[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Mar 8 20:19:47 GMT 2022 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
41060afd by Salvatore Bonaccorso at 2022-03-08T21:19:21+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -522,7 +522,7 @@ CVE-2022-0879
 CVE-2022-0878
 	RESERVED
 CVE-2022-0877 (Cross-site Scripting (XSS) - Stored in GitHub repository bookstackapp/ ...)
-	TODO: check
+	NOT-FOR-US: bookstack
 CVE-2022-0876
 	RESERVED
 CVE-2022-0875
@@ -1121,15 +1121,15 @@ CVE-2022-26319
 CVE-2022-26318 (On WatchGuard Firebox and XTM appliances, an unauthenticated user can  ...)
 	NOT-FOR-US: WatchGuard
 CVE-2022-26317 (A vulnerability has been identified in Mendix Applications using Mendi ...)
-	TODO: check
+	NOT-FOR-US: Mendix (Siemens)
 CVE-2022-26316
 	RESERVED
 CVE-2022-26315 (qrcp through 0.8.4, in receive mode, allows ../ Directory Traversal vi ...)
 	NOT-FOR-US: qrcp
 CVE-2022-26314 (A vulnerability has been identified in Mendix Forgot Password Appstore ...)
-	TODO: check
+	NOT-FOR-US: Mendix (Siemens)
 CVE-2022-26313 (A vulnerability has been identified in Mendix Forgot Password Appstore ...)
-	TODO: check
+	NOT-FOR-US: Mendix (Siemens)
 CVE-2022-26312
 	RESERVED
 CVE-2022-26311 (Couchbase Operator 2.2.x before 2.2.3 exposes Sensitive Information to ...)
@@ -1771,7 +1771,7 @@ CVE-2022-26103 (Under certain conditions, SAP NetWeaver (Real Time Messaging Fra
 CVE-2022-26102 (Due to missing authorization check, SAP NetWeaver Application Server f ...)
 	NOT-FOR-US: SAP
 CVE-2022-26101 (Fiori launchpad - versions 754, 755, 756, does not sufficiently encode ...)
-	TODO: check
+	NOT-FOR-US: Fiori launchpad
 CVE-2022-26100 (SAPCAR - version 7.22, does not contain sufficient input validation on ...)
 	TODO: check
 CVE-2022-26099
@@ -2354,39 +2354,39 @@ CVE-2022-25832
 CVE-2022-25831
 	RESERVED
 CVE-2022-25830 (Information Exposure vulnerability in Galaxy Watch3 Plugin prior to ve ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2022-25829 (Information Exposure vulnerability in Watch Active2 Plugin prior to ve ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2022-25828 (Information Exposure vulnerability in Watch Active Plugin prior to ver ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2022-25827 (Information Exposure vulnerability in Galaxy Watch Plugin prior to ver ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2022-25826 (Information Exposure vulnerability in Galaxy S3 Plugin prior to versio ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2022-25825 (Improper access control vulnerability in Samsung Account prior to vers ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2022-25824 (Improper access control vulnerability in BixbyTouch prior to version 2 ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2022-25823 (Information Exposure vulnerability in Galaxy Watch Plugin prior to ver ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2022-25822 (An use after free vulnerability in sdp driver prior to SMR Mar-2022 Re ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2022-25821 (Improper use of SMS buffer pointer in Shannon baseband prior to SMR Ma ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2022-25820 (A vulnerable design in fingerprint matching algorithm prior to SMR Mar ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2022-25819 (OOB read vulnerability in hdcp2 device node prior to SMR Mar-2022 Rele ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2022-25818 (Improper boundary check in UWB stack prior to SMR Mar-2022 Release 1 a ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2022-25817 (Improper authentication in One UI Home prior to SMR Mar-2022 Release 1 ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2022-25816 (Improper authentication in Samsung Lock and mask apps setting prior to ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2022-25815 (PendingIntent hijacking vulnerability in Weather application prior to  ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2022-25814 (PendingIntent hijacking vulnerability in Wearable Manager Installer pr ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2022-0743 (Cross-site Scripting (XSS) - Stored in GitHub repository getgrav/grav  ...)
 	NOT-FOR-US: Grav CMS
 CVE-2019-25058 (An issue was discovered in USBGuard before 1.1.0. On systems with the  ...)
@@ -3652,7 +3652,7 @@ CVE-2022-25313 (In Expat (aka libexpat) before 2.4.5, an attacker can trigger st
 	NOTE: https://github.com/libexpat/libexpat/pull/558
 	NOTE: https://github.com/libexpat/libexpat/commit/9b4ce651b26557f16103c3a366c91934ecd439ab
 CVE-2022-25311 (A vulnerability has been identified in SINEC NMS (All versions). The a ...)
-	TODO: check
+	NOT-FOR-US: Siemens
 CVE-2022-25310
 	RESERVED
 CVE-2022-25309
@@ -3980,7 +3980,7 @@ CVE-2022-25227
 CVE-2022-25226
 	RESERVED
 CVE-2022-25225 (Network Olympus version 1.8.0 allows an authenticated admin user to in ...)
-	TODO: check
+	NOT-FOR-US: Network Olympus
 CVE-2022-25224
 	RESERVED
 CVE-2022-25223



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/41060afd96944af29a07b74c2b5cebf763ade6b0

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/41060afd96944af29a07b74c2b5cebf763ade6b0
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220308/e8d2e913/attachment.htm>

More information about the debian-security-tracker-commits mailing list