[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) jmm at debian.org
Mon Mar 28 09:23:47 BST 2022 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
fd9cae75 by Moritz Muehlenhoff at 2022-03-28T10:23:33+02:00
NFUs
libstb non-issue

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -394,7 +394,8 @@ CVE-2022-27939 (tcprewrite in Tcpreplay 4.4.1 has a reachable assertion in get_l
 	NOTE: https://github.com/appneta/tcpreplay/issues/717
 	NOTE: Crash in CLI tool, no security impact
 CVE-2022-27938 (stb_image.h (aka the stb image loader) 2.19, as used in libsixel and o ...)
-	TODO: check
+	- libstb <unfixed> (unimportant)
+	NOTE: Negligible security impact
 CVE-2022-27937
 	RESERVED
 CVE-2022-27936
@@ -4692,17 +4693,17 @@ CVE-2022-26275
 CVE-2022-26274
 	RESERVED
 CVE-2022-26273 (EyouCMS v1.5.4 was discovered to lack parameter filtering in \user\con ...)
-	TODO: check
+	NOT-FOR-US: EyouCMS
 CVE-2022-26272 (A remote code execution (RCE) vulnerability in Ionize v1.0.8.1 allows  ...)
 	NOT-FOR-US: Ionize CMS
 CVE-2022-26271 (74cmsSE v3.4.1 was discovered to contain an arbitrary file read vulner ...)
-	TODO: check
+	NOT-FOR-US: 74cmsSE
 CVE-2022-26270
 	RESERVED
 CVE-2022-26269
 	RESERVED
 CVE-2022-26268 (Xiaohuanxiong v1.0 was discovered to contain a SQL injection vulnerabi ...)
-	TODO: check
+	NOT-FOR-US: Xiaohuanxiong
 CVE-2022-26267 (Piwigo v12.2.0 was discovered to contain an information leak via the a ...)
 	- piwigo <removed>
 CVE-2022-26266 (Piwigo v12.2.0 was discovered to contain a SQL injection vulnerability ...)
@@ -4720,15 +4721,15 @@ CVE-2022-26261
 CVE-2022-26260 (Simple-Plist v1.3.0 was discovered to contain a prototype pollution vu ...)
 	NOT-FOR-US: Simple-Plist
 CVE-2022-26259 (A buffer over flow in Xiongmai DVR devices NBD80X16S-KL, NBD80X09S-KL, ...)
-	TODO: check
+	NOT-FOR-US: Xiongmai
 CVE-2022-26258 (D-Link DIR-820L 1.05B03 was discovered to contain a remote command exe ...)
-	TODO: check
+	NOT-FOR-US: D-Link
 CVE-2022-26257
 	RESERVED
 CVE-2022-26256
 	RESERVED
 CVE-2022-26255 (Clash for Windows v0.19.8 was discovered to allow arbitrary code execu ...)
-	TODO: check
+	NOT-FOR-US: Clash for Windows
 CVE-2022-26254 (WoWonder The Ultimate PHP Social Network Platform v4.0.0 was discovere ...)
 	NOT-FOR-US: WoWonder
 CVE-2022-26253
@@ -6050,7 +6051,7 @@ CVE-2022-26874 (lib/Horde/Mime/Viewer/Ooo.php in Horde Mime_Viewer before 2.2.4
 CVE-2022-25762
 	RESERVED
 CVE-2022-25757 (In Apache APISIX before 2.13.0, when decoding JSON with duplicate keys ...)
-	TODO: check
+	NOT-FOR-US: Apache APISIX
 CVE-2022-25756
 	RESERVED
 CVE-2022-25755
@@ -8766,7 +8767,7 @@ CVE-2022-24771 (Forge (also called `node-forge`) is a native implementation of T
 	NOTE: https://github.com/digitalbazaar/forge/security/advisories/GHSA-cfm4-qjh2-4765
 	NOTE: https://github.com/digitalbazaar/forge/commit/3f0b49a0573ef1bb7af7f5673c0cfebf00424df1 (v1.3.0)
 CVE-2022-24770 (`gradio` is an open source framework for building interactive machine  ...)
-	TODO: check
+	NOT-FOR-US: gradio
 CVE-2022-24769 (Moby is an open-source project created by Docker to enable and acceler ...)
 	- containerd 1.6.2~ds1-1
 	[bullseye] - containerd <no-dsa> (Minor issue)
@@ -12951,7 +12952,7 @@ CVE-2022-23612 (OpenMRS is a patient-based medical record system focusing on giv
 CVE-2022-23611 (iTunesRPC-Remastered is a Discord Rich Presence for iTunes on Windows  ...)
 	NOT-FOR-US: iTunesRPC-Remastered
 CVE-2022-23610 (wire-server provides back end services for Wire, an open source messen ...)
-	TODO: check
+	NOT-FOR-US: wire-server
 CVE-2022-23609 (iTunesRPC-Remastered is a Discord Rich Presence for iTunes on Windows  ...)
 	NOT-FOR-US: iTunesRPC-Remastered
 CVE-2022-23608 (PJSIP is a free and open source multimedia communication library writt ...)
@@ -19323,9 +19324,9 @@ CVE-2021-45492
 CVE-2021-4168 (showdoc is vulnerable to Cross-Site Request Forgery (CSRF) ...)
 	NOT-FOR-US: ShowDoc
 CVE-2021-45491 (3CX System through 2022-03-17 stores cleartext passwords in a database ...)
-	TODO: check
+	NOT-FOR-US: 3CX
 CVE-2021-45490 (The client applications in 3CX on Windows, the 3CX app for iOS, and th ...)
-	TODO: check
+	NOT-FOR-US: 3CX
 CVE-2021-45489 (In NetBSD through 9.2, the IPv6 Flow Label generation algorithm employ ...)
 	NOT-FOR-US: NetBSD
 CVE-2021-45488 (In NetBSD through 9.2, there is an information leak in the TCP ISN (IS ...)
@@ -22817,7 +22818,7 @@ CVE-2021-44619
 CVE-2021-44618 (A Server-side Template Injection (SSTI) vulnerability exists in Nystud ...)
 	NOT-FOR-US: Nystudio107 Seomatic
 CVE-2021-44617 (A SQL Injection vulnerability exits in the Ramo plugin for GLPI 9.4.6  ...)
-	TODO: check
+	NOT-FOR-US: GLPI plugin
 CVE-2021-44616
 	RESERVED
 CVE-2021-44615
@@ -24100,17 +24101,17 @@ CVE-2021-44215 (Northern.tech CFEngine Enterprise 3.15.4 before 3.15.5 has Insec
 CVE-2021-44214
 	RESERVED
 CVE-2021-44213 (OX App Suite through 7.10.5 allows XSS via uuencoding in a multipart/a ...)
-	TODO: check
+	NOT-FOR-US: OX App Suite
 CVE-2021-44212 (OX App Suite through 7.10.5 allows XSS via a trailing control characte ...)
-	TODO: check
+	NOT-FOR-US: OX App Suite
 CVE-2021-44211 (OX App Suite through 7.10.5 allows XSS via the class attribute of an e ...)
-	TODO: check
+	NOT-FOR-US: OX App Suite
 CVE-2021-44210 (OX App Suite through 7.10.5 allows XSS via NIFF (Notation Interchange  ...)
-	TODO: check
+	NOT-FOR-US: OX App Suite
 CVE-2021-44209 (OX App Suite through 7.10.5 allows XSS via an HTML 5 element such as A ...)
-	TODO: check
+	NOT-FOR-US: OX App Suite
 CVE-2021-44208 (OX App Suite through 7.10.5 allows XSS via an unknown system message i ...)
-	TODO: check
+	NOT-FOR-US: OX App Suite
 CVE-2021-44207 (Acclaim USAHERDS through 7.4.0.1 uses hard-coded credentials. ...)
 	NOT-FOR-US: Acclaim USAHERDS
 CVE-2021-4018 (snipe-it is vulnerable to Improper Neutralization of Input During Web  ...)
@@ -24351,7 +24352,7 @@ CVE-2021-44129
 CVE-2021-44128
 	RESERVED
 CVE-2021-44127 (In DLink DAP-1360 F1 firmware version <=v6.10 in the "webupg" binar ...)
-	TODO: check
+	NOT-FOR-US: D-Link
 CVE-2021-44126
 	RESERVED
 CVE-2021-44125



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fd9cae7542d6bf73d38f7c96d643c702cf8fdf0d

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fd9cae7542d6bf73d38f7c96d643c702cf8fdf0d
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220328/837af95a/attachment.htm>

More information about the debian-security-tracker-commits mailing list