[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) Fri, 30 Sep 2022 22:14:04 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
979b475a by Salvatore Bonaccorso at 2022-10-01T07:13:33+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -3,7 +3,7 @@ CVE-2022-41983
 CVE-2022-41976
        RESERVED
 CVE-2022-41975 (RealVNC VNC Server before 6.11.0 and VNC Viewer before 
6.22.826 on Win ...)
-       TODO: check
+       NOT-FOR-US: RealVNC
 CVE-2022-41974
        RESERVED
 CVE-2022-41973
@@ -213,7 +213,7 @@ CVE-2022-41872
 CVE-2022-41871
        RESERVED
 CVE-2022-41870 (AP Manager in Innovaphone before 13r2 Service Release 17 
allows comman ...)
-       TODO: check
+       NOT-FOR-US: Innovaphone
 CVE-2022-41869
        RESERVED
 CVE-2022-41868
@@ -1351,13 +1351,13 @@ CVE-2022-41442
 CVE-2022-41441
        RESERVED
 CVE-2022-41440 (Billing System Project v1.0 was discovered to contain a SQL 
injection  ...)
-       TODO: check
+       NOT-FOR-US: Billing System Project
 CVE-2022-41439 (Billing System Project v1.0 was discovered to contain a SQL 
injection  ...)
-       TODO: check
+       NOT-FOR-US: Billing System Project
 CVE-2022-41438
        RESERVED
 CVE-2022-41437 (Billing System Project v1.0 was discovered to contain a remote 
code ex ...)
-       TODO: check
+       NOT-FOR-US: Billing System Project
 CVE-2022-41436
        RESERVED
 CVE-2022-41435
@@ -2552,9 +2552,9 @@ CVE-2022-40946
 CVE-2022-40945
        RESERVED
 CVE-2022-40944 (Dairy Farm Shop Management System 1.0 is vulnerable to SQL 
Injection v ...)
-       TODO: check
+       NOT-FOR-US: Dairy Farm Shop Management System
 CVE-2022-40943 (Dairy Farm Shop Management System 1.0 is vulnerable to SQL 
Injection v ...)
-       TODO: check
+       NOT-FOR-US: Dairy Farm Shop Management System
 CVE-2022-40942 (Tenda TX3 US_TX3V1.0br_V16.03.13.11 is vulnerable to stack 
overflow vi ...)
        NOT-FOR-US: Tenda
 CVE-2022-40941
@@ -2594,7 +2594,7 @@ CVE-2022-40925 (Zoo Management System v1.0 has an 
arbitrary file upload vulnerab
 CVE-2022-40924 (Zoo Management System v1.0 has an arbitrary file upload 
vulnerability  ...)
        NOT-FOR-US: Zoo Management System
 CVE-2022-40923 (A vulnerability in the 
LIEF::MachO::SegmentCommand::virtual_address fu ...)
-       TODO: check
+       NOT-FOR-US: LIEF
 CVE-2022-40922
        RESERVED
 CVE-2022-40921
@@ -2935,7 +2935,7 @@ CVE-2022-40758 (A Buffer Access with Incorrect Length 
Value vulnerablity in the
 CVE-2022-40757 (A Buffer Access with Incorrect Length Value vulnerablity in 
the TEE_MA ...)
        NOT-FOR-US: Samsung mTower
 CVE-2022-40756 (If folder security is misconfigured for Actian Zen PSQL BEFORE 
Patch U ...)
-       TODO: check
+       NOT-FOR-US: Actian
 CVE-2022-40755 (JasPer 3.0.6 allows denial of service via a reachable 
assertion in the ...)
        - jasper <removed>
        NOTE: https://github.com/jasper-software/jasper/issues/338
@@ -6445,7 +6445,7 @@ CVE-2022-39233
 CVE-2022-39232 (Discourse is an open source discussion platform. Starting with 
version ...)
        NOT-FOR-US: Discourse
 CVE-2022-39231 (Parse Server is an open source backend that can be deployed to 
any inf ...)
-       TODO: check
+       NOT-FOR-US: Node parse-server
 CVE-2022-39230 (fhir-works-on-aws-authz-smart is an implementation of the 
authorizatio ...)
        TODO: check
 CVE-2022-39229
@@ -6913,7 +6913,7 @@ CVE-2022-39055
 CVE-2022-39054 (Cowell enterprise travel management system has insufficient 
filtering  ...)
        NOT-FOR-US: Cowell enterprise travel management system
 CVE-2022-39053 (Heimavista Rpage has insufficient filtering for platform web 
URL. An u ...)
-       TODO: check
+       NOT-FOR-US: Heimavista Rpage
 CVE-2022-39052
        RESERVED
 CVE-2022-39051 (Attacker might be able to execute malicious Perl code in the 
Template  ...)
@@ -7893,7 +7893,7 @@ CVE-2022-38734
 CVE-2022-38733
        RESERVED
 CVE-2022-38732 (SnapCenter versions prior to 4.7 shipped without Content 
Security Poli ...)
-       TODO: check
+       NOT-FOR-US: SnapCenter (NetAPP)
 CVE-2022-38731
        RESERVED
 CVE-2022-2985
@@ -8049,7 +8049,7 @@ CVE-2022-2955
 CVE-2022-2954
        RESERVED
 CVE-2022-38699 (Armoury Crate Service&#8217;s logging function has 
insufficient valida ...)
-       TODO: check
+       NOT-FOR-US: Armoury Crate Service
 CVE-2022-38698
        RESERVED
 CVE-2022-38697
@@ -8418,7 +8418,7 @@ CVE-2022-38555 (Linksys E1200 v1.0.04 is vulnerable to 
Buffer Overflow via ej_ge
 CVE-2022-38554
        RESERVED
 CVE-2022-38553 (Academy Learning Management System before v5.9.1 was 
discovered to con ...)
-       TODO: check
+       NOT-FOR-US: Academy Learning Management System
 CVE-2022-38552
        RESERVED
 CVE-2022-38551
@@ -9708,7 +9708,7 @@ CVE-2022-2780
 CVE-2022-2779 (A vulnerability classified as critical was found in 
SourceCodester Gas ...)
        NOT-FOR-US: SourceCodester Gas Agency Management System
 CVE-2022-2778 (In affected versions of Octopus Deploy it is possible to bypass 
rate l ...)
-       TODO: check
+       NOT-FOR-US: Octopus Deploy
 CVE-2022-2777 (Cross-site Scripting (XSS) - Stored in GitHub repository 
microweber/mi ...)
        NOT-FOR-US: microweber
 CVE-2022-2776 (A vulnerability classified as problematic has been found in 
SourceCode ...)
@@ -9745,7 +9745,7 @@ CVE-2022-2762
 CVE-2022-2761
        RESERVED
 CVE-2022-2760 (In affected versions of Octopus Deploy it is possible to reveal 
the Sp ...)
-       TODO: check
+       NOT-FOR-US: Octopus Deploy
 CVE-2022-38169
        RESERVED
 CVE-2022-38168
@@ -11320,7 +11320,7 @@ CVE-2022-37463
 CVE-2022-37462
        RESERVED
 CVE-2022-37461 (Multiple cross-site scripting (XSS) vulnerabilities in Canon 
Medical V ...)
-       TODO: check
+       NOT-FOR-US: Canon Medical Vitrea View
 CVE-2022-37460
        RESERVED
 CVE-2022-37459 (Ampere Altra devices before 1.08g and Ampere Altra Max devices 
before  ...)
@@ -12172,7 +12172,7 @@ CVE-2022-37211
 CVE-2022-37210
        RESERVED
 CVE-2022-37209 (JFinal CMS 5.1.0 is affected by: SQL Injection. These 
interfaces do no ...)
-       TODO: check
+       NOT-FOR-US: JFinal CMS
 CVE-2022-37208
        RESERVED
 CVE-2022-37207 (JFinal CMS 5.1.0 is affected by: SQL Injection. These 
interfaces do no ...)
@@ -12204,7 +12204,7 @@ CVE-2022-37195
 CVE-2022-37194
        RESERVED
 CVE-2022-37193 (Chipolo ONE Bluetooth tracker (2020) Chipolo iOS app version 
4.13.0 is ...)
-       TODO: check
+       NOT-FOR-US: Chipolo
 CVE-2022-37192
        RESERVED
 CVE-2022-37191 (The component "cuppa/api/index.php" of CuppaCMS v1.0 is 
Vulnerable to  ...)
@@ -12570,7 +12570,7 @@ CVE-2022-37030 (Weak permissions on the configuration 
file in the PAM module in
 CVE-2022-37029
        RESERVED
 CVE-2022-37028 (ISAMS 22.2.3.2 is prone to stored Cross-site Scripting (XSS) 
attack on ...)
-       TODO: check
+       NOT-FOR-US: ISAMS
 CVE-2022-37027 (Ahsay AhsayCBS 9.1.4.0 allows an authenticated system user to 
inject a ...)
        NOT-FOR-US: Ahsay AhsayCBS
 CVE-2022-37026 (In Erlang/OTP before 23.3.4.15, 24.x before 24.3.4.2, and 25.x 
before  ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/979b475a291050e0cb709bd467565a249dda3762

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/979b475a291050e0cb709bd467565a249dda3762
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process some NFUs

Reply via email to