[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) jmm at debian.org
Thu Dec 22 14:35:09 GMT 2022 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
fc9a34f8 by Moritz Muehlenhoff at 2022-12-22T15:34:48+01:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -8842,6 +8842,7 @@ CVE-2022-45348
 	RESERVED
 CVE-2022-45347
 	RESERVED
+	NOT-FOR-US: Apache ShardingSphere-Proxy
 CVE-2022-45344
 	RESERVED
 CVE-2022-45343 (GPAC v2.1-DEV-rev478-g696e6f868-master was discovered to contain a hea ...)
@@ -17110,7 +17111,7 @@ CVE-2022-43272 (DCMTK v3.6.7 was discovered to contain a memory leak via the T_A
 	NOTE: https://github.com/songxpu/bug_report/tree/master/DCMTK/memory_leak_in_3.6.7
 	NOTE: Fixed by: https://github.com/DCMTK/dcmtk/commit/c34f4e46e672ad21accf04da0dc085e43be6f5e1
 CVE-2022-43271 (Inhabit Systems Pty Ltd Move CRM version 4, build 260 was discovered t ...)
-	TODO: check
+	NOT-FOR-US: Inhabit Systems Pty Ltd Move CRM
 CVE-2022-43270
 	RESERVED
 CVE-2022-43269
@@ -18773,11 +18774,11 @@ CVE-2022-42719 (A use-after-free in the mac80211 stack when parsing a multi-BSSI
 	NOTE: https://lore.kernel.org/netdev/20221013100522.46346-1-johannes@sipsolutions.net/T/#u
 	NOTE: https://github.com/PurpleVsGreen/beacown
 CVE-2022-42718 (Incorrect default permissions in the installation folder for NI LabVIE ...)
-	TODO: check
+	NOT-FOR-US: NI LabVIEW
 CVE-2022-42717 (An issue was discovered in Hashicorp Packer before 2.3.1. The recommen ...)
 	NOT-FOR-US: Hashicorp Packer
 CVE-2022-42716 (An issue was discovered in the Arm Mali GPU Kernel Driver. There is a  ...)
-	TODO: check
+	NOT-FOR-US: Arm Mali GPU Kernel Driver
 CVE-2022-42715 (A reflected XSS vulnerability exists in REDCap before 12.04.18 in the  ...)
 	NOT-FOR-US: REDCap
 CVE-2022-42714
@@ -23534,7 +23535,7 @@ CVE-2022-40843 (The Tenda AC1200 V-W15Ev2 V15.11.0.10(1576) router is vulnerable
 CVE-2022-40842 (ndk design NdkAdvancedCustomizationFields 3.5.0 is vulnerable to Serve ...)
 	NOT-FOR-US: NdkAdvancedCustomizationFields
 CVE-2022-40841 (A cross-site scripting (XSS) vulnerability in NdkAdvancedCustomization ...)
-	TODO: check
+	NOT-FOR-US: NdkAdvancedCustomizationFields
 CVE-2022-40840 (ndk design NdkAdvancedCustomizationFields 3.5.0 is vulnerable to Cross ...)
 	NOT-FOR-US: NdkAdvancedCustomizationFields
 CVE-2022-40839 (A SQL injection vulnerability in the height and width parameter in Ndk ...)
@@ -24191,19 +24192,19 @@ CVE-2022-3190 (Infinite loop in the F5 Ethernet Trailer protocol dissector in Wi
 	NOTE: https://gitlab.com/wireshark/wireshark/-/issues/18307
 	NOTE: https://www.wireshark.org/security/wnpa-sec-2022-06.html
 CVE-2022-3189 (Dataprobe iBoot-PDU FW versions prior to 1.42.06162022 contain a vulne ...)
-	TODO: check
+	NOT-FOR-US: Dataprobe iBoot-PDU FW
 CVE-2022-3188 (Dataprobe iBoot-PDU FW versions prior to 1.42.06162022 contain a vulne ...)
-	TODO: check
+	NOT-FOR-US: Dataprobe iBoot-PDU FW
 CVE-2022-3187 (Dataprobe iBoot-PDU FW versions prior to 1.42.06162022 contain a vulne ...)
-	TODO: check
+	NOT-FOR-US: Dataprobe iBoot-PDU FW
 CVE-2022-3186 (Dataprobe iBoot-PDU FW versions prior to 1.42.06162022 contain a vulne ...)
-	TODO: check
+	NOT-FOR-US: Dataprobe iBoot-PDU FW
 CVE-2022-3185 (Dataprobe iBoot-PDU FW versions prior to 1.42.06162022 contain a vulne ...)
-	TODO: check
+	NOT-FOR-US: Dataprobe iBoot-PDU FW
 CVE-2022-3184 (Dataprobe iBoot-PDU FW versions prior to 1.42.06162022 contain a vulne ...)
-	TODO: check
+	NOT-FOR-US: Dataprobe iBoot-PDU FW
 CVE-2022-3183 (Dataprobe iBoot-PDU FW versions prior to 1.42.06162022 contain a vulne ...)
-	TODO: check
+	NOT-FOR-US: Dataprobe iBoot-PDU FW
 CVE-2022-3182 (Improper Access Control vulnerability in the Duo SMS two-factor of Dev ...)
 	NOT-FOR-US: Devolutions Remote Desktop Manager
 CVE-2022-40606 (MITRE CALDERA before 4.1.0 allows XSS in the Operations tab and/or Deb ...)
@@ -27231,7 +27232,7 @@ CVE-2022-39306 (Grafana is an open-source platform for monitoring and observabil
 CVE-2022-39305 (Gin-vue-admin is a backstage management system based on vue and gin, w ...)
 	NOT-FOR-US: Gin-vue-admin
 CVE-2022-39304 (ghinstallation provides transport, which implements http.RoundTripper  ...)
-	TODO: check
+	NOT-FOR-US: ghinstallation
 CVE-2022-39303 (Ree6 is a moderation bot. This vulnerability allows manipulation of SQ ...)
 	NOT-FOR-US: Ree6
 CVE-2022-39302 (Ree6 is a moderation bot. This vulnerability would allow other server  ...)
@@ -27888,7 +27889,7 @@ CVE-2022-3075 (Insufficient data validation in Mojo in Google Chrome prior to 10
 CVE-2022-3074 (The Slider Hero WordPress plugin before 8.4.4 does not escape the slid ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-3073 (Quanos "SCHEMA ST4" example web templates in version Bootstrap 2019 v2 ...)
-	TODO: check
+	NOT-FOR-US: Quanos "SCHEMA ST4" example web templates
 CVE-2022-3072 (Cross-site Scripting (XSS) - Stored in GitHub repository francoisjacqu ...)
 	NOT-FOR-US: francoisjacquet/rosariosis
 CVE-2006-20001
@@ -28386,7 +28387,7 @@ CVE-2022-38902 (A Cross-site scripting (XSS) vulnerability in the Blog module -
 CVE-2022-38901 (A Cross-site scripting (XSS) vulnerability in the Document and Media m ...)
 	NOT-FOR-US: Liferay
 CVE-2022-38900 (decode-uri-component 0.2.0 is vulnerable to Improper Input Validation  ...)
-	TODO: check
+	NOT-FOR-US: Node decode-uri-component
 CVE-2022-38899
 	RESERVED
 CVE-2022-38898
@@ -28440,7 +28441,7 @@ CVE-2022-38875
 CVE-2022-38874
 	RESERVED
 CVE-2022-38873 (D-Link devices DAP-2310 v2.10rc036 and earlier, DAP-2330 v1.06rc020 an ...)
-	TODO: check
+	NOT-FOR-US: D-Link
 CVE-2022-38872
 	RESERVED
 CVE-2022-38871 (In Free5gc v3.0.5, the AMF breaks due to malformed NAS messages. ...)
@@ -28850,7 +28851,7 @@ CVE-2022-38755 (A vulnerability has been identified in Micro Focus Filr in versi
 CVE-2022-38754 (A potential vulnerability has been identified in Micro Focus Operation ...)
 	NOT-FOR-US: Micro Focus
 CVE-2022-38753 (This update resolves a multi-factor authentication bypass attack ...)
-	TODO: check
+	NOT-FOR-US: Micro Focus
 CVE-2022-2999
 	RESERVED
 CVE-2022-2998 (Use after free in Browser Creation in Google Chrome prior to 104.0.511 ...)
@@ -28965,7 +28966,7 @@ CVE-2022-38735
 CVE-2022-38734
 	RESERVED
 CVE-2022-38733 (OnCommand Insight versions 7.3.1 through 7.3.14 are susceptible to an  ...)
-	TODO: check
+	NOT-FOR-US: NetApp
 CVE-2022-38732 (SnapCenter versions prior to 4.7 shipped without Content Security Poli ...)
 	NOT-FOR-US: SnapCenter (NetAPP)
 CVE-2022-38731
@@ -29088,7 +29089,7 @@ CVE-2022-2968
 CVE-2022-2967
 	RESERVED
 CVE-2022-2966 (Out-of-bounds Read vulnerability in Delta Electronics DOPSoft.This iss ...)
-	TODO: check
+	NOT-FOR-US: Delta Electronics DOPSoft
 CVE-2022-2965 (Improper Restriction of Rendered UI Layers or Frames in GitHub reposit ...)
 	NOT-FOR-US: NotrinosERP
 CVE-2022-2964 (A flaw was found in the Linux kernel’s driver for the ASIX AX881 ...)
@@ -29228,7 +29229,7 @@ CVE-2022-38661 (HCL Workload Automation could allow a local user to overwrite ke
 CVE-2022-38660 (HCL XPages applications are susceptible to a Cross Site Request Forger ...)
 	NOT-FOR-US: HCL
 CVE-2022-38659 (In specific scenarios, on Windows the operator credentials may be encr ...)
-	TODO: check
+	NOT-FOR-US: HCL
 CVE-2022-38658
 	RESERVED
 CVE-2022-38657
@@ -30736,9 +30737,9 @@ CVE-2022-38177 (By spoofing the target resolver with responses that have a malfo
 	NOTE: Fixed by (while refactoring): https://gitlab.isc.org/isc-projects/bind9/-/commit/d4eb6e0a57a7eeb42328ff66865fa66688603c17 (v9_17_20)
 	NOTE: Fixed by: https://gitlab.isc.org/isc-projects/bind9/-/commit/5b2282afff760b1ed3471f6666bdfe8e1d34e590 (v9_16_33)
 CVE-2022-2808 (Algan Yazılım Prens Student Information System product has a ...)
-	TODO: check
+	NOT-FOR-US: Algan
 CVE-2022-2807 (Algan Yazılım Prens Student Information System product has a ...)
-	TODO: check
+	NOT-FOR-US: Algan
 CVE-2022-2806 (It was found that the ovirt-log-collector/sosreport collects the RHV a ...)
 	NOT-FOR-US: ovirt-log-collector
 CVE-2022-2805 (A flaw was found in ovirt-engine, which leads to the logging of plaint ...)
@@ -30938,9 +30939,9 @@ CVE-2022-38126
 CVE-2022-38125
 	RESERVED
 CVE-2022-38124 (Debug tool in Secomea SiteManager allows logged-in administrator to mo ...)
-	TODO: check
+	NOT-FOR-US: Secomea
 CVE-2022-38123 (Improper Input Validation of plugin files in Administrator Interface o ...)
-	TODO: check
+	NOT-FOR-US: Secomea
 CVE-2022-38122 (UPSMON PRO transmits sensitive data in cleartext over HTTP protocol. A ...)
 	NOT-FOR-US: UPSMON PRO
 CVE-2022-38121 (UPSMON PRO configuration file stores user password in plaintext under  ...)
@@ -30993,7 +30994,7 @@ CVE-2022-2754 (The Ketchup Restaurant Reservations WordPress plugin through 1.0.
 CVE-2022-2753 (The Ketchup Restaurant Reservations WordPress plugin through 1.0.0 doe ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-2752 (A vulnerability in the web server of Secomea GateManager allows a loca ...)
-	TODO: check
+	NOT-FOR-US: Secomea
 CVE-2022-2751 (A vulnerability was found in SourceCodester Company Website CMS and cl ...)
 	NOT-FOR-US: SourceCodester Company Website CMS
 CVE-2022-2750 (A vulnerability, which was classified as critical, was found in Source ...)
@@ -31669,7 +31670,7 @@ CVE-2022-37834
 CVE-2022-37833
 	RESERVED
 CVE-2022-37832 (Mutiny 7.2.0-10788 suffers from Hardcoded root password. ...)
-	TODO: check
+	NOT-FOR-US: Mutiny
 CVE-2022-37831
 	RESERVED
 CVE-2022-37830
@@ -35898,9 +35899,9 @@ CVE-2022-36224 (XunRuiCMS V4.5.6 is vulnerable to Cross Site Request Forgery (CS
 CVE-2022-36223 (In Emby Server 4.6.7.0, the playlist name field is vulnerable to XSS s ...)
 	NOT-FOR-US: Emby Server
 CVE-2022-36222 (Nokia Fastmile 3tg00118abad52 devices shipped by Optus are shipped wit ...)
-	TODO: check
+	NOT-FOR-US: Nokia
 CVE-2022-36221 (Nokia Fastmile 3tg00118abad52 is affected by an authenticated path tra ...)
-	TODO: check
+	NOT-FOR-US: Nokia
 CVE-2022-36220 (Kiosk breakout (without quit password) in Safe Exam Browser (Windows)  ...)
 	NOT-FOR-US: Safe Exam Browser
 CVE-2022-36219
@@ -37220,11 +37221,11 @@ CVE-2022-35697 (Adobe Experience Manager Core Components version 2.20.6 (and ear
 CVE-2022-35696 (Adobe Experience Manager version 6.5.14 (and earlier) is affected by a ...)
 	NOT-FOR-US: Adobe
 CVE-2022-35695 (Adobe Experience Manager version 6.5.14 (and earlier) is affected by a ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2022-35694 (Adobe Experience Manager version 6.5.14 (and earlier) is affected by a ...)
 	NOT-FOR-US: Adobe
 CVE-2022-35693 (Adobe Experience Manager version 6.5.14 (and earlier) is affected by a ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2022-35692 (Adobe Commerce versions 2.4.3-p2 (and earlier), 2.3.7-p3 (and earlier) ...)
 	NOT-FOR-US: Adobe
 CVE-2022-35691 (Adobe Acrobat Reader versions 22.002.20212 (and earlier) and 20.005.30 ...)
@@ -43967,7 +43968,7 @@ CVE-2022-33270
 CVE-2022-33269
 	RESERVED
 CVE-2022-33268 (Information disclosure due to buffer over-read in Bluetooth HOST while ...)
-	TODO: check
+	NOT-FOR-US: Qualcomm
 CVE-2022-33267
 	RESERVED
 CVE-2022-33266
@@ -44729,9 +44730,9 @@ CVE-2022-32969 (MetaMask before 10.11.3 might allow an attacker to access a user
 CVE-2022-32968
 	RESERVED
 CVE-2022-32967 (RTL8111EP-CG/RTL8111FP-CG DASH function has hard-coded password. An un ...)
-	TODO: check
+	NOT-FOR-US: RTL8111EP-CG/RTL8111FP-CGm
 CVE-2022-32966 (RTL8168FP-CG Dash remote management function has missing authorization ...)
-	TODO: check
+	NOT-FOR-US: RTL8168FP-CG
 CVE-2022-32965 (OMICARD EDM has a hard-coded machine key. An unauthenticated remote at ...)
 	NOT-FOR-US: OMICARD EDM
 CVE-2022-32964 (OMICARD EDM’s API function has insufficient validation for user  ...)
@@ -48281,7 +48282,7 @@ CVE-2022-31710
 CVE-2022-31709
 	RESERVED
 CVE-2022-31708 (vRealize Operations (vROps) contains a broken access control vulnerabi ...)
-	TODO: check
+	NOT-FOR-US: VMware
 CVE-2022-31707 (vRealize Operations (vROps) contains a privilege escalation vulnerabil ...)
 	NOT-FOR-US: VMware
 CVE-2022-31706
@@ -48331,7 +48332,7 @@ CVE-2022-31685 (VMware Workspace ONE Assist prior to 22.10 contains an Authentic
 CVE-2022-31684 (Reactor Netty HTTP Server, in versions 1.0.11 - 1.0.23, may log reques ...)
 	NOT-FOR-US: Reactor Netty, different from src:netty
 CVE-2022-31683 (Concourse (7.x.y prior to 7.8.3 and 6.x.y prior to 6.7.9) contains an  ...)
-	TODO: check
+	NOT-FOR-US: VMware
 CVE-2022-31682 (VMware Aria Operations contains an arbitrary file read vulnerability.  ...)
 	NOT-FOR-US: VMware
 CVE-2022-31681 (VMware ESXi contains a null-pointer deference vulnerability. A malicio ...)
@@ -51301,7 +51302,7 @@ CVE-2022-30681 (Adobe Experience Manager versions 6.5.13.0 (and earlier) is affe
 CVE-2022-30680 (Adobe Experience Manager versions 6.5.13.0 (and earlier) is affected b ...)
 	NOT-FOR-US: Adobe
 CVE-2022-30679 (Adobe Experience Manager version 6.5.14 (and earlier) is affected by a ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2022-30678 (Adobe Experience Manager versions 6.5.13.0 (and earlier) is affected b ...)
 	NOT-FOR-US: Adobe
 CVE-2022-30677 (Adobe Experience Manager versions 6.5.13.0 (and earlier) is affected b ...)
@@ -58913,7 +58914,7 @@ CVE-2022-28175
 CVE-2022-28174
 	RESERVED
 CVE-2022-28173 (The web server of some Hikvision wireless bridge products have an acce ...)
-	TODO: check
+	NOT-FOR-US: Hikvision
 CVE-2022-28172 (The web module in some Hikvision Hybrid SAN/Cluster Storage products h ...)
 	NOT-FOR-US: Hikvision
 CVE-2022-28171 (The web module in some Hikvision Hybrid SAN/Cluster Storage products h ...)
@@ -60615,7 +60616,7 @@ CVE-2022-27583 (A remote unprivileged attacker can interact with the configurati
 CVE-2022-27582 (Password recovery vulnerability in SICK SIM4000 (PPC) Partnumber 10787 ...)
 	NOT-FOR-US: SICK SICK SIM4000 (PPC) Partnumber 1078787
 CVE-2022-27581 (Use of a Broken or Risky Cryptographic Algorithm in SICK RFU61x firmwa ...)
-	TODO: check
+	NOT-FOR-US: SICK
 CVE-2022-27580 (A deserialization vulnerability in a .NET framework class used and not ...)
 	NOT-FOR-US: SICK
 CVE-2022-27579 (A deserialization vulnerability in a .NET framework class used and not ...)
@@ -60744,7 +60745,7 @@ CVE-2022-27520
 CVE-2022-27519
 	RESERVED
 CVE-2022-27518 (Unauthenticated remote arbitrary code execution ...)
-	TODO: check
+	NOT-FOR-US: Citrix
 CVE-2022-27517
 	RESERVED
 CVE-2022-27516 (User login brute force protection functionality bypass ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fc9a34f8ab79693ac23dadf7b88afd244a814c52

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fc9a34f8ab79693ac23dadf7b88afd244a814c52
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221222/4cf57e04/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list