[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Nov 22 21:29:20 GMT 2022 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
b853d3b0 by Salvatore Bonaccorso at 2022-11-22T22:28:33+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -13058,7 +13058,7 @@ CVE-2022-41952 (Synapse before 1.52.0 with URL preview functionality enabled wil
 CVE-2022-41951
 	RESERVED
 CVE-2022-41950 (super-xray is the GUI alternative for vulnerability scanning tool xray ...)
-	TODO: check
+	NOT-FOR-US: super-xray
 CVE-2022-41949
 	RESERVED
 CVE-2022-41948
@@ -13068,13 +13068,13 @@ CVE-2022-41947
 CVE-2022-41946
 	RESERVED
 CVE-2022-41945 (super-xray is a vulnerability scanner (xray) GUI launcher. In version  ...)
-	TODO: check
+	NOT-FOR-US: super-xray
 CVE-2022-41944
 	RESERVED
 CVE-2022-41943 (sourcegraph is a code intelligence platform. As a site admin it was po ...)
-	TODO: check
+	NOT-FOR-US: Sourcegraph
 CVE-2022-41942 (Sourcegraph is a code intelligence platform. In versions prior to 4.1. ...)
-	TODO: check
+	NOT-FOR-US: Sourcegraph
 CVE-2022-41941
 	RESERVED
 CVE-2022-41940 (Engine.IO is the implementation of transport-based cross-browser/cross ...)
@@ -20174,15 +20174,15 @@ CVE-2022-39072
 CVE-2022-39071
 	RESERVED
 CVE-2022-39070 (There is an access control vulnerability in some ZTE PON OLT products. ...)
-	TODO: check
+	NOT-FOR-US: ZTE
 CVE-2022-39069 (There is a SQL injection vulnerability in ZTE ZAIP-AIE. Due to lack of ...)
 	NOT-FOR-US: ZTE
 CVE-2022-39068
 	RESERVED
 CVE-2022-39067 (There is a buffer overflow vulnerability in ZTE MF286R. Due to lack of ...)
-	TODO: check
+	NOT-FOR-US: ZTE
 CVE-2022-39066 (There is a SQL injection vulnerability in ZTE MF286R. Due to insuffici ...)
-	TODO: check
+	NOT-FOR-US: ZTE
 CVE-2022-39065 (A single malformed IEEE 802.15.4 (Zigbee) frame makes the TRÅDFRI ...)
 	NOT-FOR-US: Ikea
 CVE-2022-39064 (An attacker sending a single malformed IEEE 802.15.4 (Zigbee) frame ma ...)
@@ -22056,7 +22056,7 @@ CVE-2022-38464
 CVE-2022-38463 (ServiceNow through San Diego Patch 4b and Patch 6 allows reflected XSS ...)
 	NOT-FOR-US: ServiceNow
 CVE-2022-38462 (Silverstripe silverstripe/framework through 4.11 is vulnerable to XSS  ...)
-	TODO: check
+	NOT-FOR-US: SilverStripe CMS
 CVE-2022-38450 (Adobe Acrobat Reader versions 22.002.20212 (and earlier) and 20.005.30 ...)
 	NOT-FOR-US: Adobe
 CVE-2022-38449 (Adobe Acrobat Reader versions 22.002.20212 (and earlier) and 20.005.30 ...)
@@ -23140,11 +23140,11 @@ CVE-2022-38151
 CVE-2022-38149 (HashiCorp Consul Template up to 0.27.2, 0.28.2, and 0.29.1 may expose  ...)
 	NOT-FOR-US: Consul Template
 CVE-2022-38148 (Silverstripe silverstripe/framework through 4.11 allows SQL Injection. ...)
-	TODO: check
+	NOT-FOR-US: SilverStripe CMS
 CVE-2022-38147
 	RESERVED
 CVE-2022-38146 (Silverstripe silverstripe/framework through 4.11 allows XSS (issue 2 o ...)
-	TODO: check
+	NOT-FOR-US: SilverStripe CMS
 CVE-2022-38145
 	RESERVED
 CVE-2022-38133 (In JetBrains TeamCity before 2022.04.3 the private SSH key could be wr ...)
@@ -30240,7 +30240,7 @@ CVE-2022-35409 (An issue was discovered in Mbed TLS before 2.28.1 and 3.x before
 CVE-2022-35408 (An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5. ...)
 	NOT-FOR-US: Insyde
 CVE-2022-35407 (An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5. ...)
-	TODO: check
+	NOT-FOR-US: Insyde
 CVE-2022-35406 (A URL disclosure issue was discovered in Burp Suite before 2022.6. If  ...)
 	- burpsuite <itp> (bug #832943)
 CVE-2022-35405 (Zoho ManageEngine Password Manager Pro before 12101 and PAM360 before  ...)
@@ -36615,7 +36615,7 @@ CVE-2022-33014
 CVE-2022-33013
 	RESERVED
 CVE-2022-33012 (Microweber v1.2.15 was discovered to allow attackers to perform an acc ...)
-	TODO: check
+	NOT-FOR-US: microweber
 CVE-2022-33011 (Known v1.3.1+2020120201 was discovered to allow attackers to perform a ...)
 	NOT-FOR-US: Known
 CVE-2022-33010
@@ -44769,9 +44769,9 @@ CVE-2022-1585 (The Project Source Code Download WordPress plugin through 1.0.0 d
 CVE-2022-30259
 	RESERVED
 CVE-2022-30258 (An issue was discovered in Technitium DNS Server through 8.0.2 that al ...)
-	TODO: check
+	NOT-FOR-US: Technitium DNS Server
 CVE-2022-30257 (An issue was discovered in Technitium DNS Server through 8.0.2 that al ...)
-	TODO: check
+	NOT-FOR-US: Technitium DNS Server
 CVE-2022-30256 (An issue was discovered in MaraDNS Deadwood through 3.5.0021 that allo ...)
 	- maradns <unfixed>
 	NOTE: https://maradns.samiam.org/security.html#CVE-2022-30256
@@ -52878,7 +52878,7 @@ CVE-2022-1040 (An authentication bypass vulnerability in the User Portal and Web
 CVE-2022-1039 (The weak password on the web user interface can be exploited via HTTP  ...)
 	NOT-FOR-US: Red Lion
 CVE-2022-1038 (A potential security vulnerability has been identified in the HP Jumps ...)
-	TODO: check
+	NOT-FOR-US: HP
 CVE-2022-27492 (An integer underflow in WhatsApp could have caused remote code executi ...)
 	NOT-FOR-US: WhatsApp
 CVE-2022-27491 (A improper verification of source of a communication channel in Fortin ...)
@@ -81835,7 +81835,7 @@ CVE-2021-3921 (firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF) ..
 CVE-2021-3920 (grav-plugin-admin is vulnerable to Improper Neutralization of Input Du ...)
 	NOT-FOR-US: Grav CMS
 CVE-2021-3919 (A potential security vulnerability has been identified in OMEN Gaming  ...)
-	TODO: check
+	NOT-FOR-US: HP
 CVE-2021-43203 (In JetBrains Ktor before 1.6.4, nonce verification during the OAuth2 a ...)
 	NOT-FOR-US: JetBrains Ktor
 CVE-2021-43202 (In JetBrains TeamCity before 2021.1.3, the X-Frame-Options header is m ...)
@@ -87427,7 +87427,7 @@ CVE-2021-41526
 CVE-2021-41525 (An issue related to modification of otherwise restricted files through ...)
 	NOT-FOR-US: FlexNet
 CVE-2021-3821 (A potential security vulnerability has been identified for certain HP  ...)
-	TODO: check
+	NOT-FOR-US: HP
 CVE-2021-3820 (inflect is vulnerable to Inefficient Regular Expression Complexity ...)
 	NOT-FOR-US: Nodejs inflect
 	NOTE: https://github.com/pksunkara/inflect
@@ -98017,7 +98017,7 @@ CVE-2021-3663 (firefly-iii is vulnerable to Improper Restriction of Excessive Au
 CVE-2021-3662 (Certain HP Enterprise LaserJet and PageWide MFPs may be vulnerable to  ...)
 	NOT-FOR-US: HP
 CVE-2021-3661 (A potential security vulnerability has been identified in certain HP W ...)
-	TODO: check
+	NOT-FOR-US: HP
 CVE-2021-37403 (OX App Suite before 7.10.3-rev32 and 7.10.4 before 7.10.4-rev18 allows ...)
 	NOT-FOR-US: OX App Suite
 CVE-2021-37402 (OX App Suite before 7.10.3-rev32 and 7.10.4 before 7.10.4-rev18 allows ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b853d3b0105df3545b02f3e7247a25dcc5981780

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b853d3b0105df3545b02f3e7247a25dcc5981780
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221122/9d88087b/attachment.htm>

More information about the debian-security-tracker-commits mailing list