[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) Wed, 24 Aug 2022 13:27:39 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
8186dfa6 by Salvatore Bonaccorso at 2022-08-24T22:27:04+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -4198,13 +4198,13 @@ CVE-2022-37183
 CVE-2022-37182
        RESERVED
 CVE-2022-37181 (72crm 9.0 has an Arbitrary file upload vulnerability. ...)
-       TODO: check
+       NOT-FOR-US: 72crm
 CVE-2022-37180
        RESERVED
 CVE-2022-37179
        RESERVED
 CVE-2022-37178 (An issue was discovered in 72crm 9.0. There is a SQL Injection 
vulnera ...)
-       TODO: check
+       NOT-FOR-US: 72crm
 CVE-2022-37177
        RESERVED
 CVE-2022-37176
@@ -4254,7 +4254,7 @@ CVE-2022-37155
 CVE-2022-37154
        RESERVED
 CVE-2022-37153 (An issue was discovered in Artica Proxy 4.30.000000. There is 
a XSS vu ...)
-       TODO: check
+       NOT-FOR-US: Artica Proxy
 CVE-2022-37152
        RESERVED
 CVE-2022-37151
@@ -4680,7 +4680,7 @@ CVE-2022-37010 (In JetBrains IntelliJ IDEA before 2022.2 
email address validatio
 CVE-2022-37009 (In JetBrains IntelliJ IDEA before 2022.2 local code execution 
via a Va ...)
        - intellij-idea <itp> (bug #747616)
 CVE-2022-2569 (The affected device stores sensitive information in cleartext, 
which m ...)
-       TODO: check
+       NOT-FOR-US: ARC Informatique
 CVE-2022-2568 (A privilege escalation flaw was found in the Ansible Automation 
Platfo ...)
        NOT-FOR-US: Red Hat Ansible Automation Platform
 CVE-2022-2567
@@ -5512,7 +5512,7 @@ CVE-2022-36635
 CVE-2022-36634
        RESERVED
 CVE-2022-36633 (Teleport 9.3.6 is vulnerable to Command injection leading to 
Remote Co ...)
-       TODO: check
+       NOT-FOR-US: Teleport
 CVE-2022-36632
        RESERVED
 CVE-2022-36631
@@ -10051,11 +10051,11 @@ CVE-2022-34847
 CVE-2022-34839 (Authentication Bypass vulnerability in CodexShaper's WP OAuth2 
Server  ...)
        NOT-FOR-US: WordPress plugin
 CVE-2022-34838 (Storing Passwords in a Recoverable Format vulnerability in ABB 
Zenon 8 ...)
-       TODO: check
+       NOT-FOR-US: ABB Zenon
 CVE-2022-34837 (Storing Passwords in a Recoverable Format vulnerability in ABB 
Zenon 8 ...)
-       TODO: check
+       NOT-FOR-US: ABB Zenon
 CVE-2022-34836 (Relative Path Traversal vulnerability in ABB Zenon 8.20 allows 
the use ...)
-       TODO: check
+       NOT-FOR-US: ABB Zenon
 CVE-2022-34654
        RESERVED
 CVE-2022-34650 (Multiple Authenticated (contributor or higher user role) 
Stored Cross- ...)
@@ -10455,7 +10455,7 @@ CVE-2022-34745
 CVE-2022-34744
        RESERVED
 CVE-2022-2234 (An authenticated mySCADA myPRO 8.26.0 user may be able to 
modify param ...)
-       TODO: check
+       NOT-FOR-US: mySCADA myPRO
 CVE-2022-2233
        RESERVED
 CVE-2022-2232
@@ -11095,9 +11095,9 @@ CVE-2022-2206 (Out-of-bounds Read in GitHub repository 
vim/vim prior to 8.2. ...
        NOTE: 
https://github.com/vim/vim/commit/e178af5a586ea023622d460779fdcabbbfac0908 
(v8.2.5160)
        NOTE: Crash in CLI tool, no security impact
 CVE-2022-34486 (Path traversal vulnerability in PukiWiki versions 1.4.5 to 
1.5.3 allow ...)
-       TODO: check
+       NOT-FOR-US: PukiWiki
 CVE-2022-27637 (Reflected cross-site scripting vulnerability in PukiWiki 
versions 1.5. ...)
-       TODO: check
+       NOT-FOR-US: PukiWiki
 CVE-2022-2205
        RESERVED
        - firefox 103.0-1
@@ -12829,7 +12829,7 @@ CVE-2022-2110
 CVE-2022-2109
        RESERVED
 CVE-2022-33916 (OPC UA .NET Standard Reference Server 1.04.368 allows a remote 
attacke ...)
-       TODO: check
+       NOT-FOR-US: OPC UA .NET Standard Reference Server
 CVE-2022-33915 (Versions of the Amazon AWS Apache Log4j hotpatch package 
before log4j- ...)
        NOT-FOR-US: Specific to Amazon AWS Apache Log4j hotpatch package
 CVE-2022-33914
@@ -14450,7 +14450,7 @@ CVE-2022-33174 (Power Distribution Units running on 
Powertek firmware (multiple
 CVE-2022-33173 (An algorithm-downgrade issue was discovered in Couchbase 
Server before ...)
        NOT-FOR-US: Couchbase Server
 CVE-2022-33172 (de.fac2 1.34 allows bypassing the User Presence protection 
mechanism w ...)
-       TODO: check
+       NOT-FOR-US: de.fac2
 CVE-2022-33171 (** DISPUTED ** The findOne function in TypeORM before 0.3.0 
can either ...)
        NOT-FOR-US: TypeORM
 CVE-2022-33170
@@ -14492,11 +14492,11 @@ CVE-2022-33153
 CVE-2022-33152
        RESERVED
 CVE-2022-33149 (A sql injection vulnerability exists in the ObjectYPT 
functionality of ...)
-       TODO: check
+       NOT-FOR-US: WWBN AVideo
 CVE-2022-33148 (A sql injection vulnerability exists in the ObjectYPT 
functionality of ...)
-       TODO: check
+       NOT-FOR-US: WWBN AVideo
 CVE-2022-33147 (A sql injection vulnerability exists in the ObjectYPT 
functionality of ...)
-       TODO: check
+       NOT-FOR-US: WWBN AVideo
 CVE-2022-33140 (The optional ShellUserGroupProvider in Apache NiFi 1.10.0 to 
1.16.2 an ...)
        NOT-FOR-US: Apache NiFi
 CVE-2022-33139 (A vulnerability has been identified in SIMATIC WinCC OA V3.16 
(All ver ...)
@@ -14844,23 +14844,23 @@ CVE-2022-32987 (Multiple cross-site scripting (XSS) 
vulnerabilities in /bsms/?pa
 CVE-2022-32986
        RESERVED
 CVE-2022-32761 (An information disclosure vulnerability exists in the 
aVideoEncoderRec ...)
-       TODO: check
+       NOT-FOR-US: WWBN AVideo
 CVE-2022-32760
        RESERVED
 CVE-2022-32572 (An os command injection vulnerability exists in the 
aVideoEncoder wget ...)
-       TODO: check
+       NOT-FOR-US: WWBN AVideo
 CVE-2022-32282 (An improper password check exists in the login functionality 
of WWBN A ...)
-       TODO: check
+       NOT-FOR-US: WWBN AVideo
 CVE-2022-30547 (A directory traversal vulnerability exists in the 
unzipDirectory funct ...)
-       TODO: check
+       NOT-FOR-US: WWBN AVideo
 CVE-2022-30534 (An OS command injection vulnerability exists in the 
aVideoEncoder chun ...)
-       TODO: check
+       NOT-FOR-US: WWBN AVideo
 CVE-2022-29477
        RESERVED
 CVE-2022-29475
        RESERVED
 CVE-2022-28710 (An information disclosure vulnerability exists in the 
chunkFile functi ...)
-       TODO: check
+       NOT-FOR-US: WWBN AVideo
 CVE-2022-27805
        RESERVED
 CVE-2022-2072 (The Name Directory WordPress plugin before 1.25.3 does not 
sanitise an ...)
@@ -15390,23 +15390,23 @@ CVE-2022-32780
 CVE-2022-32779
        RESERVED
 CVE-2022-32778 (An information disclosure vulnerability exists in the cookie 
functiona ...)
-       TODO: check
+       NOT-FOR-US: WWBN AVideo
 CVE-2022-32777 (An information disclosure vulnerability exists in the cookie 
functiona ...)
-       TODO: check
+       NOT-FOR-US: WWBN AVideo
 CVE-2022-32772 (A cross-site scripting (xss) vulnerability exists in the 
footer alerts ...)
-       TODO: check
+       NOT-FOR-US: WWBN AVideo
 CVE-2022-32771 (A cross-site scripting (xss) vulnerability exists in the 
footer alerts ...)
-       TODO: check
+       NOT-FOR-US: WWBN AVideo
 CVE-2022-32770 (A cross-site scripting (xss) vulnerability exists in the 
footer alerts ...)
-       TODO: check
+       NOT-FOR-US: WWBN AVideo
 CVE-2022-32763
        RESERVED
 CVE-2022-30690 (A cross-site scripting (xss) vulnerability exists in the 
image403 func ...)
-       TODO: check
+       NOT-FOR-US: WWBN AVideo
 CVE-2022-28712 (A cross-site scripting (xss) vulnerability exists in the 
videoAddNew f ...)
-       TODO: check
+       NOT-FOR-US: WWBN AVideo
 CVE-2022-26842 (A reflected cross-site scripting (xss) vulnerability exists in 
the cha ...)
-       TODO: check
+       NOT-FOR-US: WWBN AVideo
 CVE-2022-2049 (In affected versions of Octopus Deploy it is possible to 
perform a Reg ...)
        NOT-FOR-US: Octopus Deploy
 CVE-2022-2048 (In Eclipse Jetty HTTP/2 server implementation, when 
encountering an in ...)
@@ -15445,9 +15445,9 @@ CVE-2021-46817 (Adobe Media Encoder version 15.4 (and 
earlier) are affected by a
 CVE-2021-46816 (Adobe Premiere Pro version 15.4 (and earlier) are affected by 
a memory ...)
        NOT-FOR-US: Adobe
 CVE-2022-32769 (Multiple authentication bypass vulnerabilities exist in the 
objects id ...)
-       TODO: check
+       NOT-FOR-US: WWBN AVideo
 CVE-2022-32768 (Multiple authentication bypass vulnerabilities exist in the 
objects id ...)
-       TODO: check
+       NOT-FOR-US: WWBN AVideo
 CVE-2022-32759
        RESERVED
 CVE-2022-32758
@@ -15511,7 +15511,7 @@ CVE-2022-32739 (When Secure::DisableBanner system 
configuration has been disable
 CVE-2022-32573
        RESERVED
 CVE-2022-30605 (A privilege escalation vulnerability exists in the session id 
function ...)
-       TODO: check
+       NOT-FOR-US: WWBN AVideo
 CVE-2022-29886 (An integer overflow vulnerability exists in the way ESTsoft 
Alyac 2.5. ...)
        NOT-FOR-US: ESTsoft Alyac
 CVE-2022-29517
@@ -15519,7 +15519,7 @@ CVE-2022-29517
 CVE-2022-29511
        RESERVED
 CVE-2022-29468 (A cross-site request forgery (CSRF) vulnerability exists in 
WWBN AVide ...)
-       TODO: check
+       NOT-FOR-US: WWBN AVideo
 CVE-2022-28703
        RESERVED
 CVE-2022-27498
@@ -16774,7 +16774,7 @@ CVE-2022-1991 (A vulnerability classified as 
problematic has been found in Fast
 CVE-2022-1990 (The Nested Pages WordPress plugin before 3.1.21 does not escape 
and sa ...)
        NOT-FOR-US: WordPress plugin
 CVE-2022-1989 (All CODESYS Visualization versions before V4.2.0.0 generate a 
login di ...)
-       TODO: check
+       NOT-FOR-US: CODESYS Visualization
 CVE-2022-1988 (Cross-site Scripting (XSS) - Generic in GitHub repository 
neorazorx/fa ...)
        NOT-FOR-US: neorazorx/facturascripts
 CVE-2022-32274 (The Transition Scheduler add-on 6.5.0 for Atlassian Jira is 
prone to s ...)
@@ -23949,7 +23949,7 @@ CVE-2022-1515 (A memory leak was discovered in matio 
1.5.21 and earlier in Mat_V
 CVE-2022-1514 (Stored XSS via upload plugin functionality in zip format in 
GitHub rep ...)
        NOT-FOR-US: facturascripts
 CVE-2022-1513 (A potential vulnerability was reported in Lenovo PCManager 
prior to ve ...)
-       TODO: check
+       NOT-FOR-US: Lenovo
 CVE-2022-1512 (The ScrollReveal.js Effects WordPress plugin through 1.2 does 
not sani ...)
        NOT-FOR-US: WordPress plugin
 CVE-2022-1511 (Improper Access Control in GitHub repository snipe/snipe-it 
prior to 5 ...)
@@ -26885,9 +26885,9 @@ CVE-2022-28885
 CVE-2022-28884
        RESERVED
 CVE-2022-28883 (A Denial-of-Service (DoS) vulnerability was discovered in 
F-Secure &am ...)
-       TODO: check
+       NOT-FOR-US: F-Secure & WithSecure products
 CVE-2022-28882 (A Denial-of-Service (DoS) vulnerability was discovered in 
F-Secure &am ...)
-       TODO: check
+       NOT-FOR-US: F-Secure & WithSecure products
 CVE-2022-28881 (A Denial-of-Service (DoS) vulnerability was discovered in 
F-Secure Atl ...)
        NOT-FOR-US: F-Secure
 CVE-2022-28880 (A Denial-of-Service vulnerability was discovered in the 
F-Secure Atlan ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8186dfa6de4a21291cb49ee1ce2bff20829fd2db

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8186dfa6de4a21291cb49ee1ce2bff20829fd2db
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process some NFUs

Reply via email to