[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) jmm at debian.org
Tue Oct 11 16:29:52 BST 2022 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
68fe923c by Moritz Muehlenhoff at 2022-10-11T17:29:24+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -16838,7 +16838,7 @@ CVE-2022-2450
 CVE-2022-2449
 	RESERVED
 CVE-2022-2448 (The reSmush.it WordPress plugin before 0.4.6 does not sanitise and esc ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-2447 (A flaw was found in Keystone. There is a time lag (up to one hour in a ...)
 	- python-keystonemiddleware 10.1.0-4 (bug #1021272)
 	[bullseye] - python-keystonemiddleware <no-dsa> (Minor issue)
@@ -17017,7 +17017,7 @@ CVE-2022-36065 (GrowthBook is an open-source platform for feature flagging and A
 CVE-2022-36064 (Shescape is a shell escape package for JavaScript. An Inefficient Regu ...)
 	NOT-FOR-US: Shescape
 CVE-2022-36063 (Azure RTOS USBx is a USB host, device, and on-the-go (OTG) embedded st ...)
-	TODO: check
+	NOT-FOR-US: Azure RTOS USBx
 CVE-2022-36062 (Grafana is an open-source platform for monitoring and observability. I ...)
 	- grafana <removed>
 CVE-2022-36061 (Elrond go is the go implementation for the Elrond Network protocol. In ...)
@@ -17575,11 +17575,11 @@ CVE-2022-35848
 CVE-2022-35847 (An improper neutralization of special elements used in a template engi ...)
 	NOT-FOR-US: FortiGuard
 CVE-2022-35846 (An improper restriction of excessive authentication attempts vulnerabi ...)
-	TODO: check
+	NOT-FOR-US: FortiGuard
 CVE-2022-35845
 	RESERVED
 CVE-2022-35844 (An improper neutralization of special elements used in an OS command v ...)
-	TODO: check
+	NOT-FOR-US: FortiGuard
 CVE-2022-35843
 	RESERVED
 CVE-2022-35842
@@ -18646,7 +18646,7 @@ CVE-2022-35417
 CVE-2022-35416 (H3C SSL VPN through 2022-07-10 allows wnm/login/login.json svpnlang co ...)
 	NOT-FOR-US: H3C SSL VPN
 CVE-2022-35415 (An improper input validation in NI System Configuration Manager before ...)
-	TODO: check
+	NOT-FOR-US: NI
 CVE-2022-35414 (** DISPUTED ** softmmu/physmem.c in QEMU through 7.0.0 can perform an  ...)
 	{DLA-3099-1}
 	- qemu 1:7.1+dfsg-1 (unimportant; bug #1014958)
@@ -18725,7 +18725,7 @@ CVE-2022-2352 (The Post SMTP Mailer/Email Log WordPress plugin before 2.1.7 does
 CVE-2022-2351 (The Post SMTP Mailer/Email Log WordPress plugin before 2.1.4 does not  ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-2350 (The Disable User Login WordPress plugin through 1.0.1 does not have au ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-2349
 	RESERVED
 CVE-2022-2348
@@ -18987,7 +18987,7 @@ CVE-2022-35291 (Due to misconfigured application endpoints, SAP SuccessFactors a
 CVE-2022-35290 (Under certain conditions SAP Authenticator for Android allows an attac ...)
 	NOT-FOR-US: SAP
 CVE-2022-35289 (A write-what-where condition in hermes caused by an integer overflow,  ...)
-	TODO: check
+	NOT-FOR-US: Facebook Hermes
 CVE-2022-35288 (IBM Security Verify Information Queue 10.0.2 could allow a user to obt ...)
 	NOT-FOR-US: IBM
 CVE-2022-35287 (IBM Security Verify Information Queue 10.0.2 contains hard-coded crede ...)
@@ -20295,7 +20295,7 @@ CVE-2022-2267 (The Mailchimp for WooCommerce WordPress plugin before 2.7.1 has a
 CVE-2022-2266 (University Library Automation System developed by Yordam Bilgi Teknolo ...)
 	NOT-FOR-US: University Library Automation System
 CVE-2022-2265 (The Identity and Directory Management System developed by Çekino  ...)
-	TODO: check
+	NOT-FOR-US: Teknolojileri
 CVE-2022-2264 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0. ...)
 	- vim 2:9.0.0135-1 (unimportant)
 	NOTE: https://huntr.dev/bounties/2241c773-02c9-4708-b63e-54aef99afa6c/
@@ -21507,7 +21507,7 @@ CVE-2022-34427
 CVE-2022-34426
 	RESERVED
 CVE-2022-34425 (Dell Enterprise SONiC OS, 4.0.0, 4.0.1, contain a cryptographic key vu ...)
-	TODO: check
+	NOT-FOR-US: Dell
 CVE-2022-34424 (Networking OS10, versions 10.5.1.x, 10.5.2.x, and 10.5.3.x contain a v ...)
 	NOT-FOR-US: Dell
 CVE-2022-34423
@@ -21553,7 +21553,7 @@ CVE-2022-34404
 CVE-2022-34403
 	RESERVED
 CVE-2022-34402 (Dell Wyse ThinOS 2205 contains a Regular Expression Denial of Service  ...)
-	TODO: check
+	NOT-FOR-US: Dell
 CVE-2022-34401
 	RESERVED
 CVE-2022-34400
@@ -21711,7 +21711,7 @@ CVE-2022-34336 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulne
 CVE-2022-34335
 	RESERVED
 CVE-2022-34334 (IBM Sterling Partner Engagement Manager 2.0 does not invalidate sessio ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2022-34333
 	RESERVED
 CVE-2022-34332
@@ -22186,7 +22186,7 @@ CVE-2022-2156 (Use after free in Core in Google Chrome prior to 103.0.5060.53 al
 CVE-2022-2155
 	RESERVED
 CVE-2022-2154 (An attacker with physical access can exploit this vulnerability to exe ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2022-2153 (A flaw was found in the Linux kernel’s KVM when attempting to se ...)
 	{DSA-5173-1 DLA-3131-1 DLA-3065-1}
 	- linux 5.17.3-1
@@ -23109,11 +23109,11 @@ CVE-2022-33876
 CVE-2022-33875
 	RESERVED
 CVE-2022-33874 (An improper neutralization of special elements used in an OS Command ( ...)
-	TODO: check
+	NOT-FOR-US: Fortiguard
 CVE-2022-33873 (An improper neutralization of special elements used in an OS Command ( ...)
-	TODO: check
+	NOT-FOR-US: Fortiguard
 CVE-2022-33872 (An improper neutralization of special elements used in an OS Command ( ...)
-	TODO: check
+	NOT-FOR-US: Fortiguard
 CVE-2022-33871
 	RESERVED
 CVE-2022-33870
@@ -27072,7 +27072,7 @@ CVE-2022-1987 (Buffer Over-read in GitHub repository bfabiszewski/libmobi prior
 CVE-2022-1986 (OS Command Injection in GitHub repository gogs/gogs prior to 0.12.9. ...)
 	NOT-FOR-US: Go Git Service
 CVE-2022-32234 (An out of bounds write in hermes, while handling large arrays, prior t ...)
-	TODO: check
+	NOT-FOR-US: Facebook Hermes
 CVE-2022-30943 (Browsing restriction bypass vulnerability in Bulletin of Cybozu Garoon ...)
 	NOT-FOR-US: Cybozu
 CVE-2022-30602 (Operation restriction bypass in multiple applications of Cybozu Garoon ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/68fe923c060d74ba73e869bc3bd7d9f785c7b1ab

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/68fe923c060d74ba73e869bc3bd7d9f785c7b1ab
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221011/9d5d5e9f/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list