[Git][security-tracker-team/security-tracker][master] Process some NFUs

Wed Jul 6 05:52:25 BST 2022


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
354a70c5 by Salvatore Bonaccorso at 2022-07-06T06:51:51+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -860,13 +860,13 @@ CVE-2022-34881
 CVE-2022-34880
 	RESERVED
 CVE-2022-34879 (Reflected Cross Site Scripting (XSS) vulnerabilities in AST Agent Time ...)
-	TODO: check
+	NOT-FOR-US: VICIdial
 CVE-2022-34878 (SQL Injection vulnerability in User Stats interface (/vicidial/user_st ...)
-	TODO: check
+	NOT-FOR-US: VICIdial
 CVE-2022-34877 (SQL Injection vulnerability in AST Agent Time Sheet interface ((/vicid ...)
-	TODO: check
+	NOT-FOR-US: VICIdial
 CVE-2022-34876 (SQL Injection vulnerability in admin interface (/vicidial/admin.php) o ...)
-	TODO: check
+	NOT-FOR-US: VICIdial
 CVE-2022-34903 (GnuPG through 2.3.6, in unusual situations where an attacker possesses ...)
 	{DSA-5174-1}
 	- gnupg2 2.2.35-3 (bug #1014157)
@@ -5409,7 +5409,7 @@ CVE-2022-33077
 CVE-2022-33076
 	RESERVED
 CVE-2022-33075 (A stored cross-site scripting (XSS) vulnerability in the Add Classific ...)
-	TODO: check
+	NOT-FOR-US: Zoo Management System
 CVE-2022-33074
 	RESERVED
 CVE-2022-33073
@@ -7258,7 +7258,7 @@ CVE-2022-32326
 CVE-2022-32325 (JPEGOPTIM v1.4.7 was discovered to contain a segmentation violation wh ...)
 	TODO: check
 CVE-2022-32324 (PDFAlto v0.4 was discovered to contain a heap buffer overflow via the  ...)
-	TODO: check
+	NOT-FOR-US: PDFAlto
 CVE-2022-32323
 	RESERVED
 CVE-2022-32322
@@ -9422,15 +9422,15 @@ CVE-2022-31605 (NVFLARE, versions prior to 2.1.2, contains a vulnerability in it
 CVE-2022-31604 (NVFLARE, versions prior to 2.1.2, contains a vulnerability in its PKI  ...)
 	TODO: check
 CVE-2022-31603 (NVIDIA DGX A100 contains a vulnerability in SBIOS in the IpSecDxe, whe ...)
-	TODO: check
+	NOT-FOR-US: NVIDIA
 CVE-2022-31602 (NVIDIA DGX A100 contains a vulnerability in SBIOS in the IpSecDxe, whe ...)
-	TODO: check
+	NOT-FOR-US: NVIDIA
 CVE-2022-31601 (NVIDIA DGX A100 contains a vulnerability in SBIOS in the SmbiosPei, wh ...)
-	TODO: check
+	NOT-FOR-US: NVIDIA
 CVE-2022-31600 (NVIDIA DGX A100 contains a vulnerability in SBIOS in the SmmCore, wher ...)
-	TODO: check
+	NOT-FOR-US: NVIDIA
 CVE-2022-31599 (NVIDIA DGX A100 contains a vulnerability in SBIOS in the Ofbd, where a ...)
-	TODO: check
+	NOT-FOR-US: NVIDIA
 CVE-2022-1876
 	RESERVED
 	{DSA-5148-1}
@@ -13237,9 +13237,9 @@ CVE-2022-30292 (Heap-based buffer overflow in sqbaselib.cpp in SQUIRREL 3.2 due
 CVE-2022-30291
 	RESERVED
 CVE-2022-30290 (In OpenCTI through 5.2.4, a broken access control vulnerability has be ...)
-	TODO: check
+	NOT-FOR-US: OpenCTI
 CVE-2022-30289 (A stored Cross-site Scripting (XSS) vulnerability was identified in th ...)
-	TODO: check
+	NOT-FOR-US: OpenCTI
 CVE-2022-30288 (** DISPUTED ** Agoo before 2.14.3 does not reject GraphQL fragment spr ...)
 	NOT-FOR-US: Ruby gem agoo
 CVE-2022-30287
@@ -42648,7 +42648,7 @@ CVE-2021-44917 (A Divide by Zero vulnerability exists in gnuplot 5.4 in the boun
 CVE-2021-44916 (Opmantek Open-AudIT Community 4.2.0 (Fixed in 4.3.0) is affected by a  ...)
 	NOT-FOR-US: Open-AudIT
 CVE-2021-44915 (Taocms 3.0.2 was discovered to contain a blind SQL injection vulnerabi ...)
-	TODO: check
+	NOT-FOR-US: taocms
 CVE-2021-44914
 	RESERVED
 CVE-2021-44913
@@ -47592,7 +47592,7 @@ CVE-2021-43704
 CVE-2021-43703 (An Incorrect Access Control vulnerability exists in zzcms less than or ...)
 	NOT-FOR-US: zzcms
 CVE-2021-43702 (ASUS RT-A88U 3.0.0.4.386_45898 is vulnerable to Cross Site Scripting ( ...)
-	TODO: check
+	NOT-FOR-US: ASUS
 CVE-2021-43701 (CSZ CMS 1.2.9 has a Time and Boolean-based Blind SQL Injection vulnera ...)
 	NOT-FOR-US: CSZ CMS
 CVE-2021-43700 (An issue was discovered in ApiManager 1.1. there is sql injection vuln ...)
@@ -50248,7 +50248,7 @@ CVE-2021-43118 (A Remote Command Injection vulnerability exists in DrayTek Vigor
 CVE-2021-43117 (fastadmin v1.2.1 is affected by a file upload vulnerability which allo ...)
 	NOT-FOR-US: fastadmin
 CVE-2021-43116 (An Access Control vulnerability exists in Nacos 2.0.3 in the access pr ...)
-	TODO: check
+	NOT-FOR-US: Nacos
 CVE-2021-43115
 	RESERVED
 CVE-2021-43114 (FORT Validator versions prior to 1.5.2 will crash if an RPKI CA publis ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/354a70c54533d97ffcbdb8720eaba1a41bd3282d

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/354a70c54533d97ffcbdb8720eaba1a41bd3282d
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220706/7d4d385a/attachment-0001.htm>
