[Git][security-tracker-team/security-tracker][master] Drop some wokarounded entries which were added due to bugs in the downcoverted CVE JSON v4 feeds

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri Apr 28 22:27:18 BST 2023



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
732dcbe3 by Salvatore Bonaccorso at 2023-04-28T23:26:24+02:00
Drop some wokarounded entries which were added due to bugs in the downcoverted CVE JSON v4 feeds

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -6561,7 +6561,6 @@ CVE-2023-1707
 	RESERVED
 CVE-2023-1706
 	REJECTED
-	NOT-FOR-US: Unused CVE
 CVE-2023-1705
 	RESERVED
 CVE-2023-1704 (Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimco ...)
@@ -6834,7 +6833,6 @@ CVE-2023-1660
 	RESERVED
 CVE-2023-1659
 	REJECTED
-	NOT-FOR-US: rejected CVE
 CVE-2023-1658
 	RESERVED
 CVE-2023-1657
@@ -10161,7 +10159,6 @@ CVE-2023-1272
 	RESERVED
 CVE-2023-1271
 	REJECTED
-	NOT-FOR-US: Duplicated CVE entry
 CVE-2023-1270 (Cross-site Scripting in GitHub repository btcpayserver/btcpayserver pr ...)
 	NOT-FOR-US: btcpayserver
 CVE-2023-1269 (Use of Hard-coded Credentials in GitHub repository alextselegidis/easy ...)
@@ -13968,7 +13965,6 @@ CVE-2023-1016
 	RESERVED
 CVE-2023-1015
 	REJECTED
-	NOT-FOR-US: Rejected CVE
 CVE-2023-1014 (Improper Protection for Outbound Error Messages and Alert Signals vuln ...)
 	NOT-FOR-US: Virames Vira-Investing
 CVE-2023-1013 (Improper Neutralization of Script-Related HTML Tags in a Web Page (Bas ...)
@@ -25120,7 +25116,6 @@ CVE-2023-0116
 	RESERVED
 CVE-2023-0115
 	REJECTED
-	NOT-FOR-US: REJECTED
 CVE-2022-4881 (A vulnerability was found in CapsAdmin PAC3. It has been rated as prob ...)
 	NOT-FOR-US: CapsAdmin PAC3
 CVE-2021-4309 (A vulnerability, which was classified as problematic, has been found i ...)
@@ -30873,7 +30868,6 @@ CVE-2022-4464 (Themify Portfolio Post WordPress plugin before 1.2.1 does not val
 	NOT-FOR-US: WordPress plugin
 CVE-2022-4463
 	REJECTED
-	NOT-FOR-US: Unused CVE
 CVE-2022-4462 (An issue has been discovered in GitLab affecting all versions starting ...)
 	- gitlab <unfixed>
 CVE-2022-4461
@@ -40478,22 +40472,16 @@ CVE-2022-44542 (lesspipe before 2.06 allows attackers to execute code via Perl S
 	NOT-FOR-US: lesspipe (not the same as lesspipe contained in src:less)
 CVE-2022-44541
 	REJECTED
-	NOT-FOR-US: HPE
 CVE-2022-44540
 	REJECTED
-	NOT-FOR-US: HPE
 CVE-2022-44539
 	REJECTED
-	NOT-FOR-US: HPE
 CVE-2022-44538
 	REJECTED
-	NOT-FOR-US: HPE
 CVE-2022-44537
 	REJECTED
-	NOT-FOR-US: HPE
 CVE-2022-44536
 	REJECTED
-	NOT-FOR-US: HPE
 CVE-2022-44535 (A vulnerability in the Aruba EdgeConnect Enterprise Orchestrator web-b ...)
 	NOT-FOR-US: Aruba
 CVE-2022-44534 (A vulnerability in the Aruba EdgeConnect Enterprise Orchestrator web-b ...)
@@ -43859,148 +43847,100 @@ CVE-2022-43831
 	RESERVED
 CVE-2022-43830
 	REJECTED
-	NOT-FOR-US: Atlassian
 CVE-2022-43829
 	REJECTED
-	NOT-FOR-US: Atlassian
 CVE-2022-43828
 	REJECTED
-	NOT-FOR-US: Atlassian
 CVE-2022-43827
 	REJECTED
-	NOT-FOR-US: Atlassian
 CVE-2022-43826
 	REJECTED
-	NOT-FOR-US: Atlassian
 CVE-2022-43825
 	REJECTED
-	NOT-FOR-US: Atlassian
 CVE-2022-43824
 	REJECTED
-	NOT-FOR-US: Atlassian
 CVE-2022-43823
 	REJECTED
-	NOT-FOR-US: Atlassian
 CVE-2022-43822
 	REJECTED
-	NOT-FOR-US: Atlassian
 CVE-2022-43821
 	REJECTED
-	NOT-FOR-US: Atlassian
 CVE-2022-43820
 	REJECTED
-	NOT-FOR-US: Atlassian
 CVE-2022-43819
 	REJECTED
-	NOT-FOR-US: Atlassian
 CVE-2022-43818
 	REJECTED
-	NOT-FOR-US: Atlassian
 CVE-2022-43817
 	REJECTED
-	NOT-FOR-US: Atlassian
 CVE-2022-43816
 	REJECTED
-	NOT-FOR-US: Atlassian
 CVE-2022-43815
 	REJECTED
-	NOT-FOR-US: Atlassian
 CVE-2022-43814
 	REJECTED
-	NOT-FOR-US: Atlassian
 CVE-2022-43813
 	REJECTED
-	NOT-FOR-US: Atlassian
 CVE-2022-43812
 	REJECTED
-	NOT-FOR-US: Atlassian
 CVE-2022-43811
 	REJECTED
-	NOT-FOR-US: Atlassian
 CVE-2022-43810
 	REJECTED
-	NOT-FOR-US: Atlassian
 CVE-2022-43809
 	REJECTED
-	NOT-FOR-US: Atlassian
 CVE-2022-43808
 	REJECTED
-	NOT-FOR-US: Atlassian
 CVE-2022-43807
 	REJECTED
-	NOT-FOR-US: Atlassian
 CVE-2022-43806
 	REJECTED
-	NOT-FOR-US: Atlassian
 CVE-2022-43805
 	REJECTED
-	NOT-FOR-US: Atlassian
 CVE-2022-43804
 	REJECTED
-	NOT-FOR-US: Atlassian
 CVE-2022-43803
 	REJECTED
-	NOT-FOR-US: Atlassian
 CVE-2022-43802
 	REJECTED
-	NOT-FOR-US: Atlassian
 CVE-2022-43801
 	REJECTED
-	NOT-FOR-US: Atlassian
 CVE-2022-43800
 	REJECTED
-	NOT-FOR-US: Atlassian
 CVE-2022-43799
 	REJECTED
-	NOT-FOR-US: Atlassian
 CVE-2022-43798
 	REJECTED
-	NOT-FOR-US: Atlassian
 CVE-2022-43797
 	REJECTED
-	NOT-FOR-US: Atlassian
 CVE-2022-43796
 	REJECTED
-	NOT-FOR-US: Atlassian
 CVE-2022-43795
 	REJECTED
-	NOT-FOR-US: Atlassian
 CVE-2022-43794
 	REJECTED
-	NOT-FOR-US: Atlassian
 CVE-2022-43793
 	REJECTED
-	NOT-FOR-US: Atlassian
 CVE-2022-43792
 	REJECTED
-	NOT-FOR-US: Atlassian
 CVE-2022-43791
 	REJECTED
-	NOT-FOR-US: Atlassian
 CVE-2022-43790
 	REJECTED
-	NOT-FOR-US: Atlassian
 CVE-2022-43789
 	REJECTED
-	NOT-FOR-US: Atlassian
 CVE-2022-43788
 	REJECTED
-	NOT-FOR-US: Atlassian
 CVE-2022-43787
 	REJECTED
-	NOT-FOR-US: Atlassian
 CVE-2022-43786
 	REJECTED
-	NOT-FOR-US: Atlassian
 CVE-2022-43785
 	REJECTED
-	NOT-FOR-US: Atlassian
 CVE-2022-43784
 	REJECTED
-	NOT-FOR-US: Atlassian
 CVE-2022-43783
 	REJECTED
-	NOT-FOR-US: Atlassian
 CVE-2022-43782 (Affected versions of Atlassian Crowd allow an attacker to authenticate ...)
 	NOT-FOR-US: Atlassian
 CVE-2022-43781 (There is a command injection vulnerability using environment variables ...)
@@ -44354,12 +44294,10 @@ CVE-2022-41798 (Session information easily guessable vulnerability exists in Kyo
 	NOT-FOR-US: Kyocera Document Solutions
 CVE-2022-3680
 	REJECTED
-	NOT-FOR-US: REJECTED CVE not correctly downconverted for feed
 CVE-2022-3679 (The Starter Templates by Kadence WP WordPress plugin before 1.2.17 uns ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-3678
 	REJECTED
-	NOT-FOR-US: REJECTED CVE not correctly downconverted for feed
 CVE-2022-3677 (The Advanced Import WordPress plugin before 1.3.8 does not have CSRF c ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-3676 (In Eclipse Openj9 before version 0.35.0, interface calls can be inline ...)
@@ -48599,7 +48537,6 @@ CVE-2022-3405
 	RESERVED
 CVE-2022-3404
 	REJECTED
-	NOT-FOR-US: Unused CVE
 CVE-2022-3403
 	RESERVED
 CVE-2022-3402 (The Log HTTP Requests plugin for WordPress is vulnerable to Stored Cro ...)
@@ -60149,37 +60086,26 @@ CVE-2022-37952 (A reflected cross-site scripting (XSS) vulnerability exists in t
 	NOT-FOR-US: iHistorian Data Display of WorkstationST
 CVE-2022-37951
 	REJECTED
-	NOT-FOR-US: Unused CVE ID
 CVE-2022-37950
 	REJECTED
-	NOT-FOR-US: Unused CVE ID
 CVE-2022-37949
 	REJECTED
-	NOT-FOR-US: Unused CVE ID
 CVE-2022-37948
 	REJECTED
-	NOT-FOR-US: Unused CVE ID
 CVE-2022-37947
 	REJECTED
-	NOT-FOR-US: Unused CVE ID
 CVE-2022-37946
 	REJECTED
-	NOT-FOR-US: Unused CVE ID
 CVE-2022-37945
 	REJECTED
-	NOT-FOR-US: Unused CVE ID
 CVE-2022-37944
 	REJECTED
-	NOT-FOR-US: Unused CVE ID
 CVE-2022-37943
 	REJECTED
-	NOT-FOR-US: Unused CVE ID
 CVE-2022-37942
 	REJECTED
-	NOT-FOR-US: Unused CVE ID
 CVE-2022-37941
 	REJECTED
-	NOT-FOR-US: Unused CVE ID
 CVE-2022-37940 (Potential security vulnerabilities have been identified in the HPE Fle ...)
 	NOT-FOR-US: HPE
 CVE-2022-37939 (A potential security vulnerability has been identified in HPE Superdom ...)
@@ -63185,7 +63111,6 @@ CVE-2022-36828
 	RESERVED
 CVE-2022-36827
 	REJECTED
-	NOT-FOR-US: Atlassian
 CVE-2022-36826
 	RESERVED
 CVE-2022-36825
@@ -63208,7 +63133,6 @@ CVE-2022-36817
 	RESERVED
 CVE-2022-36816
 	REJECTED
-	NOT-FOR-US: Atlassian
 CVE-2022-36815
 	RESERVED
 CVE-2022-36814
@@ -65589,7 +65513,6 @@ CVE-2022-2446
 	RESERVED
 CVE-2022-2445
 	REJECTED
-	NOT-FOR-US: Unvalid CVE
 CVE-2022-2444 (The Visualizer: Tables and Charts Manager for WordPress plugin for Wor ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-2443 (The FreeMind WP Browser plugin for WordPress is vulnerable to Cross-Si ...)
@@ -70271,7 +70194,6 @@ CVE-2022-2177 (Kayrasoft product before version 2 has an unauthenticated SQL Inj
 	NOT-FOR-US: Kayrasoft
 CVE-2022-2176
 	REJECTED
-	NOT-FOR-US: rejected CVE
 CVE-2022-2175 (Buffer Over-read in GitHub repository vim/vim prior to 8.2.)
 	- vim 2:9.0.0135-1 (unimportant)
 	NOTE: https://huntr.dev/bounties/7f0481c2-8b57-4324-b47c-795d1ea67e55
@@ -92730,10 +92652,8 @@ CVE-2022-26426 (In camera isp, there is a possible out of bounds write due to a
 	NOT-FOR-US: MediaTek driver for Android
 CVE-2022-26418
 	REJECTED
-	NOT-FOR-US: Unused ID
 CVE-2022-26416
 	REJECTED
-	NOT-FOR-US: Unused ID
 CVE-2022-26414 (A potential buffer overflow vulnerability was identified in some inter ...)
 	NOT-FOR-US: Zyxel
 CVE-2022-26413 (A command injection vulnerability in the CGI program of Zyxel VMG3312- ...)
@@ -92742,54 +92662,38 @@ CVE-2022-26348 (Command Centre Server is vulnerable to SQL Injection via Windows
 	NOT-FOR-US: gallagher
 CVE-2022-26347
 	REJECTED
-	NOT-FOR-US: Unused ID
 CVE-2022-26339
 	REJECTED
-	NOT-FOR-US: Unused ID
 CVE-2022-26123
 	REJECTED
-	NOT-FOR-US: Unused ID
 CVE-2022-26087
 	REJECTED
-	NOT-FOR-US: Unused ID
 CVE-2022-26078 (Gallagher Controller 6000 is vulnerable to a Denial of Service attack  ...)
 	NOT-FOR-US: Gallagher
 CVE-2022-26058
 	REJECTED
-	NOT-FOR-US: Unused ID
 CVE-2022-26055
 	REJECTED
-	NOT-FOR-US: Unused ID
 CVE-2022-26053
 	REJECTED
-	NOT-FOR-US: Unused ID
 CVE-2022-26039
 	REJECTED
-	NOT-FOR-US: Unused ID
 CVE-2022-26031
 	REJECTED
-	NOT-FOR-US: Unused ID
 CVE-2022-26027
 	REJECTED
-	NOT-FOR-US: Unused ID
 CVE-2022-25997
 	REJECTED
-	NOT-FOR-US: Unused ID
 CVE-2022-25968
 	REJECTED
-	NOT-FOR-US: Unused ID
 CVE-2022-25957
 	REJECTED
-	NOT-FOR-US: Unused ID
 CVE-2022-25920
 	REJECTED
-	NOT-FOR-US: Unused ID
 CVE-2022-25889
 	REJECTED
-	NOT-FOR-US: Unused ID
 CVE-2022-21224
 	REJECTED
-	NOT-FOR-US: Unused ID
 CVE-2022-0864 (The UpdraftPlus WordPress Backup Plugin WordPress plugin before 1.22.9 ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-0863 (The WP SVG Icons WordPress plugin through 3.2.3 does not properly vali ...)
@@ -110951,7 +110855,6 @@ CVE-2021-45033 (A vulnerability has been identified in CP-8000 MASTER MODULE WIT
 	NOT-FOR-US: Siemens
 CVE-2021-45032
 	REJECTED
-	NOT-FOR-US: Rejected CVE
 CVE-2021-45031 (A vulnerability in MEPSAN's USC+ before version 3.0 has a weakness in  ...)
 	NOT-FOR-US: MEPSAN
 CVE-2021-45030
@@ -125797,19 +125700,14 @@ CVE-2021-41011 (LINE client for iOS before 11.15.0 might expose authentication i
 	NOT-FOR-US: LINE client for iOS
 CVE-2021-41010
 	REJECTED
-	NOT-FOR-US: HPE
 CVE-2021-41009
 	REJECTED
-	NOT-FOR-US: HPE
 CVE-2021-41008
 	REJECTED
-	NOT-FOR-US: HPE
 CVE-2021-41007
 	REJECTED
-	NOT-FOR-US: HPE
 CVE-2021-41006
 	REJECTED
-	NOT-FOR-US: HPE
 CVE-2021-41005 (A remote vulnerability was discovered in Aruba Instant On 1930 Switch  ...)
 	NOT-FOR-US: Aruba Instant On
 CVE-2021-41004 (A remote vulnerability was discovered in Aruba Instant On 1930 Switch  ...)
@@ -163501,7 +163399,6 @@ CVE-2021-26266 (cPanel before 92.0.9 allows a Reseller to bypass the suspension
 	NOT-FOR-US: cPanel
 CVE-2021-26246
 	REJECTED
-	NOT-FOR-US: Unused CVE ID
 CVE-2021-26245
 	RESERVED
 CVE-2021-26244
@@ -163793,18 +163690,14 @@ CVE-2021-26124
 	RESERVED
 CVE-2021-23232
 	REJECTED
-	NOT-FOR-US: Unused CVE ID
 CVE-2021-23230 (A SQL Injection vulnerability in the OPCUA interface of Gallagher Comm ...)
 	NOT-FOR-US: Gallagher Command Centre Server
 CVE-2021-23224
 	REJECTED
-	NOT-FOR-US: Unused CVE ID
 CVE-2021-23220
 	REJECTED
-	NOT-FOR-US: Unused CVE ID
 CVE-2021-23212
 	REJECTED
-	NOT-FOR-US: Unused CVE ID
 CVE-2021-23211 (Cleartext Storage of Sensitive Information in Memory vulnerability in  ...)
 	NOT-FOR-US: Gallagher Command Centre Server
 CVE-2021-23205 (Improper Encoding or Escaping in Gallagher Command Centre Server allow ...)
@@ -163813,14 +163706,12 @@ CVE-2021-23204 (Exposure of Sensitive Information to an Unauthorized Actor vulne
 	NOT-FOR-US: Gallagher Command Centre Server
 CVE-2021-23199
 	REJECTED
-	NOT-FOR-US: Unused CVE ID
 CVE-2021-23197 (Unquoted service path vulnerability in the Gallagher Controller Servic ...)
 	NOT-FOR-US: Gallagher Controller Service
 CVE-2021-23193 (Improper privilege validation vulnerability in COM Interface of Gallag ...)
 	NOT-FOR-US: Gallagher Command Centre Server
 CVE-2021-23185
 	REJECTED
-	NOT-FOR-US: Unused CVE ID
 CVE-2021-23182 (Cleartext Storage of Sensitive Information in Memory vulnerability in  ...)
 	NOT-FOR-US: Gallagher Command Centre Server
 CVE-2021-23167 (Improper certificate validation vulnerability in SMTP Client allows ma ...)
@@ -199299,16 +199190,12 @@ CVE-2020-24646 (A tftpserver stack-based buffer overflow remote code execution v
 	NOT-FOR-US: HPE Intelligent Management Center (iMC)
 CVE-2020-24645
 	REJECTED
-	NOT-FOR-US: Unused CVE ID
 CVE-2020-24644
 	REJECTED
-	NOT-FOR-US: Unused CVE ID
 CVE-2020-24643
 	REJECTED
-	NOT-FOR-US: Unused CVE ID
 CVE-2020-24642
 	REJECTED
-	NOT-FOR-US: Unused CVE ID
 CVE-2020-24641 (In Aruba AirWave Glass before 1.3.3, there is a Server-Side Request Fo ...)
 	NOT-FOR-US: Aruba
 CVE-2020-24640 (There is a vulnerability caused by insufficient input validation that  ...)
@@ -242795,7 +242682,6 @@ CVE-2020-7119 (A vulnerability exists in the Aruba Analytics and Location Engine
 	NOT-FOR-US: Aruba
 CVE-2020-7118
 	REJECTED
-	NOT-FOR-US: Unused CVE ID
 CVE-2020-7117 (The ClearPass Policy Manager WebUI administrative interface has an aut ...)
 	NOT-FOR-US: ClearPass Policy Manager WebUI
 CVE-2020-7116 (The ClearPass Policy Manager WebUI administrative interface has an aut ...)
@@ -242808,7 +242694,6 @@ CVE-2020-7113 (A vulnerability was found when an attacker, while communicating w
 	NOT-FOR-US: ClearPass
 CVE-2020-7112
 	REJECTED
-	NOT-FOR-US: Unused CVE ID
 CVE-2020-7111 (A server side injection vulnerability exists which could allow an auth ...)
 	NOT-FOR-US: ClearPass
 CVE-2020-7110 (ClearPass is vulnerable to Stored Cross Site Scripting by allowing a m ...)
@@ -303488,7 +303373,6 @@ CVE-2019-5326 (An administrative application user of or application user with wr
 	NOT-FOR-US: Aruba Airwave VisualRF
 CVE-2019-5325
 	REJECTED
-	NOT-FOR-US: HPE
 CVE-2019-5324
 	REJECTED
 CVE-2019-5323 (There are command injection vulnerabilities present in the AirWave app ...)
@@ -303507,14 +303391,12 @@ CVE-2019-5317 (A local authentication bypass vulnerability was discovered in som
 	NOT-FOR-US: Aruba
 CVE-2019-5316
 	REJECTED
-	NOT-FOR-US: HPE
 CVE-2019-5315 (A command injection vulnerability is present in the web management int ...)
 	NOT-FOR-US: ArubaOS
 CVE-2019-5314 (Some web components in the ArubaOS software are vulnerable to HTTP Res ...)
 	NOT-FOR-US: ArubaOS
 CVE-2019-5313
 	REJECTED
-	NOT-FOR-US: HPE
 CVE-2019-5312 (An issue was discovered in weixin-java-tools v3.3.0. There is an XXE v ...)
 	NOT-FOR-US: weixin-java-tools
 CVE-2019-5311 (An issue was discovered in YUNUCMS V1.1.8. app/index/controller/Show.p ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/732dcbe3ff79e11a2081c4f7ab55420840cc733a

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/732dcbe3ff79e11a2081c4f7ab55420840cc733a
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230428/77614775/attachment.htm>


More information about the debian-security-tracker-commits mailing list