[Git][security-tracker-team/security-tracker][master] Process some NFUs

Thu Sep 1 21:22:20 BST 2022


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
0ed10e49 by Salvatore Bonaccorso at 2022-09-01T22:21:46+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -966,7 +966,7 @@ CVE-2022-38791 (In MariaDB before 10.9.2, compress_write in extra/mariabackup/ds
 	NOTE: https://jira.mariadb.org/browse/MDEV-28719
 	NOTE: MariaDB fixed in 10.3.36, 10.5.17, 10.6.9
 CVE-2022-38790 (Weave GitOps Enterprise before 0.9.0-rc.5 has a cross-site scripting ( ...)
-	TODO: check
+	NOT-FOR-US: Weave GitOps Enterprise
 CVE-2022-38789
 	RESERVED
 CVE-2022-38788
@@ -3192,7 +3192,7 @@ CVE-2022-37328
 CVE-2022-36798
 	RESERVED
 CVE-2022-36796 (Cross-Site Request Forgery (CSRF) vulnerability leading to Stored Cros ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-36793
 	RESERVED
 CVE-2022-36791
@@ -3218,13 +3218,13 @@ CVE-2022-36383
 CVE-2022-36376
 	RESERVED
 CVE-2022-36373 (Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in Simon Wa ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-36365
 	RESERVED
 CVE-2022-36358 (Cross-Site Request Forgery (CSRF) vulnerability in SEO Scout plugin &l ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-36355 (Authenticated (contributor+) Stored Cross-Site Scripting (XSS) vulnera ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-36352
 	RESERVED
 CVE-2022-36347 (Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability ...)
@@ -4651,7 +4651,7 @@ CVE-2022-37437 (When using Ingest Actions to configure a destination that reside
 CVE-2022-37436
 	RESERVED
 CVE-2022-37435 (Apache ShenYu Admin has insecure permissions, which may allow low-priv ...)
-	TODO: check
+	NOT-FOR-US: Apache ShenYu
 CVE-2022-37433
 	RESERVED
 CVE-2022-37432
@@ -6847,7 +6847,7 @@ CVE-2022-36585
 CVE-2022-36584
 	RESERVED
 CVE-2022-36583 (DedeCMS V5.7.97 was discovered to contain multiple cross-site scriptin ...)
-	TODO: check
+	NOT-FOR-US: DedeCMS
 CVE-2022-36582 (An arbitrary file upload vulnerability in the component /php_action/cr ...)
 	NOT-FOR-US: Garage Management System
 CVE-2022-36581 (Online Ordering System v2.3.2 was discovered to contain a SQL injectio ...)
@@ -7115,7 +7115,7 @@ CVE-2022-36451
 CVE-2022-36450 (Obsidian 0.14.x and 0.15.x before 0.15.5 allows obsidian://hook-get-ad ...)
 	NOT-FOR-US: Obsidian
 CVE-2022-36449 (An issue was discovered in the Arm Mali GPU Kernel Driver. A non-privi ...)
-	TODO: check
+	NOT-FOR-US: ARM Mali GPU driver
 CVE-2022-36448
 	RESERVED
 CVE-2022-36447 (An inflation issue was discovered in Chia Network CAT1 Standard 1.0.0. ...)
@@ -8305,11 +8305,11 @@ CVE-2022-36056
 CVE-2022-36055 (Helm is a tool for managing Charts. Charts are packages of pre-configu ...)
 	TODO: check
 CVE-2022-36054 (Contiki-NG is an open-source, cross-platform operating system for Next ...)
-	TODO: check
+	NOT-FOR-US: Contiki-NG
 CVE-2022-36053 (Contiki-NG is an open-source, cross-platform operating system for Next ...)
-	TODO: check
+	NOT-FOR-US: Contiki-NG
 CVE-2022-36052 (Contiki-NG is an open-source, cross-platform operating system for Next ...)
-	TODO: check
+	NOT-FOR-US: Contiki-NG
 CVE-2022-36051 (ZITADEL combines the ease of Auth0 and the versatility of Keycloak.**A ...)
 	TODO: check
 CVE-2022-36050
@@ -8323,7 +8323,7 @@ CVE-2022-36047
 CVE-2022-36046 (Next.js is a React framework that can provide building blocks to creat ...)
 	TODO: check
 CVE-2022-36045 (NodeBB Forum Software is powered by Node.js and supports either Redis, ...)
-	TODO: check
+	NOT-FOR-US: NodeBB
 CVE-2022-36044
 	RESERVED
 CVE-2022-36043



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0ed10e4949f672e809f6c8477b965077a3aa0ff5

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0ed10e4949f672e809f6c8477b965077a3aa0ff5
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220901/09800d61/attachment.htm>
