[Git][security-tracker-team/security-tracker][master] Process some NFUs

Wed May 4 17:05:19 BST 2022


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
38810bb6 by Salvatore Bonaccorso at 2022-05-04T18:04:51+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -265,7 +265,7 @@ CVE-2022-1550
 CVE-2022-1549
 	RESERVED
 CVE-2022-1548 (Mattermost Playbooks plugin 1.25 and earlier fails to properly restric ...)
-	TODO: check
+	NOT-FOR-US: Mattermost Playbooks plugin
 CVE-2022-1547
 	RESERVED
 CVE-2022-1546
@@ -1028,7 +1028,7 @@ CVE-2022-29809
 CVE-2022-1503 (A vulnerability, which was classified as problematic, has been found i ...)
 	NOT-FOR-US: GetSimple CMS
 CVE-2022-1502 (Permissions were not properly verified in the API on projects using ve ...)
-	TODO: check
+	NOT-FOR-US: Octopus Server
 CVE-2022-1501
 	RESERVED
 	{DSA-5125-1}
@@ -3822,13 +3822,13 @@ CVE-2022-28794
 CVE-2022-28793 (Given the TEE is compromised and controlled by the attacker, improper  ...)
 	TODO: check
 CVE-2022-28792 (DLL hijacking vulnerability in Gear IconX PC Manager prior to version  ...)
-	TODO: check
+	NOT-FOR-US: Gear IconX PC Manager
 CVE-2022-28791 (Improper input validation vulnerability in InstallAgent in Galaxy Stor ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2022-28790 (Improper authentication in Link to Windows Service prior to version 2. ...)
 	TODO: check
 CVE-2022-28789 (Unprotected activities in Voice Note prior to version 21.3.51.11 allow ...)
-	TODO: check
+	NOT-FOR-US: Samsung / Voice Note
 CVE-2022-28788 (Improper buffer size check logic in aviextractor library prior to SMR  ...)
 	TODO: check
 CVE-2022-28787 (Improper buffer size check logic in wmfextractor library prior to SMR  ...)
@@ -3838,15 +3838,15 @@ CVE-2022-28786 (Improper buffer size check logic in aviextractor library prior t
 CVE-2022-28785 (Improper buffer size check logic in aviextractor library prior to SMR  ...)
 	TODO: check
 CVE-2022-28784 (Path traversal vulnerability in Galaxy Themes prior to SMR May-2022 Re ...)
-	TODO: check
+	NOT-FOR-US: Samsung / Galaxy Themes
 CVE-2022-28783 (Improper validation of removing package name in Galaxy Themes prior to ...)
-	TODO: check
+	NOT-FOR-US: Samsung / Galaxy Themes
 CVE-2022-28782 (Improper access control vulnerability in Contents To Window prior to S ...)
 	TODO: check
 CVE-2022-28781 (Improper input validation in Settings prior to SMR-May-2022 Release 1  ...)
-	TODO: check
+	NOT-FOR-US: Samsung / Settings
 CVE-2022-28780 (Improper access control vulnerability in Weather prior to SMR May-2022 ...)
-	TODO: check
+	NOT-FOR-US: Samsung / Weather
 CVE-2022-28779 (Uncontrolled search path element vulnerability in Samsung Android USB  ...)
 	NOT-FOR-US: Samsung
 CVE-2022-28778 (Improper access control vulnerability in Samsung Security Supporter pr ...)
@@ -7654,7 +7654,7 @@ CVE-2022-27433
 CVE-2022-27432 (A Cross-Site Request Forgery (CSRF) in Pluck CMS v4.7.15 allows attack ...)
 	NOT-FOR-US: Pluck CMS
 CVE-2022-27431 (Wuzhicms v4.1.0 was discovered to contain a SQL injection vulnerabilit ...)
-	TODO: check
+	NOT-FOR-US: Wuzhicms
 CVE-2022-27430
 	RESERVED
 CVE-2022-27429 (Jizhicms v1.9.5 was discovered to contain a Server-Side Request Forger ...)
@@ -7676,7 +7676,7 @@ CVE-2022-27422 (A reflected cross-site scripting (XSS) vulnerability in Chamilo
 CVE-2022-27421 (Chamilo LMS v1.11.13 lacks validation on the user modification form, a ...)
 	NOT-FOR-US: Chamilo LMS
 CVE-2022-27420 (Hospital Management System v1.0 was discovered to contain a SQL inject ...)
-	TODO: check
+	NOT-FOR-US: Hospital Management System
 CVE-2022-27419 (rtl_433 21.12 was discovered to contain a stack overflow in the functi ...)
 	- rtl-433 <unfixed> (bug #1009788)
 	[bullseye] - rtl-433 <not-affected> (Vulnerable code introduced later)
@@ -7705,7 +7705,7 @@ CVE-2022-27415
 CVE-2022-27414
 	RESERVED
 CVE-2022-27413 (Hospital Management System v1.0 was discovered to contain a SQL inject ...)
-	TODO: check
+	NOT-FOR-US: Hospital Management System
 CVE-2022-27412
 	RESERVED
 CVE-2022-27411
@@ -7934,7 +7934,7 @@ CVE-2022-27332 (An access control issue in Zammad v5.0.3 allows attackers to wri
 CVE-2022-27331 (An access control issue in Zammad v5.0.3 broadcasts administrative con ...)
 	- zammad <itp> (bug #841355)
 CVE-2022-27330 (A cross-site scripting (XSS) vulnerability in /public/admin/index.php? ...)
-	TODO: check
+	NOT-FOR-US: E-Commerce Website
 CVE-2022-27329
 	RESERVED
 CVE-2022-27328



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/38810bb6e37454077e390c39766a02e2b8e05bd9

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/38810bb6e37454077e390c39766a02e2b8e05bd9
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220504/e34a2f09/attachment.htm>
