[Git][security-tracker-team/security-tracker][master] Process some NFUs

Fri May 13 08:33:50 BST 2022


Neil Williams pushed to branch master at Debian Security Tracker / security-tracker


Commits:
f37132fe by Neil Williams at 2022-05-13T08:33:12+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -33,9 +33,9 @@ CVE-2022-27231
 CVE-2022-26302
 	RESERVED
 CVE-2022-1699 (Uncontrolled Resource Consumption in GitHub repository causefx/organiz ...)
-	TODO: check
+	NOT-FOR-US: organizr
 CVE-2022-1698 (Allowing long password leads to denial of service in GitHub repository ...)
-	TODO: check
+	NOT-FOR-US: organizr
 CVE-2022-1697
 	RESERVED
 CVE-2022-1696
@@ -67,9 +67,9 @@ CVE-2022-1684
 CVE-2022-1683
 	RESERVED
 CVE-2022-1682 (Reflected Xss using url based payload in GitHub repository neorazorx/f ...)
-	TODO: check
+	NOT-FOR-US: facturascripts
 CVE-2022-1681 (Authentication Bypass Using an Alternate Path or Channel in GitHub rep ...)
-	TODO: check
+	NOT-FOR-US: Requarks wiki.js
 CVE-2022-XXXX [RUSTSEC-2022-0022]
 	- rust-hyper <unfixed>
 	NOTE: https://rustsec.org/advisories/RUSTSEC-2022-0022.html
@@ -8533,7 +8533,7 @@ CVE-2022-1046 (The Visual Form Builder WordPress plugin before 3.0.7 does not sa
 CVE-2022-1045 (Stored XSS viva .svg file upload in GitHub repository polonel/trudesk  ...)
 	NOT-FOR-US: Trudesk
 CVE-2022-1044 (Sensitive Data Exposure Due To Insecure Storage Of Profile Image in Gi ...)
-	TODO: check
+	NOT-FOR-US: Trudesk
 CVE-2022-1043 [Linux Kernel io_uring Use-After-Free Privilege Escalation Vulnerability]
 	RESERVED
 	- linux 5.14.6-1
@@ -26152,13 +26152,13 @@ CVE-2022-0029
 CVE-2022-0028
 	RESERVED
 CVE-2022-0027 (An improper authorization vulnerability in Palo Alto Network Cortex XS ...)
-	TODO: check
+	NOT-FOR-US: Palo Alto Networks software
 CVE-2022-0026 (A local privilege escalation (PE) vulnerability exists in Palo Alto Ne ...)
-	TODO: check
+	NOT-FOR-US: Palo Alto Networks PAN-OS
 CVE-2022-0025 (A local privilege escalation (PE) vulnerability exists in Palo Alto Ne ...)
-	TODO: check
+	NOT-FOR-US: Palo Alto Networks PAN-OS
 CVE-2022-0024 (A vulnerability exists in Palo Alto Networks PAN-OS software that enab ...)
-	TODO: check
+	NOT-FOR-US: Palo Alto Networks PAN-OS
 CVE-2022-0023 (An improper handling of exceptional conditions vulnerability exists in ...)
 	NOT-FOR-US: Palo Alto Networks
 CVE-2022-0022 (Usage of a weak cryptographic algorithm in Palo Alto Networks PAN-OS s ...)
@@ -32176,7 +32176,7 @@ CVE-2021-44169 (A improper initialization in Fortinet FortiClient (Windows) vers
 CVE-2021-44168 (A download of code without integrity check vulnerability in the "execu ...)
 	NOT-FOR-US: FortiGuard
 CVE-2021-44167 (An incorrect permission assignment for critical resource vulnerability ...)
-	TODO: check
+	NOT-FOR-US: FortiGuard FortiClient
 CVE-2021-44166 (An improper access control vulnerability [CWE-284 ] in FortiToken Mobi ...)
 	NOT-FOR-US: FortiGuard
 CVE-2021-44165 (A vulnerability has been identified in POWER METER SICAM Q100 (All ver ...)
@@ -37400,7 +37400,7 @@ CVE-2020-36505 (The Delete All Comments Easily WordPress plugin through 1.3 is l
 CVE-2020-36504 (The WP-Pro-Quiz WordPress plugin through 0.37 does not have CSRF check ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2021-43081 (An improper neutralization of input during web page generation vulnera ...)
-	TODO: check
+	NOT-FOR-US: FortiGuard
 CVE-2021-43080
 	RESERVED
 CVE-2021-43079
@@ -37430,7 +37430,7 @@ CVE-2021-43068 (A improper authentication in Fortinet FortiAuthenticator version
 CVE-2021-43067 (A exposure of sensitive information to an unauthorized actor in Fortin ...)
 	NOT-FOR-US: FortiGuard
 CVE-2021-43066 (A external control of file name or path in Fortinet FortiClientWindows ...)
-	TODO: check
+	NOT-FOR-US: FortiGuard FortiClient
 CVE-2021-43065 (A incorrect permission assignment for critical resource in Fortinet Fo ...)
 	NOT-FOR-US: FortiGuard
 CVE-2021-43064 (A url redirection to untrusted site ('open redirect') in Fortinet Fort ...)
@@ -39820,15 +39820,15 @@ CVE-2022-20118 (In ion_ioctl and related functions of ion.c, there is a possible
 CVE-2022-20117 (In (TBD) of (TBD), there is a possible way to decrypt local data encry ...)
 	TODO: check
 CVE-2022-20116 (In onEntryUpdated of OngoingCallController.kt, it is possible to launc ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2022-20115 (In broadcastServiceStateChanged of TelephonyRegistry.java, there is a  ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2022-20114 (In placeCall of TelecomManager.java, there is a possible way for an ap ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2022-20113 (In mPreference of DefaultUsbConfigurationPreferenceController.java, th ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2022-20112 (In getAvailabilityStatus of PrivateDnsPreferenceController.java, there ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2021-42523
 	RESERVED
 CVE-2021-42522



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f37132fef9fea6d18710290cc65a8e09e8aba966

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f37132fef9fea6d18710290cc65a8e09e8aba966
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220513/12edf266/attachment.htm>
