[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) Thu, 22 Sep 2022 01:21:56 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
9370af46 by Salvatore Bonaccorso at 2022-09-22T10:21:20+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1405,7 +1405,7 @@ CVE-2022-40223
 CVE-2022-40219 (Cross-Site Request Forgery (CSRF) vulnerability in SedLex 
FavIcon Swit ...)
        NOT-FOR-US: WordPress plugin
 CVE-2022-40217 (Authenticated (admin+) Arbitrary File Edit/Upload 
vulnerability in Xpl ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-40215
        RESERVED
 CVE-2022-40213
@@ -2607,7 +2607,7 @@ CVE-2022-40188
 CVE-2022-40187
        RESERVED
 CVE-2022-40186 (An issue was discovered in HashiCorp Vault and Vault 
Enterprise before ...)
-       TODO: check
+       NOT-FOR-US: HashiCorp Vault and Vault Enterprise
 CVE-2022-40185
        RESERVED
 CVE-2022-40184
@@ -3106,7 +3106,7 @@ CVE-2022-39977
 CVE-2022-39976
        RESERVED
 CVE-2022-39975 (The Layout module in Liferay Portal v7.3.3 through v7.4.3.34, 
and Life ...)
-       TODO: check
+       NOT-FOR-US: Liferay
 CVE-2022-39974 (WASM3 v0.5.0 was discovered to contain a segmentation fault 
via the co ...)
        NOT-FOR-US: WASM3
 CVE-2022-39973
@@ -6775,7 +6775,7 @@ CVE-2022-38514
 CVE-2022-38513
        RESERVED
 CVE-2022-38512 (The Translation module in Liferay Portal v7.4.3.12 through 
v7.4.3.36,  ...)
-       TODO: check
+       NOT-FOR-US: Liferay
 CVE-2022-38511 (TOTOLINK A810R V5.9c.4050_B20190424 was discovered to contain 
a comman ...)
        NOT-FOR-US: TOTOLINK
 CVE-2022-38510 (Tenda_TX9pro V22.03.02.10 was discovered to contain a buffer 
overflow  ...)
@@ -10356,7 +10356,7 @@ CVE-2022-37248 (Craft CMS 4.2.0.1 is vulnerable to 
Cross Site Scripting (XSS) vi
 CVE-2022-37247 (Craft CMS 4.2.0.1 is vulnerable to stored a cross-site 
scripting (XSS) ...)
        NOT-FOR-US: Craft CMS
 CVE-2022-37246 (Craft CMS 4.2.0.1 is affected by Cross Site Scripting (XSS) in 
the fil ...)
-       TODO: check
+       NOT-FOR-US: Craft CMS
 CVE-2022-37245 (MDaemon Technologies SecurityGateway for Email Servers 8.5.2 
is vulner ...)
        NOT-FOR-US: MDaemon
 CVE-2022-37244 (MDaemon Technologies SecurityGateway for Email Servers 8.5.2 
is vulner ...)
@@ -30329,7 +30329,7 @@ CVE-2022-1527 (The WP 2FA WordPress plugin before 2.2.1 
does not sanitise and es
 CVE-2021-4227
        RESERVED
 CVE-2022-29908 (The folioupdate service in Fabasoft Cloud Enterprise Client 
22.4.0043  ...)
-       TODO: check
+       NOT-FOR-US: Fabasoft
 CVE-2022-29907 (The Nimbus skin for MediaWiki through 1.37.2 (before 
6f9c8fb868345701d ...)
        NOT-FOR-US: MediaWiki Nimbus skin
 CVE-2022-29906 (The admin API module in the QuizGame extension for MediaWiki 
through 1 ...)
@@ -33162,17 +33162,17 @@ CVE-2022-28984
 CVE-2022-28983
        RESERVED
 CVE-2022-28982 (A cross-site scripting (XSS) vulnerability in Liferay Portal 
v7.3.3 th ...)
-       TODO: check
+       NOT-FOR-US: Liferay
 CVE-2022-28981 (Path traversal vulnerability in the Hypermedia REST APIs 
module in Lif ...)
-       TODO: check
+       NOT-FOR-US: Liferay
 CVE-2022-28980 (Multiple cross-site scripting (XSS) vulnerabilities in Liferay 
Portal  ...)
-       TODO: check
+       NOT-FOR-US: Liferay
 CVE-2022-28979 (Liferay Portal v7.1.0 through v7.4.2 and Liferay DXP v7.3 
before servi ...)
-       TODO: check
+       NOT-FOR-US: Liferay
 CVE-2022-28978 (Stored cross-site scripting (XSS) vulnerability in the Site 
module's u ...)
-       TODO: check
+       NOT-FOR-US: Liferay
 CVE-2022-28977 (HtmlUtil.escapeRedirect in Liferay Portal 7.3.1 through 7.4.2, 
and Lif ...)
-       TODO: check
+       NOT-FOR-US: Liferay
 CVE-2022-28976
        RESERVED
 CVE-2022-28975
@@ -39816,7 +39816,7 @@ CVE-2022-26698 (An out-of-bounds read issue was 
addressed with improved bounds c
 CVE-2022-26697 (An out-of-bounds read issue was addressed with improved input 
validati ...)
        NOT-FOR-US: Apple
 CVE-2022-26696 (This issue was addressed with improved environment 
sanitization. This  ...)
-       TODO: check
+       NOT-FOR-US: Apple
 CVE-2022-26695
        RESERVED
 CVE-2022-26694 (This issue was addressed with improved checks. This issue is 
fixed in  ...)
@@ -49472,15 +49472,15 @@ CVE-2022-23698 (A remote unauthenticated disclosure 
of information vulnerability
 CVE-2022-23697 (A remote cross-site scripting (xss) vulnerability was 
discovered in HP ...)
        NOT-FOR-US: HPE
 CVE-2022-23696 (Vulnerabilities in the web-based management interface of 
ClearPass Pol ...)
-       TODO: check
+       NOT-FOR-US: Aruba
 CVE-2022-23695 (Vulnerabilities in the web-based management interface of 
ClearPass Pol ...)
-       TODO: check
+       NOT-FOR-US: Aruba
 CVE-2022-23694 (Vulnerabilities in the web-based management interface of 
ClearPass Pol ...)
-       TODO: check
+       NOT-FOR-US: Aruba
 CVE-2022-23693 (Vulnerabilities in the web-based management interface of 
ClearPass Pol ...)
-       TODO: check
+       NOT-FOR-US: Aruba
 CVE-2022-23692 (Vulnerabilities in the web-based management interface of 
ClearPass Pol ...)
-       TODO: check
+       NOT-FOR-US: Aruba
 CVE-2022-23691 (A vulnerability exists in certain AOS-CX switch models which 
could all ...)
        NOT-FOR-US: Aruba
 CVE-2022-23690 (A vulnerability in the web-based management interface of 
AOS-CX could  ...)
@@ -49494,7 +49494,7 @@ CVE-2022-23687 (Multiple vulnerabilities exist in the 
processing of packet data
 CVE-2022-23686 (Multiple vulnerabilities exist in the processing of packet 
data by the ...)
        NOT-FOR-US: Aruba
 CVE-2022-23685 (A vulnerability in the ClearPass Policy Manager web-based 
management i ...)
-       TODO: check
+       NOT-FOR-US: Aruba
 CVE-2022-23684 (A vulnerability in the web-based management interface of 
AOS-CX could  ...)
        NOT-FOR-US: Aruba
 CVE-2022-23683 (Authenticated command injection vulnerabilities exist in the 
AOS-CX Ne ...)
@@ -75766,7 +75766,7 @@ CVE-2021-40025 (The eID module has a vulnerability that 
causes the memory to be
 CVE-2021-40024 (Implementation of the WLAN module interfaces has the 
information discl ...)
        TODO: check
 CVE-2021-40023 (Configuration defects in the secure OS module. Successful 
exploitation ...)
-       TODO: check
+       NOT-FOR-US: Huawei
 CVE-2021-40022 (The weaver module has a vulnerability in parameter type 
verification,S ...)
        NOT-FOR-US: Huawei
 CVE-2021-40021 (The eID module has an out-of-bounds memory write 
vulnerability,Success ...)
@@ -75774,7 +75774,7 @@ CVE-2021-40021 (The eID module has an out-of-bounds 
memory write vulnerability,S
 CVE-2021-40020 (There is an Out-of-bounds array read vulnerability in the 
security sto ...)
        NOT-FOR-US: Huawei
 CVE-2021-40019 (Out-of-bounds heap read vulnerability in the HW_KEYMASTER 
module. Succ ...)
-       TODO: check
+       NOT-FOR-US: Huawei
 CVE-2021-40018 (The eID module has a null pointer reference vulnerability. 
Successful  ...)
        NOT-FOR-US: Huawei
 CVE-2021-40017 (The HW_KEYMASTER module lacks the validity check of the key 
format. Su ...)
@@ -98389,7 +98389,7 @@ CVE-2021-31015
 CVE-2021-31014
        REJECTED
 CVE-2021-31013 (An out-of-bounds read was addressed with improved bounds 
checking. Thi ...)
-       TODO: check
+       NOT-FOR-US: Apple
 CVE-2021-31012
        REJECTED
 CVE-2021-31011
@@ -98411,7 +98411,7 @@ CVE-2021-31004 (A race condition was addressed with 
improved locking. This issue
 CVE-2021-31003
        REJECTED
 CVE-2021-31002 (An out-of-bounds read was addressed with improved input 
validation. Th ...)
-       TODO: check
+       NOT-FOR-US: Apple
 CVE-2021-31001 (An access issue was addressed with improved access 
restrictions. This  ...)
        NOT-FOR-US: Apple
 CVE-2021-31000 (A permissions issue was addressed with improved validation. 
This issue ...)
@@ -144508,7 +144508,7 @@ CVE-2020-25493 (Oclean Mobile Application 2.1.2 
communicates with an external we
 CVE-2020-25492
        RESERVED
 CVE-2020-25491 (6Kare Emakin 5.0.341.0 is affected by Cross Site Scripting 
(XSS) via t ...)
-       TODO: check
+       NOT-FOR-US: 6Kare Emakin
 CVE-2020-25490 (Lack of cryptographic signature verification in the Sqreen PHP 
agent d ...)
        NOT-FOR-US: Sqreen
 CVE-2020-25489 (A heap overflow in Sqreen PyMiniRacer (aka Python Mini Racer) 
before 0 ...)
@@ -157407,9 +157407,9 @@ CVE-2020-19589
 CVE-2020-19588
        RESERVED
 CVE-2020-19587 (Cross Site Scripting (XSS) vulnerability in configMap 
parameters in Ye ...)
-       TODO: check
+       NOT-FOR-US: Yellowfin Business Intelligence
 CVE-2020-19586 (Incorrect Access Control issue in Yellowfin Business 
Intelligence 7.3  ...)
-       TODO: check
+       NOT-FOR-US: Yellowfin Business Intelligence
 CVE-2020-19585
        RESERVED
 CVE-2020-19584



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9370af4619f2e984734d2ad43e590d970fedcf8f

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9370af4619f2e984734d2ad43e590d970fedcf8f
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process some NFUs

Reply via email to