[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri Jun 17 21:25:39 BST 2022 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
3a443cca by Salvatore Bonaccorso at 2022-06-17T22:25:13+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -49,11 +49,11 @@ CVE-2022-2115
 CVE-2022-2114
 	RESERVED
 CVE-2022-2113 (Cross-site Scripting (XSS) - Stored in GitHub repository inventree/inv ...)
-	TODO: check
+	NOT-FOR-US: inventree
 CVE-2022-2112 (Improper Neutralization of Formula Elements in a CSV File in GitHub re ...)
-	TODO: check
+	NOT-FOR-US: inventree
 CVE-2022-2111 (Unrestricted Upload of File with Dangerous Type in GitHub repository i ...)
-	TODO: check
+	NOT-FOR-US: inventree
 CVE-2022-2110
 	RESERVED
 CVE-2022-2109
@@ -179,11 +179,11 @@ CVE-2022-2099
 CVE-2022-2098 (Weak Password Requirements in GitHub repository kromitgmbh/titra prior ...)
 	TODO: check
 CVE-2020-36549 (A vulnerability classified as critical was found in GE Voluson S8. Aff ...)
-	TODO: check
+	NOT-FOR-US: GE Healthcare
 CVE-2020-36548 (A vulnerability classified as problematic has been found in GE Voluson ...)
-	TODO: check
+	NOT-FOR-US: GE Healthcare
 CVE-2020-36547 (A vulnerability was found in GE Voluson S8. It has been rated as criti ...)
-	TODO: check
+	NOT-FOR-US: GE Healthcare
 CVE-2022-33868
 	RESERVED
 CVE-2022-33867
@@ -3370,11 +3370,11 @@ CVE-2022-32446
 CVE-2022-32445
 	RESERVED
 CVE-2022-32444 (An issue was discovered in u5cms verion 8.3.5 There is a URL redirecti ...)
-	TODO: check
+	NOT-FOR-US: u5cms
 CVE-2022-32443
 	RESERVED
 CVE-2022-32442 (u5cms version 8.3.5 is vulnerable to Cross Site Scripting (XSS). When  ...)
-	TODO: check
+	NOT-FOR-US: u5cms
 CVE-2022-32441
 	RESERVED
 CVE-2022-32440
@@ -5070,7 +5070,7 @@ CVE-2022-31786
 CVE-2022-31785
 	RESERVED
 CVE-2022-31784 (A vulnerability in the management interface of MiVoice Business throug ...)
-	TODO: check
+	NOT-FOR-US: Mitel
 CVE-2022-31783 (Liblouis 3.21.0 has an out-of-bounds write in compileRule in compileTr ...)
 	- liblouis 3.22.0-1 (bug #1011984)
 	[bullseye] - liblouis <no-dsa> (Minor issue)
@@ -6382,11 +6382,11 @@ CVE-2022-31359
 CVE-2022-31358
 	RESERVED
 CVE-2022-31357 (Online Ordering System v2.3.2 was discovered to contain a SQL injectio ...)
-	TODO: check
+	NOT-FOR-US: Online Ordering System
 CVE-2022-31356 (Online Ordering System v2.3.2 was discovered to contain a SQL injectio ...)
-	TODO: check
+	NOT-FOR-US: Online Ordering System
 CVE-2022-31355 (Online Ordering System v2.3.2 was discovered to contain a SQL injectio ...)
-	TODO: check
+	NOT-FOR-US: Online Ordering System
 CVE-2022-31354 (Online Car Wash Booking System v1.0 is vulnerable to SQL Injection via ...)
 	NOT-FOR-US: Online Car Wash Booking System
 CVE-2022-31353 (Online Car Wash Booking System v1.0 is vulnerable to SQL Injection via ...)
@@ -6504,7 +6504,7 @@ CVE-2022-31298 (A cross-site scripting vulnerability in the ads comment section
 CVE-2022-31297
 	RESERVED
 CVE-2022-31296 (Online Discussion Forum Site 1 was discovered to contain a blind SQL i ...)
-	TODO: check
+	NOT-FOR-US: Online Discussion Forum Site
 CVE-2022-31295 (An issue in the delete_post() function of Online Discussion Forum Site ...)
 	NOT-FOR-US: Online Discussion Forum Site
 CVE-2022-31294 (An issue in the save_users() function of Online Discussion Forum Site  ...)
@@ -6765,13 +6765,13 @@ CVE-2022-31221
 CVE-2022-31220
 	RESERVED
 CVE-2022-31219 (Vulnerabilities in the Drive Composer allow a low privileged attacker  ...)
-	TODO: check
+	NOT-FOR-US: Drive Composer
 CVE-2022-31218 (Vulnerabilities in the Drive Composer allow a low privileged attacker  ...)
-	TODO: check
+	NOT-FOR-US: Drive Composer
 CVE-2022-31217 (Vulnerabilities in the Drive Composer allow a low privileged attacker  ...)
-	TODO: check
+	NOT-FOR-US: Drive Composer
 CVE-2022-31216 (Vulnerabilities in the Drive Composer allow a low privileged attacker  ...)
-	TODO: check
+	NOT-FOR-US: Drive Composer
 CVE-2022-1801
 	RESERVED
 CVE-2022-1800 (The Export any WordPress data to XML/CSV WordPress plugin before 1.3.5 ...)
@@ -9052,7 +9052,7 @@ CVE-2022-30424
 CVE-2022-30423 (Merchandise Online Store v1.0 by oretnom23 has an arbitrary code execu ...)
 	NOT-FOR-US: Merchandise Online Store
 CVE-2022-30422 (Proietti Tech srl Planet Time Enterprise 4.2.0.1,4.2.0.0,4.1.0.0,4.0.0 ...)
-	TODO: check
+	NOT-FOR-US: Proietti Tech srl Planet Time Enterprise
 CVE-2022-30421
 	RESERVED
 CVE-2022-30420
@@ -210038,21 +210038,21 @@ CVE-2019-12360 (A stack-based buffer over-read exists in FoFiTrueType::dumpStrin
 	NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=85243
 	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1136620
 CVE-2019-12359 (An issue was discovered in zzcms 2019. There is a SQL injection Vulner ...)
-	TODO: check
+	NOT-FOR-US: zzcms
 CVE-2019-12358 (An issue was discovered in zzcms 2019. There is a SQL injection Vulner ...)
-	TODO: check
+	NOT-FOR-US: zzcms
 CVE-2019-12357 (An issue was discovered in zzcms 2019. There is a SQL injection Vulner ...)
-	TODO: check
+	NOT-FOR-US: zzcms
 CVE-2019-12356 (An issue was discovered in zzcms 2019. There is a SQL injection Vulner ...)
-	TODO: check
+	NOT-FOR-US: zzcms
 CVE-2019-12355 (An issue was discovered in zzcms 2019. There is a SQL injection Vulner ...)
-	TODO: check
+	NOT-FOR-US: zzcms
 CVE-2019-12354 (An issue was discovered in zzcms 2019. There is a SQL injection Vulner ...)
-	TODO: check
+	NOT-FOR-US: zzcms
 CVE-2019-12353 (An issue was discovered in zzcms 2019. There is a SQL injection Vulner ...)
-	TODO: check
+	NOT-FOR-US: zzcms
 CVE-2019-12352 (An issue was discovered in zzcms 2019. There is a SQL injection Vulner ...)
-	TODO: check
+	NOT-FOR-US: zzcms
 CVE-2019-12351 (An issue was discovered in zzcms 2019. SQL Injection exists in dl/dl_p ...)
 	NOT-FOR-US: zzcms
 CVE-2019-12350 (An issue was discovered in zzcms 2019. SQL Injection exists in dl/dl_d ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3a443cca94bba1b45d878655847afab39e1c8f0a

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3a443cca94bba1b45d878655847afab39e1c8f0a
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220617/335c534d/attachment.htm>

More information about the debian-security-tracker-commits mailing list