[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Mon Sep 19 21:17:55 BST 2022



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
edac8f0f by Salvatore Bonaccorso at 2022-09-19T22:17:18+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -91,7 +91,7 @@ CVE-2022-40986
 CVE-2022-40985
 	RESERVED
 CVE-2022-40980 (A potential unathenticated file deletion vulnerabilty on Trend Micro M ...)
-	TODO: check
+	NOT-FOR-US: Trend Micro
 CVE-2022-40979
 	RESERVED
 CVE-2022-40978 (The installer of JetBrains IntelliJ IDEA before 2022.2.2 was vulnerabl ...)
@@ -991,7 +991,7 @@ CVE-2022-40610
 CVE-2022-40609
 	RESERVED
 CVE-2022-40608 (IBM Spectrum Protect Plus 10.1.6 through 10.1.11 Microsoft File System ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2022-40607
 	RESERVED
 CVE-2022-3192
@@ -1819,7 +1819,7 @@ CVE-2022-40236
 CVE-2022-40235
 	RESERVED
 CVE-2022-40234 (Versions of IBM Spectrum Protect Plus prior to 10.1.12 (excluding 10.1 ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2022-40233
 	RESERVED
 CVE-2022-40232
@@ -2032,17 +2032,17 @@ CVE-2022-3149
 CVE-2022-3148 (Cross-site Scripting (XSS) - Generic in GitHub repository jgraph/drawi ...)
 	NOT-FOR-US: jgraph/drawio
 CVE-2022-40144 (A vulnerability in Trend Micro Apex One and Trend Micro Apex One as a  ...)
-	TODO: check
+	NOT-FOR-US: Trend Micro
 CVE-2022-40143 (A link following local privilege escalation vulnerability in Trend Mic ...)
-	TODO: check
+	NOT-FOR-US: Trend Micro
 CVE-2022-40142 (A security link following local privilege escalation vulnerability in  ...)
-	TODO: check
+	NOT-FOR-US: Trend Micro
 CVE-2022-40141 (A vulnerability in Trend Micro Apex One and Apex One as a Service coul ...)
-	TODO: check
+	NOT-FOR-US: Trend Micro
 CVE-2022-40140 (An origin validation error vulnerability in Trend Micro Apex One and A ...)
-	TODO: check
+	NOT-FOR-US: Trend Micro
 CVE-2022-40139 (Improper validation of some components used by the rollback mechanism  ...)
-	TODO: check
+	NOT-FOR-US: Trend Micro
 CVE-2022-40138
 	RESERVED
 CVE-2022-40133 (A use-after-free(UAF) vulnerability was found in function 'vmw_execbuf ...)
@@ -2089,9 +2089,9 @@ CVE-2022-40127
 CVE-2022-38972 (Cross-site scripting vulnerability in Movable Type plugin A-Form versi ...)
 	NOT-FOR-US: Movable Type plugin
 CVE-2022-3142 (The NEX-Forms WordPress plugin before 7.9.7 does not properly sanitise ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-3141 (The Translate Multilingual sites WordPress plugin before 2.3.3 is vuln ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-3140
 	RESERVED
 CVE-2022-3139
@@ -2203,25 +2203,25 @@ CVE-2022-40078
 CVE-2022-40077
 	RESERVED
 CVE-2022-40076 (Tenda AC21 V16.03.08.15 is vulnerable to Buffer Overflow via /bin/http ...)
-	TODO: check
+	NOT-FOR-US: Tenda
 CVE-2022-40075 (Tenda AC21 V 16.03.08.15 is vulnerable to Buffer Overflow via /bin/htt ...)
-	TODO: check
+	NOT-FOR-US: Tenda
 CVE-2022-40074 (Tenda AC21 V 16.03.08.15 is vulnerable to Buffer Overflow via /bin/htt ...)
-	TODO: check
+	NOT-FOR-US: Tenda
 CVE-2022-40073 (Tenda AC21 V 16.03.08.15 is vulnerable to Buffer Overflow via /bin/htt ...)
-	TODO: check
+	NOT-FOR-US: Tenda
 CVE-2022-40072 (Tenda AC21 V 16.03.08.15 is vulnerable to Buffer Overflow via /bin/htt ...)
-	TODO: check
+	NOT-FOR-US: Tenda
 CVE-2022-40071 (Tenda AC21 V 16.03.08.15 is vulnerable to Buffer Overflow via /bin/htt ...)
-	TODO: check
+	NOT-FOR-US: Tenda
 CVE-2022-40070 (Tenda AC21 V 16.03.08.15 is vulnerable to Buffer Overflow via bin/http ...)
-	TODO: check
+	NOT-FOR-US: Tenda
 CVE-2022-40069 (]Tenda AC21 V 16.03.08.15 is vulnerable to Buffer Overflow via /bin/ht ...)
-	TODO: check
+	NOT-FOR-US: Tenda
 CVE-2022-40068 (Tenda AC21 V16.03.08.15 is vulnerable to Buffer Overflow via /bin/http ...)
-	TODO: check
+	NOT-FOR-US: Tenda
 CVE-2022-40067 (Tenda AC21 V 16.03.08.15 is vulnerable to Buffer Overflow via /bin/htt ...)
-	TODO: check
+	NOT-FOR-US: Tenda
 CVE-2022-40066
 	RESERVED
 CVE-2022-40065
@@ -4667,7 +4667,7 @@ CVE-2022-3037 (Use After Free in GitHub repository vim/vim prior to 9.0.0322. ..
 	NOTE: https://huntr.dev/bounties/af4c2f2d-d754-4607-b565-9e92f3f717b5
 	NOTE: https://github.com/vim/vim/commit/4f1b083be43f351bc107541e7b0c9655a5d2c0bb (v9.0.0322)
 CVE-2022-3036 (The Gettext override translations WordPress plugin before 2.0.0 does n ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-3035 (Cross-site Scripting (XSS) - Stored in GitHub repository snipe/snipe-i ...)
 	- snipe-it <itp> (bug #1005172)
 CVE-2022-3034
@@ -5184,7 +5184,7 @@ CVE-2022-3023
 CVE-2022-3022
 	REJECTED
 CVE-2022-3021 (The Slickr Flickr WordPress plugin through 2.8.1 does not sanitise and ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-3020
 	RESERVED
 CVE-2021-46836 (Implementation of the WLAN module interfaces has the information discl ...)
@@ -5314,7 +5314,7 @@ CVE-2022-38766
 CVE-2022-38765
 	RESERVED
 CVE-2022-38764 (A vulnerability on Trend Micro HouseCall version 1.62.1.1133 and below ...)
-	TODO: check
+	NOT-FOR-US: Trend Micro
 CVE-2022-38763
 	RESERVED
 CVE-2022-38762
@@ -5590,7 +5590,7 @@ CVE-2022-2959 (A race condition was found in the Linux kernel's watch queue due
 	NOTE: https://www.zerodayinitiative.com/advisories/ZDI-CAN-17291/
 	NOTE: https://git.kernel.org/linus/189b0ddc245139af81198d1a3637cac74f96e13a (5.19-rc1)
 CVE-2022-2958 (The BadgeOS WordPress plugin before 3.7.1.3 does not sanitise and esca ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-2957 (A vulnerability classified as critical was found in SourceCodester Sim ...)
 	NOT-FOR-US: SourceCodester Simple and Nice Shopping Cart Script
 CVE-2022-2956 (A vulnerability classified as problematic has been found in ConsoleTVs ...)
@@ -6679,7 +6679,7 @@ CVE-2022-2842 (A vulnerability classified as critical has been found in SourceCo
 CVE-2022-2841 (A vulnerability was found in CrowdStrike Falcon 6.31.14505.0/6.42.1561 ...)
 	NOT-FOR-US: CrowdStrike Falcon
 CVE-2022-2840 (The Zephyr Project Manager WordPress plugin before 3.2.5 does not sani ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-2839
 	RESERVED
 CVE-2022-2838 (In Eclipse Sphinx™ before version 0.13.1, Apache Xerces XML Pars ...)
@@ -7402,9 +7402,9 @@ CVE-2022-2756 (Server-Side Request Forgery (SSRF) in GitHub repository kareadita
 CVE-2022-2755
 	RESERVED
 CVE-2022-2754 (The Ketchup Restaurant Reservations WordPress plugin through 1.0.0 doe ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-2753 (The Ketchup Restaurant Reservations WordPress plugin through 1.0.0 doe ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-2752
 	RESERVED
 CVE-2022-2751 (A vulnerability was found in SourceCodester Company Website CMS and cl ...)
@@ -8013,9 +8013,9 @@ CVE-2022-2712
 CVE-2022-2711
 	RESERVED
 CVE-2022-2710 (The Scroll To Top WordPress plugin before 1.4.1 does not escape some o ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-2709 (The Float to Top Button WordPress plugin through 2.3.6 does not escape ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-37863
 	RESERVED
 CVE-2022-37862
@@ -9313,9 +9313,9 @@ CVE-2022-2627
 CVE-2022-2626 (Incorrect Privilege Assignment in GitHub repository hestiacp/hestiacp  ...)
 	NOT-FOR-US: Hestia Control Panel
 CVE-2022-37348 (Trend Micro Security 2021 and 2022 (Consumer) is vulnerable to an Out- ...)
-	TODO: check
+	NOT-FOR-US: Trend Micro
 CVE-2022-37347 (Trend Micro Security 2021 and 2022 (Consumer) is vulnerable to an Out- ...)
-	TODO: check
+	NOT-FOR-US: Trend Micro
 CVE-2022-37341
 	RESERVED
 CVE-2022-37340
@@ -10244,7 +10244,7 @@ CVE-2022-2569 (The affected device stores sensitive information in cleartext, wh
 CVE-2022-2568 (A privilege escalation flaw was found in the Ansible Automation Platfo ...)
 	NOT-FOR-US: Red Hat Ansible Automation Platform
 CVE-2022-2567 (The Form Builder CP WordPress plugin before 1.2.32 does not sanitise a ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-2566
 	RESERVED
 	- ffmpeg 7:5.1.1-1
@@ -15656,7 +15656,7 @@ CVE-2022-2277 (Improper Input Validation vulnerability exists in the Hitachi Ene
 CVE-2021-4234 (OpenVPN Access Server 2.10 and prior versions are susceptible to resen ...)
 	NOT-FOR-US: OpenVPN Access Server
 CVE-2022-34893 (Trend Micro Security 2022 (consumer) has a link following vulnerabilit ...)
-	TODO: check
+	NOT-FOR-US: Trend Micro
 CVE-2022-34892 (This vulnerability allows local attackers to escalate privileges on af ...)
 	NOT-FOR-US: Parallels
 CVE-2022-34891 (This vulnerability allows local attackers to escalate privileges on af ...)
@@ -28462,7 +28462,7 @@ CVE-2022-1593 (The Site Offline or Coming Soon WordPress plugin through 1.6.6 do
 CVE-2022-1592 (Server-Side Request Forgery in scout in GitHub repository clinical-gen ...)
 	NOT-FOR-US: clinical-genomics/scout
 CVE-2022-1591 (The WordPress Ping Optimizer WordPress plugin before 2.35.1.3.0 does n ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-1590 (A vulnerability was found in Bludit 3.13.1. It has been declared as pr ...)
 	NOT-FOR-US: Bludit
 CVE-2022-1589 (The Change wp-admin login WordPress plugin before 1.1.0 does not prope ...)
@@ -28634,7 +28634,7 @@ CVE-2022-1582 (The External Links in New Window / New Tab WordPress plugin befor
 CVE-2022-1581
 	RESERVED
 CVE-2022-1580 (The Site Offline Or Coming Soon Or Maintenance Mode WordPress plugin b ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-1579
 	RESERVED
 CVE-2022-1578



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/edac8f0f5b004ef40a0ae1abca1d82e4fe335822

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/edac8f0f5b004ef40a0ae1abca1d82e4fe335822
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220919/f0c84517/attachment.htm>


More information about the debian-security-tracker-commits mailing list