[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue May 10 21:53:38 BST 2022 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
c750ee89 by Salvatore Bonaccorso at 2022-05-10T22:53:22+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1690,29 +1690,29 @@ CVE-2022-29885
 CVE-2022-29884
 	RESERVED
 CVE-2022-29883 (A vulnerability has been identified in SICAM P850 (All versions < V ...)
-	TODO: check
+	NOT-FOR-US: Siemens
 CVE-2022-29882 (A vulnerability has been identified in SICAM P850 (All versions < V ...)
-	TODO: check
+	NOT-FOR-US: Siemens
 CVE-2022-29881 (A vulnerability has been identified in SICAM P850 (All versions < V ...)
-	TODO: check
+	NOT-FOR-US: Siemens
 CVE-2022-29880 (A vulnerability has been identified in SICAM P850 (All versions < V ...)
-	TODO: check
+	NOT-FOR-US: Siemens
 CVE-2022-29879 (A vulnerability has been identified in SICAM P850 (All versions < V ...)
-	TODO: check
+	NOT-FOR-US: Siemens
 CVE-2022-29878 (A vulnerability has been identified in SICAM P850 (All versions < V ...)
-	TODO: check
+	NOT-FOR-US: Siemens
 CVE-2022-29877 (A vulnerability has been identified in SICAM P850 (All versions < V ...)
-	TODO: check
+	NOT-FOR-US: Siemens
 CVE-2022-29876 (A vulnerability has been identified in SICAM P850 (All versions < V ...)
-	TODO: check
+	NOT-FOR-US: Siemens
 CVE-2022-29875
 	RESERVED
 CVE-2022-29874 (A vulnerability has been identified in SICAM P850 (All versions < V ...)
-	TODO: check
+	NOT-FOR-US: Siemens
 CVE-2022-29873 (A vulnerability has been identified in SICAM P850 (All versions < V ...)
-	TODO: check
+	NOT-FOR-US: Siemens
 CVE-2022-29872 (A vulnerability has been identified in SICAM P850 (All versions < V ...)
-	TODO: check
+	NOT-FOR-US: Siemens
 CVE-2022-29518
 	RESERVED
 CVE-2022-29513
@@ -3350,23 +3350,23 @@ CVE-2022-29331
 CVE-2022-29330
 	RESERVED
 CVE-2022-29329 (D-Link DAP-1330_OSS-firmware_1.00b21 was discovered to contain a heap  ...)
-	TODO: check
+	NOT-FOR-US: D-Link
 CVE-2022-29328 (D-Link DAP-1330_OSS-firmware_1.00b21 was discovered to contain a stack ...)
-	TODO: check
+	NOT-FOR-US: D-Link
 CVE-2022-29327 (D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a stack overflo ...)
-	TODO: check
+	NOT-FOR-US: D-Link
 CVE-2022-29326 (D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a stack overflo ...)
-	TODO: check
+	NOT-FOR-US: D-Link
 CVE-2022-29325 (D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a stack overflo ...)
-	TODO: check
+	NOT-FOR-US: D-Link
 CVE-2022-29324 (D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a stack overflo ...)
-	TODO: check
+	NOT-FOR-US: D-Link
 CVE-2022-29323 (D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a stack overflo ...)
-	TODO: check
+	NOT-FOR-US: D-Link
 CVE-2022-29322 (D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a stack overflo ...)
-	TODO: check
+	NOT-FOR-US: D-Link
 CVE-2022-29321 (D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a stack overflo ...)
-	TODO: check
+	NOT-FOR-US: D-Link
 CVE-2022-29320
 	RESERVED
 CVE-2022-29319
@@ -4139,17 +4139,17 @@ CVE-2022-29035 (In JetBrains Ktor Native before version 2.0.0 random values used
 CVE-2022-29034
 	RESERVED
 CVE-2022-29033 (A vulnerability has been identified in JT2Go (All versions < V13.3. ...)
-	TODO: check
+	NOT-FOR-US: JT2Go / Siemens
 CVE-2022-29032 (A vulnerability has been identified in JT2Go (All versions < V13.3. ...)
-	TODO: check
+	NOT-FOR-US: JT2Go / Siemens
 CVE-2022-29031 (A vulnerability has been identified in JT2Go (All versions < V13.3. ...)
-	TODO: check
+	NOT-FOR-US: JT2Go / Siemens
 CVE-2022-29030 (A vulnerability has been identified in JT2Go (All versions < V13.3. ...)
-	TODO: check
+	NOT-FOR-US: JT2Go / Siemens
 CVE-2022-29029 (A vulnerability has been identified in JT2Go (All versions < V13.3. ...)
-	TODO: check
+	NOT-FOR-US: JT2Go / Siemens
 CVE-2022-29028 (A vulnerability has been identified in JT2Go (All versions < V13.3. ...)
-	TODO: check
+	NOT-FOR-US: JT2Go / Siemens
 CVE-2022-1315
 	RESERVED
 CVE-2022-1314
@@ -4477,27 +4477,27 @@ CVE-2022-28917
 CVE-2022-28916
 	RESERVED
 CVE-2022-28915 (D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a command injec ...)
-	TODO: check
+	NOT-FOR-US: D-Link
 CVE-2022-28914
 	RESERVED
 CVE-2022-28913 (TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a comman ...)
-	TODO: check
+	NOT-FOR-US: TOTOLink
 CVE-2022-28912 (TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a comman ...)
-	TODO: check
+	NOT-FOR-US: TOTOLink
 CVE-2022-28911 (TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a comman ...)
-	TODO: check
+	NOT-FOR-US: TOTOLink
 CVE-2022-28910 (TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a comman ...)
-	TODO: check
+	NOT-FOR-US: TOTOLink
 CVE-2022-28909 (TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a comman ...)
-	TODO: check
+	NOT-FOR-US: TOTOLink
 CVE-2022-28908 (TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a comman ...)
-	TODO: check
+	NOT-FOR-US: TOTOLink
 CVE-2022-28907 (TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a comman ...)
-	TODO: check
+	NOT-FOR-US: TOTOLink
 CVE-2022-28906 (TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a comman ...)
-	TODO: check
+	NOT-FOR-US: TOTOLink
 CVE-2022-28905 (TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a comman ...)
-	TODO: check
+	NOT-FOR-US: TOTOLink
 CVE-2022-28904
 	RESERVED
 CVE-2022-28903
@@ -4505,7 +4505,7 @@ CVE-2022-28903
 CVE-2022-28902
 	RESERVED
 CVE-2022-28901 (A command injection vulnerability in the component /SetTriggerLEDBlink ...)
-	TODO: check
+	NOT-FOR-US: D-Link
 CVE-2022-28900
 	RESERVED
 CVE-2022-28899
@@ -4515,9 +4515,9 @@ CVE-2022-28898
 CVE-2022-28897
 	RESERVED
 CVE-2022-28896 (A command injection vulnerability in the component /setnetworksettings ...)
-	TODO: check
+	NOT-FOR-US: D-Link
 CVE-2022-28895 (A command injection vulnerability in the component /setnetworksettings ...)
-	TODO: check
+	NOT-FOR-US: D-Link
 CVE-2022-28894
 	RESERVED
 CVE-2022-28893 (The SUNRPC subsystem in the Linux kernel through 5.17.2 can call xs_xp ...)
@@ -6914,7 +6914,7 @@ CVE-2022-28112
 CVE-2022-28111 (MyBatis PageHelper v1.x.x-v5.x.x was discovered to contain a time-blin ...)
 	NOT-FOR-US: MyBatis PageHelper
 CVE-2022-28110 (Hotel Management System v1.0 was discovered to contain a SQL injection ...)
-	TODO: check
+	NOT-FOR-US: Hotel Management System
 CVE-2022-28109 (Selenium Selenium Grid (formerly Selenium Standalone Server) Fixed in  ...)
 	NOT-FOR-US: Selenium
 CVE-2022-28108 (Selenium Server (Grid) before 4 allows CSRF because it permits non-JSO ...)
@@ -8048,7 +8048,7 @@ CVE-2022-28352 (WeeChat (aka Wee Enhanced Environment for Chat) 3.2 to 3.4 befor
 	NOTE: Fixed by: https://github.com/weechat/weechat/commit/710247891cdfd4e66ee6d1715e93626def6871f1 (v3.4.1)
 	NOTE: weechat.network.gnutls_ca_system/gnutls_ca_user introduced by: https://github.com/weechat/weechat/commit/c588ee21bc8fd33678893d5c67616033281032e3 (v3.2-rc1)
 CVE-2022-27653 (A vulnerability has been identified in Simcenter Femap (All versions & ...)
-	TODO: check
+	NOT-FOR-US: Siemens
 CVE-2022-27652 (A flaw was found in cri-o, where containers were incorrectly started w ...)
 	NOT-FOR-US: cri-o
 CVE-2022-27651 (A flaw was found in buildah where containers were incorrectly started  ...)
@@ -8079,7 +8079,7 @@ CVE-2022-27642
 CVE-2022-27641
 	RESERVED
 CVE-2022-27640 (A vulnerability has been identified in SIMATIC CP 442-1 RNA (All versi ...)
-	TODO: check
+	NOT-FOR-US: Siemens
 CVE-2022-1055 (A use-after-free exists in the Linux Kernel in tc_new_tfilter that cou ...)
 	- linux 5.16.7-1
 	[bullseye] - linux 5.10.103-1
@@ -8651,7 +8651,7 @@ CVE-2022-27414
 CVE-2022-27413 (Hospital Management System v1.0 was discovered to contain a SQL inject ...)
 	NOT-FOR-US: Hospital Management System
 CVE-2022-27412 (Explore CMS v1.0 was discovered to contain a SQL injection vulnerabili ...)
-	TODO: check
+	NOT-FOR-US: Explore CMS
 CVE-2022-27411 (TOTOLINK N600R v5.3c.5507_B20171031 was discovered to contain a comman ...)
 	NOT-FOR-US: TOTOLINK
 CVE-2022-27410
@@ -9950,9 +9950,9 @@ CVE-2022-26990 (Arris routers SBR-AC1900P 1.0.7-B05, SBR-AC3200P 1.0.7-B05 and S
 CVE-2022-26989
 	RESERVED
 CVE-2022-26988 (TP-Link TL-WDR7660 2.0.30, Mercury D196G 20200109_2.0.4, and Fast FAC1 ...)
-	TODO: check
+	NOT-FOR-US: TP-Link
 CVE-2022-26987 (TP-Link TL-WDR7660 2.0.30, Mercury D196G 20200109_2.0.4, and Fast FAC1 ...)
-	TODO: check
+	NOT-FOR-US: TP-Link
 CVE-2022-26986 (SQL Injection in ImpressCMS 1.4.3 and earlier allows remote attackers  ...)
 	NOT-FOR-US: ImpressCMS
 CVE-2022-26985



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c750ee8976ebb179107351e1a4d13f67d007f104

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c750ee8976ebb179107351e1a4d13f67d007f104
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220510/b0061f28/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list