[Git][security-tracker-team/security-tracker][master] Process some NFUs

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
ac776cb5 by Salvatore Bonaccorso at 2022-11-10T10:55:49+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -2484,7 +2484,7 @@ CVE-2022-44592
 CVE-2022-44591
        RESERVED
 CVE-2022-44590 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) 
vulnerability i ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-44589
        RESERVED
 CVE-2022-44588
@@ -2596,41 +2596,41 @@ CVE-2022-3786 (A buffer overrun can be triggered in 
X.509 certificate verificati
        NOTE: 
https://www.openssl.org/blog/blog/2022/11/01/email-address-overflows/
        NOTE: 
https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=c42165b5706e42f67ef8ef4c351a9a4c5d21639a
 (openssl-3.0.7)
 CVE-2022-44563 (There is a race condition vulnerability in SD upgrade mode. 
Successful ...)
-       TODO: check
+       NOT-FOR-US: Hauwei
 CVE-2022-44562 (The system framework layer has a vulnerability of 
serialization/deseri ...)
-       TODO: check
+       NOT-FOR-US: Hauwei
 CVE-2022-44561 (The preset launcher module has a permission verification 
vulnerability ...)
-       TODO: check
+       NOT-FOR-US: Hauwei
 CVE-2022-44560 (The launcher module has an Intent redirection vulnerability. 
Successfu ...)
-       TODO: check
+       NOT-FOR-US: Hauwei
 CVE-2022-44559 (The AMS module has a vulnerability of 
serialization/deserialization mi ...)
-       TODO: check
+       NOT-FOR-US: Hauwei
 CVE-2022-44558 (The AMS module has a vulnerability of 
serialization/deserialization mi ...)
-       TODO: check
+       NOT-FOR-US: Hauwei
 CVE-2022-44557 (The SmartTrimProcessEvent module has a vulnerability of 
obtaining the  ...)
-       TODO: check
+       NOT-FOR-US: Hauwei
 CVE-2022-44556 (Missing parameter type validation in the DRM module. 
Successful exploi ...)
        NOT-FOR-US: Huawei
 CVE-2022-44555 (The DDMP/ODMF module has a service hijacking vulnerability. 
Successful ...)
-       TODO: check
+       NOT-FOR-US: Hauwei
 CVE-2022-44554 (The power module has a vulnerability in permission 
verification. Succe ...)
-       TODO: check
+       NOT-FOR-US: Hauwei
 CVE-2022-44553 (The HiView module has a vulnerability of not filtering 
third-party app ...)
-       TODO: check
+       NOT-FOR-US: Hauwei
 CVE-2022-44552 (The lock screen module has defects introduced in the design 
process. S ...)
-       TODO: check
+       NOT-FOR-US: Hauwei
 CVE-2022-44551 (The iaware module has a vulnerability in thread security. 
Successful e ...)
-       TODO: check
+       NOT-FOR-US: Hauwei
 CVE-2022-44550 (The graphics display module has a UAF vulnerability when 
traversing gr ...)
-       TODO: check
+       NOT-FOR-US: Hauwei
 CVE-2022-44549 (The LBS module has a vulnerability in geofencing API access. 
Successfu ...)
-       TODO: check
+       NOT-FOR-US: Hauwei
 CVE-2022-44548 (There is a vulnerability in permission verification during the 
Bluetoo ...)
-       TODO: check
+       NOT-FOR-US: Hauwei
 CVE-2022-44547 (The Display Service module has a UAF vulnerability. Successful 
exploit ...)
-       TODO: check
+       NOT-FOR-US: Hauwei
 CVE-2022-44546 (The kernel module has the vulnerability that the mapping is 
not cleare ...)
-       TODO: check
+       NOT-FOR-US: Hauwei
 CVE-2022-44545
        RESERVED
 CVE-2022-44544 (Mahara 21.04 before 21.04.7, 21.10 before 21.10.5, 22.04 
before 22.04. ...)
@@ -2670,9 +2670,9 @@ CVE-2022-3782
 CVE-2022-3781 (Dashlane password and Keepass Server password in My Account 
Settings a ...)
        NOT-FOR-US: Devolutions Remote Desktop Manager
 CVE-2021-46852 (The memory management module has the logic bypass 
vulnerability. Succe ...)
-       TODO: check
+       NOT-FOR-US: Hauwei
 CVE-2021-46851 (The DRM module has a vulnerability in verifying the secure 
memory attr ...)
-       TODO: check
+       NOT-FOR-US: Hauwei
 CVE-2022-44531
        RESERVED
 CVE-2022-44530
@@ -3299,7 +3299,7 @@ CVE-2022-44246
 CVE-2022-44245
        RESERVED
 CVE-2022-44244 (An authentication bypass in Lin-CMS v0.2.1 allows attackers to 
escalat ...)
-       TODO: check
+       NOT-FOR-US: Lin-CMS
 CVE-2022-44243
        RESERVED
 CVE-2022-44242
@@ -7992,7 +7992,7 @@ CVE-2022-43060
 CVE-2022-43059
        RESERVED
 CVE-2022-43058 (Online Diagnostic Lab Management System v1.0 was discovered to 
contain ...)
-       TODO: check
+       NOT-FOR-US: Online Diagnostic Lab Management System
 CVE-2022-43057
        RESERVED
 CVE-2022-43056
@@ -8070,7 +8070,7 @@ CVE-2022-43033 (An issue was discovered in Bento4 
1.6.0-639. There is a bad free
 CVE-2022-43032 (An issue was discovered in Bento4 v1.6.0-639. There is a 
memory leak i ...)
        NOT-FOR-US: Bento4
 CVE-2022-43031 (DedeCMS v6.1.9 was discovered to contain a Cross-Site Request 
Forgery  ...)
-       TODO: check
+       NOT-FOR-US: DedeCMS
 CVE-2022-43030
        RESERVED
 CVE-2022-43029 (Tenda TX3 US_TX3V1.0br_V16.03.13.11_multi_TDE01 was discovered 
to cont ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ac776cb57cc2892b2cfae33608e950ab123961bb

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ac776cb57cc2892b2cfae33608e950ab123961bb
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits