[Git][security-tracker-team/security-tracker][master] Process some NFUs

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
b853d3b0 by Salvatore Bonaccorso at 2022-11-22T22:28:33+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -13058,7 +13058,7 @@ CVE-2022-41952 (Synapse before 1.52.0 with URL preview 
functionality enabled wil
 CVE-2022-41951
        RESERVED
 CVE-2022-41950 (super-xray is the GUI alternative for vulnerability scanning 
tool xray ...)
-       TODO: check
+       NOT-FOR-US: super-xray
 CVE-2022-41949
        RESERVED
 CVE-2022-41948
@@ -13068,13 +13068,13 @@ CVE-2022-41947
 CVE-2022-41946
        RESERVED
 CVE-2022-41945 (super-xray is a vulnerability scanner (xray) GUI launcher. In 
version  ...)
-       TODO: check
+       NOT-FOR-US: super-xray
 CVE-2022-41944
        RESERVED
 CVE-2022-41943 (sourcegraph is a code intelligence platform. As a site admin 
it was po ...)
-       TODO: check
+       NOT-FOR-US: Sourcegraph
 CVE-2022-41942 (Sourcegraph is a code intelligence platform. In versions prior 
to 4.1. ...)
-       TODO: check
+       NOT-FOR-US: Sourcegraph
 CVE-2022-41941
        RESERVED
 CVE-2022-41940 (Engine.IO is the implementation of transport-based 
cross-browser/cross ...)
@@ -20174,15 +20174,15 @@ CVE-2022-39072
 CVE-2022-39071
        RESERVED
 CVE-2022-39070 (There is an access control vulnerability in some ZTE PON OLT 
products. ...)
-       TODO: check
+       NOT-FOR-US: ZTE
 CVE-2022-39069 (There is a SQL injection vulnerability in ZTE ZAIP-AIE. Due to 
lack of ...)
        NOT-FOR-US: ZTE
 CVE-2022-39068
        RESERVED
 CVE-2022-39067 (There is a buffer overflow vulnerability in ZTE MF286R. Due to 
lack of ...)
-       TODO: check
+       NOT-FOR-US: ZTE
 CVE-2022-39066 (There is a SQL injection vulnerability in ZTE MF286R. Due to 
insuffici ...)
-       TODO: check
+       NOT-FOR-US: ZTE
 CVE-2022-39065 (A single malformed IEEE 802.15.4 (Zigbee) frame makes the 
TRÅDFRI ...)
        NOT-FOR-US: Ikea
 CVE-2022-39064 (An attacker sending a single malformed IEEE 802.15.4 (Zigbee) 
frame ma ...)
@@ -22056,7 +22056,7 @@ CVE-2022-38464
 CVE-2022-38463 (ServiceNow through San Diego Patch 4b and Patch 6 allows 
reflected XSS ...)
        NOT-FOR-US: ServiceNow
 CVE-2022-38462 (Silverstripe silverstripe/framework through 4.11 is vulnerable 
to XSS  ...)
-       TODO: check
+       NOT-FOR-US: SilverStripe CMS
 CVE-2022-38450 (Adobe Acrobat Reader versions 22.002.20212 (and earlier) and 
20.005.30 ...)
        NOT-FOR-US: Adobe
 CVE-2022-38449 (Adobe Acrobat Reader versions 22.002.20212 (and earlier) and 
20.005.30 ...)
@@ -23140,11 +23140,11 @@ CVE-2022-38151
 CVE-2022-38149 (HashiCorp Consul Template up to 0.27.2, 0.28.2, and 0.29.1 may 
expose  ...)
        NOT-FOR-US: Consul Template
 CVE-2022-38148 (Silverstripe silverstripe/framework through 4.11 allows SQL 
Injection. ...)
-       TODO: check
+       NOT-FOR-US: SilverStripe CMS
 CVE-2022-38147
        RESERVED
 CVE-2022-38146 (Silverstripe silverstripe/framework through 4.11 allows XSS 
(issue 2 o ...)
-       TODO: check
+       NOT-FOR-US: SilverStripe CMS
 CVE-2022-38145
        RESERVED
 CVE-2022-38133 (In JetBrains TeamCity before 2022.04.3 the private SSH key 
could be wr ...)
@@ -30240,7 +30240,7 @@ CVE-2022-35409 (An issue was discovered in Mbed TLS 
before 2.28.1 and 3.x before
 CVE-2022-35408 (An issue was discovered in Insyde InsydeH2O with kernel 5.0 
through 5. ...)
        NOT-FOR-US: Insyde
 CVE-2022-35407 (An issue was discovered in Insyde InsydeH2O with kernel 5.0 
through 5. ...)
-       TODO: check
+       NOT-FOR-US: Insyde
 CVE-2022-35406 (A URL disclosure issue was discovered in Burp Suite before 
2022.6. If  ...)
        - burpsuite <itp> (bug #832943)
 CVE-2022-35405 (Zoho ManageEngine Password Manager Pro before 12101 and PAM360 
before  ...)
@@ -36615,7 +36615,7 @@ CVE-2022-33014
 CVE-2022-33013
        RESERVED
 CVE-2022-33012 (Microweber v1.2.15 was discovered to allow attackers to 
perform an acc ...)
-       TODO: check
+       NOT-FOR-US: microweber
 CVE-2022-33011 (Known v1.3.1+2020120201 was discovered to allow attackers to 
perform a ...)
        NOT-FOR-US: Known
 CVE-2022-33010
@@ -44769,9 +44769,9 @@ CVE-2022-1585 (The Project Source Code Download 
WordPress plugin through 1.0.0 d
 CVE-2022-30259
        RESERVED
 CVE-2022-30258 (An issue was discovered in Technitium DNS Server through 8.0.2 
that al ...)
-       TODO: check
+       NOT-FOR-US: Technitium DNS Server
 CVE-2022-30257 (An issue was discovered in Technitium DNS Server through 8.0.2 
that al ...)
-       TODO: check
+       NOT-FOR-US: Technitium DNS Server
 CVE-2022-30256 (An issue was discovered in MaraDNS Deadwood through 3.5.0021 
that allo ...)
        - maradns <unfixed>
        NOTE: https://maradns.samiam.org/security.html#CVE-2022-30256
@@ -52878,7 +52878,7 @@ CVE-2022-1040 (An authentication bypass vulnerability 
in the User Portal and Web
 CVE-2022-1039 (The weak password on the web user interface can be exploited 
via HTTP  ...)
        NOT-FOR-US: Red Lion
 CVE-2022-1038 (A potential security vulnerability has been identified in the 
HP Jumps ...)
-       TODO: check
+       NOT-FOR-US: HP
 CVE-2022-27492 (An integer underflow in WhatsApp could have caused remote code 
executi ...)
        NOT-FOR-US: WhatsApp
 CVE-2022-27491 (A improper verification of source of a communication channel 
in Fortin ...)
@@ -81835,7 +81835,7 @@ CVE-2021-3921 (firefly-iii is vulnerable to Cross-Site 
Request Forgery (CSRF) ..
 CVE-2021-3920 (grav-plugin-admin is vulnerable to Improper Neutralization of 
Input Du ...)
        NOT-FOR-US: Grav CMS
 CVE-2021-3919 (A potential security vulnerability has been identified in OMEN 
Gaming  ...)
-       TODO: check
+       NOT-FOR-US: HP
 CVE-2021-43203 (In JetBrains Ktor before 1.6.4, nonce verification during the 
OAuth2 a ...)
        NOT-FOR-US: JetBrains Ktor
 CVE-2021-43202 (In JetBrains TeamCity before 2021.1.3, the X-Frame-Options 
header is m ...)
@@ -87427,7 +87427,7 @@ CVE-2021-41526
 CVE-2021-41525 (An issue related to modification of otherwise restricted files 
through ...)
        NOT-FOR-US: FlexNet
 CVE-2021-3821 (A potential security vulnerability has been identified for 
certain HP  ...)
-       TODO: check
+       NOT-FOR-US: HP
 CVE-2021-3820 (inflect is vulnerable to Inefficient Regular Expression 
Complexity ...)
        NOT-FOR-US: Nodejs inflect
        NOTE: https://github.com/pksunkara/inflect
@@ -98017,7 +98017,7 @@ CVE-2021-3663 (firefly-iii is vulnerable to Improper 
Restriction of Excessive Au
 CVE-2021-3662 (Certain HP Enterprise LaserJet and PageWide MFPs may be 
vulnerable to  ...)
        NOT-FOR-US: HP
 CVE-2021-3661 (A potential security vulnerability has been identified in 
certain HP W ...)
-       TODO: check
+       NOT-FOR-US: HP
 CVE-2021-37403 (OX App Suite before 7.10.3-rev32 and 7.10.4 before 
7.10.4-rev18 allows ...)
        NOT-FOR-US: OX App Suite
 CVE-2021-37402 (OX App Suite before 7.10.3-rev32 and 7.10.4 before 
7.10.4-rev18 allows ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b853d3b0105df3545b02f3e7247a25dcc5981780

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b853d3b0105df3545b02f3e7247a25dcc5981780
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits