[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) jmm at debian.org
Mon Nov 21 13:05:36 GMT 2022 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
c71feb9f by Moritz Muehlenhoff at 2022-11-21T14:03:38+01:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -48655,7 +48655,7 @@ CVE-2022-26341 (Insufficiently protected credentials in software in Intel(R) AMT
 CVE-2022-26079 (Improper conditions check in some Intel(R) XMM(TM) 7560 Modem software ...)
 	NOT-FOR-US: Intel
 CVE-2022-26047 (Improper input validation for some Intel(R) PROSet/Wireless WiFi, Inte ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2022-26045 (Improper buffer restrictions in some Intel(R) XMM(TM) 7560 Modem softw ...)
 	NOT-FOR-US: Intel
 CVE-2022-25868
@@ -96044,7 +96044,7 @@ CVE-2021-37938 (It was discovered that on Windows operating systems specifically
 CVE-2021-37937
 	RESERVED
 CVE-2021-37936 (It was discovered that Kibana was not sanitizing document fields conta ...)
-	TODO: check
+	- kibana <itp> (bug #700337)
 CVE-2021-37935 (An information disclosure vulnerability in the login page of Huntflow  ...)
 	NOT-FOR-US: Huntflow Enterprise
 CVE-2021-37934 (Due to insufficient server-side login-attempt limit enforcement, a vul ...)
@@ -98494,7 +98494,7 @@ CVE-2021-36907
 CVE-2021-36906 (Multiple Insecure Direct Object References (IDOR) vulnerabilities in E ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2021-36905 (Multiple Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulner ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-36904
 	RESERVED
 CVE-2021-36903
@@ -105682,7 +105682,7 @@ CVE-2021-33899
 CVE-2021-33898 (In Invoice Ninja before 4.4.0, there is an unsafe call to unserialize( ...)
 	NOT-FOR-US: Invoice Ninja
 CVE-2021-33897 (A buffer overflow in Synthesia before 10.7.5567, when a non-Latin loca ...)
-	TODO: check
+	NOT-FOR-US: Synthesia
 CVE-2021-33896 (Dino before 0.1.2 and 0.2.x before 0.2.1 allows Directory Traversal (o ...)
 	- dino-im 0.2.0-3
 	[buster] - dino-im <no-dsa> (Minor issue)
@@ -111565,7 +111565,7 @@ CVE-2021-31741
 CVE-2021-31740
 	RESERVED
 CVE-2021-31739 (The SEPPmail solution is vulnerable to a Cross-Site Scripting vulnerab ...)
-	TODO: check
+	NOT-FOR-US: SEPPmail
 CVE-2021-31738 (Adiscon LogAnalyzer 4.1.10 and 4.1.11 allow login.php XSS. ...)
 	NOT-FOR-US: Adiscon LogAnalyzer
 CVE-2021-31737 (emlog v5.3.1 and emlog v6.0.0 have a Remote Code Execution vulnerabili ...)
@@ -111835,7 +111835,7 @@ CVE-2021-31610 (The Bluetooth Classic implementation on AB32VG1 devices does not
 CVE-2021-31609 (The Bluetooth Classic implementation in Silicon Labs iWRAP 6.3.0 and e ...)
 	NOT-FOR-US: Silicon Labs Bluetooth
 CVE-2021-31608 (Proofpoint Enterprise Protection before 18.8.0 allows a Bypass of a Se ...)
-	TODO: check
+	NOT-FOR-US: Proofpoint Enterprise Protection
 CVE-2021-31607 (In SaltStack Salt 2016.9 through 3002.6, a command injection vulnerabi ...)
 	{DLA-2815-1}
 	- salt 3002.6+dfsg1-2 (bug #987496)
@@ -125183,11 +125183,11 @@ CVE-2021-26395
 CVE-2021-26394
 	RESERVED
 CVE-2021-26393 (Insufficient memory cleanup in the AMD Secure Processor (ASP) Trusted  ...)
-	TODO: check
+	NOT-FOR-US: AMD
 CVE-2021-26392 (Insufficient verification of missing size check in 'LoadModule' may le ...)
-	TODO: check
+	NOT-FOR-US: AMD
 CVE-2021-26391 (Insufficient verification of multiple header signatures while loading  ...)
-	TODO: check
+	NOT-FOR-US: AMD
 CVE-2021-26390 (A malicious or compromised UApp or ABL may coerce the bootloader into  ...)
 	NOT-FOR-US: AMD
 CVE-2021-26389
@@ -125249,7 +125249,7 @@ CVE-2021-26362 (A malicious or compromised UApp or ABL may be used by an attacke
 CVE-2021-26361 (A malicious or compromised User Application (UApp) or AGESA Boot Loade ...)
 	NOT-FOR-US: AMD
 CVE-2021-26360 (An attacker with local access to the system can make unauthorized modi ...)
-	TODO: check
+	NOT-FOR-US: AMD
 CVE-2021-26359
 	RESERVED
 CVE-2021-26358
@@ -180482,7 +180482,7 @@ CVE-2020-15855 (Two cross-site scripting vulnerabilities were fixed in Bodhi 5.6
 CVE-2020-15854
 	RESERVED
 CVE-2020-15853 (supybot-fedora implements the command 'refresh', that refreshes the ca ...)
-	TODO: check
+	NOT-FOR-US: supybot-fedora
 CVE-2020-XXXX [mpv insecure lua loadpath]
 	- mpv 0.32.0-2 (bug #950816)
 	[buster] - mpv <no-dsa> (Minor issue)
@@ -188487,9 +188487,9 @@ CVE-2020-12933 (A denial of service vulnerability exists in the D3DKMTEscape han
 CVE-2020-12932
 	RESERVED
 CVE-2020-12931 (Improper parameters handling in the AMD Secure Processor (ASP) kernel  ...)
-	TODO: check
+	NOT-FOR-US: AMD
 CVE-2020-12930 (Improper parameters handling in AMD Secure Processor (ASP) drivers may ...)
-	TODO: check
+	NOT-FOR-US: AMD
 CVE-2020-12929 (Improper parameters validation in some trusted applications of the PSP ...)
 	NOT-FOR-US: AMD
 CVE-2020-12928 (A vulnerability in a dynamically loaded AMD driver in AMD Ryzen Master ...)
@@ -189622,9 +189622,9 @@ CVE-2020-12510 (The default installation path of the TwinCAT XAR 3.1 software in
 CVE-2020-12509 (In s::can moni::tools in versions below 4.2 an unauthenticated attacke ...)
 	NOT-FOR-US: s::can moni::tools
 CVE-2020-12508 (In s::can moni::tools in versions below 4.2 an unauthenticated attacke ...)
-	TODO: check
+	NOT-FOR-US: s::can moni::tools
 CVE-2020-12507 (In s::can moni::tools before version 4.2 an authenticated attacker cou ...)
-	TODO: check
+	NOT-FOR-US: s::can moni::tools
 CVE-2020-12506 (Improper Authentication vulnerability in WAGO 750-8XX series with FW v ...)
 	NOT-FOR-US: WAGO
 CVE-2020-12505 (Improper Authentication vulnerability in WAGO 750-8XX series with FW v ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c71feb9f08619bc73b1e87409d8c4d3e68d2dc16

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c71feb9f08619bc73b1e87409d8c4d3e68d2dc16
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221121/e5f21900/attachment.htm>

More information about the debian-security-tracker-commits mailing list