[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Aug 16 21:20:14 BST 2022 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
b849cf6c by Salvatore Bonaccorso at 2022-08-16T22:19:49+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -464,17 +464,17 @@ CVE-2022-38196
 CVE-2022-38195
 	RESERVED
 CVE-2022-38194 (In Esri Portal for ArcGIS versions 10.8.1, a system property is not pr ...)
-	TODO: check
+	NOT-FOR-US: Esri Portal for ArcGIS
 CVE-2022-38193 (There is a code injection vulnerability in Esri Portal for ArcGIS vers ...)
-	TODO: check
+	NOT-FOR-US: Esri Portal for ArcGIS
 CVE-2022-38192 (A stored Cross Site Scripting (XSS) vulnerability in Esri Portal for A ...)
-	TODO: check
+	NOT-FOR-US: Esri Portal for ArcGIS
 CVE-2022-38191 (There is an HTML injection issue in Esri Portal for ArcGIS versions 10 ...)
 	NOT-FOR-US: Esri Portal for ArcGIS
 CVE-2022-38190 (A stored Cross Site Scripting (XSS) vulnerability in Esri Portal for A ...)
 	NOT-FOR-US: Esri Portal for ArcGIS
 CVE-2022-38189 (A stored Cross Site Scripting (XSS) vulnerability in Esri Portal for A ...)
-	TODO: check
+	NOT-FOR-US: Esri Portal for ArcGIS
 CVE-2022-38188 (There is a reflected XSS vulnerability in Esri Portal for ArcGIS versi ...)
 	NOT-FOR-US: Esri Portal for ArcGIS
 CVE-2022-38187 (Prior to version 10.9.0, the sharing/rest/content/features/analyze end ...)
@@ -484,7 +484,7 @@ CVE-2022-38186 (There is a reflected XSS vulnerability in Esri Portal for ArcGIS
 CVE-2022-38185
 	RESERVED
 CVE-2022-38184 (There is an improper access control vulnerability in Portal for ArcGIS ...)
-	TODO: check
+	NOT-FOR-US: Esri Portal for ArcGIS
 CVE-2022-38183 (In Gitea before 1.16.9, it was possible for users to add existing issu ...)
 	- gitea <removed>
 CVE-2022-38182
@@ -4420,7 +4420,7 @@ CVE-2022-36601
 CVE-2022-36600
 	RESERVED
 CVE-2022-36599 (Mingsoft MCMS 5.2.8 was discovered to contain a SQL injection vulnerab ...)
-	TODO: check
+	NOT-FOR-US: Mingsoft MCMS
 CVE-2022-36598
 	RESERVED
 CVE-2022-36597
@@ -4826,9 +4826,9 @@ CVE-2022-2523 (Cross-site Scripting (XSS) - Reflected in GitHub repository beanc
 	NOTE: https://huntr.dev/bounties/2a1802d8-1c2e-4919-96a7-d4dcf7ffcf8f
 	NOTE: https://github.com/beancount/fava/commit/dccfb6a2f4567f35ce2e9a78e24f92ebf946bc9b (v1.22.2)
 CVE-2022-36381 (OS command injection vulnerability in Nintendo Wi-Fi Network Adaptor W ...)
-	TODO: check
+	NOT-FOR-US: Nintendo Wi-Fi Network Adaptor WAP-001
 CVE-2022-36293 (Buffer overflow vulnerability in Nintendo Wi-Fi Network Adaptor WAP-00 ...)
-	TODO: check
+	NOT-FOR-US: Nintendo Wi-Fi Network Adaptor WAP-001
 CVE-2022-35734 ('Hulu / フールー' App for Android from version ...)
 	TODO: check
 CVE-2022-34156 ('Hulu / フールー' App for iOS versions prior t ...)
@@ -5014,7 +5014,7 @@ CVE-2022-36361
 CVE-2022-36360
 	RESERVED
 CVE-2022-35239 (The image file management page of SolarView Compact SV-CPT-MC310 Ver.7 ...)
-	TODO: check
+	NOT-FOR-US: SolarView Compact SV-CPT-MC310
 CVE-2022-2505
 	RESERVED
 	- firefox 103.0-1
@@ -5358,9 +5358,9 @@ CVE-2022-36275
 CVE-2022-36274
 	RESERVED
 CVE-2022-36273 (Tenda AC9 V15.03.2.21_cn is vulnerable to command injection via goform ...)
-	TODO: check
+	NOT-FOR-US: Tenda
 CVE-2022-36272 (Mingsoft MCMS 5.2.8 was discovered to contain a SQL injection vulnerab ...)
-	TODO: check
+	NOT-FOR-US: Mingsoft MCMS
 CVE-2022-36271
 	RESERVED
 CVE-2022-36270 (Clinic's Patient Management System v1.0 has arbitrary code execution v ...)
@@ -5420,7 +5420,7 @@ CVE-2022-36244
 CVE-2022-36243
 	RESERVED
 CVE-2022-36242 (Clinic's Patient Management System v1.0 is vulnerable to SQL Injection ...)
-	TODO: check
+	NOT-FOR-US: Clinic's Patient Management System
 CVE-2022-36241
 	RESERVED
 CVE-2022-36240
@@ -21430,7 +21430,7 @@ CVE-2022-30266
 CVE-2022-30265
 	RESERVED
 CVE-2022-30264 (The Emerson ROC and FloBoss RTU product lines through 2022-05-02 perfo ...)
-	TODO: check
+	NOT-FOR-US: Emerson
 CVE-2022-30263
 	RESERVED
 CVE-2022-30262
@@ -22253,7 +22253,7 @@ CVE-2022-29961
 CVE-2022-29960 (Emerson OpenBSI through 2022-04-29 uses weak cryptography. It is an en ...)
 	NOT-FOR-US: Emerson
 CVE-2022-29959 (Emerson OpenBSI through 2022-04-29 mishandles credential storage. It i ...)
-	TODO: check
+	NOT-FOR-US: Emerson
 CVE-2022-29958 (JTEKT TOYOPUC PLCs through 2022-04-29 do not ensure data integrity. Th ...)
 	NOT-FOR-US: JTEKT TOYOPUC PLCs
 CVE-2022-29957 (The Emerson DeltaV Distributed Control System (DCS) through 2022-04-29 ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b849cf6c767a994cf5c3028ea9bcdb380ef91799

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b849cf6c767a994cf5c3028ea9bcdb380ef91799
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220816/a507a86e/attachment.htm>

More information about the debian-security-tracker-commits mailing list