[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed May 11 06:49:40 BST 2022 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
f86ad91b by Salvatore Bonaccorso at 2022-05-11T07:29:05+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -2911,7 +2911,7 @@ CVE-2022-1399
 CVE-2022-1398
 	RESERVED
 CVE-2022-1397 (API Privilege Escalation in GitHub repository alextselegidis/easyappoi ...)
-	TODO: check
+	NOT-FOR-US: alextselegidis/easyappointments
 CVE-2022-1396 (The Donorbox WordPress plugin before 7.1.7 does not sanitise and escap ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-1395
@@ -4335,7 +4335,7 @@ CVE-2022-28988
 CVE-2022-28987
 	RESERVED
 CVE-2022-28986 (LMS Doctor Simple 2 Factor Authentication Plugin For Moodle Affected:  ...)
-	TODO: check
+	NOT-FOR-US: LMS Doctor Simple 2 Factor Authentication Plugin For Moodle
 CVE-2022-28985
 	RESERVED
 CVE-2022-28984
@@ -6598,9 +6598,9 @@ CVE-2022-28164 (Brocade SANnav before SANnav 2.2.0 application uses the Blowfish
 CVE-2022-28163 (In Brocade SANnav before Brocade SANnav 2.2.0, multiple endpoints asso ...)
 	NOT-FOR-US: Brocade SANnav
 CVE-2022-28162 (Brocade SANnav before version SANnav 2.2.0 logs the REST API Authentic ...)
-	TODO: check
+	NOT-FOR-US: Brocade SANnav
 CVE-2022-28161 (An information exposure through log file vulnerability in Brocade SANN ...)
-	TODO: check
+	NOT-FOR-US: Brocade SANnav
 CVE-2022-1159 (Rockwell Automation Studio 5000 Logix Designer (all versions) are vuln ...)
 	NOT-FOR-US: Rockwell Automation
 CVE-2022-1158
@@ -8927,7 +8927,7 @@ CVE-2022-27310
 CVE-2022-27309
 	RESERVED
 CVE-2022-27308 (A stored cross-site scripting (XSS) vulnerability in PHProjekt PhpSimp ...)
-	TODO: check
+	NOT-FOR-US: PHProjekt PhpSimplyGest
 CVE-2022-27307
 	RESERVED
 CVE-2022-27306
@@ -9099,7 +9099,7 @@ CVE-2022-27244 (An issue was discovered in MISP before 2.4.156. A malicious site
 CVE-2022-27243 (An issue was discovered in MISP before 2.4.156. app/View/Users/terms.c ...)
 	NOT-FOR-US: MISP
 CVE-2022-27242 (A vulnerability has been identified in OpenV2G (V0.9.4). The OpenV2G E ...)
-	TODO: check
+	NOT-FOR-US: OpenV2G / Siemens
 CVE-2022-27241 (A vulnerability has been identified in Mendix Applications using Mendi ...)
 	NOT-FOR-US: Siemens
 CVE-2022-1027 (The Page Restriction WordPress (WP) WordPress plugin before 1.2.7 allo ...)
@@ -9249,7 +9249,7 @@ CVE-2022-0994 (The Hummingbird WordPress plugin before 3.3.2 does not sanitise a
 CVE-2022-27225 (Gradle Enterprise before 2021.4.3 relies on cleartext data transmissio ...)
 	NOT-FOR-US: Gradle Enterprise
 CVE-2022-27224 (An issue was discovered in Galleon NTS-6002-GPS 4.14.103-Galleon-NTS-6 ...)
-	TODO: check
+	NOT-FOR-US:  Galleon NTS-6002-GPS
 CVE-2022-27223 (In drivers/usb/gadget/udc/udc-xilinx.c in the Linux kernel before 5.16 ...)
 	- linux 5.16.12-1
 	[bullseye] - linux 5.10.103-1
@@ -9967,7 +9967,7 @@ CVE-2022-26983
 CVE-2022-26982 (SimpleMachinesForum 2.1.1 and earlier allows remote authenticated admi ...)
 	NOT-FOR-US: Simple Machines Forum (SMF)
 CVE-2022-0947 (A vulnerability in ABB ARG600 Wireless Gateway series that could allow ...)
-	TODO: check
+	NOT-FOR-US: ABB ARG600 Wireless Gateway
 CVE-2022-0946 (Stored XSS viva cshtm file upload in GitHub repository star7th/showdoc ...)
 	NOT-FOR-US: ShowDoc
 CVE-2022-0945 (Stored XSS viva axd and cshtml file upload in star7th/showdoc in GitHu ...)
@@ -17555,13 +17555,13 @@ CVE-2022-24292 (Certain HP Print devices may be vulnerable to potential informat
 CVE-2022-24291 (Certain HP Print devices may be vulnerable to potential information di ...)
 	NOT-FOR-US: HP
 CVE-2022-24290 (A vulnerability has been identified in Teamcenter V12.4 (All versions  ...)
-	TODO: check
+	NOT-FOR-US: Teamcenter /Siemens
 CVE-2022-24289 (Hessian serialization is a network protocol that supports object-based ...)
 	NOT-FOR-US: Apache Cayenne
 CVE-2022-24288 (In Apache Airflow, prior to version 2.2.4, some example DAGs did not p ...)
 	- airflow <itp> (bug #819700)
 CVE-2022-24287 (A vulnerability has been identified in SIMATIC PCS 7 V9.0 and earlier  ...)
-	TODO: check
+	NOT-FOR-US: Siemens
 CVE-2022-21799 (Cross-site scripting vulnerability in ELECOM LAN router WRC-300FEBK-R  ...)
 	NOT-FOR-US: ELECOM
 CVE-2022-21173 (Hidden functionality vulnerability in ELECOM LAN routers (WRH-300BK3 f ...)
@@ -18491,19 +18491,19 @@ CVE-2022-24047 (This vulnerability allows remote attackers to bypass authenticat
 CVE-2022-24046 (This vulnerability allows network-adjacent attackers to execute arbitr ...)
 	NOT-FOR-US: Sonos One Speaker
 CVE-2022-24045 (A vulnerability has been identified in Desigo DXR2 (All versions <  ...)
-	TODO: check
+	NOT-FOR-US: Siemens
 CVE-2022-24044 (A vulnerability has been identified in Desigo DXR2 (All versions <  ...)
-	TODO: check
+	NOT-FOR-US: Siemens
 CVE-2022-24043 (A vulnerability has been identified in Desigo DXR2 (All versions <  ...)
-	TODO: check
+	NOT-FOR-US: Siemens
 CVE-2022-24042 (A vulnerability has been identified in Desigo DXR2 (All versions <  ...)
-	TODO: check
+	NOT-FOR-US: Siemens
 CVE-2022-24041 (A vulnerability has been identified in Desigo DXR2 (All versions <  ...)
-	TODO: check
+	NOT-FOR-US: Siemens
 CVE-2022-24040 (A vulnerability has been identified in Desigo DXR2 (All versions <  ...)
-	TODO: check
+	NOT-FOR-US: Siemens
 CVE-2022-24039 (A vulnerability has been identified in Desigo PXC4 (All versions <  ...)
-	TODO: check
+	NOT-FOR-US: Siemens
 CVE-2022-24038
 	RESERVED
 CVE-2022-24037
@@ -20112,9 +20112,9 @@ CVE-2022-23707 (An XSS vulnerability was found in Kibana index patterns. Using t
 CVE-2022-23706
 	RESERVED
 CVE-2022-23705 (A security vulnerability has been identified in HPE Nimble Storage Hyb ...)
-	TODO: check
+	NOT-FOR-US: HPE
 CVE-2022-23704 (A potential security vulnerability has been identified in Integrated L ...)
-	TODO: check
+	NOT-FOR-US: HPE
 CVE-2022-23703 (A security vulnerability has been identified in HPE Nimble Storage Hyb ...)
 	NOT-FOR-US: HPE
 CVE-2022-23702 (A potential security vulnerability has been identified in HPE Superdom ...)
@@ -20168,9 +20168,9 @@ CVE-2022-23679
 CVE-2022-23678
 	RESERVED
 CVE-2022-23677 (A remote execution of arbitrary code vulnerability was discovered in A ...)
-	TODO: check
+	NOT-FOR-US: Aruba
 CVE-2022-23676 (A remote execution of arbitrary code vulnerability was discovered in A ...)
-	TODO: check
+	NOT-FOR-US: Aruba
 CVE-2022-23675
 	RESERVED
 CVE-2022-23674
@@ -34243,7 +34243,7 @@ CVE-2021-43714
 CVE-2021-43713
 	RESERVED
 CVE-2021-43712 (Stored XSS in Add New Employee Form in Sourcecodester Employee Daily T ...)
-	TODO: check
+	NOT-FOR-US: Sourcecodester Employee Daily Task Management System
 CVE-2021-43711 (The downloadFlile.cgi binary file in TOTOLINK EX200 V4.0.3c.7646_B2020 ...)
 	NOT-FOR-US: TOTOLINK
 CVE-2021-43710
@@ -36936,7 +36936,7 @@ CVE-2021-43096
 CVE-2021-43095
 	RESERVED
 CVE-2021-43094 (An SQL Injection vulnerability exists in OpenMRS Reference Application ...)
-	TODO: check
+	NOT-FOR-US: OpenMRS
 CVE-2021-43093
 	RESERVED
 CVE-2021-43092
@@ -38087,7 +38087,7 @@ CVE-2021-42647
 CVE-2021-42646
 	RESERVED
 CVE-2021-42645 (CMSimple_XH 1.7.4 is affected by a remote code execution (RCE) vulnera ...)
-	TODO: check
+	NOT-FOR-US: CMSimple
 CVE-2021-42644
 	RESERVED
 CVE-2021-42643
@@ -42070,7 +42070,7 @@ CVE-2021-41547 (A vulnerability has been identified in Teamcenter Active Workspa
 CVE-2021-41546 (A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versi ...)
 	NOT-FOR-US: Siemens
 CVE-2021-41545 (A vulnerability has been identified in Desigo DXR2 (All versions <  ...)
-	TODO: check
+	NOT-FOR-US: Siemens
 CVE-2021-41544
 	RESERVED
 CVE-2021-41543 (A vulnerability has been identified in Climatix POL909 (AWB module) (A ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f86ad91bbaa1d2d83de0124e1d3857c8f6320f3a

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f86ad91bbaa1d2d83de0124e1d3857c8f6320f3a
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220511/7b4fc578/attachment.htm>

More information about the debian-security-tracker-commits mailing list