[Git][security-tracker-team/security-tracker][master] Process some NFUs

Neil Williams (@codehelp) codehelp at debian.org
Wed May 18 10:05:35 BST 2022 


Neil Williams pushed to branch master at Debian Security Tracker / security-tracker


Commits:
d73ed1a3 by Neil Williams at 2022-05-18T10:04:58+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -15,7 +15,7 @@ CVE-2022-1772
 CVE-2022-1771
 	RESERVED
 CVE-2019-25061 (The random_password_generator (aka RandomPasswordGenerator) gem throug ...)
-	TODO: check
+	NOT-FOR-US: bvsatyaram/random_password_generator
 CVE-2022-30973
 	RESERVED
 CVE-2022-1770
@@ -10686,7 +10686,7 @@ CVE-2022-0998 (An integer overflow flaw was found in the Linux kernel’s vi
 	NOTE: https://git.kernel.org/linus/3ed21c1451a14d139e1ceb18f2fa70865ce3195a (5.16-rc6)
 	NOTE: CONFIG_VHOST_VDPA not set in Debian
 CVE-2022-0997 (Improper file permissions in the CommandPost, Collector, and Sensor co ...)
-	TODO: check
+	NOT-FOR-US: Fidelis
 CVE-2022-0996 (A vulnerability was found in the 389 Directory Server that allows expi ...)
 	- 389-ds-base 2.0.15-1
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2064769
@@ -38830,7 +38830,7 @@ CVE-2021-42945 (A SQL Injection vulnerability exists in ZZCMS 2021 via the askbi
 CVE-2021-42944
 	RESERVED
 CVE-2021-42943 (Stored cross-site scripting (XSS) in admin/usermanager.php over IPPlan ...)
-	TODO: check
+	- ipplan <removed>
 CVE-2021-42942
 	RESERVED
 CVE-2021-42941
@@ -38929,7 +38929,7 @@ CVE-2021-42899
 CVE-2021-42898
 	RESERVED
 CVE-2021-42897 (A remote command execution (RCE) vulnerability was found in FeMiner wm ...)
-	TODO: check
+	NOT-FOR-US: FeMiner/wms
 CVE-2021-42896
 	RESERVED
 CVE-2021-42895
@@ -38983,7 +38983,7 @@ CVE-2021-42872
 CVE-2021-42871
 	RESERVED
 CVE-2021-42870 (ACCEL-PPP 1.12.0 has an out-of-bounds read in post_msg when processing ...)
-	TODO: check
+	NOT-FOR-US: accel-ppp
 CVE-2021-42869 (A Cross Site Scripting (XSS) vulnerability exists in Chikista Patient  ...)
 	NOT-FOR-US: Chikista Patient Management Software
 CVE-2021-42868 (A Cross Site Scripting (XSS) vulnerability exists in Chikista Patient  ...)
@@ -39565,9 +39565,9 @@ CVE-2021-42646 (XML External Entity (XXE) vulnerability in the file based servic
 CVE-2021-42645 (CMSimple_XH 1.7.4 is affected by a remote code execution (RCE) vulnera ...)
 	NOT-FOR-US: CMSimple
 CVE-2021-42644 (cmseasy V7.7.5_20211012 is affected by an arbitrary file read vulnerab ...)
-	TODO: check
+	NOT-FOR-US: CmsEasy
 CVE-2021-42643 (cmseasy V7.7.5_20211012 is affected by an arbitrary file write vulnera ...)
-	TODO: check
+	NOT-FOR-US: CmsEasy
 CVE-2021-42642 (PrinterLogic Web Stack versions 19.1.1.13 SP9 and below are vulnerable ...)
 	NOT-FOR-US: PrinterLogic Web Stack
 CVE-2021-42641 (PrinterLogic Web Stack versions 19.1.1.13 SP9 and below are vulnerable ...)
@@ -64601,7 +64601,7 @@ CVE-2021-33026 (The Flask-Caching extension through 1.10.1 for Flask relies on P
 	NOTE: https://github.com/sh4nks/flask-caching/pull/209
 	NOTE: Negligible security impact
 CVE-2021-33025 (xArrow SCADA versions 7.2 and prior permits unvalidated registry keys  ...)
-	TODO: check
+	NOT-FOR-US: xArrow
 CVE-2021-33024 (Philips Vue PACS versions 12.2.x.x and prior transmits or stores authe ...)
 	NOT-FOR-US: Philips Vue PACS
 CVE-2021-33023 (Advantech WebAccess versions 9.02 and prior are vulnerable to a heap-b ...)
@@ -64609,7 +64609,7 @@ CVE-2021-33023 (Advantech WebAccess versions 9.02 and prior are vulnerable to a
 CVE-2021-33022 (Philips Vue PACS versions 12.2.x.x and prior transmits sensitive or se ...)
 	NOT-FOR-US: Philips Vue PACS
 CVE-2021-33021 (xArrow SCADA versions 7.2 and prior is vulnerable to cross-site script ...)
-	TODO: check
+	NOT-FOR-US: xArrow
 CVE-2021-33020 (Philips Vue PACS versions 12.2.x.x and prior uses a cryptographic key  ...)
 	NOT-FOR-US: Philips Vue PACS
 CVE-2021-33019 (A stack-based buffer overflow vulnerability in Delta Electronics DOPSo ...)
@@ -64625,7 +64625,7 @@ CVE-2021-33015 (Cscape (All Versions prior to 9.90 SP5) lacks proper validation
 CVE-2021-33014
 	RESERVED
 CVE-2021-33013 (mySCADA myPRO versions prior to 8.20.0 does not restrict unauthorized  ...)
-	TODO: check
+	NOT-FOR-US: mySCADA myPRO
 CVE-2021-33012 (Rockwell Automation MicroLogix 1100, all versions, allows a remote, un ...)
 	NOT-FOR-US: Rockwell
 CVE-2021-33011 (All versions of the afffected TOYOPUC-PC10 Series,TOYOPUC-Plus Series, ...)
@@ -64649,7 +64649,7 @@ CVE-2021-33003 (Delta Electronics DIAEnergie Version 1.7.5 and prior may allow a
 CVE-2021-33002 (Opening a maliciously crafted project file may cause an out-of-bounds  ...)
 	NOT-FOR-US: WebAccess HMI Designer
 CVE-2021-33001 (xArrow SCADA versions 7.2 and prior is vulnerable to cross-site script ...)
-	TODO: check
+	NOT-FOR-US: xArrow
 CVE-2021-33000 (Parsing a maliciously crafted project file may cause a heap-based buff ...)
 	NOT-FOR-US: WebAccess HMI Designer
 CVE-2021-32999 (Improper handling of exceptional conditions in SuiteLink server while  ...)
@@ -79188,11 +79188,11 @@ CVE-2021-27446 (The Weintek cMT product line is vulnerable to code injection, wh
 CVE-2021-27445 (Mesa Labs AmegaView Versions 3.0 and prior has insecure file permissio ...)
 	NOT-FOR-US: Mesa Labs
 CVE-2021-27444 (The Weintek cMT product line is vulnerable to various improper access  ...)
-	TODO: check
+	NOT-FOR-US: Weintek cMT gateway
 CVE-2021-27443
 	RESERVED
 CVE-2021-27442 (The Weintek cMT product line is vulnerable to a cross-site scripting v ...)
-	TODO: check
+	NOT-FOR-US: Weintek cMT gateway
 CVE-2021-27441
 	RESERVED
 CVE-2021-27440 (The software contains a hard-coded password it uses for its own inboun ...)
@@ -89396,11 +89396,11 @@ CVE-2021-23269
 CVE-2021-23268
 	RESERVED
 CVE-2021-23267 (Improper Control of Dynamically-Managed Code Resources vulnerability i ...)
-	TODO: check
+	NOT-FOR-US: Crafter CMS
 CVE-2021-23266 (An anonymous user can craft a URL with text that ends up in the log vi ...)
-	TODO: check
+	NOT-FOR-US: Crafter CMS
 CVE-2021-23265 (A logged-in and authenticated user with a Reviewer Role may lock a con ...)
-	TODO: check
+	NOT-FOR-US: Crafter CMS
 CVE-2021-23264 (Installations, where crafter-search is not protected, allow unauthenti ...)
 	NOT-FOR-US: Crafter CMS
 CVE-2021-23263 (Unauthenticated remote attackers can read textual content via FreeMark ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d73ed1a33a7a52baf8997be018869b57ee3196bf

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d73ed1a33a7a52baf8997be018869b57ee3196bf
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220518/592a063c/attachment.htm>

More information about the debian-security-tracker-commits mailing list