[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Jan 3 21:14:24 GMT 2023 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
f73bd13b by Salvatore Bonaccorso at 2023-01-03T22:13:56+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -17111,7 +17111,7 @@ CVE-2022-3706 (Improper authorization in GitLab CE/EE affecting all versions fro
 CVE-2022-43932
 	RESERVED
 CVE-2022-43931 (Out-of-bounds write vulnerability in Remote Desktop Functionality in S ...)
-	TODO: check
+	NOT-FOR-US: Synology VPN Plus Server
 CVE-2022-43930
 	RESERVED
 CVE-2022-43929
@@ -18143,13 +18143,13 @@ CVE-2022-43524
 CVE-2022-43523
 	RESERVED
 CVE-2022-43522 (Multiple vulnerabilities in the web-based management interface of Arub ...)
-	TODO: check
+	NOT-FOR-US: Aruba
 CVE-2022-43521 (Multiple vulnerabilities in the web-based management interface of Arub ...)
-	TODO: check
+	NOT-FOR-US: Aruba
 CVE-2022-43520 (Multiple vulnerabilities in the web-based management interface of Arub ...)
-	TODO: check
+	NOT-FOR-US: Aruba
 CVE-2022-43519 (Multiple vulnerabilities in the web-based management interface of Arub ...)
-	TODO: check
+	NOT-FOR-US: Aruba
 CVE-2022-43518 (An authenticated path traversal vulnerability exists in the Aruba Edge ...)
 	NOT-FOR-US: Aruba
 CVE-2022-43517 (A vulnerability has been identified in Simcenter STAR-CCM+ (All versio ...)
@@ -18211,11 +18211,11 @@ CVE-2022-43441
 CVE-2022-43439 (A vulnerability has been identified in POWER METER SICAM Q100 (All ver ...)
 	NOT-FOR-US: Siemens
 CVE-2022-43438 (The Administrator function of EasyTest has an Incorrect Authorization  ...)
-	TODO: check
+	NOT-FOR-US: EasyTest
 CVE-2022-43437 (The Download function’s parameter of EasyTest has insufficient v ...)
-	TODO: check
+	NOT-FOR-US: EasyTest
 CVE-2022-43436 (The File Upload function of EasyTest has insufficient filtering for sp ...)
-	TODO: check
+	NOT-FOR-US: EasyTest
 CVE-2022-42888 (Unauth. Privilege Escalation vulnerability in ARMember premium plugin  ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-42884
@@ -18447,7 +18447,7 @@ CVE-2022-3616 (Attackers can create long chains of CAs that would lead to OctoRP
 CVE-2022-3615
 	RESERVED
 CVE-2022-3614 (In affected versions of Octopus Deploy users of certain browsers using ...)
-	TODO: check
+	NOT-FOR-US: Octopus Deploy
 CVE-2022-3613
 	RESERVED
 CVE-2022-3612
@@ -20199,7 +20199,7 @@ CVE-2022-40221
 CVE-2022-3461 (In PHOENIX CONTACT Automationworx Software Suite up to version 1.89 ma ...)
 	NOT-FOR-US: PHOENIX
 CVE-2022-3460 (In affected versions of Octopus Deploy it is possible for certain type ...)
-	TODO: check
+	NOT-FOR-US: Octopus Deploy
 CVE-2022-3459
 	RESERVED
 CVE-2022-3458 (A vulnerability has been found in SourceCodester Human Resource Manage ...)
@@ -21127,7 +21127,7 @@ CVE-2022-42477
 CVE-2022-42476
 	RESERVED
 CVE-2022-42475 (A heap-based buffer overflow vulnerability [CWE-122] in FortiOS SSL-VP ...)
-	TODO: check
+	NOT-FOR-US: FortiOS SSL-VPN
 CVE-2022-42474
 	RESERVED
 CVE-2022-42473 (A missing authentication for a critical function vulnerability in Fort ...)
@@ -21135,7 +21135,7 @@ CVE-2022-42473 (A missing authentication for a critical function vulnerability i
 CVE-2022-42472
 	RESERVED
 CVE-2022-42471 (An improper neutralization of CRLF sequences in HTTP headers ('HTTP Re ...)
-	TODO: check
+	NOT-FOR-US: FortiGuard
 CVE-2022-42470
 	RESERVED
 CVE-2022-42469
@@ -24179,7 +24179,7 @@ CVE-2022-3293 (Email addresses were leaked in WebHook logs in GitLab EE affectin
 CVE-2022-3292 (Use of Cache Containing Sensitive Information in GitHub repository iku ...)
 	- rdiffweb <itp> (bug #969974)
 CVE-2022-41336 (An improper neutralization of input during web page generation vulnera ...)
-	TODO: check
+	NOT-FOR-US: FortiGuard
 CVE-2022-41335
 	RESERVED
 CVE-2022-41334



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f73bd13b3520c2920b14aa6aed8af8f0f2386485

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f73bd13b3520c2920b14aa6aed8af8f0f2386485
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230103/bf881f7a/attachment.htm>

More information about the debian-security-tracker-commits mailing list