[Git][security-tracker-team/security-tracker][master] NFUs

Thu, 03 Nov 2022 04:38:04 -0700 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
bde03440 by Moritz Muehlenhoff at 2022-11-03T12:35:05+01:00
NFUs
gitlab n/a

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1546,7 +1546,7 @@ CVE-2022-44022 (PwnDoc through 0.5.3 might allow remote 
attackers to identify va
 CVE-2022-44021
        RESERVED
 CVE-2022-44020 (An issue was discovered in OpenStack Sushy-Tools through 
0.21.0 and Vi ...)
-       TODO: check
+       NOT-FOR-US: OpenStack Sushy-Tools / VirtualBMC
 CVE-2022-44019 (In Total.js 4 before 0e5ace7, /api/common/ping can achieve 
remote comm ...)
        NOT-FOR-US: Total.js CMS
 CVE-2022-44018
@@ -2224,7 +2224,7 @@ CVE-2022-3736
 CVE-2022-3735 (A vulnerability was found in seccome Ehoney. It has been rated 
as crit ...)
        NOT-FOR-US: seccome Ehoney
 CVE-2022-3734 (A vulnerability was found in Redis. It has been declared as 
critical.  ...)
-       TODO: check
+       NOTE: Bogus report/assignment for Redis
 CVE-2022-3733 (A vulnerability was found in SourceCodester Web-Based Student 
Clearanc ...)
        NOT-FOR-US: SourceCodester Web-Based Student Clearance System
 CVE-2022-3732 (A vulnerability was found in seccome Ehoney and classified as 
critical ...)
@@ -5603,7 +5603,7 @@ CVE-2022-43150
 CVE-2022-43149
        RESERVED
 CVE-2022-43148 (rtf2html v0.2.0 was discovered to contain a heap overflow in 
the compo ...)
-       TODO: check
+       NOT-FOR-US: rtf2html
 CVE-2022-43147
        RESERVED
 CVE-2022-43146
@@ -5763,11 +5763,11 @@ CVE-2022-43070
 CVE-2022-43069
        RESERVED
 CVE-2022-43068 (Online Diagnostic Lab Management System v1.0 was discovered to 
contain ...)
-       TODO: check
+       NOT-FOR-US: Online Diagnostic Lab Management System
 CVE-2022-43067
        RESERVED
 CVE-2022-43066 (Online Diagnostic Lab Management System v1.0 was discovered to 
contain ...)
-       TODO: check
+       NOT-FOR-US: Online Diagnostic Lab Management System
 CVE-2022-43065
        RESERVED
 CVE-2022-43064
@@ -6287,7 +6287,7 @@ CVE-2022-3514
 CVE-2022-3513
        RESERVED
 CVE-2022-3512 (Using warp-cli command "add-trusted-ssid", a user was able to 
disconne ...)
-       TODO: check
+       NOT-FOR-US: Cloudflare
 CVE-2022-3511
        RESERVED
 CVE-2022-3510
@@ -6324,7 +6324,8 @@ CVE-2022-3503 (A vulnerability was found in 
SourceCodester Purchase Order Manage
 CVE-2022-3502 (A vulnerability was found in Human Resource Management System 
1.0. It  ...)
        NOT-FOR-US: Human Resource Management System
 CVE-2022-3501 (Article template contents with sensitive data could be accessed 
from a ...)
-       TODO: check
+       NOT-FOR-US: OTRS
+       NOTE: Issue is listed as specific to 8.x, so won't affect Znuny which 
forked from 6.x
 CVE-2022-3500
        RESERVED
        NOT-FOR-US: keylime
@@ -6361,7 +6362,7 @@ CVE-2022-42909
 CVE-2022-42908
        RESERVED
 CVE-2022-3499 (An authenticated attacker could utilize the identical agent and 
cluste ...)
-       TODO: check
+       NOT-FOR-US: Nessus
 CVE-2022-3498
        RESERVED
 CVE-2022-3497 (A vulnerability was found in SourceCodester Human Resource 
Management  ...)
@@ -9182,7 +9183,7 @@ CVE-2022-37410
 CVE-2022-37409
        RESERVED
 CVE-2022-41743 (NGINX Plus before versions R27 P1 and R26 P1 have a 
vulnerability in t ...)
-       TODO: check
+       NOT-FOR-US: NGINX Plus
 CVE-2022-41742 (NGINX Open Source before versions 1.23.2 and 1.22.1, NGINX 
Open Source ...)
        TODO: check
 CVE-2022-41741 (NGINX Open Source before versions 1.23.2 and 1.22.1, NGINX 
Open Source ...)
@@ -9562,7 +9563,7 @@ CVE-2022-3339 (A reflected cross-site scripting (XSS) 
vulnerability in ePO prior
 CVE-2022-3338 (An External XML entity (XXE) vulnerability in ePO prior to 5.10 
Update ...)
        NOT-FOR-US: Trellix ePolicy Orchestrator
 CVE-2022-3337 (It was possible for a user to delete a VPN profile from WARP 
mobile cl ...)
-       TODO: check
+       NOT-FOR-US: Cloudflare
 CVE-2022-3336
        RESERVED
 CVE-2022-3335 (The Kadence WooCommerce Email Designer WordPress plugin before 
1.5.7 u ...)
@@ -9574,7 +9575,7 @@ CVE-2022-3333 (A vulnerability, which was classified as 
problematic, was found i
 CVE-2022-3332 (A vulnerability classified as critical has been found in 
SourceCodeste ...)
        NOT-FOR-US: SourceCodester Food Ordering Management System
 CVE-2022-3331 (An issue has been discovered in GitLab EE affecting all 
versions start ...)
-       TODO: check
+       - gitlab <not-affected> (Only affects EE)
 CVE-2022-3330 (It was possible for a guest user to read a todo targeting an 
inaccessi ...)
        - gitlab <unfixed>
 CVE-2022-3329
@@ -9659,11 +9660,11 @@ CVE-2022-41556 (A resource leak in gw_backend.c in 
lighttpd 1.4.56 through 1.4.6
 CVE-2022-40690 (Cross-site scripting vulnerability in BookStack versions prior 
to v22. ...)
        NOT-FOR-US: BookStack
 CVE-2022-3322 (Lock Warp switch is a feature of Zero Trust platform which, 
when enabl ...)
-       TODO: check
+       NOT-FOR-US: Cloudflare
 CVE-2022-3321 (It was possible to bypass Lock WARP switch feature 
https://developers. ...)
-       TODO: check
+       NOT-FOR-US: Cloudflare
 CVE-2022-3320 (It was possible to bypass policies configured for Zero Trust 
Secure We ...)
-       TODO: check
+       NOT-FOR-US: Cloudflare
 CVE-2022-3319
        RESERVED
 CVE-2022-3318 (Use after free in ChromeOS Notifications in Google Chrome on 
ChromeOS  ...)
@@ -9741,7 +9742,7 @@ CVE-2022-41553 (Insertion of Sensitive Information into 
Temporary File vulnerabi
 CVE-2022-41552 (Server-Side Request Forgery (SSRF) vulnerability in Hitachi 
Infrastruc ...)
        NOT-FOR-US: Hitachi
 CVE-2022-41551 (Garage Management System v1.0 was discovered to contain a SQL 
injectio ...)
-       TODO: check
+       NOT-FOR-US: Garage Management System
 CVE-2022-41550 (GNU oSIP v5.3.0 was discovered to contain an integer overflow 
via the  ...)
        - libosip2 <unfixed> (bug #1021662)
        [bullseye] - libosip2 <no-dsa> (Minor issue)
@@ -9753,7 +9754,7 @@ CVE-2022-41549
 CVE-2022-41548
        RESERVED
 CVE-2022-41547 (Mobile Security Framework (MobSF) v0.9.2 and below was 
discovered to c ...)
-       TODO: check
+       NOT-FOR-US: Mobile Security Framework
 CVE-2022-41546
        RESERVED
 CVE-2022-41545



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bde0344093f2fc6265fbb590ad0b79513d84eaa1

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bde0344093f2fc6265fbb590ad0b79513d84eaa1
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to