[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Nov 1 21:17:59 GMT 2022 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
c5b55dcd by Salvatore Bonaccorso at 2022-11-01T22:17:33+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -75,7 +75,7 @@ CVE-2022-3785 (A vulnerability, which was classified as critical, has been found
 CVE-2022-3784 (A vulnerability classified as critical was found in Axiomatic Bento4 5 ...)
 	NOT-FOR-US: Bento4
 CVE-2022-3783 (A vulnerability, which was classified as problematic, has been found i ...)
-	TODO: check
+	NOT-FOR-US: node-red-dashboard
 CVE-2022-3782
 	RESERVED
 CVE-2022-3781
@@ -1039,7 +1039,7 @@ CVE-2022-44081 (Lodepng v20220717 was discovered to contain a segmentation fault
 CVE-2022-44080
 	RESERVED
 CVE-2022-44079 (pycdc commit 44a730f3a889503014fec94ae6e62d8401cb75e5 was discovered t ...)
-	TODO: check
+	NOT-FOR-US: pycdc
 CVE-2022-44078
 	RESERVED
 CVE-2022-44077
@@ -3591,7 +3591,7 @@ CVE-2022-43754
 CVE-2022-43753
 	RESERVED
 CVE-2022-43752 (** UNSUPPORTED WHEN ASSIGNED ** Oracle Solaris version 10 1/13, when u ...)
-	TODO: check
+	NOT-FOR-US: Oracle Solaris
 CVE-2022-43751
 	RESERVED
 CVE-2022-43750 (drivers/usb/mon/mon_bin.c in usbmon in the Linux kernel before 5.19.15 ...)
@@ -8490,7 +8490,7 @@ CVE-2022-3370 (Use after free in Custom Elements in Google Chrome prior to 106.0
 	- chromium 106.0.5249.91-1
 	[buster] - chromium <end-of-life> (see DSA 5046)
 CVE-2022-3369 (An Improper Access Control vulnerability in the bdservicehost.exe comp ...)
-	TODO: check
+	NOT-FOR-US: Bitdefender
 CVE-2022-3368 (A vulnerability within the Software Updater functionality of Avira Sec ...)
 	NOT-FOR-US: Avira
 CVE-2021-46844
@@ -8631,7 +8631,7 @@ CVE-2022-41636 (Communication traffic involving "Ethernet Q Commands" service of
 CVE-2022-41629 (Delta Electronics InfraSuite Device Master versions 00.00.01a and prio ...)
 	NOT-FOR-US: Delta Electronics
 CVE-2022-41627 (The physical IoT device of the AliveCor's KardiaMobile, a smartphone-b ...)
-	TODO: check
+	NOT-FOR-US: AliveCor
 CVE-2022-41613
 	RESERVED
 CVE-2022-41607
@@ -8655,7 +8655,7 @@ CVE-2022-40202 (The database backup function in Delta Electronics InfraSuite Dev
 CVE-2022-40201
 	RESERVED
 CVE-2022-40190 (SAUTER Controls moduWeb firmware version 2.7.1 is vulnerable to reflec ...)
-	TODO: check
+	NOT-FOR-US: SAUTER Controls moduWeb firmware
 CVE-2022-38355
 	RESERVED
 CVE-2022-38142 (Delta Electronics InfraSuite Device Master versions 00.00.01a and prio ...)
@@ -9173,7 +9173,7 @@ CVE-2021-46840 (The HW_KEYMASTER module has an out-of-bounds access vulnerabilit
 CVE-2021-46839 (The HW_KEYMASTER module has a vulnerability of missing bounds check on ...)
 	NOT-FOR-US: Huawei
 CVE-2020-36605 (Incorrect Default Permissions vulnerability in Hitachi Infrastructure  ...)
-	TODO: check
+	NOT-FOR-US: Hitachi
 CVE-2022-41568
 	RESERVED
 CVE-2022-41567
@@ -11221,7 +11221,7 @@ CVE-2022-3230
 CVE-2022-3229
 	RESERVED
 CVE-2022-3228 (Using custom code, an attacker can write into name or description fiel ...)
-	TODO: check
+	NOT-FOR-US: Host Engineering
 CVE-2022-40742 (Mail SQR Expert system has a Local File Inclusion vulnerability. An un ...)
 	NOT-FOR-US: Mail SQR Expert system
 CVE-2022-40741 (Mail SQR Expert’s specific function has insufficient filtering f ...)
@@ -11229,7 +11229,7 @@ CVE-2022-40741 (Mail SQR Expert’s specific function has insufficient filte
 CVE-2022-40740
 	RESERVED
 CVE-2022-40739 (Ragic report generation page has insufficient filtering for special ch ...)
-	TODO: check
+	NOT-FOR-US: Ragic
 CVE-2022-3227
 	RESERVED
 CVE-2022-3226
@@ -11638,7 +11638,7 @@ CVE-2022-40607
 CVE-2022-3192
 	RESERVED
 CVE-2022-3191 (Insertion of Sensitive Information into Log File vulnerability in Hita ...)
-	TODO: check
+	NOT-FOR-US: Hitachi
 CVE-2022-3190 (Infinite loop in the F5 Ethernet Trailer protocol dissector in Wiresha ...)
 	- wireshark 3.6.8-1
 	[bullseye] - wireshark <no-dsa> (Minor issue)
@@ -11955,7 +11955,7 @@ CVE-2022-40473
 CVE-2022-40472 (ZKTeco Xiamen Information Technology ZKBio Time 8.0.7 Build: 20220721. ...)
 	NOT-FOR-US: ZKTeco Xiamen Information Technology ZKBio Time
 CVE-2022-40471 (Remote Code Execution in Clinic's Patient Management System v 1.0 allo ...)
-	TODO: check
+	NOT-FOR-US: Clinic's Patient Management System
 CVE-2022-40470
 	RESERVED
 CVE-2022-40469 (iKuai OS v3.6.7 was discovered to contain an authenticated remote code ...)
@@ -12340,25 +12340,25 @@ CVE-2022-40298 (Crestron AirMedia for Windows before 5.5.1.84 has insecure inher
 CVE-2022-40297 (** DISPUTED ** UBports Ubuntu Touch 16.04 allows the screen-unlock pas ...)
 	NOT-FOR-US: UBports Ubuntu Touch
 CVE-2022-40296 (The application was vulnerable to a Server-Side Request Forgery attack ...)
-	TODO: check
+	NOT-FOR-US: PHP Point of Sale
 CVE-2022-40295 (The application was vulnerable to an authenticated information disclos ...)
-	TODO: check
+	NOT-FOR-US: PHP Point of Sale
 CVE-2022-40294 (The application was identified to have an CSV injection in data export ...)
-	TODO: check
+	NOT-FOR-US: PHP Point of Sale
 CVE-2022-40293 (The application was vulnerable to a session fixation that could be use ...)
-	TODO: check
+	NOT-FOR-US: PHP Point of Sale
 CVE-2022-40292 (The application allowed for Unauthenticated User Enumeration by intera ...)
-	TODO: check
+	NOT-FOR-US: PHP Point of Sale
 CVE-2022-40291 (The application was vulnerable to Cross-Site Request Forgery (CSRF) at ...)
-	TODO: check
+	NOT-FOR-US: PHP Point of Sale
 CVE-2022-40290 (The application was vulnerable to an unauthenticated Reflected Cross-S ...)
-	TODO: check
+	NOT-FOR-US: PHP Point of Sale
 CVE-2022-40289 (The application was vulnerable to an authenticated Stored Cross-Site S ...)
-	TODO: check
+	NOT-FOR-US: PHP Point of Sale
 CVE-2022-40288 (The application was vulnerable to an authenticated Stored Cross-Site S ...)
-	TODO: check
+	NOT-FOR-US: PHP Point of Sale
 CVE-2022-40287 (The application was found to be vulnerable to an authenticated Stored  ...)
-	TODO: check
+	NOT-FOR-US: PHP Point of Sale
 CVE-2022-40286
 	RESERVED
 CVE-2022-40285



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c5b55dcdd7779f86e22f324edb2f86279b0dc067

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c5b55dcdd7779f86e22f324edb2f86279b0dc067
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221101/757cf6d3/attachment.htm>

More information about the debian-security-tracker-commits mailing list