[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Mon Apr 25 21:38:31 BST 2022 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
7faae5bf by Salvatore Bonaccorso at 2022-04-25T22:38:07+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -43,7 +43,7 @@ CVE-2022-1459 (Non-Privilege User Can View Patient’s Disclosures in GitHub
 CVE-2022-1458 (Stored XSS Leads To Session Hijacking in GitHub repository openemr/ope ...)
 	NOT-FOR-US: OpenEMR
 CVE-2022-1457 (Store XSS in title parameter executing at EditUser Page & EditProd ...)
-	TODO: check
+	NOT-FOR-US: facturascripts
 CVE-2022-1456
 	RESERVED
 CVE-2021-46789
@@ -975,11 +975,11 @@ CVE-2022-29421
 CVE-2022-29420
 	RESERVED
 CVE-2022-29419 (SQL Injection (SQLi) vulnerability in Don Crowther's 3xSocializer plug ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-29418 (Authenticated (admin user role) Persistent Cross-Site Scripting (XSS)  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-29417 (Plugin Settings Update vulnerability in ShortPixel's ShortPixel Adapti ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-29416
 	RESERVED
 CVE-2022-29415
@@ -1854,7 +1854,7 @@ CVE-2022-29080 (The npm-dependency-versions package through 0.3.0 for Node.js al
 CVE-2022-29079
 	RESERVED
 CVE-2022-29078 (The ejs (aka Embedded JavaScript templates) package 3.1.6 for Node.js  ...)
-	TODO: check
+	NOT-FOR-US: ejs Node.js package
 CVE-2022-29077 (A heap-based buffer overflow exists in rippled before 1.8.5. The vulne ...)
 	NOT-FOR-US: XRP rippled
 CVE-2022-29076
@@ -2394,7 +2394,7 @@ CVE-2022-28873
 CVE-2022-28872
 	RESERVED
 CVE-2022-28871 (A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atl ...)
-	TODO: check
+	NOT-FOR-US: F-Secure
 CVE-2022-28870 (A vulnerability affecting F-Secure SAFE browser was discovered. A mali ...)
 	NOT-FOR-US: F-Secure
 CVE-2022-28869 (A vulnerability affecting F-Secure SAFE browser was discovered. A mali ...)
@@ -3186,7 +3186,7 @@ CVE-2022-28588
 CVE-2022-28587
 	RESERVED
 CVE-2022-28586 (XSS in edit page of Hoosk 1.8.0 allows attacker to execute javascript  ...)
-	TODO: check
+	NOT-FOR-US: Hoosk
 CVE-2022-28585
 	RESERVED
 CVE-2022-28584
@@ -3872,7 +3872,7 @@ CVE-2022-28292
 CVE-2022-28291
 	RESERVED
 CVE-2022-28290 (Reflective Cross-Site Scripting vulnerability in WordPress Country Sel ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-28289
 	RESERVED
 	{DSA-5118-1 DSA-5113-1 DLA-2978-1 DLA-2971-1}
@@ -4724,9 +4724,9 @@ CVE-2022-28096
 CVE-2022-28095
 	RESERVED
 CVE-2022-28094 (SCBS Online Sports Venue Reservation System v1.0 was discovered to con ...)
-	TODO: check
+	NOT-FOR-US: SCBS Online Sports Venue Reservation System
 CVE-2022-28093 (SCBS Online Sports Venue Reservation System v1.0 was discovered to con ...)
-	TODO: check
+	NOT-FOR-US: SCBS Online Sports Venue Reservation System
 CVE-2022-28092
 	RESERVED
 CVE-2022-28091
@@ -4806,7 +4806,7 @@ CVE-2022-28055
 CVE-2022-28054
 	RESERVED
 CVE-2022-28053 (Typemill v1.5.3 was discovered to contain an arbitrary file upload vul ...)
-	TODO: check
+	NOT-FOR-US: Typemill
 CVE-2022-28052 (Directory Traversal vulnerability in file cn/roothub/store/FileSystemS ...)
 	NOT-FOR-US: Roothub
 CVE-2022-28051
@@ -6355,9 +6355,9 @@ CVE-2022-27431
 CVE-2022-27430
 	RESERVED
 CVE-2022-27429 (Jizhicms v1.9.5 was discovered to contain a Server-Side Request Forger ...)
-	TODO: check
+	NOT-FOR-US: Jizhicms
 CVE-2022-27428 (A stored cross-site scripting (XSS) vulnerability in /index.php/album/ ...)
-	TODO: check
+	NOT-FOR-US: GalleryCMS
 CVE-2022-27427 (A zero-code remote code injection vulnerability via configuration.php  ...)
 	NOT-FOR-US: Chamilo LMS
 CVE-2022-27426 (A Server-Side Request Forgery (SSRF) in Chamilo LMS v1.11.13 allows at ...)
@@ -6666,7 +6666,7 @@ CVE-2022-27313
 CVE-2022-27312
 	RESERVED
 CVE-2022-27311 (Gibbon v3.4.4 and below allows attackers to execute a Server-Side Requ ...)
-	TODO: check
+	NOT-FOR-US: Gibbon
 CVE-2022-27310
 	RESERVED
 CVE-2022-27309
@@ -8687,9 +8687,9 @@ CVE-2022-26599
 CVE-2022-26598
 	RESERVED
 CVE-2022-26597 (Cross-site scripting (XSS) vulnerability in the Layout module's Open G ...)
-	TODO: check
+	NOT-FOR-US: Liferay
 CVE-2022-26596 (Cross-site scripting (XSS) vulnerability in Journal module's web conte ...)
-	TODO: check
+	NOT-FOR-US: Liferay
 CVE-2022-26595 (Liferay Portal 7.3.7, 7.4.0, and 7.4.1, and Liferay DXP 7.2 fix pack 1 ...)
 	NOT-FOR-US: Liferay
 CVE-2022-26594 (Multiple cross-site scripting (XSS) vulnerabilities in Liferay Portal  ...)
@@ -23614,19 +23614,19 @@ CVE-2021-45844 (Improper sanitization in the invocation of ODA File Converter fr
 CVE-2021-45843 (glFusion CMS v1.7.9 is affected by a reflected Cross Site Scripting (X ...)
 	NOT-FOR-US: glFusion CMS
 CVE-2021-45842 (It is possible to obtain the first administrator's hash set up in Terr ...)
-	TODO: check
+	NOT-FOR-US: Terramaster
 CVE-2021-45841 (In Terramaster F4-210, F2-210 TOS 4.2.X (4.2.15-2107141517), an attack ...)
-	TODO: check
+	NOT-FOR-US: Terramaster
 CVE-2021-45840 (It is possible to execute arbitrary commands as root in Terramaster F4 ...)
-	TODO: check
+	NOT-FOR-US: Terramaster
 CVE-2021-45839 (It is possible to obtain the first administrator's hash set up on the  ...)
-	TODO: check
+	NOT-FOR-US: Terramaster
 CVE-2021-45838
 	RESERVED
 CVE-2021-45837 (It is possible to execute arbitrary commands as root in Terramaster F4 ...)
-	TODO: check
+	NOT-FOR-US: Terramaster
 CVE-2021-45836 (An authenticated attacker can execute arbitrary commands as root in Te ...)
-	TODO: check
+	NOT-FOR-US: Terramaster
 CVE-2021-45835 (The Online Admission System 1.0 allows an unauthenticated attacker to  ...)
 	NOT-FOR-US: Online Admission System
 CVE-2021-45834 (An attacker can upload or transfer files of dangerous types to the Ope ...)
@@ -52243,7 +52243,7 @@ CVE-2021-36462
 CVE-2021-36461
 	RESERVED
 CVE-2021-36460 (VeryFitPro (com.veryfit2hr.second) 3.2.8 hashes the account's password ...)
-	TODO: check
+	NOT-FOR-US: VeryFitPro
 CVE-2021-36459
 	RESERVED
 CVE-2021-36458



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7faae5bf6ae241dd37ca74453f5e445fb21a2074

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7faae5bf6ae241dd37ca74453f5e445fb21a2074
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220425/64649da3/attachment.htm>

More information about the debian-security-tracker-commits mailing list