[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue May 17 09:15:15 BST 2022 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
6ca3b25b by Salvatore Bonaccorso at 2022-05-17T10:14:45+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -645,11 +645,11 @@ CVE-2022-30699
 CVE-2022-30698
 	RESERVED
 CVE-2022-30697 (Local privilege escalation due to insecure folder permissions. The fol ...)
-	TODO: check
+	NOT-FOR-US: Acronis
 CVE-2022-30696 (Local privilege escalation due to a DLL hijacking vulnerability. The f ...)
-	TODO: check
+	NOT-FOR-US: Acronis
 CVE-2022-30695 (Local privilege escalation due to excessive permissions assigned to ch ...)
-	TODO: check
+	NOT-FOR-US: Acronis
 CVE-2022-30694
 	RESERVED
 CVE-2022-30543
@@ -669,7 +669,7 @@ CVE-2022-1714 (Heap-based Buffer Overflow in GitHub repository radareorg/radare2
 	NOTE: https://huntr.dev/bounties/1c22055b-b015-47a8-a57b-4982978751d0
 	NOTE: https://github.com/radareorg/radare2/commit/3ecdbf8e21186a9c5a4d3cfa3b1e9fd27045340e
 CVE-2022-1713 (SSRF on /proxy in GitHub repository jgraph/drawio prior to 18.0.4. An  ...)
-	TODO: check
+	NOT-FOR-US: jgraph/drawio
 CVE-2022-1712
 	RESERVED
 CVE-2022-1711
@@ -2495,7 +2495,7 @@ CVE-2022-30057 (Shopwind <=v3.4.2 was discovered to contain a stored cross-si
 CVE-2022-30056
 	RESERVED
 CVE-2022-30055 (Prime95 30.7 build 9 suffers from a Buffer Overflow vulnerability that ...)
-	TODO: check
+	NOT-FOR-US: Prime95
 CVE-2022-30054
 	RESERVED
 CVE-2022-30053
@@ -2505,7 +2505,7 @@ CVE-2022-30052
 CVE-2022-30051
 	RESERVED
 CVE-2022-30050 (Gnuboard 5.55 and 5.56 is vulnerable to Cross Site Scripting (XSS) via ...)
-	TODO: check
+	NOT-FOR-US: Gnuboard
 CVE-2022-30049 (A Server-Side Request Forgery (SSRF) in Rebuild v2.8.3 allows attacker ...)
 	TODO: check
 CVE-2022-30048 (Mingsoft MCMS 5.2.7 was discovered to contain a SQL injection vulnerab ...)
@@ -2579,11 +2579,11 @@ CVE-2022-30015
 CVE-2022-30014
 	RESERVED
 CVE-2022-30013 (A stored cross-site scripting (XSS) vulnerability in the upload functi ...)
-	TODO: check
+	NOT-FOR-US: totaljs CMS
 CVE-2022-30012 (In the POST request of the appointment.php page of HMS v.0, there are  ...)
-	TODO: check
+	NOT-FOR-US: HMS
 CVE-2022-30011 (In HMS 1.0 when requesting appointment.php through POST, multiple para ...)
-	TODO: check
+	NOT-FOR-US: HMS
 CVE-2022-30010
 	RESERVED
 CVE-2022-30009



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6ca3b25baaadf88f67c30cde07807b2b86dea1c7

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6ca3b25baaadf88f67c30cde07807b2b86dea1c7
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220517/6ec32f51/attachment.htm>

More information about the debian-security-tracker-commits mailing list