[Git][security-tracker-team/security-tracker][master] Process some NFUs

Neil Williams (@codehelp) Fri, 13 May 2022 01:24:19 -0700


Neil Williams pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
c1fab697 by Neil Williams at 2022-05-13T09:23:37+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -8602,13 +8602,13 @@ CVE-2022-27655 (When a user opens a manipulated 
Universal 3D (.u3d, 3difr.x3d) r
 CVE-2022-27654 (When a user opens a manipulated Photoshop Document (.psd, 
2d.x3d) rece ...)
        NOT-FOR-US: SAP
 CVE-2022-26518 (An OS command injection vulnerability exists in the console 
infactory_ ...)
-       TODO: check
+       NOT-FOR-US: InHand Networks InRouter302
 CVE-2022-26422
        RESERVED
 CVE-2022-26420 (An OS command injection vulnerability exists in the console 
infactory_ ...)
-       TODO: check
+       NOT-FOR-US: InHand Networks InRouter302
 CVE-2022-26075 (An OS command injection vulnerability exists in the console 
infactory_ ...)
-       TODO: check
+       NOT-FOR-US: InHand Networks InRouter302
 CVE-2022-1056 (Out-of-bounds Read error in tiffcrop in libtiff 4.3.0 allows 
attackers ...)
        - tiff <unfixed> (unimportant)
        NOTE: https://gitlab.com/libtiff/libtiff/-/issues/391
@@ -10082,7 +10082,7 @@ CVE-2022-27166
 CVE-2022-26511 (WPS Presentation 11.8.0.5745 insecurely load d3dx9_41.dll when 
opening ...)
        NOT-FOR-US: WPS Presentation
 CVE-2022-26510 (A firmware update vulnerability exists in the iburn firmware 
checks fu ...)
-       TODO: check
+       NOT-FOR-US: InHand Networks InRouter302
 CVE-2022-26303
        RESERVED
 CVE-2022-26082
@@ -11079,11 +11079,11 @@ CVE-2022-0907 (Unchecked Return Value to NULL Pointer 
Dereference in tiffcrop in
        NOTE: https://gitlab.com/libtiff/libtiff/-/merge_requests/314
        NOTE: 
https://gitlab.com/libtiff/libtiff/-/commit/40b00cfb32256d377608b4d4cd30fac338d0a0bc
 CVE-2022-26782 (Multiple improper input validation vulnerabilities exists in 
the libnv ...)
-       TODO: check
+       NOT-FOR-US: InHand Networks InRouter302
 CVE-2022-26781 (Multiple improper input validation vulnerabilities exists in 
the libnv ...)
-       TODO: check
+       NOT-FOR-US: InHand Networks InRouter302
 CVE-2022-26780 (Multiple improper input validation vulnerabilities exists in 
the libnv ...)
-       TODO: check
+       NOT-FOR-US: InHand Networks InRouter302
 CVE-2022-26779 (Apache CloudStack prior to 4.16.1.0 used insecure random 
number genera ...)
        NOT-FOR-US: Apache CloudStack
 CVE-2022-0906 (Unrestricted file upload leads to stored XSS in GitHub 
repository micr ...)
@@ -12996,7 +12996,7 @@ CVE-2022-26118
 CVE-2022-26117
        RESERVED
 CVE-2022-26116 (Multiple improper neutralization of special elements used in 
SQL comma ...)
-       TODO: check
+       NOT-FOR-US: Fortiguard FortiNAC
 CVE-2022-26115
        RESERVED
 CVE-2022-26114
@@ -13006,13 +13006,13 @@ CVE-2022-26113
 CVE-2022-26112
        RESERVED
 CVE-2022-26042 (An OS command injection vulnerability exists in the daretools 
binary f ...)
-       TODO: check
+       NOT-FOR-US: InHand Networks InRouter302
 CVE-2022-26007 (An OS command injection vulnerability exists in the console 
factory fu ...)
-       TODO: check
+       NOT-FOR-US: InHand Networks InRouter302
 CVE-2022-26002 (A stack-based buffer overflow vulnerability exists in the 
console fact ...)
-       TODO: check
+       NOT-FOR-US: InHand Networks InRouter302
 CVE-2022-25995 (A command execution vulnerability exists in the console inhand 
functio ...)
-       TODO: check
+       NOT-FOR-US: InHand Networks InRouter302
 CVE-2022-0765 (The Loco Translate WordPress plugin before 2.6.1 does not 
properly rem ...)
        NOT-FOR-US: WordPress plugin
 CVE-2022-0764 (Arbitrary Command Injection in GitHub repository strapi/strapi 
prior t ...)
@@ -13089,7 +13089,7 @@ CVE-2022-0759 (A flaw was found in all versions of 
kubeclient up to (but not inc
        NOTE: https://github.com/ManageIQ/kubeclient/issues/555
        NOTE: https://github.com/ManageIQ/kubeclient/pull/556
 CVE-2022-26085 (An OS command injection vulnerability exists in the httpd 
wlscan_ASP f ...)
-       TODO: check
+       NOT-FOR-US: InHand Networks InRouter302
 CVE-2022-26068 (This affects the package pistacheio/pistache before 
0.0.3.20220425. It ...)
        - pistache <itp> (bug #929593)
 CVE-2022-26066
@@ -14060,11 +14060,11 @@ CVE-2022-25651
 CVE-2022-25650 (A vulnerability has been identified in Mendix Applications 
using Mendi ...)
        NOT-FOR-US: Siemens
 CVE-2022-25172 (An information disclosure vulnerability exists in the web 
interface se ...)
-       TODO: check
+       NOT-FOR-US: InHand Networks InRouter302
 CVE-2022-25170 (The affected product is vulnerable to a stack-based buffer 
overflow wh ...)
        NOT-FOR-US: FATEK Automation
 CVE-2022-24910 (A buffer overflow vulnerability exists in the httpd 
parse_ping_result  ...)
-       TODO: check
+       NOT-FOR-US: InHand Networks InRouter302
 CVE-2022-23985 (The affected product is vulnerable to an out-of-bounds write 
while pro ...)
        NOT-FOR-US: FATEK Automation
 CVE-2022-21809 (A file write vulnerability exists in the httpd upload.cgi 
functionalit ...)
@@ -17369,7 +17369,7 @@ CVE-2022-24585 (A stored cross-site scripting (XSS) 
vulnerability in the compone
        - pluxml <unfixed> (bug #1008264)
        NOTE: 
https://github.com/Nguyen-Trung-Kien/CVE/blob/main/CVE-2022-24585/CVE-2022-24585.pdf
 CVE-2022-24584 (Incorrect access control in Yubico OTP functionality of the 
YubiKey ha ...)
-       TODO: check
+       NOT-FOR-US: yubico.com
 CVE-2022-24583
        RESERVED
 CVE-2022-24582 (Accounting Journal Management 1.0 is vulnerable to 
XSS-PHPSESSID-Hijac ...)
@@ -17618,7 +17618,7 @@ CVE-2022-24468 (Azure Site Recovery Remote Code 
Execution Vulnerability. This CV
 CVE-2022-24467 (Azure Site Recovery Remote Code Execution Vulnerability. This 
CVE ID i ...)
        NOT-FOR-US: Microsoft
 CVE-2022-24466 (Windows Hyper-V Security Feature Bypass Vulnerability. ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2022-24465 (Microsoft Intune Portal for iOS Security Feature Bypass 
Vulnerability. ...)
        NOT-FOR-US: Microsoft
 CVE-2022-24464 (.NET and Visual Studio Denial of Service Vulnerability. ...)
@@ -18396,7 +18396,9 @@ CVE-2022-24274
 CVE-2022-24273
        RESERVED
 CVE-2022-24272 (An authenticated user may trigger an invariant assertion 
during comman ...)
-       TODO: check
+       - mongodb <removed>
+       [stretch] - mongodb <end-of-life> 
(https://lists.debian.org/debian-lts/2020/11/msg00058.html)
+       NOTE: https://jira.mongodb.org/browse/SERVER-63968
 CVE-2022-23400 (A stack-based buffer overflow vulnerability exists in the 
IGXMPXMLPars ...)
        NOT-FOR-US: Accusoft ImageGear
 CVE-2022-0435 (A stack overflow flaw was found in the Linux kernel's TIPC 
protocol fu ...)
@@ -18923,13 +18925,13 @@ CVE-2022-24106
 CVE-2022-24105 (Adobe Photoshop versions 22.5.6 (and earlier)and 23.2.2 (and 
earlier)  ...)
        NOT-FOR-US: Adobe
 CVE-2022-24104 (Acrobat Reader DC versions 20.001.20085 (and earlier), 
20.005.3031x (a ...)
-       TODO: check
+       NOT-FOR-US: Adobe
 CVE-2022-24103 (Acrobat Reader DC versions 20.001.20085 (and earlier), 
20.005.3031x (a ...)
-       TODO: check
+       NOT-FOR-US: Adobe
 CVE-2022-24102 (Acrobat Reader DC versions 20.001.20085 (and earlier), 
20.005.3031x (a ...)
-       TODO: check
+       NOT-FOR-US: Adobe
 CVE-2022-24101 (Acrobat Reader DC versions 20.001.20085 (and earlier), 
20.005.3031x (a ...)
-       TODO: check
+       NOT-FOR-US: Adobe
 CVE-2022-24100
        RESERVED
 CVE-2022-24099 (Adobe Photoshop versions 22.5.6 (and earlier)and 23.2.2 (and 
earlier)  ...)
@@ -20623,7 +20625,7 @@ CVE-2022-23745
 CVE-2022-23744
        RESERVED
 CVE-2022-23743 (Check Point ZoneAlarm before version 15.8.200.19118 allows a 
local act ...)
-       TODO: check
+       NOT-FOR-US: Check Point ZoneAlarm
 CVE-2022-23742 (Check Point Endpoint Security Client for Windows versions 
earlier than ...)
        TODO: check
 CVE-2022-23741
@@ -21677,7 +21679,7 @@ CVE-2022-23334
 CVE-2022-23333
        RESERVED
 CVE-2022-23332 (Command injection vulnerability in Manual Ping Form (Web UI) 
in Shenzh ...)
-       TODO: check
+       NOT-FOR-US: Ejoin Information Technology
 CVE-2022-23331 (In DataEase v1.6.1, an authenticated user can gain 
unauthorized access ...)
        NOT-FOR-US: DataEase
 CVE-2022-23330 (A remote code execution (RCE) vulnerability in 
HelloWorldAddonControll ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c1fab697e7935a39ff6f788381a296ec8e910ef0

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c1fab697e7935a39ff6f788381a296ec8e910ef0
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process some NFUs

Reply via email to