[Git][security-tracker-team/security-tracker][master] Process some NFUs

Tue Jun 14 20:50:43 BST 2022


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
e5678963 by Salvatore Bonaccorso at 2022-06-14T21:38:04+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -4617,7 +4617,7 @@ CVE-2022-31449
 CVE-2022-31448
 	RESERVED
 CVE-2022-31447 (An XML external entity (XXE) injection vulnerability in Magicpin v3.4  ...)
-	TODO: check
+	NOT-FOR-US: Magicpin
 CVE-2022-31446 (Tenda AC18 router V15.03.05.19 and V15.03.05.05 was discovered to cont ...)
 	NOT-FOR-US: Tenda
 CVE-2022-31445
@@ -4681,7 +4681,7 @@ CVE-2022-31417
 CVE-2022-31416
 	RESERVED
 CVE-2022-31415 (Online Fire Reporting System v1.0 was discovered to contain a SQL inje ...)
-	TODO: check
+	NOT-FOR-US: Online Fire Reporting System
 CVE-2022-31414
 	RESERVED
 CVE-2022-31413
@@ -4711,11 +4711,11 @@ CVE-2022-31402 (ITOP v3.0.1 was discovered to contain a cross-site scripting (XS
 CVE-2022-31401
 	RESERVED
 CVE-2022-31400 (A cross-site scripting (XSS) vulnerability in /staff/setup/email-addre ...)
-	TODO: check
+	NOT-FOR-US: Helpdeskz
 CVE-2022-31399
 	RESERVED
 CVE-2022-31398 (A cross-site scripting (XSS) vulnerability in /staff/tools/custom-fiel ...)
-	TODO: check
+	NOT-FOR-US: Helpdeskz
 CVE-2022-31397
 	RESERVED
 CVE-2022-31396
@@ -5520,7 +5520,7 @@ CVE-2022-31056
 CVE-2022-31055 (kCTF is a Kubernetes-based infrastructure for capture the flag (CTF) c ...)
 	TODO: check
 CVE-2022-31054 (Argo Events is an event-driven workflow automation framework for Kuber ...)
-	TODO: check
+	NOT-FOR-US: Argo
 CVE-2022-31053 (Biscuit is an authentication and authorization token for microservices ...)
 	TODO: check
 CVE-2022-31052
@@ -6561,7 +6561,7 @@ CVE-2022-30694
 CVE-2022-30543
 	RESERVED
 CVE-2022-29485 (Cross-site scripting vulnerability in SHIRASAGI v1.0.0 to v1.14.2, and ...)
-	TODO: check
+	NOT-FOR-US: SHIRASAGI
 CVE-2022-29481
 	RESERVED
 CVE-2022-28689
@@ -6824,7 +6824,7 @@ CVE-2022-29925 (Access of uninitialized pointer vulnerability exists in the simu
 CVE-2022-29522 (Use after free vulnerability exists in the simulator module contained  ...)
 	TODO: check
 CVE-2022-29482 ('Mobaoku-Auction&Flea Market' App for iOS versions prior to 5.5.16 ...)
-	TODO: check
+	NOT-FOR-US: 'Mobaoku-Auction&Flea Market' App for iOS
 CVE-2022-27231 (Cross-site scripting vulnerability exists in WP Statistics versions pr ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-26302 (Heap-based buffer overflow exists in the simulator module contained in ...)
@@ -7120,9 +7120,9 @@ CVE-2022-1661 (The affected products are vulnerable to directory traversal, whic
 CVE-2022-1660 (The affected products are vulnerable of untrusted data due to deserial ...)
 	NOT-FOR-US: Keysight N6854A and N6841A
 CVE-2022-1659 (Vulnerable versions of the JupiterX Core (<= 2.0.6) plugin register ...)
-	TODO: check
+	NOT-FOR-US: JupiterX Core
 CVE-2022-1658 (Vulnerable versions of the Jupiter Theme (<= 6.10.1) allow arbitrar ...)
-	TODO: check
+	NOT-FOR-US: Jupiter Theme
 CVE-2022-1657 (Vulnerable versions of the Jupiter (<= 6.10.1) and JupiterX (<=  ...)
 	TODO: check
 CVE-2022-1656 (Vulnerable versions of the JupiterX Theme (<=2.0.6) allow any logge ...)
@@ -7135,7 +7135,7 @@ CVE-2022-1655
 	[stretch] - horizon <no-dsa> (Minor issue)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2075681
 CVE-2022-1654 (Jupiter Theme <= 6.10.1 and JupiterX Core Plugin <= 2.0.7 allow  ...)
-	TODO: check
+	NOT-FOR-US: Jupiter Theme and JupiterX Core Plugin
 CVE-2022-1653
 	RESERVED
 CVE-2022-1652 (Linux Kernel could allow a local attacker to execute arbitrary code on ...)
@@ -7775,7 +7775,7 @@ CVE-2022-30299
 CVE-2022-30298
 	RESERVED
 CVE-2022-29509 (Directory traversal vulnerability in T&D Data Server (Japanese Edi ...)
-	TODO: check
+	NOT-FOR-US: T&D Data Server
 CVE-2022-29483 (Incorrect Default Permissions vulnerability in ABB e-Design allows att ...)
 	NOT-FOR-US: ABB e-Design
 CVE-2022-28702 (Incorrect Default Permissions vulnerability in ABB e-Design allows att ...)
@@ -9412,9 +9412,9 @@ CVE-2022-29799
 	NOTE: https://gitlab.com/craftyguy/networkd-dispatcher/-/commit/2e226ee027bdc8022f0e10470318f89f25dc6133
 	NOTE: No security impact in Debian, see #1010303
 CVE-2022-29798 (There is a denial of service vulnerability in CV81-WDM FW versions 01. ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2022-29797 (There is a buffer overflow vulnerability in CV81-WDM FW 01.70.49.29.46 ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2022-29796 (The HiAIserver has a vulnerability in verifying the validity of the we ...)
 	NOT-FOR-US: Huawei
 CVE-2022-29795 (The frame scheduling module has a null pointer dereference vulnerabili ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e5678963918633955cfa07db3dd2d17379735ea1

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e5678963918633955cfa07db3dd2d17379735ea1
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220614/82d55a2d/attachment-0001.htm>
