[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Sat Feb 11 08:26:49 GMT 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
c6328b00 by Salvatore Bonaccorso at 2023-02-11T09:26:20+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -9,9 +9,9 @@ CVE-2023-25678
CVE-2023-25677
RESERVED
CVE-2023-0777 (Authentication Bypass by Primary Weakness in GitHub repository modoboa ...)
- TODO: check
+ NOT-FOR-US: Modoboa
CVE-2023-0776 (Baicells Nova 436Q, Nova 430E, Nova 430I, and Neutrino 430 LTE TDD eNo ...)
- TODO: check
+ NOT-FOR-US: Baicells
CVE-2023-0775
RESERVED
CVE-2023-0774 (A vulnerability has been found in SourceCodester Medical Certificate G ...)
@@ -189,7 +189,7 @@ CVE-2022-4904
CVE-2022-4903 (A vulnerability was found in CodenameOne 7.0.70. It has been classifie ...)
NOT-FOR-US: CodenameOne
CVE-2015-10077 (A vulnerability was found in webbuilders-group silverstripe-kapost-bri ...)
- TODO: check
+ NOT-FOR-US: Silverstripe
CVE-2023-25612
RESERVED
CVE-2023-25177
@@ -357,17 +357,17 @@ CVE-2023-25564
CVE-2023-25563
RESERVED
CVE-2023-25562 (DataHub is an open-source metadata platform. In versions of DataHub pr ...)
- TODO: check
+ NOT-FOR-US: DataHub
CVE-2023-25561 (DataHub is an open-source metadata platform. In the event a system is ...)
- TODO: check
+ NOT-FOR-US: DataHub
CVE-2023-25560 (DataHub is an open-source metadata platform. The AuthServiceClient whi ...)
- TODO: check
+ NOT-FOR-US: DataHub
CVE-2023-25559 (DataHub is an open-source metadata platform. When not using authentica ...)
- TODO: check
+ NOT-FOR-US: DataHub
CVE-2023-25558 (DataHub is an open-source metadata platform. When the DataHub frontend ...)
- TODO: check
+ NOT-FOR-US: DataHub
CVE-2023-25557 (DataHub is an open-source metadata platform. The DataHub frontend acts ...)
- TODO: check
+ NOT-FOR-US: DataHub
CVE-2023-25556
RESERVED
CVE-2023-25555
@@ -6809,11 +6809,11 @@ CVE-2023-23165
CVE-2023-23164
RESERVED
CVE-2023-23163 (Art Gallery Management System Project v1.0 was discovered to contain a ...)
- TODO: check
+ NOT-FOR-US: Art Gallery Management System Project
CVE-2023-23162 (Art Gallery Management System Project v1.0 was discovered to contain a ...)
- TODO: check
+ NOT-FOR-US: Art Gallery Management System Project
CVE-2023-23161 (A reflected cross-site scripting (XSS) vulnerability in Art Gallery Ma ...)
- TODO: check
+ NOT-FOR-US: Art Gallery Management System Project
CVE-2023-23160
RESERVED
CVE-2023-23159
@@ -15292,9 +15292,9 @@ CVE-2022-46757
CVE-2022-46756 (Dell VxRail, versions prior to 7.0.410, contain a Container Escape Vul ...)
NOT-FOR-US: Dell
CVE-2022-46755 (Wyse Management Suite 3.8 and below contain an improper access control ...)
- TODO: check
+ NOT-FOR-US: Wyse Management Suite
CVE-2022-46754 (Wyse Management Suite 3.8 and below contain an improper access control ...)
- TODO: check
+ NOT-FOR-US: Wyse Management Suite
CVE-2022-46753
RESERVED
CVE-2022-46752
@@ -15589,13 +15589,13 @@ CVE-2022-46680
CVE-2022-46679 (Dell PowerScale OneFS 8.2.x, 9.0.0.x - 9.4.0.x, contain an insufficien ...)
NOT-FOR-US: Dell
CVE-2022-46678 (Wyse Management Suite 3.8 and below contain an improper access control ...)
- TODO: check
+ NOT-FOR-US: Wyse Management Suite
CVE-2022-46677 (Wyse Management Suite 3.8 and below contain an improper access control ...)
- TODO: check
+ NOT-FOR-US: Wyse Management Suite
CVE-2022-46676 (Wyse Management Suite 3.8 and below contain an improper access control ...)
- TODO: check
+ NOT-FOR-US: Wyse Management Suite
CVE-2022-46675 (Wyse Management Suite Repository 3.8 and below contain an information ...)
- TODO: check
+ NOT-FOR-US: Wyse Management Suite
CVE-2022-46656
RESERVED
CVE-2022-46645
@@ -15711,9 +15711,9 @@ CVE-2022-46663 (In GNU Less before 609, crafted data can result in "less -R" not
CVE-2022-46651
RESERVED
CVE-2022-46650 (Acemanager in ALEOS before version 4.16 allows a user with valid crede ...)
- TODO: check
+ NOT-FOR-US: ALEOS
CVE-2022-46649 (Acemanager in ALEOS before version 4.16 allows a user with valid crede ...)
- TODO: check
+ NOT-FOR-US: ALEOS
CVE-2022-46647
RESERVED
CVE-2022-46646
@@ -18324,7 +18324,7 @@ CVE-2022-45768 (Command Injection vulnerability in Edimax Technology Co., Ltd. W
CVE-2022-45767
RESERVED
CVE-2022-45766 (Hardcoded credentials in Global Facilities Management Software (GFMS) ...)
- TODO: check
+ NOT-FOR-US: Global Facilities Management Software (GFMS)
CVE-2022-45765
RESERVED
CVE-2022-45764
@@ -20409,7 +20409,7 @@ CVE-2022-45106
CVE-2022-45105
RESERVED
CVE-2022-45104 (Dell Unisphere for PowerMax vApp, VASA Provider vApp, and Solution Ena ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2022-45103 (Dell Unisphere for PowerMax vApp, VASA Provider vApp, and Solution Ena ...)
NOT-FOR-US: Dell
CVE-2022-45102 (Dell EMC Data Protection Central, versions 19.1 through 19.7, contains ...)
@@ -23731,7 +23731,7 @@ CVE-2022-44263 (Dentsply Sirona Sidexis <= 4.3 is vulnerable to Incorrect Acc
CVE-2022-44262 (ff4j 1.8.1 is vulnerable to Remote Code Execution (RCE). ...)
NOT-FOR-US: ff4j
CVE-2022-44261 (Avery Dennison Monarch Printer M9855 is vulnerable to Cross Site Scrip ...)
- TODO: check
+ NOT-FOR-US: Avery Dennison Monarch Printer M9855
CVE-2022-44260 (TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a post-authentication b ...)
NOT-FOR-US: TOTOLINK
CVE-2022-44259 (TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a post-authentication b ...)
@@ -40279,7 +40279,7 @@ CVE-2022-38688 (In telephony service, there is a missing permission check. This
CVE-2022-38687 (In messaging service, there is a missing permission check. This could ...)
NOT-FOR-US: Unisoc
CVE-2022-38686 (In wlan driver, there is a possible missing params check. This could l ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-38685
RESERVED
CVE-2022-38684 (In contacts service, there is a missing permission check. This could l ...)
@@ -40289,9 +40289,9 @@ CVE-2022-38683 (In contacts service, there is a missing permission check. This c
CVE-2022-38682 (In contacts service, there is a missing permission check. This could l ...)
NOT-FOR-US: Unisoc
CVE-2022-38681 (In wlan driver, there is a possible missing params check. This could l ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-38680 (In wlan driver, there is a possible missing params check. This could l ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-38679 (In music service, there is a missing permission check. This could lead ...)
NOT-FOR-US: Unisoc
CVE-2022-38678 (In contacts service, there is a missing permission check. This could l ...)
@@ -40301,9 +40301,9 @@ CVE-2022-38677 (In cell service, there is a missing permission check. This could
CVE-2022-38676 (In gpu driver, there is a possible out of bounds write due to a missin ...)
NOT-FOR-US: Unisoc
CVE-2022-38675 (In gpu driver, there is a possible out of bounds write due to a missin ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-38674 (In wlan driver, there is a possible missing params check. This could l ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2022-38673 (In face detect driver, there is a possible out of bounds write due to ...)
NOT-FOR-US: Unisoc
CVE-2022-38672 (In face detect driver, there is a possible out of bounds write due to ...)
@@ -40646,7 +40646,7 @@ CVE-2022-38549
CVE-2022-38548
RESERVED
CVE-2022-38547 (A post-authentication command injection vulnerability in the CLI comma ...)
- TODO: check
+ NOT-FOR-US: Zyxel
CVE-2022-38546 (A DNS misconfiguration was found in Zyxel NBG7510 firmware versions pr ...)
NOT-FOR-US: Zyxel
CVE-2022-38545 (Valine v1.4.18 was discovered to contain a remote code execution (RCE) ...)
@@ -41135,11 +41135,11 @@ CVE-2022-2886 (A vulnerability, which was classified as critical, was found in L
CVE-2022-2885 (Cross-site Scripting (XSS) - Stored in GitHub repository yetiforcecomp ...)
NOT-FOR-US: yetiforcecrm
CVE-2022-38396 (HP Factory Preinstalled Images on certain systems that shipped with Wi ...)
- TODO: check
+ NOT-FOR-US: HP
CVE-2022-38395 (HP Support Assistant uses HP Performance Tune-up as a diagnostic tool. ...)
NOT-FOR-US: HP
CVE-2022-38393 (A denial of service vulnerability exists in the cfg_server cm_processC ...)
- TODO: check
+ NOT-FOR-US: Asus
CVE-2022-2884 (A vulnerability in GitLab CE/EE affecting all versions from 11.3.4 pri ...)
- gitlab <unfixed>
NOTE: https://about.gitlab.com/releases/2022/08/22/critical-security-release-gitlab-15-3-1-released/
@@ -41226,7 +41226,7 @@ CVE-2022-38383
CVE-2022-38382
RESERVED
CVE-2022-38105 (An information disclosure vulnerability exists in the cm_processREQ_NC ...)
- TODO: check
+ NOT-FOR-US: Asus
CVE-2022-2870 (A vulnerability was found in laravel 5.1 and classified as problematic ...)
NOTE: Additional misreport for laravel, likely to be rejected
CVE-2022-2869 (libtiff's tiffcrop tool has a uint32_t underflow which leads to out of ...)
@@ -41750,7 +41750,7 @@ CVE-2022-2816 (Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.0212
CVE-2022-38217
RESERVED
CVE-2022-2815 (Insecure Storage of Sensitive Information in GitHub repository publify ...)
- TODO: check
+ NOT-FOR-US: Publify
CVE-2022-2814 (A vulnerability has been found in SourceCodester Simple and Nice Shopp ...)
NOT-FOR-US: SourceCodester Simple and Nice Shopping Cart Script
CVE-2022-2813 (A vulnerability, which was classified as problematic, was found in Sou ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c6328b006f38f7e26fa0f30d45c196bdd2e87672
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c6328b006f38f7e26fa0f30d45c196bdd2e87672
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230211/23d45f1f/attachment.htm>
More information about the debian-security-tracker-commits
mailing list