[Git][security-tracker-team/security-tracker][master] Process NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Nov 22 09:49:25 GMT 2022 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
de1d3186 by Salvatore Bonaccorso at 2022-11-22T10:48:55+01:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -13035,9 +13035,9 @@ CVE-2022-41939 (knative.dev/func is is a client library and CLI enabling the dev
 CVE-2022-41938 (Flarum is an open source discussion platform. Flarum's page title syst ...)
 	NOT-FOR-US: Flarum
 CVE-2022-41937 (XWiki Platform is a generic wiki platform offering runtime services fo ...)
-	TODO: check
+	NOT-FOR-US: XWiki
 CVE-2022-41936 (XWiki Platform is a generic wiki platform offering runtime services fo ...)
-	TODO: check
+	NOT-FOR-US: XWiki
 CVE-2022-41935
 	RESERVED
 CVE-2022-41934
@@ -14642,7 +14642,7 @@ CVE-2022-3283 (A potential DOS vulnerability was discovered in GitLab CE/EE affe
 CVE-2022-3282 (The Drag and Drop Multiple File Upload WordPress plugin before 1.3.6.5 ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-41326 (The web conferencing component of Mitel MiCollab through 9.6.0.13 coul ...)
-	TODO: check
+	NOT-FOR-US: Mitel
 CVE-2022-41325
 	RESERVED
 CVE-2022-41324
@@ -14863,7 +14863,7 @@ CVE-2022-41257
 CVE-2022-41256
 	RESERVED
 CVE-2022-41223 (The Director database component of MiVoice Connect through 19.3 (22.22 ...)
-	TODO: check
+	NOT-FOR-US: Mitel
 CVE-2022-41221
 	RESERVED
 CVE-2022-40224
@@ -15377,7 +15377,7 @@ CVE-2022-41032 (NuGet Client Elevation of Privilege Vulnerability. ...)
 CVE-2022-41031 (Microsoft Word Remote Code Execution Vulnerability. ...)
 	NOT-FOR-US: Microsoft
 CVE-2022-40129 (A use-after-free vulnerability exists in the JavaScript engine of Foxi ...)
-	TODO: check
+	NOT-FOR-US: Foxit
 CVE-2022-41030
 	RESERVED
 CVE-2022-41029
@@ -15797,7 +15797,7 @@ CVE-2022-40844 (In Tenda (Shenzhen Tenda Technology Co., Ltd) AC1200 Router mode
 CVE-2022-40843 (The Tenda AC1200 V-W15Ev2 V15.11.0.10(1576) router is vulnerable to im ...)
 	NOT-FOR-US: Tenda
 CVE-2022-40842 (ndk design NdkAdvancedCustomizationFields 3.5.0 is vulnerable to Serve ...)
-	TODO: check
+	NOT-FOR-US: NdkAdvancedCustomizationFields
 CVE-2022-40841
 	RESERVED
 CVE-2022-40840 (ndk design NdkAdvancedCustomizationFields 3.5.0 is vulnerable to Cross ...)
@@ -15954,7 +15954,7 @@ CVE-2022-40767
 CVE-2022-40766 (Modern Campus Omni CMS (formerly OU Campus) 10.2.4 allows login-page S ...)
 	NOT-FOR-US: Modern Campus Omni CMS (formerly OU Campus)
 CVE-2022-40765 (A vulnerability in the Edge Gateway component of Mitel MiVoice Connect ...)
-	TODO: check
+	NOT-FOR-US: Mitel
 CVE-2022-40764 (Snyk CLI before 1.996.0 allows arbitrary command execution, affecting  ...)
 	NOT-FOR-US: Snyk CLI
 CVE-2022-3236 (A code injection vulnerability in the User Portal and Webadmin allows  ...)
@@ -16322,11 +16322,11 @@ CVE-2022-40634 (Improper Control of Dynamically-Managed Code Resources vulnerabi
 CVE-2022-40631 (A vulnerability has been identified in SCALANCE X200-4P IRT (All versi ...)
 	NOT-FOR-US: Siemens
 CVE-2022-38097 (A use-after-free vulnerability exists in the JavaScript engine of Foxi ...)
-	TODO: check
+	NOT-FOR-US: Foxit
 CVE-2022-37332 (A use-after-free vulnerability exists in the JavaScript engine of Foxi ...)
-	TODO: check
+	NOT-FOR-US: Foxit
 CVE-2022-32774 (A use-after-free vulnerability exists in the JavaScript engine of Foxi ...)
-	TODO: check
+	NOT-FOR-US: Foxit
 CVE-2022-3209 (The soledad WordPress theme before 8.2.5 does not sanitise the {id,dat ...)
 	NOT-FOR-US: WordPress theme
 CVE-2022-3208 (The Simple File List WordPress plugin before 4.4.12 does not implement ...)
@@ -16471,7 +16471,7 @@ CVE-2022-40604 (In Apache Airflow 2.3.0 through 2.3.4, part of a url was unneces
 CVE-2022-40603
 	RESERVED
 CVE-2022-40602 (A flaw in the Zyxel LTE3301-M209 firmware verisons prior to V1.00(ABLG ...)
-	TODO: check
+	NOT-FOR-US: Zyxel
 CVE-2022-40601
 	RESERVED
 CVE-2022-40600
@@ -16758,7 +16758,7 @@ CVE-2022-40472 (ZKTeco Xiamen Information Technology ZKBio Time 8.0.7 Build: 202
 CVE-2022-40471 (Remote Code Execution in Clinic's Patient Management System v 1.0 allo ...)
 	NOT-FOR-US: Clinic's Patient Management System
 CVE-2022-40470 (Phpgurukul Blood Donor Management System 1.0 allows Cross Site Scripti ...)
-	TODO: check
+	NOT-FOR-US: Phpgurukul Blood Donor Management System
 CVE-2022-40469 (iKuai OS v3.6.7 was discovered to contain an authenticated remote code ...)
 	NOT-FOR-US: iKuai8
 CVE-2022-40468 (Potential leak of left-over heap data if custom error page templates c ...)
@@ -23609,7 +23609,7 @@ CVE-2022-37933
 CVE-2022-37932
 	RESERVED
 CVE-2022-37931 (A vulnerability in NetBatch-Plus software allows unauthorized access t ...)
-	TODO: check
+	NOT-FOR-US: HPE
 CVE-2022-37930 (A security vulnerability has been identified in HPE Nimble Storage Hyb ...)
 	NOT-FOR-US: HPE
 CVE-2022-37929 (Improper Privilege Management vulnerability in Hewlett Packard Enterpr ...)
@@ -26055,7 +26055,7 @@ CVE-2022-37020
 CVE-2022-37019
 	RESERVED
 CVE-2022-37018 (A potential vulnerability has been identified in the system BIOS for c ...)
-	TODO: check
+	NOT-FOR-US: HPE
 CVE-2022-37017
 	RESERVED
 CVE-2022-37016



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/de1d31865d7faf2e18d6e501e90d6bb1afff21de

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/de1d31865d7faf2e18d6e501e90d6bb1afff21de
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221122/23939bde/attachment.htm>

More information about the debian-security-tracker-commits mailing list