[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) Fri, 15 Jul 2022 08:19:34 -0700


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
d7a8bd97 by Moritz Muehlenhoff at 2022-07-15T17:19:08+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -72,7 +72,7 @@ CVE-2022-35859
 CVE-2022-35858
        RESERVED
 CVE-2022-35857 (kvf-admin through 2022-02-12 allows remote attackers to 
execute arbitr ...)
-       TODO: check
+       NOT-FOR-US: kvf-admin
 CVE-2022-35856
        RESERVED
 CVE-2022-35855
@@ -1043,7 +1043,7 @@ CVE-2022-35414 (softmmu/physmem.c in QEMU through 7.0.0 
can perform an uninitial
 CVE-2022-2366 (Incorrect default configuration for trusted IP header in 
Mattermost ve ...)
        - mattermost-server <itp> (bug #823556)
 CVE-2022-2365 (Cross-site Scripting (XSS) - Stored in GitHub repository 
zadam/trilium ...)
-       TODO: check
+       NOT-FOR-US: Trilium Notes
 CVE-2022-2364 (A vulnerability, which was classified as problematic, was found 
in Sou ...)
        NOT-FOR-US: Simple Parking Management System
 CVE-2022-2363 (A vulnerability, which was classified as problematic, has been 
found i ...)
@@ -1071,7 +1071,7 @@ CVE-2022-2355
 CVE-2022-2354
        RESERVED
 CVE-2022-35411 (rpc.py through 0.6.0 allows Remote Code Execution because an 
unpickle  ...)
-       TODO: check
+       NOT-FOR-US: rpc.py
 CVE-2022-35410 (mat2 (aka metadata anonymisation toolkit) before 0.13.0 allows 
../ dir ...)
        - mat2 0.13.0-1
        NOTE: 
https://0xacab.org/jvoisin/mat2/-/commit/beebca4bf1cd3b935824c966ce077e7bcf610385
@@ -4547,11 +4547,11 @@ CVE-2022-34096
 CVE-2022-34095
        RESERVED
 CVE-2022-34094 (Portal do Software Publico Brasileiro i3geo v7.0.5 was 
discovered to c ...)
-       TODO: check
+       NOT-FOR-US: Portal do Software Publico Brasileiro i3geo
 CVE-2022-34093 (Portal do Software Publico Brasileiro i3geo v7.0.5 was 
discovered to c ...)
-       TODO: check
+       NOT-FOR-US: Portal do Software Publico Brasileiro i3geo
 CVE-2022-34092 (Portal do Software Publico Brasileiro i3geo v7.0.5 was 
discovered to c ...)
-       TODO: check
+       NOT-FOR-US: Portal do Software Publico Brasileiro i3geo
 CVE-2022-34091
        RESERVED
 CVE-2022-34090
@@ -7084,7 +7084,7 @@ CVE-2022-33013
 CVE-2022-33012
        RESERVED
 CVE-2022-33011 (Known v1.3.1+2020120201 was discovered to allow attackers to 
perform a ...)
-       TODO: check
+       NOT-FOR-US: Known
 CVE-2022-33010
        RESERVED
 CVE-2022-33009 (A stored cross-site scripting (XSS) vulnerability in LightCMS 
v1.3.11  ...)
@@ -8594,7 +8594,7 @@ CVE-2022-32427
 CVE-2022-32426
        RESERVED
 CVE-2022-32425 (The login function of Mealie v1.0.0beta-2 allows attackers to 
enumerat ...)
-       TODO: check
+       NOT-FOR-US: Mealie
 CVE-2022-32424
        RESERVED
 CVE-2022-32423
@@ -8610,15 +8610,15 @@ CVE-2022-32419
 CVE-2022-32418
        RESERVED
 CVE-2022-32417 (PbootCMS v3.1.2 was discovered to contain a remote code 
execution (RCE ...)
-       TODO: check
+       NOT-FOR-US: PbootCMS
 CVE-2022-32416 (Product Show Room Site v1.0 is vulnerable to SQL Injection via 
/psrs/c ...)
-       TODO: check
+       NOT-FOR-US: Product Show Room Site
 CVE-2022-32415 (Product Show Room Site v1.0 is vulnerable to SQL Injection via 
/psrs/? ...)
-       TODO: check
+       NOT-FOR-US: Product Show Room Site
 CVE-2022-32414 (Nginx NJS v0.7.2 was discovered to contain a segmentation 
violation in ...)
        NOT-FOR-US: njs
 CVE-2022-32413 (An arbitrary file upload vulnerability in Dice v4.2.0 allows 
attackers ...)
-       TODO: check
+       NOT-FOR-US: Dice
 CVE-2022-32412 (An issue in the /template/edit component of HongCMS v3.0 
allows attack ...)
        NOT-FOR-US: HongCMS
 CVE-2022-32411 (An issue in the languages config file of HongCMS v3.0 allows 
attackers ...)
@@ -8626,13 +8626,13 @@ CVE-2022-32411 (An issue in the languages config file 
of HongCMS v3.0 allows att
 CVE-2022-32410
        RESERVED
 CVE-2022-32409 (A local file inclusion (LFI) vulnerability in the component 
codemirror ...)
-       TODO: check
+       NOT-FOR-US: Portal do Software Publico Brasileiro i3geo
 CVE-2022-32408
        RESERVED
 CVE-2022-32407
        RESERVED
 CVE-2022-32406 (GtkRadiant v1.6.6 was discovered to contain a buffer overflow 
via the  ...)
-       TODO: check
+       NOT-FOR-US: GtkRadiant
 CVE-2022-32405 (Prison Management System v1.0 was discovered to contain a SQL 
injectio ...)
        NOT-FOR-US: Prison Management System
 CVE-2022-32404 (Prison Management System v1.0 was discovered to contain a SQL 
injectio ...)
@@ -8666,7 +8666,7 @@ CVE-2022-32391 (Prison Management System v1.0 was 
discovered to contain a SQL in
 CVE-2022-32390
        RESERVED
 CVE-2022-32389 (Isode SWIFT v4.0.2 was discovered to contain hard-coded 
credentials in ...)
-       TODO: check
+       NOT-FOR-US: Isode SWIFT (different than src:swift)
 CVE-2022-32388
        RESERVED
 CVE-2022-32387
@@ -8808,7 +8808,7 @@ CVE-2022-32320
 CVE-2022-32319
        RESERVED
 CVE-2022-32318 (Fast Food Ordering System v1.0 was discovered to contain a 
persistent  ...)
-       TODO: check
+       NOT-FOR-US: Fast Food Ordering System
 CVE-2022-32317 (The MPlayer Project v1.5 was discovered to contain a heap 
use-after-fr ...)
        TODO: check
 CVE-2022-32316
@@ -9545,7 +9545,7 @@ CVE-2022-32117 (Jerryscript v2.4.0 was discovered to 
contain a stack buffer over
 CVE-2022-32116
        RESERVED
 CVE-2022-32115 (An issue in the isSVG() function of Known v1.2.2+2020061101 
allows att ...)
-       TODO: check
+       NOT-FOR-US: Known
 CVE-2022-32114 (An unrestricted file upload vulnerability in the Add New 
Assets functi ...)
        TODO: check
 CVE-2022-32113
@@ -11812,7 +11812,7 @@ CVE-2022-31291 (An issue in dlt_config_file_parser.c of 
dlt-daemon v2.18.8 allow
        NOTE: https://github.com/COVESA/dlt-daemon/pull/376
        NOTE: 
https://github.com/COVESA/dlt-daemon/commit/6a3bd901d825c7206797e36ea98e10a218f5aad2
 CVE-2022-31290 (A cross-site scripting (XSS) vulnerability in Known 
v1.2.2+2020061101  ...)
-       TODO: check
+       NOT-FOR-US: Known
 CVE-2022-31289
        REJECTED
 CVE-2022-31288



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d7a8bd97ba337b97fdad0941d18f614a6bf71e79

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d7a8bd97ba337b97fdad0941d18f614a6bf71e79
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] NFUs

Reply via email to