[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) jmm at debian.org
Sat Jul 23 21:59:11 BST 2022 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
69fb4ec7 by Moritz Muehlenhoff at 2022-07-23T22:58:02+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -412,7 +412,7 @@ CVE-2022-2468 (A vulnerability was found in SourceCodester Garage Management Sys
 CVE-2022-2467 (A vulnerability has been found in SourceCodester Garage Management Sys ...)
 	NOT-FOR-US: SourceCodester Garage Management
 CVE-2016-15004 (A vulnerability was found in InfiniteWP Client Plugin 1.5.1.3/1.6.0. I ...)
-	TODO: check
+	NOT-FOR-US: InfiniteWP
 CVE-2022-35735
 	RESERVED
 CVE-2022-35728
@@ -4771,7 +4771,8 @@ CVE-2022-34505
 CVE-2022-34504
 	RESERVED
 CVE-2022-34503 (QPDF v8.4.2 was discovered to contain a heap buffer overflow via the f ...)
-	TODO: check
+	- qpdf <unfixed> (unimportant)
+	NOTE: Negligible security impact
 CVE-2022-34502 (Radare2 v5.7.0 was discovered to contain a heap buffer overflow via th ...)
 	- radare2 <unfixed>
 	NOTE: https://github.com/radareorg/radare2/issues/20336
@@ -12823,25 +12824,25 @@ CVE-2022-31512 (The Atom02/flask-mvc repository through 2020-09-14 on GitHub all
 CVE-2022-31511 (The AFDudley/equanimity repository through 2014-04-23 on GitHub allows ...)
 	NOT-FOR-US: AFDudley/equanimity
 CVE-2022-31510 (The sergeKashkin/Simple-RAT repository before 2022-05-03 on GitHub all ...)
-	TODO: check
+	NOT-FOR-US: sergeKashkin/Simple-RAT
 CVE-2022-31509 (The iedadata/usap-dc-website repository through 1.0.1 on GitHub allows ...)
-	TODO: check
+	NOT-FOR-US: iedadata/usap-dc-website
 CVE-2022-31508 (The idayrus/evoting repository before 2022-05-08 on GitHub allows abso ...)
-	TODO: check
+	NOT-FOR-US: idayrus/evoting
 CVE-2022-31507 (The ganga-devs/ganga repository before 8.5.10 on GitHub allows absolut ...)
-	TODO: check
+	NOT-FOR-US: ganga-devs/ganga
 CVE-2022-31506 (The cmusatyalab/opendiamond repository through 10.1.1 on GitHub allows ...)
-	TODO: check
+	NOT-FOR-US: cmusatyalab/opendiamond
 CVE-2022-31505 (The cheo0/MercadoEnLineaBack repository through 2022-05-04 on GitHub a ...)
-	TODO: check
+	NOT-FOR-US: cheo0/MercadoEnLineaBack
 CVE-2022-31504 (The ChangeWeDer/BaiduWenkuSpider_flaskWeb repository before 2021-11-29 ...)
-	TODO: check
+	NOT-FOR-US: ChangeWeDer/BaiduWenkuSpider_flaskWeb
 CVE-2022-31503 (The orchest/orchest repository before 2022.05.0 on GitHub allows absol ...)
-	TODO: check
+	NOT-FOR-US: orchest/orchest
 CVE-2022-31502 (The operatorequals/wormnest repository through 0.4.7 on GitHub allows  ...)
-	TODO: check
+	NOT-FOR-US: operatorequals/wormnest
 CVE-2022-31501 (The ChaoticOnyx/OnyxForum repository before 2022-05-04 on GitHub allow ...)
-	TODO: check
+	NOT-FOR-US: ChaoticOnyx/OnyxForum
 CVE-2022-31500 (In KNIME Analytics Platform below 4.6.0, the Windows installer sets im ...)
 	NOT-FOR-US: KNIME Analytics Platform
 CVE-2022-31499
@@ -13671,7 +13672,7 @@ CVE-2022-31149
 CVE-2022-31148
 	RESERVED
 CVE-2022-31147 (The jQuery Validation Plugin (jquery-validation) provides drop-in vali ...)
-	TODO: check
+	NOT-FOR-US: jquery-validation
 CVE-2022-31146 (Wasmtime is a standalone runtime for WebAssembly. There is a bug in th ...)
 	NOT-FOR-US: wasmtime
 CVE-2022-31145 (FlyteAdmin is the control plane for Flyte responsible for managing ent ...)
@@ -15205,19 +15206,19 @@ CVE-2022-30628 (It was possible to download all receipts without authentication.
 CVE-2022-30627 (This vulnerability affects all of the company's products that also inc ...)
 	NOT-FOR-US: Chcnav
 CVE-2022-30626 (Browsing the path: http://ip/wifi_ap_pata_get.cmd, will show in the na ...)
-	TODO: check
+	NOT-FOR-US: Chcnav
 CVE-2022-30625 (Directory listing is a web server function that displays the directory ...)
-	TODO: check
+	NOT-FOR-US: Chcnav
 CVE-2022-30624 (Browsing the admin.html page allows the user to reset the admin passwo ...)
-	TODO: check
+	NOT-FOR-US: Chcnav
 CVE-2022-30623 (The server checks the user's cookie in a non-standard way, and a value ...)
-	TODO: check
+	NOT-FOR-US: Chcnav
 CVE-2022-30622 (Disclosure of information - the system allows you to view usernames an ...)
-	TODO: check
+	NOT-FOR-US: Chcnav
 CVE-2022-30621 (Allows a remote user to read files on the camera's OS "GetFileContent. ...)
-	TODO: check
+	NOT-FOR-US: Cellinx
 CVE-2022-30620 (On Cellinx Camera with guest enabled, attacker with web access can ele ...)
-	TODO: check
+	NOT-FOR-US: Cellinx
 CVE-2022-30619 (Editable SQL Queries behind Base64 encoding sending from the Client-Si ...)
 	NOT-FOR-US: Agile Point
 CVE-2022-30618 (An authenticated user with access to the Strapi admin panel can view p ...)
@@ -28933,7 +28934,7 @@ CVE-2022-25877
 CVE-2022-25876 (The package link-preview-js before 2.1.16 are vulnerable to Server-sid ...)
 	NOT-FOR-US: Node link-preview-js
 CVE-2022-25875 (The package svelte before 3.49.0 are vulnerable to Cross-site Scriptin ...)
-	TODO: check
+	NOT-FOR-US: svelte
 CVE-2022-25874
 	RESERVED
 CVE-2022-25873
@@ -29013,7 +29014,7 @@ CVE-2022-25761
 CVE-2022-25760 (All versions of package accesslog are vulnerable to Arbitrary Code Inj ...)
 	NOT-FOR-US: accesslog Nodejs module
 CVE-2022-25759 (The package convert-svg-core before 0.6.2 are vulnerable to Remote Cod ...)
-	TODO: check
+	NOT-FOR-US: Node convert-svg-core
 CVE-2022-25758 (All versions of package scss-tokenizer are vulnerable to Regular Expre ...)
 	- node-scss-tokenizer <itp> (bug #885456)
 CVE-2022-25648 (The package git before 1.11.0 are vulnerable to Command Injection via  ...)
@@ -29362,9 +29363,9 @@ CVE-2022-25802 (Best Practical Request Tracker (RT) before 4.4.6 and 5.x before
 	- request-tracker5 5.0.3+dfsg-1
 	- request-tracker4 4.4.6+dfsg-1
 CVE-2022-25801 (Best Practical RT for Incident Response (RTIR) before 4.0.3 and 5.x be ...)
-	TODO: check
+	NOT-FOR-US: Best Practical RT for Incident Response
 CVE-2022-25800 (Best Practical RT for Incident Response (RTIR) before 4.0.3 and 5.x be ...)
-	TODO: check
+	NOT-FOR-US: Best Practical RT for Incident Response
 CVE-2022-25799
 	RESERVED
 CVE-2022-25798



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/69fb4ec74305f277063625fa604fac8364264f80

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/69fb4ec74305f277063625fa604fac8364264f80
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220723/b3cc0d44/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list