[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri Oct 28 21:51:50 BST 2022



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
b4d03985 by Salvatore Bonaccorso at 2022-10-28T22:51:24+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -27,7 +27,7 @@ CVE-2022-3743
 CVE-2022-3742
 	RESERVED
 CVE-2022-3741 (Impact varies for each individual vulnerability in the application. Fo ...)
-	TODO: check
+	NOT-FOR-US: chatwoot
 CVE-2022-3740
 	RESERVED
 CVE-2022-3739
@@ -577,19 +577,19 @@ CVE-2022-43959
 CVE-2022-3736
 	RESERVED
 CVE-2022-3735 (A vulnerability was found in seccome Ehoney. It has been rated as crit ...)
-	TODO: check
+	NOT-FOR-US: seccome Ehoney
 CVE-2022-3734 (A vulnerability was found in Redis. It has been declared as critical.  ...)
 	TODO: check
 CVE-2022-3733 (A vulnerability was found in SourceCodester Web-Based Student Clearanc ...)
-	TODO: check
+	NOT-FOR-US: SourceCodester Web-Based Student Clearance System
 CVE-2022-3732 (A vulnerability was found in seccome Ehoney and classified as critical ...)
-	TODO: check
+	NOT-FOR-US: seccome Ehoney
 CVE-2022-3731 (A vulnerability has been found in seccome Ehoney and classified as cri ...)
-	TODO: check
+	NOT-FOR-US: seccome Ehoney
 CVE-2022-3730 (A vulnerability, which was classified as critical, was found in seccom ...)
-	TODO: check
+	NOT-FOR-US: seccome Ehoney
 CVE-2022-3729 (A vulnerability, which was classified as critical, has been found in s ...)
-	TODO: check
+	NOT-FOR-US: seccome Ehoney
 CVE-2022-3728
 	RESERVED
 CVE-2023-20601
@@ -3655,9 +3655,9 @@ CVE-2022-43278
 CVE-2022-43277
 	RESERVED
 CVE-2022-43276 (Canteen Management System v1.0 was discovered to contain a SQL injecti ...)
-	TODO: check
+	NOT-FOR-US: Canteen Management System
 CVE-2022-43275 (Canteen Management System v1.0 was discovered to contain an arbitrary  ...)
-	TODO: check
+	NOT-FOR-US: Canteen Management System
 CVE-2022-43274
 	RESERVED
 CVE-2022-43273
@@ -3741,17 +3741,17 @@ CVE-2022-43235
 CVE-2022-43234
 	RESERVED
 CVE-2022-43233 (Canteen Management System v1.0 was discovered to contain a SQL injecti ...)
-	TODO: check
+	NOT-FOR-US: Canteen Management System
 CVE-2022-43232 (Canteen Management System v1.0 was discovered to contain a SQL injecti ...)
-	TODO: check
+	NOT-FOR-US: Canteen Management System
 CVE-2022-43231 (Canteen Management System v1.0 was discovered to contain an arbitrary  ...)
-	TODO: check
+	NOT-FOR-US: Canteen Management System
 CVE-2022-43230 (Simple Cold Storage Management System v1.0 was discovered to contain a ...)
-	TODO: check
+	NOT-FOR-US: Simple Cold Storage Management System
 CVE-2022-43229 (Simple Cold Storage Management System v1.0 was discovered to contain a ...)
-	TODO: check
+	NOT-FOR-US: Simple Cold Storage Management System
 CVE-2022-43228 (Barangay Management System v1.0 was discovered to contain a SQL inject ...)
-	TODO: check
+	NOT-FOR-US: Barangay Management System
 CVE-2022-43227
 	RESERVED
 CVE-2022-43226
@@ -3867,19 +3867,19 @@ CVE-2022-43172
 CVE-2022-43171
 	RESERVED
 CVE-2022-43170 (A stored cross-site scripting (XSS) vulnerability in the Dashboard Con ...)
-	TODO: check
+	NOT-FOR-US: Rukovoditel
 CVE-2022-43169 (A stored cross-site scripting (XSS) vulnerability in the Users Access  ...)
-	TODO: check
+	NOT-FOR-US: Rukovoditel
 CVE-2022-43168 (Rukovoditel v3.2.1 was discovered to contain a SQL injection vulnerabi ...)
-	TODO: check
+	NOT-FOR-US: Rukovoditel
 CVE-2022-43167 (A stored cross-site scripting (XSS) vulnerability in the Users Alerts  ...)
-	TODO: check
+	NOT-FOR-US: Rukovoditel
 CVE-2022-43166 (A stored cross-site scripting (XSS) vulnerability in the Global Entiti ...)
-	TODO: check
+	NOT-FOR-US: Rukovoditel
 CVE-2022-43165 (A stored cross-site scripting (XSS) vulnerability in the Global Variab ...)
-	TODO: check
+	NOT-FOR-US: Rukovoditel
 CVE-2022-43164 (A stored cross-site scripting (XSS) vulnerability in the Global Lists  ...)
-	TODO: check
+	NOT-FOR-US: Rukovoditel
 CVE-2022-43163
 	RESERVED
 CVE-2022-43162
@@ -5809,7 +5809,7 @@ CVE-2022-3411
 CVE-2022-3410
 	RESERVED
 CVE-2022-3409 (A vulnerability in bmcweb of OpenBMC Project allows user to cause deni ...)
-	TODO: check
+	NOT-FOR-US: OpenBMC
 CVE-2022-3408
 	RESERVED
 CVE-2022-3407
@@ -6649,9 +6649,9 @@ CVE-2022-42057
 CVE-2022-42056
 	RESERVED
 CVE-2022-42055 (Multiple command injection vulnerabilities in GL.iNet GoodCloud IoT De ...)
-	TODO: check
+	NOT-FOR-US: GL.iNet GoodCloud IoT Device Management System
 CVE-2022-42054 (Multiple stored cross-site scripting (XSS) vulnerabilities in GL.iNet  ...)
-	TODO: check
+	NOT-FOR-US: GL.iNet GoodCloud IoT Device Management System
 CVE-2022-42053
 	RESERVED
 CVE-2022-42052
@@ -6794,11 +6794,11 @@ CVE-2022-36354
 CVE-2022-3388
 	RESERVED
 CVE-2022-3387 (Advantech R-SeeNet Versions 2.4.19 and prior are vulnerable to path tr ...)
-	TODO: check
+	NOT-FOR-US: Advantech R-SeeNet
 CVE-2022-3386 (Advantech R-SeeNet Versions 2.4.17 and prior are vulnerable to a stack ...)
-	TODO: check
+	NOT-FOR-US: Advantech R-SeeNet
 CVE-2022-3385 (Advantech R-SeeNet Versions 2.4.17 and prior are vulnerable to a stack ...)
-	TODO: check
+	NOT-FOR-US: Advantech R-SeeNet
 CVE-2022-3384
 	RESERVED
 CVE-2022-3383
@@ -7107,9 +7107,9 @@ CVE-2022-3381
 CVE-2022-3380
 	RESERVED
 CVE-2022-3379 (Horner Automation's Cscape version 9.90 SP7 and prior does not properl ...)
-	TODO: check
+	NOT-FOR-US: Horner Automation's Cscape
 CVE-2022-3378 (Horner Automation's Cscape version 9.90 SP 7 and prior does not proper ...)
-	TODO: check
+	NOT-FOR-US: Horner Automation's Cscape
 CVE-2022-3377
 	RESERVED
 CVE-2022-3376 (Weak Password Requirements in GitHub repository ikus060/rdiffweb prior ...)
@@ -7244,13 +7244,13 @@ CVE-2022-41778
 CVE-2022-41776
 	RESERVED
 CVE-2022-41773 (The affected product DIAEnergie (versions prior to v1.9.01.002) is vul ...)
-	TODO: check
+	NOT-FOR-US: DIAEnergie
 CVE-2022-41772
 	RESERVED
 CVE-2022-41702 (The affected product DIAEnergie (versions prior to v1.9.01.002) is vul ...)
-	TODO: check
+	NOT-FOR-US: DIAEnergie
 CVE-2022-41701 (The affected product DIAEnergie (versions prior to v1.9.01.002) is vul ...)
-	TODO: check
+	NOT-FOR-US: DIAEnergie
 CVE-2022-41697
 	RESERVED
 CVE-2022-41688
@@ -7264,13 +7264,13 @@ CVE-2022-41654
 CVE-2022-41653
 	RESERVED
 CVE-2022-41651 (The affected product DIAEnergie (versions prior to v1.9.01.002) is vul ...)
-	TODO: check
+	NOT-FOR-US: DIAEnergie
 CVE-2022-41648 (The HEIDENHAIN Controller TNC 640, version 340590 07 SP5, running HERO ...)
-	TODO: check
+	NOT-FOR-US: HEIDENHAIN Controller TNC 640
 CVE-2022-41644
 	RESERVED
 CVE-2022-41636 (Communication traffic involving "Ethernet Q Commands" service of Haas  ...)
-	TODO: check
+	NOT-FOR-US: Haas Controller
 CVE-2022-41629
 	RESERVED
 CVE-2022-41627 (The physical IoT device of the AliveCor's KardiaMobile, a smartphone-b ...)
@@ -7280,15 +7280,15 @@ CVE-2022-41613
 CVE-2022-41607
 	RESERVED
 CVE-2022-41555 (The affected product DIAEnergie (versions prior to v1.9.01.002) is vul ...)
-	TODO: check
+	NOT-FOR-US: DIAEnergie
 CVE-2022-41133 (The affected product DIAEnergie (versions prior to v1.9.01.002) is vul ...)
-	TODO: check
+	NOT-FOR-US: DIAEnergie
 CVE-2022-40981
 	RESERVED
 CVE-2022-40967 (The affected product DIAEnergie (versions prior to v1.9.01.002) is vul ...)
-	TODO: check
+	NOT-FOR-US: DIAEnergie
 CVE-2022-40965 (The affected product DIAEnergie (versions prior to v1.9.01.002) is vul ...)
-	TODO: check
+	NOT-FOR-US: DIAEnergie
 CVE-2022-40703 (CWE-302 Authentication Bypass by Assumed-Immutable Data in AliveCor Ka ...)
 	NOT-FOR-US: AliveCor Kardia App
 CVE-2022-40204



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b4d03985a174e8160f2c749104f92d7515f98c76

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b4d03985a174e8160f2c749104f92d7515f98c76
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221028/f97beda4/attachment.htm>


More information about the debian-security-tracker-commits mailing list