[Git][security-tracker-team/security-tracker][master] Process some NFUs

[Neil Williams (@codehelp)]

Neil Williams pushed to branch master at Debian Security Tracker / security-tracker


Commits:
43dfae96 by Neil Williams at 2022-05-25T15:54:43+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1594,7 +1594,7 @@ CVE-2022-1784 (Server-Side Request Forgery (SSRF) in GitHub repository jgraph/dr
 CVE-2022-1783
 	RESERVED
 CVE-2022-1782 (Cross-site Scripting (XSS) - Generic in GitHub repository erudika/para ...)
-	TODO: check
+	NOT-FOR-US: erudika/para
 CVE-2022-1781
 	RESERVED
 CVE-2022-1780
@@ -5078,7 +5078,7 @@ CVE-2022-29802
 CVE-2022-1468 (On all versions of 17.0.x, 16.1.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and ...)
 	NOT-FOR-US: F5 BIG-IP
 CVE-2022-1467 (Windows OS can be configured to overlay a “language bar” o ...)
-	TODO: check
+	NOT-FOR-US: AVEVA
 CVE-2022-1466 (Due to improper authorization, Red Hat Single Sign-On is vulnerable to ...)
 	NOT-FOR-US: Red Hat Single Sign-On / Keycloak
 CVE-2022-29801 (A vulnerability has been identified in Teamcenter V12.4 (All versions  ...)
@@ -13640,7 +13640,7 @@ CVE-2022-25915 (Improper access control vulnerability in ELECOM LAN routers (WRC
 CVE-2022-25905
 	RESERVED
 CVE-2022-0910 (A downgrade from two-factor authentication to one-factor authenticatio ...)
-	TODO: check
+	NOT-FOR-US: Zyxel
 CVE-2022-0909 (Divide By Zero error in tiffcrop in libtiff 4.3.0 allows attackers to  ...)
 	{DSA-5108-1}
 	- tiff 4.3.0-6
@@ -13679,7 +13679,7 @@ CVE-2022-0902
 CVE-2022-0901 (The Ad Inserter Free and Pro WordPress plugins before 2.7.12 do not sa ...)
 	NOT-FOR-US: WordPress plugins
 CVE-2022-0900 (A Stored Cross-Site Scripting (XSS) vulnerability in DivvyDrive's "aci ...)
-	TODO: check
+	NOT-FOR-US: DivvyDrive
 CVE-2022-0899
 	RESERVED
 CVE-2022-0898 (The IgniteUp WordPress plugin through 3.4.1 does not sanitise and esca ...)
@@ -28991,9 +28991,9 @@ CVE-2021-45917 (The server-request receiver function of Shockwall system has an
 CVE-2021-45916 (The programming function of Shockwall system has an improper input val ...)
 	NOT-FOR-US: Shockwall system
 CVE-2021-45915 (In LuxSoft LuxCal Web Calendar before 5.2.0, an unauthenticated attack ...)
-	TODO: check
+	NOT-FOR-US: LuxSoft LuxCal
 CVE-2021-45914 (In LuxSoft LuxCal Web Calendar before 5.2.0, an unauthenticated attack ...)
-	TODO: check
+	NOT-FOR-US: LuxSoft LuxCal
 CVE-2021-4188 (mruby is vulnerable to NULL Pointer Dereference ...)
 	- mruby <not-affected> (Vulnerable code introduced later)
 	NOTE: https://huntr.dev/bounties/78533fb9-f3e0-47c2-86dc-d1f96d5bea28
@@ -41344,11 +41344,11 @@ CVE-2021-42658
 CVE-2021-42657
 	RESERVED
 CVE-2021-42656 (SiteServer CMS V6.15.51 is affected by a Cross Site Scripting (XSS) vu ...)
-	TODO: check
+	NOT-FOR-US: SiteServer CMS
 CVE-2021-42655 (SiteServer CMS V6.15.51 is affected by a SQL injection vulnerability. ...)
-	TODO: check
+	NOT-FOR-US: SiteServer CMS
 CVE-2021-42654 (SiteServer CMS < V5.1 is affected by an unrestricted upload of a fi ...)
-	TODO: check
+	NOT-FOR-US: SiteServer CMS
 CVE-2021-42653
 	RESERVED
 CVE-2021-42652



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/43dfae96fe5ed6704331994d00187e4584d47e73

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/43dfae96fe5ed6704331994d00187e4584d47e73
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220525/30b85734/attachment.htm>