[Git][security-tracker-team/security-tracker][master] Process NFUs

Tue May 17 21:31:22 BST 2022


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
fa6c14eb by Salvatore Bonaccorso at 2022-05-17T22:30:57+02:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -297,7 +297,7 @@ CVE-2022-1725 (NULL Pointer Dereference in GitHub repository vim/vim prior to 8.
 CVE-2022-1724
 	RESERVED
 CVE-2022-1723 (Server-Side Request Forgery (SSRF) in GitHub repository jgraph/drawio  ...)
-	TODO: check
+	NOT-FOR-US: jgraph/drawio
 CVE-2022-1722 (SSRF in editor's proxy via IPv6 link-local address in GitHub repositor ...)
 	NOT-FOR-US: jgraph/drawio
 CVE-2022-1721 (Path Traversal in WellKnownServlet in GitHub repository jgraph/drawio  ...)
@@ -719,7 +719,7 @@ CVE-2022-1713 (SSRF on /proxy in GitHub repository jgraph/drawio prior to 18.0.4
 CVE-2022-1712
 	RESERVED
 CVE-2022-1711 (Server-Side Request Forgery (SSRF) in GitHub repository jgraph/drawio  ...)
-	TODO: check
+	NOT-FOR-US: jgraph/drawio
 CVE-2022-1710
 	RESERVED
 CVE-2022-1709
@@ -745,7 +745,7 @@ CVE-2021-44467
 CVE-2021-4228
 	RESERVED
 CVE-2022-30689 (HashiCorp Vault and Vault Enterprise from 1.10.0 to 1.10.2 did not cor ...)
-	TODO: check
+	NOT-FOR-US: HashiCorp
 CVE-2022-30688 (needrestart 0.8 through 3.5 before 3.6 is prone to local privilege esc ...)
 	{DSA-5137-1}
 	- needrestart 3.6-1 (bug #1011154)
@@ -2369,7 +2369,7 @@ CVE-2022-30126 (In Apache Tika, a regular expression in our StandardsText class,
 	- tika <unfixed>
 	NOTE: https://www.openwall.com/lists/oss-security/2022/05/16/3
 CVE-2022-1553 (Leaking password protected articles content due to improper access con ...)
-	TODO: check
+	NOT-FOR-US: Publify
 CVE-2022-1552
 	RESERVED
 	{DSA-5136-1 DSA-5135-1}
@@ -2507,9 +2507,9 @@ CVE-2022-30075
 CVE-2022-30074
 	RESERVED
 CVE-2022-30073 (WBCE CMS 1.5.2 is vulnerable to Cross Site Scripting (XSS) via /admin/ ...)
-	TODO: check
+	NOT-FOR-US: WBCE CMS
 CVE-2022-30072 (WBCE CMS 1.5.2 is vulnerable to Cross Site Scripting (XSS) via \admin\ ...)
-	TODO: check
+	NOT-FOR-US: WBCE CMS
 CVE-2022-30071
 	RESERVED
 CVE-2022-30070
@@ -2642,7 +2642,7 @@ CVE-2022-30009
 CVE-2022-30008
 	RESERVED
 CVE-2022-30007 (GXCMS V1.5 has a file upload vulnerability in the background. The vuln ...)
-	TODO: check
+	NOT-FOR-US: GXCMS
 CVE-2022-30006
 	RESERVED
 CVE-2022-30005
@@ -4657,7 +4657,7 @@ CVE-2022-29334
 CVE-2022-29333
 	RESERVED
 CVE-2022-29332 (D-LINK DIR-825 AC1200 R2 is vulnerable to Directory Traversal. An atta ...)
-	TODO: check
+	NOT-FOR-US: D-LINK
 CVE-2022-29331
 	RESERVED
 CVE-2022-29330
@@ -5595,7 +5595,7 @@ CVE-2022-29019
 CVE-2022-29018
 	RESERVED
 CVE-2022-29017 (Bento4 v1.6.0.0 was discovered to contain a segmentation fault via the ...)
-	TODO: check
+	NOT-FOR-US: Bento4
 CVE-2022-29016
 	RESERVED
 CVE-2022-29015
@@ -14448,7 +14448,7 @@ CVE-2022-21192
 CVE-2022-21191
 	RESERVED
 CVE-2022-21190 (This affects the package convict before 6.2.3. This is a bypass of [CV ...)
-	TODO: check
+	NOT-FOR-US: Node convict
 CVE-2022-21189 (The package dexie before 3.2.2, from 4.0.0-alpha.1 and before 4.0.0-al ...)
 	NOT-FOR-US: dexie
 CVE-2022-21187 (The package libvcs before 0.11.1 are vulnerable to Command Injection v ...)
@@ -16957,7 +16957,7 @@ CVE-2022-24977 (ImpressCMS before 1.4.2 allows unauthenticated remote code execu
 CVE-2022-0579 (Improper Privilege Management in Packagist snipe/snipe-it prior to 5.3 ...)
 	- snipe-it <itp> (bug #1005172)
 CVE-2022-0578 (Code Injection in GitHub repository publify/publify prior to 9.2.8. ...)
-	TODO: check
+	NOT-FOR-US: Publify
 CVE-2022-24976 (Atheme IRC Services before 7.2.12, when used in conjunction with InspI ...)
 	- atheme-services 7.2.12-1
 	[bullseye] - atheme-services <no-dsa> (Minor issue; can be fixed via point release)
@@ -16976,9 +16976,9 @@ CVE-2022-0576 (Cross-site Scripting (XSS) - Generic in Packagist librenms/libren
 CVE-2022-0575 (Cross-site Scripting (XSS) - Stored in Packagist librenms/librenms pri ...)
 	NOT-FOR-US: LibreNMS
 CVE-2022-0574 (Improper Access Control in GitHub repository publify/publify prior to  ...)
-	TODO: check
+	NOT-FOR-US: Publify
 CVE-2022-0573 (JFrog Artifactory before 7.36.1 and 6.23.41, is vulnerable to Insecure ...)
-	TODO: check
+	NOT-FOR-US: JFrog Artifactory
 CVE-2022-0572 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. ...)
 	{DLA-3011-1}
 	- vim 2:8.2.4659-1



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fa6c14eb1be4374db99f26a925c9189a3802ad2c

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fa6c14eb1be4374db99f26a925c9189a3802ad2c
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220517/63771e79/attachment-0001.htm>
