[Git][security-tracker-team/security-tracker][master] Process NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed Oct 26 21:43:45 BST 2022



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
9140ca1e by Salvatore Bonaccorso at 2022-10-26T22:43:17+02:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -3832,7 +3832,7 @@ CVE-2022-3420
 CVE-2022-3419
 	RESERVED
 CVE-2022-42468 (Apache Flume versions 1.4.0 through 1.10.1 are vulnerable to a remote  ...)
-	TODO: check
+	NOT-FOR-US: Apache Flume
 CVE-2022-42467 (When running in prototype mode, the h2 webconsole module (accessible f ...)
 	NOT-FOR-US: Apache Isis
 CVE-2022-42466 (Prior to 2.0.0-M9, it was possible for an end-user to set the value of ...)
@@ -9878,7 +9878,7 @@ CVE-2022-39946
 CVE-2022-39945
 	RESERVED
 CVE-2022-39944 (In Apache Linkis <=1.2.0 when used with the MySQL Connector/J, a de ...)
-	TODO: check
+	NOT-FOR-US: Apache Linkis
 CVE-2022-39943
 	RESERVED
 CVE-2022-39942
@@ -10123,9 +10123,9 @@ CVE-2022-39839 (Cotonti Siena 0.9.20 allows admins to conduct stored XSS attacks
 CVE-2022-39838 (Systematic FIX Adapter (ALFAFX) 2.4.0.25 13/09/2017 allows remote file ...)
 	NOT-FOR-US: Systematic FIX Adapter (ALFAFX)
 CVE-2022-39837 (An issue was discovered in Connected Vehicle Systems Alliance (COVESA) ...)
-	TODO: check
+	NOT-FOR-US: Connected Vehicle Systems Alliance (COVESA)
 CVE-2022-39836 (An issue was discovered in Connected Vehicle Systems Alliance (COVESA) ...)
-	TODO: check
+	NOT-FOR-US: Connected Vehicle Systems Alliance (COVESA)
 CVE-2022-39835 (An issue was discovered in Gajim through 1.4.7. The vulnerability allo ...)
 	- gajim 1.5.0-1
 	[bullseye] - gajim <no-dsa> (Minor issue)
@@ -11151,17 +11151,17 @@ CVE-2022-39364
 CVE-2022-39363
 	RESERVED
 CVE-2022-39362 (Metabase is data visualization software. Prior to versions 0.44.5, 1.4 ...)
-	TODO: check
+	NOT-FOR-US: Metabase
 CVE-2022-39361 (Metabase is data visualization software. Prior to versions 0.44.5, 1.4 ...)
-	TODO: check
+	NOT-FOR-US: Metabase
 CVE-2022-39360 (Metabase is data visualization software. Prior to versions 0.44.5, 1.4 ...)
-	TODO: check
+	NOT-FOR-US: Metabase
 CVE-2022-39359 (Metabase is data visualization software. Prior to versions 0.44.5, 1.4 ...)
-	TODO: check
+	NOT-FOR-US: Metabase
 CVE-2022-39358 (Metabase is data visualization software. Prior to versions 0.44.5, 1.4 ...)
-	TODO: check
+	NOT-FOR-US: Metabase
 CVE-2022-39357 (Winter is a free, open-source content management system based on the L ...)
-	TODO: check
+	NOT-FOR-US: Winter
 CVE-2022-39356
 	RESERVED
 CVE-2022-39355
@@ -11185,7 +11185,7 @@ CVE-2022-39347
 CVE-2022-39346
 	RESERVED
 CVE-2022-39345 (Gin-vue-admin is a backstage management system based on vue and gin, w ...)
-	TODO: check
+	NOT-FOR-US: Gin-vue-admin
 CVE-2022-39344
 	RESERVED
 CVE-2022-39343
@@ -11245,7 +11245,7 @@ CVE-2022-39317
 CVE-2022-39316
 	RESERVED
 CVE-2022-39315 (Kirby is a Content Management System. Prior to versions 3.5.8.2, 3.6.6 ...)
-	TODO: check
+	NOT-FOR-US: Kirby CMS
 CVE-2022-39314 (Kirby is a flat-file CMS. In versions prior to 3.5.8.2, 3.6.6.2, 3.7.5 ...)
 	NOT-FOR-US: Kirby CMS
 CVE-2022-39313 (Parse Server is an open source backend that can be deployed to any inf ...)
@@ -13441,7 +13441,7 @@ CVE-2022-38582
 CVE-2022-38581
 	RESERVED
 CVE-2022-38580 (Zalando Skipper v0.13.236 is vulnerable to Server-Side Request Forgery ...)
-	TODO: check
+	NOT-FOR-US: Zalando Skipper
 CVE-2022-38579
 	RESERVED
 CVE-2022-38578
@@ -13842,9 +13842,9 @@ CVE-2022-38438 (Adobe Experience Manager versions 6.5.13.0 (and earlier) is affe
 CVE-2022-38437 (Adobe Acrobat Reader versions 22.002.20212 (and earlier) and 20.005.30 ...)
 	NOT-FOR-US: Adobe
 CVE-2022-38436 (Adobe Illustrator versions 26.4 (and earlier) and 25.4.7 (and earlier) ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2022-38435 (Adobe Illustrator versions 26.4 (and earlier) and 25.4.7 (and earlier) ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2022-38434 (Adobe Photoshop versions 22.5.8 (and earlier) and 23.4.2 (and earlier) ...)
 	NOT-FOR-US: Adobe
 CVE-2022-38433 (Adobe Photoshop versions 22.5.8 (and earlier) and 23.4.2 (and earlier) ...)
@@ -14653,17 +14653,17 @@ CVE-2022-38202
 CVE-2022-38201
 	RESERVED
 CVE-2022-38200 (A cross site scripting vulnerability exists in some map service config ...)
-	TODO: check
+	NOT-FOR-US: ArcGIS Server
 CVE-2022-38199 (A remote file download issue can occur in some capabilities of Esri Ar ...)
-	TODO: check
+	NOT-FOR-US: ArcGIS Server
 CVE-2022-38198 (There is a reflected cross site scripting issue in the Esri ArcGIS Ser ...)
-	TODO: check
+	NOT-FOR-US: Esri ArcGIS Server
 CVE-2022-38197 (Esri ArcGIS Server versions 10.9.1 and below have an unvalidated redir ...)
-	TODO: check
+	NOT-FOR-US: Esri ArcGIS Server
 CVE-2022-38196 (Esri ArcGIS Server versions 10.9.1 and prior have a path traversal vul ...)
-	TODO: check
+	NOT-FOR-US: Esri ArcGIS Server
 CVE-2022-38195 (There is as reflected cross site scripting issue in Esri ArcGIS Server ...)
-	TODO: check
+	NOT-FOR-US: Esri ArcGIS Server
 CVE-2022-38194 (In Esri Portal for ArcGIS versions 10.8.1, a system property is not pr ...)
 	NOT-FOR-US: Esri Portal for ArcGIS
 CVE-2022-38193 (There is a code injection vulnerability in Esri Portal for ArcGIS vers ...)
@@ -14851,7 +14851,7 @@ CVE-2022-38164
 CVE-2022-38163
 	RESERVED
 CVE-2022-38162 (Reflected cross-site scripting (XSS) vulnerabilities in WithSecure thr ...)
-	TODO: check
+	NOT-FOR-US: WithSecure
 CVE-2022-38161 (The Gumstix Overo SBC on the VSKS board through 2022-08-09, as used on ...)
 	NOT-FOR-US: Gumstix Overo SBC
 CVE-2022-38160



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9140ca1e08e3ab29909603ecdc154cd2d559f94e

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9140ca1e08e3ab29909603ecdc154cd2d559f94e
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221026/41b282e1/attachment.htm>


More information about the debian-security-tracker-commits mailing list