[Git][security-tracker-team/security-tracker][master] Process some NFUs

Neil Williams (@codehelp) codehelp at debian.org
Wed May 18 11:42:22 BST 2022



Neil Williams pushed to branch master at Debian Security Tracker / security-tracker


Commits:
35be4da3 by Neil Williams at 2022-05-18T11:41:47+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -17308,7 +17308,7 @@ CVE-2022-24858 (next-auth v3 users before version 3.29.2 are impacted. next-auth
 CVE-2022-24857 (django-mfa3 is a library that implements multi factor authentication f ...)
 	NOT-FOR-US: django-mfa3
 CVE-2022-24856 (FlyteConsole is the web user interface for the Flyte platform. FlyteCo ...)
-	TODO: check
+	NOT-FOR-US: flyteorg/flyteconsole
 CVE-2022-24855 (Metabase is an open source business intelligence and analytics applica ...)
 	NOT-FOR-US: Metabase
 CVE-2022-24854 (Metabase is an open source business intelligence and analytics applica ...)
@@ -18191,7 +18191,7 @@ CVE-2022-24613 (metadata-extractor up to 2.16.0 can throw various uncaught excep
 CVE-2022-24612 (An authenticated user can upload an XML file containing an XSS via the ...)
 	NOT-FOR-US: EyesOfNetwork (EON) eonweb
 CVE-2022-24611 (Denial of Service (DoS) in the Z-Wave S0 NonceGet protocol specificati ...)
-	TODO: check
+	NOT-FOR-US: Z-Wave devices
 CVE-2022-24610 (Settings/network settings/wireless settings on the Alecto DVC-215IP ca ...)
 	NOT-FOR-US: Alecto
 CVE-2022-24609 (Luocms v2.0 is affected by an incorrect access control vulnerability.  ...)
@@ -18749,19 +18749,19 @@ CVE-2022-24396 (The Simple Diagnostics Agent - versions 1.0 up to version 1.57,
 CVE-2022-24395 (SAP NetWeaver Enterprise Portal - versions 7.10, 7.11, 7.20, 7.30, 7.3 ...)
 	NOT-FOR-US: SAP
 CVE-2022-24394 (Vulnerability in Fidelis Network and Deception CommandPost enables aut ...)
-	TODO: check
+	NOT-FOR-US: Fidelis
 CVE-2022-24393 (Vulnerability in Fidelis Network and Deception CommandPost enables aut ...)
-	TODO: check
+	NOT-FOR-US: Fidelis
 CVE-2022-24392 (Vulnerability in Fidelis Network and Deception CommandPost enables aut ...)
-	TODO: check
+	NOT-FOR-US: Fidelis
 CVE-2022-24391 (Vulnerability in Fidelis Network and Deception CommandPost enables SQL ...)
-	TODO: check
+	NOT-FOR-US: Fidelis
 CVE-2022-24390 (Vulnerability in rconfig “remote_text_file” enables an att ...)
-	TODO: check
+	NOT-FOR-US: Fidelis
 CVE-2022-24389 (Vulnerability in rconfig “cert_utils” enables an attacker  ...)
-	TODO: check
+	NOT-FOR-US: Fidelis
 CVE-2022-24388 (Vulnerability in rconfig “date” enables an attacker with u ...)
-	TODO: check
+	NOT-FOR-US: Fidelis
 CVE-2022-24387 (With administrator or admin privileges the application can be tricked  ...)
 	NOT-FOR-US: SmarterTrack
 CVE-2022-24386 (Stored XSS in SmarterTools SmarterTrack This issue affects: SmarterToo ...)
@@ -19800,7 +19800,7 @@ CVE-2022-24110 (Kiteworks MFT 7.5 may allow an unauthorized user to reset other
 CVE-2022-24109
 	RESERVED
 CVE-2022-24108 (The Skyoftech So Listing Tabs module 2.2.0 for OpenCart allows a remot ...)
-	TODO: check
+	NOT-FOR-US: OpenCart plugin
 CVE-2022-24107
 	RESERVED
 CVE-2022-24106
@@ -21582,7 +21582,7 @@ CVE-2022-23708 (A flaw was discovered in Elasticsearch 7.17.0’s upgrade as
 CVE-2022-23707 (An XSS vulnerability was found in Kibana index patterns. Using this vu ...)
 	- kibana <itp> (bug #700337)
 CVE-2022-23706 (A remote cross-site scripting (xss) vulnerability was discovered in HP ...)
-	TODO: check
+	NOT-FOR-US: HPE OneView
 CVE-2022-23705 (A security vulnerability has been identified in HPE Nimble Storage Hyb ...)
 	NOT-FOR-US: HPE
 CVE-2022-23704 (A potential security vulnerability has been identified in Integrated L ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/35be4da3b4a9a58e9b1bf324603e1a9e3c15e8ba

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/35be4da3b4a9a58e9b1bf324603e1a9e3c15e8ba
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220518/ca2ba8f5/attachment-0001.htm>


More information about the debian-security-tracker-commits mailing list