[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed Dec 14 08:59:55 GMT 2022 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
0a27d8bc by Salvatore Bonaccorso at 2022-12-14T09:59:28+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -2769,7 +2769,7 @@ CVE-2022-46406
 CVE-2022-46405 (Mastodon through 4.0.2 allows attackers to cause a denial of service ( ...)
 	- mastodon <itp> (bug #859741)
 CVE-2022-46404 (A command injection vulnerability has been identified in Atos Unify Op ...)
-	TODO: check
+	NOT-FOR-US: Atos Unify OpenScape
 CVE-2022-46403
 	RESERVED
 CVE-2022-46402
@@ -2819,7 +2819,7 @@ CVE-2022-46383 (RackN Digital Rebar through 4.6.14, 4.7 through 4.7.22, 4.8 thro
 CVE-2022-46382 (RackN Digital Rebar through 4.6.14, 4.7 through 4.7.22, 4.8 through 4. ...)
 	NOT-FOR-US: RackN Digital Rebar
 CVE-2022-46381 (Certain Linear eMerge E3-Series devices are vulnerable to XSS via the  ...)
-	TODO: check
+	NOT-FOR-US: Linear eMerge E3-Series devices
 CVE-2022-4280 (A vulnerability, which was classified as problematic, has been found i ...)
 	NOT-FOR-US: Dot Tech Smart Campus System
 CVE-2022-4279 (A vulnerability classified as problematic has been found in SourceCode ...)
@@ -6343,7 +6343,7 @@ CVE-2022-45271
 CVE-2022-45270
 	RESERVED
 CVE-2022-45269 (A directory traversal vulnerability in the component SCS.Web.Server.SP ...)
-	TODO: check
+	NOT-FOR-US: Linx Sphere LINX
 CVE-2022-45268
 	RESERVED
 CVE-2022-45267
@@ -7465,7 +7465,7 @@ CVE-2022-44876
 CVE-2022-44875
 	RESERVED
 CVE-2022-44874 (wasm3 commit 7890a2097569fde845881e0b352d813573e371f9 was discovered t ...)
-	TODO: check
+	NOT-FOR-US: wasm3
 CVE-2022-44873
 	RESERVED
 CVE-2022-44872
@@ -17586,11 +17586,11 @@ CVE-2022-42143 (Open Source SACCO Management System v1.0 is vulnerable to SQL In
 CVE-2022-42142 (Online Tours & Travels Management System v1.0 is vulnerable to Arb ...)
 	NOT-FOR-US: Online Tours & Travels Management System
 CVE-2022-42141 (Delta Electronics DX-2100-L1-CN 2.42 is vulnerable to Cross Site Scrip ...)
-	TODO: check
+	NOT-FOR-US: Delta Electronics
 CVE-2022-42140 (Delta Electronics DX-2100-L1-CN 2.42 is vulnerable to Command Injectio ...)
-	TODO: check
+	NOT-FOR-US: Delta Electronics
 CVE-2022-42139 (Delta Electronics DVW-W02W2-E2 1.5.0.10 is vulnerable to Command Injec ...)
-	TODO: check
+	NOT-FOR-US: Delta Electronics
 CVE-2022-42138
 	RESERVED
 CVE-2022-42137
@@ -18414,7 +18414,7 @@ CVE-2022-41657 (Delta Electronics InfraSuite Device Master Versions 00.00.01a an
 CVE-2022-41654
 	RESERVED
 CVE-2022-41653 (Daikin SVMPC1 version 2.1.22 and prior and SVMPC2 version 1.2.3 and pr ...)
-	TODO: check
+	NOT-FOR-US: Daikin
 CVE-2022-41651 (The affected product DIAEnergie (versions prior to v1.9.01.002) is vul ...)
 	NOT-FOR-US: DIAEnergie
 CVE-2022-41648 (The HEIDENHAIN Controller TNC 640, version 340590 07 SP5, running HERO ...)
@@ -18452,7 +18452,7 @@ CVE-2022-40201
 CVE-2022-40190 (SAUTER Controls moduWeb firmware version 2.7.1 is vulnerable to reflec ...)
 	NOT-FOR-US: SAUTER Controls moduWeb firmware
 CVE-2022-38355 (Daikin SVMPC1 version 2.1.22 and prior and SVMPC2 version 1.2.3 and pr ...)
-	TODO: check
+	NOT-FOR-US: Daikin
 CVE-2022-38142 (Delta Electronics InfraSuite Device Master versions 00.00.01a and prio ...)
 	NOT-FOR-US: Delta Electronics
 CVE-2022-3361 (The Ultimate Member plugin for WordPress is vulnerable to directory tr ...)
@@ -19826,27 +19826,27 @@ CVE-2022-41290
 CVE-2022-41289
 	RESERVED
 CVE-2022-41288 (A vulnerability has been identified in JT2Go (All versions), Teamcente ...)
-	TODO: check
+	NOT-FOR-US: Siemens
 CVE-2022-41287 (A vulnerability has been identified in JT2Go (All versions), Teamcente ...)
-	TODO: check
+	NOT-FOR-US: Siemens
 CVE-2022-41286 (A vulnerability has been identified in JT2Go (All versions), Teamcente ...)
-	TODO: check
+	NOT-FOR-US: Siemens
 CVE-2022-41285 (A vulnerability has been identified in JT2Go (All versions), Teamcente ...)
-	TODO: check
+	NOT-FOR-US: Siemens
 CVE-2022-41284 (A vulnerability has been identified in JT2Go (All versions), Teamcente ...)
-	TODO: check
+	NOT-FOR-US: Siemens
 CVE-2022-41283 (A vulnerability has been identified in JT2Go (All versions), Teamcente ...)
-	TODO: check
+	NOT-FOR-US: Siemens
 CVE-2022-41282 (A vulnerability has been identified in JT2Go (All versions), Teamcente ...)
-	TODO: check
+	NOT-FOR-US: Siemens
 CVE-2022-41281 (A vulnerability has been identified in JT2Go (All versions), Teamcente ...)
-	TODO: check
+	NOT-FOR-US: Siemens
 CVE-2022-41280 (A vulnerability has been identified in JT2Go (All versions), Teamcente ...)
-	TODO: check
+	NOT-FOR-US: Siemens
 CVE-2022-41279 (A vulnerability has been identified in JT2Go (All versions), Teamcente ...)
-	TODO: check
+	NOT-FOR-US: Siemens
 CVE-2022-41278 (A vulnerability has been identified in JT2Go (All versions), Teamcente ...)
-	TODO: check
+	NOT-FOR-US: Siemens
 CVE-2022-41277
 	RESERVED
 CVE-2022-41276
@@ -19906,7 +19906,7 @@ CVE-2022-3261
 CVE-2022-3260 (The response header has not enabled X-FRAME-OPTIONS, Which helps preve ...)
 	TODO: check
 CVE-2022-3259 (Openshift 4.9 does not use HTTP Strict Transport Security (HSTS) which ...)
-	TODO: check
+	NOT-FOR-US: Openshift
 CVE-2022-3258 (Incorrect Permission Assignment for Critical Resource vulnerability in ...)
 	NOT-FOR-US: HYPR Workforce Access
 CVE-2022-3257 (Mattermost version 7.1.x and earlier fails to sufficiently process a s ...)
@@ -20210,7 +20210,7 @@ CVE-2022-41129
 CVE-2022-41128 (Windows Scripting Languages Remote Code Execution Vulnerability. This  ...)
 	NOT-FOR-US: Microsoft
 CVE-2022-41127 (Microsoft Dynamics NAV and Microsoft Dynamics 365 Business Central (On ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2022-41126
 	RESERVED
 CVE-2022-41125 (Windows CNG Key Isolation Service Elevation of Privilege Vulnerability ...)
@@ -20222,7 +20222,7 @@ CVE-2022-41123 (Microsoft Exchange Server Elevation of Privilege Vulnerability.
 CVE-2022-41122 (Microsoft SharePoint Server Spoofing Vulnerability. ...)
 	NOT-FOR-US: Microsoft
 CVE-2022-41121 (Windows Graphics Component Elevation of Privilege Vulnerability. This  ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2022-41120 (Microsoft Windows Sysmon Elevation of Privilege Vulnerability. ...)
 	NOT-FOR-US: Microsoft
 CVE-2022-41119 (Visual Studio Remote Code Execution Vulnerability. ...)
@@ -20234,7 +20234,7 @@ CVE-2022-41117
 CVE-2022-41116 (Windows Point-to-Point Tunneling Protocol Denial of Service Vulnerabil ...)
 	NOT-FOR-US: Microsoft
 CVE-2022-41115 (Microsoft Edge (Chromium-based) Update Elevation of Privilege Vulnerab ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2022-41114 (Windows Bind Filter Driver Elevation of Privilege Vulnerability. ...)
 	NOT-FOR-US: Microsoft
 CVE-2022-41113 (Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability. ...)
@@ -20276,7 +20276,7 @@ CVE-2022-41096 (Microsoft DWM Core Library Elevation of Privilege Vulnerability.
 CVE-2022-41095 (Windows Digital Media Receiver Elevation of Privilege Vulnerability. ...)
 	NOT-FOR-US: Microsoft
 CVE-2022-41094 (Windows Hyper-V Elevation of Privilege Vulnerability. ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2022-41093 (Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vu ...)
 	NOT-FOR-US: Microsoft
 CVE-2022-41092 (Windows Win32k Elevation of Privilege Vulnerability. This CVE ID is un ...)
@@ -20286,7 +20286,7 @@ CVE-2022-41091 (Windows Mark of the Web Security Feature Bypass Vulnerability. T
 CVE-2022-41090 (Windows Point-to-Point Tunneling Protocol Denial of Service Vulnerabil ...)
 	NOT-FOR-US: Microsoft
 CVE-2022-41089 (.NET Framework Remote Code Execution Vulnerability. ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2022-41088 (Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulner ...)
 	NOT-FOR-US: Microsoft
 CVE-2022-41087
@@ -20310,13 +20310,13 @@ CVE-2022-41079 (Microsoft Exchange Server Spoofing Vulnerability. This CVE ID is
 CVE-2022-41078 (Microsoft Exchange Server Spoofing Vulnerability. This CVE ID is uniqu ...)
 	NOT-FOR-US: Microsoft
 CVE-2022-41077 (Windows Fax Compose Form Elevation of Privilege Vulnerability. ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2022-41076 (PowerShell Remote Code Execution Vulnerability. ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2022-41075
 	RESERVED
 CVE-2022-41074 (Windows Graphics Component Information Disclosure Vulnerability. This  ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2022-41073 (Windows Print Spooler Elevation of Privilege Vulnerability. ...)
 	NOT-FOR-US: Microsoft
 CVE-2022-41072
@@ -20631,7 +20631,7 @@ CVE-2022-40941
 CVE-2022-40940
 	RESERVED
 CVE-2022-40939 (In certain Secustation products the administrator account password can ...)
-	TODO: check
+	NOT-FOR-US: Secustation
 CVE-2022-40938
 	RESERVED
 CVE-2022-40937
@@ -22241,7 +22241,7 @@ CVE-2022-40266 (Improper Input Validation vulnerability in Mitsubishi Electric G
 CVE-2022-40265 (Improper Input Validation vulnerability in Mitsubishi Electric Corpora ...)
 	NOT-FOR-US: Mitsubishi
 CVE-2022-40264 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
-	TODO: check
+	NOT-FOR-US: Mitsubishi Electric
 CVE-2022-40263 (BD Totalys MultiProcessor, versions 1.70 and earlier, contain hardcode ...)
 	NOT-FOR-US: BD Totalys MultiProcessor
 CVE-2022-40262 (A potential attacker can execute an arbitrary code at the time of the  ...)
@@ -26443,15 +26443,15 @@ CVE-2022-2953 (LibTIFF 4.4.0 has an out-of-bounds read in extractImageSection in
 CVE-2022-2952 (GE CIMPICITY versions 2022 and prior is vulnerable when data from a fa ...)
 	NOT-FOR-US: GE CIMPICITY
 CVE-2022-2951 (Altair HyperView Player versions 2021.1.0.27 and prior are vulnerable  ...)
-	TODO: check
+	NOT-FOR-US: Altair HyperView Player
 CVE-2022-2950 (Altair HyperView Player versions 2021.1.0.27 and prior are vulnerable  ...)
-	TODO: check
+	NOT-FOR-US: Altair HyperView Player
 CVE-2022-2949 (Altair HyperView Player versions 2021.1.0.27 and prior are vulnerable  ...)
-	TODO: check
+	NOT-FOR-US: Altair HyperView Player
 CVE-2022-2948 (GE CIMPICITY versions 2022 and prior is vulnerable to a heap-based buf ...)
 	NOT-FOR-US: GE CIMPICITY
 CVE-2022-2947 (Altair HyperView Player versions 2021.1.0.27 and prior perform operati ...)
-	TODO: check
+	NOT-FOR-US: Altair HyperView Player
 CVE-2022-38666 (Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.146 and e ...)
 	NOT-FOR-US: Jenkins plugin
 CVE-2022-38665 (Jenkins CollabNet Plugins Plugin 2.0.8 and earlier stores a RabbitMQ p ...)
@@ -26595,7 +26595,7 @@ CVE-2022-38630
 CVE-2022-38629
 	RESERVED
 CVE-2022-38628 (Nortek Linear eMerge E3-Series 0.32-08f, 0.32-07p, 0.32-07e, 0.32-09c, ...)
-	TODO: check
+	NOT-FOR-US: Nortek Linear eMerge E3-Series
 CVE-2022-38627
 	RESERVED
 CVE-2022-38626



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0a27d8bca8c793e18d3bf8f2357023ffbe9ed86b

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0a27d8bca8c793e18d3bf8f2357023ffbe9ed86b
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221214/3d0e663a/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list