[Git][security-tracker-team/security-tracker][master] Process some NFUs

Fri May 20 12:23:56 BST 2022


Neil Williams pushed to branch master at Debian Security Tracker / security-tracker


Commits:
7b84c280 by Neil Williams at 2022-05-20T12:23:27+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -4397,7 +4397,7 @@ CVE-2022-29654
 CVE-2022-29653
 	RESERVED
 CVE-2022-29652 (Online Sports Complex Booking System 1.0 is vulnerable to SQL Injectio ...)
-	TODO: check
+	NOT-FOR-US: Sourcecodester Online Sports Complex Booking System
 CVE-2022-29651
 	RESERVED
 CVE-2022-29650
@@ -4455,7 +4455,7 @@ CVE-2022-29625
 CVE-2022-29624
 	RESERVED
 CVE-2022-29623 (An arbitrary file upload vulnerability in the file upload module of Co ...)
-	TODO: check
+	NOT-FOR-US: expressjs/connect-multiparty
 CVE-2022-29622 (An arbitrary file upload vulnerability in formidable v3.1.4 allows att ...)
 	TODO: check
 CVE-2022-29621
@@ -5347,7 +5347,7 @@ CVE-2022-29306 (IonizeCMS v1.0.8.1 was discovered to contain a SQL injection vul
 CVE-2022-29305
 	RESERVED
 CVE-2022-29304 (Online Sports Complex Booking System 1.0 is vulnerable to SQL Injectio ...)
-	TODO: check
+	NOT-FOR-US: Sourcecodester Online Sports Complex Booking System
 CVE-2022-29303 (SolarView Compact ver.6.00 was discovered to contain a command injecti ...)
 	NOT-FOR-US: SolarView Compact
 CVE-2022-29302 (SolarView Compact ver.6.00 was discovered to contain a local file disc ...)
@@ -6293,11 +6293,12 @@ CVE-2022-28989
 CVE-2022-28988
 	RESERVED
 CVE-2022-28987 (ManageEngine ADSelfService Plus v6.1 allows attackers to perform usern ...)
-	TODO: check
+	NOT-FOR-US: ZOHO ManageEngine
 CVE-2022-28986 (LMS Doctor Simple 2 Factor Authentication Plugin For Moodle Affected:  ...)
 	NOT-FOR-US: LMS Doctor Simple 2 Factor Authentication Plugin For Moodle
 CVE-2022-28985 (A stored cross-site scripting (XSS) vulnerability in the addNewPost co ...)
-	TODO: check
+	- orangehrm <itp> (bug #786622)
+	NOTE: https://github.com/orangehrm/orangehrm/issues/1217
 CVE-2022-28984
 	RESERVED
 CVE-2022-28983
@@ -6337,13 +6338,13 @@ CVE-2022-28967
 CVE-2022-28966 (Wasm3 0.5.0 has a heap-based buffer overflow in NewCodePage in m3_code ...)
 	NOT-FOR-US: wasm3
 CVE-2022-28965 (Multiple DLL hijacking vulnerabilities via the components instup.exe a ...)
-	TODO: check
+	NOT-FOR-US: avast AV
 CVE-2022-28964 (An arbitrary file write vulnerability in Avast Premium Security before ...)
-	TODO: check
+	NOT-FOR-US: avast AV
 CVE-2022-28963
 	RESERVED
 CVE-2022-28962 (Online Sports Complex Booking System 1.0 is vulnerable to SQL Injectio ...)
-	TODO: check
+	NOT-FOR-US: Sourcecodester Online Sports Complex Booking System
 CVE-2022-28961 (Spip Web Framework v3.1.13 and below was discovered to contain multipl ...)
 	{DSA-4798-1}
 	- spip 3.2.8-1
@@ -6357,7 +6358,7 @@ CVE-2022-28960 (A PHP injection vulnerability in Spip before v3.2.8 allows attac
 	NOTE: https://github.com/spip/SPIP/commit/0394b44774555ae8331b6e65e35065dfa0bb41e4
 	NOTE: https://github.com/spip/SPIP/commit/6c1650713fc948318852ace759aab8f1a84791cf
 CVE-2022-28959 (Multiple cross-site scripting (XSS) vulnerabilities in the component / ...)
-	TODO: check
+	NOT-FOR-US: spip/SPIP
 CVE-2022-28958 (D-Link DIR816L_FW206b01 was discovered to contain a remote code execut ...)
 	NOT-FOR-US: D-Link
 CVE-2022-28957



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7b84c2802489c1ab6700f4f90ad93e9ec388310f

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7b84c2802489c1ab6700f4f90ad93e9ec388310f
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220520/2eb5e4d6/attachment.htm>
