[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Nov 10 20:53:43 GMT 2022 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
6c8a573e by Salvatore Bonaccorso at 2022-11-10T21:53:17+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -18101,11 +18101,11 @@ CVE-2022-39040
 CVE-2022-39039
 	RESERVED
 CVE-2022-39038 (Agentflow BPM enterprise management system has improper authentication ...)
-	TODO: check
+	NOT-FOR-US: Agentflow BPM enterprise management system
 CVE-2022-39037 (Agentflow BPM file download function has a path traversal vulnerabilit ...)
-	TODO: check
+	NOT-FOR-US: Agentflow BPM file download function
 CVE-2022-39036 (The file upload function of Agentflow BPM has insufficient filtering f ...)
-	TODO: check
+	NOT-FOR-US: Agentflow BPM
 CVE-2022-39035 (Smart eVision has insufficient filtering for special characters in the ...)
 	NOT-FOR-US: Smart eVision
 CVE-2022-39034 (Smart eVision has a path traversal vulnerability in the Report API fun ...)
@@ -21009,13 +21009,13 @@ CVE-2022-38124
 CVE-2022-38123
 	RESERVED
 CVE-2022-38122 (UPSMON PRO transmits sensitive data in cleartext over HTTP protocol. A ...)
-	TODO: check
+	NOT-FOR-US: UPSMON PRO
 CVE-2022-38121 (UPSMON PRO configuration file stores user password in plaintext under  ...)
-	TODO: check
+	NOT-FOR-US: UPSMON PRO
 CVE-2022-38120 (UPSMON PRO’s has a path traversal vulnerability. A remote attack ...)
-	TODO: check
+	NOT-FOR-US: UPSMON PRO
 CVE-2022-38119 (UPSMON Pro login function has insufficient authentication. An unauthen ...)
-	TODO: check
+	NOT-FOR-US: UPSMON PRO
 CVE-2022-38118 (OAKlouds Portal website’s Meeting Room has insufficient validati ...)
 	NOT-FOR-US: OAKlouds
 CVE-2022-38117 (Juiker app hard-coded its AES key in the source code. A physical attac ...)
@@ -21310,7 +21310,7 @@ CVE-2022-38025 (Windows Distributed File System (DFS) Information Disclosure Vul
 CVE-2022-38024
 	RESERVED
 CVE-2022-38023 (Netlogon RPC Elevation of Privilege Vulnerability. ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2022-38022 (Windows Kernel Elevation of Privilege Vulnerability. This CVE ID is un ...)
 	NOT-FOR-US: Microsoft
 CVE-2022-38021 (Connected User Experiences and Telemetry Elevation of Privilege Vulner ...)
@@ -21326,9 +21326,9 @@ CVE-2022-38017 (StorSimple 8000 Series Elevation of Privilege Vulnerability. ...
 CVE-2022-38016 (Windows Local Security Authority (LSA) Elevation of Privilege Vulnerab ...)
 	NOT-FOR-US: Microsoft
 CVE-2022-38015 (Windows Hyper-V Denial of Service Vulnerability. ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2022-38014 (Windows Subsystem for Linux (WSL2) Kernel Elevation of Privilege Vulne ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2022-38013 (.NET Core and Visual Studio Denial of Service Vulnerability. ...)
 	NOT-FOR-US: Microsoft
 CVE-2022-38012 (Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability. ...)
@@ -21372,7 +21372,7 @@ CVE-2022-37994 (Windows Group Policy Preference Client Elevation of Privilege Vu
 CVE-2022-37993 (Windows Group Policy Preference Client Elevation of Privilege Vulnerab ...)
 	NOT-FOR-US: Microsoft
 CVE-2022-37992 (Windows Group Policy Elevation of Privilege Vulnerability. This CVE ID ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2022-37991 (Windows Kernel Elevation of Privilege Vulnerability. This CVE ID is un ...)
 	NOT-FOR-US: Microsoft
 CVE-2022-37990 (Windows Kernel Elevation of Privilege Vulnerability. This CVE ID is un ...)
@@ -21422,9 +21422,9 @@ CVE-2022-37969 (Windows Common Log File System Driver Elevation of Privilege Vul
 CVE-2022-37968 (Azure Arc-enabled Kubernetes cluster Connect Elevation of Privilege Vu ...)
 	NOT-FOR-US: Microsoft
 CVE-2022-37967 (Windows Kerberos Elevation of Privilege Vulnerability. ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2022-37966 (Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability. ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2022-37965 (Windows Point-to-Point Tunneling Protocol Denial of Service Vulnerabil ...)
 	NOT-FOR-US: Microsoft
 CVE-2022-37964 (Windows Kernel Elevation of Privilege Vulnerability. This CVE ID is un ...)
@@ -34621,7 +34621,7 @@ CVE-2022-32959 (HiCOS’ client-side citizen digital certificate component h
 CVE-2022-32958 (A remote attacker with general user privilege can send a message to Te ...)
 	NOT-FOR-US: TeamPlus Pro
 CVE-2022-32588 (An out-of-bounds write vulnerability exists in the PICT parsing pctwre ...)
-	TODO: check
+	NOT-FOR-US: Accusoft ImageGear
 CVE-2022-32281
 	RESERVED
 CVE-2022-2053 (When a POST request comes through AJP and the request exceeds the max- ...)
@@ -38172,15 +38172,15 @@ CVE-2022-31691 (Spring Tools 4 for Eclipse version 4.16.0 and below as well as V
 CVE-2022-31690 (Spring Security, versions 5.7 prior to 5.7.5, and 5.6 prior to 5.6.9,  ...)
 	TODO: check
 CVE-2022-31689 (VMware Workspace ONE Assist prior to 22.10 contains a Session fixation ...)
-	TODO: check
+	NOT-FOR-US: VMware
 CVE-2022-31688 (VMware Workspace ONE Assist prior to 22.10 contains a Reflected cross- ...)
-	TODO: check
+	NOT-FOR-US: VMware
 CVE-2022-31687 (VMware Workspace ONE Assist prior to 22.10 contains a Broken Access Co ...)
-	TODO: check
+	NOT-FOR-US: VMware
 CVE-2022-31686 (VMware Workspace ONE Assist prior to 22.10 contains a Broken Authentic ...)
-	TODO: check
+	NOT-FOR-US: VMware
 CVE-2022-31685 (VMware Workspace ONE Assist prior to 22.10 contains an Authentication  ...)
-	TODO: check
+	NOT-FOR-US: VMware
 CVE-2022-31684 (Reactor Netty HTTP Server, in versions 1.0.11 - 1.0.23, may log reques ...)
 	TODO: check
 CVE-2022-31683
@@ -40557,9 +40557,9 @@ CVE-2022-30710 (Improper validation vulnerability in RemoteViews prior to SMR Ju
 CVE-2022-30709 (Improper input validation check logic vulnerability in SECRIL prior to ...)
 	NOT-FOR-US: Samsung
 CVE-2022-29888 (A leftover debug code vulnerability exists in the httpd port 4444 uplo ...)
-	TODO: check
+	NOT-FOR-US: InHand Networks InRouter302
 CVE-2022-25932 (The firmware of InHand Networks InRouter302 V3.5.45 introduces fixes f ...)
-	TODO: check
+	NOT-FOR-US: InHand Networks InRouter302
 CVE-2022-1736
 	RESERVED
 	- gnome-remote-desktop 42.1.1-2 (unimportant)
@@ -41083,15 +41083,15 @@ CVE-2022-30695 (Local privilege escalation due to excessive permissions assigned
 CVE-2022-30694 (A vulnerability has been identified in SIMATIC Drive Controller family ...)
 	NOT-FOR-US: Siemens
 CVE-2022-30543 (A leftover debug code vulnerability exists in the console infct functi ...)
-	TODO: check
+	NOT-FOR-US: InHand Networks InRouter302
 CVE-2022-29485 (Cross-site scripting vulnerability in SHIRASAGI v1.0.0 to v1.14.2, and ...)
 	NOT-FOR-US: SHIRASAGI
 CVE-2022-29481 (A leftover debug code vulnerability exists in the console nvram functi ...)
-	TODO: check
+	NOT-FOR-US: InHand Networks InRouter302
 CVE-2022-28689 (A leftover debug code vulnerability exists in the console support func ...)
-	TODO: check
+	NOT-FOR-US: InHand Networks InRouter302
 CVE-2022-26023 (A leftover debug code vulnerability exists in the console verify funct ...)
-	TODO: check
+	NOT-FOR-US: InHand Networks InRouter302
 CVE-2022-1715 (Account Takeover in GitHub repository neorazorx/facturascripts prior t ...)
 	NOT-FOR-US: neorazorx/facturascripts
 CVE-2022-1714 (Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prio ...)
@@ -43742,7 +43742,7 @@ CVE-2022-29838
 CVE-2022-29837
 	RESERVED
 CVE-2022-29836 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
-	TODO: check
+	NOT-FOR-US: Western Digital
 CVE-2022-29835 (WD Discovery software executable files were signed with an unsafe SHA- ...)
 	NOT-FOR-US: WD Discovery software
 CVE-2022-29834 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
@@ -68374,7 +68374,7 @@ CVE-2022-0033
 CVE-2022-0032
 	RESERVED
 CVE-2022-0031 (A local privilege escalation (PE) vulnerability in the Palo Alto Netwo ...)
-	TODO: check
+	NOT-FOR-US: Palo Alto Networks
 CVE-2022-0030 (An authentication bypass vulnerability in the Palo Alto Networks PAN-O ...)
 	NOT-FOR-US: Palo Alto Networks
 CVE-2022-0029 (An improper link resolution vulnerability in the Palo Alto Networks Co ...)
@@ -88441,7 +88441,7 @@ CVE-2021-40291
 CVE-2021-40290
 	RESERVED
 CVE-2021-40289 (mm-wki v0.2.1 is vulnerable to Cross Site Scripting (XSS). ...)
-	TODO: check
+	NOT-FOR-US: mm-wki
 CVE-2021-40288 (A denial-of-service attack in WPA2, and WPA3-SAE authentication method ...)
 	NOT-FOR-US: TP-Link
 CVE-2021-40287
@@ -102496,11 +102496,11 @@ CVE-2021-34581 (Missing Release of Resource after Effective Lifetime vulnerabili
 CVE-2021-34580 (In mymbCONNECT24, mbCONNECT24 <= 2.9.0 an unauthenticated user can  ...)
 	NOT-FOR-US: MB connect line
 CVE-2021-34579 (In Phoenix Contact: FL MGUARD DM version 1.12.0 and 1.13.0 access to t ...)
-	TODO: check
+	NOT-FOR-US: Phoenix Contact
 CVE-2021-34578 (This vulnerability allows an attacker who has access to the WBM to rea ...)
 	NOT-FOR-US: WAGO
 CVE-2021-34577 (In the Kaden PICOFLUX AiR water meter an adversary can read the values ...)
-	TODO: check
+	NOT-FOR-US: Kaden PICOFLUX AiR water meter
 CVE-2021-34576 (In Kaden PICOFLUX Air in all known versions an information exposure th ...)
 	NOT-FOR-US: Kaden PICOFLUX Air
 CVE-2021-34575 (In MB connect line mymbCONNECT24, mbCONNECT24 in versions <= 2.8.0  ...)
@@ -102516,13 +102516,13 @@ CVE-2021-34571 (Multiple Wireless M-Bus devices by Enbra use Hard-coded Credenti
 CVE-2021-34570 (Multiple Phoenix Contact PLCnext control devices in versions prior to  ...)
 	NOT-FOR-US: Phoenix Contact PLCnext control devices
 CVE-2021-34569 (In WAGO I/O-Check Service in multiple products an attacker can send a  ...)
-	TODO: check
+	NOT-FOR-US: WAGO
 CVE-2021-34568 (In WAGO I/O-Check Service in multiple products an unauthenticated remo ...)
-	TODO: check
+	NOT-FOR-US: WAGO
 CVE-2021-34567 (In WAGO I/O-Check Service in multiple products an unauthenticated remo ...)
-	TODO: check
+	NOT-FOR-US: WAGO
 CVE-2021-34566 (In WAGO I/O-Check Service in multiple products an unauthenticated remo ...)
-	TODO: check
+	NOT-FOR-US: WAGO
 CVE-2021-34565 (In PEPPERL+FUCHS WirelessHART-Gateway 3.0.7 to 3.0.9 the SSH and telne ...)
 	NOT-FOR-US: PEPPERL+FUCHS WirelessHART-Gateway
 CVE-2021-34564 (Any cookie-stealing vulnerabilities within the application or browser  ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6c8a573e5b47a977cb048dc4f3936e7013232ca8

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6c8a573e5b47a977cb048dc4f3936e7013232ca8
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221110/91097865/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list