[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) jmm at debian.org
Wed Jul 27 11:43:41 BST 2022 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
d854b18d by Moritz Muehlenhoff at 2022-07-27T12:28:48+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,5 +1,5 @@
 CVE-2022-36880 (The Read Mail module in Webmin 1.995 and Usermin through 1.850 allows  ...)
-	TODO: check
+	NOT-FOR-US: Webmin module
 CVE-2022-36879 (An issue was discovered in the Linux kernel through 5.18.14. xfrm_expa ...)
 	TODO: check
 CVE-2022-36878
@@ -1747,7 +1747,7 @@ CVE-2022-36131 (The Better PDF Exporter add-on 10.0.0 for Atlassian Jira is pron
 CVE-2022-36130
 	RESERVED
 CVE-2022-36129 (HashiCorp Vault and Vault Enterprise through 2022-07-17 have Incorrect ...)
-	TODO: check
+	NOT-FOR-US: HashiCorp Vault
 CVE-2022-2455
 	RESERVED
 CVE-2022-36128
@@ -4434,7 +4434,7 @@ CVE-2022-34973
 CVE-2022-34972 (So Filter Shop v3.x was discovered to contain multiple blind SQL injec ...)
 	NOT-FOR-US: So Filter Shop
 CVE-2022-34971 (An arbitrary file upload vulnerability in the Advertising Management m ...)
-	TODO: check
+	NOT-FOR-US: Feehi CMS
 CVE-2022-34970
 	RESERVED
 CVE-2022-34969
@@ -5527,9 +5527,9 @@ CVE-2022-34614
 CVE-2022-34613
 	RESERVED
 CVE-2022-34612 (Rizin v0.4.0 and below was discovered to contain an integer overflow v ...)
-	TODO: check
+	NOT-FOR-US: Rizin
 CVE-2022-34611 (A cross-site scripting (XSS) vulnerability in /index.php/?p=report of  ...)
-	TODO: check
+	NOT-FOR-US: Online Fire Reporting System
 CVE-2022-34610 (H3C Magic R200 R200V200R004L02 was discovered to contain a stack overf ...)
 	NOT-FOR-US: H3C Magic
 CVE-2022-34609 (H3C Magic R200 R200V200R004L02 was discovered to contain a stack overf ...)
@@ -5563,7 +5563,7 @@ CVE-2022-34596 (Tenda AX1803 v1.0.0.1_2890 was discovered to contain a command i
 CVE-2022-34595 (Tenda AX1803 v1.0.0.1_2890 was discovered to contain a command injecti ...)
 	NOT-FOR-US: Tenda
 CVE-2022-34594 (Advanced School Management System v1.0 was discovered to contain a cro ...)
-	TODO: check
+	NOT-FOR-US: Advanced School Management System
 CVE-2022-34593
 	RESERVED
 CVE-2022-34592 (Wavlink WL-WN575A3 RPT75A3.V4300.201217 was discovered to contain a co ...)
@@ -14535,13 +14535,13 @@ CVE-2022-31209 (An issue was discovered in Infiray IRAY-A8Z3 1.0.957. The firmwa
 CVE-2022-31208 (An issue was discovered in Infiray IRAY-A8Z3 1.0.957. The webserver co ...)
 	NOT-FOR-US: Infiray
 CVE-2022-31207 (The Omron SYSMAC Cx product family PLCs (CS series, CJ series, and CP  ...)
-	TODO: check
+	NOT-FOR-US: Omron
 CVE-2022-31206 (The Omron SYSMAC Nx product family PLCs (NJ series, NY series, NX seri ...)
-	TODO: check
+	NOT-FOR-US: Omron
 CVE-2022-31205 (In Omron CS series, CJ series, and CP series PLCs through 2022-05-18,  ...)
-	TODO: check
+	NOT-FOR-US: Omron
 CVE-2022-31204 (Omron CS series, CJ series, and CP series PLCs through 2022-05-18 use  ...)
-	TODO: check
+	NOT-FOR-US: Omron
 CVE-2022-31203
 	RESERVED
 CVE-2022-31202 (The export function in SoftGuard Web (SGW) before 5.1.5 allows directo ...)
@@ -16011,7 +16011,7 @@ CVE-2021-44467
 CVE-2021-4228
 	RESERVED
 CVE-2022-30689 (HashiCorp Vault and Vault Enterprise from 1.10.0 to 1.10.2 did not cor ...)
-	NOT-FOR-US: HashiCorp
+	NOT-FOR-US: HashiCorp Vault
 CVE-2022-30688 (needrestart 0.8 through 3.5 before 3.6 is prone to local privilege esc ...)
 	{DSA-5137-1 DLA-3013-1}
 	- needrestart 3.6-1 (bug #1011154)
@@ -17354,21 +17354,21 @@ CVE-2022-30278 (A vulnerability in Black Duck Hub’s embedded MadCap Flare
 CVE-2022-30277 (BD Synapsys™, versions 4.20, 4.20 SR1, and 4.30, contain an insu ...)
 	NOT-FOR-US: BD Synapsys
 CVE-2022-30276 (The Motorola MOSCAD and ACE line of RTUs through 2022-05-02 omit an au ...)
-	TODO: check
+	NOT-FOR-US: Motorola
 CVE-2022-30275 (The Motorola MOSCAD Toolbox software through 2022-05-02 relies on a cl ...)
-	TODO: check
+	NOT-FOR-US: Motorola
 CVE-2022-30274 (The Motorola ACE1000 RTU through 2022-05-02 uses ECB encryption unsafe ...)
-	TODO: check
+	NOT-FOR-US: Motorola
 CVE-2022-30273 (The Motorola MDLC protocol through 2022-05-02 mishandles message integ ...)
-	TODO: check
+	NOT-FOR-US: Motorola
 CVE-2022-30272 (The Motorola ACE1000 RTU through 2022-05-02 mishandles firmware integr ...)
-	TODO: check
+	NOT-FOR-US: Motorola
 CVE-2022-30271 (The Motorola ACE1000 RTU through 2022-05-02 ships with a hardcoded SSH ...)
-	TODO: check
+	NOT-FOR-US: Motorola
 CVE-2022-30270 (The Motorola ACE1000 RTU through 2022-05-02 has default credentials. I ...)
-	TODO: check
+	NOT-FOR-US: Motorola
 CVE-2022-30269 (Motorola ACE1000 RTUs through 2022-05-02 mishandle application integri ...)
-	TODO: check
+	NOT-FOR-US: Motorola
 CVE-2022-30268
 	RESERVED
 CVE-2022-30267
@@ -18189,23 +18189,23 @@ CVE-2022-29967 (static_compressed_inmemory_website_callback.c in Glewlwyd throug
 CVE-2022-29966
 	RESERVED
 CVE-2022-29965 (The Emerson DeltaV Distributed Control System (DCS) controllers and IO ...)
-	TODO: check
+	NOT-FOR-US: Emerson
 CVE-2022-29964 (The Emerson DeltaV Distributed Control System (DCS) controllers and IO ...)
-	TODO: check
+	NOT-FOR-US: Emerson
 CVE-2022-29963 (The Emerson DeltaV Distributed Control System (DCS) controllers and IO ...)
-	TODO: check
+	NOT-FOR-US: Emerson
 CVE-2022-29962 (The Emerson DeltaV Distributed Control System (DCS) controllers and IO ...)
-	TODO: check
+	NOT-FOR-US: Emerson
 CVE-2022-29961
 	RESERVED
 CVE-2022-29960 (Emerson OpenBSI through 2022-04-29 uses weak cryptography. It is an en ...)
-	TODO: check
+	NOT-FOR-US: Emerson
 CVE-2022-29959
 	RESERVED
 CVE-2022-29958 (JTEKT TOYOPUC PLCs through 2022-04-29 do not ensure data integrity. Th ...)
-	TODO: check
+	NOT-FOR-US: JTEKT TOYOPUC PLCs
 CVE-2022-29957 (The Emerson DeltaV Distributed Control System (DCS) through 2022-04-29 ...)
-	TODO: check
+	NOT-FOR-US: Emerson
 CVE-2022-29956
 	RESERVED
 CVE-2022-29955
@@ -18213,11 +18213,11 @@ CVE-2022-29955
 CVE-2022-29954
 	RESERVED
 CVE-2022-29953 (The Bently Nevada 3700 series of condition monitoring equipment throug ...)
-	TODO: check
+	NOT-FOR-US: Bently
 CVE-2022-29952 (Bently Nevada condition monitoring equipment through 2022-04-29 mishan ...)
-	TODO: check
+	NOT-FOR-US: Bently
 CVE-2022-29951 (JTEKT TOYOPUC PLCs through 2022-04-29 mishandle authentication. They u ...)
-	TODO: check
+	NOT-FOR-US: JTEKT TOYOPUC PLCs
 CVE-2022-29950 (** DISPUTED ** Experian Hunter 1.16 allows remote authenticated users  ...)
 	NOT-FOR-US: Experian Hunter
 CVE-2022-29949
@@ -26759,7 +26759,7 @@ CVE-2022-27107 (OrangeHRM 4.10 is vulnerable to Stored XSS in the "Share Video"
 CVE-2022-27106
 	RESERVED
 CVE-2022-27105 (InMailX Outlook Plugin < 3.22.0101 is vulnerable to Cross Site Scri ...)
-	TODO: check
+	NOT-FOR-US: InMailX Outlook Plugin
 CVE-2022-27104 (An Unauthenticated time-based blind SQL injection vulnerability exists ...)
 	NOT-FOR-US: Forma LMS
 CVE-2022-27103 (element-plus 2.0.5 is vulnerable to Cross Site Scripting (XSS) via el- ...)
@@ -63165,7 +63165,7 @@ CVE-2021-40182
 CVE-2021-40181
 	RESERVED
 CVE-2021-40180 (In the WeChat application 8.0.10 for Android and iOS, a mini program c ...)
-	TODO: check
+	NOT-FOR-US: WeChat
 CVE-2021-40179
 	RESERVED
 CVE-2021-40178 (Zoho ManageEngine Log360 before Build 5224 allows stored XSS via the L ...)
@@ -80753,7 +80753,7 @@ CVE-2021-33059 (Improper input validation in the Intel(R) Administrative Tools f
 CVE-2021-33058 (Improper access control in the installer Intel(R)Administrative Tools  ...)
 	NOT-FOR-US: Intel
 CVE-2021-33057 (The QQ application 8.7.1 for Android and iOS does not enforce the perm ...)
-	TODO: check
+	NOT-FOR-US: QQ
 CVE-2021-33056 (Belledonne Belle-sip before 4.5.20, as used in Linphone and other prod ...)
 	NOT-FOR-US: Belledonne Belle-sip
 CVE-2021-33055 (Zoho ManageEngine ADSelfService Plus through 6102 allows unauthenticat ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d854b18d9af81d2410a62e4b2a7cb3a4b155b824

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d854b18d9af81d2410a62e4b2a7cb3a4b155b824
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220727/80a16ee9/attachment.htm>

More information about the debian-security-tracker-commits mailing list