[Git][security-tracker-team/security-tracker][master] Process some NFUs

Wed, 27 Apr 2022 01:15:58 -0700 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
9a72bc74 by Salvatore Bonaccorso at 2022-04-27T10:15:21+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -2460,7 +2460,7 @@ CVE-2022-28920
 CVE-2022-28919
        RESERVED
 CVE-2022-28918 (GreenCMS v2.3.0603 was discovered to contain an arbitrary file 
deletio ...)
-       TODO: check
+       NOT-FOR-US: GreenCMS
 CVE-2022-28917
        RESERVED
 CVE-2022-28916
@@ -3485,21 +3485,21 @@ CVE-2022-28530
 CVE-2022-28529
        RESERVED
 CVE-2022-28528 (bloofoxCMS v0.5.2.1 was discovered to contain an arbitrary 
file upload ...)
-       TODO: check
+       NOT-FOR-US: bloofoxCMS
 CVE-2022-28527 (dhcms v20170919 was discovered to contain an arbitrary folder 
deletion ...)
-       TODO: check
+       NOT-FOR-US: dhcms
 CVE-2022-28526
        RESERVED
 CVE-2022-28525 (ED01-CMS v20180505 was discovered to contain an arbitrary file 
upload  ...)
-       TODO: check
+       NOT-FOR-US: ED01-CMS
 CVE-2022-28524 (ED01-CMS v20180505 was discovered to contain a SQL injection 
vulnerabi ...)
-       TODO: check
+       NOT-FOR-US: ED01-CMS
 CVE-2022-28523 (HongCMS 3.0.0 allows arbitrary file deletion via the component 
/admin/ ...)
-       TODO: check
+       NOT-FOR-US: HongCMS
 CVE-2022-28522 (ZCMS v20170206 was discovered to contain a stored cross-site 
scripting ...)
-       TODO: check
+       NOT-FOR-US: ZCMS
 CVE-2022-28521 (ZCMS v20170206 was discovered to contain a file inclusion 
vulnerabilit ...)
-       TODO: check
+       NOT-FOR-US: ZCMS
 CVE-2022-28520
        RESERVED
 CVE-2022-28519
@@ -3642,11 +3642,11 @@ CVE-2022-28452
 CVE-2022-28451
        RESERVED
 CVE-2022-28450 (nopCommerce 4.50.1 is vulnerable to Cross Site Scripting (XSS) 
via the ...)
-       TODO: check
+       NOT-FOR-US: nopCommerce
 CVE-2022-28449 (nopCommerce 4.50.1 is vulnerable to Cross Site Scripting 
(XSS). At App ...)
-       TODO: check
+       NOT-FOR-US: nopCommerce
 CVE-2022-28448 (nopCommerce 4.50.1 is vulnerable to Cross Site Scripting 
(XSS). An att ...)
-       TODO: check
+       NOT-FOR-US: nopCommerce
 CVE-2022-28447
        RESERVED
 CVE-2022-28446
@@ -4978,9 +4978,9 @@ CVE-2022-28061
 CVE-2022-28060
        RESERVED
 CVE-2022-28059 (Verydows v2.0 was discovered to contain an arbitrary file 
deletion vul ...)
-       TODO: check
+       NOT-FOR-US: Verydows
 CVE-2022-28058 (Verydows v2.0 was discovered to contain an arbitrary file 
deletion vul ...)
-       TODO: check
+       NOT-FOR-US: Verydows
 CVE-2022-28057
        RESERVED
 CVE-2022-28056
@@ -5372,7 +5372,7 @@ CVE-2022-27890
 CVE-2022-27889
        RESERVED
 CVE-2022-27888 (Foundry Issues service versions 2.244.0 to 2.249.0 was found 
to be log ...)
-       TODO: check
+       NOT-FOR-US: Foundry Issues service
 CVE-2022-1102
        RESERVED
 CVE-2022-1101
@@ -13676,7 +13676,7 @@ CVE-2022-24882 (FreeRDP is a free implementation of the 
Remote Desktop Protocol
        NOTE: https://gitlab.gnome.org/GNOME/gnome-remote-desktop/-/issues/95
        NOTE: Pull request for stable 2.0 branch: 
https://github.com/FreeRDP/FreeRDP/pull/7750
 CVE-2022-24881 (Ballcat Codegen provides the function of online editing code 
to genera ...)
-       TODO: check
+       NOT-FOR-US: Ballcat Codegen
 CVE-2022-24880 (flask-session-captcha is a package which allows users to 
extend Flask  ...)
        NOT-FOR-US: flask-session-captcha
 CVE-2022-24879
@@ -13709,7 +13709,7 @@ CVE-2022-24867 (GLPI is a Free Asset and IT Management 
Software package, that pr
        - glpi <removed> (unimportant)
        NOTE: Only supported behind an authenticated HTTP zone
 CVE-2022-24866 (Discourse Assign is a plugin for assigning users to a topic in 
Discour ...)
-       TODO: check
+       NOT-FOR-US: Discourse
 CVE-2022-24865 (HumHub is an Open Source Enterprise Social Network. In 
affected versio ...)
        NOT-FOR-US: HumHub
 CVE-2022-24864 (Origin Protocol is a blockchain based project. The Origin 
Protocol pro ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9a72bc74062a5620d876cdf0a08b20dc2a990d94

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9a72bc74062a5620d876cdf0a08b20dc2a990d94
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to