[Git][security-tracker-team/security-tracker][master] Process some NFUs

Fri Aug 26 08:00:38 BST 2022


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
68a5a3b6 by Salvatore Bonaccorso at 2022-08-26T09:00:12+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -832,11 +832,11 @@ CVE-2022-38466
 CVE-2022-38465
 	RESERVED
 CVE-2022-38089 (Stored cross-site scripting vulnerability in Exment ((PHP8) exceedone/ ...)
-	TODO: check
+	NOT-FOR-US: Exment
 CVE-2022-38080 (Reflected cross-site scripting vulnerability in Exment ((PHP8) exceedo ...)
-	TODO: check
+	NOT-FOR-US: Exment
 CVE-2022-37333 (SQL injection vulnerability in the Exment ((PHP8) exceedone/exment v5. ...)
-	TODO: check
+	NOT-FOR-US: Exment
 CVE-2022-2908
 	RESERVED
 CVE-2022-2907
@@ -2348,7 +2348,7 @@ CVE-2022-37955
 CVE-2022-37954
 	RESERVED
 CVE-2022-37953 (An HTTP response splitting vulnerability exists in the AM Gateway Chal ...)
-	TODO: check
+	NOT-FOR-US: GE Gas Power
 CVE-2022-37952 (A reflected cross-site scripting (XSS) vulnerability exists in the iHi ...)
 	NOT-FOR-US: iHistorian Data Display of WorkstationST
 CVE-2022-37951
@@ -9071,7 +9071,7 @@ CVE-2022-35280 (IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 does n
 CVE-2022-35279
 	RESERVED
 CVE-2022-35278 (In Apache ActiveMQ Artemis prior to 2.24.0, an attacker could show mal ...)
-	TODO: check
+	NOT-FOR-US: Apache ActiveMQ Artemis
 CVE-2022-34850
 	RESERVED
 CVE-2022-34845
@@ -10378,19 +10378,19 @@ CVE-2022-34778 (Jenkins TestNG Results Plugin 554.va4a552116332 and earlier rend
 CVE-2022-34777 (Jenkins GitLab Plugin 1.5.34 and earlier does not escape multiple fiel ...)
 	NOT-FOR-US: Jenkins plugin
 CVE-2022-34776 (Tabit - giftcard stealth. Several APIs on the web system display, with ...)
-	TODO: check
+	NOT-FOR-US: Tabit
 CVE-2022-34775 (Tabit - Excessive data exposure. Another endpoint mapped by the tiny u ...)
-	TODO: check
+	NOT-FOR-US: Tabit
 CVE-2022-34774 (Tabit - Arbitrary account modification. One of the endpoints mapped by ...)
-	TODO: check
+	NOT-FOR-US: Tabit
 CVE-2022-34773 (Tabit - HTTP Method manipulation. https://bridge.tabit.cloud/configura ...)
-	TODO: check
+	NOT-FOR-US: Tabit
 CVE-2022-34772 (Tabit - password enumeration. Description: Tabit - password enumeratio ...)
-	TODO: check
+	NOT-FOR-US: Tabit
 CVE-2022-34771 (Tabit - arbitrary SMS send on Tabits behalf. The resend OTP API of tab ...)
-	TODO: check
+	NOT-FOR-US: Tabit
 CVE-2022-34770 (Tabit - sensitive information disclosure. Several APIs on the web syst ...)
-	TODO: check
+	NOT-FOR-US: Tabit
 CVE-2022-34769 (Michlol - rashim web interface Insecure direct object references (IDOR ...)
 	NOT-FOR-US: Michlol
 CVE-2022-34768 (Supersmart.me - Walk Through Performing unauthorized actions on other  ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/68a5a3b6bd7107e71572c2b53313a9b515aab247

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/68a5a3b6bd7107e71572c2b53313a9b515aab247
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220826/cb9700b0/attachment.htm>
