[Git][security-tracker-team/security-tracker][master] Process NFUs

Fri Mar 25 20:22:26 GMT 2022


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
c6ddb5de by Salvatore Bonaccorso at 2022-03-25T21:21:58+01:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -153,7 +153,7 @@ CVE-2022-1066
 CVE-2022-1065
 	RESERVED
 CVE-2022-1064 (SQL injection through marking blog comments on bulk as spam in GitHub  ...)
-	TODO: check
+	NOT-FOR-US: forkcms
 CVE-2022-1063
 	RESERVED
 CVE-2022-1062
@@ -913,7 +913,7 @@ CVE-2022-26017
 CVE-2022-25841
 	RESERVED
 CVE-2022-1040 (An authentication bypass vulnerability in the User Portal and Webadmin ...)
-	TODO: check
+	NOT-FOR-US: Sophos
 CVE-2022-1039
 	RESERVED
 CVE-2022-1038
@@ -1615,7 +1615,7 @@ CVE-2022-27194
 CVE-2022-0989
 	RESERVED
 CVE-2022-0988 (Delta Electronics DIAEnergie (Version 1.7.5 and prior) is vulnerable t ...)
-	TODO: check
+	NOT-FOR-US: Delta Electronics
 CVE-2022-0987 [PackageKit: Information Disclosure in Transaction Interface via timing]
 	RESERVED
 	- packagekit <unfixed>
@@ -4160,7 +4160,7 @@ CVE-2022-26265 (Contao Managed Edition v1.5.0 was discovered to contain a remote
 CVE-2022-26264
 	RESERVED
 CVE-2022-26263 (Yonyou u8 v13.0 was discovered to contain a DOM-based cross-site scrip ...)
-	TODO: check
+	NOT-FOR-US: Yonyou u8
 CVE-2022-26262
 	RESERVED
 CVE-2022-26261
@@ -5880,11 +5880,11 @@ CVE-2022-25614
 CVE-2022-25613
 	RESERVED
 CVE-2022-25612 (Multiple Authenticated Persistent Cross-Site Scripting (XSS) vulnerabi ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-25611 (Authenticated Stored Cross-Site Scripting (XSS) in Simple Event Planne ...)
-	TODO: check
+	NOT-FOR-US: Simple Event Planner plugin
 CVE-2022-25610 (Unauthenticated Stored Cross-Site Scripting (XSS) in Simple Ajax Chat  ...)
-	TODO: check
+	NOT-FOR-US: Simple Ajax Chat
 CVE-2022-25609 (Stored Cross-Site Scripting (XSS) in Yoo Slider – Image Slider & ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-25608 (Cross-Site Request Forgery (CSRF) in Yoo Slider – Image Slider & ...)
@@ -5892,7 +5892,7 @@ CVE-2022-25608 (Cross-Site Request Forgery (CSRF) in Yoo Slider – Image Sl
 CVE-2022-25607 (Authenticated (author or higher user role) SQL Injection (SQLi) vulner ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-25606 (Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabiliti ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-25605 (Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabiliti ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-25604 (Authenticated (contributor of higher user role) Stored Cross-Site Scri ...)
@@ -5979,7 +5979,7 @@ CVE-2022-25584
 CVE-2022-25583
 	RESERVED
 CVE-2022-25582 (A stored cross-site scripting (XSS) vulnerability in the Column module ...)
-	TODO: check
+	NOT-FOR-US: ClassCMS
 CVE-2022-25581 (Classcms v2.5 and below contains an arbitrary file upload via the comp ...)
 	NOT-FOR-US: Classcms
 CVE-2022-25580
@@ -5989,7 +5989,7 @@ CVE-2022-25579
 CVE-2022-25578 (taocms v3.0.2 allows attackers to execute code injection via arbitrari ...)
 	NOT-FOR-US: taocms
 CVE-2022-25577 (ALF-BanCO v8.2.5 and below was discovered to use a hardcoded password  ...)
-	TODO: check
+	NOT-FOR-US: ALF-BanCO
 CVE-2022-25576 (Anchor CMS v0.12.7 was discovered to contain a Cross-Site Request Forg ...)
 	NOT-FOR-US: Anchor CMS
 CVE-2022-25575 (Multiple cross-site scripting (XSS) vulnerabilities in Parking Managem ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c6ddb5dedda729a12e8e9de4116841fbcc0692c8

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c6ddb5dedda729a12e8e9de4116841fbcc0692c8
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220325/f9ea5215/attachment-0001.htm>
