[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) Tue, 11 Oct 2022 02:22:26 -0700


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
13175522 by Moritz Muehlenhoff at 2022-10-11T11:21:55+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -2304,17 +2304,17 @@ CVE-2022-41751
 CVE-2022-41750
        RESERVED
 CVE-2022-41749 (An origin validation error vulnerability in Trend Micro Apex 
One agent ...)
-       TODO: check
+       NOT-FOR-US: Trend Micro
 CVE-2022-41748 (A registry permissions vulnerability in the Trend Micro Apex 
One Data  ...)
-       TODO: check
+       NOT-FOR-US: Trend Micro
 CVE-2022-41747 (An improper certification validation vulnerability in Trend 
Micro Apex ...)
-       TODO: check
+       NOT-FOR-US: Trend Micro
 CVE-2022-41746 (A forced browsing vulnerability in Trend Micro Apex One could 
allow an ...)
-       TODO: check
+       NOT-FOR-US: Trend Micro
 CVE-2022-41745 (An Out-of-Bounds access vulnerability in Trend Micro Apex One 
could al ...)
-       TODO: check
+       NOT-FOR-US: Trend Micro
 CVE-2022-41744 (A Time-of-Check Time-Of-Use vulnerability in the Trend Micro 
Apex One  ...)
-       TODO: check
+       NOT-FOR-US: Trend Micro
 CVE-2022-41700
        RESERVED
 CVE-2022-41646
@@ -4794,7 +4794,7 @@ CVE-2022-3222 (Uncontrolled Recursion in GitHub 
repository gpac/gpac prior to 2.
 CVE-2022-3221 (Cross-Site Request Forgery (CSRF) in GitHub repository 
ikus060/rdiffwe ...)
        - rdiffweb <itp> (bug #969974)
 CVE-2022-3220 (The Advanced Comment Form WordPress plugin before 1.2.1 does 
not sanit ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-40738 (An issue was discovered in Bento4 through 1.6.0-639. A NULL 
pointer de ...)
        NOT-FOR-US: Bento4
 CVE-2022-40737 (An issue was discovered in Bento4 through 1.6.0-639. A buffer 
over-rea ...)
@@ -5071,11 +5071,11 @@ CVE-2022-37332
 CVE-2022-32774
        RESERVED
 CVE-2022-3209 (The soledad WordPress theme before 8.2.5 does not sanitise the 
{id,dat ...)
-       TODO: check
+       NOT-FOR-US: WordPress theme
 CVE-2022-3208 (The Simple File List WordPress plugin before 4.4.12 does not 
implement ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-3207 (The Simple File List WordPress plugin before 4.4.12 does not 
sanitise  ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-3206
        RESERVED
 CVE-2022-3205 (An XSS exists in automation controller UI where the project 
name is su ...)
@@ -5955,7 +5955,7 @@ CVE-2022-40259
 CVE-2022-40258
        RESERVED
 CVE-2022-40257 (An HTML injection vulnerability exists in CERT/CC VINCE 
software prior ...)
-       TODO: check
+       NOT-FOR-US: CERT/CC VINCE
 CVE-2022-40256
        RESERVED
 CVE-2022-40255
@@ -5973,7 +5973,7 @@ CVE-2022-40250 (An attacker can exploit this 
vulnerability to elevate privileges
 CVE-2022-40249
        RESERVED
 CVE-2022-40248 (An HTML injection vulnerability exists in CERT/CC VINCE 
software prior ...)
-       TODO: check
+       NOT-FOR-US: CERT/CC VINCE
 CVE-2022-40247
        RESERVED
 CVE-2022-40246 (A potential attacker can write one byte by arbitrary address 
at the ti ...)
@@ -6233,7 +6233,7 @@ CVE-2022-3155
        - thunderbird <not-affected> (Only affects MacOS)
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2022-42/#CVE-2022-3155
 CVE-2022-3154 (The Woo Billingo Plus WordPress plugin before 4.4.5.4, 
Integration for ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-3153 (NULL Pointer Dereference in GitHub repository vim/vim prior to 
9.0.040 ...)
        - vim 2:9.0.0626-1 (unimportant)
        NOTE: https://huntr.dev/bounties/68331124-620d-48bc-a8fa-cd947b26270a
@@ -6262,7 +6262,7 @@ CVE-2022-40140 (An origin validation error vulnerability 
in Trend Micro Apex One
 CVE-2022-40139 (Improper validation of some components used by the rollback 
mechanism  ...)
        NOT-FOR-US: Trend Micro
 CVE-2022-40138 (An integer conversion error in Hermes bytecode generation, 
prior to co ...)
-       TODO: check
+       NOT-FOR-US: Facebook Hermes
 CVE-2022-40133 (A use-after-free(UAF) vulnerability was found in function 
'vmw_execbuf ...)
        - linux <unfixed>
        NOTE: https://bugzilla.openanolis.cn/show_bug.cgi?id=2075
@@ -6314,9 +6314,9 @@ CVE-2022-3139
 CVE-2022-3138 (Cross-site Scripting (XSS) - Generic in GitHub repository 
jgraph/drawi ...)
        NOT-FOR-US: jgraph/drawio
 CVE-2022-3137 (The Taskbuilder WordPress plugin before 1.0.8 does not validate 
and sa ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-3136 (The Social Rocket WordPress plugin before 1.3.3 does not 
sanitise and  ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-40126 (A misconfiguration in the Service Mode profile directory of 
Clash for  ...)
        NOT-FOR-US: Clash for Windows
 CVE-2022-40125
@@ -8126,7 +8126,7 @@ CVE-2022-39289 (ZoneMinder is a free, open source 
Closed-circuit television soft
        NOTE: 
https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-mpcx-3gvh-9488
        NOTE: NOTE: Only supported for trusted users/behind auth, see 
README.debian.security
 CVE-2022-39288 (fastify is a fast and low overhead web framework, for Node.js. 
Affecte ...)
-       TODO: check
+       NOT-FOR-US: Node fastify
 CVE-2022-39287 (tiny-csrf is a Node.js cross site request forgery (CSRF) 
protection mi ...)
        NOT-FOR-US: tiny-csrf Nodejs module
 CVE-2022-39286
@@ -8158,7 +8158,7 @@ CVE-2022-39276
 CVE-2022-39275 (Saleor is a headless, GraphQL commerce platform. In affected 
versions  ...)
        NOT-FOR-US: Saleor
 CVE-2022-39274 (LoRaMac-node is a reference implementation and documentation 
of a LoRa ...)
-       TODO: check
+       NOT-FOR-US: LoRaMac-node
 CVE-2022-39273 (FlyteAdmin is the control plane for the data processing 
platform Flyte ...)
        NOT-FOR-US: FlyteAdmin
 CVE-2022-39272
@@ -8186,7 +8186,7 @@ CVE-2022-39264 (nheko is a desktop client for the Matrix 
communication applicati
        NOTE: 
https://github.com/Nheko-Reborn/nheko/security/advisories/GHSA-8jcp-8jq4-5mm7
        NOTE: 
https://github.com/Nheko-Reborn/nheko/commit/67bee15a389f9b8a9f6c3a340558d1e2319e7199
 (v0.10.2)
 CVE-2022-39263 (`@next-auth/upstash-redis-adapter` is the Upstash Redis 
adapter for Ne ...)
-       TODO: check
+       NOT-FOR-US: next-auth/upstash-redis-adapter
 CVE-2022-39262
        RESERVED
 CVE-2022-39261 (Twig is a template language for PHP. Versions 1.x prior to 
1.44.7, 2.x ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/13175522afe3c7a7acbe24a2d5aebea74b9ee6b1

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/13175522afe3c7a7acbe24a2d5aebea74b9ee6b1
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] NFUs

Reply via email to