[Git][security-tracker-team/security-tracker][master] Process NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri Aug 19 21:44:12 BST 2022 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
785731e9 by Salvatore Bonaccorso at 2022-08-19T22:43:46+02:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -3288,7 +3288,7 @@ CVE-2022-37256
 CVE-2022-37255
 	RESERVED
 CVE-2022-37254 (DolphinPHP 1.5.1 is vulnerable to Cross Site Scripting (XSS) via Backg ...)
-	TODO: check
+	NOT-FOR-US: DolphinPHP
 CVE-2022-37253
 	RESERVED
 CVE-2022-37252
@@ -4801,9 +4801,9 @@ CVE-2022-36608
 CVE-2022-36607
 	RESERVED
 CVE-2022-36606 (Ywoa before v6.1 was discovered to contain a SQL injection vulnerabili ...)
-	TODO: check
+	NOT-FOR-US: Ywoa
 CVE-2022-36605 (Yimioa v6.1 was discovered to contain a SQL injection vulnerability vi ...)
-	TODO: check
+	NOT-FOR-US: Yimioa
 CVE-2022-36604
 	RESERVED
 CVE-2022-36603
@@ -4855,11 +4855,11 @@ CVE-2022-36581
 CVE-2022-36580
 	RESERVED
 CVE-2022-36579 (Wellcms 2.2.0 is vulnerable to Cross Site Request Forgery (CSRF). ...)
-	TODO: check
+	NOT-FOR-US: Wellcms
 CVE-2022-36578 (jizhicms v2.3.1 has SQL injection in the background. ...)
-	TODO: check
+	NOT-FOR-US: jizhicms
 CVE-2022-36577 (An issue was discovered in jizhicms v2.3.1. There is a CSRF vulnerabil ...)
-	TODO: check
+	NOT-FOR-US: jizhicms
 CVE-2022-36576
 	RESERVED
 CVE-2022-36575
@@ -5777,7 +5777,7 @@ CVE-2022-36265 (In Airspan AirSpot 5410 version 0.3.4.1-4 and under there exists
 CVE-2022-36264 (In Airspan AirSpot 5410 version 0.3.4.1-4 and under there exists an Un ...)
 	NOT-FOR-US: Airspan AirSpot
 CVE-2022-36263 (StreamLabs Desktop Application 1.9.0 is vulnerable to Incorrect Access ...)
-	TODO: check
+	NOT-FOR-US: StreamLabs Desktop Application
 CVE-2022-36262 (An issue was discovered in taocms 3.0.2. in the website settings that  ...)
 	NOT-FOR-US: taocms
 CVE-2022-36261
@@ -5853,9 +5853,9 @@ CVE-2022-36227
 CVE-2022-36226
 	RESERVED
 CVE-2022-36225 (EyouCMS V1.5.8-UTF8-SP1 is vulnerable to Cross Site Request Forgery (C ...)
-	TODO: check
+	NOT-FOR-US: Eyoucms
 CVE-2022-36224 (XunRuiCMS V4.5.6 is vulnerable to Cross Site Request Forgery (CSRF). ...)
-	TODO: check
+	NOT-FOR-US: XunRuiCMS
 CVE-2022-36223
 	RESERVED
 CVE-2022-36222
@@ -6554,9 +6554,9 @@ CVE-2022-35912 (In grails-databinding in Grails before 3.3.15, 4.x before 4.1.1,
 CVE-2022-35911 (** DISPUTED ** On Patlite NH-FB series devices through 1.46, remote at ...)
 	NOT-FOR-US: Patlite NH-FB
 CVE-2022-35910 (In Jellyfin before 10.8, stored XSS allows theft of an admin access to ...)
-	TODO: check
+	NOT-FOR-US: Jellyfin
 CVE-2022-35909 (In Jellyfin before 10.8, the /users endpoint has incorrect access cont ...)
-	TODO: check
+	NOT-FOR-US: Jellyfin
 CVE-2022-35908
 	RESERVED
 CVE-2022-35907
@@ -13512,9 +13512,9 @@ CVE-2022-2077
 CVE-2022-2076
 	REJECTED
 CVE-2022-2075 (In affected versions of Octopus Deploy it is possible to perform a Reg ...)
-	TODO: check
+	NOT-FOR-US: Octopus Deploy
 CVE-2022-2074 (In affected versions of Octopus Deploy it is possible to perform a Reg ...)
-	TODO: check
+	NOT-FOR-US: Octopus Deploy
 CVE-2022-2073 (Code Injection in GitHub repository getgrav/grav prior to 1.7.34. ...)
 	NOT-FOR-US: Grav CMS
 CVE-2021-46821
@@ -14504,7 +14504,7 @@ CVE-2022-28712
 CVE-2022-26842
 	RESERVED
 CVE-2022-2049 (In affected versions of Octopus Deploy it is possible to perform a Reg ...)
-	TODO: check
+	NOT-FOR-US: Octopus Deploy
 CVE-2022-2048 (In Eclipse Jetty HTTP/2 server implementation, when encountering an in ...)
 	{DSA-5198-1}
 	- jetty9 9.4.48-1
@@ -17376,7 +17376,7 @@ CVE-2022-1902
 	RESERVED
 	NOT-FOR-US: StackRox Kubernetes Security Platform
 CVE-2022-1901 (In affected versions of Octopus Deploy it is possible to unmask sensit ...)
-	TODO: check
+	NOT-FOR-US: Octopus Deploy
 CVE-2022-1900 (The Copify plugin for WordPress is vulnerable to Cross-Site Request Fo ...)
 	NOT-FOR-US: Copify plugin for WordPress
 CVE-2021-46815
@@ -23360,7 +23360,7 @@ CVE-2022-29806 (ZoneMinder before 1.36.13 allows remote code execution via an in
 	NOTE: https://github.com/ZoneMinder/zoneminder/commit/9fee64b62fbdff5bf5ece1d617f1f53c7b1967cb
 	NOTE: Only supported for trusted users/behind auth, see README.debian.security
 CVE-2022-29805 (A Java Deserialization vulnerability in the Fishbowl Server in Fishbow ...)
-	TODO: check
+	NOT-FOR-US: Fishbowl Inventory
 CVE-2022-29804 (Incorrect conversion of certain invalid paths to valid, absolute paths ...)
 	- golang-1.18 <not-affected> (Only affects Go on Windows)
 	- golang-1.17 <not-affected> (Only affects Go on Windows)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/785731e92ef809e62c50758bb7f3d9ab09c2bbbd

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/785731e92ef809e62c50758bb7f3d9ab09c2bbbd
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220819/f997c045/attachment.htm>

More information about the debian-security-tracker-commits mailing list