[Git][security-tracker-team/security-tracker][master] Process some NFUs

Sat Sep 3 09:51:57 BST 2022


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
7891a8fd by Salvatore Bonaccorso at 2022-09-03T10:51:13+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1663,7 +1663,7 @@ CVE-2022-3067
 CVE-2022-3066
 	RESERVED
 CVE-2022-3065 (Improper Access Control in GitHub repository jgraph/drawio prior to 20 ...)
-	TODO: check
+	NOT-FOR-US: jgraph/drawio
 CVE-2022-3064
 	RESERVED
 CVE-2022-3063
@@ -7909,7 +7909,7 @@ CVE-2022-36756 (DIR845L A1 v1.00-v1.03 is vulnerable to command injection via /h
 CVE-2022-36755 (D-Link DIR845L A1 contains a authentication vulnerability via an AUTHO ...)
 	NOT-FOR-US: D-Link
 CVE-2022-36754 (Expense Management System v1.0 was discovered to contain a SQL injecti ...)
-	TODO: check
+	NOT-FOR-US: Expense Management System
 CVE-2022-36753
 	RESERVED
 CVE-2022-36752 (png2webp v1.0.4 was discovered to contain an out-of-bounds write via t ...)
@@ -8133,15 +8133,15 @@ CVE-2022-36644
 CVE-2022-36643
 	RESERVED
 CVE-2022-36642 (A local file disclosure vulnerability in /appConfig/userDB.json of Tel ...)
-	TODO: check
+	NOT-FOR-US: Telos Alliance Omnia MPX Node
 CVE-2022-36641
 	RESERVED
 CVE-2022-36640 (influxData influxDB before v1.8.10 contains no authentication mechanis ...)
 	TODO: check
 CVE-2022-36639 (A stored cross-site scripting (XSS) vulnerability in /client.php of Ga ...)
-	TODO: check
+	NOT-FOR-US: Garage Management System
 CVE-2022-36638 (An access control issue in the component print.php of Garage Managemen ...)
-	TODO: check
+	NOT-FOR-US: Garage Management System
 CVE-2022-36637 (Garage Management System v1.0 was discovered to contain a persistent c ...)
 	NOT-FOR-US: Garage Management System
 CVE-2022-36636 (Garage Management System v1.0 was discovered to contain a SQL injectio ...)
@@ -9964,7 +9964,7 @@ CVE-2022-35935
 CVE-2022-35934
 	RESERVED
 CVE-2022-35933 (This package is a PrestaShop module that allows users to post reviews  ...)
-	TODO: check
+	NOT-FOR-US: PrestaShop
 CVE-2022-35932 (Nextcloud Talk is a video and audio conferencing app for Nextcloud. Pr ...)
 	NOT-FOR-US: Nextcloud Talk
 CVE-2022-35931
@@ -22668,7 +22668,7 @@ CVE-2022-31197 (PostgreSQL JDBC Driver (PgJDBC for short) allows Java programs t
 	NOTE: https://github.com/pgjdbc/pgjdbc/security/advisories/GHSA-r38f-c4h4-hqq2
 	NOTE: https://github.com/pgjdbc/pgjdbc/commit/739e599d52ad80f8dcd6efedc6157859b1a9d637 (REL42.4.1-rc1)
 CVE-2022-31196 (Databasir is a database metadata management platform. Databasir <=  ...)
-	TODO: check
+	NOT-FOR-US: Databasir
 CVE-2022-31195 (DSpace open source software is a repository application which provides ...)
 	NOT-FOR-US: DSpace
 CVE-2022-31194 (DSpace open source software is a repository application which provides ...)
@@ -22709,7 +22709,7 @@ CVE-2022-31177 (Flask-AppBuilder is an application development framework built o
 	- flask-appbuilder <not-affected> (Fixed with initial upload to Debian)
 	NOTE: https://github.com/dpgaspar/Flask-AppBuilder/security/advisories/GHSA-32ff-4g79-vgfc
 CVE-2022-31176 (Grafana Image Renderer is a Grafana backend plugin that handles render ...)
-	TODO: check
+	NOT-FOR-US: Grafana Image Renderer
 CVE-2022-31175 (CKEditor 5 is a JavaScript rich text editor. A cross-site scripting vu ...)
 	NOT-FOR-US: ckeditor5-{markdown-gfm,html-support,html-embed} CKEditor 5 packages
 CVE-2022-31174



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7891a8fd6fcc8031c27ab6d9609fb838ff14f919

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7891a8fd6fcc8031c27ab6d9609fb838ff14f919
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220903/28c02b83/attachment-0001.htm>
