[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Aug 23 21:33:23 BST 2022 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
b127d95c by Salvatore Bonaccorso at 2022-08-23T22:31:48+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -49,7 +49,7 @@ CVE-2022-2967
 CVE-2022-2966
 	RESERVED
 CVE-2022-2965 (Improper Restriction of Rendered UI Layers or Frames in GitHub reposit ...)
-	TODO: check
+	NOT-FOR-US: NotrinosERP
 CVE-2022-2964
 	RESERVED
 CVE-2022-2963
@@ -67,7 +67,7 @@ CVE-2022-2958
 CVE-2022-2957
 	RESERVED
 CVE-2022-2956 (A vulnerability classified as problematic has been found in ConsoleTVs ...)
-	TODO: check
+	NOT-FOR-US: Noxen
 CVE-2022-2955
 	RESERVED
 CVE-2022-2954
@@ -155,11 +155,11 @@ CVE-2022-2947
 CVE-2022-38666
 	RESERVED
 CVE-2022-38665 (Jenkins CollabNet Plugins Plugin 2.0.8 and earlier stores a RabbitMQ p ...)
-	TODO: check
+	NOT-FOR-US: Jenkins CollabNet Plugins Plugin
 CVE-2022-38664 (Jenkins Job Configuration History Plugin 1165.v8cc9fd1f4597 and earlie ...)
-	TODO: check
+	NOT-FOR-US: Jenkins Job Configuration History Plugin
 CVE-2022-38663 (Jenkins Git Plugin 4.11.4 and earlier does not properly mask (i.e., re ...)
-	TODO: check
+	NOT-FOR-US: Jenkins Git Plugin
 CVE-2022-38662
 	RESERVED
 CVE-2022-38661
@@ -1551,7 +1551,7 @@ CVE-2022-2798
 CVE-2022-2797 (A vulnerability classified as critical was found in SourceCodester Stu ...)
 	NOT-FOR-US: SourceCodester Student Information System
 CVE-2022-2796 (Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimco ...)
-	TODO: check
+	NOT-FOR-US: pimcore
 CVE-2022-2795
 	RESERVED
 CVE-2022-38176
@@ -1563,7 +1563,7 @@ CVE-2022-38174
 CVE-2022-38173
 	RESERVED
 CVE-2022-38172 (ServiceNow through San Diego Patch 3 allows XSS via the name field dur ...)
-	TODO: check
+	NOT-FOR-US: ServiceNow
 CVE-2022-38171 (Xpdf prior to version 4.04 contains an integer overflow in the JBIG2 d ...)
 	TODO: check, https://bugzilla.redhat.com/show_bug.cgi?id=2120439, might be N/A for us as using poppler
 CVE-2022-2794
@@ -1870,9 +1870,9 @@ CVE-2022-36425
 CVE-2022-36422
 	RESERVED
 CVE-2022-36405 (Authenticated (contributor+) Stored Cross-Site Scripting (XSS) vulnera ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-36394 (Authenticated (author+) SQL Injection (SQLi) vulnerability in Contest  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-36390
 	RESERVED
 CVE-2022-36387
@@ -1892,11 +1892,11 @@ CVE-2022-36355
 CVE-2022-36352
 	RESERVED
 CVE-2022-36347 (Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-36345
 	RESERVED
 CVE-2022-35726 (Broken Authentication vulnerability in yotuwp Video Gallery plugin &lt ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-35725
 	RESERVED
 CVE-2022-35277
@@ -1904,9 +1904,9 @@ CVE-2022-35277
 CVE-2022-35275
 	RESERVED
 CVE-2022-35242 (Unauthenticated plugin settings change vulnerability in 59sec THE Lead ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-35235 (Authenticated (admin+) Arbitrary File Read vulnerability in XplodedThe ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-31474
 	RESERVED
 CVE-2022-29476 (Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability in 8 D ...)
@@ -3383,7 +3383,7 @@ CVE-2022-37399
 CVE-2022-37398 (A stack-based buffer overflow vulnerability was found inside ADM when  ...)
 	NOT-FOR-US: ASUSTOR Data Master (ADM)
 CVE-2022-36350 (Stored cross-site scripting vulnerability in PukiWiki versions 1.3.1 t ...)
-	TODO: check
+	NOT-FOR-US: PukiWiki
 CVE-2022-2667 (A vulnerability was found in SourceCodester Loan Management System and ...)
 	NOT-FOR-US: SourceCodester
 CVE-2022-2666
@@ -3995,7 +3995,7 @@ CVE-2022-37225
 CVE-2022-37224
 	RESERVED
 CVE-2022-37223 (JFinal CMS 5.1.0 is vulnerable to SQL Injection via /jfinal_cms/system ...)
-	TODO: check
+	NOT-FOR-US: JFinal CMS
 CVE-2022-37222
 	RESERVED
 CVE-2022-37221
@@ -4043,7 +4043,7 @@ CVE-2022-37201
 CVE-2022-37200
 	RESERVED
 CVE-2022-37199 (JFinal CMS 5.1.0 is vulnerable to SQL Injection via /jfinal_cms/system ...)
-	TODO: check
+	NOT-FOR-US: JFinal CMS
 CVE-2022-37198
 	RESERVED
 CVE-2022-37197
@@ -4215,11 +4215,11 @@ CVE-2022-37115
 CVE-2022-37114
 	RESERVED
 CVE-2022-37113 (Bluecms 1.6 has SQL injection in line 132 of admin/area.php ...)
-	TODO: check
+	NOT-FOR-US: Bluecms
 CVE-2022-37112 (BlueCMS 1.6 has SQL injection in line 55 of admin/model.php ...)
-	TODO: check
+	NOT-FOR-US: Bluecms
 CVE-2022-37111 (BlueCMS 1.6 has SQL injection in line 132 of admin/article.php ...)
-	TODO: check
+	NOT-FOR-US: Bluecms
 CVE-2022-37110
 	RESERVED
 CVE-2022-37109
@@ -5938,11 +5938,11 @@ CVE-2018-25045 (Django REST framework (aka django-rest-framework) before 3.9.1 a
 CVE-2022-36407
 	RESERVED
 CVE-2022-36389 (Cross-Site Request Forgery (CSRF) vulnerability in WordPlus Better Mes ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-36386
 	RESERVED
 CVE-2022-36379 (Cross-Site Request Forgery (CSRF) leading to plugin settings update in ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-36378 (Authenticated (author or higher user role) Stored Cross-Site Scripting ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-36375 (Authenticated (high role user) WordPress Options Change vulnerability  ...)
@@ -5958,33 +5958,33 @@ CVE-2022-36344 (An unquoted search path vulnerability exists in 'JustSystems JUS
 CVE-2022-36343 (Authenticated (author or higher user role) Stored Cross-Site Scripting ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-36341 (Authenticated (subscriber+) plugin settings change leading to Stored C ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-36296 (Broken Authentication vulnerability in JumpDEMAND Inc. ActiveDEMAND pl ...)
 	NOT-FOR-US: JumpDEMAND
 CVE-2022-36292 (Cross-Site Request Forgery (CSRF) vulnerabilities in WPChill Gallery P ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-36288 (Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in W3 Eden  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-36285 (Authenticated Arbitrary File Upload vulnerability in dmitrylitvinov Up ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-36284 (Authenticated IDOR vulnerability in StoreApps Affiliate For WooCommerc ...)
 	NOT-FOR-US: WooCommerce addon
 CVE-2022-36282 (Authenticated (editor+) Stored Cross-Site Scripting (XSS) vulnerabilit ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-35882 (Authenticated (author or higher user role) Stored Cross-Site Scripting ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-34868 (Authenticated Arbitrary Settings Update vulnerability in YooMoney &#10 ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-34867
 	RESERVED
 CVE-2022-34857 (Reflected Cross-Site Scripting (XSS) vulnerability in smartypants SP P ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-34658 (Multiple Authenticated (contributor+) Persistent Cross-Site Scripting  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-34656
 	RESERVED
 CVE-2022-34648 (Authenticated (author+) Stored Cross-Site Scripting (XSS) vulnerabilit ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-34344
 	RESERVED
 CVE-2022-34154 (Authenticated (author or higher user role) Arbitrary File Upload vulne ...)
@@ -5998,7 +5998,7 @@ CVE-2022-33943 (Authenticated (contributor or higher user role) Cross-Site Scrip
 CVE-2022-33201 (Cross-Site Request Forgery (CSRF) vulnerability in MailerLite –  ...)
 	NOT-FOR-US: MailerLite
 CVE-2022-33142 (Authenticated (subscriber+) Denial Of Service (DoS) vulnerability in W ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-2515
 	RESERVED
 CVE-2022-2514 (The time and filter parameters in Fava prior to v1.22 are vulnerable t ...)
@@ -6430,7 +6430,7 @@ CVE-2022-36263 (StreamLabs Desktop Application 1.9.0 is vulnerable to Incorrect
 CVE-2022-36262 (An issue was discovered in taocms 3.0.2. in the website settings that  ...)
 	NOT-FOR-US: taocms
 CVE-2022-36261 (An arbitrary file deletion vulnerability was discovered in taocms 3.0. ...)
-	TODO: check
+	NOT-FOR-US: taocms
 CVE-2022-36260
 	RESERVED
 CVE-2022-36259
@@ -8981,7 +8981,7 @@ CVE-2022-35205
 CVE-2022-35204 (Vitejs Vite before v2.9.13 was discovered to allow attackers to perfor ...)
 	NOT-FOR-US: Vitejs Vite
 CVE-2022-35203 (An access control issue in TrendNet TV-IP572PI v1.0 allows unauthentic ...)
-	TODO: check
+	NOT-FOR-US: TrendNet TV-IP572PI
 CVE-2022-35202
 	RESERVED
 CVE-2022-35201 (Tenda-AC18 V15.03.05.05 was discovered to contain a remote command exe ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b127d95c2948c56a71ebc05674b8cdc5934b4472

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b127d95c2948c56a71ebc05674b8cdc5934b4472
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220823/0f4e2578/attachment.htm>

More information about the debian-security-tracker-commits mailing list