[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Mar 1 08:27:43 GMT 2022 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
76c0d430 by Salvatore Bonaccorso at 2022-03-01T09:15:37+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -341,15 +341,15 @@ CVE-2022-26161
 CVE-2022-26160
 	RESERVED
 CVE-2022-26159 (The auto-completion plugin in Ametys CMS before 4.5.0 allows a remote  ...)
-	TODO: check
+	NOT-FOR-US: Ametys CMS
 CVE-2022-26158 (An issue was discovered in the web application in Cherwell Service Man ...)
-	TODO: check
+	NOT-FOR-US: Cherwell Service Management (CSM)
 CVE-2022-26157 (An issue was discovered in the web application in Cherwell Service Man ...)
-	TODO: check
+	NOT-FOR-US: Cherwell Service Management (CSM)
 CVE-2022-26156 (An issue was discovered in the web application in Cherwell Service Man ...)
-	TODO: check
+	NOT-FOR-US: Cherwell Service Management (CSM)
 CVE-2022-26155 (An issue was discovered in the web application in Cherwell Service Man ...)
-	TODO: check
+	NOT-FOR-US: Cherwell Service Management (CSM)
 CVE-2022-26154
 	RESERVED
 CVE-2022-26153
@@ -441,7 +441,7 @@ CVE-2022-0774
 CVE-2022-0773
 	RESERVED
 CVE-2022-0772 (Cross-site Scripting (XSS) - Stored in GitHub repository librenms/libr ...)
-	TODO: check
+	NOT-FOR-US: LibreNMS
 CVE-2022-0771
 	RESERVED
 CVE-2022-0770
@@ -1590,7 +1590,7 @@ CVE-2022-25643 (seatd-launch in seatd 0.6.x before 0.6.4 allows removing files w
 	- seatd 0.6.4-1 (bug #1006308)
 	NOTE: https://lists.sr.ht/~kennylevinsen/seatd-announce/%3CETEO7R.QG8B1KGD531R1%40kl.wtf%3E
 CVE-2022-25642 (Obyte (formerly Byteball) Wallet before 3.4.1 allows XSS. A crafted ch ...)
-	TODO: check
+	NOT-FOR-US: Obyte (formerly Byteball) Wallet
 CVE-2022-25641
 	RESERVED
 CVE-2022-25640 (In wolfSSL before 5.2.0, a TLS 1.3 server cannot properly enforce a re ...)
@@ -2120,19 +2120,19 @@ CVE-2022-25415
 CVE-2022-25414 (Tenda AC9 V15.03.2.21_cn was discovered to contain a stack overflow vi ...)
 	NOT-FOR-US: Tenda
 CVE-2022-25413 (Maxsite CMS v108 was discovered to contain a stored cross-site scripti ...)
-	TODO: check
+	NOT-FOR-US: Maxsite CMS
 CVE-2022-25412 (Maxsite CMS v180 was discovered to contain multiple arbitrary file del ...)
-	TODO: check
+	NOT-FOR-US: Maxsite CMS
 CVE-2022-25411 (A Remote Code Execution (RCE) vulnerability at /admin/options in Maxsi ...)
-	TODO: check
+	NOT-FOR-US: Maxsite CMS
 CVE-2022-25410 (Maxsite CMS v180 was discovered to contain a stored cross-site scripti ...)
-	TODO: check
+	NOT-FOR-US: Maxsite CMS
 CVE-2022-25409 (Hospital Management System v1.0 was discovered to contain a stored cro ...)
-	TODO: check
+	NOT-FOR-US: Hospital Management System
 CVE-2022-25408 (Hospital Management System v1.0 was discovered to contain a stored cro ...)
-	TODO: check
+	NOT-FOR-US: Hospital Management System
 CVE-2022-25407 (Hospital Management System v1.0 was discovered to contain a stored cro ...)
-	TODO: check
+	NOT-FOR-US: Hospital Management System
 CVE-2022-25406 (Tongda2000 v11.10 was discovered to contain a SQL injection vulnerabil ...)
 	NOT-FOR-US: Tongda2000
 CVE-2022-25405 (Tongda2000 v11.10 was discovered to contain a SQL injection vulnerabil ...)
@@ -2268,7 +2268,7 @@ CVE-2021-46700 (In libsixel 1.8.6, sixel_encoder_output_without_macro (called fr
 	[buster] - libsixel <no-dsa> (Minor issue)
 	NOTE: https://github.com/saitoha/libsixel/issues/158
 CVE-2021-4222 (The WP-Paginate WordPress plugin before 2.1.4 does not sanitise and es ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-25367
 	RESERVED
 CVE-2022-25366 (Cryptomator through 1.6.5 allows DYLIB injection because, although it  ...)
@@ -3292,9 +3292,9 @@ CVE-2022-25031
 CVE-2022-25030
 	RESERVED
 CVE-2022-25029 (Home Owners Collection Management System v1.0 was discovered to contai ...)
-	TODO: check
+	NOT-FOR-US: Home Owners Collection Management System
 CVE-2022-25028 (Home Owners Collection Management System v1.0 was discovered to contai ...)
-	TODO: check
+	NOT-FOR-US: Home Owners Collection Management System
 CVE-2022-25027
 	RESERVED
 CVE-2022-25026
@@ -4500,9 +4500,9 @@ CVE-2022-24574
 CVE-2022-24573
 	RESERVED
 CVE-2022-24572 (Car Driving School Management System v1.0 is affected by Cross Site Sc ...)
-	TODO: check
+	NOT-FOR-US: Car Driving School Management System
 CVE-2022-24571 (Car Driving School Management System v1.0 is affected by SQL injection ...)
-	TODO: check
+	NOT-FOR-US: Car Driving School Management System
 CVE-2022-24570
 	RESERVED
 CVE-2022-24569
@@ -4753,7 +4753,7 @@ CVE-2022-24448 (An issue was discovered in fs/nfs/dir.c in the Linux kernel befo
 CVE-2022-24447
 	RESERVED
 CVE-2022-24446 (An issue was discovered in Zoho ManageEngine Key Manager Plus 6.1.6. A ...)
-	TODO: check
+	NOT-FOR-US: Zoho ManageEngine
 CVE-2022-24445
 	REJECTED
 CVE-2022-24444



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/76c0d4305c91ae2e4456ca79f4e2b6c4600958ba

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/76c0d4305c91ae2e4456ca79f4e2b6c4600958ba
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220301/7cc5de84/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list