[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) Sat, 16 Apr 2022 00:04:26 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
85b47019 by Salvatore Bonaccorso at 2022-04-16T09:03:56+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -25,7 +25,7 @@ CVE-2022-29270
 CVE-2022-29269
        RESERVED
 CVE-2022-29268 (Bitrix through 7.5.0 allows remote attackers to execute 
arbitrary code ...)
-       TODO: check
+       NOT-FOR-US: Bitrix
 CVE-2022-29267
        RESERVED
 CVE-2022-1380
@@ -1092,11 +1092,11 @@ CVE-2022-28872
 CVE-2022-28871
        RESERVED
 CVE-2022-28870 (A vulnerability affecting F-Secure SAFE browser was 
discovered. A mali ...)
-       TODO: check
+       NOT-FOR-US: F-Secure
 CVE-2022-28869 (A vulnerability affecting F-Secure SAFE browser was 
discovered. A mali ...)
-       TODO: check
+       NOT-FOR-US: F-Secure
 CVE-2022-28868 (An Address bar spoofing vulnerability was discovered in Safe 
Browser f ...)
-       TODO: check
+       NOT-FOR-US: F-Secure
 CVE-2022-28867
        RESERVED
 CVE-2022-28866
@@ -1770,7 +1770,7 @@ CVE-2022-28610
 CVE-2022-26838
        RESERVED
 CVE-2022-1231 (XSS via Embedded SVG in SVG Diagram Format in GitHub repository 
plantu ...)
-       TODO: check
+       NOT-FOR-US: plantuml
 CVE-2022-1230
        RESERVED
 CVE-2022-1229
@@ -3341,7 +3341,7 @@ CVE-2022-28115 (Online Sports Complex Booking v1.0 was 
discovered to contain a S
 CVE-2022-28114
        RESERVED
 CVE-2022-28113 (An issue in upload.csp of FANTEC GmbH MWiD25-DS Firmware 
v2.000.030 al ...)
-       TODO: check
+       NOT-FOR-US: FANTEC GmbH MWiD25-DS Firmware
 CVE-2022-28112
        RESERVED
 CVE-2022-28111
@@ -3469,7 +3469,7 @@ CVE-2022-28051
 CVE-2022-28050
        RESERVED
 CVE-2022-28049 (NGINX NJS 0.7.2 was discovered to contain a NULL pointer 
dereference v ...)
-       TODO: check
+       NOT-FOR-US: njs
 CVE-2022-28048 (STB v2.27 was discovered to contain an integer shift of 
invalid size i ...)
        TODO: check
 CVE-2022-28047
@@ -4860,7 +4860,7 @@ CVE-2022-27476 (A cross-site scripting (XSS) 
vulnerability at /admin/goods/updat
 CVE-2022-27475 (Cross site scripting (XSS) vulnerability in tramyardg 
hotel-mgmt-syste ...)
        NOT-FOR-US: tramyardg hotel-mgmt-system
 CVE-2022-27474 (SuiteCRM v7.11.23 was discovered to allow remote code 
execution via a  ...)
-       TODO: check
+       NOT-FOR-US: SuiteCRM
 CVE-2022-27473 (SQL injection vulnerability in Topics Searching feature of 
Roothub 2.6 ...)
        NOT-FOR-US: Roothub
 CVE-2022-27472 (SQL injection vulnerability in Topics Counting feature of 
Roothub 2.6. ...)
@@ -5103,15 +5103,15 @@ CVE-2022-27371
 CVE-2022-27370
        RESERVED
 CVE-2022-27369 (Cscms Music Portal System v4.2 was discovered to contain a SQL 
injecti ...)
-       TODO: check
+       NOT-FOR-US: Cscms Music Portal System
 CVE-2022-27368 (Cscms Music Portal System v4.2 was discovered to contain a SQL 
injecti ...)
-       TODO: check
+       NOT-FOR-US: Cscms Music Portal System
 CVE-2022-27367 (Cscms Music Portal System v4.2 was discovered to contain a SQL 
injecti ...)
-       TODO: check
+       NOT-FOR-US: Cscms Music Portal System
 CVE-2022-27366 (Cscms Music Portal System v4.2 was discovered to contain a 
blind SQL i ...)
-       TODO: check
+       NOT-FOR-US: Cscms Music Portal System
 CVE-2022-27365 (Cscms Music Portal System v4.2 was discovered to contain a SQL 
injecti ...)
-       TODO: check
+       NOT-FOR-US: Cscms Music Portal System
 CVE-2022-27364
        RESERVED
 CVE-2022-27363
@@ -5315,13 +5315,13 @@ CVE-2022-27265
 CVE-2022-27264
        RESERVED
 CVE-2022-27263 (An arbitrary file upload vulnerability in the file upload 
module of St ...)
-       TODO: check
+       NOT-FOR-US: Strapi
 CVE-2022-27262 (An arbitrary file upload vulnerability in the file upload 
module of Sk ...)
        TODO: check
 CVE-2022-27261 (An arbitrary file write vulnerability in Express-FileUpload 
v1.3.1 all ...)
        TODO: check
 CVE-2022-27260 (An arbitrary file upload vulnerability in the file upload 
component of ...)
-       TODO: check
+       NOT-FOR-US: ButterCMS
 CVE-2022-27259
        RESERVED
 CVE-2022-27232
@@ -5361,9 +5361,9 @@ CVE-2022-1031 (Use After Free in op_is_set_bp in GitHub 
repository radareorg/rad
 CVE-2022-27258 (Multiple Cross-Site Scripting (XSS) vulnerabilities in 
Hubzilla 7.0.3  ...)
        TODO: check
 CVE-2022-27257 (A PHP Local File Inclusion vulneraility in the default 
Redbasic theme  ...)
-       TODO: check
+       NOT-FOR-US: Redbasic theme for Hubzilla
 CVE-2022-27256 (A PHP Local File inclusion vulnerability in the Redbasic theme 
for Hub ...)
-       TODO: check
+       NOT-FOR-US: Redbasic theme for Hubzilla
 CVE-2022-27255
        RESERVED
 CVE-2022-27254 (The remote keyless system on Honda Civic 2018 vehicles sends 
the same  ...)
@@ -5399,7 +5399,7 @@ CVE-2022-27243 (An issue was discovered in MISP before 
2.4.156. app/View/Users/t
 CVE-2022-27242
        RESERVED
 CVE-2022-27241 (A vulnerability has been identified in Mendix Applications 
using Mendi ...)
-       TODO: check
+       NOT-FOR-US: Siemens
 CVE-2022-1027
        RESERVED
 CVE-2022-1026 (Kyocera multifunction printers running vulnerable versions of 
Net View ...)
@@ -5563,7 +5563,7 @@ CVE-2022-27220
 CVE-2022-27219
        RESERVED
 CVE-2022-27194 (A vulnerability has been identified in SIMATIC PCS neo 
(Administration ...)
-       TODO: check
+       NOT-FOR-US: Siemens
 CVE-2022-0989 (An unprivileged user could use the functionality of the NS 
WooCommerce ...)
        NOT-FOR-US: WordPress plugin
 CVE-2022-0988 (Delta Electronics DIAEnergie (Version 1.7.5 and prior) is 
vulnerable t ...)
@@ -5876,9 +5876,9 @@ CVE-2022-27160
 CVE-2022-27159
        RESERVED
 CVE-2022-27158 (pearweb &lt; 1.32 suffers from Deserialization of Untrusted 
Data. ...)
-       TODO: check
+       NOT-FOR-US: pearweb
 CVE-2022-27157 (pearweb &lt; 1.32 is suffers from a Weak Password Recovery 
Mechanism v ...)
-       TODO: check
+       NOT-FOR-US: pearweb
 CVE-2022-27156 (Daylight Studio Fuel CMS 1.5.1 is vulnerable to HTML 
Injection. ...)
        NOT-FOR-US: Daylight Studio Fuel CMS
 CVE-2022-27155
@@ -6104,7 +6104,7 @@ CVE-2022-27050 (BitComet Service for Windows before 
version 1.8.6 contains an un
 CVE-2022-27049 (Raidrive before v2021.12.35 allows attackers to arbitrarily 
move log f ...)
        NOT-FOR-US: Raidrive
 CVE-2022-27048 (A vulnerability has been discovered in Moxa MGate which allows 
an atta ...)
-       TODO: check
+       NOT-FOR-US: Moxa
 CVE-2022-27047 (mogu_blog_cms 5.2 suffers from upload arbitrary files without 
any limi ...)
        NOT-FOR-US: mogu_blog_cms
 CVE-2022-27046 (libsixel 1.8.6 suffers from a Heap Use After Free 
vulnerability in in  ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/85b47019e55e4bccb8f95c8e368dca2df066df8d

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/85b47019e55e4bccb8f95c8e368dca2df066df8d
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process some NFUs

Reply via email to