[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) jmm at debian.org
Tue Jan 3 16:36:29 GMT 2023 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
68ac2d82 by Moritz Muehlenhoff at 2023-01-03T17:35:12+01:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -311,7 +311,7 @@ CVE-2018-25060 (A vulnerability was found in Macaron csrf and classified as prob
 	NOTE: https://github.com/go-macaron/csrf/commit/dadd1711a617000b70e5e408a76531b73187031c
 	NOTE: https://github.com/go-macaron/csrf/pull/7
 CVE-2018-25059 (A vulnerability was found in pastebinit up to 0.2.2 and classified as  ...)
-	TODO: check
+	NOT-FOR-US: jessfraz/pastebinit (Go implementation of pastebinit, different from src:pastebinit)
 CVE-2017-20153 (A vulnerability has been found in aerouk imageserve and classified as  ...)
 	NOT-FOR-US: aerouk imageserve
 CVE-2017-20152 (A vulnerability, which was classified as problematic, was found in aer ...)
@@ -1335,7 +1335,7 @@ CVE-2019-25086 (A vulnerability was found in IET-OU Open Media Player up to 1.5.
 CVE-2018-25049 (A vulnerability was found in email-existence. It has been rated as pro ...)
 	NOT-FOR-US: email-existence
 CVE-2015-10005 (A vulnerability was found in markdown-it up to 2.x. It has been classi ...)
-	TODO: check
+	NOT-FOR-US: Fuji Electric
 CVE-2022-47966
 	RESERVED
 CVE-2022-4746
@@ -1345,7 +1345,7 @@ CVE-2022-4745
 CVE-2021-4281 (A vulnerability was found in Brave UX for-the-badge and classified as  ...)
 	NOT-FOR-US: Brave UX for-the-badge
 CVE-2022-47908 (Stack-based buffer overflow vulnerability in V-Server v4.0.12.0 and ea ...)
-	TODO: check
+	NOT-FOR-US: Fuji Electric
 CVE-2022-4744
 	RESERVED
 CVE-2022-4743
@@ -1353,13 +1353,13 @@ CVE-2022-4743
 CVE-2022-4742 (A vulnerability, which was classified as critical, has been found in j ...)
 	NOT-FOR-US: Node json-pointer module
 CVE-2022-47317 (Out-of-bounds write vulnerability in V-Server v4.0.12.0 and earlier al ...)
-	TODO: check
+	NOT-FOR-US: Fuji Electric
 CVE-2022-46360 (Out-of-bounds read vulnerability in V-SFT v6.1.7.0 and earlier and TEL ...)
-	TODO: check
+	NOT-FOR-US: Fuji Electric
 CVE-2022-43448 (Out-of-bounds write vulnerability in V-SFT v6.1.7.0 and earlier and TE ...)
-	TODO: check
+	NOT-FOR-US: Fuji Electric
 CVE-2022-41645 (Out-of-bounds read vulnerability in V-Server v4.0.12.0 and earlier all ...)
-	TODO: check
+	NOT-FOR-US: Fuji Electric
 CVE-2022-4741 (A vulnerability was found in docconv up to 1.2.0 and classified as pro ...)
 	NOT-FOR-US: docconv
 CVE-2022-4740 (A vulnerability, which was classified as problematic, has been found i ...)
@@ -1389,7 +1389,7 @@ CVE-2022-4735 (A vulnerability classified as problematic was found in asrashley
 CVE-2021-4278 (A vulnerability classified as problematic has been found in cronvel tr ...)
 	NOT-FOR-US: cronvel tree-kit
 CVE-2019-25084 (A vulnerability, which was classified as problematic, has been found i ...)
-	TODO: check
+	NOT-FOR-US: Hide Files on GitHub Chrome extension
 CVE-2022-47952 (lxc-user-nic in lxc through 5.0.1 is installed setuid root, and may al ...)
 	- lxc <unfixed>
 	[bullseye] - lxc <no-dsa> (Minor issue)
@@ -1594,7 +1594,7 @@ CVE-2022-47933 (Brave Browser before 1.42.51 allowed a remote attacker to cause
 CVE-2022-47932 (Brave Browser before 1.43.34 allowed a remote attacker to cause a deni ...)
 	- brave-browser <itp> (bug #864795)
 CVE-2022-47931 (IO FinNet tss-lib before 2.0.0 allows a collision of hash values. ...)
-	TODO: check
+	NOT-FOR-US: Multi-Party Threshold Signature Scheme
 CVE-2022-47930
 	RESERVED
 CVE-2022-47929
@@ -1708,9 +1708,9 @@ CVE-2022-4650
 CVE-2022-4649
 	RESERVED
 CVE-2020-36625 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in destiny.g ...)
-	TODO: check
+	NOT-FOR-US: destiny.gg chat
 CVE-2020-36624 (A vulnerability was found in ahorner text-helpers up to 1.0.x. It has  ...)
-	TODO: check
+	NOT-FOR-US: text_helpers gem
 CVE-2022-47925
 	RESERVED
 CVE-2022-47924
@@ -2406,7 +2406,7 @@ CVE-2022-47636
 CVE-2022-47635 (Wildix WMS 6 before 6.02.20221216, WMS 5 before 5.04.20221214, and WMS ...)
 	NOT-FOR-US: Wildix CMS
 CVE-2022-47634 (M-Link Archive Server in Isode M-Link R16.2v1 through R17.0 before R17 ...)
-	TODO: check
+	NOT-FOR-US: M-Link
 CVE-2022-47633 (An image signature validation bypass vulnerability in Kyverno 1.8.3 an ...)
 	NOT-FOR-US: Kyverno
 CVE-2022-47632
@@ -2436,7 +2436,7 @@ CVE-2022-47620
 CVE-2022-47619
 	RESERVED
 CVE-2022-47618 (Merit LILIN AH55B04 & AH55B08 DVR firm has hard-coded administrato ...)
-	TODO: check
+	NOT-FOR-US: Merit Lilin
 CVE-2022-47617
 	RESERVED
 CVE-2022-47616
@@ -7758,17 +7758,17 @@ CVE-2022-46338 (g810-led 0.4.2, a LED configuration tool for Logitech Gx10 keybo
 	NOTE: https://github.com/MatMoul/g810-led/pull/297
 	NOTE: Fixed by: https://github.com/MatMoul/g810-led/commit/e2b486fd1bc21e0b784e1b4c959770772dfced24 (v0.4.3)
 CVE-2022-46309 (Vitals ESP upload function has a path traversal vulnerability. A remot ...)
-	TODO: check
+	NOT-FOR-US: Vitals ESP
 CVE-2022-46308
 	RESERVED
 CVE-2022-46307
 	RESERVED
 CVE-2022-46306 (ChangingTec ServiSign component has a path traversal vulnerability due ...)
-	TODO: check
+	NOT-FOR-US: ChangingTec ServiSign
 CVE-2022-46305 (ChangingTec ServiSign component has a path traversal vulnerability. An ...)
-	TODO: check
+	NOT-FOR-US: ChangingTec ServiSign
 CVE-2022-46304 (ChangingTec ServiSign component has insufficient filtering for special ...)
-	TODO: check
+	NOT-FOR-US: ChangingTec ServiSign
 CVE-2022-46295
 	RESERVED
 CVE-2022-46294
@@ -9142,7 +9142,7 @@ CVE-2022-45783
 CVE-2022-45782
 	RESERVED
 CVE-2022-4114 (The Superio WordPress theme does not sanitise and escape some paramete ...)
-	TODO: check
+	NOT-FOR-US: WordPress theme
 CVE-2022-4113
 	RESERVED
 CVE-2022-4112 (The Quizlord WordPress plugin through 2.0 does not sanitise and escape ...)
@@ -10853,7 +10853,7 @@ CVE-2022-45215 (A cross-site scripting (XSS) vulnerability in Book Store Managem
 CVE-2022-45214 (A cross-site scripting (XSS) vulnerability in Sanitization Management  ...)
 	NOT-FOR-US: Sanitization Management System
 CVE-2022-45213 (perfSONAR before 4.4.6 inadvertently supports the parse option for a f ...)
-	TODO: check
+	NOT-FOR-US: perfSONAR
 CVE-2022-45212
 	RESERVED
 CVE-2022-45211
@@ -11557,7 +11557,7 @@ CVE-2022-45029
 CVE-2022-45028 (A cross-site scripting (XSS) vulnerability in Arris NVG443B 9.3.0h3d36 ...)
 	NOT-FOR-US: Arris
 CVE-2022-45027 (perfSONAR before 4.4.6, when performing participant discovery, incorre ...)
-	TODO: check
+	NOT-FOR-US: perfSONAR
 CVE-2022-45026 (An issue in Markdown Preview Enhanced v0.6.5 and v0.19.6 for VSCode an ...)
 	NOT-FOR-US: Markdown Preview Enhanced
 CVE-2022-45025 (Markdown Preview Enhanced v0.6.5 and v0.19.6 for VSCode and Atom was d ...)
@@ -13795,7 +13795,7 @@ CVE-2022-44567 (A command injection vulnerability exists in Rocket.Chat-Desktop
 CVE-2022-44566
 	RESERVED
 CVE-2022-44565 (An improper access validation vulnerability exists in airMAX AC <8. ...)
-	TODO: check
+	NOT-FOR-US: airMAX
 CVE-2022-44564 (Huawei Aslan Children's Watch has a path traversal vulnerability. Succ ...)
 	NOT-FOR-US: Huawei
 CVE-2022-3811



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/68ac2d822f6094beead55a51eba6317c1ba0d9d9

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/68ac2d822f6094beead55a51eba6317c1ba0d9d9
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230103/352ae2cd/attachment.htm>

More information about the debian-security-tracker-commits mailing list