[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Sat Apr 16 08:04:20 BST 2022 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
85b47019 by Salvatore Bonaccorso at 2022-04-16T09:03:56+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -25,7 +25,7 @@ CVE-2022-29270
 CVE-2022-29269
 	RESERVED
 CVE-2022-29268 (Bitrix through 7.5.0 allows remote attackers to execute arbitrary code ...)
-	TODO: check
+	NOT-FOR-US: Bitrix
 CVE-2022-29267
 	RESERVED
 CVE-2022-1380
@@ -1092,11 +1092,11 @@ CVE-2022-28872
 CVE-2022-28871
 	RESERVED
 CVE-2022-28870 (A vulnerability affecting F-Secure SAFE browser was discovered. A mali ...)
-	TODO: check
+	NOT-FOR-US: F-Secure
 CVE-2022-28869 (A vulnerability affecting F-Secure SAFE browser was discovered. A mali ...)
-	TODO: check
+	NOT-FOR-US: F-Secure
 CVE-2022-28868 (An Address bar spoofing vulnerability was discovered in Safe Browser f ...)
-	TODO: check
+	NOT-FOR-US: F-Secure
 CVE-2022-28867
 	RESERVED
 CVE-2022-28866
@@ -1770,7 +1770,7 @@ CVE-2022-28610
 CVE-2022-26838
 	RESERVED
 CVE-2022-1231 (XSS via Embedded SVG in SVG Diagram Format in GitHub repository plantu ...)
-	TODO: check
+	NOT-FOR-US: plantuml
 CVE-2022-1230
 	RESERVED
 CVE-2022-1229
@@ -3341,7 +3341,7 @@ CVE-2022-28115 (Online Sports Complex Booking v1.0 was discovered to contain a S
 CVE-2022-28114
 	RESERVED
 CVE-2022-28113 (An issue in upload.csp of FANTEC GmbH MWiD25-DS Firmware v2.000.030 al ...)
-	TODO: check
+	NOT-FOR-US: FANTEC GmbH MWiD25-DS Firmware
 CVE-2022-28112
 	RESERVED
 CVE-2022-28111
@@ -3469,7 +3469,7 @@ CVE-2022-28051
 CVE-2022-28050
 	RESERVED
 CVE-2022-28049 (NGINX NJS 0.7.2 was discovered to contain a NULL pointer dereference v ...)
-	TODO: check
+	NOT-FOR-US: njs
 CVE-2022-28048 (STB v2.27 was discovered to contain an integer shift of invalid size i ...)
 	TODO: check
 CVE-2022-28047
@@ -4860,7 +4860,7 @@ CVE-2022-27476 (A cross-site scripting (XSS) vulnerability at /admin/goods/updat
 CVE-2022-27475 (Cross site scripting (XSS) vulnerability in tramyardg hotel-mgmt-syste ...)
 	NOT-FOR-US: tramyardg hotel-mgmt-system
 CVE-2022-27474 (SuiteCRM v7.11.23 was discovered to allow remote code execution via a  ...)
-	TODO: check
+	NOT-FOR-US: SuiteCRM
 CVE-2022-27473 (SQL injection vulnerability in Topics Searching feature of Roothub 2.6 ...)
 	NOT-FOR-US: Roothub
 CVE-2022-27472 (SQL injection vulnerability in Topics Counting feature of Roothub 2.6. ...)
@@ -5103,15 +5103,15 @@ CVE-2022-27371
 CVE-2022-27370
 	RESERVED
 CVE-2022-27369 (Cscms Music Portal System v4.2 was discovered to contain a SQL injecti ...)
-	TODO: check
+	NOT-FOR-US: Cscms Music Portal System
 CVE-2022-27368 (Cscms Music Portal System v4.2 was discovered to contain a SQL injecti ...)
-	TODO: check
+	NOT-FOR-US: Cscms Music Portal System
 CVE-2022-27367 (Cscms Music Portal System v4.2 was discovered to contain a SQL injecti ...)
-	TODO: check
+	NOT-FOR-US: Cscms Music Portal System
 CVE-2022-27366 (Cscms Music Portal System v4.2 was discovered to contain a blind SQL i ...)
-	TODO: check
+	NOT-FOR-US: Cscms Music Portal System
 CVE-2022-27365 (Cscms Music Portal System v4.2 was discovered to contain a SQL injecti ...)
-	TODO: check
+	NOT-FOR-US: Cscms Music Portal System
 CVE-2022-27364
 	RESERVED
 CVE-2022-27363
@@ -5315,13 +5315,13 @@ CVE-2022-27265
 CVE-2022-27264
 	RESERVED
 CVE-2022-27263 (An arbitrary file upload vulnerability in the file upload module of St ...)
-	TODO: check
+	NOT-FOR-US: Strapi
 CVE-2022-27262 (An arbitrary file upload vulnerability in the file upload module of Sk ...)
 	TODO: check
 CVE-2022-27261 (An arbitrary file write vulnerability in Express-FileUpload v1.3.1 all ...)
 	TODO: check
 CVE-2022-27260 (An arbitrary file upload vulnerability in the file upload component of ...)
-	TODO: check
+	NOT-FOR-US: ButterCMS
 CVE-2022-27259
 	RESERVED
 CVE-2022-27232
@@ -5361,9 +5361,9 @@ CVE-2022-1031 (Use After Free in op_is_set_bp in GitHub repository radareorg/rad
 CVE-2022-27258 (Multiple Cross-Site Scripting (XSS) vulnerabilities in Hubzilla 7.0.3  ...)
 	TODO: check
 CVE-2022-27257 (A PHP Local File Inclusion vulneraility in the default Redbasic theme  ...)
-	TODO: check
+	NOT-FOR-US: Redbasic theme for Hubzilla
 CVE-2022-27256 (A PHP Local File inclusion vulnerability in the Redbasic theme for Hub ...)
-	TODO: check
+	NOT-FOR-US: Redbasic theme for Hubzilla
 CVE-2022-27255
 	RESERVED
 CVE-2022-27254 (The remote keyless system on Honda Civic 2018 vehicles sends the same  ...)
@@ -5399,7 +5399,7 @@ CVE-2022-27243 (An issue was discovered in MISP before 2.4.156. app/View/Users/t
 CVE-2022-27242
 	RESERVED
 CVE-2022-27241 (A vulnerability has been identified in Mendix Applications using Mendi ...)
-	TODO: check
+	NOT-FOR-US: Siemens
 CVE-2022-1027
 	RESERVED
 CVE-2022-1026 (Kyocera multifunction printers running vulnerable versions of Net View ...)
@@ -5563,7 +5563,7 @@ CVE-2022-27220
 CVE-2022-27219
 	RESERVED
 CVE-2022-27194 (A vulnerability has been identified in SIMATIC PCS neo (Administration ...)
-	TODO: check
+	NOT-FOR-US: Siemens
 CVE-2022-0989 (An unprivileged user could use the functionality of the NS WooCommerce ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-0988 (Delta Electronics DIAEnergie (Version 1.7.5 and prior) is vulnerable t ...)
@@ -5876,9 +5876,9 @@ CVE-2022-27160
 CVE-2022-27159
 	RESERVED
 CVE-2022-27158 (pearweb < 1.32 suffers from Deserialization of Untrusted Data. ...)
-	TODO: check
+	NOT-FOR-US: pearweb
 CVE-2022-27157 (pearweb < 1.32 is suffers from a Weak Password Recovery Mechanism v ...)
-	TODO: check
+	NOT-FOR-US: pearweb
 CVE-2022-27156 (Daylight Studio Fuel CMS 1.5.1 is vulnerable to HTML Injection. ...)
 	NOT-FOR-US: Daylight Studio Fuel CMS
 CVE-2022-27155
@@ -6104,7 +6104,7 @@ CVE-2022-27050 (BitComet Service for Windows before version 1.8.6 contains an un
 CVE-2022-27049 (Raidrive before v2021.12.35 allows attackers to arbitrarily move log f ...)
 	NOT-FOR-US: Raidrive
 CVE-2022-27048 (A vulnerability has been discovered in Moxa MGate which allows an atta ...)
-	TODO: check
+	NOT-FOR-US: Moxa
 CVE-2022-27047 (mogu_blog_cms 5.2 suffers from upload arbitrary files without any limi ...)
 	NOT-FOR-US: mogu_blog_cms
 CVE-2022-27046 (libsixel 1.8.6 suffers from a Heap Use After Free vulnerability in in  ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/85b47019e55e4bccb8f95c8e368dca2df066df8d

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/85b47019e55e4bccb8f95c8e368dca2df066df8d
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220416/c7c2cbe5/attachment.htm>

More information about the debian-security-tracker-commits mailing list