[Git][security-tracker-team/security-tracker][master] Process NFUs

Mon Mar 21 21:27:25 GMT 2022


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
301606a0 by Salvatore Bonaccorso at 2022-03-21T22:27:01+01:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -5039,7 +5039,7 @@ CVE-2022-25572
 CVE-2022-25571
 	RESERVED
 CVE-2022-25570 (In Click Studios (SA) Pty Ltd Passwordstate 9435, users with access to ...)
-	TODO: check
+	NOT-FOR-US: Passwordstate
 CVE-2022-25569
 	RESERVED
 CVE-2022-25568
@@ -5181,7 +5181,7 @@ CVE-2022-25507 (FreeTAKServer-UI v1.9.8 was discovered to contain a stored cross
 CVE-2022-25506 (FreeTAKServer-UI v1.9.8 was discovered to contain a SQL injection vuln ...)
 	NOT-FOR-US: FreeTAKServer
 CVE-2022-25505 (Taocms v3.0.2 was discovered to contain a SQL injection vulnerability  ...)
-	TODO: check
+	NOT-FOR-US: Taocms
 CVE-2022-25504
 	RESERVED
 CVE-2022-25503
@@ -5229,7 +5229,7 @@ CVE-2022-25483
 CVE-2022-25482
 	RESERVED
 CVE-2022-25481 (ThinkPHP Framework v5.0.24 was discovered to be configured without the ...)
-	TODO: check
+	NOT-FOR-US: ThinkPHP Framework
 CVE-2022-25480
 	RESERVED
 CVE-2022-25479
@@ -5267,7 +5267,7 @@ CVE-2022-25464 (A stored cross-site scripting (XSS) vulnerability in the compone
 CVE-2022-25463
 	RESERVED
 CVE-2022-25462 (Yafu v2.0 contains a segmentation fault via the component /factor/avx- ...)
-	TODO: check
+	NOT-FOR-US: Yafu
 CVE-2022-25461 (Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflo ...)
 	NOT-FOR-US: Tenda
 CVE-2022-25460 (Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflo ...)
@@ -7696,7 +7696,7 @@ CVE-2022-24658
 CVE-2022-24657
 	RESERVED
 CVE-2022-24656 (HexoEditor 1.1.8 is affected by Cross Site Scripting (XSS). By putting ...)
-	TODO: check
+	NOT-FOR-US: HexoEditor
 CVE-2022-24655 (A stack overflow vulnerability exists in the upnpd service in Netgear  ...)
 	NOT-FOR-US: Netgear
 CVE-2022-24654
@@ -8207,9 +8207,9 @@ CVE-2022-22147
 CVE-2022-21130
 	RESERVED
 CVE-2022-0515 (Cross-Site Request Forgery (CSRF) in GitHub repository crater-invoice/ ...)
-	TODO: check
+	NOT-FOR-US: Crater
 CVE-2022-0514 (Business Logic Errors in GitHub repository crater-invoice/crater prior ...)
-	TODO: check
+	NOT-FOR-US: Crater
 CVE-2022-0513 (The WP Statistics WordPress plugin is vulnerable to SQL Injection due  ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-0512 (Authorization Bypass Through User-Controlled Key in NPM url-parse prio ...)
@@ -9008,11 +9008,11 @@ CVE-2022-24239
 CVE-2022-24238
 	RESERVED
 CVE-2022-24237 (The snaptPowered2 component of Snapt Aria v12.8 was discovered to cont ...)
-	TODO: check
+	NOT-FOR-US: Snapt Aria
 CVE-2022-24236 (An insecure permissions vulnerability in Snapt Aria v12.8 allows unaut ...)
-	TODO: check
+	NOT-FOR-US: Snapt Aria
 CVE-2022-24235 (A Cross-Site Request Forgery (CSRF) in the management portal of Snapt  ...)
-	TODO: check
+	NOT-FOR-US: Snapt Aria
 CVE-2022-24234
 	RESERVED
 CVE-2022-24233
@@ -9256,9 +9256,9 @@ CVE-2022-24128 (Timescale TimescaleDB 1.x and 2.x before 2.5.2 may allow privile
 CVE-2022-24127
 	RESERVED
 CVE-2022-24126 (A buffer overflow in the NRSessionSearchResult parser in Bandai Namco  ...)
-	TODO: check
+	NOT-FOR-US: Bandai Namco FromSoftware Dark Souls III
 CVE-2022-24125 (The matchmaking servers of Bandai Namco FromSoftware Dark Souls III th ...)
-	TODO: check
+	NOT-FOR-US: Bandai Namco FromSoftware Dark Souls III
 CVE-2022-24124 (The query API in Casdoor before 1.13.1 has a SQL injection vulnerabili ...)
 	NOT-FOR-US: Casdoor
 CVE-2022-24123 (MarkText through 0.16.3 does not sanitize the input of a mermaid block ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/301606a00d0cb216b73f9ac16b95e6199ca6a2c1

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/301606a00d0cb216b73f9ac16b95e6199ca6a2c1
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220321/0668bd4c/attachment.htm>
