[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri Nov 4 20:48:19 GMT 2022 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
016160b3 by Salvatore Bonaccorso at 2022-11-04T21:47:23+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -47,7 +47,7 @@ CVE-2022-44726
 CVE-2022-44725
 	RESERVED
 CVE-2022-44724 (The Handy Tip macro in Stiltsoft Handy Macros for Confluence Server/Da ...)
-	TODO: check
+	NOT-FOR-US: Stiltsoft
 CVE-2022-44723
 	RESERVED
 CVE-2022-44722
@@ -10814,7 +10814,7 @@ CVE-2022-3342
 CVE-2022-3341
 	RESERVED
 CVE-2022-3340 (XML External Entity (XXE) vulnerability in Trellix IPS Manager prior t ...)
-	TODO: check
+	NOT-FOR-US: Trellix IPS Manager
 CVE-2022-3339 (A reflected cross-site scripting (XSS) vulnerability in ePO prior to 5 ...)
 	NOT-FOR-US: Trellix ePolicy Orchestrator
 CVE-2022-3338 (An External XML entity (XXE) vulnerability in ePO prior to 5.10 Update ...)
@@ -14073,7 +14073,7 @@ CVE-2022-40265
 CVE-2022-40264
 	RESERVED
 CVE-2022-40263 (BD Totalys MultiProcessor, versions 1.70 and earlier, contain hardcode ...)
-	TODO: check
+	NOT-FOR-US: BD Totalys MultiProcessor
 CVE-2022-40262 (A potential attacker can execute an arbitrary code at the time of the  ...)
 	NOT-FOR-US: AMI
 CVE-2022-40261 (An attacker can exploit this vulnerability to elevate privileges from  ...)
@@ -16077,7 +16077,7 @@ CVE-2022-39389
 CVE-2022-39388
 	RESERVED
 CVE-2022-39387 (XWiki OIDC has various tools to manipulate OpenID Connect protocol in  ...)
-	TODO: check
+	NOT-FOR-US: XWiki
 CVE-2022-39386
 	RESERVED
 CVE-2022-39385
@@ -18448,7 +18448,7 @@ CVE-2022-38584
 CVE-2022-38583
 	RESERVED
 CVE-2022-38582 (Incorrect access control in the anti-virus driver wsdkd.sys of Watchdo ...)
-	TODO: check
+	NOT-FOR-US: Watchdog Antivirus
 CVE-2022-38581
 	RESERVED
 CVE-2022-38580 (Zalando Skipper v0.13.236 is vulnerable to Server-Side Request Forgery ...)
@@ -19180,9 +19180,9 @@ CVE-2022-2852 (Use after free in FedCM in Google Chrome prior to 104.0.5112.101
 	- chromium 104.0.5112.101-1
 	[buster] - chromium <end-of-life> (see DSA 5046)
 CVE-2022-38381 (An improper handling of malformed request vulnerability [CWE-228] exis ...)
-	TODO: check
+	NOT-FOR-US: FortiGuard
 CVE-2022-38380 (An improper access control [CWE-284] vulnerability in FortiOS version  ...)
-	TODO: check
+	NOT-FOR-US: FortiGuard
 CVE-2022-38379
 	RESERVED
 CVE-2022-38378
@@ -19194,11 +19194,11 @@ CVE-2022-38376
 CVE-2022-38375
 	RESERVED
 CVE-2022-38374 (A improper neutralization of input during web page generation ('cross- ...)
-	TODO: check
+	NOT-FOR-US: FortiGuard
 CVE-2022-38373 (An improper neutralization of input during web page generation vulnera ...)
-	TODO: check
+	NOT-FOR-US: FortiGuard
 CVE-2022-38372 (A hidden functionality vulnerability [CWE-1242] in FortiTester CLI 2.3 ...)
-	TODO: check
+	NOT-FOR-US: FortiGuard
 CVE-2022-38371 (A vulnerability has been identified in Nucleus NET (All versions), Nuc ...)
 	NOT-FOR-US: Siemens
 CVE-2022-38370 (Apache IoTDB grafana-connector version 0.13.0 contains an interface wi ...)
@@ -19853,7 +19853,7 @@ CVE-2022-2760 (In affected versions of Octopus Deploy it is possible to reveal t
 CVE-2022-38169
 	RESERVED
 CVE-2022-38168 (Broken Access Control in User Authentication in Avaya Scopia Pathfinde ...)
-	TODO: check
+	NOT-FOR-US: Avaya Scopia Pathfinder
 CVE-2022-38167
 	RESERVED
 CVE-2022-38166
@@ -20084,7 +20084,7 @@ CVE-2022-36793 (Unauthenticated Plugin Settings Change & Data Deletion vulne
 CVE-2022-36791 (Authenticated (contributor+) Stored Cross-Site Scripting (XSS) vulnera ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-36428 (Auth. (admin+) Cross-Site Scripting (XSS) vulnerability in Stage Rock  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-36427 (Missing Access Control vulnerability in About Rentals. Inc. About Rent ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-36425 (Broken Access Control vulnerability in Beaver Builder plugin <= 2.5 ...)
@@ -20138,7 +20138,7 @@ CVE-2022-2743
 CVE-2022-2742
 	RESERVED
 CVE-2022-2741 (The denial-of-service can be triggered by transmitting a carefully cra ...)
-	TODO: check
+	NOT-FOR-US: zephyr-rtos
 CVE-2022-2740 (A vulnerability was found in SourceCodester Company Website CMS. It ha ...)
 	NOT-FOR-US: SourceCodester Company Website CMS
 CVE-2022-2739 (The version of podman as released for Red Hat Enterprise Linux 7 Extra ...)
@@ -20421,13 +20421,13 @@ CVE-2022-37932
 CVE-2022-37931
 	RESERVED
 CVE-2022-37930 (A security vulnerability has been identified in HPE Nimble Storage Hyb ...)
-	TODO: check
+	NOT-FOR-US: HPE
 CVE-2022-37929 (Improper Privilege Management vulnerability in Hewlett Packard Enterpr ...)
-	TODO: check
+	NOT-FOR-US: HPE
 CVE-2022-37928 (Insufficient Verification of Data Authenticity vulnerability in Hewlet ...)
-	TODO: check
+	NOT-FOR-US: HPE
 CVE-2022-37927 (URL Redirection to Untrusted Site ('Open Redirect') vulnerability in H ...)
-	TODO: check
+	NOT-FOR-US: HPE
 CVE-2022-37926
 	RESERVED
 CVE-2022-37925
@@ -20457,37 +20457,37 @@ CVE-2022-37914 (Vulnerabilities in the web-based management interface of Aruba E
 CVE-2022-37913 (Vulnerabilities in the web-based management interface of Aruba EdgeCon ...)
 	NOT-FOR-US: Aruba
 CVE-2022-37912 (Authenticated command injection vulnerabilities exist in the ArubaOS c ...)
-	TODO: check
+	NOT-FOR-US: Aruba
 CVE-2022-37911 (Due to improper restrictions on XML entities multiple vulnerabilities  ...)
-	TODO: check
+	NOT-FOR-US: Aruba
 CVE-2022-37910 (A buffer overflow vulnerability exists in the ArubaOS command line int ...)
-	TODO: check
+	NOT-FOR-US: Aruba
 CVE-2022-37909 (Aruba has identified certain configurations of ArubaOS that can lead t ...)
-	TODO: check
+	NOT-FOR-US: Aruba
 CVE-2022-37908 (An authenticated attacker can impact the integrity of the ArubaOS boot ...)
-	TODO: check
+	NOT-FOR-US: Aruba
 CVE-2022-37907 (A vulnerability exists in the ArubaOS bootloader on 7xxx series contro ...)
-	TODO: check
+	NOT-FOR-US: Aruba
 CVE-2022-37906 (An authenticated path traversal vulnerability exists in the ArubaOS co ...)
-	TODO: check
+	NOT-FOR-US: Aruba
 CVE-2022-37905 (Vulnerabilities in ArubaOS running on 7xxx series controllers exist th ...)
-	TODO: check
+	NOT-FOR-US: Aruba
 CVE-2022-37904 (Vulnerabilities in ArubaOS running on 7xxx series controllers exist th ...)
-	TODO: check
+	NOT-FOR-US: Aruba
 CVE-2022-37903 (A vulnerability exists that allows an authenticated attacker to overwr ...)
-	TODO: check
+	NOT-FOR-US: Aruba
 CVE-2022-37902 (Authenticated command injection vulnerabilities exist in the ArubaOS c ...)
-	TODO: check
+	NOT-FOR-US: Aruba
 CVE-2022-37901 (Authenticated command injection vulnerabilities exist in the ArubaOS c ...)
-	TODO: check
+	NOT-FOR-US: Aruba
 CVE-2022-37900 (Authenticated command injection vulnerabilities exist in the ArubaOS c ...)
-	TODO: check
+	NOT-FOR-US: Aruba
 CVE-2022-37899 (Authenticated command injection vulnerabilities exist in the ArubaOS c ...)
-	TODO: check
+	NOT-FOR-US: Aruba
 CVE-2022-37898 (Authenticated command injection vulnerabilities exist in the ArubaOS c ...)
-	TODO: check
+	NOT-FOR-US: Aruba
 CVE-2022-37897 (There is a command injection vulnerability that could lead to unauthen ...)
-	TODO: check
+	NOT-FOR-US: Aruba
 CVE-2022-37896 (A vulnerability in the Aruba InstantOS and ArubaOS 10 web management i ...)
 	NOT-FOR-US: Aruba
 CVE-2022-37895 (An unauthenticated Denial of Service (DoS) vulnerability exists in the ...)
@@ -21925,7 +21925,7 @@ CVE-2022-2629 (The Top Bar WordPress plugin before 3.0.4 does not sanitise and e
 CVE-2022-2628 (The DSGVO All in one for WP WordPress plugin before 4.2 does not sanit ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-2627 (The Newspaper WordPress theme before 12 does not sanitise a parameter  ...)
-	TODO: check
+	NOT-FOR-US: WordPress theme
 CVE-2022-2626 (Incorrect Privilege Assignment in GitHub repository hestiacp/hestiacp  ...)
 	NOT-FOR-US: Hestia Control Panel
 CVE-2022-37348 (Trend Micro Security 2021 and 2022 (Consumer) is vulnerable to an Out- ...)
@@ -22847,7 +22847,7 @@ CVE-2022-37015
 CVE-2022-37014
 	RESERVED
 CVE-2022-2572 (In affected versions of Octopus Server where access is managed by an e ...)
-	TODO: check
+	NOT-FOR-US: Octopus Server
 CVE-2022-2571 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0 ...)
 	- vim 2:9.0.0135-1
 	NOTE: https://huntr.dev/bounties/2e5a1dc4-2dfb-4e5f-8c70-e1ede21f3571/



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/016160b3093e44176faab3a757cb863e20c3536c

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/016160b3093e44176faab3a757cb863e20c3536c
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221104/3d1be47c/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list