[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Mar 9 14:45:21 GMT 2023 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
8d955929 by Salvatore Bonaccorso at 2023-03-09T15:44:53+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -14203,13 +14203,13 @@ CVE-2023-22894
 CVE-2023-22893
 	RESERVED
 CVE-2023-22892 (There exists an information disclosure vulnerability in SmartBear Zeph ...)
-	TODO: check
+	NOT-FOR-US: SmartBear Zephyr Enterprise
 CVE-2023-22891 (There exists a privilege escalation vulnerability in SmartBear Zephyr  ...)
-	TODO: check
+	NOT-FOR-US: SmartBear Zephyr Enterprise
 CVE-2023-22890 (SmartBear Zephyr Enterprise through 7.15.0 allows unauthenticated user ...)
-	TODO: check
+	NOT-FOR-US: SmartBear Zephyr Enterprise
 CVE-2023-22889 (SmartBear Zephyr Enterprise through 7.15.0 mishandles user-defined inp ...)
-	TODO: check
+	NOT-FOR-US: SmartBear Zephyr Enterprise
 CVE-2023-22888
 	RESERVED
 CVE-2023-22887
@@ -21914,7 +21914,7 @@ CVE-2022-46754 (Wyse Management Suite 3.8 and below contain an improper access c
 CVE-2022-46753
 	RESERVED
 CVE-2022-46752 (Dell BIOS contains an Improper Authorization vulnerability. An unauthe ...)
-	TODO: check
+	NOT-FOR-US: Dell
 CVE-2022-46751
 	RESERVED
 CVE-2022-4340 (The BookingPress WordPress plugin before 1.0.31 suffers from an Insecu ...)
@@ -22917,7 +22917,7 @@ CVE-2022-46396
 CVE-2022-46395 (An issue was discovered in the Arm Mali GPU Kernel Driver. A non-privi ...)
 	NOT-FOR-US: Arm Mali
 CVE-2022-46394 (An issue was discovered in the Arm Mali GPU Kernel Driver. A non-privi ...)
-	TODO: check
+	NOT-FOR-US: Arm Mali
 CVE-2022-46393 (An issue was discovered in Mbed TLS before 2.28.2 and 3.x before 3.3.0 ...)
 	- mbedtls 2.28.2-1
 	[bullseye] - mbedtls <not-affected> (The vulnerable code was introduced later)
@@ -49234,7 +49234,7 @@ CVE-2022-37941
 CVE-2022-37940
 	RESERVED
 CVE-2022-37939 (A potential security vulnerability has been identified in HPE Superdom ...)
-	TODO: check
+	NOT-FOR-US: HPE
 CVE-2022-37938 (Unauthenticated server side request forgery in HPE Serviceguard Manage ...)
 	NOT-FOR-US: HPE
 CVE-2022-37937 (Pre-auth memory corruption in HPE Serviceguard ...)
@@ -83846,7 +83846,7 @@ CVE-2022-25711 (Memory corruption in camera due to improper validation of array
 CVE-2022-25710 (Denial of service due to null pointer dereference when GATT is disconn ...)
 	NOT-FOR-US: Snapdragon
 CVE-2022-25709 (Memory corruption in modem due to use of out of range pointer offset w ...)
-	TODO: check
+	NOT-FOR-US: Qualcomm
 CVE-2022-25708 (Memory corruption in WLAN due to buffer copy without checking size of  ...)
 	NOT-FOR-US: Qualcomm
 CVE-2022-25707
@@ -83854,7 +83854,7 @@ CVE-2022-25707
 CVE-2022-25706 (Information disclosure in Bluetooth driver due to buffer over-read whi ...)
 	NOT-FOR-US: Qualcomm
 CVE-2022-25705 (Memory corruption in modem due to integer overflow to buffer overflow  ...)
-	TODO: check
+	NOT-FOR-US: Qualcomm
 CVE-2022-25704
 	RESERVED
 CVE-2022-25703
@@ -83876,7 +83876,7 @@ CVE-2022-25696 (Memory corruption in display due to time-of-check time-of-use ra
 CVE-2022-25695 (Memory corruption in MODEM due to Improper Validation of Array Index w ...)
 	NOT-FOR-US: Snapdragon
 CVE-2022-25694 (Memory corruption in Modem due to usage of Out-of-range pointer offset ...)
-	TODO: check
+	NOT-FOR-US: Qualcomm
 CVE-2022-25693 (Memory corruption in graphics due to use-after-free while graphics pro ...)
 	NOT-FOR-US: Qualcomm
 CVE-2022-25692 (Denial of service in Modem due to reachable assertion while processing ...)
@@ -83954,7 +83954,7 @@ CVE-2022-25657 (Memory corruption due to buffer overflow occurs while processing
 CVE-2022-25656 (Possible integer overflow and memory corruption due to improper valida ...)
 	NOT-FOR-US: Qualcomm
 CVE-2022-25655 (Memory corruption in WLAN HAL while arbitrary value is passed in WMI U ...)
-	TODO: check
+	NOT-FOR-US: Qualcomm
 CVE-2022-25654 (Memory corruption in kernel due to improper input validation while pro ...)
 	NOT-FOR-US: Qualcomm
 CVE-2022-25653 (Information disclosure in video due to buffer over-read while processi ...)
@@ -95664,7 +95664,7 @@ CVE-2022-22299 (A format string vulnerability [CWE-134] in the command line inte
 CVE-2022-22298
 	RESERVED
 CVE-2022-22297 (An incomplete filtering of one or more instances of special elements v ...)
-	TODO: check
+	NOT-FOR-US: FortiGuard
 CVE-2022-22296 (Sourcecodester Hospital's Patient Records Management System 1.0 is vul ...)
 	NOT-FOR-US: Sourcecodester
 CVE-2022-22295 (Metinfo v7.5.0 was discovered to contain a SQL injection vulnerability ...)
@@ -97680,11 +97680,11 @@ CVE-2021-45480 (An issue was discovered in the Linux kernel before 5.15.11. Ther
 CVE-2021-4167
 	RESERVED
 CVE-2021-45479 (Improper Neutralization of Input During Web Page Generation vulnerabil ...)
-	TODO: check
+	NOT-FOR-US: Yordam Information Technologies Library Automation System
 CVE-2021-45478 (Improper Handling of Parameters vulnerability in Bordam Information Te ...)
-	TODO: check
+	NOT-FOR-US: Bordam Information Technologies Library Automation System
 CVE-2021-45477 (Improper Handling of Parameters vulnerability in Bordam Information Te ...)
-	TODO: check
+	NOT-FOR-US: Bordam Information Technologies Library Automation System
 CVE-2021-45476 (Yordam Library Information Document Automation product before version  ...)
 	NOT-FOR-US: Yordam Library Information Document Automation
 CVE-2021-45475 (Yordam Library Information Document Automation product before version  ...)
@@ -98161,7 +98161,7 @@ CVE-2022-22077 (Memory corruption in graphics due to use-after-free in graphics
 CVE-2022-22076
 	RESERVED
 CVE-2022-22075 (Information Disclosure in Graphics during GPU context switch. ...)
-	TODO: check
+	NOT-FOR-US: Qualcomm
 CVE-2022-22074 (Memory Corruption during wma file playback due to integer overflow in  ...)
 	NOT-FOR-US: Qualcomm
 CVE-2022-22073
@@ -102656,9 +102656,9 @@ CVE-2021-44199 (DLL hijacking could lead to denial of service. The following pro
 CVE-2021-44198 (DLL hijacking could lead to local privilege escalation. The following  ...)
 	NOT-FOR-US: Acronis
 CVE-2021-44197 (Improper Neutralization of Script-Related HTML Tags in a Web Page (Bas ...)
-	TODO: check
+	NOT-FOR-US: UBIT Information Technologies Student Information Management System
 CVE-2021-44196 (Improper Neutralization of Script-Related HTML Tags in a Web Page (Bas ...)
-	TODO: check
+	NOT-FOR-US: UBIT Information Technologies Student Information Management System
 CVE-2021-4016 (Rapid7 Insight Agent, versions prior to 3.1.3, suffer from an improper ...)
 	NOT-FOR-US: Rapid7 Insight Agent
 CVE-2021-4015 (firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF) ...)
@@ -106979,7 +106979,7 @@ CVE-2022-20954 (Multiple vulnerabilities in Cisco TelePresence Collaboration End
 CVE-2022-20953 (Multiple vulnerabilities in Cisco TelePresence Collaboration Endpoint  ...)
 	NOT-FOR-US: Cisco
 CVE-2022-20952 (A vulnerability in the scanning engines of Cisco AsyncOS Software for  ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2022-20951 (A vulnerability in the web-based management interface of Cisco BroadWo ...)
 	NOT-FOR-US: Cisco
 CVE-2022-20950 (A vulnerability in the interaction of SIP and Snort 3 for Cisco Firepo ...)
@@ -112242,7 +112242,7 @@ CVE-2021-3856 (ClassLoaderTheme and ClasspathThemeResourceProviderFactory allows
 CVE-2021-3855 (Improper Neutralization of Special Elements used in a Command ('Comman ...)
 	NOT-FOR-US: Liman MYS
 CVE-2021-3854 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
-	TODO: check
+	NOT-FOR-US: Glox Technology Useroam Hotspot
 CVE-2021-XXXX [RUSTSEC-2021-0119: Out-of-bounds write in nix::unistd::getgrouplist]
 	- rust-nix 0.19.0-2 (bug #995562)
 	[bullseye] - rust-nix <no-dsa> (Minor issue)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8d95592955e285e8c0ccde22dd2469fa854f6ddc

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8d95592955e285e8c0ccde22dd2469fa854f6ddc
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230309/620f9c74/attachment.htm>

More information about the debian-security-tracker-commits mailing list