[Git][security-tracker-team/security-tracker][master] Process NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri Oct 28 22:01:40 BST 2022 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
1bea25a4 by Salvatore Bonaccorso at 2022-10-28T23:01:19+02:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -11225,9 +11225,9 @@ CVE-2022-40186 (An issue was discovered in HashiCorp Vault and Vault Enterprise
 CVE-2022-40185
 	RESERVED
 CVE-2022-40184 (Incomplete filtering of JavaScript code in different configuration fie ...)
-	TODO: check
+	NOT-FOR-US: Bosch
 CVE-2022-40183 (An error in the URL handler of the VIDEOJET multi 4000 may lead to a r ...)
-	TODO: check
+	NOT-FOR-US: Bosch
 CVE-2022-40182 (A vulnerability has been identified in Desigo PXM30-1 (All versions &l ...)
 	NOT-FOR-US: Siemens
 CVE-2022-40181 (A vulnerability has been identified in Desigo PXM30-1 (All versions &l ...)
@@ -11733,11 +11733,11 @@ CVE-2022-39980
 CVE-2022-39979
 	RESERVED
 CVE-2022-39978 (Online Pet Shop We App v1.0 was discovered to contain an arbitrary fil ...)
-	TODO: check
+	NOT-FOR-US: Online Pet Shop We App
 CVE-2022-39977 (Online Pet Shop We App v1.0 was discovered to contain an arbitrary fil ...)
-	TODO: check
+	NOT-FOR-US: Online Pet Shop We App
 CVE-2022-39976 (School Activity Updates with SMS Notification v1.0 was discovered to c ...)
-	TODO: check
+	NOT-FOR-US: School Activity Updates with SMS Notification
 CVE-2022-39975 (The Layout module in Liferay Portal v7.3.3 through v7.4.3.34, and Life ...)
 	NOT-FOR-US: Liferay
 CVE-2022-39974 (WASM3 v0.5.0 was discovered to contain a segmentation fault via the co ...)
@@ -13085,7 +13085,7 @@ CVE-2022-39367 (QTIWorks is a software suite for standards-based assessment deli
 CVE-2022-39366 (DataHub is an open-source metadata platform. Prior to version 0.8.45,  ...)
 	TODO: check
 CVE-2022-39365 (Pimcore is an open source data and experience management platform. Pri ...)
-	TODO: check
+	NOT-FOR-US: Pimcore
 CVE-2022-39364 (Nextcloud Server is the file server software for Nextcloud, a self-hos ...)
 	TODO: check
 CVE-2022-39363
@@ -14873,7 +14873,7 @@ CVE-2021-46835 (There is a traffic hijacking vulnerability in WS7200-10 11.0.2.1
 CVE-2020-36602 (There is an out-of-bounds read and write vulnerability in some headset ...)
 	NOT-FOR-US: Huawei
 CVE-2022-38744 (An unauthenticated attacker with network access to a victim's Rockwell ...)
-	TODO: check
+	NOT-FOR-US: Rockwell Automation
 CVE-2022-38743 (Rockwell Automation FactoryTalk VantagePoint versions 8.0, 8.10, 8.20, ...)
 	NOT-FOR-US: Rockwell Automation
 CVE-2022-38742 (Rockwell Automation ThinManager ThinServer versions 11.0.0 - 13.0.0 is ...)
@@ -16631,7 +16631,7 @@ CVE-2022-38182
 CVE-2022-38181 (An Arm product family through 2022-08-12 mail GPU kernel driver allows ...)
 	TODO: check
 CVE-2022-2809 (A vulnerability in bmcweb of OpenBMC Project allows user to cause deni ...)
-	TODO: check
+	NOT-FOR-US: OpenBMC
 CVE-2022-38180 (In JetBrains Ktor before 2.1.0 the wrong authentication provider could ...)
 	NOT-FOR-US: JetBrains Ktor
 CVE-2022-38179 (JetBrains Ktor before 2.1.0 was vulnerable to the Reflect File Downloa ...)
@@ -17375,11 +17375,11 @@ CVE-2022-37917
 CVE-2022-37916
 	RESERVED
 CVE-2022-37915 (A vulnerability in the web-based management interface of Aruba EdgeCon ...)
-	TODO: check
+	NOT-FOR-US: Aruba
 CVE-2022-37914 (Vulnerabilities in the web-based management interface of Aruba EdgeCon ...)
-	TODO: check
+	NOT-FOR-US: Aruba
 CVE-2022-37913 (Vulnerabilities in the web-based management interface of Aruba EdgeCon ...)
-	TODO: check
+	NOT-FOR-US: Aruba
 CVE-2022-37912
 	RESERVED
 CVE-2022-37911
@@ -21562,9 +21562,9 @@ CVE-2022-2476 (A null pointer dereference bug was found in wavpack-5.4.0 The res
 	NOTE: https://github.com/dbry/WavPack/issues/121
 	NOTE: https://github.com/dbry/WavPack/commit/25b4a2725d8568212e7cf89ca05ca29d128af7ac (5.5.0)
 CVE-2022-2475 (Haas Controller version 100.20.000.1110 has insufficient granularity o ...)
-	TODO: check
+	NOT-FOR-US: Haas Controller
 CVE-2022-2474 (Authentication is currently unsupported in Haas Controller version 100 ...)
-	TODO: check
+	NOT-FOR-US: Haas Controller
 CVE-2022-2473 (The WP-UserOnline plugin for WordPress is vulnerable to Stored Cross-S ...)
 	NOT-FOR-US: WP-UserOnline plugin for WordPress
 CVE-2022-2472 (Improper Initialization vulnerability in the local server component of ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1bea25a41bf562e9a28d462b6aecc1c2776c4a79

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1bea25a41bf562e9a28d462b6aecc1c2776c4a79
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221028/d938d19c/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list