[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) Tue, 11 Oct 2022 08:30:01 -0700


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
68fe923c by Moritz Muehlenhoff at 2022-10-11T17:29:24+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -16838,7 +16838,7 @@ CVE-2022-2450
 CVE-2022-2449
        RESERVED
 CVE-2022-2448 (The reSmush.it WordPress plugin before 0.4.6 does not sanitise 
and esc ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-2447 (A flaw was found in Keystone. There is a time lag (up to one 
hour in a ...)
        - python-keystonemiddleware 10.1.0-4 (bug #1021272)
        [bullseye] - python-keystonemiddleware <no-dsa> (Minor issue)
@@ -17017,7 +17017,7 @@ CVE-2022-36065 (GrowthBook is an open-source platform 
for feature flagging and A
 CVE-2022-36064 (Shescape is a shell escape package for JavaScript. An 
Inefficient Regu ...)
        NOT-FOR-US: Shescape
 CVE-2022-36063 (Azure RTOS USBx is a USB host, device, and on-the-go (OTG) 
embedded st ...)
-       TODO: check
+       NOT-FOR-US: Azure RTOS USBx
 CVE-2022-36062 (Grafana is an open-source platform for monitoring and 
observability. I ...)
        - grafana <removed>
 CVE-2022-36061 (Elrond go is the go implementation for the Elrond Network 
protocol. In ...)
@@ -17575,11 +17575,11 @@ CVE-2022-35848
 CVE-2022-35847 (An improper neutralization of special elements used in a 
template engi ...)
        NOT-FOR-US: FortiGuard
 CVE-2022-35846 (An improper restriction of excessive authentication attempts 
vulnerabi ...)
-       TODO: check
+       NOT-FOR-US: FortiGuard
 CVE-2022-35845
        RESERVED
 CVE-2022-35844 (An improper neutralization of special elements used in an OS 
command v ...)
-       TODO: check
+       NOT-FOR-US: FortiGuard
 CVE-2022-35843
        RESERVED
 CVE-2022-35842
@@ -18646,7 +18646,7 @@ CVE-2022-35417
 CVE-2022-35416 (H3C SSL VPN through 2022-07-10 allows wnm/login/login.json 
svpnlang co ...)
        NOT-FOR-US: H3C SSL VPN
 CVE-2022-35415 (An improper input validation in NI System Configuration 
Manager before ...)
-       TODO: check
+       NOT-FOR-US: NI
 CVE-2022-35414 (** DISPUTED ** softmmu/physmem.c in QEMU through 7.0.0 can 
perform an  ...)
        {DLA-3099-1}
        - qemu 1:7.1+dfsg-1 (unimportant; bug #1014958)
@@ -18725,7 +18725,7 @@ CVE-2022-2352 (The Post SMTP Mailer/Email Log WordPress 
plugin before 2.1.7 does
 CVE-2022-2351 (The Post SMTP Mailer/Email Log WordPress plugin before 2.1.4 
does not  ...)
        NOT-FOR-US: WordPress plugin
 CVE-2022-2350 (The Disable User Login WordPress plugin through 1.0.1 does not 
have au ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-2349
        RESERVED
 CVE-2022-2348
@@ -18987,7 +18987,7 @@ CVE-2022-35291 (Due to misconfigured application 
endpoints, SAP SuccessFactors a
 CVE-2022-35290 (Under certain conditions SAP Authenticator for Android allows 
an attac ...)
        NOT-FOR-US: SAP
 CVE-2022-35289 (A write-what-where condition in hermes caused by an integer 
overflow,  ...)
-       TODO: check
+       NOT-FOR-US: Facebook Hermes
 CVE-2022-35288 (IBM Security Verify Information Queue 10.0.2 could allow a 
user to obt ...)
        NOT-FOR-US: IBM
 CVE-2022-35287 (IBM Security Verify Information Queue 10.0.2 contains 
hard-coded crede ...)
@@ -20295,7 +20295,7 @@ CVE-2022-2267 (The Mailchimp for WooCommerce WordPress 
plugin before 2.7.1 has a
 CVE-2022-2266 (University Library Automation System developed by Yordam Bilgi 
Teknolo ...)
        NOT-FOR-US: University Library Automation System
 CVE-2022-2265 (The Identity and Directory Management System developed by 
&#199;ekino  ...)
-       TODO: check
+       NOT-FOR-US: Teknolojileri
 CVE-2022-2264 (Heap-based Buffer Overflow in GitHub repository vim/vim prior 
to 9.0. ...)
        - vim 2:9.0.0135-1 (unimportant)
        NOTE: https://huntr.dev/bounties/2241c773-02c9-4708-b63e-54aef99afa6c/
@@ -21507,7 +21507,7 @@ CVE-2022-34427
 CVE-2022-34426
        RESERVED
 CVE-2022-34425 (Dell Enterprise SONiC OS, 4.0.0, 4.0.1, contain a 
cryptographic key vu ...)
-       TODO: check
+       NOT-FOR-US: Dell
 CVE-2022-34424 (Networking OS10, versions 10.5.1.x, 10.5.2.x, and 10.5.3.x 
contain a v ...)
        NOT-FOR-US: Dell
 CVE-2022-34423
@@ -21553,7 +21553,7 @@ CVE-2022-34404
 CVE-2022-34403
        RESERVED
 CVE-2022-34402 (Dell Wyse ThinOS 2205 contains a Regular Expression Denial of 
Service  ...)
-       TODO: check
+       NOT-FOR-US: Dell
 CVE-2022-34401
        RESERVED
 CVE-2022-34400
@@ -21711,7 +21711,7 @@ CVE-2022-34336 (IBM WebSphere Application Server 7.0, 
8.0, 8.5, and 9.0 is vulne
 CVE-2022-34335
        RESERVED
 CVE-2022-34334 (IBM Sterling Partner Engagement Manager 2.0 does not 
invalidate sessio ...)
-       TODO: check
+       NOT-FOR-US: IBM
 CVE-2022-34333
        RESERVED
 CVE-2022-34332
@@ -22186,7 +22186,7 @@ CVE-2022-2156 (Use after free in Core in Google Chrome 
prior to 103.0.5060.53 al
 CVE-2022-2155
        RESERVED
 CVE-2022-2154 (An attacker with physical access can exploit this vulnerability 
to exe ...)
-       TODO: check
+       NOT-FOR-US: Intel
 CVE-2022-2153 (A flaw was found in the Linux kernel&#8217;s KVM when 
attempting to se ...)
        {DSA-5173-1 DLA-3131-1 DLA-3065-1}
        - linux 5.17.3-1
@@ -23109,11 +23109,11 @@ CVE-2022-33876
 CVE-2022-33875
        RESERVED
 CVE-2022-33874 (An improper neutralization of special elements used in an OS 
Command ( ...)
-       TODO: check
+       NOT-FOR-US: Fortiguard
 CVE-2022-33873 (An improper neutralization of special elements used in an OS 
Command ( ...)
-       TODO: check
+       NOT-FOR-US: Fortiguard
 CVE-2022-33872 (An improper neutralization of special elements used in an OS 
Command ( ...)
-       TODO: check
+       NOT-FOR-US: Fortiguard
 CVE-2022-33871
        RESERVED
 CVE-2022-33870
@@ -27072,7 +27072,7 @@ CVE-2022-1987 (Buffer Over-read in GitHub repository 
bfabiszewski/libmobi prior
 CVE-2022-1986 (OS Command Injection in GitHub repository gogs/gogs prior to 
0.12.9. ...)
        NOT-FOR-US: Go Git Service
 CVE-2022-32234 (An out of bounds write in hermes, while handling large arrays, 
prior t ...)
-       TODO: check
+       NOT-FOR-US: Facebook Hermes
 CVE-2022-30943 (Browsing restriction bypass vulnerability in Bulletin of 
Cybozu Garoon ...)
        NOT-FOR-US: Cybozu
 CVE-2022-30602 (Operation restriction bypass in multiple applications of 
Cybozu Garoon ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/68fe923c060d74ba73e869bc3bd7d9f785c7b1ab

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/68fe923c060d74ba73e869bc3bd7d9f785c7b1ab
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] NFUs

Reply via email to