[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Sep 8 21:24:25 BST 2022



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
ab0f605b by Salvatore Bonaccorso at 2022-09-08T22:23:42+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -216,7 +216,7 @@ CVE-2022-3150
 CVE-2022-3149
 	RESERVED
 CVE-2022-3148 (Cross-site Scripting (XSS) - Generic in GitHub repository jgraph/drawi ...)
-	TODO: check
+	NOT-FOR-US: jgraph/drawio
 CVE-2022-40144
 	RESERVED
 CVE-2022-40143
@@ -272,7 +272,7 @@ CVE-2022-3140
 CVE-2022-3139
 	RESERVED
 CVE-2022-3138 (Cross-site Scripting (XSS) - Generic in GitHub repository jgraph/drawi ...)
-	TODO: check
+	NOT-FOR-US: jgraph/drawio
 CVE-2022-3137
 	RESERVED
 CVE-2022-3136
@@ -2711,9 +2711,9 @@ CVE-2022-39017
 CVE-2022-39016
 	RESERVED
 CVE-2022-38400 (Mailform Pro CGI 4.3.1 and earlier allow a remote unauthenticated atta ...)
-	TODO: check
+	NOT-FOR-US: Mailform Pro CGI
 CVE-2022-33941 (PowerCMS XMLRPC API provided by Alfasado Inc. contains a command injec ...)
-	TODO: check
+	NOT-FOR-US: PowerCMS
 CVE-2022-3060
 	RESERVED
 CVE-2022-3059
@@ -3268,7 +3268,7 @@ CVE-2022-38796
 CVE-2022-38453
 	RESERVED
 CVE-2022-38399 (Missing protection mechanism for alternate hardware interface in SmaCa ...)
-	TODO: check
+	NOT-FOR-US: SmaCam
 CVE-2022-38138
 	RESERVED
 CVE-2022-38100
@@ -3655,17 +3655,17 @@ CVE-2022-38705
 CVE-2022-38458
 	RESERVED
 CVE-2022-38394 (Use of hard-coded credentials for the telnet server of CentreCOM AR260 ...)
-	TODO: check
+	NOT-FOR-US: CentreCOM AR260S
 CVE-2022-38094 (OS command injection vulnerability in the telnet function of CentreCOM ...)
-	TODO: check
+	NOT-FOR-US: CentreCOM AR260S
 CVE-2022-37337
 	RESERVED
 CVE-2022-36429
 	RESERVED
 CVE-2022-35273 (OS command injection vulnerability in GUI setting page of CentreCOM AR ...)
-	TODO: check
+	NOT-FOR-US: CentreCOM AR260S
 CVE-2022-34869 (Undocumented hidden command that can be executed from the telnet funct ...)
-	TODO: check
+	NOT-FOR-US: CentreCOM AR260S
 CVE-2022-2973
 	RESERVED
 CVE-2022-2972
@@ -4962,7 +4962,7 @@ CVE-2022-38307
 CVE-2022-38306
 	RESERVED
 CVE-2022-36403 (Untrusted search path vulnerability in the installer of Device Softwar ...)
-	TODO: check
+	NOT-FOR-US: Ricoh
 CVE-2022-2825
 	RESERVED
 CVE-2022-2824 (Improper Access Control in GitHub repository openemr/openemr prior to  ...)
@@ -5072,17 +5072,17 @@ CVE-2022-38262
 CVE-2022-38261
 	RESERVED
 CVE-2022-38260 (Interview Management System v1.0 was discovered to contain a SQL injec ...)
-	TODO: check
+	NOT-FOR-US: Interview Management System
 CVE-2022-38259
 	RESERVED
 CVE-2022-38258 (A local file inclusion (LFI) vulnerability in D-Link DIR 819 v1.06 all ...)
-	TODO: check
+	NOT-FOR-US: D-Link
 CVE-2022-38257
 	RESERVED
 CVE-2022-38256 (TastyIgniter v3.5.0 was discovered to contain a cross-site scripting ( ...)
 	TODO: check
 CVE-2022-38255 (Interview Management System v1.0 was discovered to contain a SQL injec ...)
-	TODO: check
+	NOT-FOR-US: Interview Management System
 CVE-2022-38254 (Nagios XI before v5.8.7 was discovered to contain a cross-site scripti ...)
 	NOT-FOR-US: Nagios XI
 CVE-2022-38253
@@ -7886,7 +7886,7 @@ CVE-2022-37165
 CVE-2022-37164 (Inoda OnTrack v3.4 employs a weak password policy which allows attacke ...)
 	TODO: check
 CVE-2022-37163 (Bminusl IHateToBudget v1.5.7 employs a weak password policy which allo ...)
-	TODO: check
+	NOT-FOR-US: Bminusl IHateToBudget
 CVE-2022-37162 (Claroline 13.5.7 and prior is vulnerable to Cross Site Scripting (XSS) ...)
 	NOT-FOR-US: Claroline
 CVE-2022-37161 (Claroline 13.5.7 and prior is vulnerable to Cross Site Scripting (XSS) ...)
@@ -10651,13 +10651,13 @@ CVE-2022-36095
 CVE-2022-36094
 	RESERVED
 CVE-2022-36093 (XWiki Platform Web Templates are templates for XWiki Platform, a gener ...)
-	TODO: check
+	NOT-FOR-US: XWiki
 CVE-2022-36092 (XWiki Platform Old Core is a core package for XWiki Platform, a generi ...)
-	TODO: check
+	NOT-FOR-US: XWiki
 CVE-2022-36091 (XWiki Platform Web Templates are templates for XWiki Platform, a gener ...)
-	TODO: check
+	NOT-FOR-US: XWiki
 CVE-2022-36090 (XWiki Platform Old Core is a core package for XWiki Platform, a generi ...)
-	TODO: check
+	NOT-FOR-US: XWiki
 CVE-2022-36089 (KubeVela is an application delivery platform Users using KubeVela's Ve ...)
 	NOT-FOR-US: KubeVela
 CVE-2022-36088 (GoCD is a continuous delivery server. Windows installations via either ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ab0f605b1bc37f898663e2c987be4b984bf7f403

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ab0f605b1bc37f898663e2c987be4b984bf7f403
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220908/d07b744b/attachment-0001.htm>


More information about the debian-security-tracker-commits mailing list