[Git][security-tracker-team/security-tracker][master] Process some NFUs

Sat Aug 20 13:08:51 BST 2022


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
3ef73f25 by Salvatore Bonaccorso at 2022-08-20T14:08:18+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -984,17 +984,17 @@ CVE-2022-38171
 CVE-2022-2794
 	RESERVED
 CVE-2022-2793 (Emerson Electric's Proficy Machine Edition Version 9.00 and prior is v ...)
-	TODO: check
+	NOT-FOR-US: Emerson
 CVE-2022-2792 (Emerson Electric's Proficy Machine Edition Version 9.00 and prior is v ...)
-	TODO: check
+	NOT-FOR-US: Emerson
 CVE-2022-2791
 	RESERVED
 CVE-2022-2790 (Emerson Electric's Proficy Machine Edition Version 9.00 and prior is v ...)
-	TODO: check
+	NOT-FOR-US: Emerson
 CVE-2022-2789 (Emerson Electric's Proficy Machine Edition Version 9.00 and prior is v ...)
-	TODO: check
+	NOT-FOR-US: Emerson
 CVE-2022-2788 (Emerson Electric's Proficy Machine Edition Version 9.80 and prior is v ...)
-	TODO: check
+	NOT-FOR-US: Emerson
 CVE-2022-2787
 	RESERVED
 	{DSA-5213-1 DLA-3075-1}
@@ -5923,7 +5923,7 @@ CVE-2022-36222
 CVE-2022-36221
 	RESERVED
 CVE-2022-36220 (Kiosk breakout (without quit password) in Safe Exam Browser (Windows)  ...)
-	TODO: check
+	NOT-FOR-US: Safe Exam Browser
 CVE-2022-36219
 	RESERVED
 CVE-2022-36218
@@ -6366,7 +6366,7 @@ CVE-2022-36033
 CVE-2022-36032
 	RESERVED
 CVE-2022-36031 (Directus is a free and open-source data platform for headless content  ...)
-	TODO: check
+	NOT-FOR-US: Directus
 CVE-2022-36030 (Project-nexus is a general-purpose blog website framework. Affected ve ...)
 	TODO: check
 CVE-2022-36029
@@ -7167,7 +7167,7 @@ CVE-2022-35694
 CVE-2022-35693
 	RESERVED
 CVE-2022-35692 (Adobe Commerce versions 2.4.3-p2 (and earlier), 2.3.7-p3 (and earlier) ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2022-35691
 	RESERVED
 CVE-2022-35690
@@ -9937,13 +9937,13 @@ CVE-2022-34626
 CVE-2022-34625 (Mealie1.0.0beta3 was discovered to contain a Server-Side Template Inje ...)
 	NOT-FOR-US: hay-kot/mealie
 CVE-2022-34624 (Mealie1.0.0beta3 does not terminate download tokens after a user logs  ...)
-	TODO: check
+	NOT-FOR-US: Mealie
 CVE-2022-34623 (Mealie1.0.0beta3 is vulnerable to user enumeration via timing response ...)
-	TODO: check
+	NOT-FOR-US: Mealie
 CVE-2022-34622
 	RESERVED
 CVE-2022-34621 (Mealie 1.0.0beta3 was discovered to contain an Insecure Direct Object  ...)
-	TODO: check
+	NOT-FOR-US: Mealie
 CVE-2022-34620
 	RESERVED
 CVE-2022-34619 (A stored cross-site scripting (XSS) vulnerability in Mealie v0.5.5 all ...)
@@ -9955,7 +9955,7 @@ CVE-2022-34617
 CVE-2022-34616
 	RESERVED
 CVE-2022-34615 (Mealie 1.0.0beta3 employs weak password requirements which allows atta ...)
-	TODO: check
+	NOT-FOR-US: Mealie
 CVE-2022-34614
 	RESERVED
 CVE-2022-34613 (Mealie 1.0.0beta3 contains an arbitrary file upload vulnerability whic ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3ef73f257b154bf2646482d7dd5feffaf7e51c14

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3ef73f257b154bf2646482d7dd5feffaf7e51c14
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220820/59375eda/attachment.htm>
