issue)
 	NOTE: https://github.com/containerd/containerd/security/advisories/GHSA-c9cp-9c75-9v8c
 CVE-2022-24768 (Argo CD is a declarative, GitOps continuous delivery tool for Kubernet ...)
-	TODO: check
+	NOT-FOR-US: Argo CD
 CVE-2022-24767
 	RESERVED
 CVE-2022-24766 (mitmproxy is an interactive, SSL/TLS-capable intercepting proxy. In mi ...)
@@ -8327,9 +8327,9 @@ CVE-2022-24698
 CVE-2022-24697
 	RESERVED
 CVE-2022-0551 (Improper Input Validation vulnerability in project file upload in Nozo ...)
-	TODO: check
+	NOT-FOR-US: Nozomi Networks
 CVE-2022-0550 (Improper Input Validation vulnerability in custom report logo upload i ...)
-	TODO: check
+	NOT-FOR-US: Nozomi Networks
 CVE-2022-0549
 	RESERVED
 	[experimental] - gitlab 14.6.5+ds1-1
@@ -11139,7 +11139,7 @@ CVE-2022-23882
 CVE-2022-23881 (ZZZCMS zzzphp v2.1.0 was discovered to contain a remote command execut ...)
 	NOT-FOR-US: zzzcms
 CVE-2022-23880 (An arbitrary file upload vulnerability in the File Management function ...)
-	TODO: check
+	NOT-FOR-US: taoCMS
 CVE-2022-23879
 	RESERVED
 CVE-2022-23878 (seacms V11.5 is affected by an arbitrary code execution vulnerability  ...)
@@ -14457,9 +14457,9 @@ CVE-2022-22954
 CVE-2022-22953
 	RESERVED
 CVE-2022-22952 (VMware Carbon Black App Control (8.5.x prior to 8.5.14, 8.6.x prior to ...)
-	TODO: check
+	NOT-FOR-US: VMware
 CVE-2022-22951 (VMware Carbon Black App Control (8.5.x prior to 8.5.14, 8.6.x prior to ...)
-	TODO: check
+	NOT-FOR-US: VMware
 CVE-2022-22950
 	RESERVED
 CVE-2022-22949
@@ -15123,7 +15123,7 @@ CVE-2022-22821 (NVIDIA NeMo before 1.6.0 contains a vulnerability in ASR WebApp,
 CVE-2022-22820 (Due to the lack of media file checks before rendering, it was possible ...)
 	NOT-FOR-US: LINE
 CVE-2022-22819 (NXP LPC55S66JBD64, LPC55S66JBD100, LPC55S66JEV98, LPC55S69JBD64, LPC55 ...)
-	TODO: check
+	NOT-FOR-US: NXP
 CVE-2022-22818 (The {% debug %} template tag in Django 2.2 before 2.2.27, 3.2 before 3 ...)
 	{DLA-2906-1}
 	- python-django 2:3.2.12-1 (bug #1004752)
@@ -15486,7 +15486,7 @@ CVE-2022-22733 (Exposure of Sensitive Information to an Unauthorized Actor vulne
 CVE-2022-0154 (An issue has been discovered in GitLab affecting all versions starting ...)
 	- gitlab <unfixed>
 CVE-2022-0153 (SQL Injection in GitHub repository forkcms/forkcms prior to 5.11.1. ...)
-	TODO: check
+	NOT-FOR-US: forkcms
 CVE-2022-0152 (An issue has been discovered in GitLab affecting all versions starting ...)
 	- gitlab <unfixed>
 CVE-2022-0151 (An issue has been discovered in GitLab affecting all versions starting ...)
@@ -15502,7 +15502,7 @@ CVE-2022-0147 (The Cookie Information | Free GDPR Consent Solution WordPress plu
 CVE-2022-0146
 	RESERVED
 CVE-2022-0145 (Cross-site Scripting (XSS) - Stored in GitHub repository forkcms/forkc ...)
-	TODO: check
+	NOT-FOR-US: forkcms
 CVE-2021-46162 (A vulnerability has been identified in Simcenter Femap (All versions & ...)
 	NOT-FOR-US: Siemens
 CVE-2021-46161 (A vulnerability has been identified in Simcenter Femap V2020.2 (All ve ...)
@@ -21158,9 +21158,9 @@ CVE-2021-44910
 CVE-2021-44909
 	RESERVED
 CVE-2021-44908 (SailsJS Sails.js <=1.4.0 is vulnerable to Prototype Pollution via c ...)
-	TODO: check
+	NOT-FOR-US: SailsJS Sails.jsSailsJS Sails.js
 CVE-2021-44907 (A Denial of Service vulnerability exists in qs up to 6.8.0 due to insu ...)
-	TODO: check
+	NOT-FOR-US: qs
 CVE-2021-44906 (Minimist <=1.2.5 is vulnerable to Prototype Pollution via file inde ...)
 	- node-minimist 1.2.6+~cs5.3.2-1
 	[bullseye] - node-minimist <no-dsa> (Minor issue)
@@ -21512,7 +21512,7 @@ CVE-2022-21822 (NVIDIA FLARE contains a vulnerability in the admin interface, wh
 CVE-2022-21821
 	RESERVED
 CVE-2022-21820 (NVIDIA DCGM contains a vulnerability in nvhostengine, where a network  ...)
-	TODO: check
+	NOT-FOR-US: NVIDIA
 CVE-2022-21819 (NVIDIA distributions of Jetson Linux contain a vulnerability where an  ...)
 	NOT-FOR-US: NVIDIA
 CVE-2022-21818 (NVIDIA License System contains a vulnerability in the installation scr ...)
@@ -22926,7 +22926,7 @@ CVE-2021-44347 (SQL Injection vulnerability exists in TuziCMS v2.0.6 in App\Mana
 CVE-2021-44346
 	RESERVED
 CVE-2021-44345 (Beijing Wisdom Vision Technology Industry Co., Ltd One Card Integrated ...)
-	TODO: check
+	NOT-FOR-US: Beijing Wisdom Vision Technology Industry Co., Ltd One Card Integrated Management System
 CVE-2021-44344
 	RESERVED
 CVE-2021-44343 (David Brackeen ok-file-formats 203defd is vulnerable to Buffer Overflo ...)
@@ -23320,7 +23320,7 @@ CVE-2021-44227 (In GNU Mailman before 2.1.38, a list member or moderator can get
 	NOTE: Regression: https://bugs.launchpad.net/mailman/+bug/1954694
 	NOTE: Regression fixed by: https://launchpadlibrarian.net/573872803/patch.txt
 CVE-2021-44226 (Razer Synapse before 3.7.0228.022817 allows privilege escalation becau ...)
-	TODO: check
+	NOT-FOR-US: Razer Synapse
 CVE-2021-4023 (A flaw was found in the io-workqueue implementation in the Linux kerne ...)
 	- linux 5.15.3-1
 	[buster] - linux <not-affected> (Vulnerable code not present)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c41effd411215d27faae43492e84c87be5f69921

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c41effd411215d27faae43492e84c87be5f69921
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220324/9df79c4e/attachment.htm>

More information about the debian-security-tracker-commits mailing list