[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) jmm at debian.org
Wed Jan 4 11:30:49 GMT 2023 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
920f7ead by Moritz Muehlenhoff at 2023-01-04T12:30:21+01:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -8503,7 +8503,7 @@ CVE-2022-46083
 CVE-2022-46082
 	RESERVED
 CVE-2022-46081 (In Garmin Connect 4.61, terminating a LiveTrack session wouldn't preve ...)
-	TODO: check
+	NOT-FOR-US: Garmin
 CVE-2022-46080
 	RESERVED
 CVE-2022-46079
@@ -20670,7 +20670,7 @@ CVE-2022-42712
 CVE-2022-42711 (In Progress WhatsUp Gold before 22.1.0, an SNMP MIB Walker application ...)
 	NOT-FOR-US: Progress WhatsUp Gold
 CVE-2022-42710 (Nice (formerly Nortek) Linear eMerge E3-Series 0.32-08f, 0.32-07p, 0.3 ...)
-	TODO: check
+	NOT-FOR-US: Nice Linear eMerge E3-Series
 CVE-2022-42709
 	RESERVED
 CVE-2022-42708
@@ -21726,15 +21726,15 @@ CVE-2022-42272
 CVE-2022-42271
 	RESERVED
 CVE-2022-42270 (NVIDIA distributions of Linux contain a vulnerability in nvdla_emu_tas ...)
-	TODO: check
+	NOT-FOR-US: NVIDIA
 CVE-2022-42269 (NVIDIA Trusted OS contains a vulnerability in an SMC call handler, whe ...)
-	TODO: check
+	NOT-FOR-US: NVIDIA
 CVE-2022-42268
 	RESERVED
 CVE-2022-42267 (NVIDIA GPU Display Driver for Windows contains a vulnerability where a ...)
-	TODO: check
+	NOT-FOR-US: NVIDIA
 CVE-2022-42266 (NVIDIA GPU Display Driver for Windows contains a vulnerability in the  ...)
-	TODO: check
+	NOT-FOR-US: NVIDIA
 CVE-2022-42265 (NVIDIA GPU Display Driver for Linux contains a vulnerability in the ke ...)
 	TODO: check
 CVE-2022-42264 (NVIDIA GPU Display Driver for Linux contains a vulnerability in the ke ...)
@@ -25667,7 +25667,7 @@ CVE-2022-40742 (Mail SQR Expert system has a Local File Inclusion vulnerability.
 CVE-2022-40741 (Mail SQR Expert’s specific function has insufficient filtering f ...)
 	NOT-FOR-US: Mail SQR Expert system
 CVE-2022-40740 (Realtek GPON router has insufficient filtering for special characters. ...)
-	TODO: check
+	NOT-FOR-US: Realtek
 CVE-2022-40739 (Ragic report generation page has insufficient filtering for special ch ...)
 	NOT-FOR-US: Ragic
 CVE-2022-3227
@@ -27638,7 +27638,7 @@ CVE-2022-39949 (An improper control of a resource through its lifetime vulnerabi
 CVE-2022-39948
 	RESERVED
 CVE-2022-39947 (A improper neutralization of special elements used in an os command (' ...)
-	TODO: check
+	NOT-FOR-US: Fortinet
 CVE-2022-39946
 	RESERVED
 CVE-2022-39945 (An improper access control vulnerability [CWE-284] in FortiMail 7.2.0, ...)
@@ -29913,13 +29913,13 @@ CVE-2022-3061 (Found Linux Kernel flaw in the i740 driver. The Userspace program
 CVE-2022-39043
 	RESERVED
 CVE-2022-39042 (aEnrich a+HRD has improper validation for login function. An unauthent ...)
-	TODO: check
+	NOT-FOR-US: aEnrich a+HRD
 CVE-2022-39041 (aEnrich a+HRD has insufficient user input validation for specific API  ...)
-	TODO: check
+	NOT-FOR-US: aEnrich a+HRD
 CVE-2022-39040 (aEnrich a+HRD log read function has a path traversal vulnerability. An ...)
-	TODO: check
+	NOT-FOR-US: aEnrich a+HRD
 CVE-2022-39039 (aEnrich’s a+HRD has inadequate filtering for specific URL parame ...)
-	TODO: check
+	NOT-FOR-US: aEnrich a+HRD
 CVE-2022-39038 (Agentflow BPM enterprise management system has improper authentication ...)
 	NOT-FOR-US: Agentflow BPM enterprise management system
 CVE-2022-39037 (Agentflow BPM file download function has a path traversal vulnerabilit ...)
@@ -30736,7 +30736,7 @@ CVE-2022-38768 (The mobile application in Transtek Mojodat FAM (Fixed Asset Mana
 CVE-2022-38767 (An issue was discovered in Wind River VxWorks 6.9 and 7, that allows a ...)
 	NOT-FOR-US: Wind River VxWorks
 CVE-2022-38766 (The remote keyless system on Renault ZOE 2021 vehicles sends 433.92 MH ...)
-	TODO: check
+	NOT-FOR-US: Renault
 CVE-2022-38765 (Canon Medical Informatics Vitrea Vision 7.7.76.1 does not adequately e ...)
 	NOT-FOR-US: Canon Medical Informatics Vitrea
 CVE-2022-38764 (A vulnerability on Trend Micro HouseCall version 1.62.1.1133 and below ...)
@@ -30923,7 +30923,7 @@ CVE-2022-38725
 CVE-2022-38724 (Silverstripe silverstripe/framework through 4.11.0, silverstripe/asset ...)
 	NOT-FOR-US: SilverStripe CMS
 CVE-2022-38723 (Gravitee API Management before 3.15.13 allows path traversal through H ...)
-	TODO: check
+	NOT-FOR-US: Gravitee API Management
 CVE-2022-38722
 	RESERVED
 CVE-2022-38721
@@ -30998,7 +30998,7 @@ CVE-2022-2969 (Delta Industrial Automation DIALink versions prior to v1.5.0.0 Be
 CVE-2022-2968
 	RESERVED
 CVE-2022-2967 (Prosys OPC UA Simulation Server version prior to v5.3.0-64 and UA Modb ...)
-	TODO: check
+	NOT-FOR-US: Prosys OPC UA Simulation Server
 CVE-2022-2966 (Out-of-bounds Read vulnerability in Delta Electronics DOPSoft.This iss ...)
 	NOT-FOR-US: Delta Electronics DOPSoft
 CVE-2022-2965 (Improper Restriction of Rendered UI Layers or Frames in GitHub reposit ...)
@@ -31270,7 +31270,7 @@ CVE-2022-38629
 CVE-2022-38628 (Nortek Linear eMerge E3-Series 0.32-08f, 0.32-07p, 0.32-07e, 0.32-09c, ...)
 	NOT-FOR-US: Nortek Linear eMerge E3-Series
 CVE-2022-38627 (Nortek Linear eMerge E3-Series 0.32-08f, 0.32-07p, 0.32-07e, 0.32-09c, ...)
-	TODO: check
+	NOT-FOR-US: Nortek Linear eMerge E3-Series
 CVE-2022-38626
 	RESERVED
 CVE-2022-38625 (** DISPUTED ** Patlite NH-FB v1.46 and below was discovered to contain ...)
@@ -33330,9 +33330,9 @@ CVE-2022-37936
 CVE-2022-37935
 	RESERVED
 CVE-2022-37934 (A potential security vulnerability has been identified in HPE OfficeCo ...)
-	TODO: check
+	NOT-FOR-US: HPE
 CVE-2022-37933 (A potential security vulnerability has been identified in HPE Superdom ...)
-	TODO: check
+	NOT-FOR-US: HPE
 CVE-2022-37932 (A potential security vulnerability has been identified in Hewlett Pack ...)
 	NOT-FOR-US: HPE
 CVE-2022-37931 (A vulnerability in NetBatch-Plus software allows unauthorized access t ...)
@@ -33669,11 +33669,11 @@ CVE-2022-37789
 CVE-2022-37788
 	RESERVED
 CVE-2022-37787 (An issue was discovered in WeCube platform 3.2.2. A DOM XSS vulnerabil ...)
-	TODO: check
+	NOT-FOR-US: WeCube
 CVE-2022-37786 (An issue was discovered in WeCube Platform 3.2.2. There are multiple C ...)
-	TODO: check
+	NOT-FOR-US: WeCube
 CVE-2022-37785 (An issue was discovered in WeCube Platform 3.2.2. Cleartext passwords  ...)
-	TODO: check
+	NOT-FOR-US: WeCube
 CVE-2022-37784
 	RESERVED
 CVE-2022-37783 (All Craft CMS versions between 3.0.0 and 3.7.32 disclose password hash ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/920f7eadc64cee8529c2a5ff4dff04103db21916

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/920f7eadc64cee8529c2a5ff4dff04103db21916
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230104/208c00bb/attachment.htm>

More information about the debian-security-tracker-commits mailing list