[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Sat Nov 12 09:10:34 GMT 2022 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
e093b29f by Salvatore Bonaccorso at 2022-11-12T10:10:08+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -23,7 +23,7 @@ CVE-2022-45184
 CVE-2022-45183
 	RESERVED
 CVE-2022-45182 (Pi-Star_DV_Dash (for Pi-Star DV) before 5aa194d mishandles the module  ...)
-	TODO: check
+	NOT-FOR-US: Pi-Star_DV_Dash (for Pi-Star DV)
 CVE-2022-45181
 	RESERVED
 CVE-2022-45180
@@ -6598,9 +6598,9 @@ CVE-2022-43674
 CVE-2022-43673
 	RESERVED
 CVE-2022-43672 (Zoho ManageEngine Password Manager Pro before 12122, PAM360 before 571 ...)
-	TODO: check
+	NOT-FOR-US: Zoho ManageEngine
 CVE-2022-43671 (Zoho ManageEngine Password Manager Pro before 12122, PAM360 before 571 ...)
-	TODO: check
+	NOT-FOR-US: Zoho ManageEngine
 CVE-2022-43670 (An improper neutralization of input during web page generation ('Cross ...)
 	NOT-FOR-US: Apache Sling
 CVE-2022-43667
@@ -12688,7 +12688,7 @@ CVE-2022-36368 (Multiple stored cross-site scripting vulnerabilities in the web
 CVE-2022-41340 (The secp256k1-js package before 1.1.0 for Node.js implements ECDSA wit ...)
 	NOT-FOR-US: Node secp256k1-js
 CVE-2022-41339 (In Zoho ManageEngine Mobile Device Manager Plus before 10.1.2207.5, th ...)
-	TODO: check
+	NOT-FOR-US: Zoho ManageEngine
 CVE-2022-41338
 	RESERVED
 CVE-2022-41337
@@ -14049,7 +14049,7 @@ CVE-2022-40775 (An issue was discovered in Bento4 through 1.6.0-639. A NULL poin
 CVE-2022-40774 (An issue was discovered in Bento4 through 1.6.0-639. There is a NULL p ...)
 	NOT-FOR-US: Bento4
 CVE-2022-40773 (Zoho ManageEngine ServiceDesk Plus MSP before 10609 and SupportCenter  ...)
-	TODO: check
+	NOT-FOR-US: Zoho ManageEngine
 CVE-2022-40772
 	RESERVED
 CVE-2022-40771
@@ -19505,9 +19505,9 @@ CVE-2022-38653
 CVE-2022-38652 (** UNSUPPORTED WHEN ASSIGNED ** A remote insecure deserialization vuln ...)
 	TODO: check
 CVE-2022-38651 (** UNSUPPORTED WHEN ASSIGNED ** A security filter misconfiguration exi ...)
-	TODO: check
+	NOT-FOR-US: VMware
 CVE-2022-38650 (** UNSUPPORTED WHEN ASSIGNED ** A remote unauthenticated insecure dese ...)
-	TODO: check
+	NOT-FOR-US: VMware
 CVE-2022-38649
 	RESERVED
 CVE-2022-38648 (Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XM ...)
@@ -55022,7 +55022,7 @@ CVE-2022-26090 (Improper access control vulnerability in SamsungContacts prior t
 CVE-2022-26089
 	RESERVED
 CVE-2022-26088 (An issue was discovered in BMC Remedy before 22.1. Email-based Inciden ...)
-	TODO: check
+	NOT-FOR-US: BMC Remedy
 CVE-2022-0761
 	RESERVED
 CVE-2022-0760 (The Simple Link Directory WordPress plugin before 7.7.2 does not valid ...)
@@ -72708,7 +72708,7 @@ CVE-2022-21812 (Improper access control in the Intel(R) HAXM software before ver
 CVE-2022-21804
 	RESERVED
 CVE-2022-21794 (Improper authentication in BIOS firmware for some Intel(R) NUC Boards, ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2022-21793 (Insufficient control flow management in the Intel(R) Ethernet 500 Seri ...)
 	NOT-FOR-US: Intel
 CVE-2022-21239
@@ -73902,7 +73902,7 @@ CVE-2021-26258 (Improper access control for the Intel(R) Killer(TM) Control Cent
 CVE-2021-26257 (Improper buffer restrictions in firmware for some Intel(R) Wireless Bl ...)
 	NOT-FOR-US: Intel
 CVE-2021-26251 (Improper input validation in the Intel(R) Distribution of OpenVINO(TM) ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2021-23223 (Improper initialization for some Intel(R) PROSet/Wireless WiFi and Kil ...)
 	- firmware-nonfree 20220913-1
 	[bullseye] - firmware-nonfree <no-dsa> (Non-free not supported)
@@ -106268,7 +106268,7 @@ CVE-2021-33166 (Incorrect default permissions for the Intel(R) RXT for Chromeboo
 CVE-2021-33165
 	RESERVED
 CVE-2021-33164 (Improper access control in BIOS firmware for some Intel(R) NUCs before ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2021-33163
 	RESERVED
 CVE-2021-33162
@@ -106278,7 +106278,7 @@ CVE-2021-33161
 CVE-2021-33160
 	RESERVED
 CVE-2021-33159 (Improper authentication in subsystem for Intel(R) AMT before versions  ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2021-33158
 	RESERVED
 CVE-2021-33157
@@ -106483,7 +106483,7 @@ CVE-2021-33066
 CVE-2021-33065
 	RESERVED
 CVE-2021-33064 (Uncontrolled search path in the software installer for Intel(R) System ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2021-33063 (Uncontrolled search path in the Intel(R) RealSense(TM) D400 Series UWP ...)
 	NOT-FOR-US: Intel
 CVE-2021-33062 (Incorrect default permissions in the software installer for the Intel( ...)
@@ -152204,7 +152204,7 @@ CVE-2021-0187
 CVE-2021-0186 (Improper input validation in the Intel(R) SGX SDK applications compile ...)
 	NOT-FOR-US: Intel
 CVE-2021-0185 (Improper input validation in the firmware for some Intel(R) Server Boa ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2021-0184
 	RESERVED
 CVE-2021-0183 (Improper Validation of Specified Index, Position, or Offset in Input i ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e093b29fa33673eeed17eb1af36bec117c13a263

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e093b29fa33673eeed17eb1af36bec117c13a263
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221112/51beafbe/attachment.htm>

More information about the debian-security-tracker-commits mailing list