[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Mon Aug 22 21:28:15 BST 2022 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
f55ebfc9 by Salvatore Bonaccorso at 2022-08-22T22:25:58+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -75,7 +75,7 @@ CVE-2022-2929
 CVE-2022-2928
 	RESERVED
 CVE-2022-2927 (Weak Password Requirements in GitHub repository notrinos/notrinoserp p ...)
-	TODO: check
+	NOT-FOR-US: NotrinosERP
 CVE-2022-2926
 	RESERVED
 CVE-2022-38647
@@ -675,7 +675,7 @@ CVE-2022-38397
 CVE-2022-2891
 	RESERVED
 CVE-2022-2890 (Cross-site Scripting (XSS) - Stored in GitHub repository yetiforcecomp ...)
-	TODO: check
+	NOT-FOR-US: yetiforcecrm
 CVE-2022-2889 (Use After Free in GitHub repository vim/vim prior to 9.0.0225. ...)
 	- vim 2:9.0.0229-1
 	NOTE: https://huntr.dev/bounties/d1ac9817-825d-49ce-b514-1d5b12b6bdaa
@@ -894,7 +894,7 @@ CVE-2022-2843 (A vulnerability was found in MotoPress Timetable and Event Schedu
 CVE-2022-2842
 	RESERVED
 CVE-2022-2841 (A vulnerability was found in CrowdStrike Falcon 6.31.14505.0/6.42.1561 ...)
-	TODO: check
+	NOT-FOR-US: CrowdStrike Falcon
 CVE-2022-2840
 	RESERVED
 CVE-2022-2839
@@ -4006,9 +4006,9 @@ CVE-2022-37136
 CVE-2022-37135
 	RESERVED
 CVE-2022-37134 (D-link DIR-816 A2_v1.10CNB04.img is vulnerable to Buffer Overflow via  ...)
-	TODO: check
+	NOT-FOR-US: D-link
 CVE-2022-37133 (D-link DIR-816 A2_v1.10CNB04.img reboots the router without authentica ...)
-	TODO: check
+	NOT-FOR-US: D-link
 CVE-2022-37132
 	RESERVED
 CVE-2022-37131
@@ -5785,7 +5785,7 @@ CVE-2022-36371
 CVE-2022-36357
 	RESERVED
 CVE-2022-36346 (Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in Max Foun ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-36344 (An unquoted search path vulnerability exists in 'JustSystems JUST Onli ...)
 	NOT-FOR-US: JustSystems
 CVE-2022-36343 (Authenticated (author or higher user role) Stored Cross-Site Scripting ...)
@@ -5811,7 +5811,7 @@ CVE-2022-34868
 CVE-2022-34867
 	RESERVED
 CVE-2022-34857 (Reflected Cross-Site Scripting (XSS) vulnerability in smartypants SP P ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-34658
 	RESERVED
 CVE-2022-34656
@@ -7672,11 +7672,11 @@ CVE-2022-35658
 CVE-2022-35657
 	RESERVED
 CVE-2022-35656 (Pega Platform from 8.3 to 8.7.3 vulnerability may allow authenticated  ...)
-	TODO: check
+	NOT-FOR-US: Pega Platform
 CVE-2022-35655 (Pega Platform from 7.3 to 8.7.3 is affected by an XSS issue due to a m ...)
-	TODO: check
+	NOT-FOR-US: Pega Platform
 CVE-2022-35654 (Pega Platform from 8.5.4 to 8.7.3 is affected by an XSS issue with an  ...)
-	TODO: check
+	NOT-FOR-US: Pega Platform
 CVE-2022-35653 (A reflected XSS issue was identified in the LTI module of Moodle. The  ...)
 	- moodle <removed>
 CVE-2022-35652 (An open redirect issue was found in Moodle due to improper sanitizatio ...)
@@ -8920,7 +8920,7 @@ CVE-2022-35152
 CVE-2022-35151 (kkFileView v4.1.0 was discovered to contain multiple cross-site script ...)
 	NOT-FOR-US: kkFileview
 CVE-2022-35150 (Baijicms v4 was discovered to contain an arbitrary file upload vulnera ...)
-	TODO: check
+	NOT-FOR-US: Baijicms
 CVE-2022-35149
 	RESERVED
 CVE-2022-35148 (maccms10 v2021.1000.1081 to v2022.1000.3031 was discovered to contain  ...)
@@ -9645,7 +9645,7 @@ CVE-2022-34871 (This vulnerability allows remote attackers to escalate privilege
 CVE-2022-34870
 	RESERVED
 CVE-2022-34858 (Authentication Bypass vulnerability in miniOrange OAuth 2.0 client for ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-34853 (Multiple Authenticated (contributor or higher user role) Persistent Cr ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-34847
@@ -9665,11 +9665,11 @@ CVE-2022-34650 (Multiple Authenticated (contributor or higher user role) Stored
 CVE-2022-34487 (Unauthenticated Arbitrary Option Update vulnerability in biplob018's S ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-34347 (Cross-Site Request Forgery (CSRF) vulnerability in W3 Eden Download Ma ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-34155
 	RESERVED
 CVE-2022-34149 (Authentication Bypass vulnerability in miniOrange WP OAuth Server plug ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-34148
 	RESERVED
 CVE-2022-33974
@@ -9683,7 +9683,7 @@ CVE-2022-33960 (Multiple Authenticated (subscriber or higher user role) SQL Inje
 CVE-2022-33901 (Unauthenticated Arbitrary File Read vulnerability in MultiSafepay plug ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-33900 (PHP Object Injection vulnerability in Easy Digital Downloads plugin &l ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-33198 (Unauthenticated WordPress Options Change vulnerability in Biplob Adhik ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-33191 (Authenticated (contributor or higher user role) Stored Cross-Site Scri ...)
@@ -12372,7 +12372,7 @@ CVE-2022-33934
 CVE-2022-33933
 	RESERVED
 CVE-2022-33932 (Dell PowerScale OneFS, versions 9.0.0 up to and including 9.1.0.19, 9. ...)
-	TODO: check
+	NOT-FOR-US: Dell
 CVE-2022-33931 (Dell Wyse Management Suite 3.6.1 and below contains an Improper Access ...)
 	NOT-FOR-US: Dell Wyse Management Suite
 CVE-2022-33930 (Dell Wyse Management Suite 3.6.1 and below contains Information Disclo ...)
@@ -15767,7 +15767,7 @@ CVE-2022-32482
 CVE-2022-32481 (Dell PowerProtect Cyber Recovery, versions prior to 19.11, contain a p ...)
 	NOT-FOR-US: Dell
 CVE-2022-32480 (Dell PowerScale OneFS, versions 9.0.0, up to and including 9.1.0.19, 9 ...)
-	TODO: check
+	NOT-FOR-US: Dell
 CVE-2022-32479
 	RESERVED
 CVE-2022-32478
@@ -19440,9 +19440,9 @@ CVE-2020-36522
 CVE-2022-31239
 	RESERVED
 CVE-2022-31238 (Dell PowerScale OneFS, versions 9.0.0 up to and including 9.1.0.19, 9. ...)
-	TODO: check
+	NOT-FOR-US: Dell
 CVE-2022-31237 (Dell PowerScale OneFS, versions 9.2.0 up to and including 9.2.1.12 and ...)
-	TODO: check
+	NOT-FOR-US: Dell
 CVE-2022-31236
 	RESERVED
 CVE-2022-31235
@@ -25679,7 +25679,7 @@ CVE-2022-1341 (An issue was discovered in in bwm-ng v0.6.2. An arbitrary null wr
 	NOTE: https://github.com/vgropp/bwm-ng/commit/9774f23bf78a6e6d3ae4cfe3d73bad34f2fdcd17
 	NOTE: No security impact
 CVE-2022-1340 (Cross-site Scripting (XSS) - Stored in GitHub repository yetiforcecomp ...)
-	TODO: check
+	NOT-FOR-US: yetiforcecrm
 CVE-2022-1339 (SQL injection in ElementController.php in GitHub repository pimcore/pi ...)
 	NOT-FOR-US: pimcore
 CVE-2022-1338 (The Easily Generate Rest API Url WordPress plugin through 1.0.0 does n ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f55ebfc9d9f2923049207a1e7e1d9119b3dcd9fc

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f55ebfc9d9f2923049207a1e7e1d9119b3dcd9fc
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220822/920dfd15/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list