[Git][security-tracker-team/security-tracker][master] Process some NFUs

Sat Sep 3 09:00:22 BST 2022


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
2b37f3d9 by Salvatore Bonaccorso at 2022-09-03T09:59:50+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -6792,7 +6792,7 @@ CVE-2022-37175 (Tenda ac15 firmware V15.03.05.18 httpd server has stack buffer o
 CVE-2022-37174
 	RESERVED
 CVE-2022-37173 (An issue in the installer of gvim 9.0.0000 allows authenticated attack ...)
-	TODO: check
+	NOT-FOR-US: gvim Windows installer
 CVE-2022-37172 (Incorrect access control in the install directory (C:\msys64) of Msys2 ...)
 	NOT-FOR-US: Msys2
 CVE-2022-37171
@@ -8155,11 +8155,11 @@ CVE-2022-36605 (Yimioa v6.1 was discovered to contain a SQL injection vulnerabil
 CVE-2022-36604 (An access control issue in Canaan Avalon ASIC Miner 2020.3.30 and belo ...)
 	NOT-FOR-US: Canaan Avalon ASIC Miner
 CVE-2022-36603 (InnoSilicon T3T+ t2t+_soc_20190911_151433.swu was discovered to contai ...)
-	TODO: check
+	NOT-FOR-US: InnoSilicon T3T+ t2t+_soc_20190911_151433.swu
 CVE-2022-36602 (InnoSilicon A10 a10_20200924_120556 was discovered to contain a remote ...)
-	TODO: check
+	NOT-FOR-US: InnoSilicon A10
 CVE-2022-36601 (The Eclipse TCF debug interface in JasMiner-X4-Server-20220621-090907  ...)
-	TODO: check
+	NOT-FOR-US: JasMiner-X4-Server-20220621-090907
 CVE-2022-36600 (BlogEngine v3.3.8.0 was discovered to contain a cross-site scripting ( ...)
 	NOT-FOR-US: BlogEngine
 CVE-2022-36599 (Mingsoft MCMS 5.2.8 was discovered to contain a SQL injection vulnerab ...)
@@ -9447,7 +9447,7 @@ CVE-2022-36132
 CVE-2022-36131 (The Better PDF Exporter add-on 10.0.0 for Atlassian Jira is prone to s ...)
 	NOT-FOR-US: Atlassian addon
 CVE-2022-36130 (HashiCorp Boundary up to 0.10.1 did not properly perform data integrit ...)
-	TODO: check
+	NOT-FOR-US: HashiCorp Boundary
 CVE-2022-36129 (HashiCorp Vault Enterprise 1.7.0 through 1.9.7, 1.10.4, and 1.11.0 clu ...)
 	NOT-FOR-US: HashiCorp Vault
 CVE-2022-2455
@@ -9600,7 +9600,7 @@ CVE-2022-36080
 CVE-2022-36079
 	RESERVED
 CVE-2022-36078 (Binary provides encoding/decoding in Borsh and other formats. The vuln ...)
-	TODO: check
+	NOT-FOR-US: gagliardetto/Binary (tool to provide encoding/decoding in Borsh and other formats)
 CVE-2022-36077
 	RESERVED
 CVE-2022-36076 (NodeBB Forum Software is powered by Node.js and supports either Redis, ...)
@@ -9660,7 +9660,7 @@ CVE-2022-36053 (Contiki-NG is an open-source, cross-platform operating system fo
 CVE-2022-36052 (Contiki-NG is an open-source, cross-platform operating system for Next ...)
 	NOT-FOR-US: Contiki-NG
 CVE-2022-36051 (ZITADEL combines the ease of Auth0 and the versatility of Keycloak.**A ...)
-	TODO: check
+	NOT-FOR-US: ZITADEL
 CVE-2022-36050
 	RESERVED
 CVE-2022-36049
@@ -21188,7 +21188,7 @@ CVE-2022-31679
 CVE-2022-31678
 	RESERVED
 CVE-2022-31677 (An Insufficient Session Expiration issue was discovered in the Pinnipe ...)
-	TODO: check
+	NOT-FOR-US: Pinniped Supervisor
 CVE-2022-31676 (VMware Tools (12.0.0, 11.x.y and 10.x.y) contains a local privilege es ...)
 	{DSA-5215-1 DLA-3081-1}
 	- open-vm-tools 2:12.1.0-1 (bug #1018012)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2b37f3d9e09157a63a207d6b2d1a749242c51281

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2b37f3d9e09157a63a207d6b2d1a749242c51281
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220903/ece4844e/attachment.htm>
