[Git][security-tracker-team/security-tracker][master] Process NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Mon Apr 11 21:56:17 BST 2022



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
5b4dd74a by Salvatore Bonaccorso at 2022-04-11T22:55:51+02:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -945,7 +945,7 @@ CVE-2022-1253 (Heap-based Buffer Overflow in GitHub repository strukturag/libde2
 	NOTE: https://huntr.dev/bounties/1-other-strukturag/libde265/
 	NOTE: https://github.com/strukturag/libde265/commit/8e89fe0e175d2870c39486fdd09250b230ec10b8
 CVE-2022-1252 (Exposure of Private Personal Information to an Unauthorized Actor in G ...)
-	TODO: check
+	NOT-FOR-US: gnuboard5
 CVE-2022-1251
 	RESERVED
 CVE-2022-1250
@@ -5201,7 +5201,7 @@ CVE-2022-27158
 CVE-2022-27157
 	RESERVED
 CVE-2022-27156 (Daylight Studio Fuel CMS 1.5.1 is vulnerable to HTML Injection. ...)
-	TODO: check
+	NOT-FOR-US: Daylight Studio Fuel CMS
 CVE-2022-27155
 	RESERVED
 CVE-2022-27154
@@ -5247,23 +5247,23 @@ CVE-2022-27135
 CVE-2022-27134
 	RESERVED
 CVE-2022-27133 (zbzcms v1.0 was discovered to contain an arbitrary file deletion vulne ...)
-	TODO: check
+	NOT-FOR-US: zbzcms
 CVE-2022-27132
 	RESERVED
 CVE-2022-27131 (An arbitrary file upload vulnerability at /zbzedit/php/zbz.php in zbzc ...)
-	TODO: check
+	NOT-FOR-US: zbzcms
 CVE-2022-27130
 	RESERVED
 CVE-2022-27129 (An arbitrary file upload vulnerability at /admin/ajax.php in zbzcms v1 ...)
-	TODO: check
+	NOT-FOR-US: zbzcms
 CVE-2022-27128 (An incorrect access control issue at /admin/run_ajax.php in zbzcms v1. ...)
-	TODO: check
+	NOT-FOR-US: zbzcms
 CVE-2022-27127 (zbzcms v1.0 was discovered to contain a SQL injection vulnerability vi ...)
-	TODO: check
+	NOT-FOR-US: zbzcms
 CVE-2022-27126 (zbzcms v1.0 was discovered to contain a SQL injection vulnerability vi ...)
-	TODO: check
+	NOT-FOR-US: zbzcms
 CVE-2022-27125 (zbzcms v1.0 was discovered to contain a stored cross-site scripting (X ...)
-	TODO: check
+	NOT-FOR-US: zbzcms
 CVE-2022-27124 (Insurance Management System 1.0 was discovered to contain a SQL inject ...)
 	NOT-FOR-US: Insurance Management System
 CVE-2022-27123 (Employee Performance Evaluation v1.0 was discovered to contain a SQL i ...)
@@ -5283,7 +5283,7 @@ CVE-2022-27117
 CVE-2022-27116
 	RESERVED
 CVE-2022-27115 (In Studio-42 elFinder 2.1.60, there is a vulnerability that causes rem ...)
-	TODO: check
+	NOT-FOR-US: Studio-42 elFinder
 CVE-2022-27114
 	RESERVED
 CVE-2022-27113
@@ -5291,7 +5291,7 @@ CVE-2022-27113
 CVE-2022-27112
 	RESERVED
 CVE-2022-27111 (Jfinal_CMS 5.1.0 allows attackers to use the feedback function to send ...)
-	TODO: check
+	NOT-FOR-US: Jfinal_CMS
 CVE-2022-27110 (OrangeHRM 4.10 is vulnerable to a Host header injection redirect via v ...)
 	- orangehrm <itp> (bug #786622)
 CVE-2022-27109 (OrangeHRM 4.10 suffers from a Referer header injection redirect vulner ...)
@@ -5335,9 +5335,9 @@ CVE-2022-27091
 CVE-2022-27090 (Cscms Music Portal System v4.2 was discovered to contain a redirection ...)
 	NOT-FOR-US: Cscms Music Portal System
 CVE-2022-27089 (In Fujitsu PlugFree Network <= 7.3.0.3, an Unquoted service path in ...)
-	TODO: check
+	NOT-FOR-US: Fujitsu PlugFree Network
 CVE-2022-27088 (Ivanti DSM Remote <= 6.3.1.1862 is vulnerable to an unquoted servic ...)
-	TODO: check
+	NOT-FOR-US: Ivanti
 CVE-2022-27087
 	RESERVED
 CVE-2022-27086



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5b4dd74a9f545cb0dee8d0246c1170ce7db62073

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5b4dd74a9f545cb0dee8d0246c1170ce7db62073
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220411/40e8320c/attachment-0001.htm>


More information about the debian-security-tracker-commits mailing list