[Git][security-tracker-team/security-tracker][master] Process some NFUs

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
6c8a573e by Salvatore Bonaccorso at 2022-11-10T21:53:17+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -18101,11 +18101,11 @@ CVE-2022-39040
 CVE-2022-39039
        RESERVED
 CVE-2022-39038 (Agentflow BPM enterprise management system has improper 
authentication ...)
-       TODO: check
+       NOT-FOR-US: Agentflow BPM enterprise management system
 CVE-2022-39037 (Agentflow BPM file download function has a path traversal 
vulnerabilit ...)
-       TODO: check
+       NOT-FOR-US: Agentflow BPM file download function
 CVE-2022-39036 (The file upload function of Agentflow BPM has insufficient 
filtering f ...)
-       TODO: check
+       NOT-FOR-US: Agentflow BPM
 CVE-2022-39035 (Smart eVision has insufficient filtering for special 
characters in the ...)
        NOT-FOR-US: Smart eVision
 CVE-2022-39034 (Smart eVision has a path traversal vulnerability in the Report 
API fun ...)
@@ -21009,13 +21009,13 @@ CVE-2022-38124
 CVE-2022-38123
        RESERVED
 CVE-2022-38122 (UPSMON PRO transmits sensitive data in cleartext over HTTP 
protocol. A ...)
-       TODO: check
+       NOT-FOR-US: UPSMON PRO
 CVE-2022-38121 (UPSMON PRO configuration file stores user password in 
plaintext under  ...)
-       TODO: check
+       NOT-FOR-US: UPSMON PRO
 CVE-2022-38120 (UPSMON PRO’s has a path traversal vulnerability. A 
remote attack ...)
-       TODO: check
+       NOT-FOR-US: UPSMON PRO
 CVE-2022-38119 (UPSMON Pro login function has insufficient authentication. An 
unauthen ...)
-       TODO: check
+       NOT-FOR-US: UPSMON PRO
 CVE-2022-38118 (OAKlouds Portal website’s Meeting Room has insufficient 
validati ...)
        NOT-FOR-US: OAKlouds
 CVE-2022-38117 (Juiker app hard-coded its AES key in the source code. A 
physical attac ...)
@@ -21310,7 +21310,7 @@ CVE-2022-38025 (Windows Distributed File System (DFS) 
Information Disclosure Vul
 CVE-2022-38024
        RESERVED
 CVE-2022-38023 (Netlogon RPC Elevation of Privilege Vulnerability. ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2022-38022 (Windows Kernel Elevation of Privilege Vulnerability. This CVE 
ID is un ...)
        NOT-FOR-US: Microsoft
 CVE-2022-38021 (Connected User Experiences and Telemetry Elevation of 
Privilege Vulner ...)
@@ -21326,9 +21326,9 @@ CVE-2022-38017 (StorSimple 8000 Series Elevation of 
Privilege Vulnerability. ...
 CVE-2022-38016 (Windows Local Security Authority (LSA) Elevation of Privilege 
Vulnerab ...)
        NOT-FOR-US: Microsoft
 CVE-2022-38015 (Windows Hyper-V Denial of Service Vulnerability. ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2022-38014 (Windows Subsystem for Linux (WSL2) Kernel Elevation of 
Privilege Vulne ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2022-38013 (.NET Core and Visual Studio Denial of Service Vulnerability. 
...)
        NOT-FOR-US: Microsoft
 CVE-2022-38012 (Microsoft Edge (Chromium-based) Remote Code Execution 
Vulnerability. ...)
@@ -21372,7 +21372,7 @@ CVE-2022-37994 (Windows Group Policy Preference Client 
Elevation of Privilege Vu
 CVE-2022-37993 (Windows Group Policy Preference Client Elevation of Privilege 
Vulnerab ...)
        NOT-FOR-US: Microsoft
 CVE-2022-37992 (Windows Group Policy Elevation of Privilege Vulnerability. 
This CVE ID ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2022-37991 (Windows Kernel Elevation of Privilege Vulnerability. This CVE 
ID is un ...)
        NOT-FOR-US: Microsoft
 CVE-2022-37990 (Windows Kernel Elevation of Privilege Vulnerability. This CVE 
ID is un ...)
@@ -21422,9 +21422,9 @@ CVE-2022-37969 (Windows Common Log File System Driver 
Elevation of Privilege Vul
 CVE-2022-37968 (Azure Arc-enabled Kubernetes cluster Connect Elevation of 
Privilege Vu ...)
        NOT-FOR-US: Microsoft
 CVE-2022-37967 (Windows Kerberos Elevation of Privilege Vulnerability. ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2022-37966 (Windows Kerberos RC4-HMAC Elevation of Privilege 
Vulnerability. ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2022-37965 (Windows Point-to-Point Tunneling Protocol Denial of Service 
Vulnerabil ...)
        NOT-FOR-US: Microsoft
 CVE-2022-37964 (Windows Kernel Elevation of Privilege Vulnerability. This CVE 
ID is un ...)
@@ -34621,7 +34621,7 @@ CVE-2022-32959 (HiCOS’ client-side citizen 
digital certificate component h
 CVE-2022-32958 (A remote attacker with general user privilege can send a 
message to Te ...)
        NOT-FOR-US: TeamPlus Pro
 CVE-2022-32588 (An out-of-bounds write vulnerability exists in the PICT 
parsing pctwre ...)
-       TODO: check
+       NOT-FOR-US: Accusoft ImageGear
 CVE-2022-32281
        RESERVED
 CVE-2022-2053 (When a POST request comes through AJP and the request exceeds 
the max- ...)
@@ -38172,15 +38172,15 @@ CVE-2022-31691 (Spring Tools 4 for Eclipse version 
4.16.0 and below as well as V
 CVE-2022-31690 (Spring Security, versions 5.7 prior to 5.7.5, and 5.6 prior to 
5.6.9,  ...)
        TODO: check
 CVE-2022-31689 (VMware Workspace ONE Assist prior to 22.10 contains a Session 
fixation ...)
-       TODO: check
+       NOT-FOR-US: VMware
 CVE-2022-31688 (VMware Workspace ONE Assist prior to 22.10 contains a 
Reflected cross- ...)
-       TODO: check
+       NOT-FOR-US: VMware
 CVE-2022-31687 (VMware Workspace ONE Assist prior to 22.10 contains a Broken 
Access Co ...)
-       TODO: check
+       NOT-FOR-US: VMware
 CVE-2022-31686 (VMware Workspace ONE Assist prior to 22.10 contains a Broken 
Authentic ...)
-       TODO: check
+       NOT-FOR-US: VMware
 CVE-2022-31685 (VMware Workspace ONE Assist prior to 22.10 contains an 
Authentication  ...)
-       TODO: check
+       NOT-FOR-US: VMware
 CVE-2022-31684 (Reactor Netty HTTP Server, in versions 1.0.11 - 1.0.23, may 
log reques ...)
        TODO: check
 CVE-2022-31683
@@ -40557,9 +40557,9 @@ CVE-2022-30710 (Improper validation vulnerability in 
RemoteViews prior to SMR Ju
 CVE-2022-30709 (Improper input validation check logic vulnerability in SECRIL 
prior to ...)
        NOT-FOR-US: Samsung
 CVE-2022-29888 (A leftover debug code vulnerability exists in the httpd port 
4444 uplo ...)
-       TODO: check
+       NOT-FOR-US: InHand Networks InRouter302
 CVE-2022-25932 (The firmware of InHand Networks InRouter302 V3.5.45 introduces 
fixes f ...)
-       TODO: check
+       NOT-FOR-US: InHand Networks InRouter302
 CVE-2022-1736
        RESERVED
        - gnome-remote-desktop 42.1.1-2 (unimportant)
@@ -41083,15 +41083,15 @@ CVE-2022-30695 (Local privilege escalation due to 
excessive permissions assigned
 CVE-2022-30694 (A vulnerability has been identified in SIMATIC Drive 
Controller family ...)
        NOT-FOR-US: Siemens
 CVE-2022-30543 (A leftover debug code vulnerability exists in the console 
infct functi ...)
-       TODO: check
+       NOT-FOR-US: InHand Networks InRouter302
 CVE-2022-29485 (Cross-site scripting vulnerability in SHIRASAGI v1.0.0 to 
v1.14.2, and ...)
        NOT-FOR-US: SHIRASAGI
 CVE-2022-29481 (A leftover debug code vulnerability exists in the console 
nvram functi ...)
-       TODO: check
+       NOT-FOR-US: InHand Networks InRouter302
 CVE-2022-28689 (A leftover debug code vulnerability exists in the console 
support func ...)
-       TODO: check
+       NOT-FOR-US: InHand Networks InRouter302
 CVE-2022-26023 (A leftover debug code vulnerability exists in the console 
verify funct ...)
-       TODO: check
+       NOT-FOR-US: InHand Networks InRouter302
 CVE-2022-1715 (Account Takeover in GitHub repository neorazorx/facturascripts 
prior t ...)
        NOT-FOR-US: neorazorx/facturascripts
 CVE-2022-1714 (Heap-based Buffer Overflow in GitHub repository 
radareorg/radare2 prio ...)
@@ -43742,7 +43742,7 @@ CVE-2022-29838
 CVE-2022-29837
        RESERVED
 CVE-2022-29836 (Improper Limitation of a Pathname to a Restricted Directory 
('Path Tra ...)
-       TODO: check
+       NOT-FOR-US: Western Digital
 CVE-2022-29835 (WD Discovery software executable files were signed with an 
unsafe SHA- ...)
        NOT-FOR-US: WD Discovery software
 CVE-2022-29834 (Improper Limitation of a Pathname to a Restricted Directory 
('Path Tra ...)
@@ -68374,7 +68374,7 @@ CVE-2022-0033
 CVE-2022-0032
        RESERVED
 CVE-2022-0031 (A local privilege escalation (PE) vulnerability in the Palo 
Alto Netwo ...)
-       TODO: check
+       NOT-FOR-US: Palo Alto Networks
 CVE-2022-0030 (An authentication bypass vulnerability in the Palo Alto 
Networks PAN-O ...)
        NOT-FOR-US: Palo Alto Networks
 CVE-2022-0029 (An improper link resolution vulnerability in the Palo Alto 
Networks Co ...)
@@ -88441,7 +88441,7 @@ CVE-2021-40291
 CVE-2021-40290
        RESERVED
 CVE-2021-40289 (mm-wki v0.2.1 is vulnerable to Cross Site Scripting (XSS). ...)
-       TODO: check
+       NOT-FOR-US: mm-wki
 CVE-2021-40288 (A denial-of-service attack in WPA2, and WPA3-SAE 
authentication method ...)
        NOT-FOR-US: TP-Link
 CVE-2021-40287
@@ -102496,11 +102496,11 @@ CVE-2021-34581 (Missing Release of Resource after 
Effective Lifetime vulnerabili
 CVE-2021-34580 (In mymbCONNECT24, mbCONNECT24 <= 2.9.0 an unauthenticated 
user can  ...)
        NOT-FOR-US: MB connect line
 CVE-2021-34579 (In Phoenix Contact: FL MGUARD DM version 1.12.0 and 1.13.0 
access to t ...)
-       TODO: check
+       NOT-FOR-US: Phoenix Contact
 CVE-2021-34578 (This vulnerability allows an attacker who has access to the 
WBM to rea ...)
        NOT-FOR-US: WAGO
 CVE-2021-34577 (In the Kaden PICOFLUX AiR water meter an adversary can read 
the values ...)
-       TODO: check
+       NOT-FOR-US: Kaden PICOFLUX AiR water meter
 CVE-2021-34576 (In Kaden PICOFLUX Air in all known versions an information 
exposure th ...)
        NOT-FOR-US: Kaden PICOFLUX Air
 CVE-2021-34575 (In MB connect line mymbCONNECT24, mbCONNECT24 in versions 
<= 2.8.0  ...)
@@ -102516,13 +102516,13 @@ CVE-2021-34571 (Multiple Wireless M-Bus devices by 
Enbra use Hard-coded Credenti
 CVE-2021-34570 (Multiple Phoenix Contact PLCnext control devices in versions 
prior to  ...)
        NOT-FOR-US: Phoenix Contact PLCnext control devices
 CVE-2021-34569 (In WAGO I/O-Check Service in multiple products an attacker can 
send a  ...)
-       TODO: check
+       NOT-FOR-US: WAGO
 CVE-2021-34568 (In WAGO I/O-Check Service in multiple products an 
unauthenticated remo ...)
-       TODO: check
+       NOT-FOR-US: WAGO
 CVE-2021-34567 (In WAGO I/O-Check Service in multiple products an 
unauthenticated remo ...)
-       TODO: check
+       NOT-FOR-US: WAGO
 CVE-2021-34566 (In WAGO I/O-Check Service in multiple products an 
unauthenticated remo ...)
-       TODO: check
+       NOT-FOR-US: WAGO
 CVE-2021-34565 (In PEPPERL+FUCHS WirelessHART-Gateway 3.0.7 to 3.0.9 the SSH 
and telne ...)
        NOT-FOR-US: PEPPERL+FUCHS WirelessHART-Gateway
 CVE-2021-34564 (Any cookie-stealing vulnerabilities within the application or 
browser  ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6c8a573e5b47a977cb048dc4f3936e7013232ca8

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6c8a573e5b47a977cb048dc4f3936e7013232ca8
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits