[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Nov 8 20:58:10 GMT 2022 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
9b563796 by Salvatore Bonaccorso at 2022-11-08T21:57:43+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -16963,7 +16963,7 @@ CVE-2022-39354 (SputnikVM, also called evm, is a Rust implementation of Ethereum
 CVE-2022-39353 (xmldom is a pure JavaScript W3C standard-based (XML DOM Level 2 Core)  ...)
 	TODO: check
 CVE-2022-39352 (OpenFGA is a high-performance authorization/permission engine inspired ...)
-	TODO: check
+	NOT-FOR-US: OpenFGA
 CVE-2022-39351 (Dependency-Track is a Component Analysis platform that allows organiza ...)
 	NOT-FOR-US: Dependency-Track
 CVE-2022-39350 (@dependencytrack/frontend is a Single Page Application (SPA) used in D ...)
@@ -16985,7 +16985,7 @@ CVE-2022-39345 (Gin-vue-admin is a backstage management system based on vue and
 CVE-2022-39344 (Azure RTOS USBX is a USB host, device, and on-the-go (OTG) embedded st ...)
 	NOT-FOR-US: Azure RTOS USBX
 CVE-2022-39343 (Azure RTOS FileX is a FAT-compatible file system that’s fully in ...)
-	TODO: check
+	NOT-FOR-US: Azure RTOS FileX
 CVE-2022-39342 (OpenFGA is an authorization/permission engine. Versions prior to versi ...)
 	NOT-FOR-US: OpenFGA
 CVE-2022-39341 (OpenFGA is an authorization/permission engine. Versions prior to versi ...)
@@ -17528,7 +17528,7 @@ CVE-2022-39159
 CVE-2022-39158 (A vulnerability has been identified in RUGGEDCOM ROS RMC30 V4.X (All v ...)
 	NOT-FOR-US: Siemens
 CVE-2022-39157 (A vulnerability has been identified in Parasolid V34.0 (All versions & ...)
-	TODO: check
+	NOT-FOR-US: Siemens
 CVE-2022-39156 (A vulnerability has been identified in Parasolid V33.1 (All versions & ...)
 	NOT-FOR-US: Siemens
 CVE-2022-39155 (A vulnerability has been identified in Parasolid V33.1 (All versions & ...)
@@ -17570,7 +17570,7 @@ CVE-2022-39138 (A vulnerability has been identified in Parasolid V33.1 (All vers
 CVE-2022-39137 (A vulnerability has been identified in Parasolid V33.1 (All versions & ...)
 	NOT-FOR-US: Siemens
 CVE-2022-39136 (A vulnerability has been identified in JT2Go (All versions < V14.1. ...)
-	TODO: check
+	NOT-FOR-US: Siemens
 CVE-2022-39135 (In Apache Calcite prior to version 1.32.0 the SQL operators EXISTS_NOD ...)
 	NOT-FOR-US: Apache Calcite
 CVE-2022-39134
@@ -17758,7 +17758,7 @@ CVE-2022-39071
 CVE-2022-39070
 	RESERVED
 CVE-2022-39069 (There is a SQL injection vulnerability in ZTE ZAIP-AIE. Due to lack of ...)
-	TODO: check
+	NOT-FOR-US: ZTE
 CVE-2022-39068
 	RESERVED
 CVE-2022-39067
@@ -29395,9 +29395,9 @@ CVE-2022-33177 (Cross-Site Request Forgery (CSRF) vulnerability in WPdevelop/Opl
 CVE-2022-32970
 	RESERVED
 CVE-2022-32776 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Adva ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-32587 (Cross-Site Request Forgery (CSRF) vulnerability in CodeAndMore WP Page ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-30998 (Multiple Authenticated (subscriber or higher user role) SQL Injection  ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-30705
@@ -39361,7 +39361,7 @@ CVE-2022-31201 (SoftGuard Web (SGW) before 5.1.5 allows HTML injection. ...)
 CVE-2022-31200
 	RESERVED
 CVE-2022-31199 (Remote code execution vulnerabilities exist in the Netwrix Auditor Use ...)
-	TODO: check
+	NOT-FOR-US: Netwrix Auditor
 CVE-2022-1797 (A malformed Class 3 common industrial protocol message with a cached c ...)
 	NOT-FOR-US: Rockwell Automation
 CVE-2022-31198 (OpenZeppelin Contracts is a library for secure smart contract developm ...)
@@ -40813,7 +40813,7 @@ CVE-2022-30696 (Local privilege escalation due to a DLL hijacking vulnerability.
 CVE-2022-30695 (Local privilege escalation due to excessive permissions assigned to ch ...)
 	NOT-FOR-US: Acronis
 CVE-2022-30694 (A vulnerability has been identified in SIMATIC Drive Controller family ...)
-	TODO: check
+	NOT-FOR-US: Siemens
 CVE-2022-30543
 	RESERVED
 CVE-2022-29485 (Cross-site scripting vulnerability in SHIRASAGI v1.0.0 to v1.14.2, and ...)
@@ -49270,7 +49270,7 @@ CVE-2022-27916
 CVE-2022-27915
 	RESERVED
 CVE-2022-27914 (An issue was discovered in Joomla! 4.0.0 through 4.2.4. Inadequate fil ...)
-	TODO: check
+	NOT-FOR-US: Joomla!
 CVE-2022-27913 (An issue was discovered in Joomla! 4.2.0 through 4.2.3. Inadequate fil ...)
 	NOT-FOR-US: Joomla!
 CVE-2022-27912 (An issue was discovered in Joomla! 4.0.0 through 4.2.3. Sites with pub ...)
@@ -49474,13 +49474,13 @@ CVE-2022-27860 (Cross-Site Request Forgery (CSRF) leading to Cross-Site Scriptin
 CVE-2022-27859 (Multiple Authenticated (contributor or higher user role) Stored Cross- ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-27858 (CSV Injection vulnerability in Activity Log Team Activity Log <= 2. ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-27857
 	RESERVED
 CVE-2022-27856
 	RESERVED
 CVE-2022-27855 (Cross-Site Request Forgery (CSRF) vulnerability in Fatcat Apps Analyti ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-27854 (Stored Cross-Site Scripting (XSS) vulnerability in Alexander Ustimenko ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-27853 (Authenticated (author or higher role) Stored Cross-Site Scripting (XSS ...)
@@ -62343,7 +62343,7 @@ CVE-2022-23740
 CVE-2022-23739
 	RESERVED
 CVE-2022-23738 (An improper cache key vulnerability was identified in GitHub Enterpris ...)
-	TODO: check
+	NOT-FOR-US: GitHub Enterprise Server
 CVE-2022-23737
 	RESERVED
 CVE-2022-23736
@@ -88144,7 +88144,7 @@ CVE-2021-40305
 CVE-2021-40304
 	RESERVED
 CVE-2021-40303 (perfex crm 1.10 is vulnerable to Cross Site Scripting (XSS) via /clien ...)
-	TODO: check
+	NOT-FOR-US: perfex crm
 CVE-2021-40302
 	RESERVED
 CVE-2021-40301



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9b5637962a10238881f57af60b4869910686ac04

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9b5637962a10238881f57af60b4869910686ac04
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221108/bf8b5c35/attachment.htm>

More information about the debian-security-tracker-commits mailing list