[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri Jul 1 09:26:25 BST 2022 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
d3ef4c89 by Salvatore Bonaccorso at 2022-07-01T10:24:15+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1234,7 +1234,7 @@ CVE-2022-34464
 CVE-2022-2198
 	RESERVED
 CVE-2022-2197 (By using a specific credential string, an attacker with network access ...)
-	TODO: check
+	NOT-FOR-US: Exemys
 CVE-2022-2196
 	RESERVED
 CVE-2022-2195
@@ -4014,15 +4014,15 @@ CVE-2022-2084
 CVE-2022-2083
 	RESERVED
 CVE-2022-33329 (Multiple command injection vulnerabilities exist in the web_server aja ...)
-	TODO: check
+	NOT-FOR-US: Robustel R1510
 CVE-2022-33328 (Multiple command injection vulnerabilities exist in the web_server aja ...)
-	TODO: check
+	NOT-FOR-US: Robustel R1510
 CVE-2022-33327 (Multiple command injection vulnerabilities exist in the web_server aja ...)
-	TODO: check
+	NOT-FOR-US: Robustel R1510
 CVE-2022-33326 (Multiple command injection vulnerabilities exist in the web_server aja ...)
-	TODO: check
+	NOT-FOR-US: Robustel R1510
 CVE-2022-33325 (Multiple command injection vulnerabilities exist in the web_server aja ...)
-	TODO: check
+	NOT-FOR-US: Robustel R1510
 CVE-2022-33324
 	RESERVED
 CVE-2022-33323
@@ -4044,11 +4044,11 @@ CVE-2022-33316
 CVE-2022-33315
 	RESERVED
 CVE-2022-33314 (Multiple command injection vulnerabilities exist in the web_server act ...)
-	TODO: check
+	NOT-FOR-US: Robustel R1510
 CVE-2022-33313 (Multiple command injection vulnerabilities exist in the web_server act ...)
-	TODO: check
+	NOT-FOR-US: Robustel R1510
 CVE-2022-33312 (Multiple command injection vulnerabilities exist in the web_server act ...)
-	TODO: check
+	NOT-FOR-US: Robustel R1510
 CVE-2022-33309
 	RESERVED
 CVE-2022-33308
@@ -4252,9 +4252,9 @@ CVE-2022-33210
 CVE-2022-33146 (Open redirect vulnerability in web2py versions prior to 2.22.5 allows  ...)
 	- web2py <removed>
 CVE-2022-32585 (A command execution vulnerability exists in the clish art2 functionali ...)
-	TODO: check
+	NOT-FOR-US: Robustel R1510
 CVE-2022-28127 (A data removal vulnerability exists in the web_server /action/remove/  ...)
-	TODO: check
+	NOT-FOR-US: Robustel R1510
 CVE-2022-2082
 	RESERVED
 CVE-2022-2081
@@ -4318,7 +4318,7 @@ CVE-2022-2075
 CVE-2022-2074
 	RESERVED
 CVE-2022-2073 (Code Injection in GitHub repository getgrav/grav prior to 1.7.34. ...)
-	TODO: check
+	NOT-FOR-US: Grav CMS
 CVE-2021-46821
 	RESERVED
 CVE-2022-33187
@@ -4505,11 +4505,11 @@ CVE-2022-33089
 CVE-2022-33088
 	RESERVED
 CVE-2022-33087 (A stack overflow in the function DM_ In fillobjbystr() of TP-Link Arch ...)
-	TODO: check
+	NOT-FOR-US: TP-Link
 CVE-2022-33086
 	RESERVED
 CVE-2022-33085 (ESPCMS P8 was discovered to contain an authenticated remote code execu ...)
-	TODO: check
+	NOT-FOR-US: ESPCMS
 CVE-2022-33084
 	RESERVED
 CVE-2022-33083
@@ -4604,7 +4604,7 @@ CVE-2022-33045
 CVE-2022-33044
 	RESERVED
 CVE-2022-33043 (A cross-site scripting (XSS) vulnerability in the batch add function o ...)
-	TODO: check
+	NOT-FOR-US: Urtracker Premium
 CVE-2022-33042 (Online Railway Reservation System v1.0 was discovered to contain a SQL ...)
 	NOT-FOR-US: Online Railway Reservation System
 CVE-2022-33041
@@ -6424,7 +6424,7 @@ CVE-2022-32298
 CVE-2022-32297
 	RESERVED
 CVE-2022-32295 (On Ampere Altra and AltraMax devices before SRP 1.09, the the Altra re ...)
-	TODO: check
+	NOT-FOR-US: Ampere devices
 CVE-2022-32294
 	RESERVED
 CVE-2022-32293
@@ -9916,7 +9916,7 @@ CVE-2022-31065 (BigBlueButton is an open source web conferencing system. In affe
 CVE-2022-31064 (BigBlueButton is an open source web conferencing system. Users in meet ...)
 	NOT-FOR-US: BigBlueButton
 CVE-2022-31063 (Tuleap is a Free & Open Source Suite to improve management of soft ...)
-	TODO: check
+	NOT-FOR-US: Tuleap
 CVE-2022-31062 (### Impact A plugin public script can be used to read content of syste ...)
 	NOT-FOR-US: GLPI plugin
 CVE-2022-31061 (GLPI is a Free Asset and IT Management Software package, Data center m ...)
@@ -9927,7 +9927,7 @@ CVE-2022-31060 (Discourse is an open-source discussion platform. Prior to versio
 CVE-2022-31059 (Discourse Calendar is a calendar plugin for Discourse, an open-source  ...)
 	NOT-FOR-US: Discourse Calendar is a calendar plugin for Discourse
 CVE-2022-31058 (Tuleap is a Free & Open Source Suite to improve management of soft ...)
-	TODO: check
+	NOT-FOR-US: Tuleap
 CVE-2022-31057 (Shopware is an open source e-commerce software made in Germany. Versio ...)
 	NOT-FOR-US: Shopware
 CVE-2022-31056 (GLPI is a Free Asset and IT Management Software package, Data center m ...)
@@ -9990,7 +9990,7 @@ CVE-2022-31033 (The Mechanize library is used for automating interaction with we
 	NOTE: https://github.com/sparklemotion/mechanize/commit/17e5381032c90caf240ac3d2e52b353f40c18d83 (v2.8.0)
 	NOTE: Fixed by: https://github.com/sparklemotion/mechanize/commit/907c778001625cb9daa686d5019c939cb416e45b (v2.8.5)
 CVE-2022-31032 (Tuleap is a Free & Open Source Suite to improve management of soft ...)
-	TODO: check
+	NOT-FOR-US: Tuleap
 CVE-2022-31031 (PJSIP is a free and open source multimedia communication library writt ...)
 	- pjproject <removed>
 	NOTE: https://github.com/pjsip/pjproject/security/advisories/GHSA-26j7-ww69-c4qj
@@ -11804,7 +11804,7 @@ CVE-2022-30469 (In Afian Filerun 20220202, lack of sanitization of the POST para
 CVE-2022-30468
 	RESERVED
 CVE-2022-30467 (Joy ebike Wolf Manufacturing year 2022 is vulnerable to Denial of serv ...)
-	TODO: check
+	NOT-FOR-US: Joy ebike Wolf Manufacturing
 CVE-2022-30466 (joyebike Joy ebike Wolf Manufacturing year 2022 is vulnerable to Authe ...)
 	NOT-FOR-US: joyebike Joy ebike Wolf Manufacturing
 CVE-2022-30465
@@ -12585,7 +12585,7 @@ CVE-2022-30194
 CVE-2022-30193 (AV1 Video Extension Remote Code Execution Vulnerability. This CVE ID i ...)
 	NOT-FOR-US: Microsoft
 CVE-2022-30192 (Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability.  ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2022-30191
 	RESERVED
 CVE-2022-30190 (Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d3ef4c898ecf8f2f0b94ba5a8414dad634c9fa10

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d3ef4c898ecf8f2f0b94ba5a8414dad634c9fa10
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220701/cf74ab77/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list