[Git][security-tracker-team/security-tracker][master] Process NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Jan 12 21:29:52 GMT 2023



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
0875fc59 by Salvatore Bonaccorso at 2023-01-12T22:29:27+01:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -8070,7 +8070,7 @@ CVE-2022-47085
 CVE-2022-47084
 	RESERVED
 CVE-2022-47083 (Spitfire CMS 1.0.475 is vulnerable to PHP Object Injection. ...)
-	TODO: check
+	NOT-FOR-US: Spitfire CMS
 CVE-2022-47082
 	RESERVED
 CVE-2022-47081
@@ -8420,7 +8420,7 @@ CVE-2022-46910 (An issue in the firmware update process of TP-Link TL-WA901ND V1
 CVE-2022-46909
 	RESERVED
 CVE-2022-4429 (Avira Security for Windows contains an unquoted service path which all ...)
-	TODO: check
+	NOT-FOR-US: Avira Security for Windows
 CVE-2022-4428 (support_uri parameter in the WARP client local settings file (mdm.xml) ...)
 	TODO: check
 CVE-2022-4427 (Improper Input Validation vulnerability in OTRS AG OTRS, OTRS AG ((OTR ...)
@@ -8438,7 +8438,7 @@ CVE-2022-4424
 CVE-2022-4423
 	RESERVED
 CVE-2022-4422 (This issue affects: Bulutses Bilgi Teknolojileri LTD. ŞTİ. B ...)
-	TODO: check
+	NOT-FOR-US: BULUTDESK CALLCENTER
 CVE-2022-4421 (A vulnerability was found in rAthena FluxCP. It has been classified as ...)
 	NOT-FOR-US: rAthena FluxCP
 CVE-2022-4420
@@ -8567,7 +8567,7 @@ CVE-2022-4394 (The iPages Flipbook For WordPress plugin through 1.4.6 does not s
 CVE-2022-4393 (The ImageLinks Interactive Image Builder for WordPress plugin through  ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-4392 (The iPanorama 360 WordPress Virtual Tour Builder plugin through 1.6.29 ...)
-	TODO: check
+	NOT-FOR-US: iPanorama 360 WordPress Virtual Tour Builder plugin
 CVE-2022-46892
 	RESERVED
 CVE-2022-46891
@@ -8809,7 +8809,7 @@ CVE-2022-46825 (In JetBrains IntelliJ IDEA before 2022.3 the built-in web server
 CVE-2022-46824 (In JetBrains IntelliJ IDEA before 2022.2.4 a buffer overflow in the fs ...)
 	- intellij-idea <itp> (bug #747616)
 CVE-2022-46823 (A vulnerability has been identified in Mendix SAML (Mendix 8 compatibl ...)
-	TODO: check
+	NOT-FOR-US: Siemens
 CVE-2022-46822
 	RESERVED
 CVE-2022-46821
@@ -9511,7 +9511,7 @@ CVE-2022-46612
 CVE-2022-46611
 	RESERVED
 CVE-2022-46610 (72crm v9 was discovered to contain an arbitrary file upload vulnerabil ...)
-	TODO: check
+	NOT-FOR-US: 72crm
 CVE-2022-46609 (Python3-RESTfulAPI commit d9907f14e9e25dcdb54f5b22252b0e9452e3970e and ...)
 	NOT-FOR-US: backdoored Python3-RESTfulAPI package
 CVE-2022-46608
@@ -9525,7 +9525,7 @@ CVE-2022-46605
 CVE-2022-46604
 	RESERVED
 CVE-2022-46603 (An issue in Inkdrop v5.4.1 allows attackers to execute arbitrary comma ...)
-	TODO: check
+	NOT-FOR-US: Inkdrop
 CVE-2022-46602
 	RESERVED
 CVE-2022-46601 (TRENDnet TEW755AP 1.13B01 was discovered to contain a stack overflow v ...)
@@ -9725,7 +9725,7 @@ CVE-2022-46505
 CVE-2022-46504
 	RESERVED
 CVE-2022-46503 (A cross-site scripting (XSS) vulnerability in the component /admin/reg ...)
-	TODO: check
+	NOT-FOR-US: Online Student Enrollment System
 CVE-2022-46502
 	RESERVED
 CVE-2022-46501
@@ -9903,7 +9903,7 @@ CVE-2022-43466 (Buffalo network devices WSR-3200AX4S firmware Ver. 1.26 and earl
 CVE-2022-43443 (Buffalo network devices WSR-3200AX4S firmware Ver. 1.26 and earlier, W ...)
 	NOT-FOR-US: Buffalo network devices
 CVE-2022-4294 (Norton, Avira, Avast and AVG Antivirus for Windows may be susceptible  ...)
-	TODO: check
+	NOT-FOR-US: Norton
 CVE-2022-4293 (Floating Point Comparison with Incorrect Operator in GitHub repository ...)
 	- vim 2:9.0.0813-1 (unimportant)
 	NOTE: https://huntr.dev/bounties/385a835f-6e33-4d00-acce-ac99f3939143
@@ -10073,17 +10073,17 @@ CVE-2022-46374
 CVE-2022-46373
 	RESERVED
 CVE-2022-46372 (Alotcer - AR7088H-A firmware version 16.10.3 Command execution Imprope ...)
-	TODO: check
+	NOT-FOR-US: Alotcer - AR7088H-A firmware
 CVE-2022-46371 (Alotcer - AR7088H-A firmware version 16.10.3 Information disclosure. U ...)
-	TODO: check
+	NOT-FOR-US: Alotcer - AR7088H-A firmware
 CVE-2022-46370 (Rumpus - FTP server version 9.0.7.1 Improper Token Verification– ...)
-	TODO: check
+	NOT-FOR-US: Rumpus - FTP server
 CVE-2022-46369 (Rumpus - FTP server version 9.0.7.1 Persistent cross-site scripting (P ...)
-	TODO: check
+	NOT-FOR-US: Rumpus - FTP server
 CVE-2022-46368 (Rumpus - FTP server version 9.0.7.1 Cross-site request forgery (CSRF)  ...)
-	TODO: check
+	NOT-FOR-US: Rumpus - FTP server
 CVE-2022-46367 (Rumpus - FTP server Cross-site request forgery (CSRF) – Privileg ...)
-	TODO: check
+	NOT-FOR-US: Rumpus - FTP server
 CVE-2022-46365
 	RESERVED
 CVE-2022-46364 (A SSRF vulnerability in parsing the href attribute of XOP:Include in M ...)
@@ -10241,71 +10241,71 @@ CVE-2023-21565
 CVE-2023-21564
 	RESERVED
 CVE-2023-21563 (BitLocker Security Feature Bypass Vulnerability. ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2023-21562
 	RESERVED
 CVE-2023-21561 (Microsoft Cryptographic Services Elevation of Privilege Vulnerability. ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2023-21560 (Windows Boot Manager Security Feature Bypass Vulnerability. ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2023-21559 (Windows Cryptographic Information Disclosure Vulnerability. This CVE I ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2023-21558 (Windows Error Reporting Service Elevation of Privilege Vulnerability. ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2023-21557 (Windows Lightweight Directory Access Protocol (LDAP) Denial of Service ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2023-21556 (Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution Vulner ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2023-21555 (Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution Vulner ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2023-21554
 	RESERVED
 CVE-2023-21553
 	RESERVED
 CVE-2023-21552 (Windows GDI Elevation of Privilege Vulnerability. This CVE ID is uniqu ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2023-21551 (Microsoft Cryptographic Services Elevation of Privilege Vulnerability. ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2023-21550 (Windows Cryptographic Information Disclosure Vulnerability. This CVE I ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2023-21549 (Windows SMB Witness Service Elevation of Privilege Vulnerability. ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2023-21548 (Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution  ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2023-21547 (Internet Key Exchange (IKE) Protocol Denial of Service Vulnerability. ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2023-21546 (Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution Vulner ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2023-21545
 	RESERVED
 CVE-2023-21544
 	RESERVED
 CVE-2023-21543 (Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution Vulner ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2023-21542 (Windows Installer Elevation of Privilege Vulnerability. ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2023-21541 (Windows Task Scheduler Elevation of Privilege Vulnerability. ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2023-21540 (Windows Cryptographic Information Disclosure Vulnerability. This CVE I ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2023-21539 (Windows Authentication Remote Code Execution Vulnerability. ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2023-21538 (.NET Denial of Service Vulnerability. ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2023-21537 (Microsoft Message Queuing (MSMQ) Elevation of Privilege Vulnerability. ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2023-21536 (Event Tracing for Windows Information Disclosure Vulnerability. This C ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2023-21535 (Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution  ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2023-21534
 	RESERVED
 CVE-2023-21533
 	RESERVED
 CVE-2023-21532 (Windows GDI Elevation of Privilege Vulnerability. This CVE ID is uniqu ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2023-21531 (Azure Service Fabric Container Elevation of Privilege Vulnerability. ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2023-21530
 	RESERVED
 CVE-2023-21529
@@ -10313,13 +10313,13 @@ CVE-2023-21529
 CVE-2023-21528
 	RESERVED
 CVE-2023-21527 (Windows iSCSI Service Denial of Service Vulnerability. ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2023-21526
 	RESERVED
 CVE-2023-21525 (Remote Procedure Call Runtime Denial of Service Vulnerability. ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2023-21524 (Windows Local Security Authority (LSA) Elevation of Privilege Vulnerab ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2022-4261 (Rapid7 Nexpose and InsightVM versions prior to 6.6.172 failed to relia ...)
 	NOT-FOR-US: Rapid7 Nexpose and InsightVM
 CVE-2022-4260 (The WP-Ban WordPress plugin before 1.69.1 does not sanitise and escape ...)
@@ -13877,13 +13877,13 @@ CVE-2022-3961 (The Directorist WordPress plugin before 7.4.4 does not prevent us
 CVE-2022-3960
 	RESERVED
 CVE-2022-45167 (An issue was discovered in Archibus Web Central 2022.03.01.107. A serv ...)
-	TODO: check
+	NOT-FOR-US: Archibus Web Central
 CVE-2022-45166 (An issue was discovered in Archibus Web Central 2022.03.01.107. A serv ...)
-	TODO: check
+	NOT-FOR-US: Archibus Web Central
 CVE-2022-45165 (An issue was discovered in Archibus Web Central 2022.03.01.107. A serv ...)
-	TODO: check
+	NOT-FOR-US: Archibus Web Central
 CVE-2022-45164 (An issue was discovered in Archibus Web Central 2022.03.01.107. A serv ...)
-	TODO: check
+	NOT-FOR-US: Archibus Web Central
 CVE-2022-45163 (An information-disclosure vulnerability exists on select NXP devices w ...)
 	NOT-FOR-US: NXP devices
 CVE-2022-45162
@@ -14104,11 +14104,11 @@ CVE-2022-45096
 CVE-2022-45095
 	RESERVED
 CVE-2022-45094 (A vulnerability has been identified in SINEC INS (All versions < V1 ...)
-	TODO: check
+	NOT-FOR-US: Siemens
 CVE-2022-45093 (A vulnerability has been identified in SINEC INS (All versions < V1 ...)
-	TODO: check
+	NOT-FOR-US: Siemens
 CVE-2022-45092 (A vulnerability has been identified in SINEC INS (All versions < V1 ...)
-	TODO: check
+	NOT-FOR-US: Siemens
 CVE-2022-45091
 	RESERVED
 CVE-2022-45090
@@ -18518,13 +18518,13 @@ CVE-2022-43975
 CVE-2022-43974 (MatrixSSL 4.0.4 through 4.5.1 has an integer overflow in matrixSslDeco ...)
 	TODO: check
 CVE-2022-43973 (An arbitrary code execution vulnerability exisits in Linksys WRT54GL W ...)
-	TODO: check
+	NOT-FOR-US: Linksys
 CVE-2022-43972 (A null pointer dereference vulnerability exists in Linksys WRT54GL Wir ...)
-	TODO: check
+	NOT-FOR-US: Linksys
 CVE-2022-43971 (An arbitrary code exection vulnerability exists in Linksys WUMC710 Wir ...)
-	TODO: check
+	NOT-FOR-US: Linksys
 CVE-2022-43970 (A buffer overflow vulnerability exists in Linksys WRT54GL Wireless-G B ...)
-	TODO: check
+	NOT-FOR-US: Linksys
 CVE-2022-43969
 	RESERVED
 CVE-2022-43968 (Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9 ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0875fc5919cf97aeddbde6eec7963d3f3ef6ebe4

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0875fc5919cf97aeddbde6eec7963d3f3ef6ebe4
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230112/59ad34d9/attachment-0001.htm>


More information about the debian-security-tracker-commits mailing list