[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu May 5 21:18:17 BST 2022 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
e6f1b150 by Salvatore Bonaccorso at 2022-05-05T22:17:47+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1468,7 +1468,7 @@ CVE-2022-29803
 CVE-2022-29802
 	RESERVED
 CVE-2022-1468 (On all versions of 17.0.x, 16.1.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and ...)
-	TODO: check
+	NOT-FOR-US: F5 BIG-IP
 CVE-2022-1467
 	RESERVED
 CVE-2022-1466 (Due to improper authorization, Red Hat Single Sign-On is vulnerable to ...)
@@ -1975,7 +1975,7 @@ CVE-2022-1441 (MP4Box is a component of GPAC-2.0.0, which is a widely-used third
 	NOTE: https://github.com/gpac/gpac/issues/2175
 	NOTE: https://github.com/gpac/gpac/commit/3dbe11b37d65c8472faf0654410068e5500b3adb
 CVE-2022-29592 (Tenda TX9 Pro 22.03.02.10 devices allow OS command injection via set_r ...)
-	TODO: check
+	NOT-FOR-US: Tenda
 CVE-2022-29591
 	RESERVED
 CVE-2022-29590
@@ -2300,15 +2300,15 @@ CVE-2022-29498 (Blazer before 2.6.0 allows SQL Injection. In certain circumstanc
 CVE-2022-29497
 	RESERVED
 CVE-2022-29491 (On F5 BIG-IP LTM, Advanced WAF, ASM, or APM 16.1.x versions prior to 1 ...)
-	TODO: check
+	NOT-FOR-US: F5 BIG-IP
 CVE-2022-29480 (On F5 BIG-IP 13.1.x versions prior to 13.1.5, and all versions of 12.1 ...)
-	TODO: check
+	NOT-FOR-US: F5 BIG-IP
 CVE-2022-29479 (On F5 BIG-IP 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior  ...)
-	TODO: check
+	NOT-FOR-US: F5 BIG-IP
 CVE-2022-29474 (On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior  ...)
-	TODO: check
+	NOT-FOR-US: F5 BIG-IP
 CVE-2022-29473 (On F5 BIG-IP 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior  ...)
-	TODO: check
+	NOT-FOR-US: F5 BIG-IP
 CVE-2022-29464 (Certain WSO2 products allow unrestricted file upload with resultant re ...)
 	NOT-FOR-US: WSO2
 CVE-2022-29463
@@ -2332,79 +2332,79 @@ CVE-2022-29458 (ncurses 6.3 before patch 20220416 has an out-of-bounds read and
 CVE-2022-29457 (Zoho ManageEngine ADSelfService Plus before 6121, ADAuditPlus 7060, Ex ...)
 	NOT-FOR-US: Zoho ManageEngine
 CVE-2022-29263 (On F5 BIG-IP APM 16.1.x versions prior to 16.1.2.2, 15.1.x versions pr ...)
-	TODO: check
+	NOT-FOR-US: F5 BIG-IP
 CVE-2022-28859 (On F5 BIG-IP 15.1.x versions prior to 15.1.5.1 and 14.1.x versions pri ...)
-	TODO: check
+	NOT-FOR-US: F5 BIG-IP
 CVE-2022-28716 (On 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5. ...)
-	TODO: check
+	NOT-FOR-US: F5 BIG-IP
 CVE-2022-28714 (On F5 BIG-IP APM 16.1.x versions prior to 16.1.2.2, 15.1.x versions pr ...)
-	TODO: check
+	NOT-FOR-US: F5 BIG-IP
 CVE-2022-28708 (On F5 BIG-IP 16.1.x versions prior to 16.1.2.2 and 15.1.x versions pri ...)
-	TODO: check
+	NOT-FOR-US: F5 BIG-IP
 CVE-2022-28707 (On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior  ...)
-	TODO: check
+	NOT-FOR-US: F5 BIG-IP
 CVE-2022-28706 (On F5 BIG-IP 16.1.x versions prior to 16.1.2 and 15.1.x versions prior ...)
-	TODO: check
+	NOT-FOR-US: F5 BIG-IP
 CVE-2022-28705 (On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior  ...)
-	TODO: check
+	NOT-FOR-US: F5 BIG-IP
 CVE-2022-28701 (On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, when the stream profil ...)
-	TODO: check
+	NOT-FOR-US: F5 BIG-IP
 CVE-2022-28695 (On F5 BIG-IP AFM 16.1.x versions prior to 16.1.2.2, 15.1.x versions pr ...)
-	TODO: check
+	NOT-FOR-US: F5 BIG-IP
 CVE-2022-28691 (On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior  ...)
-	TODO: check
+	NOT-FOR-US: F5 BIG-IP
 CVE-2022-27880 (On F5 Traffix SDC 5.2.x versions prior to 5.2.2 and 5.1.x versions pri ...)
 	TODO: check
 CVE-2022-27878 (On all versions of 16.1.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and 11.6.x  ...)
-	TODO: check
+	NOT-FOR-US: F5 BIG-IP
 CVE-2022-27875 (On F5 Access for Android 3.x versions prior to 3.0.8, a Task Hijacking ...)
 	TODO: check
 CVE-2022-27806 (On all versions of 16.1.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and 11.6.x  ...)
-	TODO: check
+	NOT-FOR-US: F5 BIG-IP
 CVE-2022-27662 (On F5 Traffix SDC 5.2.x versions prior to 5.2.2 and 5.1.x versions pri ...)
 	TODO: check
 CVE-2022-27659 (On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior  ...)
-	TODO: check
+	NOT-FOR-US: F5 BIG-IP
 CVE-2022-27636 (On F5 BIG-IP APM 16.1.x versions prior to 16.1.2.2, 15.1.x versions pr ...)
-	TODO: check
+	NOT-FOR-US: F5 BIG-IP
 CVE-2022-27634 (On 16.1.x versions prior to 16.1.2.2 and 15.1.x versions prior to 15.1 ...)
-	TODO: check
+	NOT-FOR-US: F5 BIG-IP
 CVE-2022-27495 (On all versions 1.3.x (fixed in 1.4.0) NGINX Service Mesh control plan ...)
 	TODO: check
 CVE-2022-27230 (On all versions of 16.1.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and 11.6.x  ...)
-	TODO: check
+	NOT-FOR-US: F5 BIG-IP
 CVE-2022-27189 (On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior  ...)
-	TODO: check
+	NOT-FOR-US: F5 BIG-IP
 CVE-2022-27182 (On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior  ...)
-	TODO: check
+	NOT-FOR-US: F5 BIG-IP
 CVE-2022-27181 (On F5 BIG-IP APM 16.1.x versions prior to 16.1.2.2, 15.1.x versions pr ...)
-	TODO: check
+	NOT-FOR-US: F5 BIG-IP
 CVE-2022-26890 (On F5 BIG-IP Advanced WAF, ASM, and APM 16.1.x versions prior to 16.1. ...)
-	TODO: check
+	NOT-FOR-US: F5 BIG-IP
 CVE-2022-26835 (On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior  ...)
-	TODO: check
+	NOT-FOR-US: F5 BIG-IP
 CVE-2022-26517 (On F5 BIG-IP 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior  ...)
-	TODO: check
+	NOT-FOR-US: F5 BIG-IP
 CVE-2022-26415 (On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior  ...)
-	TODO: check
+	NOT-FOR-US: F5 BIG-IP
 CVE-2022-26372 (On F5 BIG-IP 15.1.x versions prior to 15.1.0.2, 14.1.x versions prior  ...)
-	TODO: check
+	NOT-FOR-US: F5 BIG-IP
 CVE-2022-26370 (On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior  ...)
-	TODO: check
+	NOT-FOR-US: F5 BIG-IP
 CVE-2022-26340 (On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior  ...)
-	TODO: check
+	NOT-FOR-US: F5 BIG-IP
 CVE-2022-26130 (On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior  ...)
-	TODO: check
+	NOT-FOR-US: F5 BIG-IP
 CVE-2022-26071 (On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior  ...)
-	TODO: check
+	NOT-FOR-US: F5 BIG-IP
 CVE-2022-25990 (On 1.0.x versions prior to 1.0.1, systems running F5OS-A software may  ...)
 	TODO: check
 CVE-2022-25946 (On all versions of 16.1.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and 11.6.x  ...)
-	TODO: check
+	NOT-FOR-US: F5 BIG-IP
 CVE-2022-1389 (On all versions of 16.1.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and 11.6.x  ...)
-	TODO: check
+	NOT-FOR-US: F5 BIG-IP
 CVE-2022-1388 (On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior  ...)
-	TODO: check
+	NOT-FOR-US: F5 BIG-IP
 CVE-2022-29456
 	RESERVED
 CVE-2022-29455
@@ -23890,9 +23890,9 @@ CVE-2022-22436 (IBM Maximo Asset Management 7.6.1.2 is vulnerable to cross-site
 CVE-2022-22435 (IBM Maximo Asset Management 7.6.1.2 is vulnerable to cross-site script ...)
 	NOT-FOR-US: IBM
 CVE-2022-22434 (IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 could allow  ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2022-22433 (IBM Robotic Process Automation 21.0.1 and 21.0.2 is vulnerable to Exte ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2022-22432
 	RESERVED
 CVE-2022-22431
@@ -23928,7 +23928,7 @@ CVE-2022-22417
 CVE-2022-22416
 	RESERVED
 CVE-2022-22415 (A vulnerability exists where an IBM Robotic Process Automation 21.0.1  ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2022-22414
 	RESERVED
 CVE-2022-22413
@@ -47677,7 +47677,7 @@ CVE-2021-39022 (IBM Guardium Data Encryption (GDE) 4.0.0.0 and 5.0.0.0 saves use
 CVE-2021-39021 (IBM Guardium Data Encryption (GDE) 5.0.0.2 behaves differently or send ...)
 	NOT-FOR-US: IBM
 CVE-2021-39020 (IBM Guardium Data Encryption (GDE) 4.0.0.7 and lower stores sensitive  ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2021-39019
 	RESERVED
 CVE-2021-39018



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e6f1b15000eca60b0784215aea2748a3f9843c8f

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e6f1b15000eca60b0784215aea2748a3f9843c8f
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220505/06892bea/attachment.htm>

More information about the debian-security-tracker-commits mailing list