[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Sep 15 21:38:49 BST 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
14c732ab by Salvatore Bonaccorso at 2022-09-15T22:38:15+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -183,7 +183,7 @@ CVE-2022-35238
CVE-2022-33978
RESERVED
CVE-2022-3216 (A vulnerability has been found in Nintendo Game Boy Color and classifi ...)
- TODO: check
+ NOT-FOR-US: Nintendo Game Boy Color
CVE-2022-3215
RESERVED
CVE-2022-3214
@@ -193,11 +193,11 @@ CVE-2022-3213
CVE-2022-3212 (<bytes::Bytes as axum_core::extract::FromRequest>::from_request ...)
TODO: check
CVE-2022-3211 (Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimco ...)
- TODO: check
+ NOT-FOR-US: pimcore
CVE-2022-30545
RESERVED
CVE-2020-36603 (The HoYoVerse (formerly miHoYo) Genshin Impact mhyprot2.sys 1.0.0.0 an ...)
- TODO: check
+ NOT-FOR-US: HoYoVerse (formerly miHoYo) Genshin Impact
CVE-2022-40674 (libexpat before 2.4.9 has a use-after-free in the doContent function i ...)
- expat 2.4.8-2 (bug #1019761)
NOTE: https://github.com/libexpat/libexpat/pull/629
@@ -220,65 +220,65 @@ CVE-2022-40665
CVE-2022-40664
RESERVED
CVE-2022-40663 (This vulnerability allows remote attackers to execute arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: NIKON
CVE-2022-40662 (This vulnerability allows remote attackers to execute arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: NIKON
CVE-2022-40661 (This vulnerability allows remote attackers to execute arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: NIKON
CVE-2022-40660 (This vulnerability allows remote attackers to execute arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: NIKON
CVE-2022-40659 (This vulnerability allows remote attackers to execute arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: NIKON
CVE-2022-40658 (This vulnerability allows remote attackers to execute arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: NIKON
CVE-2022-40657 (This vulnerability allows remote attackers to execute arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: NIKON
CVE-2022-40656 (This vulnerability allows remote attackers to execute arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: NIKON
CVE-2022-40655 (This vulnerability allows remote attackers to execute arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: NIKON
CVE-2022-40654 (This vulnerability allows remote attackers to execute arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: Ansys SpaceClaim
CVE-2022-40653 (This vulnerability allows remote attackers to execute arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: Ansys SpaceClaim
CVE-2022-40652 (This vulnerability allows remote attackers to execute arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: Ansys SpaceClaim
CVE-2022-40651 (This vulnerability allows remote attackers to execute arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: Ansys SpaceClaim
CVE-2022-40650 (This vulnerability allows remote attackers to execute arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: Ansys SpaceClaim
CVE-2022-40649 (This vulnerability allows remote attackers to execute arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: Ansys SpaceClaim
CVE-2022-40648 (This vulnerability allows remote attackers to execute arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: Ansys SpaceClaim
CVE-2022-40647 (This vulnerability allows remote attackers to execute arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: Ansys SpaceClaim
CVE-2022-40646 (This vulnerability allows remote attackers to execute arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: Ansys SpaceClaim
CVE-2022-40645 (This vulnerability allows remote attackers to execute arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: Ansys SpaceClaim
CVE-2022-40644 (This vulnerability allows remote attackers to execute arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: Ansys SpaceClaim
CVE-2022-40643 (This vulnerability allows remote attackers to execute arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: Ansys SpaceClaim
CVE-2022-40642 (This vulnerability allows remote attackers to execute arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: Ansys SpaceClaim
CVE-2022-40641 (This vulnerability allows remote attackers to execute arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: Ansys SpaceClaim
CVE-2022-40640 (This vulnerability allows remote attackers to execute arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: Ansys SpaceClaim
CVE-2022-40639 (This vulnerability allows remote attackers to execute arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: Ansys SpaceClaim
CVE-2022-40638 (This vulnerability allows remote attackers to execute arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: Ansys SpaceClaim
CVE-2022-40637 (This vulnerability allows remote attackers to execute arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: Ansys SpaceClaim
CVE-2022-40636 (This vulnerability allows remote attackers to execute arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: Ansys SpaceClaim
CVE-2022-3210
RESERVED
CVE-2022-31735 (OpenAM Consortium Edition version 14.0.0 provided by OpenAM Consortium ...)
- TODO: check
+ NOT-FOR-US: OpenAM (different from src:openam)
CVE-2021-46838
RESERVED
CVE-2022-40635 (Improper Control of Dynamically-Managed Code Resources vulnerability i ...)
@@ -932,7 +932,7 @@ CVE-2022-40367
CVE-2022-40366
RESERVED
CVE-2022-40365 (Cross site scripting (XSS) vulnerability in ouqiang gocron through 1.5 ...)
- TODO: check
+ NOT-FOR-US: ouqiang gocron (not the same as src:golang-github-go-co-op-gocron)
CVE-2022-40364
RESERVED
CVE-2022-40363
@@ -4307,7 +4307,7 @@ CVE-2022-38892
CVE-2022-38891
RESERVED
CVE-2022-38890 (Nginx NJS v0.7.7 was discovered to contain a segmentation violation vi ...)
- TODO: check
+ NOT-FOR-US: njs
CVE-2022-38889
RESERVED
CVE-2022-38888
@@ -4579,9 +4579,9 @@ CVE-2022-38791 (In MariaDB before 10.9.2, compress_write in extra/mariabackup/ds
CVE-2022-38790 (Weave GitOps Enterprise before 0.9.0-rc.5 has a cross-site scripting ( ...)
NOT-FOR-US: Weave GitOps Enterprise
CVE-2022-38789 (An issue was discovered in Airties Smart Wi-Fi before 2020-08-04. It a ...)
- TODO: check
+ NOT-FOR-US: Airties Smart Wi-Fi
CVE-2022-38788 (An issue was discovered in Nokia FastMile 5G Receiver 5G14-B 1.2104.00 ...)
- TODO: check
+ NOT-FOR-US: Nokia
CVE-2022-3018
RESERVED
CVE-2022-3017 (Cross-Site Request Forgery (CSRF) in GitHub repository froxlor/froxlor ...)
@@ -4657,7 +4657,7 @@ CVE-2022-3003
CVE-2022-3002
RESERVED
CVE-2022-3001 (This vulnerability exists in Milesight Video Management Systems (VMS), ...)
- TODO: check
+ NOT-FOR-US: Milesight Video Management Systems (VMS)
CVE-2022-3000
RESERVED
CVE-2022-38772 (Zoho ManageEngine OpManager, OpManager Plus, OpManager MSP, Network Co ...)
@@ -5356,9 +5356,9 @@ CVE-2022-38537 (Archery v1.4.5 to v1.8.5 was discovered to contain multiple SQL
CVE-2022-38536
RESERVED
CVE-2022-38535 (TOTOLINK-720R v4.1.5cu.374 was discovered to contain a remote code exe ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2022-38534 (TOTOLINK-720R v4.1.5cu.374 was discovered to contain a remote code exe ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2022-38533 (In GNU Binutils before 2.40, there is a heap-buffer-overflow in the er ...)
- binutils <unfixed> (unimportant)
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=29482
@@ -9051,7 +9051,7 @@ CVE-2022-37209
CVE-2022-37208
RESERVED
CVE-2022-37207 (JFinal CMS 5.1.0 is affected by: SQL Injection. These interfaces do no ...)
- TODO: check
+ NOT-FOR-US: JFinal CMS
CVE-2022-37206
RESERVED
CVE-2022-37205
@@ -9063,7 +9063,7 @@ CVE-2022-37203
CVE-2022-37202
RESERVED
CVE-2022-37201 (JFinal CMS 5.1.0 is vulnerable to SQL Injection. ...)
- TODO: check
+ NOT-FOR-US: JFinal CMS
CVE-2022-37200
RESERVED
CVE-2022-37199 (JFinal CMS 5.1.0 is vulnerable to SQL Injection via /jfinal_cms/system ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/14c732ab599de22ecc59e1effb8bde87432fdf7c
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/14c732ab599de22ecc59e1effb8bde87432fdf7c
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220915/3ef83fb6/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list