[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Sat Jun 25 10:09:21 BST 2022 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
ca72d927 by Salvatore Bonaccorso at 2022-06-25T11:08:58+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -3251,9 +3251,9 @@ CVE-2022-33124 (aiohttp v3.8.1 was discovered to contain an invalid IPv6 URL whi
 CVE-2022-33123
 	RESERVED
 CVE-2022-33122 (A stored cross-site scripting (XSS) vulnerability in eyoucms v1.5.6 al ...)
-	TODO: check
+	NOT-FOR-US: EyouCMS
 CVE-2022-33121 (A Cross-Site Request Forgery (CSRF) in MiniCMS v1.11 allows attackers  ...)
-	TODO: check
+	NOT-FOR-US: MiniCMS
 CVE-2022-33120
 	RESERVED
 CVE-2022-33119 (NUUO Network Video Recorder NVRsolo v03.06.02 was discovered to contai ...)
@@ -3499,21 +3499,21 @@ CVE-2022-33006
 CVE-2022-33005
 	RESERVED
 CVE-2022-33004 (The Beginner package in PyPI v0.0.2 to v0.0.4 was discovered to contai ...)
-	TODO: check
+	NOT-FOR-US: Beginner package in PyPI
 CVE-2022-33003 (The watools package in PyPI v0.0.1 to v0.0.8 was discovered to contain ...)
-	TODO: check
+	NOT-FOR-US: watools package in PyPI
 CVE-2022-33002 (The KGExplore package in PyPI v0.1.1 to v0.1.2 was discovered to conta ...)
-	TODO: check
+	NOT-FOR-US: KGExplore package in PyPI
 CVE-2022-33001 (The AAmiles package in PyPI v0.1.0 was discovered to contain a code ex ...)
-	TODO: check
+	NOT-FOR-US: AAmiles package in PyPI
 CVE-2022-33000 (The ML-Scanner package in PyPI v0.1.0 to v0.1.5 was discovered to cont ...)
-	TODO: check
+	NOT-FOR-US: ML-Scanner package in PyPI
 CVE-2022-32999 (The cloudlabeling package in PyPI v0.0.1 was discovered to contain a c ...)
-	TODO: check
+	NOT-FOR-US: cloudlabeling package in PyPI
 CVE-2022-32998 (The cryptoasset-data-downloader package in PyPI v1.0.0 to v1.0.1 was d ...)
-	TODO: check
+	NOT-FOR-US: cryptoasset-data-downloader package in PyPI
 CVE-2022-32997 (The RootInteractive package in PyPI v0.0.5 to v0.0.19b0 was discovered ...)
-	TODO: check
+	NOT-FOR-US: RootInteractive package in PyPI
 CVE-2022-32996 (The django-navbar-client package of v0.9.50 to v1.0.1 was discovered t ...)
 	TODO: check
 CVE-2022-32995
@@ -5642,7 +5642,7 @@ CVE-2022-1967
 CVE-2022-1966
 	REJECTED
 CVE-2022-1965 (Multiple products of CODESYS implement a improper error handling. A lo ...)
-	TODO: check
+	NOT-FOR-US: CODESYS
 CVE-2022-1964
 	RESERVED
 CVE-2022-32202 (In libjpeg 1.63, there is a NULL pointer dereference in LineBuffer::Fe ...)
@@ -5780,21 +5780,21 @@ CVE-2022-32145 (A vulnerability has been identified in Teamcenter Active Workspa
 CVE-2022-32144
 	RESERVED
 CVE-2022-32143 (In multiple CODESYS products, file download and upload function allows ...)
-	TODO: check
+	NOT-FOR-US: CODESYS
 CVE-2022-32142 (Multiple CODESYS Products are prone to a out-of bounds read or write a ...)
-	TODO: check
+	NOT-FOR-US: CODESYS
 CVE-2022-32141 (Multiple CODESYS Products are prone to a buffer over read. A low privi ...)
-	TODO: check
+	NOT-FOR-US: CODESYS
 CVE-2022-32140 (Multiple CODESYS products are affected to a buffer overflow.A low priv ...)
-	TODO: check
+	NOT-FOR-US: CODESYS
 CVE-2022-32139 (In multiple CODESYS products, a low privileged remote attacker may cra ...)
-	TODO: check
+	NOT-FOR-US: CODESYS
 CVE-2022-32138 (In multiple CODESYS products, a remote attacker may craft a request wh ...)
-	TODO: check
+	NOT-FOR-US: CODESYS
 CVE-2022-32137 (In multiple CODESYS products, a low privileged remote attacker may cra ...)
-	TODO: check
+	NOT-FOR-US: CODESYS
 CVE-2022-32136 (In multiple CODESYS products, a low privileged remote attacker may cra ...)
-	TODO: check
+	NOT-FOR-US: CODESYS
 CVE-2022-30997
 	RESERVED
 CVE-2022-29519
@@ -6501,15 +6501,15 @@ CVE-2022-31808
 CVE-2022-31807
 	RESERVED
 CVE-2022-31806 (In CODESYS V2 PLCWinNT and Runtime Toolkit 32 in versions prior to V2. ...)
-	TODO: check
+	NOT-FOR-US: CODESYS
 CVE-2022-31805 (In the CODESYS Development System multiple components in multiple vers ...)
-	TODO: check
+	NOT-FOR-US: CODESYS
 CVE-2022-31804 (The CODESYS Gateway Server V2 does not verifiy that the size of a requ ...)
-	TODO: check
+	NOT-FOR-US: CODESYS
 CVE-2022-31803 (In CODESYS Gateway Server V2 an insufficient check for the activity of ...)
-	TODO: check
+	NOT-FOR-US: CODESYS
 CVE-2022-31802 (In CODESYS Gateway Server V2 for versions prior to V2.3.9.38 only a pa ...)
-	TODO: check
+	NOT-FOR-US: CODESYS
 CVE-2022-31801 (An unauthenticated, remote attacker could upload malicious logic to th ...)
 	NOT-FOR-US: ProConOS/ProConOS eCLR SDK and MULTIPROG Engineering tool
 CVE-2022-31800 (An unauthenticated, remote attacker could upload malicious logic to de ...)
@@ -7944,9 +7944,9 @@ CVE-2022-31364
 CVE-2022-31363
 	RESERVED
 CVE-2022-31362 (** UNSUPPORTED WHEN ASSIGNED ** Docebo Community Edition v4.0.5 and be ...)
-	TODO: check
+	NOT-FOR-US: Docebo
 CVE-2022-31361 (** UNSUPPORTED WHEN ASSIGNED ** Docebo Community Edition v4.0.5 and be ...)
-	TODO: check
+	NOT-FOR-US: Docebo
 CVE-2022-31360
 	RESERVED
 CVE-2022-31359
@@ -9393,7 +9393,7 @@ CVE-2022-30887 (Pharmacy Management System v1.0 was discovered to contain a remo
 CVE-2022-30886 (School Dormitory Management System v1.0 was discovered to contain a SQ ...)
 	NOT-FOR-US: School Dormitory Management System
 CVE-2022-30885 (** Reserved ** The pyesasky for python, as distributed on PyPI, includ ...)
-	TODO: check
+	NOT-FOR-US: pyesasky
 CVE-2022-30884
 	RESERVED
 CVE-2022-30883
@@ -11529,13 +11529,13 @@ CVE-2022-30122 [Denial of Service Vulnerability in Rack Multipart Parsing]
 CVE-2022-30121
 	RESERVED
 CVE-2022-30120 (XSS in /dashboard/blocks/stacks/view_details/ - old browsers only. Whe ...)
-	TODO: check
+	NOT-FOR-US: Concrete CMS
 CVE-2022-30119 (XSS in /dashboard/reports/logs/view - old browsers only. When using In ...)
-	TODO: check
+	NOT-FOR-US: Concrete CMS
 CVE-2022-30118 (Title for CVE: XSS in /dashboard/system/express/entities/forms/save_co ...)
-	TODO: check
+	NOT-FOR-US: Concrete CMS
 CVE-2022-30117 (Concrete 8.5.7 and below as well as Concrete 9.0 through 9.0.2 allow t ...)
-	TODO: check
+	NOT-FOR-US: Concrete CMS
 CVE-2022-30116
 	RESERVED
 CVE-2022-30115 (Using its HSTS support, curl can be instructed to use HTTPS directly i ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ca72d927653ee30c337d13d1403db78ef6a22a94

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ca72d927653ee30c337d13d1403db78ef6a22a94
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220625/98af0546/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list