[Git][security-tracker-team/security-tracker][master] Process some NFUs

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
9b563796 by Salvatore Bonaccorso at 2022-11-08T21:57:43+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -16963,7 +16963,7 @@ CVE-2022-39354 (SputnikVM, also called evm, is a Rust 
implementation of Ethereum
 CVE-2022-39353 (xmldom is a pure JavaScript W3C standard-based (XML DOM Level 
2 Core)  ...)
        TODO: check
 CVE-2022-39352 (OpenFGA is a high-performance authorization/permission engine 
inspired ...)
-       TODO: check
+       NOT-FOR-US: OpenFGA
 CVE-2022-39351 (Dependency-Track is a Component Analysis platform that allows 
organiza ...)
        NOT-FOR-US: Dependency-Track
 CVE-2022-39350 (@dependencytrack/frontend is a Single Page Application (SPA) 
used in D ...)
@@ -16985,7 +16985,7 @@ CVE-2022-39345 (Gin-vue-admin is a backstage management 
system based on vue and
 CVE-2022-39344 (Azure RTOS USBX is a USB host, device, and on-the-go (OTG) 
embedded st ...)
        NOT-FOR-US: Azure RTOS USBX
 CVE-2022-39343 (Azure RTOS FileX is a FAT-compatible file system that’s 
fully in ...)
-       TODO: check
+       NOT-FOR-US: Azure RTOS FileX
 CVE-2022-39342 (OpenFGA is an authorization/permission engine. Versions prior 
to versi ...)
        NOT-FOR-US: OpenFGA
 CVE-2022-39341 (OpenFGA is an authorization/permission engine. Versions prior 
to versi ...)
@@ -17528,7 +17528,7 @@ CVE-2022-39159
 CVE-2022-39158 (A vulnerability has been identified in RUGGEDCOM ROS RMC30 
V4.X (All v ...)
        NOT-FOR-US: Siemens
 CVE-2022-39157 (A vulnerability has been identified in Parasolid V34.0 (All 
versions & ...)
-       TODO: check
+       NOT-FOR-US: Siemens
 CVE-2022-39156 (A vulnerability has been identified in Parasolid V33.1 (All 
versions & ...)
        NOT-FOR-US: Siemens
 CVE-2022-39155 (A vulnerability has been identified in Parasolid V33.1 (All 
versions & ...)
@@ -17570,7 +17570,7 @@ CVE-2022-39138 (A vulnerability has been identified in 
Parasolid V33.1 (All vers
 CVE-2022-39137 (A vulnerability has been identified in Parasolid V33.1 (All 
versions & ...)
        NOT-FOR-US: Siemens
 CVE-2022-39136 (A vulnerability has been identified in JT2Go (All versions 
< V14.1. ...)
-       TODO: check
+       NOT-FOR-US: Siemens
 CVE-2022-39135 (In Apache Calcite prior to version 1.32.0 the SQL operators 
EXISTS_NOD ...)
        NOT-FOR-US: Apache Calcite
 CVE-2022-39134
@@ -17758,7 +17758,7 @@ CVE-2022-39071
 CVE-2022-39070
        RESERVED
 CVE-2022-39069 (There is a SQL injection vulnerability in ZTE ZAIP-AIE. Due to 
lack of ...)
-       TODO: check
+       NOT-FOR-US: ZTE
 CVE-2022-39068
        RESERVED
 CVE-2022-39067
@@ -29395,9 +29395,9 @@ CVE-2022-33177 (Cross-Site Request Forgery (CSRF) 
vulnerability in WPdevelop/Opl
 CVE-2022-32970
        RESERVED
 CVE-2022-32776 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability 
in Adva ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-32587 (Cross-Site Request Forgery (CSRF) vulnerability in CodeAndMore 
WP Page ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-30998 (Multiple Authenticated (subscriber or higher user role) SQL 
Injection  ...)
        NOT-FOR-US: WordPress plugin
 CVE-2022-30705
@@ -39361,7 +39361,7 @@ CVE-2022-31201 (SoftGuard Web (SGW) before 5.1.5 allows 
HTML injection. ...)
 CVE-2022-31200
        RESERVED
 CVE-2022-31199 (Remote code execution vulnerabilities exist in the Netwrix 
Auditor Use ...)
-       TODO: check
+       NOT-FOR-US: Netwrix Auditor
 CVE-2022-1797 (A malformed Class 3 common industrial protocol message with a 
cached c ...)
        NOT-FOR-US: Rockwell Automation
 CVE-2022-31198 (OpenZeppelin Contracts is a library for secure smart contract 
developm ...)
@@ -40813,7 +40813,7 @@ CVE-2022-30696 (Local privilege escalation due to a DLL 
hijacking vulnerability.
 CVE-2022-30695 (Local privilege escalation due to excessive permissions 
assigned to ch ...)
        NOT-FOR-US: Acronis
 CVE-2022-30694 (A vulnerability has been identified in SIMATIC Drive 
Controller family ...)
-       TODO: check
+       NOT-FOR-US: Siemens
 CVE-2022-30543
        RESERVED
 CVE-2022-29485 (Cross-site scripting vulnerability in SHIRASAGI v1.0.0 to 
v1.14.2, and ...)
@@ -49270,7 +49270,7 @@ CVE-2022-27916
 CVE-2022-27915
        RESERVED
 CVE-2022-27914 (An issue was discovered in Joomla! 4.0.0 through 4.2.4. 
Inadequate fil ...)
-       TODO: check
+       NOT-FOR-US: Joomla!
 CVE-2022-27913 (An issue was discovered in Joomla! 4.2.0 through 4.2.3. 
Inadequate fil ...)
        NOT-FOR-US: Joomla!
 CVE-2022-27912 (An issue was discovered in Joomla! 4.0.0 through 4.2.3. Sites 
with pub ...)
@@ -49474,13 +49474,13 @@ CVE-2022-27860 (Cross-Site Request Forgery (CSRF) 
leading to Cross-Site Scriptin
 CVE-2022-27859 (Multiple Authenticated (contributor or higher user role) 
Stored Cross- ...)
        NOT-FOR-US: WordPress plugin
 CVE-2022-27858 (CSV Injection vulnerability in Activity Log Team Activity Log 
<= 2. ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-27857
        RESERVED
 CVE-2022-27856
        RESERVED
 CVE-2022-27855 (Cross-Site Request Forgery (CSRF) vulnerability in Fatcat Apps 
Analyti ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-27854 (Stored Cross-Site Scripting (XSS) vulnerability in Alexander 
Ustimenko ...)
        NOT-FOR-US: WordPress plugin
 CVE-2022-27853 (Authenticated (author or higher role) Stored Cross-Site 
Scripting (XSS ...)
@@ -62343,7 +62343,7 @@ CVE-2022-23740
 CVE-2022-23739
        RESERVED
 CVE-2022-23738 (An improper cache key vulnerability was identified in GitHub 
Enterpris ...)
-       TODO: check
+       NOT-FOR-US: GitHub Enterprise Server
 CVE-2022-23737
        RESERVED
 CVE-2022-23736
@@ -88144,7 +88144,7 @@ CVE-2021-40305
 CVE-2021-40304
        RESERVED
 CVE-2021-40303 (perfex crm 1.10 is vulnerable to Cross Site Scripting (XSS) 
via /clien ...)
-       TODO: check
+       NOT-FOR-US: perfex crm
 CVE-2021-40302
        RESERVED
 CVE-2021-40301



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9b5637962a10238881f57af60b4869910686ac04

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9b5637962a10238881f57af60b4869910686ac04
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits