[Git][security-tracker-team/security-tracker][master] Process some NFUs

Neil Williams (@codehelp) codehelp at debian.org
Thu May 19 10:17:18 BST 2022 


Neil Williams pushed to branch master at Debian Security Tracker / security-tracker


Commits:
fec78624 by Neil Williams at 2022-05-19T10:16:53+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -6330,13 +6330,13 @@ CVE-2022-28926
 CVE-2022-28925
 	RESERVED
 CVE-2022-28924 (An information disclosure vulnerability in UniverSIS-Students before v ...)
-	TODO: check
+	NOT-FOR-US: UniverSIS
 CVE-2022-28923
 	RESERVED
 CVE-2022-28922
 	RESERVED
 CVE-2022-28921 (A Cross-Site Request Forgery (CSRF) vulnerability discovered in BlogEn ...)
-	TODO: check
+	NOT-FOR-US: BlogEngine.NET
 CVE-2022-28920 (Tieba-Cloud-Sign v4.9 was discovered to contain a cross-site scripting ...)
 	NOT-FOR-US: Baidu Tieba
 CVE-2022-28919 (HTMLCreator release_stable_2020-07-29 was discovered to contain a cros ...)
@@ -12848,7 +12848,7 @@ CVE-2022-25943 (The installer of WPS Office for Windows versions prior to v11.2.
 CVE-2022-0880 (Cross-site Scripting (XSS) - Stored in GitHub repository star7th/showd ...)
 	NOT-FOR-US: ShowDoc
 CVE-2022-26650 (In Apache ShenYui, ShenYu-Bootstrap, RegexPredicateJudge.java uses Pat ...)
-	TODO: check
+	NOT-FOR-US: Apache ShenYu
 CVE-2022-26649
 	RESERVED
 CVE-2022-26648
@@ -15632,7 +15632,7 @@ CVE-2022-25619 (Improper Neutralization of Special Elements used in a Command ('
 CVE-2022-25618 (Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-25617 (Reflected Cross-Site Scripting (XSS) vulnerability in Code Snippets pl ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-25616
 	RESERVED
 CVE-2022-25615 (Cross-Site Request Forgery (CSRF) in StylemixThemes eRoom – Zoom ...)
@@ -16965,9 +16965,9 @@ CVE-2022-25164
 CVE-2022-25163
 	RESERVED
 CVE-2022-25162 (Improper Input Validation vulnerability in Mitsubishi Electric MELSEC  ...)
-	TODO: check
+	NOT-FOR-US: Mitsubishi
 CVE-2022-25161 (Improper Input Validation vulnerability in Mitsubishi Electric MELSEC  ...)
-	TODO: check
+	NOT-FOR-US: Mitsubishi
 CVE-2022-25160 (Cleartext Storage of Sensitive Information vulnerability in Mitsubishi ...)
 	NOT-FOR-US: Mitsubishi
 CVE-2022-25159 (Authentication Bypass by Capture-replay vulnerability in Mitsubishi El ...)
@@ -17761,7 +17761,7 @@ CVE-2022-24891 (ESAPI (The OWASP Enterprise Security API) is a free, open source
 	NOTE: https://github.com/ESAPI/esapi-java-legacy/blob/develop/documentation/ESAPI-security-bulletin8.pdf
 	NOTE: https://github.com/ESAPI/esapi-java-legacy/blob/develop/documentation/esapi4java-core-2.3.0.0-release-notes.txt
 CVE-2022-24890 (Nextcloud Talk is a video and audio conferencing app for Nextcloud. In ...)
-	TODO: check
+	NOT-FOR-US: Nextcloud talk app
 CVE-2022-24889 (Nextcloud Server is the file server software for Nextcloud, a self-hos ...)
 	- nextcloud-server <itp> (bug #941708)
 CVE-2022-24888 (Nextcloud Server is the file server software for Nextcloud, a self-hos ...)
@@ -24312,9 +24312,9 @@ CVE-2022-23070
 CVE-2022-23069
 	RESERVED
 CVE-2022-23068 (ToolJet versions v0.6.0 to v1.10.2 are vulnerable to HTML injection wh ...)
-	TODO: check
+	NOT-FOR-US: ToolJet
 CVE-2022-23067 (ToolJet versions v0.5.0 to v1.2.2 are vulnerable to token leakage via  ...)
-	TODO: check
+	NOT-FOR-US: ToolJet
 CVE-2022-23066 (In Solana rBPF versions 0.2.26 and 0.2.27 are affected by Incorrect Ca ...)
 	NOT-FOR-US: Solana rBPF
 CVE-2022-23065 (In Vendure versions 0.1.0-alpha.2 to 1.5.1 are affected by Stored XSS  ...)
@@ -24546,7 +24546,7 @@ CVE-2022-22977
 CVE-2022-22976
 	RESERVED
 CVE-2022-22975 (An issue was discovered in the Pinniped Supervisor with either LADPIde ...)
-	TODO: check
+	NOT-FOR-US: vmware-tanzu/pinniped
 CVE-2022-22974
 	RESERVED
 CVE-2022-22973



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fec78624ee57aa713ee39844dbe6092fe8435524

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fec78624ee57aa713ee39844dbe6092fe8435524
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220519/6ba6693e/attachment.htm>

More information about the debian-security-tracker-commits mailing list