[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed Sep 21 11:05:26 BST 2022 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
e1a270dc by Salvatore Bonaccorso at 2022-09-21T12:04:59+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -13098,7 +13098,7 @@ CVE-2022-36077
 CVE-2022-36076 (NodeBB Forum Software is powered by Node.js and supports either Redis, ...)
 	NOT-FOR-US: NodeBB
 CVE-2022-36075 (Nextcloud files access control is a nextcloud app to manage access con ...)
-	TODO: check
+	NOT-FOR-US: Nextcloud files access control App
 CVE-2022-36074 (Nextcloud server is an open source personal cloud product. Affected ve ...)
 	- nextcloud-server <itp> (bug #941708)
 CVE-2022-36073 (RubyGems.org is the Ruby community gem host. A bug in password & e ...)
@@ -13446,7 +13446,7 @@ CVE-2022-35916 (OpenZeppelin Contracts is a library for secure smart contract de
 CVE-2022-35915 (OpenZeppelin Contracts is a library for secure smart contract developm ...)
 	NOT-FOR-US: OpenZeppelin
 CVE-2022-35914 (/vendor/htmlawed/htmlawed/htmLawedTest.php in the htmlawed module for  ...)
-	TODO: check
+	NOT-FOR-US: htmlawed module for GLPI
 CVE-2022-35913 (Samourai Wallet Stonewallx2 0.99.98e allows a denial of service via a  ...)
 	NOT-FOR-US: Samourai Wallet Stonewallx2
 CVE-2022-35912 (In grails-databinding in Grails before 3.3.15, 4.x before 4.1.1, 5.x b ...)
@@ -13975,27 +13975,27 @@ CVE-2022-35711
 CVE-2022-35710
 	RESERVED
 CVE-2022-35709 (Adobe Bridge version 12.0.2 (and earlier) and 11.1.3 (and earlier) are ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2022-35708 (Adobe Bridge version 12.0.2 (and earlier) and 11.1.3 (and earlier) are ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2022-35707 (Adobe Bridge version 12.0.2 (and earlier) and 11.1.3 (and earlier) are ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2022-35706 (Adobe Bridge version 12.0.2 (and earlier) and 11.1.3 (and earlier) are ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2022-35705 (Adobe Bridge version 12.0.2 (and earlier) and 11.1.3 (and earlier) are ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2022-35704 (Adobe Bridge version 12.0.2 (and earlier) and 11.1.3 (and earlier) are ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2022-35703 (Adobe Bridge version 12.0.2 (and earlier) and 11.1.3 (and earlier) are ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2022-35702 (Adobe Bridge version 12.0.2 (and earlier) and 11.1.3 (and earlier) are ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2022-35701 (Adobe Bridge version 12.0.2 (and earlier) and 11.1.3 (and earlier) are ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2022-35700 (Adobe Bridge version 12.0.2 (and earlier) and 11.1.3 (and earlier) are ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2022-35699 (Adobe Bridge version 12.0.2 (and earlier) and 11.1.3 (and earlier) are ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2022-35698
 	RESERVED
 CVE-2022-35697 (Adobe Experience Manager Core Components version 2.20.6 (and earlier)  ...)
@@ -14771,7 +14771,7 @@ CVE-2022-2362 (The Download Manager WordPress plugin before 3.2.50 prioritizes g
 CVE-2022-2361 (The WP Social Chat WordPress plugin before 6.0.5 does not sanitise and ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-35413 (WAPPLES through 6.0 has a hardcoded systemi account accessible via db/ ...)
-	TODO: check
+	NOT-FOR-US: Penta Security Systems Inc WAPPLES
 CVE-2022-35412 (Digital Guardian Agent 7.7.4.0042 allows an administrator (who ordinar ...)
 	NOT-FOR-US: Digital Guardian Agent
 CVE-2022-2360
@@ -15138,7 +15138,7 @@ CVE-2022-2335 (A crafted HTTP packet with a -1 content-length header can create
 CVE-2022-2334 (The application searches for a library dll that is not found. If an at ...)
 	NOT-FOR-US: Softing Industrial Automation
 CVE-2022-2333 (If an attacker manages to trick a valid user into loading a malicious  ...)
-	TODO: check
+	NOT-FOR-US: Honeywell
 CVE-2022-2332 (A local unprivileged attacker may escalate to administrator privileges ...)
 	NOT-FOR-US: Honeywell
 CVE-2022-35271
@@ -15359,13 +15359,13 @@ CVE-2022-35198 (Contract Management System v2.0 contains a weak default password
 CVE-2022-35197
 	RESERVED
 CVE-2022-35196 (TestLink v1.9.20 was discovered to contain a Cross-Site Request Forger ...)
-	TODO: check
+	NOT-FOR-US: TestLink
 CVE-2022-35195 (TestLink 1.9.20 Raijin was discovered to contain a broken access contr ...)
-	TODO: check
+	NOT-FOR-US: TestLink
 CVE-2022-35194 (TestLink v1.9.20 was discovered to contain a stored cross-site scripti ...)
-	TODO: check
+	NOT-FOR-US: TestLink
 CVE-2022-35193 (TestLink v1.9.20 was discovered to contain a SQL injection vulnerabili ...)
-	TODO: check
+	NOT-FOR-US: TestLink
 CVE-2022-35192 (D-Link Wireless AC1200 Dual Band VDSL ADSL Modem Router DSL-3782 Firmw ...)
 	NOT-FOR-US: D-Link
 CVE-2022-35191 (D-Link Wireless AC1200 Dual Band VDSL ADSL Modem Router DSL-3782 Firmw ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e1a270dc75fb4ae9394fda54055df51812badde8

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e1a270dc75fb4ae9394fda54055df51812badde8
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220921/82d3bfa7/attachment.htm>

More information about the debian-security-tracker-commits mailing list