[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) Wed, 04 May 2022 09:05:29 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
38810bb6 by Salvatore Bonaccorso at 2022-05-04T18:04:51+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -265,7 +265,7 @@ CVE-2022-1550
 CVE-2022-1549
        RESERVED
 CVE-2022-1548 (Mattermost Playbooks plugin 1.25 and earlier fails to properly 
restric ...)
-       TODO: check
+       NOT-FOR-US: Mattermost Playbooks plugin
 CVE-2022-1547
        RESERVED
 CVE-2022-1546
@@ -1028,7 +1028,7 @@ CVE-2022-29809
 CVE-2022-1503 (A vulnerability, which was classified as problematic, has been 
found i ...)
        NOT-FOR-US: GetSimple CMS
 CVE-2022-1502 (Permissions were not properly verified in the API on projects 
using ve ...)
-       TODO: check
+       NOT-FOR-US: Octopus Server
 CVE-2022-1501
        RESERVED
        {DSA-5125-1}
@@ -3822,13 +3822,13 @@ CVE-2022-28794
 CVE-2022-28793 (Given the TEE is compromised and controlled by the attacker, 
improper  ...)
        TODO: check
 CVE-2022-28792 (DLL hijacking vulnerability in Gear IconX PC Manager prior to 
version  ...)
-       TODO: check
+       NOT-FOR-US: Gear IconX PC Manager
 CVE-2022-28791 (Improper input validation vulnerability in InstallAgent in 
Galaxy Stor ...)
-       TODO: check
+       NOT-FOR-US: Samsung
 CVE-2022-28790 (Improper authentication in Link to Windows Service prior to 
version 2. ...)
        TODO: check
 CVE-2022-28789 (Unprotected activities in Voice Note prior to version 
21.3.51.11 allow ...)
-       TODO: check
+       NOT-FOR-US: Samsung / Voice Note
 CVE-2022-28788 (Improper buffer size check logic in aviextractor library prior 
to SMR  ...)
        TODO: check
 CVE-2022-28787 (Improper buffer size check logic in wmfextractor library prior 
to SMR  ...)
@@ -3838,15 +3838,15 @@ CVE-2022-28786 (Improper buffer size check logic in 
aviextractor library prior t
 CVE-2022-28785 (Improper buffer size check logic in aviextractor library prior 
to SMR  ...)
        TODO: check
 CVE-2022-28784 (Path traversal vulnerability in Galaxy Themes prior to SMR 
May-2022 Re ...)
-       TODO: check
+       NOT-FOR-US: Samsung / Galaxy Themes
 CVE-2022-28783 (Improper validation of removing package name in Galaxy Themes 
prior to ...)
-       TODO: check
+       NOT-FOR-US: Samsung / Galaxy Themes
 CVE-2022-28782 (Improper access control vulnerability in Contents To Window 
prior to S ...)
        TODO: check
 CVE-2022-28781 (Improper input validation in Settings prior to SMR-May-2022 
Release 1  ...)
-       TODO: check
+       NOT-FOR-US: Samsung / Settings
 CVE-2022-28780 (Improper access control vulnerability in Weather prior to SMR 
May-2022 ...)
-       TODO: check
+       NOT-FOR-US: Samsung / Weather
 CVE-2022-28779 (Uncontrolled search path element vulnerability in Samsung 
Android USB  ...)
        NOT-FOR-US: Samsung
 CVE-2022-28778 (Improper access control vulnerability in Samsung Security 
Supporter pr ...)
@@ -7654,7 +7654,7 @@ CVE-2022-27433
 CVE-2022-27432 (A Cross-Site Request Forgery (CSRF) in Pluck CMS v4.7.15 
allows attack ...)
        NOT-FOR-US: Pluck CMS
 CVE-2022-27431 (Wuzhicms v4.1.0 was discovered to contain a SQL injection 
vulnerabilit ...)
-       TODO: check
+       NOT-FOR-US: Wuzhicms
 CVE-2022-27430
        RESERVED
 CVE-2022-27429 (Jizhicms v1.9.5 was discovered to contain a Server-Side 
Request Forger ...)
@@ -7676,7 +7676,7 @@ CVE-2022-27422 (A reflected cross-site scripting (XSS) 
vulnerability in Chamilo
 CVE-2022-27421 (Chamilo LMS v1.11.13 lacks validation on the user modification 
form, a ...)
        NOT-FOR-US: Chamilo LMS
 CVE-2022-27420 (Hospital Management System v1.0 was discovered to contain a 
SQL inject ...)
-       TODO: check
+       NOT-FOR-US: Hospital Management System
 CVE-2022-27419 (rtl_433 21.12 was discovered to contain a stack overflow in 
the functi ...)
        - rtl-433 <unfixed> (bug #1009788)
        [bullseye] - rtl-433 <not-affected> (Vulnerable code introduced later)
@@ -7705,7 +7705,7 @@ CVE-2022-27415
 CVE-2022-27414
        RESERVED
 CVE-2022-27413 (Hospital Management System v1.0 was discovered to contain a 
SQL inject ...)
-       TODO: check
+       NOT-FOR-US: Hospital Management System
 CVE-2022-27412
        RESERVED
 CVE-2022-27411
@@ -7934,7 +7934,7 @@ CVE-2022-27332 (An access control issue in Zammad v5.0.3 
allows attackers to wri
 CVE-2022-27331 (An access control issue in Zammad v5.0.3 broadcasts 
administrative con ...)
        - zammad <itp> (bug #841355)
 CVE-2022-27330 (A cross-site scripting (XSS) vulnerability in 
/public/admin/index.php? ...)
-       TODO: check
+       NOT-FOR-US: E-Commerce Website
 CVE-2022-27329
        RESERVED
 CVE-2022-27328



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/38810bb6e37454077e390c39766a02e2b8e05bd9

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/38810bb6e37454077e390c39766a02e2b8e05bd9
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process some NFUs

Reply via email to