[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) jmm at debian.org
Mon Sep 12 15:42:57 BST 2022 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
2f4eb004 by Moritz Muehlenhoff at 2022-09-12T16:42:29+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -824,7 +824,7 @@ CVE-2022-40134
 CVE-2022-40127
 	RESERVED
 CVE-2022-38972 (Cross-site scripting vulnerability in Movable Type plugin A-Form versi ...)
-	TODO: check
+	NOT-FOR-US: Movable Type plugin
 CVE-2022-3142
 	RESERVED
 CVE-2022-3141
@@ -8418,7 +8418,7 @@ CVE-2022-37186 [Session destroyed on portal but still valid on handlers]
 	NOTE: https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2758
 	NOTE: https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/59c781b393947663ad3bf26bad0581413dd6fae4 (v2.0.15)
 CVE-2022-37185 (SQL injection vulnerability exists in the school information query int ...)
-	TODO: check
+	NOT-FOR-US: EMS system of the Office of the Thai Basic Education Commission
 CVE-2022-37184 (The application manage_website.php on Garage Management System 1.0 is  ...)
 	NOT-FOR-US: Garage Management System
 CVE-2022-37183 (Piwigo 12.3.0 is vulnerable to Cross Site Scripting (XSS) via /search/ ...)
@@ -9539,7 +9539,7 @@ CVE-2022-36738
 CVE-2022-36737
 	RESERVED
 CVE-2022-36736 (** DISPUTED ** Jitsi-2.10.5550 was discovered to contain a vulnerabili ...)
-	TODO: check
+	NOT-FOR-US: Disputed Jitsi issue
 CVE-2022-36735 (Library Management System v1.0 was discovered to contain a SQL injecti ...)
 	NOT-FOR-US: Library Management System
 CVE-2022-36734 (Library Management System v1.0 was discovered to contain a SQL injecti ...)
@@ -10811,17 +10811,17 @@ CVE-2022-36261 (An arbitrary file deletion vulnerability was discovered in taocm
 CVE-2022-36260
 	RESERVED
 CVE-2022-36259 (A SQL injection vulnerability in ConnectionFactory.java in sazanrjb In ...)
-	TODO: check
+	NOT-FOR-US: sazanrjb InventoryManagementSystem
 CVE-2022-36258 (A SQL injection vulnerability in CustomerDAO.java in sazanrjb Inventor ...)
-	TODO: check
+	NOT-FOR-US: sazanrjb InventoryManagementSystem
 CVE-2022-36257 (A SQL injection vulnerability in UserDAO.java in sazanrjb InventoryMan ...)
-	TODO: check
+	NOT-FOR-US: sazanrjb InventoryManagementSystem
 CVE-2022-36256 (A SQL injection vulnerability in Stocks.java in sazanrjb InventoryMana ...)
-	TODO: check
+	NOT-FOR-US: sazanrjb InventoryManagementSystem
 CVE-2022-36255 (A SQL injection vulnerability in SupplierDAO.java in sazanrjb Inventor ...)
-	TODO: check
+	NOT-FOR-US: sazanrjb InventoryManagementSystem
 CVE-2022-36254 (Multiple persistent cross-site scripting (XSS) vulnerabilities in inde ...)
-	TODO: check
+	NOT-FOR-US: tramyardg Hotel Management System
 CVE-2022-36253
 	RESERVED
 CVE-2022-36252
@@ -11193,7 +11193,7 @@ CVE-2022-36112
 CVE-2022-36111
 	RESERVED
 CVE-2022-36110 (Netmaker makes networks with WireGuard. Prior to version 0.15.1, Impro ...)
-	TODO: check
+	NOT-FOR-US: Netmaker
 CVE-2022-36109 (Moby is an open-source project created by Docker to enable software co ...)
 	- docker.io <unfixed>
 	[bullseye] - docker.io <no-dsa> (Minor issue)
@@ -11251,15 +11251,15 @@ CVE-2022-36087 (OAuthLib is an implementation of the OAuth request-signing logic
 	NOTE: Fixed by: https://github.com/oauthlib/oauthlib/commit/5d85c61998692643dd9d17e05d2646e06ce391e8
 	TODO: double-check, the fix has not landed in 3.2.1 actually
 CVE-2022-36086 (linked_list_allocator is an allocator usable for no_std systems. Prior ...)
-	TODO: check
+	NOT-FOR-US: linked_list_allocator
 CVE-2022-36085 (Open Policy Agent (OPA) is an open source, general-purpose policy engi ...)
 	NOT-FOR-US: Open Policy Agent (OPA)
 CVE-2022-36084 (cruddl is software for creating a GraphQL API for a database, using th ...)
-	TODO: check
+	NOT-FOR-US: cruddl
 CVE-2022-36083 (JOSE is "JSON Web Almost Everything" - JWA, JWS, JWE, JWT, JWK, JWKS w ...)
 	TODO: check
 CVE-2022-36082 (mangadex-downloader is a command-line tool to download manga from Mang ...)
-	TODO: check
+	NOT-FOR-US: mangadex-downloader
 CVE-2022-36081 (Wikmd is a file based wiki that uses markdown. Prior to version 1.7.1, ...)
 	NOT-FOR-US: Wikmd
 CVE-2022-36080 (Wikmd is a file based wiki that uses markdown. Prior to version 1.7.1, ...)
@@ -12061,7 +12061,7 @@ CVE-2022-35743
 CVE-2022-35742
 	RESERVED
 CVE-2022-2402 (The vulnerability in the driver dlpfde.sys enables a user logged into  ...)
-	TODO: check
+	NOT-FOR-US: ESET
 CVE-2022-2401 (Unrestricted information disclosure of all users in Mattermost version ...)
 	- mattermost-server <itp> (bug #823556)
 CVE-2022-2400 (External Control of File Name or Path in GitHub repository dompdf/domp ...)
@@ -16512,11 +16512,11 @@ CVE-2022-34112 (An access control issue in the component /api/plugin/uninstall D
 CVE-2022-34111
 	RESERVED
 CVE-2022-34110 (An issue in Micro-Star International MSI Feature Navigator v1.0.1808.0 ...)
-	TODO: check
+	NOT-FOR-US: Micro-Star
 CVE-2022-34109 (An issue in Micro-Star International MSI Feature Navigator v1.0.1808.0 ...)
-	TODO: check
+	NOT-FOR-US: Micro-Star
 CVE-2022-34108 (An issue in the Feature Navigator of Micro-Star International MSI Feat ...)
-	TODO: check
+	NOT-FOR-US: Micro-Star
 CVE-2022-34107
 	RESERVED
 CVE-2022-34106
@@ -21132,7 +21132,7 @@ CVE-2022-32266
 CVE-2022-32265 (qDecoder before 12.1.0 does not ensure that the percent character is f ...)
 	NOT-FOR-US: qDecoder
 CVE-2022-32264 (** UNSUPPORTED WHEN ASSIGNED ** sys/netinet/tcp_timer.h in FreeBSD bef ...)
-	TODO: check
+	NOT-FOR-US: FreeBSD
 CVE-2022-32263 (Pexip Infinity before 28.1 allows remote attackers to trigger a softwa ...)
 	NOT-FOR-US: Pexip Infinity
 CVE-2022-32262 (A vulnerability has been identified in SINEMA Remote Connect Server (A ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2f4eb0041c4c7259ea2eedd4343a2a47d88ee2f9

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2f4eb0041c4c7259ea2eedd4343a2a47d88ee2f9
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220912/5006dda4/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list