[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) jmm at debian.org
Tue Oct 11 10:22:18 BST 2022 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
13175522 by Moritz Muehlenhoff at 2022-10-11T11:21:55+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -2304,17 +2304,17 @@ CVE-2022-41751
 CVE-2022-41750
 	RESERVED
 CVE-2022-41749 (An origin validation error vulnerability in Trend Micro Apex One agent ...)
-	TODO: check
+	NOT-FOR-US: Trend Micro
 CVE-2022-41748 (A registry permissions vulnerability in the Trend Micro Apex One Data  ...)
-	TODO: check
+	NOT-FOR-US: Trend Micro
 CVE-2022-41747 (An improper certification validation vulnerability in Trend Micro Apex ...)
-	TODO: check
+	NOT-FOR-US: Trend Micro
 CVE-2022-41746 (A forced browsing vulnerability in Trend Micro Apex One could allow an ...)
-	TODO: check
+	NOT-FOR-US: Trend Micro
 CVE-2022-41745 (An Out-of-Bounds access vulnerability in Trend Micro Apex One could al ...)
-	TODO: check
+	NOT-FOR-US: Trend Micro
 CVE-2022-41744 (A Time-of-Check Time-Of-Use vulnerability in the Trend Micro Apex One  ...)
-	TODO: check
+	NOT-FOR-US: Trend Micro
 CVE-2022-41700
 	RESERVED
 CVE-2022-41646
@@ -4794,7 +4794,7 @@ CVE-2022-3222 (Uncontrolled Recursion in GitHub repository gpac/gpac prior to 2.
 CVE-2022-3221 (Cross-Site Request Forgery (CSRF) in GitHub repository ikus060/rdiffwe ...)
 	- rdiffweb <itp> (bug #969974)
 CVE-2022-3220 (The Advanced Comment Form WordPress plugin before 1.2.1 does not sanit ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-40738 (An issue was discovered in Bento4 through 1.6.0-639. A NULL pointer de ...)
 	NOT-FOR-US: Bento4
 CVE-2022-40737 (An issue was discovered in Bento4 through 1.6.0-639. A buffer over-rea ...)
@@ -5071,11 +5071,11 @@ CVE-2022-37332
 CVE-2022-32774
 	RESERVED
 CVE-2022-3209 (The soledad WordPress theme before 8.2.5 does not sanitise the {id,dat ...)
-	TODO: check
+	NOT-FOR-US: WordPress theme
 CVE-2022-3208 (The Simple File List WordPress plugin before 4.4.12 does not implement ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-3207 (The Simple File List WordPress plugin before 4.4.12 does not sanitise  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-3206
 	RESERVED
 CVE-2022-3205 (An XSS exists in automation controller UI where the project name is su ...)
@@ -5955,7 +5955,7 @@ CVE-2022-40259
 CVE-2022-40258
 	RESERVED
 CVE-2022-40257 (An HTML injection vulnerability exists in CERT/CC VINCE software prior ...)
-	TODO: check
+	NOT-FOR-US: CERT/CC VINCE
 CVE-2022-40256
 	RESERVED
 CVE-2022-40255
@@ -5973,7 +5973,7 @@ CVE-2022-40250 (An attacker can exploit this vulnerability to elevate privileges
 CVE-2022-40249
 	RESERVED
 CVE-2022-40248 (An HTML injection vulnerability exists in CERT/CC VINCE software prior ...)
-	TODO: check
+	NOT-FOR-US: CERT/CC VINCE
 CVE-2022-40247
 	RESERVED
 CVE-2022-40246 (A potential attacker can write one byte by arbitrary address at the ti ...)
@@ -6233,7 +6233,7 @@ CVE-2022-3155
 	- thunderbird <not-affected> (Only affects MacOS)
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-42/#CVE-2022-3155
 CVE-2022-3154 (The Woo Billingo Plus WordPress plugin before 4.4.5.4, Integration for ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-3153 (NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.040 ...)
 	- vim 2:9.0.0626-1 (unimportant)
 	NOTE: https://huntr.dev/bounties/68331124-620d-48bc-a8fa-cd947b26270a
@@ -6262,7 +6262,7 @@ CVE-2022-40140 (An origin validation error vulnerability in Trend Micro Apex One
 CVE-2022-40139 (Improper validation of some components used by the rollback mechanism  ...)
 	NOT-FOR-US: Trend Micro
 CVE-2022-40138 (An integer conversion error in Hermes bytecode generation, prior to co ...)
-	TODO: check
+	NOT-FOR-US: Facebook Hermes
 CVE-2022-40133 (A use-after-free(UAF) vulnerability was found in function 'vmw_execbuf ...)
 	- linux <unfixed>
 	NOTE: https://bugzilla.openanolis.cn/show_bug.cgi?id=2075
@@ -6314,9 +6314,9 @@ CVE-2022-3139
 CVE-2022-3138 (Cross-site Scripting (XSS) - Generic in GitHub repository jgraph/drawi ...)
 	NOT-FOR-US: jgraph/drawio
 CVE-2022-3137 (The Taskbuilder WordPress plugin before 1.0.8 does not validate and sa ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-3136 (The Social Rocket WordPress plugin before 1.3.3 does not sanitise and  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-40126 (A misconfiguration in the Service Mode profile directory of Clash for  ...)
 	NOT-FOR-US: Clash for Windows
 CVE-2022-40125
@@ -8126,7 +8126,7 @@ CVE-2022-39289 (ZoneMinder is a free, open source Closed-circuit television soft
 	NOTE: https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-mpcx-3gvh-9488
 	NOTE: NOTE: Only supported for trusted users/behind auth, see README.debian.security
 CVE-2022-39288 (fastify is a fast and low overhead web framework, for Node.js. Affecte ...)
-	TODO: check
+	NOT-FOR-US: Node fastify
 CVE-2022-39287 (tiny-csrf is a Node.js cross site request forgery (CSRF) protection mi ...)
 	NOT-FOR-US: tiny-csrf Nodejs module
 CVE-2022-39286
@@ -8158,7 +8158,7 @@ CVE-2022-39276
 CVE-2022-39275 (Saleor is a headless, GraphQL commerce platform. In affected versions  ...)
 	NOT-FOR-US: Saleor
 CVE-2022-39274 (LoRaMac-node is a reference implementation and documentation of a LoRa ...)
-	TODO: check
+	NOT-FOR-US: LoRaMac-node
 CVE-2022-39273 (FlyteAdmin is the control plane for the data processing platform Flyte ...)
 	NOT-FOR-US: FlyteAdmin
 CVE-2022-39272
@@ -8186,7 +8186,7 @@ CVE-2022-39264 (nheko is a desktop client for the Matrix communication applicati
 	NOTE: https://github.com/Nheko-Reborn/nheko/security/advisories/GHSA-8jcp-8jq4-5mm7
 	NOTE: https://github.com/Nheko-Reborn/nheko/commit/67bee15a389f9b8a9f6c3a340558d1e2319e7199 (v0.10.2)
 CVE-2022-39263 (`@next-auth/upstash-redis-adapter` is the Upstash Redis adapter for Ne ...)
-	TODO: check
+	NOT-FOR-US: next-auth/upstash-redis-adapter
 CVE-2022-39262
 	RESERVED
 CVE-2022-39261 (Twig is a template language for PHP. Versions 1.x prior to 1.44.7, 2.x ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/13175522afe3c7a7acbe24a2d5aebea74b9ee6b1

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/13175522afe3c7a7acbe24a2d5aebea74b9ee6b1
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221011/2de9f12d/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list