[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) Wed, 23 Nov 2022 12:49:33 -0800


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
96b89fb1 by Salvatore Bonaccorso at 2022-11-23T21:45:43+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -995,7 +995,7 @@ CVE-2022-4055 (When xdg-mail is configured to use 
thunderbird for mailto URLs, i
 CVE-2022-4054
        RESERVED
 CVE-2022-45462 (Alarm instance management has command injection when there is 
a specif ...)
-       TODO: check
+       NOT-FOR-US: Apache DolphinScheduler
 CVE-2022-45461 (The Java Admin Console in Veritas NetBackup through 10.1 and 
related V ...)
        NOT-FOR-US: Veritas NetBackup
 CVE-2022-45460
@@ -5515,11 +5515,11 @@ CVE-2022-44282
 CVE-2022-44281
        RESERVED
 CVE-2022-44280 (Automotive Shop Management System v1.0 is vulnerable to Delete 
any fil ...)
-       TODO: check
+       NOT-FOR-US: Automotive Shop Management System
 CVE-2022-44279
        RESERVED
 CVE-2022-44278 (Sanitization Management System v1.0 is vulnerable to SQL 
Injection via ...)
-       TODO: check
+       NOT-FOR-US: Sanitization Management System
 CVE-2022-44277
        RESERVED
 CVE-2022-44276
@@ -5555,29 +5555,29 @@ CVE-2022-44262
 CVE-2022-44261
        RESERVED
 CVE-2022-44260 (TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a 
post-authentication b ...)
-       TODO: check
+       NOT-FOR-US: TOTOLINK
 CVE-2022-44259 (TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a 
post-authentication b ...)
-       TODO: check
+       NOT-FOR-US: TOTOLINK
 CVE-2022-44258 (TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a 
post-authentication b ...)
-       TODO: check
+       NOT-FOR-US: TOTOLINK
 CVE-2022-44257 (TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a 
post-authentication b ...)
-       TODO: check
+       NOT-FOR-US: TOTOLINK
 CVE-2022-44256 (TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a 
post-authentication b ...)
-       TODO: check
+       NOT-FOR-US: TOTOLINK
 CVE-2022-44255 (TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a 
pre-authentication bu ...)
-       TODO: check
+       NOT-FOR-US: TOTOLINK
 CVE-2022-44254 (TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a 
post-authentication b ...)
-       TODO: check
+       NOT-FOR-US: TOTOLINK
 CVE-2022-44253 (TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a 
post-authentication b ...)
-       TODO: check
+       NOT-FOR-US: TOTOLINK
 CVE-2022-44252 (TOTOLINK NR1800X V9.1.0u.6279_B20210910 contains a command 
injection v ...)
-       TODO: check
+       NOT-FOR-US: TOTOLINK
 CVE-2022-44251 (TOTOLINK NR1800X V9.1.0u.6279_B20210910 contains a command 
injection v ...)
-       TODO: check
+       NOT-FOR-US: TOTOLINK
 CVE-2022-44250 (TOTOLINK NR1800X V9.1.0u.6279_B20210910 contains a command 
injection v ...)
-       TODO: check
+       NOT-FOR-US: TOTOLINK
 CVE-2022-44249 (TOTOLINK NR1800X V9.1.0u.6279_B20210910 contains a command 
injection v ...)
-       TODO: check
+       NOT-FOR-US: TOTOLINK
 CVE-2022-44248
        RESERVED
 CVE-2022-44247
@@ -5797,7 +5797,7 @@ CVE-2022-44141
 CVE-2022-44140
        RESERVED
 CVE-2022-44139 (Apartment Visitor Management System v1.0 is vulnerable to SQL 
Injectio ...)
-       TODO: check
+       NOT-FOR-US: Apartment Visitor Management System
 CVE-2022-44138
        RESERVED
 CVE-2022-44137
@@ -13264,9 +13264,9 @@ CVE-2022-41930
 CVE-2022-41929 (org.xwiki.platform:xwiki-platform-oldcore is missing 
authorization in  ...)
        TODO: check
 CVE-2022-41928 (XWiki Platform vulnerable to Improper Neutralization of 
Directives in  ...)
-       TODO: check
+       NOT-FOR-US: XWiki
 CVE-2022-41927 (XWiki Platform is vulnerable to Cross-Site Request Forgery 
(CSRF) that ...)
-       TODO: check
+       NOT-FOR-US: XWiki
 CVE-2022-41926
        RESERVED
 CVE-2022-41925 (A vulnerability identified in the Tailscale client allows a 
malicious  ...)
@@ -16151,9 +16151,9 @@ CVE-2022-40774 (An issue was discovered in Bento4 
through 1.6.0-639. There is a
 CVE-2022-40773 (Zoho ManageEngine ServiceDesk Plus MSP before 10609 and 
SupportCenter  ...)
        NOT-FOR-US: Zoho ManageEngine
 CVE-2022-40772 (Zoho ManageEngine ServiceDesk Plus versions 13010 and prior 
are vulner ...)
-       TODO: check
+       NOT-FOR-US: Zoho ManageEngine
 CVE-2022-40771 (Zoho ManageEngine ServiceDesk Plus versions 13010 and prior 
are vulner ...)
-       TODO: check
+       NOT-FOR-US: Zoho ManageEngine
 CVE-2022-40770 (Zoho ManageEngine ServiceDesk Plus versions 13010 and prior 
are vulner ...)
        NOT-FOR-US: Zoho ManageEngine
 CVE-2022-40769 (profanity through 1.60 has only four billion possible RNG 
initializati ...)
@@ -23415,11 +23415,11 @@ CVE-2022-38150 (In Varnish Cache 7.0.0, 7.0.1, 7.0.2, 
and 7.1.0, it is possible
        NOTE: Fixed by: 
https://github.com/varnishcache/varnish-cache/commit/c5fd097e5cce8b461c6443af02b3448baef2491d
 (master)
        NOTE: Fixed by: 
https://github.com/varnishcache/varnish-cache/commit/19544fdc6649bd294f25314d9f609b4979b1fe48
 (varnish-7.1.1)
 CVE-2022-38115 (Insecure method vulnerability in which allowed HTTP methods 
are disclo ...)
-       TODO: check
+       NOT-FOR-US: Solarwinds
 CVE-2022-38114 (This vulnerability occurs when a web server fails to correctly 
process ...)
-       TODO: check
+       NOT-FOR-US: Solarwinds
 CVE-2022-38113 (This vulnerability discloses build and services versions in 
the server ...)
-       TODO: check
+       NOT-FOR-US: Solarwinds
 CVE-2022-38112
        RESERVED
 CVE-2022-38111
@@ -25035,9 +25035,9 @@ CVE-2022-37434 (zlib through 1.2.12 has a heap-based 
buffer over-read or buffer
 CVE-2022-37431 (** DISPUTED ** A Reflected Cross-site scripting (XSS) issue 
was discov ...)
        NOT-FOR-US: dotCMS
 CVE-2022-37430 (Silverstripe silverstripe/framework through 4.11 allows XSS 
vulnerabil ...)
-       TODO: check
+       NOT-FOR-US: SilverStripe CMS
 CVE-2022-37429 (Silverstripe silverstripe/framework through 4.11 allows XSS 
(issue 1 o ...)
-       TODO: check
+       NOT-FOR-US: SilverStripe CMS
 CVE-2022-37428 (PowerDNS Recursor up to and including 4.5.9, 4.6.2 and 4.7.1, 
when pro ...)
        - pdns-recursor 4.7.2-1
        [bullseye] - pdns-recursor <no-dsa> (Minor issue)
@@ -25057,7 +25057,7 @@ CVE-2022-37423 (Neo4j APOC (Awesome Procedures on 
Cypher) before 4.3.0.7 and 4.x
 CVE-2022-37422 (Payara through 5.2022.2 allows directory traversal without 
authenticat ...)
        NOT-FOR-US: Payara
 CVE-2022-37421 (Silverstripe silverstripe/cms through 4.11.0 allows XSS. ...)
-       TODO: check
+       NOT-FOR-US: SilverStripe CMS
 CVE-2022-37420
        RESERVED
 CVE-2022-37419
@@ -25525,7 +25525,7 @@ CVE-2022-37303
 CVE-2022-37302 (A CWE-119: Improper Restriction of Operations within the 
Bounds of a M ...)
        NOT-FOR-US: EcoStruxure Control Expert
 CVE-2022-37301 (A CWE-191: Integer Underflow (Wrap or Wraparound) 
vulnerability exists ...)
-       TODO: check
+       NOT-FOR-US: Modicon
 CVE-2022-37300 (A CWE-640: Weak Password Recovery Mechanism for Forgotten 
Password vul ...)
        NOT-FOR-US: EcoStruxure Control Expert, EcoStruxure Process Expert, and 
Modicon Controllers M580 and M340
 CVE-2022-2601
@@ -27859,7 +27859,7 @@ CVE-2022-36342
 CVE-2022-36338 (An issue was discovered in Insyde InsydeH2O with kernel 5.0 
through 5. ...)
        NOT-FOR-US: Insyde
 CVE-2022-36337 (An issue was discovered in Insyde InsydeH2O with kernel 5.0 
through 5. ...)
-       TODO: check
+       NOT-FOR-US: Insyde
 CVE-2022-36336 (A link following vulnerability in the scanning function of 
Trend Micro ...)
        NOT-FOR-US: Trend Micro
 CVE-2022-36297
@@ -30059,9 +30059,9 @@ CVE-2022-35503
 CVE-2022-35502
        RESERVED
 CVE-2022-35501 (Stored Cross-site Scripting in Amasty Blog Pro 2.10.4 and 
2.10.4 creat ...)
-       TODO: check
+       NOT-FOR-US: Amasty Blog Pro
 CVE-2022-35500 (Amasty Blog 2.10.3 is vulnerable to Cross Site Scripting (XSS) 
via lea ...)
-       TODO: check
+       NOT-FOR-US: Amasty Blog
 CVE-2022-35499
        RESERVED
 CVE-2022-35498
@@ -79976,7 +79976,7 @@ CVE-2021-43559 (A flaw was found in Moodle in versions 
3.11 to 3.11.3, 3.10 to 3
 CVE-2021-43558 (A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 
3.10.7, ...)
        - moodle <removed>
 CVE-2021-3942 (Certain HP Print products and Digital Sending products may be 
vulnerab ...)
-       TODO: check
+       NOT-FOR-US: HP
 CVE-2021-43557 (The uri-block plugin in Apache APISIX before 2.10.2 uses 
$request_uri  ...)
        NOT-FOR-US: Apache Apisix
 CVE-2021-3941 (In ImfChromaticities.cpp routine RGBtoXYZ(), there are some 
division o ...)
@@ -80858,7 +80858,7 @@ CVE-2021-43260
 CVE-2021-43259
        RESERVED
 CVE-2021-43258 (CartView.php in ChurchInfo 1.3.0 allows attackers to achieve 
remote co ...)
-       TODO: check
+       NOT-FOR-US: ChurchInfo
 CVE-2021-43257 (Lack of Neutralization of Formula Elements in the CSV API of 
MantisBT  ...)
        - mantis <removed>
 CVE-2021-3923
@@ -103316,7 +103316,7 @@ CVE-2021-35286
 CVE-2021-35285
        RESERVED
 CVE-2021-35284 (SQL Injection vulnerability in function get_user in 
login_manager.php  ...)
-       TODO: check
+       NOT-FOR-US: rizalafani cms-php
 CVE-2021-35283 (SQL Injection vulnerability in product_admin.php in atoms183 
CMS 1.0,  ...)
        NOT-FOR-US: atoms183 CMS
 CVE-2021-35282
@@ -164586,29 +164586,29 @@ CVE-2020-23595
 CVE-2020-23594
        RESERVED
 CVE-2020-23593 (A vulnerability in OPTILINK OP-XT71000N Hardware Version: 
V2.2, Firmwa ...)
-       TODO: check
+       NOT-FOR-US: OPTILINK
 CVE-2020-23592 (A vulnerability in OPTILINK OP-XT71000N Hardware Version: V2.2 
, Firmw ...)
-       TODO: check
+       NOT-FOR-US: OPTILINK
 CVE-2020-23591 (A vulnerability in OPTILINK OP-XT71000N Hardware Version: V2.2 
, Firmw ...)
-       TODO: check
+       NOT-FOR-US: OPTILINK
 CVE-2020-23590 (A vulnerability in Optilink OP-XT71000N Hardware version: V2.2 
, Firmw ...)
-       TODO: check
+       NOT-FOR-US: OPTILINK
 CVE-2020-23589 (A vulnerability in OPTILINK OP-XT71000N Hardware Version: V2.2 
, Firmw ...)
-       TODO: check
+       NOT-FOR-US: OPTILINK
 CVE-2020-23588 (A vulnerability in OPTILINK OP-XT71000N Hardware Version: V2.2 
, Firmw ...)
-       TODO: check
+       NOT-FOR-US: OPTILINK
 CVE-2020-23587 (A vulnerability found in the OPTILINK OP-XT71000N Hardware 
Version: V2 ...)
-       TODO: check
+       NOT-FOR-US: OPTILINK
 CVE-2020-23586 (A vulnerability found in OPTILINK OP-XT71000N Hardware 
Version: V2.2 , ...)
-       TODO: check
+       NOT-FOR-US: OPTILINK
 CVE-2020-23585 (A remote attacker can conduct a cross-site request forgery 
(CSRF) atta ...)
-       TODO: check
+       NOT-FOR-US: OPTILINK
 CVE-2020-23584 (Unauthenticated remote code execution in OPTILINK OP-XT71000N, 
Hardwar ...)
-       TODO: check
+       NOT-FOR-US: OPTILINK
 CVE-2020-23583 (OPTILINK OP-XT71000N V2.2 is vulnerable to Remote Code 
Execution. The  ...)
-       TODO: check
+       NOT-FOR-US: OPTILINK
 CVE-2020-23582 (A vulnerability in the "/admin/wlmultipleap.asp" of optilink 
OP-XT7100 ...)
-       TODO: check
+       NOT-FOR-US: OPTILINK
 CVE-2020-23581
        RESERVED
 CVE-2020-23580 (Remote Code Execution vulnerability in PbootCMS 2.0.8 in the 
message b ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/96b89fb17db441f7daf889531808fc6ae90ecc93

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/96b89fb17db441f7daf889531808fc6ae90ecc93
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process some NFUs

Reply via email to