[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Nov 1 21:31:12 GMT 2022 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
f94fe04f by Salvatore Bonaccorso at 2022-11-01T22:30:34+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -11921,9 +11921,9 @@ CVE-2022-40490
 CVE-2022-40489
 	RESERVED
 CVE-2022-40488 (ProcessWire v3.0.200 was discovered to contain a Cross-Site Request Fo ...)
-	TODO: check
+	NOT-FOR-US: ProcessWire
 CVE-2022-40487 (ProcessWire v3.0.200 was discovered to contain multiple cross-site scr ...)
-	TODO: check
+	NOT-FOR-US: ProcessWire
 CVE-2022-40486 (TP Link Archer AX10 V1 Firmware Version 1.3.1 Build 20220401 Rel. 5745 ...)
 	NOT-FOR-US: TP Link
 CVE-2022-40485 (Wedding Planner v1.0 was discovered to contain a SQL injection vulnera ...)
@@ -14454,7 +14454,7 @@ CVE-2022-39369
 CVE-2022-39368
 	RESERVED
 CVE-2022-39367 (QTIWorks is a software suite for standards-based assessment delivery.  ...)
-	TODO: check
+	NOT-FOR-US: QTIWorks
 CVE-2022-39366 (DataHub is an open-source metadata platform. Prior to version 0.8.45,  ...)
 	TODO: check
 CVE-2022-39365 (Pimcore is an open source data and experience management platform. Pri ...)
@@ -14565,7 +14565,7 @@ CVE-2022-39315 (Kirby is a Content Management System. Prior to versions 3.5.8.2,
 CVE-2022-39314 (Kirby is a flat-file CMS. In versions prior to 3.5.8.2, 3.6.6.2, 3.7.5 ...)
 	NOT-FOR-US: Kirby CMS
 CVE-2022-39313 (Parse Server is an open source backend that can be deployed to any inf ...)
-	TODO: check
+	NOT-FOR-US: Node parse-server
 CVE-2022-39312 (Dataease is an open source data visualization analysis tool. Dataease  ...)
 	TODO: check
 CVE-2022-39311 (GoCD is a continuous delivery server. GoCD helps you automate and stre ...)
@@ -14685,7 +14685,7 @@ CVE-2022-39269 (PJSIP is a free and open source multimedia communication library
 CVE-2022-39268 (### Impact In a CSRF attack, an innocent end user is tricked by an att ...)
 	NOT-FOR-US: orchest/orchest
 CVE-2022-39267 (Bifrost is a heterogeneous middleware that synchronizes MySQL, MariaDB ...)
-	TODO: check
+	NOT-FOR-US: Bifrost
 CVE-2022-39266 (isolated-vm is a library for nodejs which gives the user access to v8' ...)
 	NOT-FOR-US: isolated-vm
 CVE-2022-39265 (MyBB is a free and open source forum software. The _Mail Settings_ &#8 ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f94fe04f4462b1352bcd9c20191140201140732d

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f94fe04f4462b1352bcd9c20191140201140732d
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221101/f8eeac3e/attachment.htm>

More information about the debian-security-tracker-commits mailing list