[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) jmm at debian.org
Thu Dec 15 13:40:47 GMT 2022 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
34e5c37f by Moritz Muehlenhoff at 2022-12-15T14:40:24+01:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -75,31 +75,31 @@ CVE-2022-47413
 CVE-2022-47412
 	RESERVED
 CVE-2022-47411 (An issue was discovered in the fp_newsletter (aka Newsletter subscribe ...)
-	TODO: check
+	NOT-FOR-US: TYPO3 extension
 CVE-2022-47410 (An issue was discovered in the fp_newsletter (aka Newsletter subscribe ...)
-	TODO: check
+	NOT-FOR-US: TYPO3 extension
 CVE-2022-47409 (An issue was discovered in the fp_newsletter (aka Newsletter subscribe ...)
-	TODO: check
+	NOT-FOR-US: TYPO3 extension
 CVE-2022-47408 (An issue was discovered in the fp_newsletter (aka Newsletter subscribe ...)
-	TODO: check
+	NOT-FOR-US: TYPO3 extension
 CVE-2022-47407 (An issue was discovered in the fp_masterquiz (aka Master-Quiz) extensi ...)
-	TODO: check
+	NOT-FOR-US: TYPO3 extension
 CVE-2022-47406 (An issue was discovered in the fe_change_pwd (aka Change password for  ...)
-	TODO: check
+	NOT-FOR-US: TYPO3 extension
 CVE-2022-4508
 	RESERVED
 CVE-2022-4507
 	RESERVED
 CVE-2022-4506 (Unrestricted Upload of File with Dangerous Type in GitHub repository o ...)
-	TODO: check
+	NOT-FOR-US: OpenEMR
 CVE-2022-4505 (Improper Access Control in GitHub repository openemr/openemr prior to  ...)
-	TODO: check
+	NOT-FOR-US: OpenEMR
 CVE-2022-4504 (Improper Input Validation in GitHub repository openemr/openemr prior t ...)
-	TODO: check
+	NOT-FOR-US: OpenEMR
 CVE-2022-4503 (Cross-site Scripting (XSS) - Generic in GitHub repository openemr/open ...)
-	TODO: check
+	NOT-FOR-US: OpenEMR
 CVE-2022-4502 (Cross-site Scripting (XSS) - Reflected in GitHub repository openemr/op ...)
-	TODO: check
+	NOT-FOR-US: OpenEMR
 CVE-2022-4501 (The Mega Addons plugin for WordPress is vulnerable to authorization by ...)
 	NOT-FOR-US: Mega Addons plugin for WordPress
 CVE-2022-47405
@@ -135,7 +135,7 @@ CVE-2022-4496
 CVE-2022-4495 (A vulnerability, which was classified as problematic, has been found i ...)
 	NOT-FOR-US: collective.dms.basecontent
 CVE-2022-4494 (A vulnerability, which was classified as critical, has been found in b ...)
-	TODO: check
+	NOT-FOR-US: MCPMappingViewer
 CVE-2022-4493 (A vulnerability classified as critical was found in scifio. Affected b ...)
 	NOT-FOR-US: SCIFIO (SCientific Image Format Input & Output)
 CVE-2022-4492
@@ -459,9 +459,9 @@ CVE-2022-47372
 CVE-2022-4457
 	RESERVED
 CVE-2022-4456 (A vulnerability has been found in falling-fruit and classified as prob ...)
-	TODO: check
+	NOT-FOR-US: falling-fruit
 CVE-2022-4455 (A vulnerability, which was classified as problematic, was found in spr ...)
-	TODO: check
+	NOT-FOR-US: sproctor php-calendar
 CVE-2022-4454 (A vulnerability, which was classified as critical, has been found in m ...)
 	NOT-FOR-US: m0ver bible-online
 CVE-2022-4453
@@ -479,7 +479,7 @@ CVE-2022-4448
 CVE-2022-4447
 	RESERVED
 CVE-2022-4446 (PHP Remote File Inclusion in GitHub repository tsolucio/corebos prior  ...)
-	TODO: check
+	NOT-FOR-US: Corebos
 CVE-2022-4445
 	RESERVED
 CVE-2022-4444 (A vulnerability was found in ipti br.tag. It has been declared as prob ...)
@@ -1783,11 +1783,11 @@ CVE-2022-4378
 CVE-2022-46835
 	RESERVED
 CVE-2022-46834 (Use of a Broken or Risky Cryptographic Algorithm in SICK RFU65x firmwa ...)
-	TODO: check
+	NOT-FOR-US: SICK
 CVE-2022-46833 (Use of a Broken or Risky Cryptographic Algorithm in SICK RFU63x firmwa ...)
-	TODO: check
+	NOT-FOR-US: SICK
 CVE-2022-46832 (Use of a Broken or Risky Cryptographic Algorithm in SICK RFU62x firmwa ...)
-	TODO: check
+	NOT-FOR-US: SICK
 CVE-2022-4375 (A vulnerability was found in Mingsoft MCMS up to 5.2.9. It has been cl ...)
 	NOT-FOR-US: Mingsoft MCMS
 CVE-2022-4374
@@ -3758,9 +3758,9 @@ CVE-2022-46258
 CVE-2022-46257
 	RESERVED
 CVE-2022-46256 (A path traversal vulnerability was identified in GitHub Enterprise Ser ...)
-	TODO: check
+	NOT-FOR-US: GitHub Enterprise Server
 CVE-2022-46255 (An improper limitation of a pathname to a restricted directory vulnera ...)
-	TODO: check
+	NOT-FOR-US: GitHub Enterprise Server
 CVE-2022-46254
 	RESERVED
 CVE-2022-46253
@@ -4652,7 +4652,7 @@ CVE-2022-45873 (systemd 250 and 251 allows local users to achieve a systemd-core
 CVE-2022-45872 (iTerm2 before 3.4.18 mishandles a DECRQSS response. ...)
 	NOT-FOR-US: iTerm2
 CVE-2022-45871 (A Denial-of-Service (DoS) vulnerability was discovered in the fsicapd  ...)
-	TODO: check
+	NOT-FOR-US: WithSecure
 CVE-2022-45870
 	RESERVED
 CVE-2022-45869 (A race condition in the x86 KVM subsystem in the Linux kernel through  ...)
@@ -5115,11 +5115,11 @@ CVE-2022-45692
 CVE-2022-45691
 	RESERVED
 CVE-2022-45690 (A stack overflow in the org.json.JSONTokener.nextValue::JSONTokener.ja ...)
-	TODO: check
+	NOT-FOR-US: hutool-json
 CVE-2022-45689 (hutool-json v5.8.10 was discovered to contain an out of memory error. ...)
-	TODO: check
+	NOT-FOR-US: hutool-json
 CVE-2022-45688 (A stack overflow in the XML.toJSONObject component of hutool-json v5.8 ...)
-	TODO: check
+	NOT-FOR-US: hutool-json
 CVE-2022-45687
 	RESERVED
 CVE-2022-45686
@@ -6964,7 +6964,7 @@ CVE-2022-45136 (** UNSUPPORTED WHEN ASSIGNED ** Apache Jena SDB 3.17.0 and earli
 CVE-2022-45135
 	RESERVED
 CVE-2022-43668 (Typora versions prior to 1.4.4 fails to properly neutralize JavaScript ...)
-	TODO: check
+	NOT-FOR-US: Typora
 CVE-2022-3932
 	RESERVED
 CVE-2022-3931
@@ -7122,7 +7122,7 @@ CVE-2022-3919 (The Jetpack CRM WordPress plugin before 5.4.3 does not sanitise a
 CVE-2022-3918
 	RESERVED
 CVE-2022-3917 (Improper access control of bootloader function was discovered in Motor ...)
-	TODO: check
+	NOT-FOR-US: Motorola
 CVE-2022-3916
 	RESERVED
 	NOT-FOR-US: Keycloak
@@ -7329,7 +7329,7 @@ CVE-2022-45035
 CVE-2022-45034
 	RESERVED
 CVE-2022-45033 (A cross-site scripting (XSS) vulnerability in Expense Tracker 1.0 allo ...)
-	TODO: check
+	NOT-FOR-US: Expense Tracker
 CVE-2022-45032
 	RESERVED
 CVE-2022-45031



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/34e5c37f46f12e374e15629fb53729ac5979cd20

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/34e5c37f46f12e374e15629fb53729ac5979cd20
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221215/8ffa392d/attachment.htm>

More information about the debian-security-tracker-commits mailing list