[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Sat Oct 1 06:13:58 BST 2022 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
979b475a by Salvatore Bonaccorso at 2022-10-01T07:13:33+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -3,7 +3,7 @@ CVE-2022-41983
 CVE-2022-41976
 	RESERVED
 CVE-2022-41975 (RealVNC VNC Server before 6.11.0 and VNC Viewer before 6.22.826 on Win ...)
-	TODO: check
+	NOT-FOR-US: RealVNC
 CVE-2022-41974
 	RESERVED
 CVE-2022-41973
@@ -213,7 +213,7 @@ CVE-2022-41872
 CVE-2022-41871
 	RESERVED
 CVE-2022-41870 (AP Manager in Innovaphone before 13r2 Service Release 17 allows comman ...)
-	TODO: check
+	NOT-FOR-US: Innovaphone
 CVE-2022-41869
 	RESERVED
 CVE-2022-41868
@@ -1351,13 +1351,13 @@ CVE-2022-41442
 CVE-2022-41441
 	RESERVED
 CVE-2022-41440 (Billing System Project v1.0 was discovered to contain a SQL injection  ...)
-	TODO: check
+	NOT-FOR-US: Billing System Project
 CVE-2022-41439 (Billing System Project v1.0 was discovered to contain a SQL injection  ...)
-	TODO: check
+	NOT-FOR-US: Billing System Project
 CVE-2022-41438
 	RESERVED
 CVE-2022-41437 (Billing System Project v1.0 was discovered to contain a remote code ex ...)
-	TODO: check
+	NOT-FOR-US: Billing System Project
 CVE-2022-41436
 	RESERVED
 CVE-2022-41435
@@ -2552,9 +2552,9 @@ CVE-2022-40946
 CVE-2022-40945
 	RESERVED
 CVE-2022-40944 (Dairy Farm Shop Management System 1.0 is vulnerable to SQL Injection v ...)
-	TODO: check
+	NOT-FOR-US: Dairy Farm Shop Management System
 CVE-2022-40943 (Dairy Farm Shop Management System 1.0 is vulnerable to SQL Injection v ...)
-	TODO: check
+	NOT-FOR-US: Dairy Farm Shop Management System
 CVE-2022-40942 (Tenda TX3 US_TX3V1.0br_V16.03.13.11 is vulnerable to stack overflow vi ...)
 	NOT-FOR-US: Tenda
 CVE-2022-40941
@@ -2594,7 +2594,7 @@ CVE-2022-40925 (Zoo Management System v1.0 has an arbitrary file upload vulnerab
 CVE-2022-40924 (Zoo Management System v1.0 has an arbitrary file upload vulnerability  ...)
 	NOT-FOR-US: Zoo Management System
 CVE-2022-40923 (A vulnerability in the LIEF::MachO::SegmentCommand::virtual_address fu ...)
-	TODO: check
+	NOT-FOR-US: LIEF
 CVE-2022-40922
 	RESERVED
 CVE-2022-40921
@@ -2935,7 +2935,7 @@ CVE-2022-40758 (A Buffer Access with Incorrect Length Value vulnerablity in the
 CVE-2022-40757 (A Buffer Access with Incorrect Length Value vulnerablity in the TEE_MA ...)
 	NOT-FOR-US: Samsung mTower
 CVE-2022-40756 (If folder security is misconfigured for Actian Zen PSQL BEFORE Patch U ...)
-	TODO: check
+	NOT-FOR-US: Actian
 CVE-2022-40755 (JasPer 3.0.6 allows denial of service via a reachable assertion in the ...)
 	- jasper <removed>
 	NOTE: https://github.com/jasper-software/jasper/issues/338
@@ -6445,7 +6445,7 @@ CVE-2022-39233
 CVE-2022-39232 (Discourse is an open source discussion platform. Starting with version ...)
 	NOT-FOR-US: Discourse
 CVE-2022-39231 (Parse Server is an open source backend that can be deployed to any inf ...)
-	TODO: check
+	NOT-FOR-US: Node parse-server
 CVE-2022-39230 (fhir-works-on-aws-authz-smart is an implementation of the authorizatio ...)
 	TODO: check
 CVE-2022-39229
@@ -6913,7 +6913,7 @@ CVE-2022-39055
 CVE-2022-39054 (Cowell enterprise travel management system has insufficient filtering  ...)
 	NOT-FOR-US: Cowell enterprise travel management system
 CVE-2022-39053 (Heimavista Rpage has insufficient filtering for platform web URL. An u ...)
-	TODO: check
+	NOT-FOR-US: Heimavista Rpage
 CVE-2022-39052
 	RESERVED
 CVE-2022-39051 (Attacker might be able to execute malicious Perl code in the Template  ...)
@@ -7893,7 +7893,7 @@ CVE-2022-38734
 CVE-2022-38733
 	RESERVED
 CVE-2022-38732 (SnapCenter versions prior to 4.7 shipped without Content Security Poli ...)
-	TODO: check
+	NOT-FOR-US: SnapCenter (NetAPP)
 CVE-2022-38731
 	RESERVED
 CVE-2022-2985
@@ -8049,7 +8049,7 @@ CVE-2022-2955
 CVE-2022-2954
 	RESERVED
 CVE-2022-38699 (Armoury Crate Service’s logging function has insufficient valida ...)
-	TODO: check
+	NOT-FOR-US: Armoury Crate Service
 CVE-2022-38698
 	RESERVED
 CVE-2022-38697
@@ -8418,7 +8418,7 @@ CVE-2022-38555 (Linksys E1200 v1.0.04 is vulnerable to Buffer Overflow via ej_ge
 CVE-2022-38554
 	RESERVED
 CVE-2022-38553 (Academy Learning Management System before v5.9.1 was discovered to con ...)
-	TODO: check
+	NOT-FOR-US: Academy Learning Management System
 CVE-2022-38552
 	RESERVED
 CVE-2022-38551
@@ -9708,7 +9708,7 @@ CVE-2022-2780
 CVE-2022-2779 (A vulnerability classified as critical was found in SourceCodester Gas ...)
 	NOT-FOR-US: SourceCodester Gas Agency Management System
 CVE-2022-2778 (In affected versions of Octopus Deploy it is possible to bypass rate l ...)
-	TODO: check
+	NOT-FOR-US: Octopus Deploy
 CVE-2022-2777 (Cross-site Scripting (XSS) - Stored in GitHub repository microweber/mi ...)
 	NOT-FOR-US: microweber
 CVE-2022-2776 (A vulnerability classified as problematic has been found in SourceCode ...)
@@ -9745,7 +9745,7 @@ CVE-2022-2762
 CVE-2022-2761
 	RESERVED
 CVE-2022-2760 (In affected versions of Octopus Deploy it is possible to reveal the Sp ...)
-	TODO: check
+	NOT-FOR-US: Octopus Deploy
 CVE-2022-38169
 	RESERVED
 CVE-2022-38168
@@ -11320,7 +11320,7 @@ CVE-2022-37463
 CVE-2022-37462
 	RESERVED
 CVE-2022-37461 (Multiple cross-site scripting (XSS) vulnerabilities in Canon Medical V ...)
-	TODO: check
+	NOT-FOR-US: Canon Medical Vitrea View
 CVE-2022-37460
 	RESERVED
 CVE-2022-37459 (Ampere Altra devices before 1.08g and Ampere Altra Max devices before  ...)
@@ -12172,7 +12172,7 @@ CVE-2022-37211
 CVE-2022-37210
 	RESERVED
 CVE-2022-37209 (JFinal CMS 5.1.0 is affected by: SQL Injection. These interfaces do no ...)
-	TODO: check
+	NOT-FOR-US: JFinal CMS
 CVE-2022-37208
 	RESERVED
 CVE-2022-37207 (JFinal CMS 5.1.0 is affected by: SQL Injection. These interfaces do no ...)
@@ -12204,7 +12204,7 @@ CVE-2022-37195
 CVE-2022-37194
 	RESERVED
 CVE-2022-37193 (Chipolo ONE Bluetooth tracker (2020) Chipolo iOS app version 4.13.0 is ...)
-	TODO: check
+	NOT-FOR-US: Chipolo
 CVE-2022-37192
 	RESERVED
 CVE-2022-37191 (The component "cuppa/api/index.php" of CuppaCMS v1.0 is Vulnerable to  ...)
@@ -12570,7 +12570,7 @@ CVE-2022-37030 (Weak permissions on the configuration file in the PAM module in
 CVE-2022-37029
 	RESERVED
 CVE-2022-37028 (ISAMS 22.2.3.2 is prone to stored Cross-site Scripting (XSS) attack on ...)
-	TODO: check
+	NOT-FOR-US: ISAMS
 CVE-2022-37027 (Ahsay AhsayCBS 9.1.4.0 allows an authenticated system user to inject a ...)
 	NOT-FOR-US: Ahsay AhsayCBS
 CVE-2022-37026 (In Erlang/OTP before 23.3.4.15, 24.x before 24.3.4.2, and 25.x before  ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/979b475a291050e0cb709bd467565a249dda3762

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/979b475a291050e0cb709bd467565a249dda3762
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221001/bb809079/attachment.htm>

More information about the debian-security-tracker-commits mailing list