[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Jun 21 21:28:27 BST 2022 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
103bde87 by Salvatore Bonaccorso at 2022-06-21T22:28:01+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -382,7 +382,7 @@ CVE-2022-34010
 CVE-2022-34009
 	RESERVED
 CVE-2022-34008 (Comodo Antivirus 12.2.2.8012 has a quarantine flaw that allows privile ...)
-	TODO: check
+	NOT-FOR-US: Comodo Antivirus
 CVE-2022-34007
 	RESERVED
 CVE-2022-34006 (An issue was discovered in TitanFTP (aka Titan FTP) NextGen before 1.2 ...)
@@ -411,7 +411,7 @@ CVE-2022-33997
 CVE-2022-33996
 	RESERVED
 CVE-2022-33995 (A path traversal issue in entry attachments in Devolutions Remote Desk ...)
-	TODO: check
+	NOT-FOR-US: Devolutions
 CVE-2022-33994
 	RESERVED
 CVE-2017-20091
@@ -554,7 +554,7 @@ CVE-2017-20067 (A vulnerability was found in Hindu Matrimonial Script. It has be
 CVE-2017-20066 (A vulnerability has been found in Adminer Login 1.4.4 and classified a ...)
 	TODO: check
 CVE-2017-20065 (A vulnerability was found in Supsystic Popup Plugin 1.7.6 and classifi ...)
-	TODO: check
+	NOT-FOR-US: Supsystic Popup Plugin
 CVE-2017-20064 (A vulnerability was found in Elefant CMS 1.3.12-RC. It has been declar ...)
 	NOT-FOR-US: Elefant CMS
 CVE-2017-20063 (A vulnerability was found in Elefant CMS 1.3.12-RC. It has been classi ...)
@@ -2427,7 +2427,7 @@ CVE-2022-33147
 CVE-2022-33140 (The optional ShellUserGroupProvider in Apache NiFi 1.10.0 to 1.16.2 an ...)
 	NOT-FOR-US: Apache NiFi
 CVE-2022-33139 (A vulnerability has been identified in SIMATIC WinCC OA V3.16 (All ver ...)
-	TODO: check
+	NOT-FOR-US: Siemens
 CVE-2022-33138
 	RESERVED
 CVE-2022-33137
@@ -2467,7 +2467,7 @@ CVE-2022-33121
 CVE-2022-33120
 	RESERVED
 CVE-2022-33119 (NUUO Network Video Recorder NVRsolo v03.06.02 was discovered to contai ...)
-	TODO: check
+	NOT-FOR-US: NUUO Network Video Recorder NVRsolo
 CVE-2022-33118
 	RESERVED
 CVE-2022-33117
@@ -2593,9 +2593,9 @@ CVE-2022-33058
 CVE-2022-33057
 	RESERVED
 CVE-2022-33056 (Online Railway Reservation System v1.0 was discovered to contain a SQL ...)
-	TODO: check
+	NOT-FOR-US: Online Railway Reservation System
 CVE-2022-33055 (Online Railway Reservation System v1.0 was discovered to contain a SQL ...)
-	TODO: check
+	NOT-FOR-US: Online Railway Reservation System
 CVE-2022-33054
 	RESERVED
 CVE-2022-33053
@@ -2607,9 +2607,9 @@ CVE-2022-33051
 CVE-2022-33050
 	RESERVED
 CVE-2022-33049 (Online Railway Reservation System v1.0 was discovered to contain a SQL ...)
-	TODO: check
+	NOT-FOR-US: Online Railway Reservation System
 CVE-2022-33048 (Online Railway Reservation System v1.0 was discovered to contain a SQL ...)
-	TODO: check
+	NOT-FOR-US: Online Railway Reservation System
 CVE-2022-33047
 	RESERVED
 CVE-2022-33046
@@ -4181,7 +4181,7 @@ CVE-2022-32416
 CVE-2022-32415
 	RESERVED
 CVE-2022-32414 (Nginx NJS v0.7.2 was discovered to contain a segmentation violation in ...)
-	TODO: check
+	NOT-FOR-US: njs
 CVE-2022-32413
 	RESERVED
 CVE-2022-32412
@@ -5695,9 +5695,9 @@ CVE-2022-31803
 CVE-2022-31802
 	RESERVED
 CVE-2022-31801 (An unauthenticated, remote attacker could upload malicious logic to th ...)
-	TODO: check
+	NOT-FOR-US: ProConOS/ProConOS eCLR SDK and MULTIPROG Engineering tool
 CVE-2022-31800 (An unauthenticated, remote attacker could upload malicious logic to de ...)
-	TODO: check
+	NOT-FOR-US: ProConOS/ProConOS eCLR SDK and MULTIPROG Engineering tool
 CVE-2022-1945 (The Coming Soon & Maintenance Mode by Colorlib WordPress plugin be ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-1944 (When the feature is configured, improper authorization in the Interact ...)
@@ -5820,7 +5820,7 @@ CVE-2022-31788 (IdeaLMS 2022 allows SQL injection via the IdeaLMS/ChatRoom/Class
 CVE-2022-31787
 	RESERVED
 CVE-2022-31786 (IdeaLMS 2022 allows reflected Cross Site Scripting (XSS) via the IdeaL ...)
-	TODO: check
+	NOT-FOR-US: IdeaLMS
 CVE-2022-31785
 	RESERVED
 CVE-2022-31784 (A vulnerability in the management interface of MiVoice Business throug ...)
@@ -6900,7 +6900,7 @@ CVE-2022-31480 (An unauthenticated attacker could arbitrarily upload firmware fi
 CVE-2022-31479 (An unauthenticated attacker can update the hostname with a specially c ...)
 	NOT-FOR-US: HID Mercury Intelligent Controllers
 CVE-2022-31478 (The UserTakeOver plugin before 4.0.1 for ILIAS allows an attacker to l ...)
-	TODO: check
+	NOT-FOR-US: UserTakeOver plugin for ILIAS
 CVE-2022-1841
 	RESERVED
 CVE-2022-1840 (A vulnerability, which was classified as problematic, has been found i ...)
@@ -7104,9 +7104,9 @@ CVE-2022-31376
 CVE-2022-31375
 	RESERVED
 CVE-2022-31374 (An arbitrary file upload vulnerability /images/background/1.php in of  ...)
-	TODO: check
+	NOT-FOR-US: SolarView Compact
 CVE-2022-31373 (SolarView Compact v6.0 was discovered to contain a cross-site scriptin ...)
-	TODO: check
+	NOT-FOR-US: SolarView Compact
 CVE-2022-31372 (Wiris Mathtype v7.28.0 was discovered to contain a path traversal vuln ...)
 	NOT-FOR-US: Wiris Mathtype
 CVE-2022-31371
@@ -7238,17 +7238,17 @@ CVE-2022-31309 (A vulnerability in live_check.shtml of WAVLINK AERIAL X 1200M M7
 CVE-2022-31308 (A vulnerability in live_mfg.shtml of WAVLINK AERIAL X 1200M M79X3.V503 ...)
 	NOT-FOR-US: WAVLINK
 CVE-2022-31307 (Nginx NJS v0.7.2 was discovered to contain a segmentation violation in ...)
-	TODO: check
+	NOT-FOR-US: njs
 CVE-2022-31306 (Nginx NJS v0.7.2 was discovered to contain a segmentation violation in ...)
-	TODO: check
+	NOT-FOR-US: njs
 CVE-2022-31305
 	RESERVED
 CVE-2022-31304
 	RESERVED
 CVE-2022-31303 (maccms10 was discovered to contain a stored cross-site scripting (XSS) ...)
-	TODO: check
+	NOT-FOR-US: maccms10
 CVE-2022-31302 (maccms8 was discovered to contain a stored cross-site scripting (XSS)  ...)
-	TODO: check
+	NOT-FOR-US: maccms8
 CVE-2022-31301 (Haraj v3.7 was discovered to contain a stored cross-site scripting (XS ...)
 	NOT-FOR-US: Haraj
 CVE-2022-31300 (A cross-site scripting vulnerability in the DM Section component of Ha ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/103bde874e81169142538893f7181cd89e9eb42f

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/103bde874e81169142538893f7181cd89e9eb42f
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220621/91a222f5/attachment.htm>

More information about the debian-security-tracker-commits mailing list