[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Jun 28 21:28:55 BST 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
599f6864 by Salvatore Bonaccorso at 2022-06-28T22:28:31+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -4295,15 +4295,15 @@ CVE-2022-33011
CVE-2022-33010
RESERVED
CVE-2022-33009 (A stored cross-site scripting (XSS) vulnerability in LightCMS v1.3.11 ...)
- TODO: check
+ NOT-FOR-US: LightCMS
CVE-2022-33008
RESERVED
CVE-2022-33007 (TRENDnet Wi-Fi routers TEW751DR v1.03 and TEW-752DRU v1.03 were discov ...)
- TODO: check
+ NOT-FOR-US: TRENDnet Wi-Fi routers
CVE-2022-33006
RESERVED
CVE-2022-33005 (A cross-site scripting (XSS) vulnerability in the System Settings/IOT ...)
- TODO: check
+ NOT-FOR-US: Delta Electronics
CVE-2022-33004 (The Beginner package in PyPI v0.0.2 to v0.0.4 was discovered to contai ...)
NOT-FOR-US: Beginner package in PyPI
CVE-2022-33003 (The watools package in PyPI v0.0.1 to v0.0.8 was discovered to contain ...)
@@ -4323,9 +4323,9 @@ CVE-2022-32997 (The RootInteractive package in PyPI v0.0.5 to v0.0.19b0 was disc
CVE-2022-32996 (The django-navbar-client package of v0.9.50 to v1.0.1 was discovered t ...)
NOT-FOR-US: django-navbar-client
CVE-2022-32995 (Halo CMS v1.5.3 was discovered to contain a Server-Side Request Forger ...)
- TODO: check
+ NOT-FOR-US: Halo CMS
CVE-2022-32994 (Halo CMS v1.5.3 was discovered to contain an arbitrary file upload vul ...)
- TODO: check
+ NOT-FOR-US: Halo CMS
CVE-2022-32993
RESERVED
CVE-2022-32992 (Online Tours And Travels Management System v1.0 was discovered to cont ...)
@@ -6743,7 +6743,7 @@ CVE-2022-32094
CVE-2022-32093
RESERVED
CVE-2022-32092 (D-Link DIR-645 v1.03 was discovered to contain a command injection vul ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2022-32091
RESERVED
CVE-2022-32090
@@ -9421,7 +9421,7 @@ CVE-2022-31103 (lettersanitizer is a DOM-based HTML email sanitizer for in-brows
CVE-2022-31102
RESERVED
CVE-2022-31101 (prestashop/blockwishlist is a prestashop extension which adds a block ...)
- TODO: check
+ NOT-FOR-US: prestashop extension
CVE-2022-31100 (rulex is a new, portable, regular expression language. When parsing un ...)
TODO: check
CVE-2022-31099 (rulex is a new, portable, regular expression language. When parsing un ...)
@@ -9431,7 +9431,7 @@ CVE-2022-31098 (Weave GitOps is a simple open source developer platform for peop
CVE-2022-31097
RESERVED
CVE-2022-31096 (Discourse is an open source discussion platform. Under certain conditi ...)
- TODO: check
+ NOT-FOR-US: Discourse
CVE-2022-31095 (discourse-chat is a chat plugin for the Discourse application. Version ...)
NOT-FOR-US: discourse-chat
CVE-2022-31094 (ScratchTools is a web extension designed to make interacting with the ...)
@@ -9439,7 +9439,7 @@ CVE-2022-31094 (ScratchTools is a web extension designed to make interacting wit
CVE-2022-31093 (NextAuth.js is a complete open source authentication solution for Next ...)
TODO: check
CVE-2022-31092 (Pimcore is an Open Source Data & Experience Management Platform. P ...)
- TODO: check
+ NOT-FOR-US: Pimcore
CVE-2022-31091 (Guzzle, an extensible PHP HTTP client. `Authorization` and `Cookie` he ...)
TODO: check
CVE-2022-31090 (Guzzle, an extensible PHP HTTP client. `Authorization` headers on requ ...)
@@ -9494,9 +9494,9 @@ CVE-2022-31067
CVE-2022-31066 (EdgeX Foundry is an open source project for building a common open fra ...)
NOT-FOR-US: EdgeX Foundry
CVE-2022-31065 (BigBlueButton is an open source web conferencing system. In affected v ...)
- TODO: check
+ NOT-FOR-US: BigBlueButton
CVE-2022-31064 (BigBlueButton is an open source web conferencing system. Users in meet ...)
- TODO: check
+ NOT-FOR-US: BigBlueButton
CVE-2022-31063
RESERVED
CVE-2022-31062 (### Impact A plugin public script can be used to read content of syste ...)
@@ -9510,7 +9510,7 @@ CVE-2022-31059 (Discourse Calendar is a calendar plugin for Discourse, an open-s
CVE-2022-31058
RESERVED
CVE-2022-31057 (Shopware is an open source e-commerce software made in Germany. Versio ...)
- TODO: check
+ NOT-FOR-US: Shopware
CVE-2022-31056 (GLPI is a Free Asset and IT Management Software package, Data center m ...)
TODO: check
CVE-2022-31055 (kCTF is a Kubernetes-based infrastructure for capture the flag (CTF) c ...)
@@ -9552,7 +9552,7 @@ CVE-2022-31041 (Open Forms is an application for creating and publishing smart f
CVE-2022-31040 (Open Forms is an application for creating and publishing smart forms. ...)
NOT-FOR-US: Open Forms
CVE-2022-31039 (Greenlight is a simple front-end interface for your BigBlueButton serv ...)
- TODO: check
+ NOT-FOR-US: Greenlight (front-end interface for your BigBlueButton)
CVE-2022-31038 (Gogs is an open source self-hosted Git service. In versions of gogs pr ...)
NOT-FOR-US: Go Git Service
CVE-2022-31037
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/599f6864741ff0474a83c0650c858a5811868f0e
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/599f6864741ff0474a83c0650c858a5811868f0e
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220628/f1113c82/attachment.htm>
More information about the debian-security-tracker-commits
mailing list