[Git][security-tracker-team/security-tracker][master] Process NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Jun 2 09:19:34 BST 2022 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
032b6154 by Salvatore Bonaccorso at 2022-06-02T10:19:11+02:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -568,29 +568,29 @@ CVE-2022-31986
 CVE-2022-31985
 	RESERVED
 CVE-2022-31984 (Online Fire Reporting System v1.0 is vulnerable to SQL Injection via / ...)
-	TODO: check
+	NOT-FOR-US: Online Fire Reporting System
 CVE-2022-31983 (Online Fire Reporting System v1.0 is vulnerable to SQL Injection via / ...)
-	TODO: check
+	NOT-FOR-US: Online Fire Reporting System
 CVE-2022-31982 (Online Fire Reporting System v1.0 is vulnerable to SQL Injection via / ...)
-	TODO: check
+	NOT-FOR-US: Online Fire Reporting System
 CVE-2022-31981 (Online Fire Reporting System v1.0 is vulnerable to SQL Injection via / ...)
-	TODO: check
+	NOT-FOR-US: Online Fire Reporting System
 CVE-2022-31980 (Online Fire Reporting System v1.0 is vulnerable to SQL Injection via / ...)
-	TODO: check
+	NOT-FOR-US: Online Fire Reporting System
 CVE-2022-31979
 	RESERVED
 CVE-2022-31978 (Online Fire Reporting System v1.0 is vulnerable to SQL Injection via / ...)
-	TODO: check
+	NOT-FOR-US: Online Fire Reporting System
 CVE-2022-31977 (Online Fire Reporting System v1.0 is vulnerable to SQL Injection via / ...)
-	TODO: check
+	NOT-FOR-US: Online Fire Reporting System
 CVE-2022-31976 (Online Fire Reporting System v1.0 is vulnerable to SQL Injection via / ...)
-	TODO: check
+	NOT-FOR-US: Online Fire Reporting System
 CVE-2022-31975 (Online Fire Reporting System v1.0 is vulnerable to SQL Injection via / ...)
-	TODO: check
+	NOT-FOR-US: Online Fire Reporting System
 CVE-2022-31974 (Online Fire Reporting System v1.0 is vulnerable to SQL Injection via / ...)
-	TODO: check
+	NOT-FOR-US: Online Fire Reporting System
 CVE-2022-31973 (Online Fire Reporting System v1.0 is vulnerable to Delete any file via ...)
-	TODO: check
+	NOT-FOR-US: Online Fire Reporting System
 CVE-2022-31972
 	RESERVED
 CVE-2022-31971 (ChatBot App with Suggestion v1.0 is vulnerable to SQL Injection via /s ...)
@@ -3191,7 +3191,7 @@ CVE-2022-31001 (Sofia-SIP is an open-source Session Initiation Protocol (SIP) Us
 	NOTE: https://github.com/freeswitch/sofia-sip/security/advisories/GHSA-79jq-hh82-cv9g
 	NOTE: https://github.com/freeswitch/sofia-sip/commit/a99804b336d0e16d26ab7119d56184d2d7110a36 (v1.13.8)
 CVE-2022-31000 (solidus_backend is the admin interface for the Solidus e-commerce fram ...)
-	TODO: check
+	NOT-FOR-US: Solidus e-commerce framework
 CVE-2022-30999 (FriendsofFlarum (FoF) Upload is an extension that handles file uploads ...)
 	TODO: check
 CVE-2022-30996
@@ -5590,7 +5590,7 @@ CVE-2022-30192
 CVE-2022-30191
 	RESERVED
 CVE-2022-30190 (Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2022-30189
 	RESERVED
 CVE-2022-30188
@@ -5714,9 +5714,9 @@ CVE-2022-30130 (.NET Framework Denial of Service Vulnerability. ...)
 CVE-2022-30129 (Visual Studio Code Remote Code Execution Vulnerability. ...)
 	NOT-FOR-US: Microsoft
 CVE-2022-30128 (Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability.  ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2022-30127 (Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability.  ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2022-1567 (The WP-JS plugin for WordPress contains a script called wp-js.php with ...)
 	NOT-FOR-US: WP-JS plugin for WordPress
 CVE-2022-1566 (The Quotes llama WordPress plugin through 0.7 does not sanitise and es ...)
@@ -6913,9 +6913,9 @@ CVE-2022-29779 (Nginx NJS v0.7.2 was discovered to contain a segmentation violat
 CVE-2022-29778
 	RESERVED
 CVE-2022-29777 (Onlyoffice Document Server v6.0.0 and below and Core 6.1.0.26 and belo ...)
-	TODO: check
+	NOT-FOR-US: Onlyoffice Document Server
 CVE-2022-29776 (Onlyoffice Document Server v6.0.0 and below and Core 6.1.0.26 and belo ...)
-	TODO: check
+	NOT-FOR-US: Onlyoffice Document Server
 CVE-2022-29775
 	RESERVED
 CVE-2022-29774
@@ -7017,7 +7017,7 @@ CVE-2022-29727 (Survey Sparrow Enterprise Survey Software 2022 has a Stored cros
 CVE-2022-29726
 	RESERVED
 CVE-2022-29725 (An arbitrary file upload in the image upload component of wityCMS v0.6 ...)
-	TODO: check
+	NOT-FOR-US: wityCMS
 CVE-2022-29724
 	RESERVED
 CVE-2022-29723
@@ -7043,9 +7043,9 @@ CVE-2022-29714
 CVE-2022-29713
 	RESERVED
 CVE-2022-29712 (LibreNMS v22.3.0 was discovered to contain multiple command injection  ...)
-	TODO: check
+	NOT-FOR-US: LibreNMS
 CVE-2022-29711 (LibreNMS v22.3.0 was discovered to contain a cross-site scripting (XSS ...)
-	TODO: check
+	NOT-FOR-US: LibreNMS
 CVE-2022-29710 (A cross-site scripting (XSS) vulnerability in uploadConfirm.php of Lim ...)
 	- limesurvey <itp> (bug #472802)
 CVE-2022-29709
@@ -7149,7 +7149,7 @@ CVE-2022-29661 (CSCMS Music Portal System v4.2 was discovered to contain a blind
 CVE-2022-29660 (CSCMS Music Portal System v4.2 was discovered to contain a SQL injecti ...)
 	NOT-FOR-US: CSCMS Music Portal System
 CVE-2022-29659 (Responsive Online Blog v1.0 was discovered to contain a SQL injection  ...)
-	TODO: check
+	NOT-FOR-US: Responsive Online Blog
 CVE-2022-29658
 	RESERVED
 CVE-2022-29657
@@ -7161,7 +7161,7 @@ CVE-2022-29655 (An arbitrary file upload vulnerability in the Upload Photos modu
 CVE-2022-29654
 	RESERVED
 CVE-2022-29653 (OFCMS v1.1.4 was discovered to contain a cross-site scripting (XSS) vu ...)
-	TODO: check
+	NOT-FOR-US: OFCMS
 CVE-2022-29652 (Online Sports Complex Booking System 1.0 is vulnerable to SQL Injectio ...)
 	NOT-FOR-US: Sourcecodester Online Sports Complex Booking System
 CVE-2022-29651 (An arbitrary file upload vulnerability in the Select Image function of ...)
@@ -7171,9 +7171,9 @@ CVE-2022-29650 (Online Food Ordering System v1.0 was discovered to contain a SQL
 CVE-2022-29649
 	RESERVED
 CVE-2022-29648 (A cross-site scripting (XSS) vulnerability in Jfinal CMS v5.1.0 allows ...)
-	TODO: check
+	NOT-FOR-US: Jfinal CMS
 CVE-2022-29647 (An issue was discovered in MCMS 5.2.7. There is a CSRF vulnerability t ...)
-	TODO: check
+	NOT-FOR-US: MCMS
 CVE-2022-29646 (An access control issue in TOTOLINK A3100R V4.1.2cu.5050_B20200504 and ...)
 	NOT-FOR-US: TOTOLINK
 CVE-2022-29645 (TOTOLINK A3100R V4.1.2cu.5050_B20200504 and V4.1.2cu.5247_B20211129 we ...)
@@ -7211,15 +7211,15 @@ CVE-2022-29630
 CVE-2022-29629
 	RESERVED
 CVE-2022-29628 (A cross-site scripting (XSS) vulnerability in /omps/seller of Online M ...)
-	TODO: check
+	NOT-FOR-US: Online Market Place Site
 CVE-2022-29627 (An insecure direct object reference (IDOR) in Online Market Place Site ...)
-	TODO: check
+	NOT-FOR-US: Online Market Place Site
 CVE-2022-29626
 	RESERVED
 CVE-2022-29625
 	RESERVED
 CVE-2022-29624 (An arbitrary file upload vulnerability in the Add File function of TPC ...)
-	TODO: check
+	NOT-FOR-US: TPCMS
 CVE-2022-29623 (An arbitrary file upload vulnerability in the file upload module of Co ...)
 	NOT-FOR-US: expressjs/connect-multiparty
 CVE-2022-29622 (An arbitrary file upload vulnerability in formidable v3.1.4 allows att ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/032b6154cc006f3217e00b0bd8aa99fa8d442490

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/032b6154cc006f3217e00b0bd8aa99fa8d442490
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220602/c3bb4c61/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list