[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) Wed, 23 Nov 2022 01:52:24 -0800


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
09893385 by Salvatore Bonaccorso at 2022-11-23T10:51:51+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1532,9 +1532,9 @@ CVE-2022-45333
 CVE-2022-45332
        RESERVED
 CVE-2022-45331 (AeroCMS v0.0.1 was discovered to contain a SQL Injection 
vulnerability ...)
-       TODO: check
+       NOT-FOR-US: AeroCMS
 CVE-2022-45330 (AeroCMS v0.0.1 was discovered to contain a SQL Injection 
vulnerability ...)
-       TODO: check
+       NOT-FOR-US: AeroCMS
 CVE-2022-45329
        RESERVED
 CVE-2022-45328
@@ -8318,7 +8318,7 @@ CVE-2022-43753 (A Improper Limitation of a Pathname to a 
Restricted Directory ('
 CVE-2022-43752 (** UNSUPPORTED WHEN ASSIGNED ** Oracle Solaris version 10 
1/13, when u ...)
        NOT-FOR-US: Oracle Solaris
 CVE-2022-43751 (McAfee Total Protection prior to version 16.0.49 contains an 
uncontrol ...)
-       TODO: check
+       NOT-FOR-US: McAfee
 CVE-2022-43750 (drivers/usb/mon/mon_bin.c in usbmon in the Linux kernel before 
5.19.15 ...)
        {DLA-3173-1}
        - linux 6.0.2-1
@@ -9828,7 +9828,7 @@ CVE-2022-43215 (Billing System Project v1.0 was 
discovered to contain a SQL inje
 CVE-2022-43214 (Billing System Project v1.0 was discovered to contain a SQL 
injection  ...)
        NOT-FOR-US: Billing System Project
 CVE-2022-43213 (Billing System Project v1.0 was discovered to contain a SQL 
injection  ...)
-       TODO: check
+       NOT-FOR-US: Billing System Project
 CVE-2022-43212 (Billing System Project v1.0 was discovered to contain a SQL 
injection  ...)
        NOT-FOR-US: Billing System Project
 CVE-2022-43211
@@ -16013,7 +16013,7 @@ CVE-2022-40772
 CVE-2022-40771
        RESERVED
 CVE-2022-40770 (Zoho ManageEngine ServiceDesk Plus versions 13010 and prior 
are vulner ...)
-       TODO: check
+       NOT-FOR-US: Zoho ManageEngine
 CVE-2022-40769 (profanity through 1.60 has only four billion possible RNG 
initializati ...)
        NOT-FOR-US: profanity (not same as src:profanity)
 CVE-2022-40768 (drivers/scsi/stex.c in the Linux kernel through 5.19.9 allows 
local us ...)
@@ -21261,7 +21261,7 @@ CVE-2022-38726
 CVE-2022-38725
        RESERVED
 CVE-2022-38724 (Silverstripe silverstripe/framework through 4.11.0, 
silverstripe/asset ...)
-       TODO: check
+       NOT-FOR-US: SilverStripe CMS
 CVE-2022-38723
        RESERVED
 CVE-2022-38722
@@ -23039,7 +23039,7 @@ CVE-2022-2793 (Emerson Electric's Proficy Machine 
Edition Version 9.00 and prior
 CVE-2022-2792 (Emerson Electric's Proficy Machine Edition Version 9.00 and 
prior is v ...)
        NOT-FOR-US: Emerson
 CVE-2022-2791 (Emerson Electric's Proficy Machine Edition Version 9.00 and 
prior is v ...)
-       TODO: check
+       NOT-FOR-US: Emerson Electric's Proficy Machine Edition
 CVE-2022-2790 (Emerson Electric's Proficy Machine Edition Version 9.00 and 
prior is v ...)
        NOT-FOR-US: Emerson
 CVE-2022-2789 (Emerson Electric's Proficy Machine Edition Version 9.00 and 
prior is v ...)
@@ -23165,11 +23165,11 @@ CVE-2022-38149 (HashiCorp Consul Template up to 
0.27.2, 0.28.2, and 0.29.1 may e
 CVE-2022-38148 (Silverstripe silverstripe/framework through 4.11 allows SQL 
Injection. ...)
        NOT-FOR-US: SilverStripe CMS
 CVE-2022-38147 (Silverstripe silverstripe/framework through 4.11 allows XSS 
(issue 3 o ...)
-       TODO: check
+       NOT-FOR-US: SilverStripe CMS
 CVE-2022-38146 (Silverstripe silverstripe/framework through 4.11 allows XSS 
(issue 2 o ...)
        NOT-FOR-US: SilverStripe CMS
 CVE-2022-38145 (Silverstripe silverstripe/framework through 4.11 allows XSS 
(issue 1 o ...)
-       TODO: check
+       NOT-FOR-US: SilverStripe CMS
 CVE-2022-38133 (In JetBrains TeamCity before 2022.04.3 the private SSH key 
could be wr ...)
        NOT-FOR-US: JetBrains TeamCity
 CVE-2022-38132 (Command injection vulnerability in Linksys MR8300 router while 
Registr ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/098933859d0beb653536b20d2cf5f90613490045

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/098933859d0beb653536b20d2cf5f90613490045
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process some NFUs

Reply via email to