[Git][security-tracker-team/security-tracker][master] Process some NFUs

Neil Williams (@codehelp) codehelp at debian.org
Fri May 13 08:53:13 BST 2022 


Neil Williams pushed to branch master at Debian Security Tracker / security-tracker


Commits:
027fcd26 by Neil Williams at 2022-05-13T08:52:56+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -13656,7 +13656,7 @@ CVE-2022-25768
 CVE-2022-25763
 	RESERVED
 CVE-2022-21182 (A privilege escalation vulnerability exists in the router configuratio ...)
-	TODO: check
+	NOT-FOR-US: InHand Networks InRouter302
 CVE-2022-0734
 	RESERVED
 CVE-2022-0733
@@ -13904,9 +13904,9 @@ CVE-2022-24910 (A buffer overflow vulnerability exists in the httpd parse_ping_r
 CVE-2022-23985 (The affected product is vulnerable to an out-of-bounds write while pro ...)
 	NOT-FOR-US: FATEK Automation
 CVE-2022-21809 (A file write vulnerability exists in the httpd upload.cgi functionalit ...)
-	TODO: check
+	NOT-FOR-US: InHand Networks InRouter302
 CVE-2022-21238 (A cross-site scripting (xss) vulnerability exists in the info.jsp func ...)
-	TODO: check
+	NOT-FOR-US: InHand Networks InRouter302
 CVE-2022-21209 (The affected product is vulnerable to an out-of-bounds read while proc ...)
 	NOT-FOR-US: FATEK Automation
 CVE-2022-0730 (Under certain ldap conditions, Cacti authentication can be bypassed wi ...)
@@ -20329,7 +20329,7 @@ CVE-2022-23781
 CVE-2022-23780
 	RESERVED
 CVE-2022-21147 (An out of bounds read vulnerability exists in the malware scan functio ...)
-	TODO: check
+	NOT-FOR-US: ESTsoft Alyac
 CVE-2022-0323 (Improper Neutralization of Special Elements Used in a Template Engine  ...)
 	NOT-FOR-US: Mustache (implementation in PHP)
 CVE-2022-0322 (A flaw was found in the sctp_make_strreset_req function in net/sctp/sm ...)
@@ -21991,7 +21991,7 @@ CVE-2022-23281 (Windows Common Log File System Driver Information Disclosure Vul
 CVE-2022-23280 (Microsoft Outlook for Mac Security Feature Bypass Vulnerability. ...)
 	NOT-FOR-US: Microsoft
 CVE-2022-23279 (Windows ALPC Elevation of Privilege Vulnerability. ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2022-23278 (Microsoft Defender for Endpoint Spoofing Vulnerability. ...)
 	NOT-FOR-US: Microsoft
 CVE-2022-23277 (Microsoft Exchange Server Remote Code Execution Vulnerability. ...)
@@ -22009,7 +22009,7 @@ CVE-2022-23272 (Microsoft Dynamics GP Elevation Of Privilege Vulnerability. This
 CVE-2022-23271 (Microsoft Dynamics GP Elevation Of Privilege Vulnerability. This CVE I ...)
 	NOT-FOR-US: Microsoft
 CVE-2022-23270 (Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability. ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2022-23269 (Microsoft Dynamics GP Spoofing Vulnerability. ...)
 	NOT-FOR-US: Microsoft
 CVE-2022-23268 (Windows Hyper-V Denial of Service Vulnerability. ...)
@@ -22487,7 +22487,7 @@ CVE-2022-23139
 CVE-2022-23138
 	RESERVED
 CVE-2022-23137 (ZTE's ZXCDN product has a reflective XSS vulnerability. The attacker c ...)
-	TODO: check
+	NOT-FOR-US: ZXCDN
 CVE-2022-23136 (There is a stored XSS vulnerability in ZTE home gateway product. An at ...)
 	NOT-FOR-US: ZTE
 CVE-2022-23135 (There is a directory traversal vulnerability in some home gateway prod ...)
@@ -23804,7 +23804,7 @@ CVE-2022-22776
 CVE-2022-22775
 	RESERVED
 CVE-2022-22774 (The DOM XML parser and SAX XML parser components of TIBCO Software Inc ...)
-	TODO: check
+	NOT-FOR-US: TIBCO
 CVE-2022-22773
 	RESERVED
 CVE-2022-22772 (The cfsend, cfrecv, and CyberResp components of TIBCO Software Inc.'s  ...)
@@ -24170,7 +24170,7 @@ CVE-2022-22715 (Named Pipe File System Elevation of Privilege Vulnerability. ...
 CVE-2022-22714
 	RESERVED
 CVE-2022-22713 (Windows Hyper-V Denial of Service Vulnerability. ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2022-22712 (Windows Hyper-V Denial of Service Vulnerability. ...)
 	NOT-FOR-US: Microsoft
 CVE-2022-22711
@@ -28474,23 +28474,23 @@ CVE-2022-22021
 CVE-2022-22020
 	RESERVED
 CVE-2022-22019 (Remote Procedure Call Runtime Remote Code Execution Vulnerability. ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2022-22018
 	RESERVED
 CVE-2022-22017 (Remote Desktop Client Remote Code Execution Vulnerability. ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2022-22016 (Windows PlayToManager Elevation of Privilege Vulnerability. ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2022-22015 (Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerabi ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2022-22014 (Windows LDAP Remote Code Execution Vulnerability. This CVE ID is uniqu ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2022-22013 (Windows LDAP Remote Code Execution Vulnerability. This CVE ID is uniqu ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2022-22012 (Windows LDAP Remote Code Execution Vulnerability. This CVE ID is uniqu ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2022-22011 (Windows Graphics Component Information Disclosure Vulnerability. This  ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2022-22010 (Media Foundation Information Disclosure Vulnerability. This CVE ID is  ...)
 	NOT-FOR-US: Microsoft
 CVE-2022-22009 (Windows Hyper-V Remote Code Execution Vulnerability. This CVE ID is un ...)
@@ -28556,7 +28556,7 @@ CVE-2022-21980
 CVE-2022-21979
 	RESERVED
 CVE-2022-21978 (Microsoft Exchange Server Elevation of Privilege Vulnerability. ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2022-21977 (Media Foundation Information Disclosure Vulnerability. This CVE ID is  ...)
 	NOT-FOR-US: Microsoft
 CVE-2022-21976
@@ -28568,7 +28568,7 @@ CVE-2022-21974 (Roaming Security Rights Management Services Remote Code Executio
 CVE-2022-21973 (Windows Media Center Update Denial of Service Vulnerability. ...)
 	NOT-FOR-US: Microsoft
 CVE-2022-21972 (Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability. ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2022-21971 (Windows Runtime Remote Code Execution Vulnerability. ...)
 	NOT-FOR-US: Microsoft
 CVE-2022-21970 (Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability.  ...)
@@ -39812,15 +39812,15 @@ CVE-2022-20123
 CVE-2022-20122
 	RESERVED
 CVE-2022-20121 (In getNodeValue of USCCDMPlugin.java, there is a possible disclosure o ...)
-	TODO: check
+	NOT-FOR-US: Pixel
 CVE-2022-20120 (Product: AndroidVersions: Android kernelAndroid ID: A-203213034Referen ...)
-	TODO: check
+	NOT-FOR-US: Pixel
 CVE-2022-20119 (In private_handle_t of mali_gralloc_buffer.h, there is a possible info ...)
-	TODO: check
+	NOT-FOR-US: Pixel
 CVE-2022-20118 (In ion_ioctl and related functions of ion.c, there is a possible use a ...)
-	TODO: check
+	NOT-FOR-US: Pixel
 CVE-2022-20117 (In (TBD) of (TBD), there is a possible way to decrypt local data encry ...)
-	TODO: check
+	NOT-FOR-US: Pixel
 CVE-2022-20116 (In onEntryUpdated of OngoingCallController.kt, it is possible to launc ...)
 	NOT-FOR-US: Android
 CVE-2022-20115 (In broadcastServiceStateChanged of TelephonyRegistry.java, there is a  ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/027fcd26aafb19c3f0852a08f87e1364d10296f0

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/027fcd26aafb19c3f0852a08f87e1364d10296f0
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220513/f3a0c4dd/attachment.htm>

More information about the debian-security-tracker-commits mailing list