[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri Nov 11 08:17:09 GMT 2022 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
b178b126 by Salvatore Bonaccorso at 2022-11-11T09:16:30+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -6218,7 +6218,7 @@ CVE-2022-3704 (A vulnerability classified as problematic has been found in Ruby
 	NOTE: https://github.com/rails/rails/commit/be177e4566747b73ff63fd5f529fab564e475ed4
 	NOTE: https://github.com/rails/rails/issues/46244
 CVE-2022-3703 (All versions of ETIC Telecom Remote Access Server (RAS) 4.5.0 and prio ...)
-	TODO: check
+	NOT-FOR-US: ETIC Telecom Remote Access Server (RAS)
 CVE-2022-3702
 	RESERVED
 CVE-2022-3701
@@ -6955,7 +6955,7 @@ CVE-2022-42462
 CVE-2022-42461
 	RESERVED
 CVE-2022-42460 (Broken Access Control vulnerability leading to Stored Cross-Site Scrip ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-42459
 	RESERVED
 CVE-2022-41996 (Cross-Site Request Forgery (CSRF) vulnerability in ThemeFusion Avada p ...)
@@ -8043,7 +8043,7 @@ CVE-2022-43076 (A cross-site scripting (XSS) vulnerability in /admin/edit-admin.
 CVE-2022-43075
 	RESERVED
 CVE-2022-43074 (AyaCMS v3.1.2 was discovered to contain an arbitrary file upload vulne ...)
-	TODO: check
+	NOT-FOR-US: AyaCMS
 CVE-2022-43073
 	RESERVED
 CVE-2022-43072
@@ -11121,9 +11121,9 @@ CVE-2022-41881
 CVE-2022-41880
 	RESERVED
 CVE-2022-41879 (Parse Server is an open source backend that can be deployed to any inf ...)
-	TODO: check
+	NOT-FOR-US: Node parse-server
 CVE-2022-41878 (Parse Server is an open source backend that can be deployed to any inf ...)
-	TODO: check
+	NOT-FOR-US: Node parse-server
 CVE-2022-41877
 	RESERVED
 CVE-2022-41876 (ezplatform-graphql is a GraphQL server implementation for Ibexa DXP an ...)
@@ -11133,7 +11133,7 @@ CVE-2022-41875
 CVE-2022-41874 (Tauri is a framework for building binaries for all major desktop platf ...)
 	NOT-FOR-US: Tauri
 CVE-2022-41873 (Contiki-NG is an open-source, cross-platform operating system for Next ...)
-	TODO: check
+	NOT-FOR-US: Contiki-NG
 CVE-2022-41872
 	RESERVED
 CVE-2022-41871
@@ -11393,13 +11393,13 @@ CVE-2022-41627 (The physical IoT device of the AliveCor's KardiaMobile, a smartp
 CVE-2022-41613
 	RESERVED
 CVE-2022-41607 (All versions of ETIC Telecom Remote Access Server (RAS) 4.5.0 and prio ...)
-	TODO: check
+	NOT-FOR-US: ETIC Telecom Remote Access Server (RAS)
 CVE-2022-41555 (The affected product DIAEnergie (versions prior to v1.9.01.002) is vul ...)
 	NOT-FOR-US: DIAEnergie
 CVE-2022-41133 (The affected product DIAEnergie (versions prior to v1.9.01.002) is vul ...)
 	NOT-FOR-US: DIAEnergie
 CVE-2022-40981 (All versions of ETIC Telecom Remote Access Server (RAS) 4.5.0 and prio ...)
-	TODO: check
+	NOT-FOR-US: ETIC Telecom Remote Access Server (RAS)
 CVE-2022-40967 (The affected product DIAEnergie (versions prior to v1.9.01.002) is vul ...)
 	NOT-FOR-US: DIAEnergie
 CVE-2022-40965 (The affected product DIAEnergie (versions prior to v1.9.01.002) is vul ...)
@@ -17159,11 +17159,11 @@ CVE-2022-39396 (Parse Server is an open source backend that can be deployed to a
 CVE-2022-39395 (Vela is a Pipeline Automation (CI/CD) framework built on Linux contain ...)
 	TODO: check
 CVE-2022-39394 (Wasmtime is a standalone runtime for WebAssembly. Prior to version 2.0 ...)
-	TODO: check
+	NOT-FOR-US: wasmtime
 CVE-2022-39393 (Wasmtime is a standalone runtime for WebAssembly. Prior to version 2.0 ...)
-	TODO: check
+	NOT-FOR-US: wasmtime
 CVE-2022-39392 (Wasmtime is a standalone runtime for WebAssembly. Prior to version 2.0 ...)
-	TODO: check
+	NOT-FOR-US: wasmtime
 CVE-2022-39391
 	RESERVED
 CVE-2022-39390
@@ -17171,7 +17171,7 @@ CVE-2022-39390
 CVE-2022-39389
 	RESERVED
 CVE-2022-39388 (Istio is an open platform to connect, manage, and secure microservices ...)
-	TODO: check
+	NOT-FOR-US: Istio
 CVE-2022-39387 (XWiki OIDC has various tools to manipulate OpenID Connect protocol in  ...)
 	NOT-FOR-US: XWiki
 CVE-2022-39386 (@fastify/websocket provides WebSocket support for Fastify. Any applica ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b178b126b186265268c121ac6274eb84ea8d2c5f

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b178b126b186265268c121ac6274eb84ea8d2c5f
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221111/be62fa99/attachment.htm>

More information about the debian-security-tracker-commits mailing list