[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Dec 6 20:28:22 GMT 2022 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
6afa5c58 by Salvatore Bonaccorso at 2022-12-06T21:26:34+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -43,7 +43,7 @@ CVE-2022-4302
 CVE-2022-4301
 	RESERVED
 CVE-2022-4300 (A vulnerability was found in FastCMS. It has been rated as critical. T ...)
-	TODO: check
+	NOT-FOR-US: FastCMS
 CVE-2022-4299
 	RESERVED
 CVE-2022-4298
@@ -51,7 +51,7 @@ CVE-2022-4298
 CVE-2022-4297
 	RESERVED
 CVE-2022-4296 (A vulnerability classified as problematic has been found in TP-Link TL ...)
-	TODO: check
+	NOT-FOR-US: TP-Link
 CVE-2022-46663
 	RESERVED
 CVE-2022-46651
@@ -1597,7 +1597,7 @@ CVE-2022-46156 (The Synthetic Monitoring Agent for Grafana's Synthetic Monitorin
 CVE-2022-46155 (Airtable.js is the JavaScript client for Airtable. Prior to version 0. ...)
 	NOT-FOR-US: Airtable.js
 CVE-2022-46154 (Kodexplorer is a chinese language web based file manager and browser b ...)
-	TODO: check
+	NOT-FOR-US: Kodexplorer
 CVE-2022-46153
 	RESERVED
 CVE-2022-46152 (OP-TEE Trusted OS is the secure side implementation of OP-TEE project, ...)
@@ -1696,7 +1696,7 @@ CVE-2022-4149
 CVE-2022-4148
 	RESERVED
 CVE-2022-4147 (Quarkus CORS filter allows simple GET and POST requests with invalid O ...)
-	TODO: check
+	NOT-FOR-US: Quarkus
 CVE-2022-46139
 	RESERVED
 CVE-2022-46138
@@ -3030,7 +3030,7 @@ CVE-2022-45550
 CVE-2022-45549
 	RESERVED
 CVE-2022-45548 (AyaCMS v3.1.2 has an Arbitrary File Upload vulnerability. ...)
-	TODO: check
+	NOT-FOR-US: AyaCMS
 CVE-2022-45547
 	RESERVED
 CVE-2022-45546
@@ -4036,7 +4036,7 @@ CVE-2022-45328 (Church Management System v1.0 was discovered to contain a SQL in
 CVE-2022-45327
 	RESERVED
 CVE-2022-45326 (An XML external entity (XXE) injection vulnerability in Kwoksys Kwok I ...)
-	TODO: check
+	NOT-FOR-US: Kwoksys
 CVE-2022-45325
 	RESERVED
 CVE-2022-45324
@@ -7870,7 +7870,7 @@ CVE-2022-44291 (webTareas 2.4p5 was discovered to contain a SQL injection vulner
 CVE-2022-44290 (webTareas 2.4p5 was discovered to contain a SQL injection vulnerabilit ...)
 	NOT-FOR-US: webtareas
 CVE-2022-44289 (Thinkphp 5.1.41 and 5.0.24 has a code logic error which causes file up ...)
-	TODO: check
+	NOT-FOR-US: ThinkPHP Framework
 CVE-2022-44288
 	RESERVED
 CVE-2022-44287
@@ -11376,13 +11376,13 @@ CVE-2022-43558
 CVE-2022-43557 (The BD BodyGuard™ infusion pumps specified allow for access thro ...)
 	TODO: check
 CVE-2022-43556 (Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9 ...)
-	TODO: check
+	NOT-FOR-US: Concrete CMS
 CVE-2022-43555
 	RESERVED
 CVE-2022-43554
 	RESERVED
 CVE-2022-43553 (A remote code execution vulnerability in EdgeRouters (Version 2.0.9-ho ...)
-	TODO: check
+	NOT-FOR-US: EdgeRouters
 CVE-2022-43552
 	RESERVED
 CVE-2022-43551
@@ -11390,7 +11390,7 @@ CVE-2022-43551
 CVE-2022-43550
 	RESERVED
 CVE-2022-43549 (Improper authentication in Veeam Backup for Google Cloud v1.0 and v3.0 ...)
-	TODO: check
+	NOT-FOR-US: Veeam
 CVE-2022-43548 (A OS Command Injection vulnerability exists in Node.js versions <14 ...)
 	- nodejs 18.12.1+dfsg-1 (bug #1023518)
 	NOTE: https://nodejs.org/en/blog/vulnerability/november-2022-security-releases/#dns-rebinding-in-inspect-via-invalid-octal-ip-address-medium-cve-2022-43548
@@ -12011,7 +12011,7 @@ CVE-2022-43371
 CVE-2022-43370
 	RESERVED
 CVE-2022-43369 (AutoTaxi Stand Management System v1.0 was discovered to contain a cros ...)
-	TODO: check
+	NOT-FOR-US: AutoTaxi Stand Management System
 CVE-2022-43368
 	RESERVED
 CVE-2022-43367 (IP-COM EW9 V15.11.0.14(9732) was discovered to contain a command injec ...)
@@ -12588,7 +12588,7 @@ CVE-2022-43099
 CVE-2022-43098
 	RESERVED
 CVE-2022-43097 (Phpgurukul User Registration & User Management System v3.0 was dis ...)
-	TODO: check
+	NOT-FOR-US: Phpgurukul User Registration & User Management System
 CVE-2022-43096 (Mediatrix 4102 before v48.5.2718 allows local attackers to gain root a ...)
 	NOT-FOR-US: Mediatrix
 CVE-2022-43095
@@ -16678,7 +16678,7 @@ CVE-2022-40218
 CVE-2022-40216 (Auth. (subscriber+) Messaging Block Bypass vulnerability in Better Mes ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-40209 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Xylus Th ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-40203
 	RESERVED
 CVE-2022-40192 (Cross-Site Request Forgery (CSRF) vulnerability in wpForo Forum plugin ...)
@@ -18939,7 +18939,7 @@ CVE-2022-40682
 CVE-2022-40681
 	RESERVED
 CVE-2022-40680 (A improper neutralization of input during web page generation ('cross- ...)
-	TODO: check
+	NOT-FOR-US: FortiGuard
 CVE-2022-40679
 	RESERVED
 CVE-2022-40678
@@ -19265,7 +19265,7 @@ CVE-2022-40605 (MITRE CALDERA before 4.1.0 allows XSS in the Operations tab and/
 CVE-2022-40604 (In Apache Airflow 2.3.0 through 2.3.4, part of a url was unnecessarily ...)
 	- airflow <itp> (bug #819700)
 CVE-2022-40603 (A cross-site scripting (XSS) vulnerability in the CGI program of Zyxel ...)
-	TODO: check
+	NOT-FOR-US: Zyxel
 CVE-2022-40602 (A flaw in the Zyxel LTE3301-M209 firmware verisons prior to V1.00(ABLG ...)
 	NOT-FOR-US: Zyxel
 CVE-2022-40601
@@ -20016,7 +20016,7 @@ CVE-2022-40261 (An attacker can exploit this vulnerability to elevate privileges
 CVE-2022-40260
 	RESERVED
 CVE-2022-40259 (AMI MegaRAC Redfish Arbitrary Code Execution ...)
-	TODO: check
+	NOT-FOR-US: AMI MegaRAC Redfish
 CVE-2022-40258
 	RESERVED
 CVE-2022-40257 (An HTML injection vulnerability exists in CERT/CC VINCE software prior ...)
@@ -20050,7 +20050,7 @@ CVE-2022-40244
 CVE-2022-40243
 	RESERVED
 CVE-2022-40242 (MegaRAC Default Credentials Vulnerability ...)
-	TODO: check
+	NOT-FOR-US: MegaRAC
 CVE-2022-40241
 	RESERVED
 CVE-2022-40240
@@ -25190,7 +25190,7 @@ CVE-2022-38381 (An improper handling of malformed request vulnerability [CWE-228
 CVE-2022-38380 (An improper access control [CWE-284] vulnerability in FortiOS version  ...)
 	NOT-FOR-US: FortiGuard
 CVE-2022-38379 (Improper neutralization of input during web page generation [CWE-79] i ...)
-	TODO: check
+	NOT-FOR-US: FortiGuard
 CVE-2022-38378
 	RESERVED
 CVE-2022-38377 (An improper access control vulnerability [CWE-284] in FortiManager 7.2 ...)
@@ -25300,7 +25300,7 @@ CVE-2022-2829 (Cross-site Scripting (XSS) - Stored in GitHub repository yetiforc
 CVE-2022-2828 (In affected versions of Octopus Server it is possible to reveal inform ...)
 	NOT-FOR-US: Octopus Server
 CVE-2022-2827 (AMI MegaRAC User Enumeration Vulnerability ...)
-	TODO: check
+	NOT-FOR-US: MegaRAC
 CVE-2022-2826 (An issue has been discovered in GitLab affecting all versions starting ...)
 	- gitlab <unfixed>
 CVE-2022-38362 (Apache Airflow Docker's Provider prior to 3.0.0 shipped with an exampl ...)
@@ -26766,7 +26766,7 @@ CVE-2022-37785
 CVE-2022-37784
 	RESERVED
 CVE-2022-37783 (All Craft CMS versions between 3.0.0 and 3.7.32 disclose password hash ...)
-	TODO: check
+	NOT-FOR-US: Craft CMS
 CVE-2022-37782
 	RESERVED
 CVE-2022-37781 (fdkaac v1.0.3 was discovered to contain a heap buffer overflow via __i ...)
@@ -27810,11 +27810,11 @@ CVE-2022-2644 (A vulnerability was found in SourceCodester Online Admission Syst
 CVE-2022-2643 (A vulnerability has been found in SourceCodester Online Admission Syst ...)
 	NOT-FOR-US: SourceCodester Online Admission System
 CVE-2022-2642 (Horner Automation’s RCC 972 firmware version 15.40 contains glob ...)
-	TODO: check
+	NOT-FOR-US: Horner Automation
 CVE-2022-2641 (Horner Automation’s RCC 972 with firmware version 15.40 has a st ...)
-	TODO: check
+	NOT-FOR-US: Horner Automation
 CVE-2022-2640 (The Config-files of Horner Automation’s RCC 972 with firmware ve ...)
-	TODO: check
+	NOT-FOR-US: Horner Automation
 CVE-2022-37396 (In JetBrains Rider before 2022.2 Trust and Open Project dialog could b ...)
 	NOT-FOR-US: JetBrains
 CVE-2022-37395 (A Huawei device has an input verification vulnerability. Successful ex ...)
@@ -31892,7 +31892,7 @@ CVE-2022-35845
 CVE-2022-35844 (An improper neutralization of special elements used in an OS command v ...)
 	NOT-FOR-US: FortiGuard
 CVE-2022-35843 (An authentication bypass by assumed-immutable data vulnerability [CWE- ...)
-	TODO: check
+	NOT-FOR-US: FortiGuard
 CVE-2022-35842 (An exposure of sensitive information to an unauthorized actor vulnerab ...)
 	NOT-FOR-US: FortiGuard
 CVE-2022-35841 (Windows Enterprise App Management Service Remote Code Execution Vulner ...)
@@ -33378,9 +33378,9 @@ CVE-2022-35260 (curl can be told to parse a `.netrc` file for credentials. If th
 	NOTE: introduced by: https://github.com/curl/curl/commit/eeaae10c0fb27aa066fdc296074edeacfdeb6522 (curl-7_84_0)
 	NOTE: Fixed by: https://github.com/curl/curl/commit/c97ec984fb2bc919a3aa863e0476dffa377b184c (curl-7_86_0)
 CVE-2022-35259 (XML Injection with Endpoint Manager 2022. 3 and below causing a downlo ...)
-	TODO: check
+	NOT-FOR-US: Ivanti
 CVE-2022-35258 (An unauthenticated attacker can cause a denial-of-service to the follo ...)
-	TODO: check
+	NOT-FOR-US: Ivanti
 CVE-2022-35257 (A local privilege escalation vulnerability in UI Desktop for Windows ( ...)
 	NOT-FOR-US: UI Desktop for Windows
 CVE-2022-35256 (The llhttp parser in the http module in Node v18.7.0 does not correctl ...)
@@ -33397,7 +33397,7 @@ CVE-2022-35255 (A weak randomness in WebCrypto keygen vulnerability exists in No
 	NOTE: https://github.com/nodejs/node/commit/0c2a5723beff39d1f62daec96b5389da3d427e79 (v18.9.1)
 	NOTE: Introduced by https://github.com/nodejs/node/commit/dae283d96fd31ad0f30840a7e55ac97294f505ac (v15.0.0)
 CVE-2022-35254 (An unauthenticated attacker can cause a denial-of-service to the follo ...)
-	TODO: check
+	NOT-FOR-US: Ivanti
 CVE-2022-35253 (A vulnerability exists in Hyperledger Fabric <2.4 could allow an at ...)
 	NOT-FOR-US: Hyperledger Fabric
 CVE-2022-35252 (When curl is used to retrieve and parse cookies from a HTTP(S) server, ...)
@@ -34548,7 +34548,7 @@ CVE-2022-34883 (OS Command Injection vulnerability in Hitachi RAID Manager Stora
 CVE-2022-34882 (Information Exposure Through an Error Message vulnerability in Hitachi ...)
 	NOT-FOR-US: Hitachi
 CVE-2022-34881 (Generation of Error Message Containing Sensitive Information vulnerabi ...)
-	TODO: check
+	NOT-FOR-US: Hitachi
 CVE-2022-34880
 	RESERVED
 CVE-2022-34879 (Reflected Cross Site Scripting (XSS) vulnerabilities in AST Agent Time ...)
@@ -37641,9 +37641,9 @@ CVE-2022-33878 (An exposure of sensitive information to an unauthorized actor vu
 CVE-2022-33877
 	RESERVED
 CVE-2022-33876 (Multiple instances of improper input validation vulnerability in Forti ...)
-	TODO: check
+	NOT-FOR-US: FortiGuard
 CVE-2022-33875 (An improper neutralization of special elements used in an SQL Command  ...)
-	TODO: check
+	NOT-FOR-US: FortiGuard
 CVE-2022-33874 (An improper neutralization of special elements used in an OS Command ( ...)
 	NOT-FOR-US: Fortiguard
 CVE-2022-33873 (An improper neutralization of special elements used in an OS Command ( ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6afa5c587d0018000e41a0d3681bd2add80d2632

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6afa5c587d0018000e41a0d3681bd2add80d2632
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221206/4f9b0865/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list