[Git][security-tracker-team/security-tracker][master] Process some NFUs

Thu Nov 10 09:56:17 GMT 2022


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
ac776cb5 by Salvatore Bonaccorso at 2022-11-10T10:55:49+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -2484,7 +2484,7 @@ CVE-2022-44592
 CVE-2022-44591
 	RESERVED
 CVE-2022-44590 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-44589
 	RESERVED
 CVE-2022-44588
@@ -2596,41 +2596,41 @@ CVE-2022-3786 (A buffer overrun can be triggered in X.509 certificate verificati
 	NOTE: https://www.openssl.org/blog/blog/2022/11/01/email-address-overflows/
 	NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=c42165b5706e42f67ef8ef4c351a9a4c5d21639a (openssl-3.0.7)
 CVE-2022-44563 (There is a race condition vulnerability in SD upgrade mode. Successful ...)
-	TODO: check
+	NOT-FOR-US: Hauwei
 CVE-2022-44562 (The system framework layer has a vulnerability of serialization/deseri ...)
-	TODO: check
+	NOT-FOR-US: Hauwei
 CVE-2022-44561 (The preset launcher module has a permission verification vulnerability ...)
-	TODO: check
+	NOT-FOR-US: Hauwei
 CVE-2022-44560 (The launcher module has an Intent redirection vulnerability. Successfu ...)
-	TODO: check
+	NOT-FOR-US: Hauwei
 CVE-2022-44559 (The AMS module has a vulnerability of serialization/deserialization mi ...)
-	TODO: check
+	NOT-FOR-US: Hauwei
 CVE-2022-44558 (The AMS module has a vulnerability of serialization/deserialization mi ...)
-	TODO: check
+	NOT-FOR-US: Hauwei
 CVE-2022-44557 (The SmartTrimProcessEvent module has a vulnerability of obtaining the  ...)
-	TODO: check
+	NOT-FOR-US: Hauwei
 CVE-2022-44556 (Missing parameter type validation in the DRM module. Successful exploi ...)
 	NOT-FOR-US: Huawei
 CVE-2022-44555 (The DDMP/ODMF module has a service hijacking vulnerability. Successful ...)
-	TODO: check
+	NOT-FOR-US: Hauwei
 CVE-2022-44554 (The power module has a vulnerability in permission verification. Succe ...)
-	TODO: check
+	NOT-FOR-US: Hauwei
 CVE-2022-44553 (The HiView module has a vulnerability of not filtering third-party app ...)
-	TODO: check
+	NOT-FOR-US: Hauwei
 CVE-2022-44552 (The lock screen module has defects introduced in the design process. S ...)
-	TODO: check
+	NOT-FOR-US: Hauwei
 CVE-2022-44551 (The iaware module has a vulnerability in thread security. Successful e ...)
-	TODO: check
+	NOT-FOR-US: Hauwei
 CVE-2022-44550 (The graphics display module has a UAF vulnerability when traversing gr ...)
-	TODO: check
+	NOT-FOR-US: Hauwei
 CVE-2022-44549 (The LBS module has a vulnerability in geofencing API access. Successfu ...)
-	TODO: check
+	NOT-FOR-US: Hauwei
 CVE-2022-44548 (There is a vulnerability in permission verification during the Bluetoo ...)
-	TODO: check
+	NOT-FOR-US: Hauwei
 CVE-2022-44547 (The Display Service module has a UAF vulnerability. Successful exploit ...)
-	TODO: check
+	NOT-FOR-US: Hauwei
 CVE-2022-44546 (The kernel module has the vulnerability that the mapping is not cleare ...)
-	TODO: check
+	NOT-FOR-US: Hauwei
 CVE-2022-44545
 	RESERVED
 CVE-2022-44544 (Mahara 21.04 before 21.04.7, 21.10 before 21.10.5, 22.04 before 22.04. ...)
@@ -2670,9 +2670,9 @@ CVE-2022-3782
 CVE-2022-3781 (Dashlane password and Keepass Server password in My Account Settings a ...)
 	NOT-FOR-US: Devolutions Remote Desktop Manager
 CVE-2021-46852 (The memory management module has the logic bypass vulnerability. Succe ...)
-	TODO: check
+	NOT-FOR-US: Hauwei
 CVE-2021-46851 (The DRM module has a vulnerability in verifying the secure memory attr ...)
-	TODO: check
+	NOT-FOR-US: Hauwei
 CVE-2022-44531
 	RESERVED
 CVE-2022-44530
@@ -3299,7 +3299,7 @@ CVE-2022-44246
 CVE-2022-44245
 	RESERVED
 CVE-2022-44244 (An authentication bypass in Lin-CMS v0.2.1 allows attackers to escalat ...)
-	TODO: check
+	NOT-FOR-US: Lin-CMS
 CVE-2022-44243
 	RESERVED
 CVE-2022-44242
@@ -7992,7 +7992,7 @@ CVE-2022-43060
 CVE-2022-43059
 	RESERVED
 CVE-2022-43058 (Online Diagnostic Lab Management System v1.0 was discovered to contain ...)
-	TODO: check
+	NOT-FOR-US: Online Diagnostic Lab Management System
 CVE-2022-43057
 	RESERVED
 CVE-2022-43056
@@ -8070,7 +8070,7 @@ CVE-2022-43033 (An issue was discovered in Bento4 1.6.0-639. There is a bad free
 CVE-2022-43032 (An issue was discovered in Bento4 v1.6.0-639. There is a memory leak i ...)
 	NOT-FOR-US: Bento4
 CVE-2022-43031 (DedeCMS v6.1.9 was discovered to contain a Cross-Site Request Forgery  ...)
-	TODO: check
+	NOT-FOR-US: DedeCMS
 CVE-2022-43030
 	RESERVED
 CVE-2022-43029 (Tenda TX3 US_TX3V1.0br_V16.03.13.11_multi_TDE01 was discovered to cont ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ac776cb57cc2892b2cfae33608e950ab123961bb

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ac776cb57cc2892b2cfae33608e950ab123961bb
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221110/f9d2cff1/attachment.htm>
