[Git][security-tracker-team/security-tracker][master] Process some NFUs

Tue Jun 21 21:57:07 BST 2022


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
af8c9c63 by Salvatore Bonaccorso at 2022-06-21T22:56:43+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -11875,9 +11875,9 @@ CVE-2022-29777 (Onlyoffice Document Server v6.0.0 and below and Core 6.1.0.26 an
 CVE-2022-29776 (Onlyoffice Document Server v6.0.0 and below and Core 6.1.0.26 and belo ...)
 	NOT-FOR-US: Onlyoffice Document Server
 CVE-2022-29775 (iSpyConnect iSpy v7.2.2.0 allows attackers to bypass authentication vi ...)
-	TODO: check
+	NOT-FOR-US: iSpyConnect iSpy
 CVE-2022-29774 (iSpyConnect iSpy v7.2.2.0 is vulnerable to path traversal. ...)
-	TODO: check
+	NOT-FOR-US: iSpyConnect iSpy
 CVE-2022-29773 (An access control issue in aleksis/core/util/auth_helpers.py: ClientPr ...)
 	NOT-FOR-US: AlekSIS
 CVE-2022-29772
@@ -17353,17 +17353,17 @@ CVE-2022-27881 (engine.c in slaacd in OpenBSD 6.9 and 7.0 before 2022-02-21 has
 CVE-2022-27873
 	RESERVED
 CVE-2022-27872 (A maliciously crafted PDF file may be used to dereference a pointer fo ...)
-	TODO: check
+	NOT-FOR-US: Autodesk
 CVE-2022-27871 (Autodesk AutoCAD product suite, Revit, Design Review and Navisworks re ...)
-	TODO: check
+	NOT-FOR-US: Autodesk
 CVE-2022-27870 (A maliciously crafted TGA file in Autodesk AutoCAD 2023 may be used to ...)
-	TODO: check
+	NOT-FOR-US: Autodesk
 CVE-2022-27869 (A maliciously crafted TIFF file in Autodesk AutoCAD 2023 can be forced ...)
-	TODO: check
+	NOT-FOR-US: Autodesk
 CVE-2022-27868 (A maliciously crafted CAT file in Autodesk AutoCAD 2023 can be used to ...)
-	TODO: check
+	NOT-FOR-US: Autodesk
 CVE-2022-27867 (A maliciously crafted JT file in Autodesk AutoCAD 2022, 2021, 2020, 20 ...)
-	TODO: check
+	NOT-FOR-US: Autodesk
 CVE-2022-27866
 	RESERVED
 CVE-2022-27865
@@ -22350,7 +22350,7 @@ CVE-2022-26149 (MODX Revolution through 2.8.3-pl allows remote authenticated adm
 CVE-2022-26148 (An issue was discovered in Grafana through 7.3.4, when integrated with ...)
 	- grafana <removed>
 CVE-2022-26147 (The Quectel RG502Q-EA modem before 2022-02-23 allow OS Command Injecti ...)
-	TODO: check
+	NOT-FOR-US: Quectel RG502Q-EA modem
 CVE-2022-26146 (Tricentis qTest before 10.4 allows stored XSS by an authenticated atta ...)
 	NOT-FOR-US: Tricentis qTest
 CVE-2022-26145
@@ -23764,7 +23764,7 @@ CVE-2022-25587
 CVE-2022-25586
 	RESERVED
 CVE-2022-25585 (Unioncms v1.0.13 was discovered to contain a stored cross-site scripti ...)
-	TODO: check
+	NOT-FOR-US: Unioncms
 CVE-2022-25584 (Seyeon Tech Co., Ltd FlexWATCH FW3170-PS-E Network Video System 4.23-3 ...)
 	NOT-FOR-US: FlexWATCH FW3170-PS-E
 CVE-2022-25583
@@ -31169,7 +31169,7 @@ CVE-2022-23344
 CVE-2022-23343
 	RESERVED
 CVE-2022-23342 (The Hyland Onbase Application Server releases prior to 20.3.58.1000 an ...)
-	TODO: check
+	NOT-FOR-US: Hyland Onbase Application Server
 CVE-2022-23341
 	RESERVED
 CVE-2022-23340 (Joplin 2.6.10 allows remote attackers to execute system commands throu ...)
@@ -32100,7 +32100,7 @@ CVE-2022-23173
 CVE-2022-23172
 	RESERVED
 CVE-2022-23171 (AtlasVPN - Privilege Escalation Lack of proper security controls on na ...)
-	TODO: check
+	NOT-FOR-US: AtlasVPN
 CVE-2022-23170
 	RESERVED
 CVE-2022-23169 (attacker needs to craft a SQL payload. the vulnerable parameter is "ag ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/af8c9c633e97dc820c5a25a893eb4d5ddc39e1e0

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/af8c9c633e97dc820c5a25a893eb4d5ddc39e1e0
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220621/3de8fb28/attachment.htm>
