[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Sep 8 21:24:25 BST 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
ab0f605b by Salvatore Bonaccorso at 2022-09-08T22:23:42+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -216,7 +216,7 @@ CVE-2022-3150
CVE-2022-3149
RESERVED
CVE-2022-3148 (Cross-site Scripting (XSS) - Generic in GitHub repository jgraph/drawi ...)
- TODO: check
+ NOT-FOR-US: jgraph/drawio
CVE-2022-40144
RESERVED
CVE-2022-40143
@@ -272,7 +272,7 @@ CVE-2022-3140
CVE-2022-3139
RESERVED
CVE-2022-3138 (Cross-site Scripting (XSS) - Generic in GitHub repository jgraph/drawi ...)
- TODO: check
+ NOT-FOR-US: jgraph/drawio
CVE-2022-3137
RESERVED
CVE-2022-3136
@@ -2711,9 +2711,9 @@ CVE-2022-39017
CVE-2022-39016
RESERVED
CVE-2022-38400 (Mailform Pro CGI 4.3.1 and earlier allow a remote unauthenticated atta ...)
- TODO: check
+ NOT-FOR-US: Mailform Pro CGI
CVE-2022-33941 (PowerCMS XMLRPC API provided by Alfasado Inc. contains a command injec ...)
- TODO: check
+ NOT-FOR-US: PowerCMS
CVE-2022-3060
RESERVED
CVE-2022-3059
@@ -3268,7 +3268,7 @@ CVE-2022-38796
CVE-2022-38453
RESERVED
CVE-2022-38399 (Missing protection mechanism for alternate hardware interface in SmaCa ...)
- TODO: check
+ NOT-FOR-US: SmaCam
CVE-2022-38138
RESERVED
CVE-2022-38100
@@ -3655,17 +3655,17 @@ CVE-2022-38705
CVE-2022-38458
RESERVED
CVE-2022-38394 (Use of hard-coded credentials for the telnet server of CentreCOM AR260 ...)
- TODO: check
+ NOT-FOR-US: CentreCOM AR260S
CVE-2022-38094 (OS command injection vulnerability in the telnet function of CentreCOM ...)
- TODO: check
+ NOT-FOR-US: CentreCOM AR260S
CVE-2022-37337
RESERVED
CVE-2022-36429
RESERVED
CVE-2022-35273 (OS command injection vulnerability in GUI setting page of CentreCOM AR ...)
- TODO: check
+ NOT-FOR-US: CentreCOM AR260S
CVE-2022-34869 (Undocumented hidden command that can be executed from the telnet funct ...)
- TODO: check
+ NOT-FOR-US: CentreCOM AR260S
CVE-2022-2973
RESERVED
CVE-2022-2972
@@ -4962,7 +4962,7 @@ CVE-2022-38307
CVE-2022-38306
RESERVED
CVE-2022-36403 (Untrusted search path vulnerability in the installer of Device Softwar ...)
- TODO: check
+ NOT-FOR-US: Ricoh
CVE-2022-2825
RESERVED
CVE-2022-2824 (Improper Access Control in GitHub repository openemr/openemr prior to ...)
@@ -5072,17 +5072,17 @@ CVE-2022-38262
CVE-2022-38261
RESERVED
CVE-2022-38260 (Interview Management System v1.0 was discovered to contain a SQL injec ...)
- TODO: check
+ NOT-FOR-US: Interview Management System
CVE-2022-38259
RESERVED
CVE-2022-38258 (A local file inclusion (LFI) vulnerability in D-Link DIR 819 v1.06 all ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2022-38257
RESERVED
CVE-2022-38256 (TastyIgniter v3.5.0 was discovered to contain a cross-site scripting ( ...)
TODO: check
CVE-2022-38255 (Interview Management System v1.0 was discovered to contain a SQL injec ...)
- TODO: check
+ NOT-FOR-US: Interview Management System
CVE-2022-38254 (Nagios XI before v5.8.7 was discovered to contain a cross-site scripti ...)
NOT-FOR-US: Nagios XI
CVE-2022-38253
@@ -7886,7 +7886,7 @@ CVE-2022-37165
CVE-2022-37164 (Inoda OnTrack v3.4 employs a weak password policy which allows attacke ...)
TODO: check
CVE-2022-37163 (Bminusl IHateToBudget v1.5.7 employs a weak password policy which allo ...)
- TODO: check
+ NOT-FOR-US: Bminusl IHateToBudget
CVE-2022-37162 (Claroline 13.5.7 and prior is vulnerable to Cross Site Scripting (XSS) ...)
NOT-FOR-US: Claroline
CVE-2022-37161 (Claroline 13.5.7 and prior is vulnerable to Cross Site Scripting (XSS) ...)
@@ -10651,13 +10651,13 @@ CVE-2022-36095
CVE-2022-36094
RESERVED
CVE-2022-36093 (XWiki Platform Web Templates are templates for XWiki Platform, a gener ...)
- TODO: check
+ NOT-FOR-US: XWiki
CVE-2022-36092 (XWiki Platform Old Core is a core package for XWiki Platform, a generi ...)
- TODO: check
+ NOT-FOR-US: XWiki
CVE-2022-36091 (XWiki Platform Web Templates are templates for XWiki Platform, a gener ...)
- TODO: check
+ NOT-FOR-US: XWiki
CVE-2022-36090 (XWiki Platform Old Core is a core package for XWiki Platform, a generi ...)
- TODO: check
+ NOT-FOR-US: XWiki
CVE-2022-36089 (KubeVela is an application delivery platform Users using KubeVela's Ve ...)
NOT-FOR-US: KubeVela
CVE-2022-36088 (GoCD is a continuous delivery server. Windows installations via either ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ab0f605b1bc37f898663e2c987be4b984bf7f403
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ab0f605b1bc37f898663e2c987be4b984bf7f403
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220908/d07b744b/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list