[Git][security-tracker-team/security-tracker][master] Process NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Mar 24 08:45:34 GMT 2022 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
06ee07d0 by Salvatore Bonaccorso at 2022-03-24T09:45:10+01:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1257,7 +1257,7 @@ CVE-2022-27256
 CVE-2022-27255
 	RESERVED
 CVE-2022-27254 (The remote keyless system on Honda Civic 2018 vehicles sends the same  ...)
-	TODO: check
+	NOT-FOR-US: Honda
 CVE-2022-27253
 	RESERVED
 CVE-2022-27252
@@ -1267,7 +1267,7 @@ CVE-2022-27251
 CVE-2022-27250 (The UNISOC chipset through 2022-03-15 allows attackers to obtain remot ...)
 	NOT-FOR-US: UNISOC
 CVE-2022-1030 (Okta Advanced Server Access Client for Linux and macOS prior to versio ...)
-	TODO: check
+	NOT-FOR-US: Okta Advanced Server Access Client
 CVE-2022-1029
 	RESERVED
 CVE-2022-1028
@@ -1508,7 +1508,7 @@ CVE-2022-27195 (Jenkins Parameterized Trigger Plugin 2.43 and earlier captures e
 CVE-2022-27193 (CVRF-CSAF-Converter before 1.0.0-rc2 resolves XML External Entities (X ...)
 	TODO: check
 CVE-2022-27192 (The Reporting module in Aseco Lietuva document management system DVS A ...)
-	TODO: check
+	NOT-FOR-US: Aseco
 CVE-2022-27191 (golang.org/x/crypto/ssh before 0.0.0-20220314234659-1baeb1ce4c0b in Go ...)
 	- golang-go.crypto 1:0.0~git20220315.3147a52-1
 	NOTE: https://groups.google.com/g/golang-announce/c/-cp44ypCT5s/m/wmegxkLiAQAJ
@@ -6584,13 +6584,13 @@ CVE-2022-25272
 CVE-2022-25270 (The Quick Edit module does not properly check entity access in some ci ...)
 	NOT-FOR-US: Drupal 9.x
 CVE-2022-25269 (Passwork On-Premise Edition before 4.6.13 has multiple XSS issues. ...)
-	TODO: check
+	NOT-FOR-US: Passwork On-Premise
 CVE-2022-25268 (Passwork On-Premise Edition before 4.6.13 allows CSRF via the groups,  ...)
-	TODO: check
+	NOT-FOR-US: Passwork On-Premise
 CVE-2022-25267 (Passwork On-Premise Edition before 4.6.13 allows migration/uploadExpor ...)
-	TODO: check
+	NOT-FOR-US: Passwork On-Premise
 CVE-2022-25266 (Passwork On-Premise Edition before 4.6.13 allows migration/downloadExp ...)
-	TODO: check
+	NOT-FOR-US: Passwork On-Premise
 CVE-2022-25265 (In the Linux kernel through 5.16.10, certain binary files may have the ...)
 	- linux <unfixed> (unimportant)
 	NOTE: https://github.com/x0reaxeax/exec-prot-bypass
@@ -6802,11 +6802,11 @@ CVE-2022-25225 (Network Olympus version 1.8.0 allows an authenticated admin user
 CVE-2022-25224
 	RESERVED
 CVE-2022-25223 (Money Transfer Management System Version 1.0 allows an authenticated u ...)
-	TODO: check
+	NOT-FOR-US: Money Transfer Management System
 CVE-2022-25222 (Money Transfer Management System Version 1.0 allows an unauthenticated ...)
-	TODO: check
+	NOT-FOR-US: Money Transfer Management System
 CVE-2022-25221 (Money Transfer Management System Version 1.0 allows an attacker to inj ...)
-	TODO: check
+	NOT-FOR-US: Money Transfer Management System
 CVE-2022-25220 (PeteReport Version 0.5 allows an authenticated admin user to inject pe ...)
 	NOT-FOR-US: PeteReport
 CVE-2022-25219 (A null byte interaction error has been discovered in the code that the ...)
@@ -7328,7 +7328,7 @@ CVE-2022-25043
 CVE-2022-25042
 	RESERVED
 CVE-2022-25041 (OpenEMR v6.0.0 was discovered to contain an incorrect access control i ...)
-	TODO: check
+	NOT-FOR-US: OpenEMR
 CVE-2022-25040
 	RESERVED
 CVE-2022-25039
@@ -7659,7 +7659,7 @@ CVE-2022-24936
 CVE-2022-24935
 	RESERVED
 CVE-2022-24934 (wpsupdater.exe in Kingsoft WPS Office through 11.2.0.10382 allows remo ...)
-	TODO: check
+	NOT-FOR-US: Kingsoft WPS Office
 CVE-2022-24933
 	RESERVED
 CVE-2022-24932 (Improper Protection of Alternate Path vulnerability in Setup wizard pr ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/06ee07d003d63b77a0bdbc9295be93fc2b3c8b46

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/06ee07d003d63b77a0bdbc9295be93fc2b3c8b46
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220324/c7d49235/attachment.htm>

More information about the debian-security-tracker-commits mailing list