[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Sep 22 21:33:45 BST 2022 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
b39f9d07 by Salvatore Bonaccorso at 2022-09-22T22:32:53+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -876,13 +876,13 @@ CVE-2022-40937
 CVE-2022-40936
 	RESERVED
 CVE-2022-40935 (Online Pet Shop We App v1.0 is vulnerable to SQL Injection via /pet_sh ...)
-	TODO: check
+	NOT-FOR-US: Online Pet Shop We App
 CVE-2022-40934 (Online Pet Shop We App v1.0 is vulnerable to SQL injection via /pet_sh ...)
-	TODO: check
+	NOT-FOR-US: Online Pet Shop We App
 CVE-2022-40933 (Online Pet Shop We App v1.0 by oretnom23 is vulnerable to SQL injectio ...)
-	TODO: check
+	NOT-FOR-US: Online Pet Shop We App
 CVE-2022-40932 (In Zoo Management System v1.0, there is an arbitrary file upload vulne ...)
-	TODO: check
+	NOT-FOR-US: Zoo Management System
 CVE-2022-40931
 	RESERVED
 CVE-2022-40930
@@ -2069,15 +2069,15 @@ CVE-2022-40449
 CVE-2022-40448
 	RESERVED
 CVE-2022-40447 (ZZCMS 2022 was discovered to contain a SQL injection vulnerability via ...)
-	TODO: check
+	NOT-FOR-US: ZZCMS
 CVE-2022-40446 (ZZCMS 2022 was discovered to contain a SQL injection vulnerability via ...)
-	TODO: check
+	NOT-FOR-US: ZZCMS
 CVE-2022-40445
 	RESERVED
 CVE-2022-40444 (ZZCMS 2022 was discovered to contain a full path disclosure vulnerabil ...)
-	TODO: check
+	NOT-FOR-US: ZZCMS
 CVE-2022-40443 (An absolute path traversal vulnerability in ZZCMS 2022 allows attacker ...)
-	TODO: check
+	NOT-FOR-US: ZZCMS
 CVE-2022-40442
 	RESERVED
 CVE-2022-40441
@@ -4818,7 +4818,7 @@ CVE-2022-3095
 CVE-2022-3094
 	RESERVED
 CVE-2022-39197 (An XSS (Cross Site Scripting) vulnerability was found in HelpSystems C ...)
-	TODO: check
+	NOT-FOR-US: Cobalt Strike
 CVE-2022-39196 (Blackboard Learn 1.10.1 allows remote authenticated users to read unin ...)
 	NOT-FOR-US: Blackboard Learn
 CVE-2022-39195
@@ -10421,7 +10421,7 @@ CVE-2022-37236
 CVE-2022-37235
 	RESERVED
 CVE-2022-37234 (Netgear Nighthawk AC1900 Smart WiFi Dual Band Gigabit Router R7000-V1. ...)
-	TODO: check
+	NOT-FOR-US: Netgear
 CVE-2022-37233
 	RESERVED
 CVE-2022-37232
@@ -13321,15 +13321,15 @@ CVE-2022-36109 (Moby is an open-source project created by Docker to enable softw
 	NOTE: https://github.com/moby/moby/security/advisories/GHSA-rc4r-wh2q-q6c4
 	NOTE: https://github.com/moby/moby/commit/de7af816e76a7fd3fbf06bffa6832959289fba32
 CVE-2022-36108 (TYPO3 is an open source PHP based web content management system releas ...)
-	TODO: check
+	NOT-FOR-US: Typo3
 CVE-2022-36107 (TYPO3 is an open source PHP based web content management system releas ...)
-	TODO: check
+	NOT-FOR-US: Typo3
 CVE-2022-36106 (TYPO3 is an open source PHP based web content management system releas ...)
-	TODO: check
+	NOT-FOR-US: Typo3
 CVE-2022-36105 (TYPO3 is an open source PHP based web content management system releas ...)
-	TODO: check
+	NOT-FOR-US: Typo3
 CVE-2022-36104 (TYPO3 is an open source PHP based web content management system releas ...)
-	TODO: check
+	NOT-FOR-US: Typo3
 CVE-2022-36103 (Talos Linux is a Linux distribution built for Kubernetes deployments.  ...)
 	TODO: check
 CVE-2022-36102 (Shopware is an open source e-commerce software. In affected versions i ...)
@@ -13785,9 +13785,9 @@ CVE-2022-35897
 CVE-2022-35896 (An issue SMM memory leak vulnerability in SMM driver (SMRAM was discov ...)
 	TODO: check
 CVE-2022-35895 (An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5. ...)
-	TODO: check
+	NOT-FOR-US: Insyde
 CVE-2022-35894 (An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5. ...)
-	TODO: check
+	NOT-FOR-US: Insyde
 CVE-2022-35893
 	RESERVED
 CVE-2022-35892
@@ -15110,7 +15110,7 @@ CVE-2022-35409 (An issue was discovered in Mbed TLS before 2.28.1 and 3.x before
 	NOTE: https://github.com/Mbed-TLS/mbedtls/commit/6b4f062cde84b9df57275676c428508ec6e41211 (v2.28.1)
 	NOTE: https://github.com/Mbed-TLS/mbedtls/commit/719c723afc63930d3472a12c0edb654a7d08d6b9 (v2.28.1)
 CVE-2022-35408 (An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5. ...)
-	TODO: check
+	NOT-FOR-US: Insyde
 CVE-2022-35407
 	RESERVED
 CVE-2022-35406 (A URL disclosure issue was discovered in Burp Suite before 2022.6. If  ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b39f9d0739bef42db23996f57d0b341a19ee01b8

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b39f9d0739bef42db23996f57d0b341a19ee01b8
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220922/a6a9becc/attachment.htm>

More information about the debian-security-tracker-commits mailing list