[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Dec 20 21:19:15 GMT 2022 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
10d39f46 by Salvatore Bonaccorso at 2022-12-20T22:18:44+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -4509,11 +4509,11 @@ CVE-2022-46423
 CVE-2022-46422
 	RESERVED
 CVE-2022-43486 (Hidden functionality vulnerability in Buffalo network devices WSR-3200 ...)
-	TODO: check
+	NOT-FOR-US: Buffalo network devices
 CVE-2022-43466 (Buffalo network devices WSR-3200AX4S firmware Ver. 1.26 and earlier, W ...)
-	TODO: check
+	NOT-FOR-US: Buffalo network devices
 CVE-2022-43443 (Buffalo network devices WSR-3200AX4S firmware Ver. 1.26 and earlier, W ...)
-	TODO: check
+	NOT-FOR-US: Buffalo network devices
 CVE-2022-4294
 	RESERVED
 CVE-2022-4293 (Floating Point Comparison with Incorrect Operator in GitHub repository ...)
@@ -4559,11 +4559,11 @@ CVE-2022-46421
 CVE-2022-4281 (A vulnerability has been found in Facepay 1.0 and classified as critic ...)
 	NOT-FOR-US: Facepay
 CVE-2022-46288 (Open redirect vulnerability in DENSHI NYUSATSU CORE SYSTEM v6 R4 and e ...)
-	TODO: check
+	NOT-FOR-US: DENSHI NYUSATSU CORE SYSTEM
 CVE-2022-46287 (Cross-site scripting vulnerability in DENSHI NYUSATSU CORE SYSTEM v6 R ...)
-	TODO: check
+	NOT-FOR-US: DENSHI NYUSATSU CORE SYSTEM
 CVE-2022-41993 (Cross-site scripting vulnerability in DENSHI NYUSATSU CORE SYSTEM v6 R ...)
-	TODO: check
+	NOT-FOR-US: DENSHI NYUSATSU CORE SYSTEM
 CVE-2022-46416
 	RESERVED
 CVE-2022-46415
@@ -4591,15 +4591,15 @@ CVE-2022-46405 (Mastodon through 4.0.2 allows attackers to cause a denial of ser
 CVE-2022-46404 (A command injection vulnerability has been identified in Atos Unify Op ...)
 	NOT-FOR-US: Atos Unify OpenScape
 CVE-2022-46403 (The Microchip RN4870 module firmware 1.43 (and the Microchip PIC Light ...)
-	TODO: check
+	NOT-FOR-US: Microchip
 CVE-2022-46402 (The Microchip RN4870 module firmware 1.43 (and the Microchip PIC Light ...)
-	TODO: check
+	NOT-FOR-US: Microchip
 CVE-2022-46401 (The Microchip RN4870 module firmware 1.43 (and the Microchip PIC Light ...)
-	TODO: check
+	NOT-FOR-US: Microchip
 CVE-2022-46400 (The Microchip RN4870 module firmware 1.43 (and the Microchip PIC Light ...)
-	TODO: check
+	NOT-FOR-US: Microchip
 CVE-2022-46399 (The Microchip RN4870 module firmware 1.43 (and the Microchip PIC Light ...)
-	TODO: check
+	NOT-FOR-US: Microchip
 CVE-2022-46398
 	RESERVED
 CVE-2022-46397
@@ -7307,7 +7307,7 @@ CVE-2022-45471 (In JetBrains Hub before 2022.3.15181 Throttling was missed when
 CVE-2022-45470 (** UNSUPPORTED WHEN ASSIGNED ** missing input validation in Apache Ham ...)
 	NOT-FOR-US: Apache Hama
 CVE-2022-44456 (CONPROSYS HMI System (CHS) Ver.3.4.4?and earlier allows a remote unaut ...)
-	TODO: check
+	NOT-FOR-US: CONPROSYS HMI System (CHS)
 CVE-2022-4061 (The JobBoardWP WordPress plugin before 1.2.2 does not properly validat ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-4060
@@ -8943,11 +8943,11 @@ CVE-2022-3879 (The Car Dealer (Dealership) and Vehicle sales WordPress Plugin Wo
 CVE-2022-3878 (A vulnerability classified as critical has been found in Maxon ERP. Th ...)
 	NOT-FOR-US: Maxon ERP
 CVE-2022-3877 (A vulnerability, which was classified as problematic, was found in Cli ...)
-	TODO: check
+	NOT-FOR-US: Click Studios Passwordstate and Passwordstate Browser Extension Chrome
 CVE-2022-3876 (A vulnerability, which was classified as problematic, has been found i ...)
-	TODO: check
+	NOT-FOR-US: Click Studios Passwordstate and Passwordstate Browser Extension Chrome
 CVE-2022-3875 (A vulnerability classified as critical was found in Click Studios Pass ...)
-	TODO: check
+	NOT-FOR-US: Click Studios Passwordstate and Passwordstate Browser Extension Chrome
 CVE-2022-3874
 	RESERVED
 CVE-2022-3873 (Cross-site Scripting (XSS) - DOM in GitHub repository jgraph/drawio pr ...)
@@ -8964,7 +8964,7 @@ CVE-2022-45043 (Tenda AX12 V22.03.01.16_cn is vulnerable to command injection vi
 CVE-2022-45042
 	RESERVED
 CVE-2022-45041 (SQL Injection exits in xinhu < 2.5.0 ...)
-	TODO: check
+	NOT-FOR-US: xinhu
 CVE-2022-45040 (A cross-site scripting (XSS) vulnerability in /admin/pages/sections_sa ...)
 	NOT-FOR-US: WBCE CMS
 CVE-2022-45039 (An arbitrary file upload vulnerability in the Server Settings module o ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/10d39f46c8de2a2d779bbb7a47ad1f06e9b9c757

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/10d39f46c8de2a2d779bbb7a47ad1f06e9b9c757
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221220/c8cf83e3/attachment.htm>

More information about the debian-security-tracker-commits mailing list