[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) jmm at debian.org
Fri Jul 15 16:19:22 BST 2022 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
d7a8bd97 by Moritz Muehlenhoff at 2022-07-15T17:19:08+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -72,7 +72,7 @@ CVE-2022-35859
 CVE-2022-35858
 	RESERVED
 CVE-2022-35857 (kvf-admin through 2022-02-12 allows remote attackers to execute arbitr ...)
-	TODO: check
+	NOT-FOR-US: kvf-admin
 CVE-2022-35856
 	RESERVED
 CVE-2022-35855
@@ -1043,7 +1043,7 @@ CVE-2022-35414 (softmmu/physmem.c in QEMU through 7.0.0 can perform an uninitial
 CVE-2022-2366 (Incorrect default configuration for trusted IP header in Mattermost ve ...)
 	- mattermost-server <itp> (bug #823556)
 CVE-2022-2365 (Cross-site Scripting (XSS) - Stored in GitHub repository zadam/trilium ...)
-	TODO: check
+	NOT-FOR-US: Trilium Notes
 CVE-2022-2364 (A vulnerability, which was classified as problematic, was found in Sou ...)
 	NOT-FOR-US: Simple Parking Management System
 CVE-2022-2363 (A vulnerability, which was classified as problematic, has been found i ...)
@@ -1071,7 +1071,7 @@ CVE-2022-2355
 CVE-2022-2354
 	RESERVED
 CVE-2022-35411 (rpc.py through 0.6.0 allows Remote Code Execution because an unpickle  ...)
-	TODO: check
+	NOT-FOR-US: rpc.py
 CVE-2022-35410 (mat2 (aka metadata anonymisation toolkit) before 0.13.0 allows ../ dir ...)
 	- mat2 0.13.0-1
 	NOTE: https://0xacab.org/jvoisin/mat2/-/commit/beebca4bf1cd3b935824c966ce077e7bcf610385
@@ -4547,11 +4547,11 @@ CVE-2022-34096
 CVE-2022-34095
 	RESERVED
 CVE-2022-34094 (Portal do Software Publico Brasileiro i3geo v7.0.5 was discovered to c ...)
-	TODO: check
+	NOT-FOR-US: Portal do Software Publico Brasileiro i3geo
 CVE-2022-34093 (Portal do Software Publico Brasileiro i3geo v7.0.5 was discovered to c ...)
-	TODO: check
+	NOT-FOR-US: Portal do Software Publico Brasileiro i3geo
 CVE-2022-34092 (Portal do Software Publico Brasileiro i3geo v7.0.5 was discovered to c ...)
-	TODO: check
+	NOT-FOR-US: Portal do Software Publico Brasileiro i3geo
 CVE-2022-34091
 	RESERVED
 CVE-2022-34090
@@ -7084,7 +7084,7 @@ CVE-2022-33013
 CVE-2022-33012
 	RESERVED
 CVE-2022-33011 (Known v1.3.1+2020120201 was discovered to allow attackers to perform a ...)
-	TODO: check
+	NOT-FOR-US: Known
 CVE-2022-33010
 	RESERVED
 CVE-2022-33009 (A stored cross-site scripting (XSS) vulnerability in LightCMS v1.3.11  ...)
@@ -8594,7 +8594,7 @@ CVE-2022-32427
 CVE-2022-32426
 	RESERVED
 CVE-2022-32425 (The login function of Mealie v1.0.0beta-2 allows attackers to enumerat ...)
-	TODO: check
+	NOT-FOR-US: Mealie
 CVE-2022-32424
 	RESERVED
 CVE-2022-32423
@@ -8610,15 +8610,15 @@ CVE-2022-32419
 CVE-2022-32418
 	RESERVED
 CVE-2022-32417 (PbootCMS v3.1.2 was discovered to contain a remote code execution (RCE ...)
-	TODO: check
+	NOT-FOR-US: PbootCMS
 CVE-2022-32416 (Product Show Room Site v1.0 is vulnerable to SQL Injection via /psrs/c ...)
-	TODO: check
+	NOT-FOR-US: Product Show Room Site
 CVE-2022-32415 (Product Show Room Site v1.0 is vulnerable to SQL Injection via /psrs/? ...)
-	TODO: check
+	NOT-FOR-US: Product Show Room Site
 CVE-2022-32414 (Nginx NJS v0.7.2 was discovered to contain a segmentation violation in ...)
 	NOT-FOR-US: njs
 CVE-2022-32413 (An arbitrary file upload vulnerability in Dice v4.2.0 allows attackers ...)
-	TODO: check
+	NOT-FOR-US: Dice
 CVE-2022-32412 (An issue in the /template/edit component of HongCMS v3.0 allows attack ...)
 	NOT-FOR-US: HongCMS
 CVE-2022-32411 (An issue in the languages config file of HongCMS v3.0 allows attackers ...)
@@ -8626,13 +8626,13 @@ CVE-2022-32411 (An issue in the languages config file of HongCMS v3.0 allows att
 CVE-2022-32410
 	RESERVED
 CVE-2022-32409 (A local file inclusion (LFI) vulnerability in the component codemirror ...)
-	TODO: check
+	NOT-FOR-US: Portal do Software Publico Brasileiro i3geo
 CVE-2022-32408
 	RESERVED
 CVE-2022-32407
 	RESERVED
 CVE-2022-32406 (GtkRadiant v1.6.6 was discovered to contain a buffer overflow via the  ...)
-	TODO: check
+	NOT-FOR-US: GtkRadiant
 CVE-2022-32405 (Prison Management System v1.0 was discovered to contain a SQL injectio ...)
 	NOT-FOR-US: Prison Management System
 CVE-2022-32404 (Prison Management System v1.0 was discovered to contain a SQL injectio ...)
@@ -8666,7 +8666,7 @@ CVE-2022-32391 (Prison Management System v1.0 was discovered to contain a SQL in
 CVE-2022-32390
 	RESERVED
 CVE-2022-32389 (Isode SWIFT v4.0.2 was discovered to contain hard-coded credentials in ...)
-	TODO: check
+	NOT-FOR-US: Isode SWIFT (different than src:swift)
 CVE-2022-32388
 	RESERVED
 CVE-2022-32387
@@ -8808,7 +8808,7 @@ CVE-2022-32320
 CVE-2022-32319
 	RESERVED
 CVE-2022-32318 (Fast Food Ordering System v1.0 was discovered to contain a persistent  ...)
-	TODO: check
+	NOT-FOR-US: Fast Food Ordering System
 CVE-2022-32317 (The MPlayer Project v1.5 was discovered to contain a heap use-after-fr ...)
 	TODO: check
 CVE-2022-32316
@@ -9545,7 +9545,7 @@ CVE-2022-32117 (Jerryscript v2.4.0 was discovered to contain a stack buffer over
 CVE-2022-32116
 	RESERVED
 CVE-2022-32115 (An issue in the isSVG() function of Known v1.2.2+2020061101 allows att ...)
-	TODO: check
+	NOT-FOR-US: Known
 CVE-2022-32114 (An unrestricted file upload vulnerability in the Add New Assets functi ...)
 	TODO: check
 CVE-2022-32113
@@ -11812,7 +11812,7 @@ CVE-2022-31291 (An issue in dlt_config_file_parser.c of dlt-daemon v2.18.8 allow
 	NOTE: https://github.com/COVESA/dlt-daemon/pull/376
 	NOTE: https://github.com/COVESA/dlt-daemon/commit/6a3bd901d825c7206797e36ea98e10a218f5aad2
 CVE-2022-31290 (A cross-site scripting (XSS) vulnerability in Known v1.2.2+2020061101  ...)
-	TODO: check
+	NOT-FOR-US: Known
 CVE-2022-31289
 	REJECTED
 CVE-2022-31288



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d7a8bd97ba337b97fdad0941d18f614a6bf71e79

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d7a8bd97ba337b97fdad0941d18f614a6bf71e79
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220715/e5c853bb/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list