[Git][security-tracker-team/security-tracker][master] Process some NFUs

Neil Williams (@codehelp) codehelp at debian.org
Mon May 16 09:31:29 BST 2022 


Neil Williams pushed to branch master at Debian Security Tracker / security-tracker


Commits:
5d09405a by Neil Williams at 2022-05-16T09:31:11+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -16933,9 +16933,9 @@ CVE-2022-24833 (PrivateBin is minimalist, open source online pastebin clone wher
 CVE-2022-24832 (GoCD is an open source a continuous delivery server. The bundled gocd- ...)
 	NOT-FOR-US: GoCD
 CVE-2022-24831 (OpenClinica is an open source software for Electronic Data Capture (ED ...)
-	TODO: check
+	NOT-FOR-US: OpenClinica
 CVE-2022-24830 (OpenClinica is an open source software for Electronic Data Capture (ED ...)
-	TODO: check
+	NOT-FOR-US: OpenClinica
 CVE-2022-24829 (Garden is an automation platform for Kubernetes development and testin ...)
 	NOT-FOR-US: Garden
 CVE-2022-24828 (Composer is a dependency manager for the PHP programming language. Int ...)
@@ -38333,11 +38333,11 @@ CVE-2021-42971
 CVE-2021-42970 (Cross Site Scripting (XSS) vulnerability exists in cxuucms v3 via the  ...)
 	NOT-FOR-US: cxuucms
 CVE-2021-42969 (Certain Anaconda3 2021.05 are affected by OS command injection. When a ...)
-	TODO: check
+	NOT-FOR-US: Anaconda Python
 CVE-2021-42968
 	RESERVED
 CVE-2021-42967 (Unrestricted file upload in /novel-admin/src/main/java/com/java2nb/com ...)
-	TODO: check
+	NOT-FOR-US: Novel-plus
 CVE-2021-42966
 	RESERVED
 CVE-2021-42965
@@ -42060,7 +42060,7 @@ CVE-2021-41967
 CVE-2021-41966
 	RESERVED
 CVE-2021-41965 (A SQL injection vulnerability exists in ChurchCRM version 2.0.0 to 4.4 ...)
-	TODO: check
+	NOT-FOR-US: ChurchCRM
 CVE-2021-41964
 	RESERVED
 CVE-2021-41963
@@ -60272,9 +60272,9 @@ CVE-2021-34608
 CVE-2021-34607
 	RESERVED
 CVE-2021-34606 (A vulnerability exists in XINJE XD/E Series PLC Program Tool in versio ...)
-	TODO: check
+	NOT-FOR-US: XINJE PLC Program Tool
 CVE-2021-34605 (A zip slip vulnerability in XINJE XD/E Series PLC Program Tool up to v ...)
-	TODO: check
+	NOT-FOR-US: XINJE PLC Program Tool
 CVE-2021-34604
 	RESERVED
 CVE-2021-34603
@@ -64196,7 +64196,7 @@ CVE-2021-33011 (All versions of the afffected TOYOPUC-PC10 Series,TOYOPUC-Plus S
 CVE-2021-33010 (An exception is thrown from a function in AVEVA System Platform versio ...)
 	NOT-FOR-US: AVEVA
 CVE-2021-33009 (mySCADA myPRO versions prior to 8.20.0 allows an unauthenticated remot ...)
-	TODO: check
+	NOT-FOR-US: mySCADA myPRO
 CVE-2021-33008 (AVEVA System Platform versions 2017 through 2020 R2 P01 does not perfo ...)
 	NOT-FOR-US: AVEVA
 CVE-2021-33007 (A heap-based buffer overflow in Delta Electronics TPEditor: v1.98.06 a ...)
@@ -64204,7 +64204,7 @@ CVE-2021-33007 (A heap-based buffer overflow in Delta Electronics TPEditor: v1.9
 CVE-2021-33006
 	RESERVED
 CVE-2021-33005 (mySCADA myPRO versions prior to 8.20.0 allows an unauthenticated remot ...)
-	TODO: check
+	NOT-FOR-US: mySCADA myPRO
 CVE-2021-33004 (The affected product is vulnerable to memory corruption condition due  ...)
 	NOT-FOR-US: WebAccess HMI Designer
 CVE-2021-33003 (Delta Electronics DIAEnergie Version 1.7.5 and prior may allow an atta ...)
@@ -78629,7 +78629,7 @@ CVE-2021-27507
 CVE-2021-27506 (The ClamAV Engine (version 0.103.1 and below) component embedded in St ...)
 	NOT-FOR-US: Stormshield Network Security (SNS)
 CVE-2021-27505 (mySCADA myPRO versions prior to 8.20.0 does not restrict unauthorized  ...)
-	TODO: check
+	NOT-FOR-US: mySCADA myPRO
 CVE-2021-27504
 	RESERVED
 CVE-2021-27503 (Ypsomed mylife Cloud, mylife Mobile Application, Ypsomed mylife Cloud: ...)
@@ -78639,11 +78639,11 @@ CVE-2021-27502
 CVE-2021-27501 (Philips Vue PACS versions 12.2.x.x and prior does not follow certain c ...)
 	NOT-FOR-US: Philips Vue PACS
 CVE-2021-27500 (A specifically crafted packet sent by an attacker to EIPStackGroup OpE ...)
-	TODO: check
+	NOT-FOR-US: EIP Stack Group OpENer
 CVE-2021-27499 (Ypsomed mylife Cloud, mylife Mobile Application, Ypsomed mylife Cloud: ...)
 	NOT-FOR-US: Ypsomed
 CVE-2021-27498 (A specifically crafted packet sent by an attacker to EIPStackGroup OpE ...)
-	TODO: check
+	NOT-FOR-US: EIP Stack Group OpENer
 CVE-2021-27497 (Philips Vue PACS versions 12.2.x.x and prior does not use or incorrect ...)
 	NOT-FOR-US: Philips Vue PACS
 CVE-2021-27496 (Datakit Software libraries CatiaV5_3dRead, CatiaV6_3dRead, Step3dRead, ...)
@@ -78675,7 +78675,7 @@ CVE-2021-27484
 CVE-2021-27483 (ZOLL Defibrillator Dashboard, v prior to 2.2,The affected products con ...)
 	NOT-FOR-US: ZOLL Defibrillator Dashboard
 CVE-2021-27482 (A specifically crafted packet sent by an attacker to EIPStackGroup OpE ...)
-	TODO: check
+	NOT-FOR-US: EIP Stack Group OpENer
 CVE-2021-27481 (ZOLL Defibrillator Dashboard, v prior to 2.2, The affected products ut ...)
 	NOT-FOR-US: ZOLL Defibrillator Dashboard
 CVE-2021-27480 (Delta Industrial Automation COMMGR Versions 1.12 and prior are vulnera ...)
@@ -78683,7 +78683,7 @@ CVE-2021-27480 (Delta Industrial Automation COMMGR Versions 1.12 and prior are v
 CVE-2021-27479 (ZOLL Defibrillator Dashboard, v prior to 2.2,The affected product&#821 ...)
 	NOT-FOR-US: ZOLL Defibrillator Dashboard
 CVE-2021-27478 (A specifically crafted packet sent by an attacker to EIPStackGroup OpE ...)
-	TODO: check
+	NOT-FOR-US: EIP Stack Group OpENer
 CVE-2021-27477 (When JTEKT Corporation TOYOPUC PLC versions PC10G-CPU, 2PORT-EFR, Plus ...)
 	NOT-FOR-US: JTEKT
 CVE-2021-27476 (A vulnerability exists in the SaveConfigFile function of the RACompare ...)
@@ -91252,7 +91252,7 @@ CVE-2021-22277 (Improper Input Validation vulnerability in ABB 800xA, Control So
 CVE-2021-22276 (The vulnerability allows a successful attacker to bypass the integrity ...)
 	NOT-FOR-US: ABB
 CVE-2021-22275 (Buffer Overflow vulnerability in B&R Automation Runtime webserver  ...)
-	TODO: check
+	NOT-FOR-US: B&R Automation Runtime
 CVE-2021-22274
 	RESERVED
 CVE-2021-22273
@@ -121125,7 +121125,7 @@ CVE-2020-22985 (Cross-Site Scripting (XSS) vulnerability in MicroStrategy Web SD
 CVE-2020-22984 (Cross-Site Scripting (XSS) vulnerability in MicroStrategy Web SDK 10.1 ...)
 	NOT-FOR-US: Microstrategy Web
 CVE-2020-22983 (A Server-Side Request Forgery (SSRF) vulnerability exists in MicroStra ...)
-	TODO: check
+	NOT-FOR-US: Microstrategy Web
 CVE-2020-22982
 	RESERVED
 CVE-2020-22981



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5d09405a330c30cd890f6162a8a707351125d03c

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5d09405a330c30cd890f6162a8a707351125d03c
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220516/532ac847/attachment.htm>

More information about the debian-security-tracker-commits mailing list