[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Sun May 29 09:41:53 BST 2022 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
acc90b49 by Salvatore Bonaccorso at 2022-05-29T10:41:18+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -107,7 +107,7 @@ CVE-2022-1911
 CVE-2022-1910
 	RESERVED
 CVE-2022-1909 (Cross-site Scripting (XSS) - Stored in GitHub repository causefx/organ ...)
-	TODO: check
+	NOT-FOR-US: organizr
 CVE-2022-1908 (Buffer Over-read in GitHub repository bfabiszewski/libmobi prior to 0. ...)
 	- libmobi 0.11+dfsg-1 (bug #1011971)
 	NOTE: https://huntr.dev/bounties/a7436e88-0488-4bd4-816f-2e2c803e93e8
@@ -3779,7 +3779,7 @@ CVE-2022-30425 (Tenda Technology Co.,Ltd HG6 3.3.0-210926 was discovered to cont
 CVE-2022-30424
 	RESERVED
 CVE-2022-30423 (Merchandise Online Store v1.0 by oretnom23 has an arbitrary code execu ...)
-	TODO: check
+	NOT-FOR-US: Merchandise Online Store
 CVE-2022-30422
 	RESERVED
 CVE-2022-30421
@@ -3921,13 +3921,13 @@ CVE-2022-30354
 CVE-2022-30353
 	RESERVED
 CVE-2022-30352 (phpABook 0.9i is vulnerable to SQL Injection due to insufficient sanit ...)
-	TODO: check
+	NOT-FOR-US: phpABook
 CVE-2022-30351
 	RESERVED
 CVE-2022-30350
 	RESERVED
 CVE-2022-30349 (siteserver SSCMS 6.15.51 is vulnerable to Cross Site Scripting (XSS). ...)
-	TODO: check
+	NOT-FOR-US: siteserver SSCMS
 CVE-2022-30348
 	RESERVED
 CVE-2022-30347
@@ -4688,7 +4688,7 @@ CVE-2022-30112
 CVE-2022-30111 (Due to the use of an insecure algorithm for rolling codes in MCK Smart ...)
 	TODO: check
 CVE-2022-30110 (The file preview functionality in Jirafeau < 4.4.0, which is enable ...)
-	TODO: check
+	NOT-FOR-US: Jirafeau
 CVE-2022-30109
 	RESERVED
 CVE-2022-30108
@@ -5783,9 +5783,9 @@ CVE-2022-29782
 CVE-2022-29781
 	RESERVED
 CVE-2022-29780 (Nginx NJS v0.7.2 was discovered to contain a segmentation violation in ...)
-	TODO: check
+	NOT-FOR-US: njs
 CVE-2022-29779 (Nginx NJS v0.7.2 was discovered to contain a segmentation violation in ...)
-	TODO: check
+	NOT-FOR-US: njs
 CVE-2022-29778
 	RESERVED
 CVE-2022-29777
@@ -5873,19 +5873,19 @@ CVE-2022-29737
 CVE-2022-29736
 	RESERVED
 CVE-2022-29735 (Delta Controls enteliTOUCH 3.40.3935, 3.40.3706, and 3.33.4005 allows  ...)
-	TODO: check
+	NOT-FOR-US: Delta Controls enteliTOUCH
 CVE-2022-29734 (A cross-site scripting (XSS) vulnerability in ICT Protege GX/WX v2.08  ...)
-	TODO: check
+	NOT-FOR-US: ICT Protege GX/WX
 CVE-2022-29733 (Delta Controls enteliTOUCH 3.40.3935, 3.40.3706, and 3.33.4005 was dis ...)
-	TODO: check
+	NOT-FOR-US: Delta Controls enteliTOUCH
 CVE-2022-29732 (Delta Controls enteliTOUCH 3.40.3935, 3.40.3706, and 3.33.4005 was dis ...)
-	TODO: check
+	NOT-FOR-US: Delta Controls enteliTOUCH
 CVE-2022-29731 (An access control issue in ICT Protege GX/WX 2.08 allows attackers to  ...)
-	TODO: check
+	NOT-FOR-US: ICT Protege GX/WX
 CVE-2022-29730 (USR IOT 4G LTE Industrial Cellular VPN Router v1.0.36 was discovered t ...)
-	TODO: check
+	NOT-FOR-US: USR IOT 4G LTE Industrial Cellular VPN Router
 CVE-2022-29729 (Verizon 4G LTE Network Extender GA4.38 - V0.4.038.2131 utilizes a weak ...)
-	TODO: check
+	NOT-FOR-US: Verizon 4G LTE Network Extender GA4.38
 CVE-2022-29728 (Survey Sparrow Enterprise Survey Software 2022 has a Reflected cross-s ...)
 	NOT-FOR-US: Survey Sparrow Enterprise Survey Software
 CVE-2022-29727 (Survey Sparrow Enterprise Survey Software 2022 has a Stored cross-site ...)
@@ -5953,13 +5953,13 @@ CVE-2022-29697
 CVE-2022-29696
 	RESERVED
 CVE-2022-29695 (Unicorn Engine v2.0.0-rc7 contains memory leaks caused by an incomplet ...)
-	TODO: check
+	NOT-FOR-US: Unicorn Engine
 CVE-2022-29694 (Unicorn Engine v2.0.0-rc7 and below was discovered to contain a NULL p ...)
-	TODO: check
+	NOT-FOR-US: Unicorn Engine
 CVE-2022-29693 (Unicorn Engine v2.0.0-rc7 and below was discovered to contain a memory ...)
-	TODO: check
+	NOT-FOR-US: Unicorn Engine
 CVE-2022-29692 (Unicorn Engine v1.0.3 was discovered to contain a use-after-free vulne ...)
-	TODO: check
+	NOT-FOR-US: Unicorn Engine
 CVE-2022-29691
 	RESERVED
 CVE-2022-29690



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/acc90b49284cbbaee25d7eb0aa11b0af8790f61d

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/acc90b49284cbbaee25d7eb0aa11b0af8790f61d
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220529/05ef97af/attachment.htm>

More information about the debian-security-tracker-commits mailing list