[Git][security-tracker-team/security-tracker][master] Process several NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri Oct 21 10:47:25 BST 2022 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
a5b6a70b by Salvatore Bonaccorso at 2022-10-21T11:46:55+02:00
Process several NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -29246,7 +29246,7 @@ CVE-2022-32178
 CVE-2022-32177 (In "Gin-Vue-Admin", versions v2.5.1 through v2.5.3beta are vulnerable  ...)
 	NOT-FOR-US: Gin-Vue-Admin
 CVE-2022-32176 (In "Gin-Vue-Admin", versions v2.5.1 through v2.5.3b are vulnerable to  ...)
-	TODO: check
+	NOT-FOR-US: Gin-Vue-Admin
 CVE-2022-32175 (In AdGuardHome, versions v0.95 through v0.108.0-b.13 are vulnerable to ...)
 	NOT-FOR-US: AdGuardHome
 CVE-2022-32174 (In Gogs, versions v0.6.5 through v0.12.10 are vulnerable to Stored Cro ...)
@@ -32283,7 +32283,7 @@ CVE-2022-31124 (openssh_key_parser is an open source Python package providing ut
 CVE-2022-31123 (Grafana is an open source observability and data visualization platfor ...)
 	- grafana <removed>
 CVE-2022-31122 (Wire is an encrypted communication and collaboration platform. Version ...)
-	TODO: check
+	NOT-FOR-US: wire-webapp
 CVE-2022-31121 (Hyperledger Fabric is a permissioned distributed ledger framework. In  ...)
 	NOT-FOR-US: Hyperledger Fabric
 CVE-2022-31120 (Nextcloud server is an open source personal cloud solution. The audit  ...)
@@ -91038,7 +91038,7 @@ CVE-2021-36203 (The affected product may allow an attacker to identify and forge
 CVE-2021-36202 (Server-Side Request Forgery (SSRF) vulnerability in Johnson Controls M ...)
 	NOT-FOR-US: Johnson Controls Metasys
 CVE-2021-36201 (Under certain circumstances a CCURE Portal user could enumerate user a ...)
-	TODO: check
+	NOT-FOR-US: CCURE
 CVE-2021-36200 (Under certain circumstances an unauthenticated user could access the t ...)
 	NOT-FOR-US: Johnson Controls
 CVE-2021-36199 (Running a vulnerability scanner against VideoEdge NVRs can cause some  ...)
@@ -93478,7 +93478,7 @@ CVE-2021-35228 (This vulnerability occurred due to missing input sanitization fo
 CVE-2021-35227 (The HTTP interface was enabled for RabbitMQ Plugin in ARM 2020.2.6 and ...)
 	NOT-FOR-US: Solarwinds
 CVE-2021-35226 (An entity in Network Configuration Manager product is misconfigured an ...)
-	TODO: check
+	NOT-FOR-US: Solarwinds
 CVE-2021-35225 (Each authenticated Orion Platform user in a MSP (Managed Service Provi ...)
 	NOT-FOR-US: Solarwinds
 CVE-2021-35224
@@ -113550,7 +113550,7 @@ CVE-2021-27408 (The affected product is vulnerable to an out-of-bounds read, whi
 CVE-2021-27407
 	RESERVED
 CVE-2021-27406 (An attacker can take leverage on PerFact OpenVPN-Client versions 1.4.1 ...)
-	TODO: check
+	NOT-FOR-US: PerFact
 CVE-2021-27405 (A ReDoS (regular expression denial of service) flaw was found in the @ ...)
 	NOT-FOR-US: Node scrapbox-parser
 CVE-2021-27404 (Askey RTF8115VW BR_SV_g11.11_RTF_TEF001_V6.54_V014 devices allow injec ...)
@@ -116456,7 +116456,7 @@ CVE-2021-3307
 CVE-2021-3306
 	RESERVED
 CVE-2021-3305 (Beijing Feishu Technology Co., Ltd Feishu v3.40.3 was discovered to co ...)
-	TODO: check
+	NOT-FOR-US: Beijing Feishu Technology Co., Ltd Feishu
 CVE-2021-3304 (Sagemcom F at ST 3686 v2 3.495 devices have a buffer overflow via a long  ...)
 	NOT-FOR-US: Sagemcom
 CVE-2021-3303
@@ -125131,7 +125131,7 @@ CVE-2021-3020 (An issue was discovered in ClusterLabs Hawk (aka HA Web Konsole)
 	- hawk <itp> (bug #634344)
 	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1180571 (private)
 CVE-2021-22685 (An attacker may be able to use minify route with a relative path to vi ...)
-	TODO: check
+	NOT-FOR-US: Cassia Networks Access Controller
 CVE-2021-22684 (Tizen RT RTOS version 3.0.GBB is vulnerable to integer wrap-around in  ...)
 	NOT-FOR-US: Tizen RT RTOS
 CVE-2021-22683 (Fatek FvDesigner Version 1.5.76 and prior is vulnerable to an out-of-b ...)
@@ -141585,7 +141585,7 @@ CVE-2021-0701
 CVE-2021-0700
 	RESERVED
 CVE-2021-0699 (In HTBLogKM of TBD, there is a possible out of bounds write due to a m ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2021-0698 (In PVRSRVBridgeHeapCfgHeapDetails, there is a possible leak of kernel  ...)
 	NOT-FOR-US: Android
 CVE-2021-0697 (In PVRSRVRGXSubmitTransferKM of rgxtransfer.c, there is a possible use ...)
@@ -191127,13 +191127,13 @@ CVE-2020-8978
 CVE-2020-8977
 	RESERVED
 CVE-2020-8976 (The integrated server of the ZGR TPS200 NG on its 2.00 firmware versio ...)
-	TODO: check
+	NOT-FOR-US: ZGR TPS200 NG
 CVE-2020-8975 (ZGR TPS200 NG in its 2.00 firmware version and 1.01 hardware version,  ...)
-	TODO: check
+	NOT-FOR-US: ZGR TPS200 NG
 CVE-2020-8974 (In ZGR TPS200 NG 2.00 firmware version and 1.01 hardware version, the  ...)
-	TODO: check
+	NOT-FOR-US: ZGR TPS200 NG
 CVE-2020-8973 (ZGR TPS200 NG in its 2.00 firmware version and 1.01 hardware version,  ...)
-	TODO: check
+	NOT-FOR-US: ZGR TPS200 NG
 CVE-2020-8972
 	RESERVED
 CVE-2020-8971
@@ -227703,7 +227703,7 @@ CVE-2019-14843 (A flaw was found in Wildfly Security Manager, running under JDK
 CVE-2019-14841 (A flaw was found in the RHDM, where an authenticated attacker can chan ...)
 	NOT-FOR-US: Red Hat Decision Manager
 CVE-2019-14840 (A flaw was found in the RHDM, where sensitive HTML form fields like Pa ...)
-	TODO: check
+	NOT-FOR-US: Red Hat Decision Manager
 CVE-2019-14839 (It was observed that while login into Business-central console, HTTP r ...)
 	NOT-FOR-US: Red Hat / JBoss BPMS Business-central console
 CVE-2019-14838 (A flaw was found in wildfly-core before 7.2.5.GA. The Management users ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a5b6a70bbf38f22da20c3cfd3580bbabeedafbd3

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a5b6a70bbf38f22da20c3cfd3580bbabeedafbd3
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221021/85fe0353/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list