[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed Sep 21 09:28:11 BST 2022



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
6b74f5c3 by Salvatore Bonaccorso at 2022-09-21T10:27:48+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,5 +1,5 @@
 CVE-2022-41220 (** DISPUTED ** md2roff 1.9 has a stack-based buffer overflow via a Mar ...)
-	TODO: check
+	NOT-FOR-US: md2roff
 CVE-2022-41219
 	RESERVED
 CVE-2022-41218 (In drivers/media/dvb-core/dmxdev.c in the Linux kernel through 5.19.10 ...)
@@ -1995,7 +1995,7 @@ CVE-2022-40359
 CVE-2022-40358
 	RESERVED
 CVE-2022-40357 (A security issue was discovered in Z-BlogPHP <= 1.7.2. A Server-Sid ...)
-	TODO: check
+	NOT-FOR-US: Z-BlogPHP
 CVE-2022-40356
 	RESERVED
 CVE-2022-40355
@@ -4483,9 +4483,9 @@ CVE-2022-39223
 CVE-2022-39222
 	RESERVED
 CVE-2022-39221 (McWebserver mod runs a simple HTTP server alongside the Minecraft serv ...)
-	TODO: check
+	NOT-FOR-US: McWebserver
 CVE-2022-39220 (SFTPGo is an SFTP server written in Go. Versions prior to 2.3.5 are su ...)
-	TODO: check
+	NOT-FOR-US: SFTPGo
 CVE-2022-39219
 	RESERVED
 CVE-2022-39218 (The JS Compute Runtime for Fastly's Compute at Edge platform provides the ...)
@@ -5306,7 +5306,7 @@ CVE-2022-38933
 CVE-2022-38932
 	RESERVED
 CVE-2022-38931 (A Server-Side Request Forgery (SSRF) in fetch_net_file_upload function ...)
-	TODO: check
+	NOT-FOR-US: baijiacms
 CVE-2022-38930
 	RESERVED
 CVE-2022-38929
@@ -5894,9 +5894,9 @@ CVE-2022-2986
 	RESERVED
 	- moodle <removed>
 CVE-2021-46835 (There is a traffic hijacking vulnerability in WS7200-10 11.0.2.13. Suc ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2020-36602 (There is an out-of-bounds read and write vulnerability in some headset ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2022-38744
 	RESERVED
 CVE-2022-38743
@@ -6307,7 +6307,7 @@ CVE-2022-38621 (Doufox v0.0.4 was discovered to contain a remote code execution
 CVE-2022-38620
 	RESERVED
 CVE-2022-38619 (SmartVista SVFE2 v2.2.22 was discovered to contain a SQL injection vul ...)
-	TODO: check
+	NOT-FOR-US: SmartVista
 CVE-2022-38618 (SmartVista SVFE2 v2.2.22 was discovered to contain a SQL injection vul ...)
 	NOT-FOR-US: SmartVista SVFE2
 CVE-2022-38617 (SmartVista SVFE2 v2.2.22 was discovered to contain a SQL injection vul ...)
@@ -6896,7 +6896,7 @@ CVE-2022-2893
 CVE-2022-2892 (Measuresoft ScadaPro Server (Versions prior to 6.8.0.1) uses an unmain ...)
 	NOT-FOR-US: Measuresoft ScadaPro
 CVE-2021-46834 (A permission bypass vulnerability in Huawei cross device task manageme ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2020-36599 (lib/omniauth/failure_endpoint.rb in OmniAuth before 1.9.2 (and before  ...)
 	[experimental] - ruby-omniauth 2.0.4-1~exp1
 	- ruby-omniauth <unfixed>
@@ -8411,21 +8411,21 @@ CVE-2022-37886
 CVE-2022-37885
 	RESERVED
 CVE-2022-37884 (A vulnerability exists in the ClearPass Policy Manager Guest User Inte ...)
-	TODO: check
+	NOT-FOR-US: Aruba
 CVE-2022-37883 (Vulnerabilities in the ClearPass Policy Manager web-based management i ...)
-	TODO: check
+	NOT-FOR-US: Aruba
 CVE-2022-37882 (Vulnerabilities in the ClearPass Policy Manager web-based management i ...)
-	TODO: check
+	NOT-FOR-US: Aruba
 CVE-2022-37881 (Vulnerabilities in the ClearPass Policy Manager web-based management i ...)
-	TODO: check
+	NOT-FOR-US: Aruba
 CVE-2022-37880 (Vulnerabilities in the ClearPass Policy Manager web-based management i ...)
-	TODO: check
+	NOT-FOR-US: Aruba
 CVE-2022-37879 (Vulnerabilities in the ClearPass Policy Manager web-based management i ...)
-	TODO: check
+	NOT-FOR-US: Aruba
 CVE-2022-37878 (Vulnerabilities in the ClearPass Policy Manager web-based management i ...)
-	TODO: check
+	NOT-FOR-US: Aruba
 CVE-2022-37877 (A vulnerability in the ClearPass OnGuard macOS agent could allow malic ...)
-	TODO: check
+	NOT-FOR-US: Aruba
 CVE-2022-2725 (A vulnerability was found in SourceCodester Company Website CMS. It ha ...)
 	NOT-FOR-US: SourceCodester Company Website CMS
 CVE-2022-2724 (A vulnerability was found in SourceCodester Employee Management System ...)
@@ -9660,7 +9660,7 @@ CVE-2022-2640
 CVE-2022-37396 (In JetBrains Rider before 2022.2 Trust and Open Project dialog could b ...)
 	NOT-FOR-US: JetBrains
 CVE-2022-37395 (A Huawei device has an input verification vulnerability. Successful ex ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2022-37394 (An issue was discovered in OpenStack Nova before 23.2.2, 24.x before 2 ...)
 	- nova <unfixed> (bug #1016980)
 	[bullseye] - nova <no-dsa> (Minor issue)
@@ -10181,11 +10181,11 @@ CVE-2022-37207 (JFinal CMS 5.1.0 is affected by: SQL Injection. These interfaces
 CVE-2022-37206
 	RESERVED
 CVE-2022-37205 (JFinal CMS 5.1.0 is affected by: SQL Injection. These interfaces do no ...)
-	TODO: check
+	NOT-FOR-US: JFinal CMS
 CVE-2022-37204 (Final CMS 5.1.0 is vulnerable to SQL Injection. ...)
-	TODO: check
+	NOT-FOR-US: JFinal CMS
 CVE-2022-37203 (JFinal CMS 5.1.0 is vulnerable to SQL Injection. These interfaces do n ...)
-	TODO: check
+	NOT-FOR-US: JFinal CMS
 CVE-2022-37202
 	RESERVED
 CVE-2022-37201 (JFinal CMS 5.1.0 is vulnerable to SQL Injection. ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6b74f5c314fad209b4b0d0c9543bc1d599395c3c

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6b74f5c314fad209b4b0d0c9543bc1d599395c3c
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220921/654baba6/attachment.htm>


More information about the debian-security-tracker-commits mailing list