[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri May 6 05:21:30 BST 2022 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
d6ff5521 by Salvatore Bonaccorso at 2022-05-06T06:20:32+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -15,11 +15,11 @@ CVE-2022-1594
 CVE-2022-1593
 	RESERVED
 CVE-2022-1592 (Server-Side Request Forgery in scout in GitHub repository clinical-gen ...)
-	TODO: check
+	NOT-FOR-US: clinical-genomics/scout
 CVE-2022-1591
 	RESERVED
 CVE-2022-1590 (A vulnerability was found in Bludit 3.13.1. It has been declared as pr ...)
-	TODO: check
+	NOT-FOR-US: Bludit
 CVE-2022-1589
 	RESERVED
 CVE-2022-30292 (thread_call in sqbaselib.cpp in SQUIRREL 3.2 lacks a certain sq_reserv ...)
@@ -32,7 +32,7 @@ CVE-2022-30290
 CVE-2022-30289
 	RESERVED
 CVE-2022-30288 (Agoo through 2.14.2 does not reject GraphQL fragment spreads that form ...)
-	TODO: check
+	NOT-FOR-US: Ruby gem agoo
 CVE-2022-30287
 	RESERVED
 CVE-2022-30286
@@ -185,7 +185,7 @@ CVE-2022-1577
 CVE-2022-1576
 	RESERVED
 CVE-2022-1575 (Arbitrary Code Execution through Sanitizer Bypass in GitHub repository ...)
-	TODO: check
+	NOT-FOR-US: jgraph/drawio
 CVE-2022-1574
 	RESERVED
 CVE-2022-1573
@@ -469,7 +469,7 @@ CVE-2022-1556
 CVE-2022-1555 (DOM XSS in microweber ver 1.2.15 in GitHub repository microweber/micro ...)
 	NOT-FOR-US: microweber
 CVE-2022-1554 (Path Traversal due to `send_file` call in GitHub repository clinical-g ...)
-	TODO: check
+	NOT-FOR-US: clinical-genomics/scout
 CVE-2022-30126
 	RESERVED
 CVE-2022-1553
@@ -806,7 +806,7 @@ CVE-2022-29970 (Sinatra before 2.2.0 does not validate that the expanded path ma
 	NOTE: https://github.com/sinatra/sinatra/commit/462c3ca1db53ed3cfc394cf5948e9c948ad1c10e (v2.2.0)
 	TODO: check where issue is introduced
 CVE-2022-29969 (The RSS extension before 2022-04-29 for MediaWiki allows XSS via an rs ...)
-	TODO: check
+	NOT-FOR-US: RSS extension for MediaWiki
 CVE-2022-29968 (An issue was discovered in the Linux kernel through 5.17.5. io_rw_init ...)
 	- linux <unfixed>
 	[bullseye] - linux <not-affected> (Vulnerable code introduced later)
@@ -878,11 +878,11 @@ CVE-2022-29942 (Talend Administration Center has a vulnerability that allows an
 CVE-2022-29941
 	RESERVED
 CVE-2022-29940 (In LibreHealth EHR 2.0.0, lack of sanitization of the GET parameters f ...)
-	TODO: check
+	NOT-FOR-US: LibreHealth EHR
 CVE-2022-29939 (In LibreHealth EHR 2.0.0, lack of sanitization of the GET parameters d ...)
-	TODO: check
+	NOT-FOR-US: LibreHealth EHR
 CVE-2022-29938 (In LibreHealth EHR 2.0.0, lack of sanitization of the GET parameter pa ...)
-	TODO: check
+	NOT-FOR-US: LibreHealth EHR
 CVE-2022-29937 (USU Oracle Optimization before 5.17.5 allows authenticated DataCollect ...)
 	NOT-FOR-US: USU Oracle Optimization
 CVE-2022-29936 (USU Oracle Optimization before 5.17 allows authenticated quantum users ...)
@@ -1532,7 +1532,7 @@ CVE-2022-27174
 CVE-2022-1465
 	RESERVED
 CVE-2022-1464 (Stored xss bug in GitHub repository gogs/gogs prior to 0.12.7. As the  ...)
-	TODO: check
+	NOT-FOR-US: Go Git Service
 CVE-2022-1463
 	RESERVED
 CVE-2022-1462
@@ -2221,7 +2221,7 @@ CVE-2022-1413
 CVE-2022-1412
 	RESERVED
 CVE-2022-1411 (Unrestructed file upload in GitHub repository yetiforcecompany/yetifor ...)
-	TODO: check
+	NOT-FOR-US: yetiforcecrm
 CVE-2022-1410
 	RESERVED
 CVE-2022-1409
@@ -2374,15 +2374,15 @@ CVE-2022-28695 (On F5 BIG-IP AFM 16.1.x versions prior to 16.1.2.2, 15.1.x versi
 CVE-2022-28691 (On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior  ...)
 	NOT-FOR-US: F5 BIG-IP
 CVE-2022-27880 (On F5 Traffix SDC 5.2.x versions prior to 5.2.2 and 5.1.x versions pri ...)
-	TODO: check
+	NOT-FOR-US: F5 BIG-IP
 CVE-2022-27878 (On all versions of 16.1.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and 11.6.x  ...)
 	NOT-FOR-US: F5 BIG-IP
 CVE-2022-27875 (On F5 Access for Android 3.x versions prior to 3.0.8, a Task Hijacking ...)
-	TODO: check
+	NOT-FOR-US: F5 BIG-IP
 CVE-2022-27806 (On all versions of 16.1.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and 11.6.x  ...)
 	NOT-FOR-US: F5 BIG-IP
 CVE-2022-27662 (On F5 Traffix SDC 5.2.x versions prior to 5.2.2 and 5.1.x versions pri ...)
-	TODO: check
+	NOT-FOR-US: F5 BIG-IP
 CVE-2022-27659 (On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior  ...)
 	NOT-FOR-US: F5 BIG-IP
 CVE-2022-27636 (On F5 BIG-IP APM 16.1.x versions prior to 16.1.2.2, 15.1.x versions pr ...)
@@ -2390,7 +2390,7 @@ CVE-2022-27636 (On F5 BIG-IP APM 16.1.x versions prior to 16.1.2.2, 15.1.x versi
 CVE-2022-27634 (On 16.1.x versions prior to 16.1.2.2 and 15.1.x versions prior to 15.1 ...)
 	NOT-FOR-US: F5 BIG-IP
 CVE-2022-27495 (On all versions 1.3.x (fixed in 1.4.0) NGINX Service Mesh control plan ...)
-	TODO: check
+	NOT-FOR-US: F5 BIG-IP
 CVE-2022-27230 (On all versions of 16.1.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and 11.6.x  ...)
 	NOT-FOR-US: F5 BIG-IP
 CVE-2022-27189 (On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior  ...)
@@ -2418,7 +2418,7 @@ CVE-2022-26130 (On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions
 CVE-2022-26071 (On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior  ...)
 	NOT-FOR-US: F5 BIG-IP
 CVE-2022-25990 (On 1.0.x versions prior to 1.0.1, systems running F5OS-A software may  ...)
-	TODO: check
+	NOT-FOR-US: F5 BIG-IP
 CVE-2022-25946 (On all versions of 16.1.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and 11.6.x  ...)
 	NOT-FOR-US: F5 BIG-IP
 CVE-2022-1389 (On all versions of 16.1.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and 11.6.x  ...)
@@ -4698,7 +4698,7 @@ CVE-2022-28608
 CVE-2022-28607
 	RESERVED
 CVE-2022-28606 (An arbitrary file upload vulnerability exists in Wenzhou Huoyin Inform ...)
-	TODO: check
+	NOT-FOR-US: BossCMS
 CVE-2022-28605
 	RESERVED
 CVE-2022-28604
@@ -4742,25 +4742,25 @@ CVE-2022-28586 (XSS in edit page of Hoosk 1.8.0 allows attacker to execute javas
 CVE-2022-28585 (EmpireCMS 7.5 has a SQL injection vulnerability in AdClass.php ...)
 	NOT-FOR-US: EmpireCMS
 CVE-2022-28584 (It is found that there is a command injection vulnerability in the set ...)
-	TODO: check
+	NOT-FOR-US: TOTOLINK
 CVE-2022-28583 (It is found that there is a command injection vulnerability in the set ...)
-	TODO: check
+	NOT-FOR-US: TOTOLINK
 CVE-2022-28582 (It is found that there is a command injection vulnerability in the set ...)
-	TODO: check
+	NOT-FOR-US: TOTOLINK
 CVE-2022-28581 (It is found that there is a command injection vulnerability in the set ...)
-	TODO: check
+	NOT-FOR-US: TOTOLINK
 CVE-2022-28580 (It is found that there is a command injection vulnerability in the set ...)
-	TODO: check
+	NOT-FOR-US: TOTOLINK
 CVE-2022-28579 (It is found that there is a command injection vulnerability in the set ...)
-	TODO: check
+	NOT-FOR-US: TOTOLINK
 CVE-2022-28578 (It is found that there is a command injection vulnerability in the set ...)
-	TODO: check
+	NOT-FOR-US: TOTOLINK
 CVE-2022-28577 (It is found that there is a command injection vulnerability in the del ...)
-	TODO: check
+	NOT-FOR-US: TOTOLINK
 CVE-2022-28576
 	RESERVED
 CVE-2022-28575 (It is found that there is a command injection vulnerability in the set ...)
-	TODO: check
+	NOT-FOR-US: TOTOLINK
 CVE-2022-28574
 	RESERVED
 CVE-2022-28573 (D-Link DIR-823-Pro v1.0.2 was discovered to contain a command injectio ...)
@@ -4774,7 +4774,7 @@ CVE-2022-28570
 CVE-2022-28569
 	RESERVED
 CVE-2022-28568 (Sourcecodester Doctor's Appointment System 1.0 is vulnerable to File U ...)
-	TODO: check
+	NOT-FOR-US: Sourcecodester Doctor's Appointment System
 CVE-2022-28567
 	RESERVED
 CVE-2022-28566
@@ -4806,7 +4806,7 @@ CVE-2022-28554
 CVE-2022-28553
 	RESERVED
 CVE-2022-28552 (Cscms 4.1 is vulnerable to SQL Injection. Log into the background, ope ...)
-	TODO: check
+	NOT-FOR-US: Cscms
 CVE-2022-28551
 	RESERVED
 CVE-2022-28550
@@ -4844,13 +4844,13 @@ CVE-2022-28535
 CVE-2022-28534
 	RESERVED
 CVE-2022-28533 (Sourcecodester Medical Hub Directory Site 1.0 is vulnerable to SQL Inj ...)
-	TODO: check
+	NOT-FOR-US: Sourcecodester Medical Hub Directory Site
 CVE-2022-28532
 	RESERVED
 CVE-2022-28531
 	RESERVED
 CVE-2022-28530 (Sourcecodester Covid-19 Directory on Vaccination System 1.0 is vulnera ...)
-	TODO: check
+	NOT-FOR-US: Sourcecodester Covid-19 Directory on Vaccination System
 CVE-2022-28529
 	RESERVED
 CVE-2022-28528 (bloofoxCMS v0.5.2.1 was discovered to contain an arbitrary file upload ...)
@@ -4886,7 +4886,7 @@ CVE-2022-28514
 CVE-2022-28513
 	RESERVED
 CVE-2022-28512 (A SQL injection vulnerability exists in Sourcecodester Fantastic Blog  ...)
-	TODO: check
+	NOT-FOR-US: Sourcecodester Fantastic Blog CMS
 CVE-2022-28511
 	RESERVED
 CVE-2022-28510
@@ -4995,7 +4995,7 @@ CVE-2022-28463
 CVE-2022-28462 (novel-plus 3.6.0 suffers from an Arbitrary file reading vulnerability. ...)
 	TODO: check
 CVE-2022-28461 (mingyuefusu Library Management System all versions as of 03-27-2022 is ...)
-	TODO: check
+	NOT-FOR-US: mingyuefusu Library Management System
 CVE-2022-28460
 	RESERVED
 CVE-2022-28459
@@ -6261,7 +6261,7 @@ CVE-2022-28113 (An issue in upload.csp of FANTEC GmbH MWiD25-DS Firmware v2.000.
 CVE-2022-28112
 	RESERVED
 CVE-2022-28111 (MyBatis PageHelper v1.x.x-v5.x.x was discovered to contain a time-blin ...)
-	TODO: check
+	NOT-FOR-US: MyBatis PageHelper
 CVE-2022-28110
 	RESERVED
 CVE-2022-28109 (Selenium Selenium Grid (formerly Selenium Standalone Server) Fixed in  ...)
@@ -6285,13 +6285,13 @@ CVE-2022-28101 (Turtlapp Turtle Note v0.7.2.6 does not filter the <meta> t
 CVE-2022-28100
 	RESERVED
 CVE-2022-28099 (Poultry Farm Management System v1.0 was discovered to contain a SQL in ...)
-	TODO: check
+	NOT-FOR-US: Poultry Farm Management System
 CVE-2022-28098
 	RESERVED
 CVE-2022-28097
 	RESERVED
 CVE-2022-28096 (Skycaiji v2.4 was discovered to contain a remote code execution (RCE)  ...)
-	TODO: check
+	NOT-FOR-US: Skycaiji
 CVE-2022-28095
 	RESERVED
 CVE-2022-28094 (SCBS Online Sports Venue Reservation System v1.0 was discovered to con ...)
@@ -6303,7 +6303,7 @@ CVE-2022-28092
 CVE-2022-28091
 	RESERVED
 CVE-2022-28090 (Jspxcms v10.2.0 allows attackers to execute a Server-Side Request Forg ...)
-	TODO: check
+	NOT-FOR-US: Jspxcms
 CVE-2022-28089
 	RESERVED
 CVE-2022-28088
@@ -6326,15 +6326,15 @@ CVE-2022-28082 (Tenda AX12 v22.03.01.21_CN was discovered to contain a stack ove
 CVE-2022-28081 (A reflected cross-site scripting (XSS) vulnerability in the component  ...)
 	TODO: check
 CVE-2022-28080 (Royal Event Management System v1.0 was discovered to contain a SQL inj ...)
-	TODO: check
+	NOT-FOR-US: Royal Event Management System
 CVE-2022-28079 (College Management System v1.0 was discovered to contain a SQL injecti ...)
-	TODO: check
+	NOT-FOR-US: College Management System
 CVE-2022-28078
 	RESERVED
 CVE-2022-28077
 	RESERVED
 CVE-2022-28076 (Seacms v11.6 was discovered to contain a remote command execution (RCE ...)
-	TODO: check
+	NOT-FOR-US: Seacms
 CVE-2022-28075
 	RESERVED
 CVE-2022-28074 (Halo-1.5.0 was discovered to contain a stored cross-site scripting (XS ...)
@@ -6352,7 +6352,7 @@ CVE-2022-28069
 CVE-2022-28068
 	RESERVED
 CVE-2022-28067 (An incorrect access control issue in Sandboxie Classic v5.55.13 allows ...)
-	TODO: check
+	NOT-FOR-US: Sandboxie Classic
 CVE-2022-28066 (Libarchive v3.6.0 was discovered to contain a read memory access vulne ...)
 	TODO: check
 CVE-2022-28065
@@ -6376,7 +6376,7 @@ CVE-2022-28057
 CVE-2022-28056 (ShopXO v2.2.5 and below was discovered to contain a system re-install  ...)
 	NOT-FOR-US: ShopXO
 CVE-2022-28055 (Fusionpbx v4.4 and below contains a command injection vulnerability vi ...)
-	TODO: check
+	NOT-FOR-US: Fusionpbx
 CVE-2022-28054 (Improper sanitization of trigger action scripts in VanDyke Software VS ...)
 	NOT-FOR-US: VanDyke Software VShell
 CVE-2022-28053 (Typemill v1.5.3 was discovered to contain an arbitrary file upload vul ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d6ff55217b0f34b8f18cfd86d8ce14adcbfa2900

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d6ff55217b0f34b8f18cfd86d8ce14adcbfa2900
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220506/da71082e/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list