[Git][security-tracker-team/security-tracker][master] Process NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri Sep 16 09:48:16 BST 2022



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
de217ad1 by Salvatore Bonaccorso at 2022-09-16T10:47:49+02:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -4471,7 +4471,7 @@ CVE-2022-38816
 CVE-2022-38815
 	RESERVED
 CVE-2022-38814 (A stored cross-site scripting (XSS) vulnerability in the auth_settings ...)
-	TODO: check
+	NOT-FOR-US: FiberHome
 CVE-2022-38813
 	RESERVED
 CVE-2022-38812 (AeroCMS 0.1.1 is vulnerable to SQL Injection via the author parameter. ...)
@@ -10643,15 +10643,15 @@ CVE-2022-36538
 CVE-2022-36537 (ZK Framework v9.6.1, 9.6.0.1, 9.5.1.3, 9.0.1.2 and 8.6.4.1 allows atta ...)
 	NOT-FOR-US: ZK Framework
 CVE-2022-36536 (An issue in the component post_applogin.php of Super Flexible Software ...)
-	TODO: check
+	NOT-FOR-US: Super Flexible Software GmbH & Co. KG Syncovery
 CVE-2022-36535
 	RESERVED
 CVE-2022-36534 (Super Flexible Software GmbH & Co. KG Syncovery 9 for Linux v9.47x ...)
-	TODO: check
+	NOT-FOR-US: Super Flexible Software GmbH & Co. KG Syncovery
 CVE-2022-36533 (Super Flexible Software GmbH & Co. KG Syncovery 9 for Linux v9.47x ...)
-	TODO: check
+	NOT-FOR-US: Super Flexible Software GmbH & Co. KG Syncovery
 CVE-2022-36532 (Bolt CMS contains a vulnerability in version 5.1.12 and below that all ...)
-	TODO: check
+	NOT-FOR-US: Bolt CMS
 CVE-2022-36531
 	RESERVED
 CVE-2022-36530 (An issue was discovered in rageframe2 2.6.37. There is a XSS vulnerabi ...)
@@ -15190,7 +15190,7 @@ CVE-2022-34833
 CVE-2022-34832
 	RESERVED
 CVE-2022-34831 (An issue was discovered in Keyfactor PrimeKey EJBCA before 7.9.0, rela ...)
-	TODO: check
+	NOT-FOR-US: Keyfactor
 CVE-2022-34830
 	RESERVED
 CVE-2022-34829 (Zoho ManageEngine ADSelfService Plus before 6203 allows a denial of se ...)
@@ -15512,39 +15512,39 @@ CVE-2017-20123 (A vulnerability was found in Viscosity 1.6.7. It has been classi
 CVE-2017-20122 (A vulnerability classified as problematic was found in Bitrix Site Man ...)
 	NOT-FOR-US: Bitrix Site Manager
 CVE-2022-34734 (Microsoft ODBC Driver Remote Code Execution Vulnerability. This CVE ID ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2022-34733 (Microsoft OLE DB Provider for SQL Server Remote Code Execution Vulnera ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2022-34732 (Microsoft ODBC Driver Remote Code Execution Vulnerability. This CVE ID ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2022-34731 (Microsoft OLE DB Provider for SQL Server Remote Code Execution Vulnera ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2022-34730 (Microsoft ODBC Driver Remote Code Execution Vulnerability. This CVE ID ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2022-34729 (Windows GDI Elevation of Privilege Vulnerability. ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2022-34728 (Windows Graphics Component Information Disclosure Vulnerability. This  ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2022-34727 (Microsoft ODBC Driver Remote Code Execution Vulnerability. This CVE ID ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2022-34726 (Microsoft ODBC Driver Remote Code Execution Vulnerability. This CVE ID ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2022-34725 (Windows ALPC Elevation of Privilege Vulnerability. ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2022-34724 (Windows DNS Server Denial of Service Vulnerability. ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2022-34723 (Windows DPAPI (Data Protection Application Programming Interface) Info ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2022-34722 (Windows Internet Key Exchange (IKE) Protocol Extensions Remote Code Ex ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2022-34721 (Windows Internet Key Exchange (IKE) Protocol Extensions Remote Code Ex ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2022-34720 (Windows Internet Key Exchange (IKE) Extension Denial of Service Vulner ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2022-34719 (Windows Distributed File System (DFS) Elevation of Privilege Vulnerabi ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2022-34718 (Windows TCP/IP Remote Code Execution Vulnerability. ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2022-34717 (Microsoft Office Remote Code Execution Vulnerability. ...)
 	NOT-FOR-US: Microsoft
 CVE-2022-34716 (.NET Spoofing Vulnerability. ...)
@@ -15580,7 +15580,7 @@ CVE-2022-34702 (Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Exec
 CVE-2022-34701 (Windows Secure Socket Tunneling Protocol (SSTP) Denial of Service Vuln ...)
 	NOT-FOR-US: Microsoft
 CVE-2022-34700 (Microsoft Dynamics CRM (on-premises) Remote Code Execution Vulnerabili ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2022-34699 (Windows Win32k Elevation of Privilege Vulnerability. ...)
 	NOT-FOR-US: Microsoft
 CVE-2022-34698
@@ -17233,11 +17233,11 @@ CVE-2022-34104
 CVE-2022-34103
 	RESERVED
 CVE-2022-34102 (Insufficient access control vulnerability was discovered in the Crestr ...)
-	TODO: check
+	NOT-FOR-US: Crestron
 CVE-2022-34101 (A vulnerability was discovered in the Crestron AirMedia Windows Applic ...)
-	TODO: check
+	NOT-FOR-US: Crestron
 CVE-2022-34100 (A vulnerability was discovered in the Crestron AirMedia Windows Applic ...)
-	TODO: check
+	NOT-FOR-US: Crestron
 CVE-2022-34099
 	RESERVED
 CVE-2022-34098
@@ -18433,7 +18433,7 @@ CVE-2022-33681
 CVE-2022-33680 (Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability.  ...)
 	NOT-FOR-US: Microsoft
 CVE-2022-33679 (Windows Kerberos Elevation of Privilege Vulnerability. This CVE ID is  ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2022-33678 (Azure Site Recovery Remote Code Execution Vulnerability. This CVE ID i ...)
 	NOT-FOR-US: Microsoft
 CVE-2022-33677 (Azure Site Recovery Elevation of Privilege Vulnerability. This CVE ID  ...)
@@ -18497,7 +18497,7 @@ CVE-2022-33649 (Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerab
 CVE-2022-33648 (Microsoft Excel Remote Code Execution Vulnerability. ...)
 	NOT-FOR-US: Microsoft
 CVE-2022-33647 (Windows Kerberos Elevation of Privilege Vulnerability. This CVE ID is  ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2022-33646 (Azure Batch Node Agent Elevation of Privilege Vulnerability. ...)
 	NOT-FOR-US: Microsoft
 CVE-2022-33645
@@ -20902,7 +20902,7 @@ CVE-2022-32557 (An issue was discovered in Couchbase Server before 7.0.4. The In
 CVE-2022-32556 (An issue was discovered in Couchbase Server before 7.0.4. A private ke ...)
 	NOT-FOR-US: Couchbase Server
 CVE-2022-32555 (Unisys Data Exchange Management Studio before 6.0.IC2 and 7.x before 7 ...)
-	TODO: check
+	NOT-FOR-US: Unisys Data Exchange Management Studio
 CVE-2022-32554 (Pure Storage FlashArray products running Purity//FA 6.2.0 - 6.2.3, 6.1 ...)
 	NOT-FOR-US: Pure Storage FlashArray
 CVE-2022-32553 (Pure Storage FlashArray products running Purity//FA 6.2.0 - 6.2.3, 6.1 ...)
@@ -21892,7 +21892,7 @@ CVE-2022-32246 (SAP Busines Objects Business Intelligence Platform (Visual Diffe
 CVE-2022-32245 (SAP BusinessObjects Business Intelligence Platform (Open Document) - v ...)
 	NOT-FOR-US: SAP
 CVE-2022-32244 (Under certain conditions an attacker authenticated as a CMS administra ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2022-32243 (When a user opens manipulated Scalable Vector Graphics (.svg, svg.x3d) ...)
 	NOT-FOR-US: SAP
 CVE-2022-32242 (When a user opens manipulated Radiance Picture (.hdr, hdr.x3d) files r ...)
@@ -25630,7 +25630,7 @@ CVE-2022-1780 (The LaTeX for WordPress plugin through 3.4.10 does not have CSRF
 CVE-2022-1779 (The Auto Delete Posts WordPress plugin through 1.3.0 does not have CSR ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-1778 (Improper Input Validation vulnerability in Hitachi Energy MicroSCADA X ...)
-	TODO: check
+	NOT-FOR-US: Hitachi
 CVE-2022-1777 (The Filr WordPress plugin before 1.2.2.1 does not have authorisation c ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-1776 (The Popups, Welcome Bar, Optins and Lead Generation Plugin WordPress p ...)
@@ -27781,7 +27781,7 @@ CVE-2022-30293 (In WebKitGTK through 2.36.0 (and WPE WebKit), there is a heap-ba
 CVE-2022-29894 (Strapi v3.x.x versions and earlier contain a stored cross-site scripti ...)
 	NOT-FOR-US: Strapi
 CVE-2022-1602 (A potential security vulnerability has been identified in HP ThinPro 7 ...)
-	TODO: check
+	NOT-FOR-US: HP
 CVE-2022-1601
 	RESERVED
 CVE-2022-1600 (The YOP Poll WordPress plugin before 6.4.3 prioritizes getting a visit ...)
@@ -28095,7 +28095,7 @@ CVE-2022-30202 (Windows Advanced Local Procedure Call Elevation of Privilege Vul
 CVE-2022-30201
 	RESERVED
 CVE-2022-30200 (Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execu ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2022-30199
 	RESERVED
 CVE-2022-30198
@@ -28103,7 +28103,7 @@ CVE-2022-30198
 CVE-2022-30197 (Windows Kernel Information Disclosure Vulnerability. This CVE ID is un ...)
 	NOT-FOR-US: Microsoft
 CVE-2022-30196 (Windows Secure Channel Denial of Service Vulnerability. This CVE ID is ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2022-30195
 	RESERVED
 CVE-2022-30194 (Windows WebBrowser Control Remote Code Execution Vulnerability. ...)
@@ -28155,7 +28155,7 @@ CVE-2022-30172 (Microsoft Office Information Disclosure Vulnerability. This CVE
 CVE-2022-30171 (Microsoft Office Information Disclosure Vulnerability. This CVE ID is  ...)
 	NOT-FOR-US: Microsoft
 CVE-2022-30170 (Windows Credential Roaming Service Elevation of Privilege Vulnerabilit ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2022-30169
 	RESERVED
 CVE-2022-30168 (Microsoft Photos App Remote Code Execution Vulnerability. ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/de217ad1d05c492d35113c6899c5dceb3c325054

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/de217ad1d05c492d35113c6899c5dceb3c325054
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220916/4f241b3e/attachment.htm>


More information about the debian-security-tracker-commits mailing list