[Git][security-tracker-team/security-tracker][master] Process NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Jul 12 17:01:26 BST 2022 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
2813d3b9 by Salvatore Bonaccorso at 2022-07-12T18:00:57+02:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,5 +1,5 @@
 CVE-2022-35648 (Nautilus treadmills T616 S/N 100672PRO21140001 through 100672PRO211719 ...)
-	TODO: check
+	NOT-FOR-US: Nautilus treadmills
 CVE-2022-35647
 	RESERVED
 CVE-2022-35646
@@ -6475,7 +6475,7 @@ CVE-2022-33049 (Online Railway Reservation System v1.0 was discovered to contain
 CVE-2022-33048 (Online Railway Reservation System v1.0 was discovered to contain a SQL ...)
 	NOT-FOR-US: Online Railway Reservation System
 CVE-2022-33047 (OTFCC v0.10.4 was discovered to contain a heap buffer overflow after f ...)
-	TODO: check
+	NOT-FOR-US: OTFCC
 CVE-2022-33046
 	RESERVED
 CVE-2022-33045
@@ -9456,7 +9456,7 @@ CVE-2022-31906 (Online Fire Reporting System v1.0 is vulnerable to Cross Site Sc
 CVE-2022-31905
 	RESERVED
 CVE-2022-31904 (EGT-Kommunikationstechnik UG Mediacenter before v2.0 was discovered to ...)
-	TODO: check
+	NOT-FOR-US: EGT-Kommunikationstechnik UG Mediacenter
 CVE-2022-31903
 	RESERVED
 CVE-2022-31902
@@ -12109,7 +12109,7 @@ CVE-2022-1795 (Use After Free in GitHub repository gpac/gpac prior to v2.1.0-DEV
 	NOTE: https://huntr.dev/bounties/9c312763-41a6-4fc7-827b-269eb86efcbc
 	NOTE: https://github.com/gpac/gpac/commit/c535bad50d5812d27ee5b22b54371bddec411514
 CVE-2022-1794 (The CODESYS OPC DA Server prior V3.5.18.20 stores PLC passwords as pla ...)
-	TODO: check
+	NOT-FOR-US: CODESYS
 CVE-2022-1793 (The Private Files WordPress plugin through 0.40 is missing CSRF check  ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-1792 (The Quick Subscribe WordPress plugin through 1.7.1 does not have CSRF  ...)
@@ -12338,27 +12338,27 @@ CVE-2022-30938
 CVE-2022-30937 (A vulnerability has been identified in EN100 Ethernet module DNP3 IP v ...)
 	NOT-FOR-US: Siemens
 CVE-2022-30792 (In CmpChannelServer of CODESYS V3 in multiple versions an uncontrolled ...)
-	TODO: check
+	NOT-FOR-US: CODESYS
 CVE-2022-30791 (In CmpBlkDrvTcp of CODESYS V3 in multiple versions an uncontrolled res ...)
-	TODO: check
+	NOT-FOR-US: CODESYS
 CVE-2022-30758 (Implicit Intent hijacking vulnerability in Finder prior to SMR Jul-202 ...)
 	TODO: check
 CVE-2022-30757 (Improper authorization in isemtelephony prior to SMR Jul-2022 Release  ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2022-30756 (Implicit Intent hijacking vulnerability in Finder prior to SMR Jul-202 ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2022-30755 (Improper authentication vulnerability in AppLock prior to SMR Jul-2022 ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2022-30754 (Implicit Intent hijacking vulnerability in AppLinker prior to SMR Jul- ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2022-30753 (Improper use of a unique device ID in unprotected SecSoterService prio ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2022-30752 (Improper access control vulnerability in sendDHCPACKBroadcast function ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2022-30751 (Improper access control vulnerability in sendDHCPACKBroadcast function ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2022-30750 (Improper access control vulnerability in updateLastConnectedClientInfo ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2022-30749 (Improper access control vulnerability in Smart Things prior to 1.7.85. ...)
 	NOT-FOR-US: Samsung
 CVE-2022-30748 (Unprotected dynamic receiver in Samsung Members prior to version 4.2.0 ...)
@@ -19163,7 +19163,7 @@ CVE-2022-28625
 CVE-2022-28624 (A potential security vulnerability has been identified in certain HPE  ...)
 	TODO: check
 CVE-2022-28623 (Security vulnerabilities in HPE IceWall SSO 10.0 certd could be exploi ...)
-	TODO: check
+	NOT-FOR-US: HPE
 CVE-2022-28622 (A potential security vulnerability has been identified in HPE StoreOnc ...)
 	NOT-FOR-US: HPE
 CVE-2022-28621 (A remote disclosure of sensitive information vulnerability was discove ...)
@@ -21435,7 +21435,7 @@ CVE-2022-1098 (Delta Electronics DIAEnergie (all versions prior to 1.8.02.004) a
 CVE-2021-46742 (The multi-window module has a vulnerability of unauthorized insertion  ...)
 	NOT-FOR-US: Harmony OS
 CVE-2021-46741 (The basic framework and setting module have defects, which were introd ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2021-46740 (The device authentication service module has a defect vulnerability in ...)
 	NOT-FOR-US: Harmony OS
 CVE-2022-27887 (Maccms v10 was discovered to contain a reflected cross-site scripting  ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2813d3b994ef518b13a005b36fe193fdeed3abf2

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2813d3b994ef518b13a005b36fe193fdeed3abf2
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220712/213fd218/attachment.htm>

More information about the debian-security-tracker-commits mailing list