[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) jmm at debian.org
Thu Jul 21 08:42:33 BST 2022 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
315697a9 by Moritz Muehlenhoff at 2022-07-21T09:42:21+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -119,11 +119,11 @@ CVE-2022-2478
 CVE-2022-2477
 	RESERVED
 CVE-2022-36305 (Vesta v1.0.0-5 was discovered to contain a cross-site scripting (XSS)  ...)
-	TODO: check
+	NOT-FOR-US: Vesta
 CVE-2022-36304 (Vesta v1.0.0-5 was discovered to contain a cross-site scripting (XSS)  ...)
-	TODO: check
+	NOT-FOR-US: Vesta
 CVE-2022-36303 (Vesta v1.0.0-5 was discovered to contain a cross-site scripting (XSS)  ...)
-	TODO: check
+	NOT-FOR-US: Vesta
 CVE-2022-36302
 	RESERVED
 CVE-2022-36301
@@ -4435,19 +4435,19 @@ CVE-2022-34542
 CVE-2022-34541
 	RESERVED
 CVE-2022-34540 (Digital Watchdog DW MEGApix IP cameras A7.2.2_20211029 was discovered  ...)
-	TODO: check
+	NOT-FOR-US: Digital Watchdog
 CVE-2022-34539 (Digital Watchdog DW MEGApix IP cameras A7.2.2_20211029 was discovered  ...)
-	TODO: check
+	NOT-FOR-US: Digital Watchdog
 CVE-2022-34538 (Digital Watchdog DW MEGApix IP cameras A7.2.2_20211029 was discovered  ...)
-	TODO: check
+	NOT-FOR-US: Digital Watchdog
 CVE-2022-34537 (Digital Watchdog DW MEGApix IP cameras A7.2.2_20211029 was discovered  ...)
-	TODO: check
+	NOT-FOR-US: Digital Watchdog
 CVE-2022-34536 (Digital Watchdog DW MEGApix IP cameras A7.2.2_20211029 allows attacker ...)
-	TODO: check
+	NOT-FOR-US: Digital Watchdog
 CVE-2022-34535 (Digital Watchdog DW MEGApix IP cameras A7.2.2_20211029 allows unauthen ...)
-	TODO: check
+	NOT-FOR-US: Digital Watchdog
 CVE-2022-34534 (Digital Watchdog DW Spectrum Server 4.2.0.32842 allows attackers to ac ...)
-	TODO: check
+	NOT-FOR-US: Digital Watchdog
 CVE-2022-34533
 	RESERVED
 CVE-2022-34532
@@ -5232,7 +5232,7 @@ CVE-2022-34268
 CVE-2022-34267
 	RESERVED
 CVE-2022-34266 (The libtiff-4.0.3-35.amzn2.0.1 package for LibTIFF on Amazon Linux 2 a ...)
-	TODO: check
+	NOT-FOR-US: libtiff-4.0.3-35.amzn2.0.1 Amazon package
 CVE-2022-34265 (An issue was discovered in Django 3.2 before 3.2.14 and 4.0 before 4.0 ...)
 	- python-django 2:4.0.6-1 (bug #1014541)
 	NOTE: https://www.openwall.com/lists/oss-security/2022/07/04/2
@@ -5833,7 +5833,7 @@ CVE-2022-34027 (Nginx NJS v0.7.4 was discovered to contain a segmentation violat
 CVE-2022-34026
 	RESERVED
 CVE-2022-34025 (Vesta v1.0.0-5 was discovered to contain a cross-site scripting (XSS)  ...)
-	TODO: check
+	NOT-FOR-US: Vesta
 CVE-2022-34024 (Barangay Management System v1.0 was discovered to contain an arbitrary ...)
 	NOT-FOR-US: Barangay Management System
 CVE-2022-34023 (Barangay Management System v1.0 was discovered to contain a SQL inject ...)
@@ -8454,15 +8454,15 @@ CVE-2022-32964
 CVE-2022-32963
 	RESERVED
 CVE-2022-32962 (HiCOS’ client-side citizen certificate component has a double fr ...)
-	TODO: check
+	NOT-FOR-US: HICOS
 CVE-2022-32961 (HICOS’ client-side citizen digital certificate component has a s ...)
-	TODO: check
+	NOT-FOR-US: HICOS
 CVE-2022-32960 (HiCOS’ client-side citizen digital certificate component has a s ...)
-	TODO: check
+	NOT-FOR-US: HICOS
 CVE-2022-32959 (HiCOS’ client-side citizen digital certificate component has a s ...)
-	TODO: check
+	NOT-FOR-US: HICOS
 CVE-2022-32958 (A remote attacker with general user privilege can send a message to Te ...)
-	TODO: check
+	NOT-FOR-US: TeamPlus Pro
 CVE-2022-32588
 	RESERVED
 CVE-2022-32281
@@ -9645,11 +9645,11 @@ CVE-2022-32460
 CVE-2022-32459
 	RESERVED
 CVE-2022-32458 (Digiwin BPM has a XML External Entity Injection (XXE) vulnerability du ...)
-	TODO: check
+	NOT-FOR-US: Digiwin
 CVE-2022-32457 (Digiwin BPM has inadequate filtering for URL parameter. An unauthentic ...)
-	TODO: check
+	NOT-FOR-US: Digiwin
 CVE-2022-32456 (Digiwin BPM’s function has insufficient validation for user inpu ...)
-	TODO: check
+	NOT-FOR-US: Digiwin
 CVE-2022-30707 (Violation of secure design principles exists in the communication of C ...)
 	NOT-FOR-US: CAMS for HIS
 CVE-2022-30532 (In affected versions of Octopus Deploy, there is no logging of changes ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/315697a93408a88299a87e42b7b76d62a60a8a14

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/315697a93408a88299a87e42b7b76d62a60a8a14
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220721/5e24f092/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list