[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Mon Jul 4 10:29:42 BST 2022 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
a69f26b8 by Salvatore Bonaccorso at 2022-07-04T11:29:29+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -33,7 +33,7 @@ CVE-2022-34911 (An issue was discovered in MediaWiki before 1.35.7, 1.36.x and 1
 	NOTE: https://phabricator.wikimedia.org/T308471
 	NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/805208
 CVE-2022-2290 (Cross-site Scripting (XSS) - Reflected in GitHub repository zadam/tril ...)
-	TODO: check
+	NOT-FOR-US: Trilium Notes
 CVE-2022-2289 (Use After Free in GitHub repository vim/vim prior to 9.0. ...)
 	- vim <unfixed> (unimportant)
 	NOTE: https://huntr.dev/bounties/7447d2ea-db5b-4883-adf4-1eaf7deace64/
@@ -1677,7 +1677,7 @@ CVE-2022-34329
 CVE-2022-34328 (PMB 7.3.10 allows reflected XSS via the id parameter in an lvl=author_ ...)
 	NOT-FOR-US: PMB
 CVE-2022-32284 (Use of insufficiently random values vulnerability exists in Vnet/IP co ...)
-	TODO: check
+	NOT-FOR-US: YOKOGAWA
 CVE-2022-2185 (A critical issue has been discovered in GitLab affecting all versions  ...)
 	TODO: check
 CVE-2022-2184
@@ -5890,7 +5890,7 @@ CVE-2022-28697
 CVE-2022-2036 (Cross-site Scripting (XSS) - Stored in GitHub repository francoisjacqu ...)
 	NOT-FOR-US: francoisjacquet/rosariosis
 CVE-2022-32551 (Zoho ManageEngine ServiceDesk Plus MSP before 10604 allows path traver ...)
-	TODO: check
+	NOT-FOR-US: Zoho ManageEngine
 CVE-2022-32550 (An issue was discovered in AgileBits 1Password, involving the method v ...)
 	NOT-FOR-US: AgileBits 1Password
 CVE-2022-32549 (Apache Sling Commons Log <= 5.4.0 and Apache Sling API <= 2.25.0 ...)
@@ -6334,7 +6334,7 @@ CVE-2022-32422
 CVE-2022-32421
 	RESERVED
 CVE-2022-32420 (College Management System v1.0 was discovered to contain a remote code ...)
-	TODO: check
+	NOT-FOR-US: College Management System
 CVE-2022-32419
 	RESERVED
 CVE-2022-32418
@@ -6350,9 +6350,9 @@ CVE-2022-32414 (Nginx NJS v0.7.2 was discovered to contain a segmentation violat
 CVE-2022-32413
 	RESERVED
 CVE-2022-32412 (An issue in the /template/edit component of HongCMS v3.0 allows attack ...)
-	TODO: check
+	NOT-FOR-US: HongCMS
 CVE-2022-32411 (An issue in the languages config file of HongCMS v3.0 allows attackers ...)
-	TODO: check
+	NOT-FOR-US: HongCMS
 CVE-2022-32410
 	RESERVED
 CVE-2022-32409
@@ -7283,11 +7283,11 @@ CVE-2022-32097
 CVE-2022-32096
 	RESERVED
 CVE-2022-32095 (Hospital Management System v1.0 was discovered to contain a SQL inject ...)
-	TODO: check
+	NOT-FOR-US: Hospital Management System
 CVE-2022-32094 (Hospital Management System v1.0 was discovered to contain a SQL inject ...)
-	TODO: check
+	NOT-FOR-US: Hospital Management System
 CVE-2022-32093 (Hospital Management System v1.0 was discovered to contain a SQL inject ...)
-	TODO: check
+	NOT-FOR-US: Hospital Management System
 CVE-2022-32092 (D-Link DIR-645 v1.03 was discovered to contain a command injection vul ...)
 	NOT-FOR-US: D-Link
 CVE-2022-32091 (MariaDB v10.7 was discovered to contain an use-after-poison in in __in ...)
@@ -7401,25 +7401,25 @@ CVE-2022-32055
 CVE-2022-32054
 	RESERVED
 CVE-2022-32053 (TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack  ...)
-	TODO: check
+	NOT-FOR-US: TOTOLINK
 CVE-2022-32052 (TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack  ...)
-	TODO: check
+	NOT-FOR-US: TOTOLINK
 CVE-2022-32051 (TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack  ...)
-	TODO: check
+	NOT-FOR-US: TOTOLINK
 CVE-2022-32050 (TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack  ...)
-	TODO: check
+	NOT-FOR-US: TOTOLINK
 CVE-2022-32049 (TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack  ...)
-	TODO: check
+	NOT-FOR-US: TOTOLINK
 CVE-2022-32048 (TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack  ...)
-	TODO: check
+	NOT-FOR-US: TOTOLINK
 CVE-2022-32047 (TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack  ...)
-	TODO: check
+	NOT-FOR-US: TOTOLINK
 CVE-2022-32046 (TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack  ...)
-	TODO: check
+	NOT-FOR-US: TOTOLINK
 CVE-2022-32045 (TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack  ...)
-	TODO: check
+	NOT-FOR-US: TOTOLINK
 CVE-2022-32044 (TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack  ...)
-	TODO: check
+	NOT-FOR-US: TOTOLINK
 CVE-2022-32043 (Tenda M3 V1.0.0.12 was discovered to contain a stack overflow via the  ...)
 	NOT-FOR-US: Tenda
 CVE-2022-32042
@@ -7621,7 +7621,7 @@ CVE-2022-31945 (Rescue Dispatch Management System v1.0 is vulnerable to Delete a
 CVE-2022-31944
 	RESERVED
 CVE-2022-31943 (MCMS v5.2.8 was discovered to contain an arbitrary file upload vulnera ...)
-	TODO: check
+	NOT-FOR-US: MCMS
 CVE-2022-31942
 	RESERVED
 CVE-2022-31941 (Rescue Dispatch Management System v1.0 is vulnerable to SQL Injection  ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a69f26b803c3660d4316ca7e0bfbf522819f2e80

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a69f26b803c3660d4316ca7e0bfbf522819f2e80
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220704/268cb03a/attachment.htm>

More information about the debian-security-tracker-commits mailing list