[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed Nov 16 15:09:50 GMT 2022 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
426e7541 by Salvatore Bonaccorso at 2022-11-16T16:09:22+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -817,7 +817,7 @@ CVE-2022-45201
 CVE-2022-45200
 	RESERVED
 CVE-2022-3993 (Authentication Bypass by Primary Weakness in GitHub repository kareadi ...)
-	TODO: check
+	NOT-FOR-US: Kavita
 CVE-2022-3992 (A vulnerability classified as problematic was found in SourceCodester  ...)
 	NOT-FOR-US: SourceCodester Sanitization Management System
 CVE-2022-3991
@@ -8645,7 +8645,7 @@ CVE-2022-43296
 CVE-2022-43295 (XPDF v4.04 was discovered to contain a stack overflow via the function ...)
 	TODO: check
 CVE-2022-43294 (Tasmota before commit 066878da4d4762a9b6cb169fdf353e804d735cfd was dis ...)
-	TODO: check
+	NOT-FOR-US: Tasmota
 CVE-2022-43293
 	RESERVED
 CVE-2022-43292 (Canteen Management System v1.0 was discovered to contain a SQL injecti ...)
@@ -8711,7 +8711,7 @@ CVE-2022-43267
 CVE-2022-43266
 	RESERVED
 CVE-2022-43265 (An arbitrary file upload vulnerability in the component /pages/save_us ...)
-	TODO: check
+	NOT-FOR-US: Canteen Management System
 CVE-2022-43264
 	RESERVED
 CVE-2022-43263
@@ -18287,7 +18287,7 @@ CVE-2022-39387 (XWiki OIDC has various tools to manipulate OpenID Connect protoc
 CVE-2022-39386 (@fastify/websocket provides WebSocket support for Fastify. Any applica ...)
 	NOT-FOR-US: @fastify/websocket
 CVE-2022-39385 (Discourse is the an open source discussion platform. In some rare case ...)
-	TODO: check
+	NOT-FOR-US: Discourse
 CVE-2022-39384 (OpenZeppelin Contracts is a library for secure smart contract developm ...)
 	NOT-FOR-US: OpenZeppelin
 CVE-2022-39383
@@ -20436,7 +20436,7 @@ CVE-2022-2948
 CVE-2022-2947
 	RESERVED
 CVE-2022-38666 (Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.146 and e ...)
-	TODO: check
+	NOT-FOR-US: Jenkins plugin
 CVE-2022-38665 (Jenkins CollabNet Plugins Plugin 2.0.8 and earlier stores a RabbitMQ p ...)
 	NOT-FOR-US: Jenkins CollabNet Plugins Plugin
 CVE-2022-38664 (Jenkins Job Configuration History Plugin 1165.v8cc9fd1f4597 and earlie ...)
@@ -21897,7 +21897,7 @@ CVE-2022-38203
 CVE-2022-38202
 	RESERVED
 CVE-2022-38201 (An unvalidated redirect vulnerability exists in Esri Portal for ArcGIS ...)
-	TODO: check
+	NOT-FOR-US: Esri Portal for ArcGIS Quick Capture Web Designer
 CVE-2022-38200 (A cross site scripting vulnerability exists in some map service config ...)
 	NOT-FOR-US: ArcGIS Server
 CVE-2022-38199 (A remote file download issue can occur in some capabilities of Esri Ar ...)
@@ -22087,7 +22087,7 @@ CVE-2022-38169
 CVE-2022-38168 (Broken Access Control in User Authentication in Avaya Scopia Pathfinde ...)
 	NOT-FOR-US: Avaya Scopia Pathfinder
 CVE-2022-38167 (The Nintex Workflow plugin 5.2.2.30 for SharePoint allows XSS. ...)
-	TODO: check
+	NOT-FOR-US: Nintex Workflow plugin for SharePoint
 CVE-2022-38166
 	RESERVED
 CVE-2022-38165
@@ -24765,7 +24765,7 @@ CVE-2022-37111 (BlueCMS 1.6 has SQL injection in line 132 of admin/article.php .
 CVE-2022-37110
 	RESERVED
 CVE-2022-37109 (patrickfuller camp up to and including commit bbd53a256ed70e79bd875808 ...)
-	TODO: check
+	NOT-FOR-US: patrickfuller camp
 CVE-2022-37108 (An injection vulnerability in the syslog-ng configuration wizard in Se ...)
 	NOT-FOR-US: Securonix Snypr
 CVE-2022-37107
@@ -35061,17 +35061,17 @@ CVE-2022-33241
 CVE-2022-33240
 	RESERVED
 CVE-2022-33239 (Transient DOS due to loop with unreachable exit condition in WLAN firm ...)
-	TODO: check
+	NOT-FOR-US: Snapdragon
 CVE-2022-33238
 	RESERVED
 CVE-2022-33237 (Transient DOS due to buffer over-read in WLAN firmware while processin ...)
-	TODO: check
+	NOT-FOR-US: Snapdragon
 CVE-2022-33236 (Transient DOS due to buffer over-read in WLAN firmware while parsing c ...)
-	TODO: check
+	NOT-FOR-US: Snapdragon
 CVE-2022-33235
 	RESERVED
 CVE-2022-33234 (Memory corruption in video due to configuration weakness. in Snapdrago ...)
-	TODO: check
+	NOT-FOR-US: Snapdragon
 CVE-2022-33233
 	RESERVED
 CVE-2022-33232



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/426e75410028b9b15cf84fd60fff8de0229e5f47

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/426e75410028b9b15cf84fd60fff8de0229e5f47
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221116/fd67d08c/attachment.htm>

More information about the debian-security-tracker-commits mailing list