[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed Dec 14 20:44:29 GMT 2022 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
63aa86db by Salvatore Bonaccorso at 2022-12-14T21:43:57+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -29,11 +29,11 @@ CVE-2022-4497
 CVE-2022-4496
 	RESERVED
 CVE-2022-4495 (A vulnerability, which was classified as problematic, has been found i ...)
-	TODO: check
+	NOT-FOR-US: collective.dms.basecontent
 CVE-2022-4494 (A vulnerability, which was classified as critical, has been found in b ...)
 	TODO: check
 CVE-2022-4493 (A vulnerability classified as critical was found in scifio. Affected b ...)
-	TODO: check
+	NOT-FOR-US: SCIFIO (SCientific Image Format Input & Output)
 CVE-2022-4492
 	RESERVED
 CVE-2022-4491
@@ -1168,9 +1168,9 @@ CVE-2022-46999
 CVE-2022-46998
 	RESERVED
 CVE-2022-46997 (Passhunt commit 54eb987d30ead2b8ebbf1f0b880aa14249323867 was discovere ...)
-	TODO: check
+	NOT-FOR-US: Passhunt
 CVE-2022-46996 (vSphere_selfuse commit 2a9fe074a64f6a0dd8ac02f21e2f10d66cac5749 was di ...)
-	TODO: check
+	NOT-FOR-US: vSphere_selfuse
 CVE-2022-46995
 	RESERVED
 CVE-2022-46994
@@ -2725,7 +2725,7 @@ CVE-2022-46445
 CVE-2022-46444
 	RESERVED
 CVE-2022-46443 (mesinkasir Bangresto 1.0 is vulnberable to SQL Injection via the itemq ...)
-	TODO: check
+	NOT-FOR-US: mesinkasir Bangresto
 CVE-2022-46442
 	RESERVED
 CVE-2022-46441
@@ -3986,27 +3986,27 @@ CVE-2022-46129
 CVE-2022-46128
 	RESERVED
 CVE-2022-46127 (Helmet Store Showroom Site v1.0 is vulnerable to SQL Injection via /hs ...)
-	TODO: check
+	NOT-FOR-US: Helmet Store Showroom Site
 CVE-2022-46126 (Helmet Store Showroom Site v1.0 is vulnerable to SQL Injection via /hs ...)
-	TODO: check
+	NOT-FOR-US: Helmet Store Showroom Site
 CVE-2022-46125 (Helmet Store Showroom Site v1.0 is vulnerable to SQL Injection via /hs ...)
-	TODO: check
+	NOT-FOR-US: Helmet Store Showroom Site
 CVE-2022-46124 (Helmet Store Showroom Site v1.0 is vulnerable to SQL Injection via /hs ...)
-	TODO: check
+	NOT-FOR-US: Helmet Store Showroom Site
 CVE-2022-46123 (Helmet Store Showroom Site v1.0 is vulnerable to SQL Injection via /hs ...)
-	TODO: check
+	NOT-FOR-US: Helmet Store Showroom Site
 CVE-2022-46122 (Helmet Store Showroom Site v1.0 is vulnerable to SQL Injection via /hs ...)
-	TODO: check
+	NOT-FOR-US: Helmet Store Showroom Site
 CVE-2022-46121 (Helmet Store Showroom Site v1.0 is vulnerable to SQL Injection via /hs ...)
-	TODO: check
+	NOT-FOR-US: Helmet Store Showroom Site
 CVE-2022-46120 (Helmet Store Showroom Site v1.0 is vulnerable to SQL Injection via /hs ...)
-	TODO: check
+	NOT-FOR-US: Helmet Store Showroom Site
 CVE-2022-46119 (Helmet Store Showroom Site v1.0 is vulnerable to SQL Injection via /hs ...)
-	TODO: check
+	NOT-FOR-US: Helmet Store Showroom Site
 CVE-2022-46118 (Helmet Store Showroom Site v1.0 is vulnerable to SQL Injection via /hs ...)
-	TODO: check
+	NOT-FOR-US: Helmet Store Showroom Site
 CVE-2022-46117 (Helmet Store Showroom Site v1.0 is vulnerable to SQL Injection via /hs ...)
-	TODO: check
+	NOT-FOR-US: Helmet Store Showroom Site
 CVE-2022-46116
 	RESERVED
 CVE-2022-46115
@@ -4092,13 +4092,13 @@ CVE-2022-46076
 CVE-2022-46075
 	RESERVED
 CVE-2022-46074 (Helmet Store Showroom 1.0 is vulnerable to Cross Site Request Forgery  ...)
-	TODO: check
+	NOT-FOR-US: Helmet Store Showroom
 CVE-2022-46073 (Helmet Store Showroom 1.0 is vulnerable to Cross Site Scripting (XSS). ...)
-	TODO: check
+	NOT-FOR-US: Helmet Store Showroom
 CVE-2022-46072 (Helmet Store Showroom v1.0 vulnerable to unauthenticated SQL Injection ...)
-	TODO: check
+	NOT-FOR-US: Helmet Store Showroom
 CVE-2022-46071 (There is SQL Injection vulnerability at Helmet Store Showroom v1.0 Log ...)
-	TODO: check
+	NOT-FOR-US: Helmet Store Showroom
 CVE-2022-46070
 	RESERVED
 CVE-2022-46069
@@ -7492,7 +7492,7 @@ CVE-2022-44900 (A directory traversal vulnerability in the SevenZipFile.extracta
 CVE-2022-44899
 	RESERVED
 CVE-2022-44898 (The MsIo64.sys component in Asus Aura Sync through v1.07.79 does not p ...)
-	TODO: check
+	NOT-FOR-US: Asus Aura Sync
 CVE-2022-44897
 	RESERVED
 CVE-2022-44896
@@ -7624,7 +7624,7 @@ CVE-2022-44834
 CVE-2022-44833
 	RESERVED
 CVE-2022-44832 (D-Link DIR-3040 device with firmware 120B03 was discovered to contain  ...)
-	TODO: check
+	NOT-FOR-US: D-Link
 CVE-2022-44831
 	RESERVED
 CVE-2022-44830 (Sourcecodester Event Registration App v1.0 was discovered to contain m ...)
@@ -30065,7 +30065,7 @@ CVE-2022-2662 (Sequi PortBloque S has a improper authentication issues which may
 CVE-2022-2661 (Sequi PortBloque S has an improper authorization vulnerability, which  ...)
 	NOT-FOR-US: Sequi PortBloque S
 CVE-2022-2660 (Delta Industrial Automation DIALink versions 1.4.0.0 and prior are vul ...)
-	TODO: check
+	NOT-FOR-US: Delta Industrial Automation
 CVE-2022-2659
 	RESERVED
 CVE-2022-2658
@@ -38726,7 +38726,7 @@ CVE-2022-34273 (A vulnerability has been identified in PADS Standard/Plus Viewer
 CVE-2022-34272 (A vulnerability has been identified in PADS Standard/Plus Viewer (All  ...)
 	NOT-FOR-US: Siemens
 CVE-2022-34271 (A vulnerability in import module of Apache Atlas allows an authenticat ...)
-	TODO: check
+	NOT-FOR-US: Apache Atlas
 CVE-2022-2180 (The GREYD.SUITE WordPress theme does not properly validate uploaded cu ...)
 	NOT-FOR-US: WordPress theme
 CVE-2022-2179 (The X-Frame-Options header in Rockwell Automation MicroLogix 1100/1400 ...)
@@ -45587,25 +45587,25 @@ CVE-2022-31707
 CVE-2022-31706
 	RESERVED
 CVE-2022-31705 (VMware ESXi, Workstation, and Fusion contain a heap out-of-bounds writ ...)
-	TODO: check
+	NOT-FOR-US: VMware
 CVE-2022-31704
 	RESERVED
 CVE-2022-31703 (vRealize Network Insight (vRNI) directory traversal vulnerability in v ...)
-	TODO: check
+	NOT-FOR-US: VMware
 CVE-2022-31702 (vRealize Network Insight (vRNI) contains a command injection vulnerabi ...)
-	TODO: check
+	NOT-FOR-US: VMware
 CVE-2022-31701 (VMware Workspace ONE Access and Identity Manager contain a broken auth ...)
-	TODO: check
+	NOT-FOR-US: VMware
 CVE-2022-31700 (VMware Workspace ONE Access and Identity Manager contain an authentica ...)
-	TODO: check
+	NOT-FOR-US: VMware
 CVE-2022-31699 (VMware ESXi contains a heap-overflow vulnerability. A malicious local  ...)
-	TODO: check
+	NOT-FOR-US: VMware
 CVE-2022-31698 (The vCenter Server contains a denial-of-service vulnerability in the c ...)
-	TODO: check
+	NOT-FOR-US: VMware
 CVE-2022-31697 (The vCenter Server contains an information disclosure vulnerability du ...)
-	TODO: check
+	NOT-FOR-US: VMware
 CVE-2022-31696 (VMware ESXi contains a memory corruption vulnerability that exists in  ...)
-	TODO: check
+	NOT-FOR-US: VMware
 CVE-2022-31695
 	RESERVED
 CVE-2022-31694 (InstallBuilder Qt installers built with versions previous to 22.10 try ...)
@@ -46631,7 +46631,7 @@ CVE-2022-31360
 CVE-2022-31359
 	RESERVED
 CVE-2022-31358 (A reflected cross-site scripting (XSS) vulnerability in Proxmox Virtua ...)
-	TODO: check
+	NOT-FOR-US: Proxmox Virtual Environment
 CVE-2022-31357 (Online Ordering System v2.3.2 was discovered to contain a SQL injectio ...)
 	NOT-FOR-US: Online Ordering System
 CVE-2022-31356 (Online Ordering System v2.3.2 was discovered to contain a SQL injectio ...)
@@ -60162,11 +60162,11 @@ CVE-2022-26808 (Windows File Explorer Elevation of Privilege Vulnerability. ...)
 CVE-2022-26807 (Windows Work Folder Service Elevation of Privilege Vulnerability. ...)
 	NOT-FOR-US: Microsoft
 CVE-2022-26806 (Microsoft Office Graphics Remote Code Execution Vulnerability. This CV ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2022-26805 (Microsoft Office Graphics Remote Code Execution Vulnerability. This CV ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2022-26804 (Microsoft Office Graphics Remote Code Execution Vulnerability. This CV ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2022-26803 (Windows Print Spooler Elevation of Privilege Vulnerability. This CVE I ...)
 	NOT-FOR-US: Microsoft
 CVE-2022-26802 (Windows Print Spooler Elevation of Privilege Vulnerability. This CVE I ...)
@@ -63237,9 +63237,9 @@ CVE-2022-25714
 CVE-2022-25713
 	RESERVED
 CVE-2022-25712 (Memory corruption in camera due to buffer copy without checking size o ...)
-	TODO: check
+	NOT-FOR-US: Snapdragon
 CVE-2022-25711 (Memory corruption in camera due to improper validation of array index  ...)
-	TODO: check
+	NOT-FOR-US: Snapdragon
 CVE-2022-25710 (Denial of service due to null pointer dereference when GATT is disconn ...)
 	NOT-FOR-US: Snapdragon
 CVE-2022-25709
@@ -63257,7 +63257,7 @@ CVE-2022-25704
 CVE-2022-25703
 	RESERVED
 CVE-2022-25702 (Denial of service in modem due to reachable assertion while processing ...)
-	TODO: check
+	NOT-FOR-US: Snapdragon
 CVE-2022-25701
 	RESERVED
 CVE-2022-25700
@@ -63265,19 +63265,19 @@ CVE-2022-25700
 CVE-2022-25699
 	RESERVED
 CVE-2022-25698 (Memory corruption in SPI buses due to improper input validation while  ...)
-	TODO: check
+	NOT-FOR-US: Snapdragon
 CVE-2022-25697 (Memory corruption in i2c buses due to improper input validation while  ...)
-	TODO: check
+	NOT-FOR-US: Snapdragon
 CVE-2022-25696 (Memory corruption in display due to time-of-check time-of-use race con ...)
 	NOT-FOR-US: Qualcomm
 CVE-2022-25695 (Memory corruption in MODEM due to Improper Validation of Array Index w ...)
-	TODO: check
+	NOT-FOR-US: Snapdragon
 CVE-2022-25694
 	RESERVED
 CVE-2022-25693 (Memory corruption in graphics due to use-after-free while graphics pro ...)
 	NOT-FOR-US: Qualcomm
 CVE-2022-25692 (Denial of service in Modem due to reachable assertion while processing ...)
-	TODO: check
+	NOT-FOR-US: Snapdragon
 CVE-2022-25691 (Denial of service in Modem due to reachable assertion while processing ...)
 	TODO: check
 CVE-2022-25690 (Information disclosure in WLAN due to improper validation of array ind ...)
@@ -63291,7 +63291,7 @@ CVE-2022-25687 (memory corruption in video due to buffer overflow while parsing
 CVE-2022-25686 (Memory corruption in video module due to buffer overflow while process ...)
 	NOT-FOR-US: Qualcomm
 CVE-2022-25685 (Denial of service in Modem module due to improper authorization while  ...)
-	TODO: check
+	NOT-FOR-US: Snapdragon
 CVE-2022-25684
 	RESERVED
 CVE-2022-25683
@@ -67036,7 +67036,7 @@ CVE-2022-24482 (Windows ALPC Elevation of Privilege Vulnerability. This CVE ID i
 CVE-2022-24481 (Windows Common Log File System Driver Elevation of Privilege Vulnerabi ...)
 	NOT-FOR-US: Microsoft
 CVE-2022-24480 (Outlook for Android Elevation of Privilege Vulnerability. ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2022-24479 (Connected User Experiences and Telemetry Elevation of Privilege Vulner ...)
 	NOT-FOR-US: Microsoft
 CVE-2022-24478



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/63aa86dbc0bdbad2f64857bd12d8688eaa25ada9

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/63aa86dbc0bdbad2f64857bd12d8688eaa25ada9
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221214/9f8528ee/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list