[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) jmm at debian.org
Mon Sep 5 09:18:21 BST 2022 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
cfd15d6c by Moritz Muehlenhoff at 2022-09-05T10:18:07+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -84,7 +84,7 @@ CVE-2022-3120
 CVE-2022-3119
 	RESERVED
 CVE-2022-3118 (A vulnerability was found in Sourcecodehero ERP System Project. It has ...)
-	NOT-FOR-US: qSourcecodehero ERP System Project
+	NOT-FOR-US: Sourcecodehero ERP System Project
 CVE-2022-39808
 	RESERVED
 CVE-2022-39807
@@ -8016,7 +8016,7 @@ CVE-2022-36749 (RPi-Jukebox-RFID v2.3.0 was discovered to contain a command inje
 CVE-2022-36748 (PicUploader v2.6.3 was discovered to contain a cross-site scripting (X ...)
 	NOT-FOR-US: PicUploader
 CVE-2022-36747 (Razor v0.8.0 was discovered to contain a cross-site scripting (XSS) vu ...)
-	TODO: check
+	NOT-FOR-US: Cobub Razor
 CVE-2022-36746 (LibreNMS v22.6.0 was discovered to contain a cross-site scripting (XSS ...)
 	NOT-FOR-US: LibreNMS
 CVE-2022-36745 (LibreNMS v22.6.0 was discovered to contain a cross-site scripting (XSS ...)
@@ -8235,7 +8235,6 @@ CVE-2022-36640 (** DISPUTED ** influxData influxDB before v1.8.10 contains no au
 	- influxdb <unfixed> (unimportant)
 	NOTE: If InfluxDB is deployed on publicly accessible endpoint, it is recommended
 	NOTE: to enable authentication.
-	TODO: check, research on fixing commits in 1.8.10
 CVE-2022-36639 (A stored cross-site scripting (XSS) vulnerability in /client.php of Ga ...)
 	NOT-FOR-US: Garage Management System
 CVE-2022-36638 (An access control issue in the component print.php of Garage Managemen ...)
@@ -8327,7 +8326,7 @@ CVE-2022-36596
 CVE-2022-36595
 	RESERVED
 CVE-2022-36594 (Mapper v4.0.0 to v4.2.0 was discovered to contain a SQL injection vuln ...)
-	TODO: check
+	NOT-FOR-US: MyBatis Mapper
 CVE-2022-36593 (kkFileView v4.0.0 was discovered to contain an arbitrary file deletion ...)
 	NOT-FOR-US: kkFileView
 CVE-2022-36592
@@ -8473,7 +8472,7 @@ CVE-2022-36523 (D-Link Go-RT-AC750 GORTAC750_revA_v101b03 & GO-RT-AC750_revB
 CVE-2022-36522 (Mikrotik RouterOs through stable v6.48.3 was discovered to contain an  ...)
 	NOT-FOR-US: Mikrotik
 CVE-2022-36521 (Insecure permissions in cskefu v7.0.1 allows unauthenticated attackers ...)
-	TODO: check
+	NOT-FOR-US: cskefu
 CVE-2022-36520 (H3C GR-1200W MiniGRW1A0V100R006 was discovered to contain a stack over ...)
 	NOT-FOR-US: H3C
 CVE-2022-36519 (H3C GR-1200W MiniGRW1A0V100R006 was discovered to contain a stack over ...)
@@ -9825,7 +9824,7 @@ CVE-2022-36048 (Zulip is an open-source team collaboration tool with topic-based
 CVE-2022-36047
 	RESERVED
 CVE-2022-36046 (Next.js is a React framework that can provide building blocks to creat ...)
-	TODO: check
+	NOT-FOR-US: Next.js
 CVE-2022-36045 (NodeBB Forum Software is powered by Node.js and supports either Redis, ...)
 	NOT-FOR-US: NodeBB
 CVE-2022-36044
@@ -9845,11 +9844,11 @@ CVE-2022-36038
 CVE-2022-36037 (kirby is a content management system (CMS) that adapts to many differe ...)
 	NOT-FOR-US: Kirby CMS
 CVE-2022-36036 (mdx-mermaid provides plug and play access to Mermaid in MDX. There is  ...)
-	TODO: check
+	NOT-FOR-US: mdx-mermaid
 CVE-2022-36035 (Flux is a tool for keeping Kubernetes clusters in sync with sources of ...)
 	NOT-FOR-US: Flux
 CVE-2022-36034 (nitrado.js is a type safe wrapper for the Nitrado API. Possible ReDoS  ...)
-	TODO: check
+	NOT-FOR-US: nitrado.js
 CVE-2022-36033 (jsoup is a Java HTML parser, built for HTML editing, cleaning, scrapin ...)
 	- jsoup 1.15.3-1 (bug #1018931)
 	[bullseye] - jsoup <no-dsa> (Minor issue, preserveRelativeLinks option is disabled by default)
@@ -38074,7 +38073,7 @@ CVE-2022-25924
 CVE-2022-25923
 	RESERVED
 CVE-2022-25921 (All versions of package morgan-json are vulnerable to Arbitrary Code E ...)
-	TODO: check
+	NOT-FOR-US: Node morgan-json
 CVE-2022-25919
 	RESERVED
 CVE-2022-25918
@@ -38100,7 +38099,7 @@ CVE-2022-25906
 CVE-2022-25904
 	RESERVED
 CVE-2022-25903 (The package opcua from 0.0.0 are vulnerable to Denial of Service (DoS) ...)
-	TODO: check
+	NOT-FOR-US: Rust crate opcua
 CVE-2022-25902
 	RESERVED
 CVE-2022-25901
@@ -38131,7 +38130,7 @@ CVE-2022-25891 (The package github.com/containrrr/shoutrrr/pkg/util before 0.6.0
 CVE-2022-25890
 	RESERVED
 CVE-2022-25888 (The package opcua from 0.0.0 are vulnerable to Denial of Service (DoS) ...)
-	TODO: check
+	NOT-FOR-US: Rust crate opcua
 CVE-2022-25887 (The package sanitize-html before 2.7.1 are vulnerable to Regular Expre ...)
 	TODO: check
 CVE-2022-25886



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cfd15d6c2facea0d8e7980452cb7d7f104f3f412

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cfd15d6c2facea0d8e7980452cb7d7f104f3f412
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220905/fa0b2c84/attachment.htm>

More information about the debian-security-tracker-commits mailing list