[Git][security-tracker-team/security-tracker][master] NFUs

Tue Dec 13 12:12:02 GMT 2022


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
88a80420 by Moritz Muehlenhoff at 2022-12-13T13:11:38+01:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -967,7 +967,7 @@ CVE-2022-4423
 CVE-2022-4422
 	RESERVED
 CVE-2022-4421 (A vulnerability was found in rAthena FluxCP. It has been classified as ...)
-	TODO: check
+	NOT-FOR-US: rAthena FluxCP
 CVE-2022-4420
 	RESERVED
 CVE-2022-4419
@@ -977,7 +977,7 @@ CVE-2022-4418
 CVE-2022-4417
 	RESERVED
 CVE-2021-4244 (A vulnerability classified as problematic has been found in yikes-inc- ...)
-	TODO: check
+	NOT-FOR-US: yikes-inc-easy-mailchimp-extender
 CVE-2021-4243 (A vulnerability was found in claviska jquery-minicolors up to 2.3.5. I ...)
 	TODO: check
 CVE-2022-XXXX [The BPv6, OpenFlow, and Kafka protocol dissectors could go into an infinite loops]
@@ -997,9 +997,9 @@ CVE-2022-4416 (A vulnerability was found in RainyGao DocSys. It has been declare
 CVE-2022-4415
 	RESERVED
 CVE-2022-4414 (Cross-site Scripting (XSS) - DOM in GitHub repository nuxt/framework p ...)
-	TODO: check
+	NOT-FOR-US: nuxt
 CVE-2022-4413 (Cross-site Scripting (XSS) - Reflected in GitHub repository nuxt/frame ...)
-	TODO: check
+	NOT-FOR-US: nuxt
 CVE-2022-4412
 	RESERVED
 CVE-2022-4411
@@ -1038,7 +1038,7 @@ CVE-2022-4398 (Integer Overflow or Wraparound in GitHub repository radareorg/rad
 	NOTE: https://huntr.dev/bounties/c6f8d3ef-5420-4eba-9a5f-aba5e2b5fea2
 	NOTE: https://github.com/radareorg/radare2/commit/b53a1583d05c3a5bfe5fa60da133fe59dfbb02b8
 CVE-2022-4397 (A vulnerability was found in morontt zend-blog-number-2. It has been c ...)
-	TODO: check
+	NOT-FOR-US: morontt zend-blog-number-2
 CVE-2022-4396 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in RDFlib py ...)
 	TODO: check
 CVE-2022-46906 (Insufficient processing of user input in WebSoft HCM 2021.2.3.327 allo ...)
@@ -1260,15 +1260,15 @@ CVE-2022-46830 (In JetBrains TeamCity between 2022.10 and 2022.10.1 a custom STS
 CVE-2022-46829 (In JetBrains JetBrains Gateway before 2022.3 a client could connect wi ...)
 	NOT-FOR-US: JetBrains JetBrains Gateway
 CVE-2022-46828 (In JetBrains IntelliJ IDEA before 2022.3 a DYLIB injection on macOS wa ...)
-	TODO: check
+	- intellij-idea <itp> (bug #747616)
 CVE-2022-46827 (In JetBrains IntelliJ IDEA before 2022.3 an XXE attack leading to SSRF ...)
-	TODO: check
+	- intellij-idea <itp> (bug #747616)
 CVE-2022-46826 (In JetBrains IntelliJ IDEA before 2022.3 the built-in web server allow ...)
-	TODO: check
+	- intellij-idea <itp> (bug #747616)
 CVE-2022-46825 (In JetBrains IntelliJ IDEA before 2022.3 the built-in web server leake ...)
-	TODO: check
+	- intellij-idea <itp> (bug #747616)
 CVE-2022-46824 (In JetBrains IntelliJ IDEA before 2022.2.4 a buffer overflow in the fs ...)
-	TODO: check
+	- intellij-idea <itp> (bug #747616)
 CVE-2022-46823
 	RESERVED
 CVE-2022-46822
@@ -1332,7 +1332,7 @@ CVE-2022-46794
 CVE-2022-46793
 	RESERVED
 CVE-2022-4366 (Exposure of Sensitive System Information to an Unauthorized Control Sp ...)
-	TODO: check
+	NOT-FOR-US: daloRADIUS
 CVE-2022-4365
 	RESERVED
 CVE-2022-4364 (A vulnerability classified as critical has been found in Teledyne FLIR ...)
@@ -1376,7 +1376,7 @@ CVE-2020-36610 (A vulnerability was found in annyshow DuxCMS 2.1. It has been de
 CVE-2020-36609 (A vulnerability was found in annyshow DuxCMS 2.1. It has been classifi ...)
 	NOT-FOR-US: DuxCMS
 CVE-2022-46792 (Hasura GraphQL Engine before 2.15.2 mishandles row-level authorization ...)
-	TODO: check
+	NOT-FOR-US: Hasura GraphQL
 CVE-2022-46791
 	RESERVED
 CVE-2022-46790
@@ -1420,7 +1420,7 @@ CVE-2022-46772
 CVE-2022-46771
 	RESERVED
 CVE-2022-46770 (qubes-mirage-firewall (aka Mirage firewall for QubesOS) 0.8.x through  ...)
-	TODO: check
+	NOT-FOR-US: qubes-mirage-firewall
 CVE-2022-46769
 	RESERVED
 CVE-2022-4346
@@ -1434,7 +1434,7 @@ CVE-2022-4343
 CVE-2022-4342
 	RESERVED
 CVE-2022-4341 (A vulnerability has been found in csliuwy coder-chain_gdut and classif ...)
-	TODO: check
+	NOT-FOR-US: csliuwy coder-chain_gdut
 CVE-2022-46768
 	RESERVED
 CVE-2022-46767
@@ -1758,7 +1758,7 @@ CVE-2022-43498
 CVE-2022-43474
 	RESERVED
 CVE-2022-4322 (A vulnerability, which was classified as critical, was found in maku-b ...)
-	TODO: check
+	NOT-FOR-US: maku-boot
 CVE-2022-4321
 	RESERVED
 CVE-2022-4320
@@ -1779,9 +1779,9 @@ CVE-2022-4314 (Improper Privilege Management in GitHub repository ikus060/rdiffw
 CVE-2022-4313
 	RESERVED
 CVE-2022-4312 (A cleartext storage of sensitive information vulnerability exists in P ...)
-	TODO: check
+	NOT-FOR-US: PcVue
 CVE-2022-4311 (An insertion of sensitive information into log file vulnerability exis ...)
-	TODO: check
+	NOT-FOR-US: PcVue
 CVE-2022-42879
 	RESERVED
 CVE-2022-42700
@@ -2439,9 +2439,9 @@ CVE-2022-46385
 CVE-2022-46384
 	RESERVED
 CVE-2022-46383 (RackN Digital Rebar through 4.6.14, 4.7 through 4.7.22, 4.8 through 4. ...)
-	TODO: check
+	NOT-FOR-US: RackN Digital Rebar
 CVE-2022-46382 (RackN Digital Rebar through 4.6.14, 4.7 through 4.7.22, 4.8 through 4. ...)
-	TODO: check
+	NOT-FOR-US: RackN Digital Rebar
 CVE-2022-46381
 	RESERVED
 CVE-2022-4280 (A vulnerability, which was classified as problematic, has been found i ...)
@@ -3023,7 +3023,7 @@ CVE-2022-45445
 CVE-2022-45346
 	RESERVED
 CVE-2022-45119 (This CVE is not valid. ...)
-	TODO: check
+	NOT-FOR-US: Invalid CVE, will likely be rejected
 CVE-2022-44615
 	RESERVED
 CVE-2022-44453
@@ -3035,7 +3035,7 @@ CVE-2022-43664
 CVE-2022-43663
 	RESERVED
 CVE-2022-43503 (This CVE is not valid. ...)
-	TODO: check
+	NOT-FOR-US: Invalid CVE, will likely be rejected
 CVE-2022-43467
 	RESERVED
 CVE-2022-42885
@@ -3365,7 +3365,7 @@ CVE-2022-46168
 CVE-2022-46167 (Capsule is a multi-tenancy and policy-based framework for Kubernetes.  ...)
 	NOT-FOR-US: Capsule
 CVE-2022-46166 (Spring boot admins is an open source administrative user interface for ...)
-	TODO: check
+	NOT-FOR-US: Spring boot admins
 CVE-2022-46165
 	RESERVED
 CVE-2022-46164 (NodeBB is an open source Node.js based forum software. Due to a plain  ...)
@@ -3375,9 +3375,9 @@ CVE-2022-46163
 CVE-2022-46162 (discourse-bbcode is the official BBCode plugin for Discourse. Prior to ...)
 	NOT-FOR-US: BBCode plugin for Discourse
 CVE-2022-46161 (pdfmake is an open source client/server side PDF printing in pure Java ...)
-	TODO: check
+	NOT-FOR-US: pdfmake
 CVE-2022-46160 (Tuleap is an Open Source Suite to improve management of software devel ...)
-	TODO: check
+	NOT-FOR-US: Tuleap
 CVE-2022-46159 (Discourse is an open-source discussion platform. In version 2.8.13 and ...)
 	NOT-FOR-US: Discourse
 CVE-2022-46158 (PrestaShop is an open-source e-commerce solution. Versions prior to 1. ...)
@@ -3829,11 +3829,11 @@ CVE-2022-45972
 CVE-2022-45971
 	RESERVED
 CVE-2022-45970 (Alist v3.5.1 is vulnerable to Cross Site Scripting (XSS) via the bulle ...)
-	TODO: check
+	NOT-FOR-US: Alist
 CVE-2022-45969
 	RESERVED
 CVE-2022-45968 (Alist v3.4.0 is vulnerable to File Upload. A user with only file uploa ...)
-	TODO: check
+	NOT-FOR-US: Alist
 CVE-2022-45967
 	RESERVED
 CVE-2022-45966
@@ -3855,9 +3855,9 @@ CVE-2022-45959
 CVE-2022-45958
 	RESERVED
 CVE-2022-45957 (ZTE ZXHN-H108NS router with firmware version H108NSV1.0.7u_ZRD_GR2_A68 ...)
-	TODO: check
+	NOT-FOR-US: ZTE
 CVE-2022-45956 (Boa Web Server versions 0.94.13 through 0.94.14 fail to validate the c ...)
-	TODO: check
+	- boa <removed>
 CVE-2022-45955
 	RESERVED
 CVE-2022-45954
@@ -4397,15 +4397,15 @@ CVE-2022-45762
 CVE-2022-45761
 	RESERVED
 CVE-2022-45760 (SENS v1.0 is vulnerable to Incorrect Access Control vulnerability. ...)
-	TODO: check
+	NOT-FOR-US: SENS
 CVE-2022-45759 (SENS v1.0 has a file upload vulnerability. ...)
-	TODO: check
+	NOT-FOR-US: SENS
 CVE-2022-45758 (SENS v1.0 is vulnerable to Cross Site Scripting (XSS) via com.liuyanzh ...)
-	TODO: check
+	NOT-FOR-US: SENS
 CVE-2022-45757
 	RESERVED
 CVE-2022-45756 (SENS v1.0 is vulnerable to Cross Site Scripting (XSS). ...)
-	TODO: check
+	NOT-FOR-US: SENS
 CVE-2022-45755
 	RESERVED
 CVE-2022-45754



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/88a80420f81d6273a07d4c5498bba836734e0e4c

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/88a80420f81d6273a07d4c5498bba836734e0e4c
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221213/ac51230a/attachment.htm>
