[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) Tue, 01 Nov 2022 14:18:08 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
c5b55dcd by Salvatore Bonaccorso at 2022-11-01T22:17:33+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -75,7 +75,7 @@ CVE-2022-3785 (A vulnerability, which was classified as 
critical, has been found
 CVE-2022-3784 (A vulnerability classified as critical was found in Axiomatic 
Bento4 5 ...)
        NOT-FOR-US: Bento4
 CVE-2022-3783 (A vulnerability, which was classified as problematic, has been 
found i ...)
-       TODO: check
+       NOT-FOR-US: node-red-dashboard
 CVE-2022-3782
        RESERVED
 CVE-2022-3781
@@ -1039,7 +1039,7 @@ CVE-2022-44081 (Lodepng v20220717 was discovered to 
contain a segmentation fault
 CVE-2022-44080
        RESERVED
 CVE-2022-44079 (pycdc commit 44a730f3a889503014fec94ae6e62d8401cb75e5 was 
discovered t ...)
-       TODO: check
+       NOT-FOR-US: pycdc
 CVE-2022-44078
        RESERVED
 CVE-2022-44077
@@ -3591,7 +3591,7 @@ CVE-2022-43754
 CVE-2022-43753
        RESERVED
 CVE-2022-43752 (** UNSUPPORTED WHEN ASSIGNED ** Oracle Solaris version 10 
1/13, when u ...)
-       TODO: check
+       NOT-FOR-US: Oracle Solaris
 CVE-2022-43751
        RESERVED
 CVE-2022-43750 (drivers/usb/mon/mon_bin.c in usbmon in the Linux kernel before 
5.19.15 ...)
@@ -8490,7 +8490,7 @@ CVE-2022-3370 (Use after free in Custom Elements in 
Google Chrome prior to 106.0
        - chromium 106.0.5249.91-1
        [buster] - chromium <end-of-life> (see DSA 5046)
 CVE-2022-3369 (An Improper Access Control vulnerability in the 
bdservicehost.exe comp ...)
-       TODO: check
+       NOT-FOR-US: Bitdefender
 CVE-2022-3368 (A vulnerability within the Software Updater functionality of 
Avira Sec ...)
        NOT-FOR-US: Avira
 CVE-2021-46844
@@ -8631,7 +8631,7 @@ CVE-2022-41636 (Communication traffic involving "Ethernet 
Q Commands" service of
 CVE-2022-41629 (Delta Electronics InfraSuite Device Master versions 00.00.01a 
and prio ...)
        NOT-FOR-US: Delta Electronics
 CVE-2022-41627 (The physical IoT device of the AliveCor's KardiaMobile, a 
smartphone-b ...)
-       TODO: check
+       NOT-FOR-US: AliveCor
 CVE-2022-41613
        RESERVED
 CVE-2022-41607
@@ -8655,7 +8655,7 @@ CVE-2022-40202 (The database backup function in Delta 
Electronics InfraSuite Dev
 CVE-2022-40201
        RESERVED
 CVE-2022-40190 (SAUTER Controls moduWeb firmware version 2.7.1 is vulnerable 
to reflec ...)
-       TODO: check
+       NOT-FOR-US: SAUTER Controls moduWeb firmware
 CVE-2022-38355
        RESERVED
 CVE-2022-38142 (Delta Electronics InfraSuite Device Master versions 00.00.01a 
and prio ...)
@@ -9173,7 +9173,7 @@ CVE-2021-46840 (The HW_KEYMASTER module has an 
out-of-bounds access vulnerabilit
 CVE-2021-46839 (The HW_KEYMASTER module has a vulnerability of missing bounds 
check on ...)
        NOT-FOR-US: Huawei
 CVE-2020-36605 (Incorrect Default Permissions vulnerability in Hitachi 
Infrastructure  ...)
-       TODO: check
+       NOT-FOR-US: Hitachi
 CVE-2022-41568
        RESERVED
 CVE-2022-41567
@@ -11221,7 +11221,7 @@ CVE-2022-3230
 CVE-2022-3229
        RESERVED
 CVE-2022-3228 (Using custom code, an attacker can write into name or 
description fiel ...)
-       TODO: check
+       NOT-FOR-US: Host Engineering
 CVE-2022-40742 (Mail SQR Expert system has a Local File Inclusion 
vulnerability. An un ...)
        NOT-FOR-US: Mail SQR Expert system
 CVE-2022-40741 (Mail SQR Expert&#8217;s specific function has insufficient 
filtering f ...)
@@ -11229,7 +11229,7 @@ CVE-2022-40741 (Mail SQR Expert&#8217;s specific 
function has insufficient filte
 CVE-2022-40740
        RESERVED
 CVE-2022-40739 (Ragic report generation page has insufficient filtering for 
special ch ...)
-       TODO: check
+       NOT-FOR-US: Ragic
 CVE-2022-3227
        RESERVED
 CVE-2022-3226
@@ -11638,7 +11638,7 @@ CVE-2022-40607
 CVE-2022-3192
        RESERVED
 CVE-2022-3191 (Insertion of Sensitive Information into Log File vulnerability 
in Hita ...)
-       TODO: check
+       NOT-FOR-US: Hitachi
 CVE-2022-3190 (Infinite loop in the F5 Ethernet Trailer protocol dissector in 
Wiresha ...)
        - wireshark 3.6.8-1
        [bullseye] - wireshark <no-dsa> (Minor issue)
@@ -11955,7 +11955,7 @@ CVE-2022-40473
 CVE-2022-40472 (ZKTeco Xiamen Information Technology ZKBio Time 8.0.7 Build: 
20220721. ...)
        NOT-FOR-US: ZKTeco Xiamen Information Technology ZKBio Time
 CVE-2022-40471 (Remote Code Execution in Clinic's Patient Management System v 
1.0 allo ...)
-       TODO: check
+       NOT-FOR-US: Clinic's Patient Management System
 CVE-2022-40470
        RESERVED
 CVE-2022-40469 (iKuai OS v3.6.7 was discovered to contain an authenticated 
remote code ...)
@@ -12340,25 +12340,25 @@ CVE-2022-40298 (Crestron AirMedia for Windows before 
5.5.1.84 has insecure inher
 CVE-2022-40297 (** DISPUTED ** UBports Ubuntu Touch 16.04 allows the 
screen-unlock pas ...)
        NOT-FOR-US: UBports Ubuntu Touch
 CVE-2022-40296 (The application was vulnerable to a Server-Side Request 
Forgery attack ...)
-       TODO: check
+       NOT-FOR-US: PHP Point of Sale
 CVE-2022-40295 (The application was vulnerable to an authenticated information 
disclos ...)
-       TODO: check
+       NOT-FOR-US: PHP Point of Sale
 CVE-2022-40294 (The application was identified to have an CSV injection in 
data export ...)
-       TODO: check
+       NOT-FOR-US: PHP Point of Sale
 CVE-2022-40293 (The application was vulnerable to a session fixation that 
could be use ...)
-       TODO: check
+       NOT-FOR-US: PHP Point of Sale
 CVE-2022-40292 (The application allowed for Unauthenticated User Enumeration 
by intera ...)
-       TODO: check
+       NOT-FOR-US: PHP Point of Sale
 CVE-2022-40291 (The application was vulnerable to Cross-Site Request Forgery 
(CSRF) at ...)
-       TODO: check
+       NOT-FOR-US: PHP Point of Sale
 CVE-2022-40290 (The application was vulnerable to an unauthenticated Reflected 
Cross-S ...)
-       TODO: check
+       NOT-FOR-US: PHP Point of Sale
 CVE-2022-40289 (The application was vulnerable to an authenticated Stored 
Cross-Site S ...)
-       TODO: check
+       NOT-FOR-US: PHP Point of Sale
 CVE-2022-40288 (The application was vulnerable to an authenticated Stored 
Cross-Site S ...)
-       TODO: check
+       NOT-FOR-US: PHP Point of Sale
 CVE-2022-40287 (The application was found to be vulnerable to an authenticated 
Stored  ...)
-       TODO: check
+       NOT-FOR-US: PHP Point of Sale
 CVE-2022-40286
        RESERVED
 CVE-2022-40285



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c5b55dcdd7779f86e22f324edb2f86279b0dc067

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c5b55dcdd7779f86e22f324edb2f86279b0dc067
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process some NFUs

Reply via email to