[Git][security-tracker-team/security-tracker][master] Process some NFUs

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
048fb394 by Salvatore Bonaccorso at 2022-10-24T22:36:30+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -150,7 +150,7 @@ CVE-2022-3678
 CVE-2022-3677
 	RESERVED
 CVE-2022-3676 (In Eclipse Openj9 before version 0.35.0, interface calls can be inline ...)
-	TODO: check
+	NOT-FOR-US: Eclipse Openj9
 CVE-2022-3675
 	RESERVED
 CVE-2022-3674
@@ -180,7 +180,7 @@ CVE-2022-3663
 CVE-2022-3662
 	RESERVED
 CVE-2021-46850 (myVesta Control Panel before 0.9.8-26-43 and Vesta Control Panel befor ...)
-	TODO: check
+	NOT-FOR-US: myVesta Control Panel
 CVE-2021-46849 (pikepdf before 2.10.0 allows an XXE attack against PDF XMP metadata pa ...)
 	TODO: check
 CVE-2021-46848 (GNU Libtasn1 before 4.19.0 has an ETYPE_OK off-by-one array size check ...)
@@ -2651,7 +2651,7 @@ CVE-2022-42737
 CVE-2022-42736
 	RESERVED
 CVE-2022-41797 (Improper authorization in handler for custom URL scheme vulnerability  ...)
-	TODO: check
+	NOT-FOR-US: Lemon8 App
 CVE-2022-3451
 	RESERVED
 CVE-2022-3450
@@ -3321,7 +3321,7 @@ CVE-2022-42001
 CVE-2022-42000
 	RESERVED
 CVE-2022-41986 (Information disclosure vulnerability in Android App 'IIJ SmartKey' ver ...)
-	TODO: check
+	NOT-FOR-US: Android App 'IIJ SmartKey'
 CVE-2022-41814
 	RESERVED
 CVE-2022-41796 (Untrusted search path vulnerability in the installer of Content Transf ...)
@@ -4731,7 +4731,7 @@ CVE-2022-41803
 CVE-2022-41801
 	RESERVED
 CVE-2022-41799 (Improper access control vulnerability in GROWI prior to v5.1.4 (v5 ser ...)
-	TODO: check
+	NOT-FOR-US: GROWI
 CVE-2022-41782
 	RESERVED
 CVE-2022-41771
@@ -5418,7 +5418,7 @@ CVE-2022-41556 (A resource leak in gw_backend.c in lighttpd 1.4.56 through 1.4.6
 	NOTE: Introduced by: https://github.com/lighttpd/lighttpd1.4/commit/bcddbe186f010e2964f7551141c0b8350b36817d (lighttpd-1.4.56-rc1)
 	NOTE: Fixed by: https://github.com/lighttpd/lighttpd1.4/commit/b18de6f9264f914f7bf493abd3b6059343548e50 (lighttpd-1.4.67)
 CVE-2022-40690 (Cross-site scripting vulnerability in BookStack versions prior to v22. ...)
-	TODO: check
+	NOT-FOR-US: BookStack
 CVE-2022-3322
 	RESERVED
 CVE-2022-3321
@@ -5943,7 +5943,7 @@ CVE-2022-41344
 	RESERVED
 	NOT-FOR-US: Mediawiki extension PageTriage
 CVE-2022-40984 (Stack-based buffer overflow in WTViewerE series WTViewerE 761941 from  ...)
-	TODO: check
+	NOT-FOR-US: WTViewerE
 CVE-2022-3299 (A vulnerability was found in Open5GS up to 2.4.10. It has been declare ...)
 	NOT-FOR-US: Open5GS
 CVE-2022-3298 (Allocation of Resources Without Limits or Throttling in GitHub reposit ...)
@@ -5955,7 +5955,7 @@ CVE-2022-41343 (registerFont in FontMetrics.php in Dompdf before 2.0.1 allows re
 	NOTE: https://github.com/dompdf/dompdf/releases/tag/v2.0.1
 	NOTE: https://tantosec.com/blog/cve-2022-41343/
 CVE-2022-36368 (Multiple stored cross-site scripting vulnerabilities in the web user i ...)
-	TODO: check
+	NOT-FOR-US: IPFire
 CVE-2022-41340 (The secp256k1-js package before 1.1.0 for Node.js implements ECDSA wit ...)
 	NOT-FOR-US: Node secp256k1-js
 CVE-2022-41339
@@ -10721,7 +10721,7 @@ CVE-2022-39316
 CVE-2022-39315
 	RESERVED
 CVE-2022-39314 (Kirby is a flat-file CMS. In versions prior to 3.5.8.2, 3.6.6.2, 3.7.5 ...)
-	TODO: check
+	NOT-FOR-US: Kirby CMS
 CVE-2022-39313 (Parse Server is an open source backend that can be deployed to any inf ...)
 	TODO: check
 CVE-2022-39312
@@ -10739,7 +10739,7 @@ CVE-2022-39307
 CVE-2022-39306
 	RESERVED
 CVE-2022-39305 (Gin-vue-admin is a backstage management system based on vue and gin, w ...)
-	TODO: check
+	NOT-FOR-US: Gin-vue-admin
 CVE-2022-39304
 	RESERVED
 CVE-2022-39303 (Ree6 is a moderation bot. This vulnerability allows manipulation of SQ ...)
@@ -14400,7 +14400,7 @@ CVE-2022-38119
 CVE-2022-38118 (OAKlouds Portal website’s Meeting Room has insufficient validati ...)
 	NOT-FOR-US: OAKlouds
 CVE-2022-38117 (Juiker app hard-coded its AES key in the source code. A physical attac ...)
-	TODO: check
+	NOT-FOR-US: Juiker app
 CVE-2022-38116 (Le-yan Personnel and Salary Management System has hard-coded database  ...)
 	NOT-FOR-US: Le-yan Personnel and Salary Management System
 CVE-2022-38103
@@ -34423,17 +34423,17 @@ CVE-2022-1706 (A vulnerability was found in Ignition where ignition configs are
 	NOTE: https://github.com/coreos/ignition/issues/1300
 	NOTE: https://github.com/coreos/ignition/pull/1350
 CVE-2021-46279 (Session fixation and insufficient session expiration vulnerabilities a ...)
-	TODO: check
+	NOT-FOR-US: Lanner Inc IAC-AST2500A standard firmware
 CVE-2021-45925 (Observable discrepancies in the login process allow an attacker to gue ...)
-	TODO: check
+	NOT-FOR-US: Lanner Inc IAC-AST2500A standard firmware
 CVE-2021-44776 (A broken access control vulnerability in the SubNet_handler_func funct ...)
-	TODO: check
+	NOT-FOR-US: Lanner Inc IAC-AST2500A standard firmware
 CVE-2021-44769 (An improper input validation vulnerability in the TLS certificate gene ...)
-	TODO: check
+	NOT-FOR-US: Lanner Inc IAC-AST2500A standard firmware
 CVE-2021-44467 (A broken access control vulnerability in the KillDupUsr_func function  ...)
-	TODO: check
+	NOT-FOR-US: Lanner Inc IAC-AST2500A standard firmware
 CVE-2021-4228 (Use of hard-coded TLS certificate by default allows an attacker to per ...)
-	TODO: check
+	NOT-FOR-US: Lanner Inc IAC-AST2500A standard firmware
 CVE-2022-30689 (HashiCorp Vault and Vault Enterprise from 1.10.0 to 1.10.2 did not cor ...)
 	NOT-FOR-US: HashiCorp Vault
 CVE-2022-30688 (needrestart 0.8 through 3.5 before 3.6 is prone to local privilege esc ...)
@@ -116045,19 +116045,19 @@ CVE-2021-26735
 CVE-2021-26734
 	RESERVED
 CVE-2021-26733 (A broken access control vulnerability in the FirstReset_handler_func f ...)
-	TODO: check
+	NOT-FOR-US: Lanner Inc IAC-AST2500A standard firmware
 CVE-2021-26732 (A broken access control vulnerability in the First_network_func functi ...)
-	TODO: check
+	NOT-FOR-US: Lanner Inc IAC-AST2500A standard firmware
 CVE-2021-26731 (Command injection and multiple stack-based buffer overflows vulnerabil ...)
-	TODO: check
+	NOT-FOR-US: Lanner Inc IAC-AST2500A standard firmware
 CVE-2021-26730 (A stack-based buffer overflow vulnerability in a subfunction of the Lo ...)
-	TODO: check
+	NOT-FOR-US: Lanner Inc IAC-AST2500A standard firmware
 CVE-2021-26729 (Command injection and multiple stack-based buffer overflows vulnerabil ...)
-	TODO: check
+	NOT-FOR-US: Lanner Inc IAC-AST2500A standard firmware
 CVE-2021-26728 (Command injection and stack-based buffer overflow vulnerabilities in t ...)
-	TODO: check
+	NOT-FOR-US: Lanner Inc IAC-AST2500A standard firmware
 CVE-2021-26727 (Multiple command injections and stack-based buffer overflows vulnerabi ...)
-	TODO: check
+	NOT-FOR-US: Lanner Inc IAC-AST2500A standard firmware
 CVE-2021-26726 (A remote code execution vulnerability affecting a Valmet DNA service l ...)
 	NOT-FOR-US: Valmet
 CVE-2021-26725 (Path Traversal vulnerability when changing timezone using web GUI of N ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/048fb3943b662d7026a573a943cb3998bb6e8aec

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/048fb3943b662d7026a573a943cb3998bb6e8aec
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221024/b37a87dc/attachment.htm>