[Git][security-tracker-team/security-tracker][master] Process NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed Jul 13 09:18:31 BST 2022 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
62b57988 by Salvatore Bonaccorso at 2022-07-13T10:18:03+02:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1184,15 +1184,15 @@ CVE-2022-35230 (An authenticated user can create a link with reflected Javascrip
 CVE-2022-35229 (An authenticated user can create a link with reflected Javascript code ...)
 	TODO: check
 CVE-2022-35228 (SAP BusinessObjects CMC allows an unauthenticated attacker to retrieve ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2022-35227 (A vulnerability in SAP NW EP (WPC) - versions 7.30, 7.31, 7.40, 7.50,  ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2022-35226
 	RESERVED
 CVE-2022-35225 (SAP NetWeaver Enterprise Portal - versions 7.10, 7.11, 7.20, 7.30, 7.3 ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2022-35224 (SAP Enterprise Portal - versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7 ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2022-35223
 	RESERVED
 CVE-2022-35222
@@ -1337,15 +1337,15 @@ CVE-2022-35174
 CVE-2022-35173
 	RESERVED
 CVE-2022-35172 (SAP NetWeaver Enterprise Portal - versions 7.10, 7.11, 7.20, 7.30, 7.3 ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2022-35171 (When a user opens manipulated JPEG 2000 (.jp2, jp2k.x3d) files receive ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2022-35170 (SAP NetWeaver Enterprise Portal does - versions 7.10, 7.11, 7.20, 7.30 ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2022-35169 (SAP BusinessObjects Business Intelligence Platform (LCM) - versions 42 ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2022-35168 (Due to improper input sanitization of XML input in SAP Business One -  ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2022-35167
 	RESERVED
 CVE-2022-35166
@@ -8759,13 +8759,13 @@ CVE-2022-32250 (net/netfilter/nf_tables_api.c in the Linux kernel through 5.18.1
 	NOTE: https://git.kernel.org/linus/520778042ccca019f3ffa136dd0ca565c486cedd
 	NOTE: Was previously also tracked as CVE-2022-1966
 CVE-2022-32249 (Under special integration scenario of SAP Business one and SAP HANA -  ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2022-32248 (Due to missing input validation in the Manage Checkbooks component of  ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2022-32247 (SAP NetWeaver Enterprise Portal - versions 7.10, 7.11, 7.20, 7.30, 7.3 ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2022-32246 (SAP Busines Objects Business Intelligence Platform (Visual Difference  ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2022-32245
 	RESERVED
 CVE-2022-32244
@@ -10858,9 +10858,9 @@ CVE-2013-10003 (A vulnerability classified as critical has been found in Telecom
 CVE-2013-10002 (A vulnerability was found in Telecommunication Software SAMwin Contact ...)
 	NOT-FOR-US: Telecommunication Software SAMwin Contact Center Suite
 CVE-2022-31598 (Due to insufficient input validation, SAP Business Objects - version 4 ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2022-31597 (Within SAP S/4HANA - versions S4CORE 101, 102, 103, 104, 105, 106, SAP ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2022-31596
 	RESERVED
 CVE-2022-31595 (SAP Financial Consolidation - version 1010,�does not perform ne ...)
@@ -10868,11 +10868,11 @@ CVE-2022-31595 (SAP Financial Consolidation - version 1010,�does not perf
 CVE-2022-31594 (A highly privileged user can exploit SUID-root program to escalate his ...)
 	NOT-FOR-US: SAP
 CVE-2022-31593 (SAP Business One client - version 10.0 allows an attacker with low pri ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2022-31592 (The application SAP Enterprise Extension Defense Forces & Public S ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2022-31591 (SAP BusinessObjects BW Publisher Service - versions 420, 430, uses a s ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2022-31590 (SAP PowerDesigner Proxy - version 16.7, allows an attacker with low pr ...)
 	NOT-FOR-US: SAP
 CVE-2022-31589 (Due to improper authorization check, business users who are using Isra ...)
@@ -16493,7 +16493,7 @@ CVE-2022-29621
 CVE-2022-29620 (** DISPUTED ** FileZilla v3.59.0 allows attackers to obtain cleartext  ...)
 	NOT-FOR-US: Disputed Filezilla issue
 CVE-2022-29619 (Under certain conditions SAP BusinessObjects Business Intelligence Pla ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2022-29618 (Due to insufficient input validation, SAP NetWeaver Development Infras ...)
 	NOT-FOR-US: SAP
 CVE-2022-29617 (Due to improper error handling an authenticated user can crash CLA ass ...)
@@ -18901,7 +18901,7 @@ CVE-2022-28773 (Due to an uncontrolled recursion in SAP Web Dispatcher and SAP I
 CVE-2022-28772 (By overlong input values an attacker may force overwrite of the intern ...)
 	NOT-FOR-US: SAP
 CVE-2022-28771 (Due to missing authentication check, SAP Business one License service  ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2022-28770 (Due to insufficient input validation, SAPUI5 library(vbm) - versions 7 ...)
 	NOT-FOR-US: SAP
 CVE-2022-28769



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/62b579888a40fe120d79974509f5b29006069e66

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/62b579888a40fe120d79974509f5b29006069e66
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220713/069adb0d/attachment.htm>

More information about the debian-security-tracker-commits mailing list