[Git][security-tracker-team/security-tracker][master] Process some more NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Mon May 23 21:36:23 BST 2022 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
0517d408 by Salvatore Bonaccorso at 2022-05-23T22:35:54+02:00
Process some more NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -6833,9 +6833,9 @@ CVE-2022-29007 (Multiple SQL injection vulnerabilities via the username and pass
 CVE-2022-29006 (Multiple SQL injection vulnerabilities via the username and password p ...)
 	NOT-FOR-US: Directory Management System
 CVE-2022-29005 (Multiple cross-site scripting (XSS) vulnerabilities in the component / ...)
-	TODO: check
+	NOT-FOR-US: Online Birth Certificate System
 CVE-2022-29004 (Diary Management System v1.0 was discovered to contain a cross-site sc ...)
-	TODO: check
+	NOT-FOR-US: Diary Management System
 CVE-2022-29003
 	RESERVED
 CVE-2022-29002
@@ -6847,9 +6847,9 @@ CVE-2022-29000
 CVE-2022-28999
 	RESERVED
 CVE-2022-28998 (Xlight FTP v3.9.3.2 was discovered to contain a stack-based buffer ove ...)
-	TODO: check
+	NOT-FOR-US: Xlight FTP
 CVE-2022-28997 (CSZCMS v1.3.0 allows attackers to execute a Server-Side Request Forger ...)
-	TODO: check
+	NOT-FOR-US: CSZCMS
 CVE-2022-28996
 	RESERVED
 CVE-2022-28995 (Rengine v1.0.2 was discovered to contain a remote code execution (RCE) ...)
@@ -6996,7 +6996,7 @@ CVE-2022-28934
 CVE-2022-28933
 	RESERVED
 CVE-2022-28932 (D-Link DSL-G2452DG HW:T1\\tFW:ME_2.00 was discovered to contain insecu ...)
-	TODO: check
+	NOT-FOR-US: D-Link
 CVE-2022-28931
 	RESERVED
 CVE-2022-28930 (ERP-Pro v3.7.5 was discovered to contain a SQL injection vulnerability ...)
@@ -7140,7 +7140,7 @@ CVE-2022-28876
 CVE-2022-28875
 	RESERVED
 CVE-2022-28874 (Multiple Denial-of-Service vulnerabilities was discovered in the F-Sec ...)
-	TODO: check
+	NOT-FOR-US: F-Secure
 CVE-2022-28873 (A vulnerability affecting F-Secure SAFE browser was discovered. An att ...)
 	NOT-FOR-US: F-Secure
 CVE-2022-28872 (A vulnerability affecting F-Secure SAFE browser was discovered. A mali ...)
@@ -41099,7 +41099,7 @@ CVE-2021-23225 (Cacti 1.1.38 allows authenticated users with User Management per
 CVE-2022-0005 (Sensitive information accessible by physical probing of JTAG interface ...)
 	NOT-FOR-US: Intel
 CVE-2022-0004 (Hardware debug modes and processor INIT setting that allow override of ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2022-0003
 	RESERVED
 CVE-2022-0002 (Non-transparent sharing of branch predictor within a context in some I ...)
@@ -43130,7 +43130,7 @@ CVE-2021-42235 (SQL injection in osTicket before 1.14.8 and 1.15.4 login and pas
 CVE-2021-42234
 	RESERVED
 CVE-2021-42233 (The Simple Blog plugin in Wondercms 3.4.1 is vulnerable to stored cros ...)
-	TODO: check
+	NOT-FOR-US: Simple Blog plugin in Wondercms
 CVE-2021-42232
 	RESERVED
 CVE-2021-42231
@@ -66121,7 +66121,7 @@ CVE-2021-32943 (The affected product is vulnerable to a stack-based buffer overf
 CVE-2021-32942 (The vulnerability could expose cleartext credentials from AVEVA InTouc ...)
 	NOT-FOR-US: AVEVA InTouch Runtime
 CVE-2021-32941 (Annke N48PBB (Network Video Recorder) products of version 3.4.106 buil ...)
-	TODO: check
+	NOT-FOR-US: Annke N48PBB (Network Video Recorder) products
 CVE-2021-32940 (An out-of-bounds read issue exists in the DWG file-recovering procedur ...)
 	NOT-FOR-US: Open Design Alliance
 CVE-2021-32939 (FATEK Automation FvDesigner, Versions 1.5.88 and prior is vulnerable t ...)
@@ -66133,7 +66133,7 @@ CVE-2021-32937 (An attacker can gain knowledge of a session temporary working fo
 CVE-2021-32936 (An out-of-bounds write issue exists in the DXF file-recovering procedu ...)
 	NOT-FOR-US: Open Design Alliance
 CVE-2021-32935 (The affected Cognex product, the In-Sight OPC Server versions v5.7.4 ( ...)
-	TODO: check
+	NOT-FOR-US: Cognex
 CVE-2021-32934 (The affected ThroughTek P2P products (SDKs using versions before 3.1.5 ...)
 	NOT-FOR-US: ThroughTek P2P SDK
 CVE-2021-32933 (An attacker could leverage an API to pass along a malicious file that  ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0517d4088e40bc80aee9da9c2249ae5029f5192e

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0517d4088e40bc80aee9da9c2249ae5029f5192e
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220523/44d56e4e/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list