[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Aug 30 21:40:13 BST 2022



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
f131fcf3 by Salvatore Bonaccorso at 2022-08-30T22:39:50+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1185,7 +1185,7 @@ CVE-2022-38627
 CVE-2022-38626
 	RESERVED
 CVE-2022-38625 (Patlite NH-FB v1.46 and below was discovered to contain insufficient f ...)
-	TODO: check
+	NOT-FOR-US: Patlite NH-FB
 CVE-2022-38624
 	RESERVED
 CVE-2022-38623
@@ -2685,7 +2685,7 @@ CVE-2022-38120
 CVE-2022-38119
 	RESERVED
 CVE-2022-38118 (OAKlouds Portal website’s Meeting Room has insufficient validati ...)
-	TODO: check
+	NOT-FOR-US: OAKlouds
 CVE-2022-38117
 	RESERVED
 CVE-2022-38116 (Le-yan Personnel and Salary Management System has hard-coded database  ...)
@@ -4942,7 +4942,7 @@ CVE-2022-37239 (MDaemon Technologies SecurityGateway for Email Servers 8.5.2 is
 CVE-2022-37238 (MDaemon Technologies SecurityGateway for Email Servers 8.5.2 is vulner ...)
 	NOT-FOR-US: MDaemon
 CVE-2022-37237 (An attacker can send malicious RTMP requests to make the ZLMediaKit se ...)
-	TODO: check
+	NOT-FOR-US: ZLMediaKit
 CVE-2022-37236
 	RESERVED
 CVE-2022-37235
@@ -5118,7 +5118,7 @@ CVE-2022-37151 (There is an unauthorized access vulnerability in Online Diagnost
 CVE-2022-37150 (An issue was discovered in Online Diagnostic Lab Management System 1.0 ...)
 	NOT-FOR-US: Online Diagnostic Lab Management System
 CVE-2022-37149 (WAVLINK WL-WN575A3 RPT75A3.V4300.201217 was discovered to contain a co ...)
-	TODO: check
+	NOT-FOR-US: WAVLINK
 CVE-2022-37148
 	RESERVED
 CVE-2022-37147
@@ -7930,7 +7930,7 @@ CVE-2022-36039
 CVE-2022-36038
 	RESERVED
 CVE-2022-36037 (kirby is a content management system (CMS) that adapts to many differe ...)
-	TODO: check
+	NOT-FOR-US: Kirby CMS
 CVE-2022-36036 (mdx-mermaid provides plug and play access to Mermaid in MDX. There is  ...)
 	TODO: check
 CVE-2022-36035
@@ -9927,7 +9927,7 @@ CVE-2022-32765
 CVE-2022-2331
 	RESERVED
 CVE-2022-2330 (Improper Restriction of XML External Entity Reference vulnerability in ...)
-	TODO: check
+	NOT-FOR-US: DLP Endpoint for Windows
 CVE-2022-2329
 	RESERVED
 CVE-2022-2328 (The Flexi Quote Rotator WordPress plugin through 0.9.4 does not saniti ...)
@@ -15706,7 +15706,7 @@ CVE-2022-32995 (Halo CMS v1.5.3 was discovered to contain a Server-Side Request
 CVE-2022-32994 (Halo CMS v1.5.3 was discovered to contain an arbitrary file upload vul ...)
 	NOT-FOR-US: Halo CMS
 CVE-2022-32993 (TOTOLINK A7000R V4.1cu.4134 was discovered to contain an access contro ...)
-	TODO: check
+	NOT-FOR-US: TOTOLINK
 CVE-2022-32992 (Online Tours And Travels Management System v1.0 was discovered to cont ...)
 	NOT-FOR-US: Online Tours And Travels Management System
 CVE-2022-32991 (Web Based Quiz System v1.0 was discovered to contain a SQL injection v ...)
@@ -16825,7 +16825,7 @@ CVE-2022-2025
 CVE-2017-20051 (A vulnerability was found in InnoSetup Installer. It has been declared ...)
 	NOT-FOR-US: InnoSetup
 CVE-2022-32548 (An issue was discovered on certain DrayTek Vigor routers before July 2 ...)
-	TODO: check
+	NOT-FOR-US: DrayTek Vigor router
 CVE-2022-32547 (In ImageMagick, there is load of misaligned address for type 'double', ...)
 	- imagemagick <unfixed> (bug #1016442)
 	[bullseye] - imagemagick <ignored> (Minor issue)
@@ -31648,7 +31648,7 @@ CVE-2022-27560
 CVE-2022-27559
 	RESERVED
 CVE-2022-27558 (HCL iNotes is susceptible to a Broken Password Strength Checks vulnera ...)
-	TODO: check
+	NOT-FOR-US: HCL
 CVE-2022-27557
 	RESERVED
 CVE-2022-27556
@@ -31670,9 +31670,9 @@ CVE-2022-27549 (HCL Launch may store certain data for recurring activities in a
 CVE-2022-27548 (HCL Launch stores user credentials in plain clear text which can be re ...)
 	NOT-FOR-US: HCL
 CVE-2022-27547 (HCL iNotes is susceptible to a link to non-existent domain vulnerabili ...)
-	TODO: check
+	NOT-FOR-US: HCL
 CVE-2022-27546 (HCL iNotes is susceptible to a Reflected Cross-site Scripting (XSS) vu ...)
-	TODO: check
+	NOT-FOR-US: HCL
 CVE-2022-27545 (BigFix Web Reports authorized users may perform HTML injection for the ...)
 	NOT-FOR-US: BigFix Web Reports
 CVE-2022-27544 (BigFix Web Reports authorized users may see SMTP credentials in clear  ...)
@@ -37045,7 +37045,7 @@ CVE-2022-25643 (seatd-launch in seatd 0.6.x before 0.6.4 allows removing files w
 CVE-2022-25642 (Obyte (formerly Byteball) Wallet before 3.4.1 allows XSS. A crafted ch ...)
 	NOT-FOR-US: Obyte (formerly Byteball) Wallet
 CVE-2022-25641 (Foxit PDF Reader before 11.2.2 and PDF Editor before 11.2.2, and Phant ...)
-	TODO: check
+	NOT-FOR-US: Foxit PDF Reader
 CVE-2022-25640 (In wolfSSL before 5.2.0, a TLS 1.3 server cannot properly enforce a re ...)
 	- wolfssl 5.2.0-1
 	[bullseye] - wolfssl 4.6.0+p1-0+deb11u1
@@ -46410,7 +46410,7 @@ CVE-2022-22899 (Core FTP / SFTP Server v2 Build 725 was discovered to allow unau
 CVE-2022-22898
 	RESERVED
 CVE-2022-22897 (A SQL injection vulnerability in the product_all_one_img and image_pro ...)
-	TODO: check
+	NOT-FOR-US: ApolloTheme AP PageBuilder
 CVE-2022-22896
 	RESERVED
 CVE-2022-22895 (Jerryscript 3.0.0 was discovered to contain a heap-buffer-overflow via ...)
@@ -69271,7 +69271,7 @@ CVE-2021-40328
 CVE-2021-40327 (Trusted Firmware-M (TF-M) 1.4.0, when Profile Small is used, has incor ...)
 	NOT-FOR-US: Trusted Firmware-M (TF-M)
 CVE-2021-40326 (Foxit PDF Reader before 11.1 and PDF Editor before 11.1, and PhantomPD ...)
-	TODO: check
+	NOT-FOR-US: Foxit PDF Reader
 CVE-2021-40325 (Cobbler before 3.3.0 allows authorization bypass for modification of s ...)
 	- cobbler <removed>
 CVE-2021-40324 (Cobbler before 3.3.0 allows arbitrary file write operations via upload ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f131fcf39b9b9a54d7c8ee2fd090ca8914571115

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f131fcf39b9b9a54d7c8ee2fd090ca8914571115
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220830/6e81c0eb/attachment.htm>


More information about the debian-security-tracker-commits mailing list