[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) jmm at debian.org
Tue Jun 14 15:15:40 BST 2022 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
49c47716 by Moritz Muehlenhoff at 2022-06-14T16:15:06+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1034,11 +1034,14 @@ CVE-2022-32743
 CVE-2022-32742
 	RESERVED
 CVE-2022-32741 (Attacker is able to determine if the provided username exists (and it' ...)
-	TODO: check
+	NOT-FOR-US: OTRS
+	NOTE: Issue is listed as specific to 7.x and 8.x, so won't affect Znuny which forked from 6.x
 CVE-2022-32740 (A reply to a forwarded email article by a 3rd party could unintensiona ...)
-	TODO: check
+	NOT-FOR-US: OTRS
+	NOTE: Issue is listed as specific to 7.x and 8.x, so won't affect Znuny which forked from 6.x
 CVE-2022-32739 (When Secure::DisableBanner system configuration has been disabled and  ...)
-	TODO: check
+	NOT-FOR-US: OTRS
+	NOTE: Issue is listed as specific to 7.x and 8.x, so won't affect Znuny which forked from 6.x
 CVE-2022-32573
 	RESERVED
 CVE-2022-30605
@@ -1370,21 +1373,21 @@ CVE-2022-32567
 CVE-2022-32566
 	RESERVED
 CVE-2022-32565 (An issue was discovered in Couchbase Server before 7.0.4. The Backup S ...)
-	TODO: check
+	NOT-FOR-US: Couchbase Server
 CVE-2022-32564 (An issue was discovered in Couchbase Server before 7.0.4. In couchbase ...)
-	TODO: check
+	NOT-FOR-US: Couchbase Server
 CVE-2022-32563 (An issue was discovered in Couchbase Sync Gateway 3.x before 3.0.2. Ad ...)
 	NOT-FOR-US: Couchbase Sync Gateway
 CVE-2022-32562 (An issue was discovered in Couchbase Server before 7.0.4. Operations m ...)
-	TODO: check
+	NOT-FOR-US: Couchbase Server
 CVE-2022-32561
 	RESERVED
 CVE-2022-32560 (An issue was discovered in Couchbase Server before 7.0.4. XDCR lacks r ...)
-	TODO: check
+	NOT-FOR-US: Couchbase Server
 CVE-2022-32559
 	RESERVED
 CVE-2022-32558 (An issue was discovered in Couchbase Server before 7.0.4. Sample bucke ...)
-	TODO: check
+	NOT-FOR-US: Couchbase Server
 CVE-2022-32557
 	RESERVED
 CVE-2022-32556
@@ -1768,7 +1771,7 @@ CVE-2017-20043 (A vulnerability was found in Navetti PricePoint 4.6.0.0 and clas
 CVE-2017-20042 (A vulnerability has been found in Navetti PricePoint 4.6.0.0 and class ...)
 	NOT-FOR-US: Navetti PricePoint
 CVE-2017-20041 (A vulnerability was found in Ucweb UC Browser 11.2.5.932. It has been  ...)
-	TODO: check
+	NOT-FOR-US: Ucweb UC Browser
 CVE-2022-32452
 	RESERVED
 CVE-2022-32451
@@ -2516,9 +2519,9 @@ CVE-2022-32195 (Open edX platform before 2022-06-06 allows XSS via the "next" pa
 CVE-2022-32194
 	RESERVED
 CVE-2022-32193 (Couchbase Server 6.6.x through 7.x before 7.0.4 exposes Sensitive Info ...)
-	TODO: check
+	NOT-FOR-US: Couchbase Server
 CVE-2022-32192 (Couchbase Server 5.x through 7.x before 7.0.4 exposes Sensitive Inform ...)
-	TODO: check
+	NOT-FOR-US: Couchbase Server
 CVE-2022-32191
 	RESERVED
 CVE-2022-32190
@@ -3581,31 +3584,31 @@ CVE-2022-1903
 CVE-2020-36528 (A vulnerability, which was classified as critical, was found in Platin ...)
 	NOT-FOR-US: Platinum Mobile
 CVE-2022-31763 (The kernel module has the null pointer and out-of-bounds array vulnera ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2022-31762 (The AMS module has a vulnerability in input validation. Successful exp ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2022-31761 (Configuration defects in the secure OS module. Successful exploitation ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2022-31760 (Dialog boxes can still be displayed even if the screen is locked in ca ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2022-31759 (AppLink has a vulnerability of accessing uninitialized pointers. Succe ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2022-31758 (The kernel module has the race condition vulnerability. Successful exp ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2022-31757 (The setting module has a vulnerability of improper use of APIs. Succes ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2022-31756 (The fingerprint sensor module has design defects. Successful exploitat ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2022-31755 (The communication module has a vulnerability of improper permission pr ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2022-31754 (Logical defects in code implementation in some products. Successful ex ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2022-31753 (The voice wakeup module has a vulnerability of using externally-contro ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2022-31752 (Missing authorization vulnerability in the system components. Successf ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2022-31751 (The kernel emcom module has multi-thread contention. Successful exploi ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2022-31750
 	RESERVED
 CVE-2022-1902
@@ -3616,15 +3619,15 @@ CVE-2022-1901
 CVE-2022-1900 (The Copify plugin for WordPress is vulnerable to Cross-Site Request Fo ...)
 	NOT-FOR-US: Copify plugin for WordPress
 CVE-2021-46815 (Configuration defects in the secure OS module. Successful exploitation ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2021-46814 (The video framework has an out-of-bounds memory read/write vulnerabili ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2021-46813 (Vulnerability of residual files not being deleted after an update in t ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2021-46812 (The Device Manager has a vulnerability in multi-device interaction. Su ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2021-46811 (HwSEServiceAPP has a vulnerability in permission management. Successfu ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2020-36527 (A vulnerability, which was classified as problematic, has been found i ...)
 	NOT-FOR-US: Atlassian
 CVE-2020-36526 (A vulnerability classified as problematic was found in Countdown Timer ...)
@@ -3927,7 +3930,7 @@ CVE-2022-31650 (In SoX 14.4.2, there is a floating-point exception in lsx_aiffst
 	[buster] - sox <no-dsa> (Minor issue)
 	NOTE: https://sourceforge.net/p/sox/bugs/360/
 CVE-2022-31649 (ownCloud owncloud/core before 10.10.0 Improperly Removes Sensitive Inf ...)
-	TODO: check
+	- owncloud <removed>
 CVE-2022-31648 (Talend Administration Center is vulnerable to a reflected Cross-Site S ...)
 	NOT-FOR-US: Talend Administration Center
 CVE-2022-31647
@@ -4072,7 +4075,7 @@ CVE-2022-1882 (A use-after-free flaw was found in the Linux kernel’s pipes
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2089701
 	NOTE: https://lore.kernel.org/lkml/20220507115605.96775-1-tcs.kernel@gmail.com/T/
 CVE-2022-27176 (Incomplete filtering of special elements vulnerability exists in RevoW ...)
-	TODO: check
+	NOT-FOR-US: RevoWorks
 CVE-2022-1881
 	RESERVED
 CVE-2022-1880



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/49c477165acd8bcfb925d05b5e102fdbdfaf2cea

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/49c477165acd8bcfb925d05b5e102fdbdfaf2cea
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220614/e6492e04/attachment.htm>

More information about the debian-security-tracker-commits mailing list