[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) jmm at debian.org
Fri Feb 17 10:19:25 GMT 2023



Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
d65cf65b by Moritz Muehlenhoff at 2023-02-17T11:18:49+01:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -45,13 +45,13 @@ CVE-2023-0882
 CVE-2023-0881
 	RESERVED
 CVE-2023-0880 (Misinterpretation of Input in GitHub repository thorsten/phpmyfaq prio ...)
-	TODO: check
+	NOT-FOR-US: phpmyfaq
 CVE-2023-0879 (Cross-site Scripting (XSS) - Stored in GitHub repository btcpayserver/ ...)
-	TODO: check
+	NOT-FOR-US: btcpayserver
 CVE-2023-0878 (Cross-site Scripting (XSS) - Generic in GitHub repository nuxt/framewo ...)
-	TODO: check
+	NOT-FOR-US: Nuxt
 CVE-2023-0877 (Code Injection in GitHub repository froxlor/froxlor prior to 2.0.11. ...)
-	TODO: check
+	- froxlor <itp> (bug #581792)
 CVE-2023-0876
 	RESERVED
 CVE-2023-0875
@@ -151,13 +151,13 @@ CVE-2023-0852
 CVE-2023-0851
 	RESERVED
 CVE-2022-48327 (Multiple Cross Site Scripting (XSS) vulnerabilities in Mapos 4.39.0 al ...)
-	TODO: check
+	NOT-FOR-US: Mapos
 CVE-2022-48326 (Multiple Cross Site Scripting (XSS) vulnerabilities in Mapos 4.39.0 al ...)
-	TODO: check
+	NOT-FOR-US: Mapos
 CVE-2022-48325 (Multiple Cross Site Scripting (XSS) vulnerabilities in Mapos 4.39.0 al ...)
-	TODO: check
+	NOT-FOR-US: Mapos
 CVE-2022-48324 (Multiple Cross Site Scripting (XSS) vulnerabilities in Mapos 4.39.0 al ...)
-	TODO: check
+	NOT-FOR-US: Mapos
 CVE-2021-46874
 	RESERVED
 CVE-2023-25909
@@ -2518,9 +2518,9 @@ CVE-2023-22653
 CVE-2023-0658 (A vulnerability, which was classified as critical, was found in Multil ...)
 	NOT-FOR-US: Multilaser RE057 and RE170
 CVE-2022-48308 (It was discovered that the sls-logging was not verifying hostnames in  ...)
-	TODO: check
+	NOT-FOR-US: sls-logging
 CVE-2022-48307 (It was discovered that the Magritte-ftp was not verifying hostnames in ...)
-	TODO: check
+	NOT-FOR-US: Magritte-ftp
 CVE-2022-48306 (Improper Validation of Certificate with Host Mismatch vulnerability in ...)
 	NOT-FOR-US: Palantir
 CVE-2019-25101 (A vulnerability classified as critical has been found in OnShift Turbo ...)
@@ -4856,11 +4856,11 @@ CVE-2023-24223
 CVE-2023-24222
 	RESERVED
 CVE-2023-24221 (LuckyframeWEB v3.5 was discovered to contain a SQL injection vulnerabi ...)
-	TODO: check
+	NOT-FOR-US: LuckyframeWEB
 CVE-2023-24220 (LuckyframeWEB v3.5 was discovered to contain a SQL injection vulnerabi ...)
-	TODO: check
+	NOT-FOR-US: LuckyframeWEB
 CVE-2023-24219 (LuckyframeWEB v3.5 was discovered to contain a SQL injection vulnerabi ...)
-	TODO: check
+	NOT-FOR-US: LuckyframeWEB
 CVE-2023-24218
 	RESERVED
 CVE-2023-24217
@@ -5142,7 +5142,7 @@ CVE-2023-24080
 CVE-2023-24079
 	RESERVED
 CVE-2023-24078 (Real Time Logic FuguHub v8.1 and earlier was discovered to contain a r ...)
-	TODO: check
+	NOT-FOR-US: Real Time Logic FuguHub
 CVE-2023-24077
 	RESERVED
 CVE-2023-24076
@@ -5592,7 +5592,7 @@ CVE-2023-23928 (reason-jose is a JOSE implementation in ReasonML and OCaml.`Jose
 CVE-2023-23927
 	RESERVED
 CVE-2023-23926 (APOC (Awesome Procedures on Cypher) is an add-on library for Neo4j. An ...)
-	TODO: check
+	NOT-FOR-US: APOC
 CVE-2023-23925 (Switcher Client is a JavaScript SDK to work with Switcher API which is ...)
 	NOT-FOR-US: Switcher
 CVE-2023-23924 (Dompdf is an HTML to PDF converter. The URI validation on dompdf 2.0.1 ...)
@@ -6321,7 +6321,7 @@ CVE-2023-23697 (Dell Command | Intel vPro Out of Band, versions before 4.4.0, co
 CVE-2023-23696 (Dell Command Intel vPro Out of Band, versions prior to 4.3.1, contain  ...)
 	NOT-FOR-US: Dell
 CVE-2023-23695 (Dell Secure Connect Gateway (SCG) version 5.14.00.12 contains a broken ...)
-	TODO: check
+	NOT-FOR-US: Dell
 CVE-2023-23694
 	RESERVED
 CVE-2023-23693
@@ -9908,11 +9908,11 @@ CVE-2023-22582
 CVE-2023-22581
 	RESERVED
 CVE-2023-22580 (Due to improper input filtering in the sequalize js library, can malic ...)
-	TODO: check
+	NOT-FOR-US: DIVD
 CVE-2023-22579 (Due to improper parameter filtering in the sequalize js library, can a ...)
-	TODO: check
+	NOT-FOR-US: DIVD
 CVE-2023-22578 (Due to improper artibute filtering in the sequalize js library, can a  ...)
-	TODO: check
+	NOT-FOR-US: DIVD
 CVE-2023-22577
 	RESERVED
 CVE-2023-0040 (Versions of Async HTTP Client prior to 1.13.2 are vulnerable to a form ...)
@@ -11897,7 +11897,7 @@ CVE-2020-36620 (A vulnerability was found in Brondahl EnumStringValues up to 4.0
 CVE-2023-22381
 	RESERVED
 CVE-2023-22380 (A path traversal vulnerability was identified in GitHub Enterprise Ser ...)
-	TODO: check
+	NOT-FOR-US: Github Enterprise Server
 CVE-2023-22373 (Cross-site scripting vulnerability in CONPROSYS HMI System (CHS) Ver.3 ...)
 	NOT-FOR-US: CONPROSYS
 CVE-2023-22339 (Improper access control vulnerability in CONPROSYS HMI System (CHS) Ve ...)
@@ -12289,7 +12289,7 @@ CVE-2022-47705
 CVE-2022-47704
 	RESERVED
 CVE-2022-47703 (TIANJIE CPE906-3 is vulnerable to password disclosure. This is present ...)
-	TODO: check
+	NOT-FOR-US: TIANJIE
 CVE-2022-47702
 	RESERVED
 CVE-2022-47701 (COMFAST (Shenzhen Sihai Zhonglian Network Technology Co., Ltd) CF-WR62 ...)
@@ -23758,7 +23758,7 @@ CVE-2022-43446
 CVE-2022-42465
 	RESERVED
 CVE-2022-3843 (In WAGO Unmanaged Switch (852-111/000-001) in firmware version 01 an u ...)
-	TODO: check
+	NOT-FOR-US: WAGO
 CVE-2022-3842 (Use after free in Passwords in Google Chrome prior to 105.0.5195.125 a ...)
 	{DSA-5230-1}
 	- chromium 105.0.5195.125-1
@@ -24684,7 +24684,7 @@ CVE-2022-44301
 CVE-2022-44300
 	RESERVED
 CVE-2022-44299 (SiteServerCMS 7.1.3 sscms has a file read vulnerability. ...)
-	TODO: check
+	NOT-FOR-US: SiteServer CMS
 CVE-2022-44298 (SiteServer CMS 7.1.3 is vulnerable to SQL Injection. ...)
 	NOT-FOR-US: SiteServer CMS
 CVE-2022-44297 (SiteServer CMS 7.1.3 has a SQL injection vulnerability the background. ...)
@@ -25910,7 +25910,7 @@ CVE-2022-43971 (An arbitrary code exection vulnerability exists in Linksys WUMC7
 CVE-2022-43970 (A buffer overflow vulnerability exists in Linksys WRT54GL Wireless-G B ...)
 	NOT-FOR-US: Linksys
 CVE-2022-43969 (Ricoh mp_c4504ex devices with firmware 1.06 mishandle credentials. ...)
-	TODO: check
+	NOT-FOR-US: Ricoh
 CVE-2022-43968 (Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9 ...)
 	NOT-FOR-US: Concrete CMS
 CVE-2022-43967 (Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9 ...)
@@ -27189,7 +27189,7 @@ CVE-2022-43956
 CVE-2022-43955
 	RESERVED
 CVE-2022-43954 (An insertion of sensitive information into log file vulnerability [CWE ...)
-	TODO: check
+	NOT-FOR-US: Fortinet
 CVE-2022-43953
 	RESERVED
 CVE-2022-43952
@@ -31366,7 +31366,7 @@ CVE-2022-42474
 CVE-2022-42473 (A missing authentication for a critical function vulnerability in Fort ...)
 	NOT-FOR-US: FortiGuard
 CVE-2022-42472 (A improper neutralization of crlf sequences in http headers ('http res ...)
-	TODO: check
+	NOT-FOR-US: Fortinet
 CVE-2022-42471 (An improper neutralization of CRLF sequences in HTTP headers ('HTTP Re ...)
 	NOT-FOR-US: FortiGuard
 CVE-2022-42470
@@ -33897,7 +33897,7 @@ CVE-2022-41558 (The Visualizations component of TIBCO Software Inc.'s TIBCO Spot
 CVE-2022-41342 (Improper buffer restrictions the Intel(R) C++ Compiler Classic before  ...)
 	NOT-FOR-US: Intel
 CVE-2022-41314 (Uncontrolled search path in some Intel(R) Network Adapter installer so ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2022-40982
 	RESERVED
 CVE-2022-40971
@@ -34504,9 +34504,9 @@ CVE-2022-3292 (Use of Cache Containing Sensitive Information in GitHub repositor
 CVE-2022-41336 (An improper neutralization of input during web page generation vulnera ...)
 	NOT-FOR-US: FortiGuard
 CVE-2022-41335 (A relative path traversal vulnerability [CWE-23] in Fortinet FortiOS v ...)
-	TODO: check
+	NOT-FOR-US: Fortinet
 CVE-2022-41334 (An improper neutralization of input during web page generation [CWE-79 ...)
-	TODO: check
+	NOT-FOR-US: Fortinet
 CVE-2022-41333
 	RESERVED
 CVE-2022-41332
@@ -36067,7 +36067,7 @@ CVE-2022-40696
 CVE-2022-40684 (An authentication bypass using an alternate path or channel [CWE-288]  ...)
 	NOT-FOR-US: FortiGuard
 CVE-2022-40683 (A double free in Fortinet FortiWeb version 7.0.0 through 7.0.3 may all ...)
-	TODO: check
+	NOT-FOR-US: Fortinet
 CVE-2022-40682
 	RESERVED
 CVE-2022-40681
@@ -36077,13 +36077,13 @@ CVE-2022-40680 (A improper neutralization of input during web page generation ('
 CVE-2022-40679
 	RESERVED
 CVE-2022-40678 (An insufficiently protected credentials in Fortinet FortiNAC versions  ...)
-	TODO: check
+	NOT-FOR-US: Fortinet
 CVE-2022-40677 (A improper neutralization of argument delimiters in a command ('argume ...)
-	TODO: check
+	NOT-FOR-US: Fortinet
 CVE-2022-40676
 	RESERVED
 CVE-2022-40675 (Some cryptographic issues in Fortinet FortiNAC versions 9.4.0 through  ...)
-	TODO: check
+	NOT-FOR-US: Fortinet
 CVE-2022-40672 (Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-40671 (Cross-Site Request Forgery (CSRF) vulnerability in Rate my Post &#8211 ...)
@@ -37641,7 +37641,7 @@ CVE-2022-40082 (Hertz v0.3.0 ws discovered to contain a path traversal vulnerabi
 CVE-2022-40081
 	RESERVED
 CVE-2022-40080 (Stack overflow vulnerability in Aspire E5-475G 's BIOS firmware, in th ...)
-	TODO: check
+	NOT-FOR-US: Aspire
 CVE-2022-40079
 	RESERVED
 CVE-2022-40078
@@ -37921,11 +37921,11 @@ CVE-2022-39955 (The OWASP ModSecurity Core Rule Set (CRS) is affected by a parti
 	[bullseye] - modsecurity-crs <no-dsa> (Minor issues; will be fixed in point release)
 	NOTE: https://coreruleset.org/20220919/crs-version-3-3-3-and-3-2-2-covering-several-cves/
 CVE-2022-39954 (An improper restriction of xml external entity reference in Fortinet F ...)
-	TODO: check
+	NOT-FOR-US: Fortinet
 CVE-2022-39953
 	RESERVED
 CVE-2022-39952 (A external control of file name or path in Fortinet FortiNAC versions  ...)
-	TODO: check
+	NOT-FOR-US: Fortinet
 CVE-2022-39951
 	RESERVED
 CVE-2022-39950 (An improper neutralization of input during web page generation vulnera ...)
@@ -37933,7 +37933,7 @@ CVE-2022-39950 (An improper neutralization of input during web page generation v
 CVE-2022-39949 (An improper control of a resource through its lifetime vulnerability [ ...)
 	NOT-FOR-US: FortiGuard
 CVE-2022-39948 (An improper certificate validation vulnerability [CWE-295] in FortiOS  ...)
-	TODO: check
+	NOT-FOR-US: Fortinet
 CVE-2022-39947 (A improper neutralization of special elements used in an os command (' ...)
 	NOT-FOR-US: Fortinet
 CVE-2022-39946
@@ -41184,7 +41184,7 @@ CVE-2022-38733 (OnCommand Insight versions 7.3.1 through 7.3.14 are susceptible
 CVE-2022-38732 (SnapCenter versions prior to 4.7 shipped without Content Security Poli ...)
 	NOT-FOR-US: SnapCenter (NetAPP)
 CVE-2022-38731 (Qaelum DOSE 18.08 through 21.1 before 21.2 allows Directory Traversal  ...)
-	TODO: check
+	NOT-FOR-US: Qaelum
 CVE-2022-2985 (In music service, there is a missing permission check. This could lead ...)
 	NOT-FOR-US: Unisoc
 CVE-2022-2984 (In jpg driver, there is a possible out of bounds write due to a missin ...)
@@ -42404,13 +42404,13 @@ CVE-2022-38380 (An improper access control [CWE-284] vulnerability in FortiOS ve
 CVE-2022-38379 (Improper neutralization of input during web page generation [CWE-79] i ...)
 	NOT-FOR-US: FortiGuard
 CVE-2022-38378 (An improper privilege management vulnerability [CWE-269] in Fortinet F ...)
-	TODO: check
+	NOT-FOR-US: Fortinet
 CVE-2022-38377 (An improper access control vulnerability [CWE-284] in FortiManager 7.2 ...)
 	NOT-FOR-US: FortiGuard
 CVE-2022-38376 (Multiple improper neutralization of input during web page generation ( ...)
-	TODO: check
+	NOT-FOR-US: Fortinet
 CVE-2022-38375 (An improper authorization vulnerability [CWE-285] in Fortinet FortiNAC ...)
-	TODO: check
+	NOT-FOR-US: Fortinet
 CVE-2022-38374 (A improper neutralization of input during web page generation ('cross- ...)
 	NOT-FOR-US: FortiGuard
 CVE-2022-38373 (An improper neutralization of input during web page generation vulnera ...)
@@ -43178,11 +43178,11 @@ CVE-2022-38060 (A privilege escalation vulnerability exists in the sudo function
 	- kolla <itp> (bug #804128)
 	NOTE: https://bugs.launchpad.net/kolla/+bug/1985784
 CVE-2022-38056 (Improper neutralization in the Intel(R) EMA software before version 1. ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2022-37336
 	RESERVED
 CVE-2022-37329 (Uncontrolled search path in some Intel(R) Quartus(R) Prime Pro and Sta ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2022-36406
 	RESERVED
 CVE-2022-36351
@@ -45191,7 +45191,7 @@ CVE-2022-37347 (Trend Micro Security 2021 and 2022 (Consumer) is vulnerable to a
 CVE-2022-37341
 	RESERVED
 CVE-2022-37340 (Uncontrolled search path in some Intel(R) QAT drivers for Windows befo ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2022-37326
 	RESERVED
 CVE-2022-37325 (In Sangoma Asterisk through 16.28.0, 17.x and 18.x through 18.14.0, an ...)
@@ -45243,13 +45243,13 @@ CVE-2022-37305 (The Remote Keyless Entry (RKE) receiving unit on certain Honda v
 CVE-2022-36426
 	RESERVED
 CVE-2022-36397 (Incorrect default permissions in the software installer for some Intel ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2022-36369 (Improper access control in some QATzip software maintained by Intel(R) ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2022-36353
 	RESERVED
 CVE-2022-36348 (Active debug code in some Intel (R) SPS firmware before version SPS_E5 ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2022-36291
 	RESERVED
 CVE-2022-36281
@@ -46315,15 +46315,15 @@ CVE-2022-36944 (Scala 2.13.x before 2.13.9 has a Java deserialization chain in i
 	NOTE: https://github.com/scala/scala/pull/10118
 	NOTE: https://github.com/scala/scala/commit/f24c226211eb340c999d810013efbff35a49863f (v2.13.9)
 CVE-2022-36797 (Protection mechanism failure in the Intel(R) Ethernet 500 Series Contr ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2022-36794 (Improper condition check in some Intel(R) SPS firmware before version  ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2022-36792
 	RESERVED
 CVE-2022-36421
 	RESERVED
 CVE-2022-36416 (Protection mechanism failure in the Intel(R) Ethernet 500 Series Contr ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2022-36393
 	RESERVED
 CVE-2022-36366
@@ -46349,7 +46349,7 @@ CVE-2022-2557 (The Team WordPress plugin before 4.1.2 contains a file which coul
 CVE-2021-46830 (A path traversal vulnerability exists within GoAnywhere MFT before 6.8 ...)
 	NOT-FOR-US: GoAnywhere MFT
 CVE-2022-36943 (SSZipArchive versions 2.5.3 and older contain an arbitrary file write  ...)
-	TODO: check
+	NOT-FOR-US: SSZipArchive
 CVE-2022-36942
 	RESERVED
 CVE-2022-36941
@@ -47468,7 +47468,7 @@ CVE-2022-36392
 CVE-2022-36384 (Unquoted search path in the installer software for some Intel(r) NUC K ...)
 	NOT-FOR-US: Intel
 CVE-2022-36382 (Out-of-bounds write in firmware for some Intel(R) Ethernet Network Con ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2022-36380 (Uncontrolled search path in the installer software for some Intel(r) N ...)
 	NOT-FOR-US: Intel
 CVE-2022-36370 (Improper authentication in BIOS firmware for some Intel(R) NUC Boards  ...)
@@ -47476,7 +47476,7 @@ CVE-2022-36370 (Improper authentication in BIOS firmware for some Intel(R) NUC B
 CVE-2022-36283
 	RESERVED
 CVE-2022-34864 (Out-of-bounds read in the Intel(R) Trace Analyzer and Collector softwa ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2022-34859
 	RESERVED
 CVE-2022-33963
@@ -47512,7 +47512,7 @@ CVE-2022-36409
 CVE-2022-36408
 	REJECTED
 CVE-2022-36398 (Uncontrolled search path in the Intel(R) Battery Life Diagnostic Tool  ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2022-36396
 	RESERVED
 CVE-2022-36395
@@ -47522,13 +47522,13 @@ CVE-2022-36377 (Incorrect default permissions in the installer software for some
 CVE-2022-36374
 	RESERVED
 CVE-2022-36287 (Uncaught exception in the FCS Server software maintained by Intel befo ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2022-36278 (Insufficient control flow management in the Intel(R) Battery Life Diag ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2022-34855
 	RESERVED
 CVE-2022-34153 (Improper initialization in the Intel(R) Battery Life Diagnostic Tool s ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2022-34147
 	RESERVED
 CVE-2022-31137 (Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Kee ...)
@@ -47661,7 +47661,7 @@ CVE-2022-36364 (Apache Calcite Avatica JDBC driver creates HTTP client instances
 CVE-2022-36298
 	RESERVED
 CVE-2022-35729 (Out of bounds read in firmware for OpenBMC in some Intel(R) platforms  ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2022-34848
 	RESERVED
 CVE-2022-34846
@@ -47673,7 +47673,7 @@ CVE-2022-33196 (Incorrect default permissions in some memory controller configur
 	NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00738.html
 	NOTE: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20230214
 CVE-2022-32570 (Improper authentication in the Intel(R) Quartus Prime Pro and Standard ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2022-32232
 	RESERVED
 CVE-2022-2509 (A vulnerability found in gnutls. This security flaw happens because of ...)
@@ -47744,11 +47744,11 @@ CVE-2022-35727
 CVE-2022-34852
 	RESERVED
 CVE-2022-34849 (Uncaught exception in the Intel(R) Iris(R) Xe MAX drivers for Windows  ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2022-29494 (Improper input validation in firmware for OpenBMC in some Intel(R) pla ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2022-29493 (Uncaught exception in webserver for the Integrated BMC in some Intel(R ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2022-2501 (An improper access control issue in GitLab EE affecting all versions f ...)
 	- gitlab <not-affected> (Specific to EE)
 CVE-2022-2500 (A cross-site scripting issue has been discovered in GitLab CE/EE affec ...)
@@ -47878,9 +47878,9 @@ CVE-2022-36294
 CVE-2022-36290
 	RESERVED
 CVE-2022-36289 (Protection mechanism failure in the Intel(R) Media SDK software before ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2022-35883 (NULL pointer dereference in the Intel(R) Media SDK software before ver ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2022-35274
 	RESERVED
 CVE-2022-35237
@@ -47888,11 +47888,11 @@ CVE-2022-35237
 CVE-2022-34860
 	RESERVED
 CVE-2022-34843 (Integer overflow in the Intel(R) Trace Analyzer and Collector software ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2022-33949
 	RESERVED
 CVE-2022-32575 (Out-of-bounds write in the Intel(R) Trace Analyzer and Collector softw ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2022-2485 (Any attempt (good or bad) to log into AutomationDirect Stride Field I/ ...)
 	NOT-FOR-US: AutomationDirect
 CVE-2022-2484 (The signature check in the Nokia ASIK AirScale system module version 4 ...)
@@ -49426,7 +49426,7 @@ CVE-2022-33144
 CVE-2022-29870
 	RESERVED
 CVE-2022-27170 (Protection mechanism failure in the Intel(R) Media SDK software before ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2022-2395 (The weForms WordPress plugin before 1.6.14 does not sanitise and escap ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-2394 (Puppet Bolt prior to version 3.24.0 will print sensitive parameters wh ...)
@@ -51718,13 +51718,13 @@ CVE-2022-34863
 CVE-2022-34856
 	RESERVED
 CVE-2022-34854 (Improper access control in the Intel(R) SUR software before version 2. ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2022-34841 (Improper buffer restrictions in the Intel(R) Media SDK software before ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2022-34488 (Improper buffer restrictions in the firmware for some Intel(R) NUC Lap ...)
 	NOT-FOR-US: Intel
 CVE-2022-34346 (Out-of-bounds read in the Intel(R) Media SDK software before version 2 ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2022-33972 (Incorrect calculation in microcode keying mechanism for some 3rd Gener ...)
 	- intel-microcode <unfixed> (bug #1031334)
 	NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00730.html
@@ -51734,7 +51734,7 @@ CVE-2022-33197
 CVE-2022-32581
 	RESERVED
 CVE-2022-30531 (Out-of-bounds read in the Intel(R) Iris(R) Xe MAX drivers for Windows  ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2022-2287 (Out-of-bounds Read in GitHub repository vim/vim prior to 9.0. ...)
 	- vim 2:9.0.0135-1 (unimportant)
 	NOTE: https://huntr.dev/bounties/654aa069-3a9d-45d3-9a52-c1cf3490c284/
@@ -52660,23 +52660,23 @@ CVE-2022-34646
 CVE-2022-34345 (Improper input validation in the firmware for some Intel(R) NUC Laptop ...)
 	NOT-FOR-US: Intel
 CVE-2022-34157 (Improper access control in the Intel(R) FPGA SDK for OpenCL(TM) with I ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2022-33964 (Improper input validation in the Intel(R) SUR software before version  ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2022-33946 (Improper authentication in the Intel(R) SUR software before version 2. ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2022-33190 (Improper input validation in the Intel(R) SUR software before version  ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2022-32971 (Improper authentication in the Intel(R) SUR software before version 2. ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2022-32579 (Improper initialization in the firmware for some Intel(R) NUC Laptop K ...)
 	NOT-FOR-US: Intel
 CVE-2022-31476 (Improper access control in the Intel(R) SUR software before version 2. ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2022-30692 (Improper conditions check in the Intel(R) SUR software before version  ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2022-29514 (Improper access control in the Intel(R) SUR software before version 2. ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2022-27168 (Cross-site scripting vulnerability in LiteCart versions prior to 2.4.2 ...)
 	NOT-FOR-US: LiteCart
 CVE-2022-2214 (A vulnerability was found in SourceCodester Library Management System  ...)
@@ -54436,7 +54436,7 @@ CVE-2022-33973 (Improper access control in the Intel(R) WAPI Security software f
 CVE-2022-33898
 	RESERVED
 CVE-2022-32764 (Description: Race condition in the Intel(R) DSA software before versio ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2022-32582
 	RESERVED
 CVE-2022-32577
@@ -54444,7 +54444,7 @@ CVE-2022-32577
 CVE-2022-32576
 	RESERVED
 CVE-2022-30530 (Protection mechanism failure in the Intel(R) DSA software before versi ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2022-29895
 	RESERVED
 CVE-2022-29871
@@ -54575,7 +54575,7 @@ CVE-2022-33945
 CVE-2022-33942 (Protection mechanism failure in the Intel(R) DCM software before versi ...)
 	NOT-FOR-US: Intel
 CVE-2022-33902 (Insufficient control flow management in the Intel(R) Quartus Prime Pro ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2022-33899
 	RESERVED
 CVE-2022-33895
@@ -54583,7 +54583,7 @@ CVE-2022-33895
 CVE-2022-33894
 	RESERVED
 CVE-2022-33892 (Path traversal in the Intel(R) Quartus Prime Pro and Standard edition  ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2022-33209 (Improper input validation in the firmware for some Intel(R) NUC Laptop ...)
 	NOT-FOR-US: Intel
 CVE-2022-33200
@@ -54611,11 +54611,11 @@ CVE-2022-32288
 CVE-2022-32233
 	RESERVED
 CVE-2022-32231 (Improper initialization in the BIOS firmware for some Intel(R) Process ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2022-31477
 	RESERVED
 CVE-2022-30704 (Improper initialization in the Intel(R) TXT SINIT ACM for some Intel(R ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2022-30691 (Uncontrolled resource consumption in the Intel(R) Support Android appl ...)
 	NOT-FOR-US: Intel
 CVE-2022-30606
@@ -54910,11 +54910,11 @@ CVE-2022-33873 (An improper neutralization of special elements used in an OS Com
 CVE-2022-33872 (An improper neutralization of special elements used in an OS Command ( ...)
 	NOT-FOR-US: Fortiguard
 CVE-2022-33871 (A stack-based buffer overflow vulnerability [CWE-121] in FortiWeb vers ...)
-	TODO: check
+	NOT-FOR-US: Fortinet
 CVE-2022-33870 (An improper neutralization of special elements used in an OS command v ...)
 	NOT-FOR-US: FortiGuard
 CVE-2022-33869 (An improper neutralization of special elements used in an OS command v ...)
-	TODO: check
+	NOT-FOR-US: Fortinet
 CVE-2022-2100 (The Page Generator WordPress plugin before 1.6.5 does not sanitise and ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-2099 (The WooCommerce WordPress plugin before 6.6.0 is vulnerable to stored  ...)
@@ -57872,13 +57872,13 @@ CVE-2022-30601 (Insufficiently protected credentials for Intel(R) AMT and Intel(
 CVE-2022-30542 (Improper input validation in the firmware for some Intel(R) Server Boa ...)
 	NOT-FOR-US: Intel
 CVE-2022-30539 (Use after free in the BIOS firmware for some Intel(R) Processors may a ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2022-29920
 	RESERVED
 CVE-2022-29896
 	RESERVED
 CVE-2022-29523 (Improper conditions check in the Open CAS software maintained by Intel ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2022-28699
 	RESERVED
 CVE-2022-28697 (Improper access control in firmware for Intel(R) AMT and Intel(R) Stan ...)
@@ -60017,7 +60017,7 @@ CVE-2022-31810
 CVE-2022-31809
 	RESERVED
 CVE-2022-31808 (A vulnerability has been identified in SiPass integrated AC5102 (ACC-G ...)
-	TODO: check
+	NOT-FOR-US: SiPass
 CVE-2022-31807
 	RESERVED
 CVE-2022-31806 (In CODESYS V2 PLCWinNT and Runtime Toolkit 32 in versions prior to V2. ...)
@@ -60467,7 +60467,7 @@ CVE-2022-1894 (The Popup Builder WordPress plugin before 4.1.11 does not escape
 CVE-2021-4232 (A vulnerability classified as problematic has been found in Zoo Manage ...)
 	NOT-FOR-US: Zoo Management System
 CVE-2022-31733 (Starting with diego-release 2.55.0 and up to 2.69.0, and starting with ...)
-	TODO: check
+	NOT-FOR-US: diego-release
 CVE-2022-31732
 	RESERVED
 CVE-2022-31731
@@ -60511,9 +60511,9 @@ CVE-2022-31713
 CVE-2022-31712
 	RESERVED
 CVE-2022-31711 (VMware vRealize Log Insight contains an Information Disclosure Vulnera ...)
-	TODO: check
+	NOT-FOR-US: VMware
 CVE-2022-31710 (vRealize Log Insight contains a deserialization vulnerability. An unau ...)
-	TODO: check
+	NOT-FOR-US: VMware
 CVE-2022-31709
 	RESERVED
 CVE-2022-31708 (vRealize Operations (vROps) contains a broken access control vulnerabi ...)
@@ -60521,11 +60521,11 @@ CVE-2022-31708 (vRealize Operations (vROps) contains a broken access control vul
 CVE-2022-31707 (vRealize Operations (vROps) contains a privilege escalation vulnerabil ...)
 	NOT-FOR-US: VMware
 CVE-2022-31706 (The vRealize Log Insight contains a Directory Traversal Vulnerability. ...)
-	TODO: check
+	NOT-FOR-US: VMware
 CVE-2022-31705 (VMware ESXi, Workstation, and Fusion contain a heap out-of-bounds writ ...)
 	NOT-FOR-US: VMware
 CVE-2022-31704 (The vRealize Log Insight contains a broken access control vulnerabilit ...)
-	TODO: check
+	NOT-FOR-US: VMware
 CVE-2022-31703 (The vRealize Log Insight contains a Directory Traversal Vulnerability. ...)
 	NOT-FOR-US: VMware
 CVE-2022-31702 (vRealize Network Insight (vRNI) contains a command injection vulnerabi ...)
@@ -60793,11 +60793,11 @@ CVE-2022-30533 (Cross-site scripting vulnerability in Modern Events Calendar Lit
 CVE-2022-1893 (Exposure of Sensitive Information to an Unauthorized Actor in GitHub r ...)
 	NOT-FOR-US: Trudesk
 CVE-2022-1892 (A buffer overflow in the SystemBootManagerDxe driver in some Lenovo No ...)
-	TODO: check
+	NOT-FOR-US: Lenovo
 CVE-2022-1891 (A buffer overflow in the SystemLoadDefaultDxe driver in some Lenovo No ...)
-	TODO: check
+	NOT-FOR-US: Lenovo
 CVE-2022-1890 (A buffer overflow in the ReadyBootDxe driver in some Lenovo Notebook p ...)
-	TODO: check
+	NOT-FOR-US: Lenovo
 CVE-2022-1889 (The Newsletter WordPress plugin before 7.4.6 does not escape and sanit ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-1888 (Alpha7 PC Loader (All versions) is vulnerable to a stack-based buffer  ...)
@@ -60874,7 +60874,7 @@ CVE-2022-31613 (NVIDIA GPU Display Driver for Windows contains a vulnerability i
 CVE-2022-31612 (NVIDIA GPU Display Driver for Windows contains a vulnerability in the  ...)
 	NOT-FOR-US: NVIDIA drivers for Windows
 CVE-2022-31611 (NVIDIA GeForce Experience contains an uncontrolled search path vulnera ...)
-	TODO: check
+	NOT-FOR-US: NVIDIA
 CVE-2022-31610 (NVIDIA GPU Display Driver for Windows contains a vulnerability in the  ...)
 	NOT-FOR-US: NVIDIA drivers for Windows
 CVE-2022-31609 (NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manag ...)
@@ -61564,9 +61564,9 @@ CVE-2022-31366 (An arbitrary file upload vulnerability in the apiImportLabs func
 CVE-2022-31365
 	RESERVED
 CVE-2022-31364 (Cypress : https://www.infineon.com/ Cypress Bluetooth Mesh SDK BSA0107 ...)
-	TODO: check
+	NOT-FOR-US: Cypress
 CVE-2022-31363 (Cypress : https://www.infineon.com/ Cypress Bluetooth Mesh SDK BSA0107 ...)
-	TODO: check
+	NOT-FOR-US: Cypress
 CVE-2022-31362 (** UNSUPPORTED WHEN ASSIGNED ** Docebo Community Edition v4.0.5 and be ...)
 	NOT-FOR-US: Docebo
 CVE-2022-31361 (** UNSUPPORTED WHEN ASSIGNED ** Docebo Community Edition v4.0.5 and be ...)
@@ -61824,7 +61824,7 @@ CVE-2022-29506 (Out-of-bounds read vulnerability exist in the simulator module c
 CVE-2022-1813 (OS Command Injection in GitHub repository yogeshojha/rengine prior to  ...)
 	NOT-FOR-US: yogeshojha/rengine
 CVE-2022-1812 (Integer Overflow or Wraparound in GitHub repository publify/publify pr ...)
-	TODO: check
+	NOT-FOR-US: Publify
 CVE-2022-1811 (Unrestricted Upload of File with Dangerous Type in GitHub repository p ...)
 	NOT-FOR-US: Publify
 CVE-2022-1810 (Improper Access Control in GitHub repository publify/publify prior to  ...)
@@ -63084,7 +63084,7 @@ CVE-2022-30906
 CVE-2022-30905
 	RESERVED
 CVE-2022-30904 (In Bestechnic Bluetooth Mesh SDK (BES2300) V1.0, a buffer overflow vul ...)
-	TODO: check
+	NOT-FOR-US: Bestechnic Bluetooth Mesh SDK
 CVE-2022-30903 (Nokia "G-2425G-A" Bharti Airtel Routers Hardware version "3FE48299DEAA ...)
 	NOT-FOR-US: Nokia "G-2425G-A" Bharti Airtel Routers Hardware
 CVE-2022-30902
@@ -63938,7 +63938,7 @@ CVE-2022-30566
 CVE-2022-30565
 	RESERVED
 CVE-2022-30564 (Some Dahua embedded products have a vulnerability of unauthorized modi ...)
-	TODO: check
+	NOT-FOR-US: Dahua
 CVE-2022-30563 (When an attacker uses a man-in-the-middle attack to sniff the request  ...)
 	NOT-FOR-US: Dahua
 CVE-2022-30562 (If the user enables the https function on the device, an attacker can  ...)
@@ -64031,7 +64031,7 @@ CVE-2022-1671 (A NULL pointer dereference flaw was found in rxrpc_preparse_s in
 CVE-2022-30548 (Uncontrolled search path element in the Intel(R) Glorp software may al ...)
 	NOT-FOR-US: Intel
 CVE-2022-30339 (Out-of-bounds read in firmware for the Intel(R) Integrated Sensor Solu ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2022-30338
 	RESERVED
 CVE-2022-30296 (Insufficiently protected credentials in the Intel(R) Datacenter Group  ...)
@@ -64059,7 +64059,7 @@ CVE-2022-28693
 CVE-2022-27877
 	RESERVED
 CVE-2022-27808 (Insufficient control flow management in some Intel(R) Ethernet Control ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2022-26844 (Insufficiently protected credentials in the installation binaries for  ...)
 	NOT-FOR-US: Intel
 CVE-2022-26374 (Uncontrolled search path in the installation binaries for Intel(R) SEA ...)
@@ -64443,7 +64443,7 @@ CVE-2022-30423 (Merchandise Online Store v1.0 by oretnom23 has an arbitrary code
 CVE-2022-30422 (Proietti Tech srl Planet Time Enterprise 4.2.0.1,4.2.0.0,4.1.0.0,4.0.0 ...)
 	NOT-FOR-US: Proietti Tech srl Planet Time Enterprise
 CVE-2022-30421 (Improper Authentication vulnerability in Toshiba Storage Security Soft ...)
-	TODO: check
+	NOT-FOR-US: Toshiba
 CVE-2022-30420
 	RESERVED
 CVE-2022-30419
@@ -64668,7 +64668,7 @@ CVE-2022-30333 (RARLAB UnRAR before 6.12 on Linux and UNIX allows directory trav
 	NOTE: 6.12 application version corresponds to 6.1.7 source version:
 	NOTE: https://github.com/debian-calibre/unrar-nonfree/compare/upstream/6.1.6...upstream/6.1.7
 CVE-2022-30332 (In Talend Administration Center 7.3.1.20200219 before TAC-15950, the F ...)
-	TODO: check
+	NOT-FOR-US: Talend
 CVE-2022-30331 (** DISPUTED ** The User-Defined Functions (UDF) feature in TigerGraph  ...)
 	NOT-FOR-US: TigerGraph
 CVE-2022-30330 (In the KeepKey firmware before 7.3.2,Flaws in the supervisor interface ...)
@@ -64741,21 +64741,21 @@ CVE-2022-30308 (In Festo Controller CECC-X-M1 product family in multiple version
 CVE-2022-30307 (A key management error vulnerability [CWE-320] affecting the RSA SSH h ...)
 	NOT-FOR-US: FortiGuard
 CVE-2022-30306 (A stack-based buffer overflow vulnerability [CWE-121] in the CA sign f ...)
-	TODO: check
+	NOT-FOR-US: Fortinet
 CVE-2022-30305 (An insufficient logging [CWE-778] vulnerability in FortiSandbox versio ...)
 	NOT-FOR-US: FortiGuard
 CVE-2022-30304 (An improper neutralization of input during web page generation vulnera ...)
-	TODO: check
+	NOT-FOR-US: Fortinet
 CVE-2022-30303 (An improper neutralization of special elements used in an os command ( ...)
-	TODO: check
+	NOT-FOR-US: Fortinet
 CVE-2022-30302 (Multiple relative path traversal vulnerabilities [CWE-23] in FortiDece ...)
 	NOT-FOR-US: Fortinet
 CVE-2022-30301 (A path traversal vulnerability [CWE-22] in FortiAP-U CLI 6.2.0 through ...)
 	NOT-FOR-US: Fortinet
 CVE-2022-30300 (A relative path traversal vulnerability [CWE-23] in FortiWeb 7.0.0 thr ...)
-	TODO: check
+	NOT-FOR-US: Fortinet
 CVE-2022-30299 (A path traversal vulnerability [CWE-23] in the API of FortiWeb 7.0.0 t ...)
-	TODO: check
+	NOT-FOR-US: Fortinet
 CVE-2022-30298 (An improper privilege management vulnerability [CWE-269] in Fortinet F ...)
 	NOT-FOR-US: FortiGuard
 CVE-2022-29509 (Directory traversal vulnerability in T&D Data Server (Japanese Edi ...)
@@ -66108,9 +66108,9 @@ CVE-2022-29846 (In Progress Ipswitch WhatsUp Gold 16.1 through 21.1.1, and 22.0.
 CVE-2022-29845 (In Progress Ipswitch WhatsUp Gold 21.1.0 through 21.1.1, and 22.0.0, i ...)
 	NOT-FOR-US: Progress Ipswitch WhatsUp Gold
 CVE-2022-29844 (A vulnerability in the FTP service of Western Digital My Cloud OS 5 de ...)
-	TODO: check
+	NOT-FOR-US: Western Digital
 CVE-2022-29843 (A command injection vulnerability in the DDNS service configuration of ...)
-	TODO: check
+	NOT-FOR-US: Western Digital
 CVE-2022-29842
 	RESERVED
 CVE-2022-29841
@@ -67053,7 +67053,7 @@ CVE-2022-29559
 CVE-2022-29558 (Realtek rtl819x-SDK before v3.6.1 allows command injection over the we ...)
 	NOT-FOR-US: Realtek
 CVE-2022-29557 (LexisNexis Firco Compliance Link 3.7 allows CSRF. ...)
-	TODO: check
+	NOT-FOR-US: LexisNexis Firco Compliance Link
 CVE-2022-29556 (The iot-manager microservice 1.0.0 in Northern.tech Mender Enterprise  ...)
 	NOT-FOR-US: mendersoftware/iot-manager
 CVE-2022-29555 (The Deviceconnect microservice through 1.3.0 in Northern.tech Mender E ...)
@@ -67449,7 +67449,7 @@ CVE-2022-29418 (Authenticated (admin user role) Persistent Cross-Site Scripting
 CVE-2022-29417 (Plugin Settings Update vulnerability in ShortPixel's ShortPixel Adapti ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-29416 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Afterpay ...)
-	TODO: check
+	NOT-FOR-US: AfterPay
 CVE-2022-29415 (Unauthenticated Reflected Cross-Site Scripting (XSS) vulnerability in  ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-29414 (Multiple (13x) Cross-Site Request Forgery (CSRF) vulnerabilities in WP ...)
@@ -68509,7 +68509,7 @@ CVE-2022-29056
 CVE-2022-29055 (A access of uninitialized pointer in Fortinet FortiOS version 7.2.0, 7 ...)
 	NOT-FOR-US: FortiGuard
 CVE-2022-29054 (A missing cryptographic steps vulnerability [CWE-325] in the functions ...)
-	TODO: check
+	NOT-FOR-US: Fortinet
 CVE-2022-29053 (A missing cryptographic steps vulnerability [CWE-325] in the functions ...)
 	NOT-FOR-US: FortiGuard
 CVE-2022-29052 (Jenkins Google Compute Engine Plugin 4.3.8 and earlier stores private  ...)
@@ -69458,7 +69458,7 @@ CVE-2022-27631 (A memory corruption vulnerability exists in the httpd unescape f
 CVE-2022-27499 (Premature release of resource during expected lifetime in the Intel(R) ...)
 	NOT-FOR-US: Intel
 CVE-2022-27234 (Server-side request forgery in the CVAT software maintained by Intel(R ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2022-27187 (Uncontrolled search path element in the Intel(R) Quartus Prime Standar ...)
 	NOT-FOR-US: Intel
 CVE-2022-27173
@@ -69466,9 +69466,9 @@ CVE-2022-27173
 CVE-2022-26845 (Improper authentication in firmware for Intel(R) AMT before versions 1 ...)
 	NOT-FOR-US: Intel
 CVE-2022-26841 (Insufficient control flow management for the Intel(R) SGX SDK software ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2022-26837 (Improper input validation in the BIOS firmware for some Intel(R) Proce ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2022-26833 (An improper authentication vulnerability exists in the REST API functi ...)
 	NOT-FOR-US: Open Automation Software
 CVE-2022-26515
@@ -69476,7 +69476,7 @@ CVE-2022-26515
 CVE-2022-26513 (Out-of-bounds write in some Intel(R) XMM(TM) 7560 Modem software befor ...)
 	NOT-FOR-US: Intel
 CVE-2022-26509 (Improper conditions check in the Intel(R) SGX SDK software may allow a ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2022-26508 (Improper authentication in the Intel(R) SDP Tool before version 3.0.0  ...)
 	NOT-FOR-US: Intel
 CVE-2022-26376 (A memory corruption vulnerability exists in the httpd unescape functio ...)
@@ -71824,7 +71824,7 @@ CVE-2022-27948 (** DISPUTED ** Certain Tesla vehicles through 2022-03-26 allow a
 CVE-2022-1110 (A buffer overflow vulnerability in Lenovo Smart Standby Driver prior t ...)
 	NOT-FOR-US: Lenovo
 CVE-2022-1109 (An incorrect default permissions vulnerability in Lenovo Leyun cloud m ...)
-	TODO: check
+	NOT-FOR-US: Lenovo
 CVE-2022-1108 (A potential vulnerability due to improper buffer validation in the SMI ...)
 	NOT-FOR-US: Lenovo
 CVE-2022-1107 (During an internal product security audit a potential vulnerability du ...)
@@ -71956,7 +71956,7 @@ CVE-2022-27899
 CVE-2022-27898
 	RESERVED
 CVE-2022-27897 (Palantir Gotham versions prior to 3.22.11.2 included an unauthenticate ...)
-	TODO: check
+	NOT-FOR-US: Palantir
 CVE-2022-27896 (Information Exposure Through Log Files vulnerability discovered in Fou ...)
 	NOT-FOR-US: Foundry Code-Workbooks
 CVE-2022-27895 (Information Exposure Through Log Files vulnerability discovered in Fou ...)
@@ -71966,11 +71966,11 @@ CVE-2022-27894 (The Foundry Blobster service was found to have a cross-site scri
 CVE-2022-27893 (The Foundry Magritte plugin osisoft-pi-web-connector versions 0.15.0 - ...)
 	NOT-FOR-US: Foundry Magritte plugin osisoft-pi-web-connector
 CVE-2022-27892 (Palantir Gotham versions prior to 3.22.11.2 included an unauthenticate ...)
-	TODO: check
+	NOT-FOR-US: Palantir
 CVE-2022-27891 (Palantir Gotham included an unauthenticated endpoint that listed all a ...)
-	TODO: check
+	NOT-FOR-US: Palantir
 CVE-2022-27890 (It was discovered that the sls-logging was not verifying hostnames in  ...)
-	TODO: check
+	NOT-FOR-US: sls-logging
 CVE-2022-27889 (The Multipass service was found to have code paths that could be abuse ...)
 	NOT-FOR-US: Palantir
 CVE-2022-27888 (Foundry Issues service versions 2.244.0 to 2.249.0 was found to be log ...)
@@ -72571,7 +72571,7 @@ CVE-2022-27679
 CVE-2022-27678
 	RESERVED
 CVE-2022-27677 (Failure to validate privileges during installation of AMD Ryzen™ ...)
-	TODO: check
+	NOT-FOR-US: AMD
 CVE-2022-27676
 	REJECTED
 CVE-2022-27675
@@ -72814,7 +72814,7 @@ CVE-2022-27598
 CVE-2022-27597
 	RESERVED
 CVE-2022-27596 (A vulnerability has been reported to affect QNAP device running QuTS h ...)
-	TODO: check
+	NOT-FOR-US: QNAP
 CVE-2022-27595
 	RESERVED
 CVE-2022-27594
@@ -72930,9 +72930,9 @@ CVE-2022-27540
 CVE-2022-27539
 	RESERVED
 CVE-2022-27538 (A potential Time-of-Check to Time-of-Use (TOCTOU) vulnerability has be ...)
-	TODO: check
+	NOT-FOR-US: HP
 CVE-2022-27537 (Potential vulnerabilities have been identified in the system BIOS of c ...)
-	TODO: check
+	NOT-FOR-US: HP
 CVE-2022-27536 (Certificate.Verify in crypto/x509 in Go 1.18.x before 1.18.1 can be ca ...)
 	- golang-1.18 <not-affected> (MacOS-specific)
 	- golang-1.17 <not-affected> (MacOS-specific)
@@ -72993,9 +72993,9 @@ CVE-2022-27510 (Unauthorized access to Gateway user capabilities ...)
 CVE-2022-27509 (Unauthenticated redirection to a malicious website ...)
 	NOT-FOR-US: Citrix
 CVE-2022-27508 (Unauthenticated denial of service ...)
-	TODO: check
+	NOT-FOR-US: Citrix
 CVE-2022-27507 (Authenticated denial of service ...)
-	TODO: check
+	NOT-FOR-US: Citrix
 CVE-2022-27506 (Hard-coded credentials allow administrators to access the shell via th ...)
 	NOT-FOR-US: Citrix
 CVE-2022-27505 (Reflected cross site scripting (XSS) ...)
@@ -73021,9 +73021,9 @@ CVE-2022-27180
 CVE-2022-26889 (In Splunk Enterprise versions before 8.1.2, the uri path to load a rel ...)
 	NOT-FOR-US: Splunk
 CVE-2022-26888 (Cross-site scripting in the Intel(R) Quartus Prime Pro and Standard ed ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2022-26840 (Improper neutralization in the Intel(R) Quartus Prime Pro and Standard ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2022-26070 (When handling a mismatched pre-authentication cookie, the application  ...)
 	NOT-FOR-US: Splunk
 CVE-2022-26024 (Improper access control in the Intel(R) NUC HDMI Firmware Update Tool  ...)
@@ -73045,7 +73045,7 @@ CVE-2022-27491 (A improper verification of source of a communication channel in
 CVE-2022-27490
 	RESERVED
 CVE-2022-27489 (A improper neutralization of special elements used in an os command (' ...)
-	TODO: check
+	NOT-FOR-US: Fortinet
 CVE-2022-27488
 	RESERVED
 CVE-2022-27487
@@ -73059,7 +73059,7 @@ CVE-2022-27484 (A unverified password change in Fortinet FortiADC version 6.2.0
 CVE-2022-27483 (A improper neutralization of special elements used in an os command (' ...)
 	NOT-FOR-US: Fortinet
 CVE-2022-27482 (A improper neutralization of special elements used in an os command (' ...)
-	TODO: check
+	NOT-FOR-US: Fortinet
 CVE-2022-27481 (A vulnerability has been identified in SCALANCE W1788-1 M12 (All versi ...)
 	NOT-FOR-US: Siemens SCALANCE
 CVE-2022-27480 (A vulnerability has been identified in SICAM A8000 CP-8031 (All versio ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d65cf65bbf275e6a2bd0d628b88ed6a9cd94385b

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d65cf65bbf275e6a2bd0d628b88ed6a9cd94385b
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230217/f9b8e3e7/attachment-0001.htm>


More information about the debian-security-tracker-commits mailing list