[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed Apr 27 09:15:50 BST 2022 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
9a72bc74 by Salvatore Bonaccorso at 2022-04-27T10:15:21+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -2460,7 +2460,7 @@ CVE-2022-28920
 CVE-2022-28919
 	RESERVED
 CVE-2022-28918 (GreenCMS v2.3.0603 was discovered to contain an arbitrary file deletio ...)
-	TODO: check
+	NOT-FOR-US: GreenCMS
 CVE-2022-28917
 	RESERVED
 CVE-2022-28916
@@ -3485,21 +3485,21 @@ CVE-2022-28530
 CVE-2022-28529
 	RESERVED
 CVE-2022-28528 (bloofoxCMS v0.5.2.1 was discovered to contain an arbitrary file upload ...)
-	TODO: check
+	NOT-FOR-US: bloofoxCMS
 CVE-2022-28527 (dhcms v20170919 was discovered to contain an arbitrary folder deletion ...)
-	TODO: check
+	NOT-FOR-US: dhcms
 CVE-2022-28526
 	RESERVED
 CVE-2022-28525 (ED01-CMS v20180505 was discovered to contain an arbitrary file upload  ...)
-	TODO: check
+	NOT-FOR-US: ED01-CMS
 CVE-2022-28524 (ED01-CMS v20180505 was discovered to contain a SQL injection vulnerabi ...)
-	TODO: check
+	NOT-FOR-US: ED01-CMS
 CVE-2022-28523 (HongCMS 3.0.0 allows arbitrary file deletion via the component /admin/ ...)
-	TODO: check
+	NOT-FOR-US: HongCMS
 CVE-2022-28522 (ZCMS v20170206 was discovered to contain a stored cross-site scripting ...)
-	TODO: check
+	NOT-FOR-US: ZCMS
 CVE-2022-28521 (ZCMS v20170206 was discovered to contain a file inclusion vulnerabilit ...)
-	TODO: check
+	NOT-FOR-US: ZCMS
 CVE-2022-28520
 	RESERVED
 CVE-2022-28519
@@ -3642,11 +3642,11 @@ CVE-2022-28452
 CVE-2022-28451
 	RESERVED
 CVE-2022-28450 (nopCommerce 4.50.1 is vulnerable to Cross Site Scripting (XSS) via the ...)
-	TODO: check
+	NOT-FOR-US: nopCommerce
 CVE-2022-28449 (nopCommerce 4.50.1 is vulnerable to Cross Site Scripting (XSS). At App ...)
-	TODO: check
+	NOT-FOR-US: nopCommerce
 CVE-2022-28448 (nopCommerce 4.50.1 is vulnerable to Cross Site Scripting (XSS). An att ...)
-	TODO: check
+	NOT-FOR-US: nopCommerce
 CVE-2022-28447
 	RESERVED
 CVE-2022-28446
@@ -4978,9 +4978,9 @@ CVE-2022-28061
 CVE-2022-28060
 	RESERVED
 CVE-2022-28059 (Verydows v2.0 was discovered to contain an arbitrary file deletion vul ...)
-	TODO: check
+	NOT-FOR-US: Verydows
 CVE-2022-28058 (Verydows v2.0 was discovered to contain an arbitrary file deletion vul ...)
-	TODO: check
+	NOT-FOR-US: Verydows
 CVE-2022-28057
 	RESERVED
 CVE-2022-28056
@@ -5372,7 +5372,7 @@ CVE-2022-27890
 CVE-2022-27889
 	RESERVED
 CVE-2022-27888 (Foundry Issues service versions 2.244.0 to 2.249.0 was found to be log ...)
-	TODO: check
+	NOT-FOR-US: Foundry Issues service
 CVE-2022-1102
 	RESERVED
 CVE-2022-1101
@@ -13676,7 +13676,7 @@ CVE-2022-24882 (FreeRDP is a free implementation of the Remote Desktop Protocol
 	NOTE: https://gitlab.gnome.org/GNOME/gnome-remote-desktop/-/issues/95
 	NOTE: Pull request for stable 2.0 branch: https://github.com/FreeRDP/FreeRDP/pull/7750
 CVE-2022-24881 (Ballcat Codegen provides the function of online editing code to genera ...)
-	TODO: check
+	NOT-FOR-US: Ballcat Codegen
 CVE-2022-24880 (flask-session-captcha is a package which allows users to extend Flask  ...)
 	NOT-FOR-US: flask-session-captcha
 CVE-2022-24879
@@ -13709,7 +13709,7 @@ CVE-2022-24867 (GLPI is a Free Asset and IT Management Software package, that pr
 	- glpi <removed> (unimportant)
 	NOTE: Only supported behind an authenticated HTTP zone
 CVE-2022-24866 (Discourse Assign is a plugin for assigning users to a topic in Discour ...)
-	TODO: check
+	NOT-FOR-US: Discourse
 CVE-2022-24865 (HumHub is an Open Source Enterprise Social Network. In affected versio ...)
 	NOT-FOR-US: HumHub
 CVE-2022-24864 (Origin Protocol is a blockchain based project. The Origin Protocol pro ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9a72bc74062a5620d876cdf0a08b20dc2a990d94

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9a72bc74062a5620d876cdf0a08b20dc2a990d94
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220427/1409375f/attachment.htm>

More information about the debian-security-tracker-commits mailing list