[Git][security-tracker-team/security-tracker][master] Process several NFUs

Thu Sep 1 09:29:03 BST 2022


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
04172aba by Salvatore Bonaccorso at 2022-09-01T10:28:36+02:00
Process several NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1904,19 +1904,19 @@ CVE-2022-33310
 CVE-2022-2899
 	RESERVED
 CVE-2022-2898 (Measuresoft ScadaPro Server and Client (All Versions) do not properly  ...)
-	TODO: check
+	NOT-FOR-US: Measuresoft ScadaPro
 CVE-2022-2897 (Measuresoft ScadaPro Server and Client (All Versions) do not properly  ...)
-	TODO: check
+	NOT-FOR-US: Measuresoft ScadaPro
 CVE-2022-2896 (Measuresoft ScadaPro Server (All Versions) allows use after free while ...)
-	TODO: check
+	NOT-FOR-US: Measuresoft ScadaPro
 CVE-2022-2895 (Measuresoft ScadaPro Server (All Versions) uses unmaintained ActiveX c ...)
-	TODO: check
+	NOT-FOR-US: Measuresoft ScadaPro
 CVE-2022-2894 (Measuresoft ScadaPro Server (All Versions) uses unmaintained ActiveX c ...)
-	TODO: check
+	NOT-FOR-US: Measuresoft ScadaPro
 CVE-2022-2893
 	RESERVED
 CVE-2022-2892 (Measuresoft ScadaPro Server (Versions prior to 6.8.0.1) uses an unmain ...)
-	TODO: check
+	NOT-FOR-US: Measuresoft ScadaPro
 CVE-2021-46834
 	RESERVED
 CVE-2020-36599 (lib/omniauth/failure_endpoint.rb in OmniAuth before 1.9.2 (and before  ...)
@@ -5315,21 +5315,21 @@ CVE-2022-37132
 CVE-2022-37131
 	RESERVED
 CVE-2022-37130 (In D-Link DIR-816 A2_v1.10CNB04.img a command injection vulnerability  ...)
-	TODO: check
+	NOT-FOR-US: D-Link
 CVE-2022-37129 (D-Link DIR-816 A2_v1.10CNB04.img is vulnerable to Command Injection vi ...)
-	TODO: check
+	NOT-FOR-US: D-Link
 CVE-2022-37128 (In D-Link DIR-816 A2_v1.10CNB04.img the network can be initialized wit ...)
-	TODO: check
+	NOT-FOR-US: D-Link
 CVE-2022-37127
 	RESERVED
 CVE-2022-37126
 	RESERVED
 CVE-2022-37125 (D-link DIR-816 A2_v1.10CNB04.img is vulnerable to Command injection vi ...)
-	TODO: check
+	NOT-FOR-US: D-Link
 CVE-2022-37124
 	RESERVED
 CVE-2022-37123 (D-link DIR-816 A2_v1.10CNB04.img is vulnerable to Command injection vi ...)
-	TODO: check
+	NOT-FOR-US: D-Link
 CVE-2022-37122 (Carel pCOWeb HVAC BACnet Gateway 2.1.0, Firmware: A2.1.0 - B2.1.0, App ...)
 	NOT-FOR-US: Carel pCOWeb HVAC BACnet Gateway
 CVE-2022-37121
@@ -6444,11 +6444,11 @@ CVE-2022-36678 (Simple Task Scheduling System v1.0 was discovered to contain a S
 CVE-2022-36677
 	RESERVED
 CVE-2022-36676 (Simple Task Scheduling System v1.0 was discovered to contain a SQL inj ...)
-	TODO: check
+	NOT-FOR-US: Simple Task Scheduling System
 CVE-2022-36675 (Simple Task Scheduling System v1.0 was discovered to contain a SQL inj ...)
-	TODO: check
+	NOT-FOR-US: Simple Task Scheduling System
 CVE-2022-36674 (Simple Task Scheduling System v1.0 was discovered to contain a SQL inj ...)
-	TODO: check
+	NOT-FOR-US: Simple Task Scheduling System
 CVE-2022-36673
 	RESERVED
 CVE-2022-36672 (Novel-Plus v3.6.2 was discovered to contain a hard-coded JWT key locat ...)
@@ -6556,9 +6556,9 @@ CVE-2022-36622
 CVE-2022-36621
 	RESERVED
 CVE-2022-36620 (D-link DIR-816 A2_v1.10CNB04.img is vulnerable to Buffer Overflow via  ...)
-	TODO: check
+	NOT-FOR-US: D-link
 CVE-2022-36619 (In D-link DIR-816 A2_v1.10CNB04.img,the network can be reset without a ...)
-	TODO: check
+	NOT-FOR-US: D-link
 CVE-2022-36618
 	RESERVED
 CVE-2022-36617
@@ -6632,11 +6632,11 @@ CVE-2022-36584
 CVE-2022-36583
 	RESERVED
 CVE-2022-36582 (An arbitrary file upload vulnerability in the component /php_action/cr ...)
-	TODO: check
+	NOT-FOR-US: Garage Management System
 CVE-2022-36581 (Online Ordering System v2.3.2 was discovered to contain a SQL injectio ...)
-	TODO: check
+	NOT-FOR-US: Online Ordering System
 CVE-2022-36580 (An arbitrary file upload vulnerability in the component /admin/product ...)
-	TODO: check
+	NOT-FOR-US: Online Ordering System
 CVE-2022-36579 (Wellcms 2.2.0 is vulnerable to Cross Site Request Forgery (CSRF). ...)
 	NOT-FOR-US: Wellcms
 CVE-2022-36578 (jizhicms v2.3.1 has SQL injection in the background. ...)
@@ -7701,11 +7701,11 @@ CVE-2022-36205
 CVE-2022-36204
 	RESERVED
 CVE-2022-36203 (Doctor's Appointment System 1.0 is vulnerable to Cross Site Scripting  ...)
-	TODO: check
+	NOT-FOR-US: Doctor's Appointment System
 CVE-2022-36202 (Doctor's Appointment System1.0 is vulnerable to Incorrect Access Contr ...)
-	TODO: check
+	NOT-FOR-US: Doctor's Appointment System
 CVE-2022-36201 (Doctor's Appointment System 1.0 is vulnerable to SQL Injection via boo ...)
-	TODO: check
+	NOT-FOR-US: Doctor's Appointment System
 CVE-2022-36200 (In FiberHome VDSL2 Modem HG150-Ub_V3.0, Credentials of Admin are submi ...)
 	NOT-FOR-US: FiberHome VDSL2 Modem
 CVE-2022-36199



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/04172aba29debb4bf5eacb325bf501d924a4b8a2

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/04172aba29debb4bf5eacb325bf501d924a4b8a2
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220901/a3e4a5bb/attachment.htm>
