[Git][security-tracker-team/security-tracker][master] Process some NFUs

Thu, 19 May 2022 02:17:28 -0700 


Neil Williams pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
fec78624 by Neil Williams at 2022-05-19T10:16:53+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -6330,13 +6330,13 @@ CVE-2022-28926
 CVE-2022-28925
        RESERVED
 CVE-2022-28924 (An information disclosure vulnerability in UniverSIS-Students 
before v ...)
-       TODO: check
+       NOT-FOR-US: UniverSIS
 CVE-2022-28923
        RESERVED
 CVE-2022-28922
        RESERVED
 CVE-2022-28921 (A Cross-Site Request Forgery (CSRF) vulnerability discovered 
in BlogEn ...)
-       TODO: check
+       NOT-FOR-US: BlogEngine.NET
 CVE-2022-28920 (Tieba-Cloud-Sign v4.9 was discovered to contain a cross-site 
scripting ...)
        NOT-FOR-US: Baidu Tieba
 CVE-2022-28919 (HTMLCreator release_stable_2020-07-29 was discovered to 
contain a cros ...)
@@ -12848,7 +12848,7 @@ CVE-2022-25943 (The installer of WPS Office for Windows 
versions prior to v11.2.
 CVE-2022-0880 (Cross-site Scripting (XSS) - Stored in GitHub repository 
star7th/showd ...)
        NOT-FOR-US: ShowDoc
 CVE-2022-26650 (In Apache ShenYui, ShenYu-Bootstrap, RegexPredicateJudge.java 
uses Pat ...)
-       TODO: check
+       NOT-FOR-US: Apache ShenYu
 CVE-2022-26649
        RESERVED
 CVE-2022-26648
@@ -15632,7 +15632,7 @@ CVE-2022-25619 (Improper Neutralization of Special 
Elements used in a Command ('
 CVE-2022-25618 (Authenticated (admin+) Stored Cross-Site Scripting (XSS) 
vulnerability ...)
        NOT-FOR-US: WordPress plugin
 CVE-2022-25617 (Reflected Cross-Site Scripting (XSS) vulnerability in Code 
Snippets pl ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-25616
        RESERVED
 CVE-2022-25615 (Cross-Site Request Forgery (CSRF) in StylemixThemes eRoom 
– Zoom ...)
@@ -16965,9 +16965,9 @@ CVE-2022-25164
 CVE-2022-25163
        RESERVED
 CVE-2022-25162 (Improper Input Validation vulnerability in Mitsubishi Electric 
MELSEC  ...)
-       TODO: check
+       NOT-FOR-US: Mitsubishi
 CVE-2022-25161 (Improper Input Validation vulnerability in Mitsubishi Electric 
MELSEC  ...)
-       TODO: check
+       NOT-FOR-US: Mitsubishi
 CVE-2022-25160 (Cleartext Storage of Sensitive Information vulnerability in 
Mitsubishi ...)
        NOT-FOR-US: Mitsubishi
 CVE-2022-25159 (Authentication Bypass by Capture-replay vulnerability in 
Mitsubishi El ...)
@@ -17761,7 +17761,7 @@ CVE-2022-24891 (ESAPI (The OWASP Enterprise Security 
API) is a free, open source
        NOTE: 
https://github.com/ESAPI/esapi-java-legacy/blob/develop/documentation/ESAPI-security-bulletin8.pdf
        NOTE: 
https://github.com/ESAPI/esapi-java-legacy/blob/develop/documentation/esapi4java-core-2.3.0.0-release-notes.txt
 CVE-2022-24890 (Nextcloud Talk is a video and audio conferencing app for 
Nextcloud. In ...)
-       TODO: check
+       NOT-FOR-US: Nextcloud talk app
 CVE-2022-24889 (Nextcloud Server is the file server software for Nextcloud, a 
self-hos ...)
        - nextcloud-server <itp> (bug #941708)
 CVE-2022-24888 (Nextcloud Server is the file server software for Nextcloud, a 
self-hos ...)
@@ -24312,9 +24312,9 @@ CVE-2022-23070
 CVE-2022-23069
        RESERVED
 CVE-2022-23068 (ToolJet versions v0.6.0 to v1.10.2 are vulnerable to HTML 
injection wh ...)
-       TODO: check
+       NOT-FOR-US: ToolJet
 CVE-2022-23067 (ToolJet versions v0.5.0 to v1.2.2 are vulnerable to token 
leakage via  ...)
-       TODO: check
+       NOT-FOR-US: ToolJet
 CVE-2022-23066 (In Solana rBPF versions 0.2.26 and 0.2.27 are affected by 
Incorrect Ca ...)
        NOT-FOR-US: Solana rBPF
 CVE-2022-23065 (In Vendure versions 0.1.0-alpha.2 to 1.5.1 are affected by 
Stored XSS  ...)
@@ -24546,7 +24546,7 @@ CVE-2022-22977
 CVE-2022-22976
        RESERVED
 CVE-2022-22975 (An issue was discovered in the Pinniped Supervisor with either 
LADPIde ...)
-       TODO: check
+       NOT-FOR-US: vmware-tanzu/pinniped
 CVE-2022-22974
        RESERVED
 CVE-2022-22973



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fec78624ee57aa713ee39844dbe6092fe8435524

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fec78624ee57aa713ee39844dbe6092fe8435524
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to