[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed Apr 13 08:14:02 BST 2022 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
68801279 by Salvatore Bonaccorso at 2022-04-13T09:13:41+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -2348,13 +2348,13 @@ CVE-2022-28218
 CVE-2022-28217
 	RESERVED
 CVE-2022-28216 (SAP BusinessObjects Business Intelligence Platform (BI Workspace) - ve ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2022-28215 (SAP NetWeaver ABAP Server and ABAP Platform - versions 740, 750, 787,  ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2022-28214
 	RESERVED
 CVE-2022-28213 (When a user access SOAP Web services in SAP BusinessObjects Business I ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2022-28212
 	RESERVED
 CVE-2022-28211
@@ -3843,13 +3843,13 @@ CVE-2022-27672
 CVE-2022-27671 (A CSRF token visible in the URL may possibly lead to information discl ...)
 	TODO: check
 CVE-2022-27670 (SAP SQL Anywhere - version 17.0, allows an authenticated attacker to p ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2022-27669 (An unauthenticated user can use functions of XML Data Archiving Servic ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2022-27668
 	RESERVED
 CVE-2022-27667 (Under certain conditions, SAP BusinessObjects Business Intelligence pl ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2022-1059
 	RESERVED
 CVE-2022-1058 (Open Redirect on login in GitHub repository go-gitea/gitea prior to 1. ...)
@@ -3871,13 +3871,13 @@ CVE-2022-27663
 CVE-2022-27658 (Under certain conditions, SAP Innovation management - version 2.0, all ...)
 	NOT-FOR-US: SAP
 CVE-2022-27657 (A highly privileged remote attacker, can gain unauthorized access to d ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2022-27656
 	RESERVED
 CVE-2022-27655 (When a user opens a manipulated Universal 3D (.u3d, 3difr.x3d) receive ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2022-27654 (When a user opens a manipulated Photoshop Document (.psd, 2d.x3d) rece ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2022-26518
 	RESERVED
 CVE-2022-26422
@@ -8113,15 +8113,15 @@ CVE-2022-26110 (An issue was discovered in HTCondor 8.8.x before 8.8.16, 9.0.x b
 	NOTE: https://github.com/htcondor/htcondor/commit/1cae7601d796725e7f5dd73fedf37f6fbbe379ca (V8_8_16)
 	NOTE: https://github.com/htcondor/htcondor/commit/8568e8ba65c9490f30a1089b6d4f8910e4bfbd6b (V8_8_16)
 CVE-2022-26109 (When a user opens a manipulated Portable Document Format (.pdf, PDFVie ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2022-26108 (When a user opens a manipulated Picture Exchange (.pcx, 2d.x3d) receiv ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2022-26107 (When a user opens a manipulated Jupiter Tesselation (.jt, JTReader.x3d ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2022-26106 (When a user opens a manipulated Computer Graphics Metafile (.cgm, CgmC ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2022-26105 (SAP NetWeaver Enterprise Portal - versions 7.10, 7.11, 7.20, 7.30, 7.3 ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2022-26104 (SAP Financial Consolidation - version 10.1, does not perform necessary ...)
 	NOT-FOR-US: SAP
 CVE-2022-26103 (Under certain conditions, SAP NetWeaver (Real Time Messaging Framework ...)
@@ -12658,7 +12658,7 @@ CVE-2022-24414
 CVE-2022-24413 (Dell PowerScale OneFS, versions 8.2.2-9.3.x, contain a time-of-check-t ...)
 	TODO: check
 CVE-2022-24412 (Dell EMC PowerScale OneFS 8.2.x - 9.3.0.x contain an improper handling ...)
-	TODO: check
+	NOT-FOR-US: EMC
 CVE-2022-24411 (Dell PowerScale OneFS 8.2.2 and above contain an elevation of privileg ...)
 	TODO: check
 CVE-2022-24410
@@ -19191,11 +19191,11 @@ CVE-2022-0144 (shelljs is vulnerable to Improper Privilege Management ...)
 CVE-2022-0143
 	RESERVED
 CVE-2022-0142 (The Visual Form Builder WordPress plugin before 3.0.6 is vulnerable to ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-0141 (The Visual Form Builder WordPress plugin before 3.0.8 does not enforce ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-0140 (The Visual Form Builder WordPress plugin before 3.0.6 does not perform ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-46150 (An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36 ...)
 	NOT-FOR-US: MediaWiki extension CheckUser
 CVE-2021-46149 (An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36 ...)
@@ -19669,7 +19669,7 @@ CVE-2022-22562 (Dell PowerScale OneFS, versions 8.2.0-9.3.0, contain a improper
 CVE-2022-22561 (Dell PowerScale OneFS, versions 8.2.x-9.3.0.x, contain an improper res ...)
 	TODO: check
 CVE-2022-22560 (Dell EMC PowerScale OneFS 8.1.x - 9.1.x contain hard coded credentials ...)
-	TODO: check
+	NOT-FOR-US: EMC
 CVE-2022-22559 (Dell PowerScale OneFS, version 9.3.0, contains a use of a broken or ri ...)
 	TODO: check
 CVE-2022-22558
@@ -19707,7 +19707,7 @@ CVE-2022-22543 (SAP NetWeaver Application Server for ABAP (Kernel) and ABAP Plat
 CVE-2022-22542 (S/4HANA Supplier Factsheet exposes the private address and bank detail ...)
 	NOT-FOR-US: SAP
 CVE-2022-22541 (SAP BusinessObjects Business Intelligence Platform - versions 420, 430 ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2022-22540 (SAP NetWeaver AS ABAP (Workplace Server) - versions 700, 701, 702, 731 ...)
 	NOT-FOR-US: SAP
 CVE-2022-22539 (When a user opens a manipulated JPEG file format (.jpg, 2d.x3d) receiv ...)
@@ -48914,7 +48914,7 @@ CVE-2021-36916 (The SQL injection vulnerability in the Hide My WP WordPress plug
 CVE-2021-36915
 	RESERVED
 CVE-2021-36914 (Cross-Site Request Forgery (CSRF) vulnerability leading to Reflected C ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-36913
 	RESERVED
 CVE-2021-36912



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/688012790aefb952418e44decb39bb8e8df996dd

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/688012790aefb952418e44decb39bb8e8df996dd
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220413/d4bcb3c1/attachment.htm>

More information about the debian-security-tracker-commits mailing list