[Git][security-tracker-team/security-tracker][master] Process some NFUs

Neil Williams (@codehelp) codehelp at debian.org
Mon May 9 13:03:30 BST 2022 


Neil Williams pushed to branch master at Debian Security Tracker / security-tracker


Commits:
af433ced by Neil Williams at 2022-05-09T13:03:13+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -4632,19 +4632,19 @@ CVE-2022-28795 (A vulnerability within the Avira Password Manager Browser Extens
 CVE-2022-28794
 	RESERVED
 CVE-2022-28793 (Given the TEE is compromised and controlled by the attacker, improper  ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2022-28792 (DLL hijacking vulnerability in Gear IconX PC Manager prior to version  ...)
 	NOT-FOR-US: Gear IconX PC Manager
 CVE-2022-28791 (Improper input validation vulnerability in InstallAgent in Galaxy Stor ...)
 	NOT-FOR-US: Samsung
 CVE-2022-28790 (Improper authentication in Link to Windows Service prior to version 2. ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2022-28789 (Unprotected activities in Voice Note prior to version 21.3.51.11 allow ...)
 	NOT-FOR-US: Samsung / Voice Note
 CVE-2022-28788 (Improper buffer size check logic in aviextractor library prior to SMR  ...)
 	NOT-FOR-US: Samsung
 CVE-2022-28787 (Improper buffer size check logic in wmfextractor library prior to SMR  ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2022-28786 (Improper buffer size check logic in aviextractor library prior to SMR  ...)
 	NOT-FOR-US: Samsung
 CVE-2022-28785 (Improper buffer size check logic in aviextractor library prior to SMR  ...)
@@ -5484,7 +5484,7 @@ CVE-2022-28483
 CVE-2022-28482
 	RESERVED
 CVE-2022-28481 (CSV-Safe gem < 3.0.0 doesn't filter out special characters which co ...)
-	TODO: check
+	NOT-FOR-US: zvory/csv-safe
 CVE-2022-28480 (ALLMediaServer 1.6 is vulnerable to Buffer Overflow via MediaServer.ex ...)
 	NOT-FOR-US: ALLMediaServer
 CVE-2022-28479
@@ -5506,7 +5506,7 @@ CVE-2022-28472
 CVE-2022-28471 (In ffjpeg (commit hash: caade60), the function bmp_load() in bmp.c con ...)
 	NOT-FOR-US: ffjpeg
 CVE-2022-28470 (marcador package in PyPI 0.1 through 0.13 included a code-execution ba ...)
-	TODO: check
+	NOT-FOR-US: joajfreitas/marcador
 CVE-2022-28469
 	RESERVED
 CVE-2022-28468 (Payroll Management System v1.0 was discovered to contain a SQL injecti ...)
@@ -5525,7 +5525,7 @@ CVE-2022-28463 (ImageMagick 7.1.0-27 is vulnerable to Buffer Overflow. ...)
 	NOTE: https://github.com/ImageMagick/ImageMagick/issues/4988
 	NOTE: https://github.com/ImageMagick/ImageMagick6/commit/e6ea5876e0228165ee3abc6e959aa174cee06680
 CVE-2022-28462 (novel-plus 3.6.0 suffers from an Arbitrary file reading vulnerability. ...)
-	TODO: check
+	NOT-FOR-US: Novel-plus
 CVE-2022-28461 (mingyuefusu Library Management System all versions as of 03-27-2022 is ...)
 	NOT-FOR-US: mingyuefusu Library Management System
 CVE-2022-28460
@@ -6473,11 +6473,11 @@ CVE-2022-28167
 CVE-2022-28166
 	RESERVED
 CVE-2022-28165 (A vulnerability in the role-based access control (RBAC) functionality  ...)
-	TODO: check
+	NOT-FOR-US: Brocade SANnav
 CVE-2022-28164 (Brocade SANnav before SANnav 2.2.0 application uses the Blowfish symme ...)
-	TODO: check
+	NOT-FOR-US: Brocade SANnav
 CVE-2022-28163 (In Brocade SANnav before Brocade SANnav 2.2.0, multiple endpoints asso ...)
-	TODO: check
+	NOT-FOR-US: Brocade SANnav
 CVE-2022-28162
 	RESERVED
 CVE-2022-28161
@@ -6775,7 +6775,7 @@ CVE-2022-28122
 CVE-2022-28121
 	RESERVED
 CVE-2022-28120 (Beijing Runnier Network Technology Co., Ltd Open virtual simulation ex ...)
-	TODO: check
+	NOT-FOR-US: Beijing Runnier Network Technology
 CVE-2022-28119
 	RESERVED
 CVE-2022-28118 (SiteServer CMS v7.x allows attackers to execute arbitrary code via a c ...)
@@ -6856,7 +6856,7 @@ CVE-2022-28083
 CVE-2022-28082 (Tenda AX12 v22.03.01.21_CN was discovered to contain a stack overflow  ...)
 	NOT-FOR-US: Tenda
 CVE-2022-28081 (A reflected cross-site scripting (XSS) vulnerability in the component  ...)
-	TODO: check
+	NOT-FOR-US: khaled-alshamaa/ar-php
 CVE-2022-28080 (Royal Event Management System v1.0 was discovered to contain a SQL inj ...)
 	NOT-FOR-US: Royal Event Management System
 CVE-2022-28079 (College Management System v1.0 was discovered to contain a SQL injecti ...)
@@ -7268,7 +7268,7 @@ CVE-2022-27905 (In ControlUp Real-Time Agent before 8.6, an unquoted path can re
 CVE-2022-27904
 	RESERVED
 CVE-2022-27903 (An OS Command Injection vulnerability in the configuration parser of E ...)
-	TODO: check
+	NOT-FOR-US: EVE-NG Professional
 CVE-2022-27902
 	REJECTED
 CVE-2022-27901
@@ -8095,7 +8095,7 @@ CVE-2022-27590
 CVE-2022-27589
 	RESERVED
 CVE-2022-27588 (We have already fixed this vulnerability in the following versions of  ...)
-	TODO: check
+	NOT-FOR-US: QNAP
 CVE-2022-27587
 	RESERVED
 CVE-2022-27586
@@ -8280,17 +8280,17 @@ CVE-2022-27233
 CVE-2022-27229
 	RESERVED
 CVE-2022-27183 (The Monitoring Console app configured in Distributed mode allows for a ...)
-	TODO: check
+	NOT-FOR-US: Splunk
 CVE-2022-27180
 	RESERVED
 CVE-2022-26889 (The lack of sanitization in a relative url path in a search parameter  ...)
-	TODO: check
+	NOT-FOR-US: Splunk
 CVE-2022-26888
 	RESERVED
 CVE-2022-26840
 	RESERVED
 CVE-2022-26070 (When handling a mismatched pre-authentication cookie, the application  ...)
-	TODO: check
+	NOT-FOR-US: Splunk
 CVE-2022-26024
 	RESERVED
 CVE-2022-26017
@@ -12751,7 +12751,7 @@ CVE-2022-25346
 CVE-2022-25345
 	RESERVED
 CVE-2022-25324 (All versions of package bignum are vulnerable to Denial of Service (Do ...)
-	TODO: check
+	NOT-FOR-US: justmoon/node-bignum
 CVE-2022-25304
 	RESERVED
 CVE-2022-25303



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/af433ced751ea6ac4a1f7d75f40b1dd1c89a331b

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/af433ced751ea6ac4a1f7d75f40b1dd1c89a331b
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220509/a191802b/attachment.htm>

More information about the debian-security-tracker-commits mailing list