[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) jmm at debian.org
Thu Nov 3 11:37:49 GMT 2022 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
bde03440 by Moritz Muehlenhoff at 2022-11-03T12:35:05+01:00
NFUs
gitlab n/a

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1546,7 +1546,7 @@ CVE-2022-44022 (PwnDoc through 0.5.3 might allow remote attackers to identify va
 CVE-2022-44021
 	RESERVED
 CVE-2022-44020 (An issue was discovered in OpenStack Sushy-Tools through 0.21.0 and Vi ...)
-	TODO: check
+	NOT-FOR-US: OpenStack Sushy-Tools / VirtualBMC
 CVE-2022-44019 (In Total.js 4 before 0e5ace7, /api/common/ping can achieve remote comm ...)
 	NOT-FOR-US: Total.js CMS
 CVE-2022-44018
@@ -2224,7 +2224,7 @@ CVE-2022-3736
 CVE-2022-3735 (A vulnerability was found in seccome Ehoney. It has been rated as crit ...)
 	NOT-FOR-US: seccome Ehoney
 CVE-2022-3734 (A vulnerability was found in Redis. It has been declared as critical.  ...)
-	TODO: check
+	NOTE: Bogus report/assignment for Redis
 CVE-2022-3733 (A vulnerability was found in SourceCodester Web-Based Student Clearanc ...)
 	NOT-FOR-US: SourceCodester Web-Based Student Clearance System
 CVE-2022-3732 (A vulnerability was found in seccome Ehoney and classified as critical ...)
@@ -5603,7 +5603,7 @@ CVE-2022-43150
 CVE-2022-43149
 	RESERVED
 CVE-2022-43148 (rtf2html v0.2.0 was discovered to contain a heap overflow in the compo ...)
-	TODO: check
+	NOT-FOR-US: rtf2html
 CVE-2022-43147
 	RESERVED
 CVE-2022-43146
@@ -5763,11 +5763,11 @@ CVE-2022-43070
 CVE-2022-43069
 	RESERVED
 CVE-2022-43068 (Online Diagnostic Lab Management System v1.0 was discovered to contain ...)
-	TODO: check
+	NOT-FOR-US: Online Diagnostic Lab Management System
 CVE-2022-43067
 	RESERVED
 CVE-2022-43066 (Online Diagnostic Lab Management System v1.0 was discovered to contain ...)
-	TODO: check
+	NOT-FOR-US: Online Diagnostic Lab Management System
 CVE-2022-43065
 	RESERVED
 CVE-2022-43064
@@ -6287,7 +6287,7 @@ CVE-2022-3514
 CVE-2022-3513
 	RESERVED
 CVE-2022-3512 (Using warp-cli command "add-trusted-ssid", a user was able to disconne ...)
-	TODO: check
+	NOT-FOR-US: Cloudflare
 CVE-2022-3511
 	RESERVED
 CVE-2022-3510
@@ -6324,7 +6324,8 @@ CVE-2022-3503 (A vulnerability was found in SourceCodester Purchase Order Manage
 CVE-2022-3502 (A vulnerability was found in Human Resource Management System 1.0. It  ...)
 	NOT-FOR-US: Human Resource Management System
 CVE-2022-3501 (Article template contents with sensitive data could be accessed from a ...)
-	TODO: check
+	NOT-FOR-US: OTRS
+	NOTE: Issue is listed as specific to 8.x, so won't affect Znuny which forked from 6.x
 CVE-2022-3500
 	RESERVED
 	NOT-FOR-US: keylime
@@ -6361,7 +6362,7 @@ CVE-2022-42909
 CVE-2022-42908
 	RESERVED
 CVE-2022-3499 (An authenticated attacker could utilize the identical agent and cluste ...)
-	TODO: check
+	NOT-FOR-US: Nessus
 CVE-2022-3498
 	RESERVED
 CVE-2022-3497 (A vulnerability was found in SourceCodester Human Resource Management  ...)
@@ -9182,7 +9183,7 @@ CVE-2022-37410
 CVE-2022-37409
 	RESERVED
 CVE-2022-41743 (NGINX Plus before versions R27 P1 and R26 P1 have a vulnerability in t ...)
-	TODO: check
+	NOT-FOR-US: NGINX Plus
 CVE-2022-41742 (NGINX Open Source before versions 1.23.2 and 1.22.1, NGINX Open Source ...)
 	TODO: check
 CVE-2022-41741 (NGINX Open Source before versions 1.23.2 and 1.22.1, NGINX Open Source ...)
@@ -9562,7 +9563,7 @@ CVE-2022-3339 (A reflected cross-site scripting (XSS) vulnerability in ePO prior
 CVE-2022-3338 (An External XML entity (XXE) vulnerability in ePO prior to 5.10 Update ...)
 	NOT-FOR-US: Trellix ePolicy Orchestrator
 CVE-2022-3337 (It was possible for a user to delete a VPN profile from WARP mobile cl ...)
-	TODO: check
+	NOT-FOR-US: Cloudflare
 CVE-2022-3336
 	RESERVED
 CVE-2022-3335 (The Kadence WooCommerce Email Designer WordPress plugin before 1.5.7 u ...)
@@ -9574,7 +9575,7 @@ CVE-2022-3333 (A vulnerability, which was classified as problematic, was found i
 CVE-2022-3332 (A vulnerability classified as critical has been found in SourceCodeste ...)
 	NOT-FOR-US: SourceCodester Food Ordering Management System
 CVE-2022-3331 (An issue has been discovered in GitLab EE affecting all versions start ...)
-	TODO: check
+	- gitlab <not-affected> (Only affects EE)
 CVE-2022-3330 (It was possible for a guest user to read a todo targeting an inaccessi ...)
 	- gitlab <unfixed>
 CVE-2022-3329
@@ -9659,11 +9660,11 @@ CVE-2022-41556 (A resource leak in gw_backend.c in lighttpd 1.4.56 through 1.4.6
 CVE-2022-40690 (Cross-site scripting vulnerability in BookStack versions prior to v22. ...)
 	NOT-FOR-US: BookStack
 CVE-2022-3322 (Lock Warp switch is a feature of Zero Trust platform which, when enabl ...)
-	TODO: check
+	NOT-FOR-US: Cloudflare
 CVE-2022-3321 (It was possible to bypass Lock WARP switch feature https://developers. ...)
-	TODO: check
+	NOT-FOR-US: Cloudflare
 CVE-2022-3320 (It was possible to bypass policies configured for Zero Trust Secure We ...)
-	TODO: check
+	NOT-FOR-US: Cloudflare
 CVE-2022-3319
 	RESERVED
 CVE-2022-3318 (Use after free in ChromeOS Notifications in Google Chrome on ChromeOS  ...)
@@ -9741,7 +9742,7 @@ CVE-2022-41553 (Insertion of Sensitive Information into Temporary File vulnerabi
 CVE-2022-41552 (Server-Side Request Forgery (SSRF) vulnerability in Hitachi Infrastruc ...)
 	NOT-FOR-US: Hitachi
 CVE-2022-41551 (Garage Management System v1.0 was discovered to contain a SQL injectio ...)
-	TODO: check
+	NOT-FOR-US: Garage Management System
 CVE-2022-41550 (GNU oSIP v5.3.0 was discovered to contain an integer overflow via the  ...)
 	- libosip2 <unfixed> (bug #1021662)
 	[bullseye] - libosip2 <no-dsa> (Minor issue)
@@ -9753,7 +9754,7 @@ CVE-2022-41549
 CVE-2022-41548
 	RESERVED
 CVE-2022-41547 (Mobile Security Framework (MobSF) v0.9.2 and below was discovered to c ...)
-	TODO: check
+	NOT-FOR-US: Mobile Security Framework
 CVE-2022-41546
 	RESERVED
 CVE-2022-41545



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bde0344093f2fc6265fbb590ad0b79513d84eaa1

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bde0344093f2fc6265fbb590ad0b79513d84eaa1
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221103/81f5e337/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list