[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri Dec 30 08:26:21 GMT 2022 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
68e8a4be by Salvatore Bonaccorso at 2022-12-30T09:25:24+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,7 +1,7 @@
 CVE-2022-48195
 	RESERVED
 CVE-2022-48194 (TP-Link TL-WR902AC devices through V3 0.9.1 allow remote authenticated ...)
-	TODO: check
+	NOT-FOR-US: TP-Link
 CVE-2022-48193
 	RESERVED
 CVE-2022-48192
@@ -961,7 +961,7 @@ CVE-2022-4757
 CVE-2022-4756
 	RESERVED
 CVE-2022-4755 (A vulnerability was found in FlatPress and classified as problematic.  ...)
-	TODO: check
+	NOT-FOR-US: FlatPress
 CVE-2022-4754
 	RESERVED
 CVE-2022-4753
@@ -975,7 +975,7 @@ CVE-2022-4750
 CVE-2022-4749
 	RESERVED
 CVE-2022-4748 (A vulnerability was found in FlatPress. It has been classified as crit ...)
-	TODO: check
+	NOT-FOR-US: FlatPress
 CVE-2022-4747
 	RESERVED
 CVE-2021-4289 (A vulnerability classified as problematic was found in OpenMRS openmrs ...)
@@ -1010,7 +1010,7 @@ CVE-2019-25088 (A vulnerability was found in ytti Oxidized Web. It has been clas
 CVE-2019-25087 (A vulnerability was found in RamseyK httpserver. It has been rated as  ...)
 	TODO: check
 CVE-2019-25086 (A vulnerability was found in IET-OU Open Media Player up to 1.5.0. It  ...)
-	TODO: check
+	NOT-FOR-US: IET-OU Open Media Player
 CVE-2018-25049 (A vulnerability was found in email-existence. It has been rated as pro ...)
 	TODO: check
 CVE-2015-10005 (A vulnerability was found in markdown-it up to 2.x. It has been classi ...)
@@ -6042,7 +6042,7 @@ CVE-2022-46742 (Code injection in paddle.audio.functional.get_window in PaddlePa
 CVE-2022-46741 (Out-of-bounds read in gather_tree in PaddlePaddle before 2.4. ...)
 	NOT-FOR-US: PaddlePaddle
 CVE-2022-46740 (There is a denial of service vulnerability in the Wi-Fi module of the  ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2022-46728
 	RESERVED
 CVE-2022-46727
@@ -6702,7 +6702,7 @@ CVE-2022-46444
 CVE-2022-46443 (mesinkasir Bangresto 1.0 is vulnberable to SQL Injection via the itemq ...)
 	NOT-FOR-US: mesinkasir Bangresto
 CVE-2022-46442 (dedecms <=V5.7.102 is vulnerable to SQL Injection. In sys_ sql_ n q ...)
-	TODO: check
+	NOT-FOR-US: dedecms
 CVE-2022-46441
 	RESERVED
 CVE-2022-46440
@@ -7792,7 +7792,7 @@ CVE-2022-46181 (Gotify server is a simple server for sending and receiving messa
 CVE-2022-46180
 	RESERVED
 CVE-2022-46179 (LiuOS is a small Python project meant to imitate the functions of a re ...)
-	TODO: check
+	NOT-FOR-US: LiuOS
 CVE-2022-46178 (MeterSphere is a one-stop open source continuous testing platform, cov ...)
 	TODO: check
 CVE-2022-46177
@@ -8306,7 +8306,7 @@ CVE-2022-45965
 CVE-2022-45964
 	RESERVED
 CVE-2022-45963 (h3c firewall <= 3.10 ESS6703 has a privilege bypass vulnerability. ...)
-	TODO: check
+	NOT-FOR-US: h3c firewall
 CVE-2022-45962
 	RESERVED
 CVE-2022-45961
@@ -8517,7 +8517,7 @@ CVE-2022-45877 (OpenHarmony-v3.1.4 and prior versions had an vulnerability. PIN
 CVE-2022-45875
 	RESERVED
 CVE-2022-45874 (Huawei Aslan Children's Watch has an improper authorization vulnerabil ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2022-45126
 	RESERVED
 CVE-2022-45118 (OpenHarmony-v3.1.2 and prior versions had a vulnerability that telepho ...)
@@ -8830,7 +8830,7 @@ CVE-2022-45780
 CVE-2022-45779
 	RESERVED
 CVE-2022-45778 (https://www.hillstonenet.com.cn/ Hillstone Firewall SG-6000 <= 5.0. ...)
-	TODO: check
+	NOT-FOR-US: Hillstone Firewall SG-6000
 CVE-2022-45777
 	RESERVED
 CVE-2022-45776
@@ -13455,7 +13455,7 @@ CVE-2022-44566
 CVE-2022-44565 (An improper access validation vulnerability exists in airMAX AC <8. ...)
 	TODO: check
 CVE-2022-44564 (Huawei Aslan Children's Watch has a path traversal vulnerability. Succ ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2022-3811
 	RESERVED
 CVE-2022-3810 (A vulnerability was found in Axiomatic Bento4. It has been classified  ...)
@@ -14434,7 +14434,7 @@ CVE-2022-44139 (Apartment Visitor Management System v1.0 is vulnerable to SQL In
 CVE-2022-44138
 	RESERVED
 CVE-2022-44137 (SourceCodester Sanitization Management System 1.0 is vulnerable to SQL ...)
-	TODO: check
+	NOT-FOR-US: SourceCodester Sanitization Management System
 CVE-2022-44136 (Zenario CMS 9.3.57186 is vulnerable to Remote Code Excution (RCE). ...)
 	NOT-FOR-US: Zenario CMS
 CVE-2022-44135
@@ -19379,7 +19379,7 @@ CVE-2022-42955 (The PassWork extension 5.0.9 for Chrome and other browsers allow
 CVE-2022-42954 (Keyfactor EJBCA before 7.10.0 allows XSS. ...)
 	NOT-FOR-US: Keyfactor EJBCA
 CVE-2022-42953 (Certain ZKTeco products (ZEM500-510-560-760, ZEM600-800, ZEM720, ZMM)  ...)
-	TODO: check
+	NOT-FOR-US: ZKTeco
 CVE-2022-42952
 	RESERVED
 CVE-2022-42951



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/68e8a4be08a4111b6281cd6132576cd8b730d0bc

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/68e8a4be08a4111b6281cd6132576cd8b730d0bc
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221230/b37dfdc8/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list