[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri May 6 07:38:14 BST 2022 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
b63ca6a7 by Salvatore Bonaccorso at 2022-05-06T08:37:46+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -4942,7 +4942,7 @@ CVE-2022-28490
 CVE-2022-28489
 	RESERVED
 CVE-2022-28488 (The function wav_format_write in libwav.c in libwav through 2017-04-20 ...)
-	TODO: check
+	NOT-FOR-US: libwav
 CVE-2022-28487 (Tcpreplay version 4.4.1 contains a memory leakage flaw in fix_ipv6_che ...)
 	- tcpreplay <unfixed> (unimportant)
 	NOTE: https://github.com/appneta/tcpreplay/issues/723
@@ -4979,7 +4979,7 @@ CVE-2022-28473
 CVE-2022-28472
 	RESERVED
 CVE-2022-28471 (In ffjpeg (commit hash: caade60), the function bmp_load() in bmp.c con ...)
-	TODO: check
+	NOT-FOR-US: ffjpeg
 CVE-2022-28470
 	RESERVED
 CVE-2022-28469
@@ -7837,7 +7837,7 @@ CVE-2022-27463 (Open redirect vulnerability in objects/login.json.php in WWBN AV
 CVE-2022-27462 (Cross Site Scripting (XSS) vulnerability in objects/function.php in fu ...)
 	NOT-FOR-US: WWBN AVideo
 CVE-2022-27461 (In nopCommerce 4.50.1, an open redirect vulnerability can be triggered ...)
-	TODO: check
+	NOT-FOR-US: nopCommerce
 CVE-2022-27460
 	RESERVED
 CVE-2022-27459
@@ -8001,7 +8001,7 @@ CVE-2022-27413 (Hospital Management System v1.0 was discovered to contain a SQL
 CVE-2022-27412
 	RESERVED
 CVE-2022-27411 (TOTOLINK N600R v5.3c.5507_B20171031 was discovered to contain a comman ...)
-	TODO: check
+	NOT-FOR-US: TOTOLINK
 CVE-2022-27410
 	RESERVED
 CVE-2022-27409
@@ -8168,7 +8168,7 @@ CVE-2022-27361
 CVE-2022-27360 (SpringBlade v3.2.0 and below was discovered to contain a SQL injection ...)
 	TODO: check
 CVE-2022-27359 (Foxit PDF Reader v11.2.1.53537 was discovered to contain a NULL pointe ...)
-	TODO: check
+	NOT-FOR-US: Foxit PDF Reader
 CVE-2022-27358
 	RESERVED
 CVE-2022-27357 (Ecommerce-Website v1 was discovered to contain an arbitrary file uploa ...)
@@ -10917,9 +10917,9 @@ CVE-2022-26378
 CVE-2022-26377
 	RESERVED
 CVE-2022-26073 (A denial of service vulnerability exists in the libxm_av.so DemuxCmdIn ...)
-	TODO: check
+	NOT-FOR-US: Anker Eufy Homebase
 CVE-2022-25989 (An authentication bypass vulnerability exists in the libxm_av.so getpe ...)
-	TODO: check
+	NOT-FOR-US: Anker Eufy Homebase
 CVE-2022-0844
 	RESERVED
 CVE-2022-0843
@@ -20036,7 +20036,7 @@ CVE-2022-23445
 CVE-2022-23444
 	RESERVED
 CVE-2022-23443 (An improper access control in Fortinet FortiSOAR before 7.2.0 allows u ...)
-	TODO: check
+	NOT-FOR-US: FortiGuard
 CVE-2022-23442
 	RESERVED
 CVE-2022-23441 (A use of hard-coded cryptographic key vulnerability [CWE-321] in Forti ...)
@@ -25444,7 +25444,7 @@ CVE-2021-45785
 CVE-2021-45784
 	RESERVED
 CVE-2021-45783 (Bookeen Notea Firmware BK_R_1.0.5_20210608 is affected by a directory  ...)
-	TODO: check
+	NOT-FOR-US: Bookeen Notea Firmware
 CVE-2021-45782
 	REJECTED
 CVE-2021-45781
@@ -31454,19 +31454,19 @@ CVE-2021-44059
 CVE-2021-44058
 	RESERVED
 CVE-2021-44057 (An improper authentication vulnerability has been reported to affect Q ...)
-	TODO: check
+	NOT-FOR-US: QNAP
 CVE-2021-44056 (An improper authentication vulnerability has been reported to affect Q ...)
-	TODO: check
+	NOT-FOR-US: QNAP
 CVE-2021-44055 (An missing authorization vulnerability has been reported to affect QNA ...)
-	TODO: check
+	NOT-FOR-US: QNAP
 CVE-2021-44054 (An open redirect vulnerability has been reported to affect QNAP device ...)
-	TODO: check
+	NOT-FOR-US: QNAP
 CVE-2021-44053 (A cross-site scripting (XSS) vulnerability has been reported to affect ...)
-	TODO: check
+	NOT-FOR-US: QNAP
 CVE-2021-44052 (An improper link resolution before file access ('Link Following') vuln ...)
-	TODO: check
+	NOT-FOR-US: QNAP
 CVE-2021-44051 (A command injection vulnerability has been reported to affect QNAP NAS ...)
-	TODO: check
+	NOT-FOR-US: QNAP
 CVE-2021-44050 (CA Network Flow Analysis (NFA) 21.2.1 and earlier contain a SQL inject ...)
 	NOT-FOR-US: CA Network Flow Analysis (NFA)
 CVE-2021-44049 (CyberArk Endpoint Privilege Manager (EPM) through 11.5.3.328 before 20 ...)
@@ -34003,7 +34003,7 @@ CVE-2021-43549 (A remote authenticated attacker with write access to a PI Server
 CVE-2021-43548 (Patient Information Center iX (PIC iX) Versions C.02 and C.03 receives ...)
 	NOT-FOR-US: Philips
 CVE-2021-43547 (TwinOaks Computing CoreDX DDS versions prior to 5.9.1 are susceptible  ...)
-	TODO: check
+	NOT-FOR-US: TwinOaks Computing CoreDX DDS
 CVE-2021-43546 (It was possible to recreate previous cursor spoofing attacks against u ...)
 	{DSA-5034-1 DSA-5026-1 DLA-2874-1 DLA-2863-1}
 	- firefox 95.0-1
@@ -35509,11 +35509,11 @@ CVE-2022-20803
 CVE-2022-20802
 	RESERVED
 CVE-2022-20801 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2022-20800
 	RESERVED
 CVE-2022-20799 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2022-20798
 	RESERVED
 CVE-2022-20797
@@ -35526,7 +35526,7 @@ CVE-2022-20796 (On May 4, 2022, the following vulnerability in the ClamAV scanni
 CVE-2022-20795 (A vulnerability in the implementation of the Datagram TLS (DTLS) proto ...)
 	NOT-FOR-US: Cisco
 CVE-2022-20794 (Multiple vulnerabilities in the web engine of Cisco TelePresence Colla ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2022-20793
 	RESERVED
 CVE-2022-20792
@@ -35561,13 +35561,13 @@ CVE-2022-20782 (A vulnerability in the web-based management interface of Cisco I
 CVE-2022-20781 (A vulnerability in the web-based management interface of Cisco AsyncOS ...)
 	NOT-FOR-US: Cisco
 CVE-2022-20780 (Multiple vulnerabilities in Cisco Enterprise NFV Infrastructure Softwa ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2022-20779 (Multiple vulnerabilities in Cisco Enterprise NFV Infrastructure Softwa ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2022-20778 (A vulnerability in the authentication component of Cisco Webex Meeting ...)
 	NOT-FOR-US: Cisco
 CVE-2022-20777 (Multiple vulnerabilities in Cisco Enterprise NFV Infrastructure Softwa ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2022-20776
 	RESERVED
 CVE-2022-20775
@@ -35599,7 +35599,7 @@ CVE-2022-20766
 CVE-2022-20765
 	RESERVED
 CVE-2022-20764 (Multiple vulnerabilities in the web engine of Cisco TelePresence Colla ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2022-20763 (A vulnerability in the login authorization components of Cisco Webex M ...)
 	NOT-FOR-US: Cisco
 CVE-2022-20762 (A vulnerability in the Common Execution Environment (CEE) ConfD CLI of ...)
@@ -35621,7 +35621,7 @@ CVE-2022-20755 (Multiple vulnerabilities in the API and web-based management int
 CVE-2022-20754 (Multiple vulnerabilities in the API and web-based management interface ...)
 	NOT-FOR-US: Cisco
 CVE-2022-20753 (A vulnerability in web-based management interface of Cisco Small Busin ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2022-20752
 	RESERVED
 CVE-2022-20751 (A vulnerability in the Snort detection engine integration for Cisco Fi ...)
@@ -35659,7 +35659,7 @@ CVE-2022-20736
 CVE-2022-20735 (A vulnerability in the web-based management interface of Cisco SD-WAN  ...)
 	NOT-FOR-US: Cisco
 CVE-2022-20734 (A vulnerability in Cisco SD-WAN vManage Software could allow an authen ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2022-20733
 	RESERVED
 CVE-2022-20732 (A vulnerability in the configuration file protections of Cisco Virtual ...)
@@ -35990,7 +35990,7 @@ CVE-2021-43208 (3D Viewer Remote Code Execution Vulnerability This CVE ID is uni
 CVE-2021-43207 (Windows Common Log File System Driver Elevation of Privilege Vulnerabi ...)
 	NOT-FOR-US: Microsoft
 CVE-2021-43206 (A server-generated error message containing sensitive information in F ...)
-	TODO: check
+	NOT-FOR-US: FortiGuard
 CVE-2021-43205 (An exposure of sensitive information to an unauthorized actor vulnerab ...)
 	NOT-FOR-US: Fortiguard FortiClient
 CVE-2021-43204 (A improper control of a resource through its lifetime in Fortinet Fort ...)
@@ -36109,17 +36109,17 @@ CVE-2021-43166
 CVE-2021-43165
 	RESERVED
 CVE-2021-43164 (A Remote Code Execution (RCE) vulnerability exists in Ruijie Networks  ...)
-	TODO: check
+	NOT-FOR-US: Ruijie
 CVE-2021-43163 (A Remote Code Execution (RCE) vulnerability exists in Ruijie Networks  ...)
-	TODO: check
+	NOT-FOR-US: Ruijie
 CVE-2021-43162 (A Remote Code Execution (RCE) vulnerability exists in Ruijie Networks  ...)
-	TODO: check
+	NOT-FOR-US: Ruijie
 CVE-2021-43161 (A Remote Code Execution (RCE) vulnerability exists in Ruijie Networks  ...)
-	TODO: check
+	NOT-FOR-US: Ruijie
 CVE-2021-43160 (A Remote Code Execution (RCE) vulnerability exists in Ruijie Networks  ...)
-	TODO: check
+	NOT-FOR-US: Ruijie
 CVE-2021-43159 (A Remote Code Execution (RCE) vulnerability exists in Ruijie Networks  ...)
-	TODO: check
+	NOT-FOR-US: Ruijie
 CVE-2021-43158 (In ProjectWorlds Online Shopping System PHP 1.0, a CSRF vulnerability  ...)
 	NOT-FOR-US: ProjectWorlds Online Shopping System PHP
 CVE-2021-43157 (Projectsworlds Online Shopping System PHP 1.0 is vulnerable to SQL inj ...)
@@ -39625,7 +39625,7 @@ CVE-2021-42244 (A cross-site scripting (XSS) vulnerability in PaquitoSoftware No
 CVE-2021-42243
 	RESERVED
 CVE-2021-42242 (A command execution vulnerability exists in jfinal_cms 5.0.1 via com.j ...)
-	TODO: check
+	NOT-FOR-US: jfinal_cms
 CVE-2021-42241
 	RESERVED
 CVE-2021-42240
@@ -39639,7 +39639,7 @@ CVE-2021-42237 (Sitecore XP 7.5 Initial Release to Sitecore XP 8.2 Update-7 is v
 CVE-2021-42236
 	RESERVED
 CVE-2021-42235 (SQL injection in osTicket before 1.14.8 and 1.15.4 login and password  ...)
-	TODO: check
+	NOT-FOR-US: osTicket
 CVE-2021-42234
 	RESERVED
 CVE-2021-42233
@@ -39743,7 +39743,7 @@ CVE-2021-42185 (wdja v2.1 is affected by a SQL injection vulnerability in the fo
 CVE-2021-42184
 	RESERVED
 CVE-2021-42183 (MasaCMS 7.2.1 is affected by a path traversal vulnerability in /index. ...)
-	TODO: check
+	NOT-FOR-US: MasaCMS
 CVE-2021-42182
 	RESERVED
 CVE-2021-42181



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b63ca6a7edaec3e3b06d60045adcfb0a119f7e72

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b63ca6a7edaec3e3b06d60045adcfb0a119f7e72
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220506/0402e0bc/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list