[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) Sat, 23 Jul 2022 13:59:20 -0700


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
69fb4ec7 by Moritz Muehlenhoff at 2022-07-23T22:58:02+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -412,7 +412,7 @@ CVE-2022-2468 (A vulnerability was found in SourceCodester 
Garage Management Sys
 CVE-2022-2467 (A vulnerability has been found in SourceCodester Garage 
Management Sys ...)
        NOT-FOR-US: SourceCodester Garage Management
 CVE-2016-15004 (A vulnerability was found in InfiniteWP Client Plugin 
1.5.1.3/1.6.0. I ...)
-       TODO: check
+       NOT-FOR-US: InfiniteWP
 CVE-2022-35735
        RESERVED
 CVE-2022-35728
@@ -4771,7 +4771,8 @@ CVE-2022-34505
 CVE-2022-34504
        RESERVED
 CVE-2022-34503 (QPDF v8.4.2 was discovered to contain a heap buffer overflow 
via the f ...)
-       TODO: check
+       - qpdf <unfixed> (unimportant)
+       NOTE: Negligible security impact
 CVE-2022-34502 (Radare2 v5.7.0 was discovered to contain a heap buffer 
overflow via th ...)
        - radare2 <unfixed>
        NOTE: https://github.com/radareorg/radare2/issues/20336
@@ -12823,25 +12824,25 @@ CVE-2022-31512 (The Atom02/flask-mvc repository 
through 2020-09-14 on GitHub all
 CVE-2022-31511 (The AFDudley/equanimity repository through 2014-04-23 on 
GitHub allows ...)
        NOT-FOR-US: AFDudley/equanimity
 CVE-2022-31510 (The sergeKashkin/Simple-RAT repository before 2022-05-03 on 
GitHub all ...)
-       TODO: check
+       NOT-FOR-US: sergeKashkin/Simple-RAT
 CVE-2022-31509 (The iedadata/usap-dc-website repository through 1.0.1 on 
GitHub allows ...)
-       TODO: check
+       NOT-FOR-US: iedadata/usap-dc-website
 CVE-2022-31508 (The idayrus/evoting repository before 2022-05-08 on GitHub 
allows abso ...)
-       TODO: check
+       NOT-FOR-US: idayrus/evoting
 CVE-2022-31507 (The ganga-devs/ganga repository before 8.5.10 on GitHub allows 
absolut ...)
-       TODO: check
+       NOT-FOR-US: ganga-devs/ganga
 CVE-2022-31506 (The cmusatyalab/opendiamond repository through 10.1.1 on 
GitHub allows ...)
-       TODO: check
+       NOT-FOR-US: cmusatyalab/opendiamond
 CVE-2022-31505 (The cheo0/MercadoEnLineaBack repository through 2022-05-04 on 
GitHub a ...)
-       TODO: check
+       NOT-FOR-US: cheo0/MercadoEnLineaBack
 CVE-2022-31504 (The ChangeWeDer/BaiduWenkuSpider_flaskWeb repository before 
2021-11-29 ...)
-       TODO: check
+       NOT-FOR-US: ChangeWeDer/BaiduWenkuSpider_flaskWeb
 CVE-2022-31503 (The orchest/orchest repository before 2022.05.0 on GitHub 
allows absol ...)
-       TODO: check
+       NOT-FOR-US: orchest/orchest
 CVE-2022-31502 (The operatorequals/wormnest repository through 0.4.7 on GitHub 
allows  ...)
-       TODO: check
+       NOT-FOR-US: operatorequals/wormnest
 CVE-2022-31501 (The ChaoticOnyx/OnyxForum repository before 2022-05-04 on 
GitHub allow ...)
-       TODO: check
+       NOT-FOR-US: ChaoticOnyx/OnyxForum
 CVE-2022-31500 (In KNIME Analytics Platform below 4.6.0, the Windows installer 
sets im ...)
        NOT-FOR-US: KNIME Analytics Platform
 CVE-2022-31499
@@ -13671,7 +13672,7 @@ CVE-2022-31149
 CVE-2022-31148
        RESERVED
 CVE-2022-31147 (The jQuery Validation Plugin (jquery-validation) provides 
drop-in vali ...)
-       TODO: check
+       NOT-FOR-US: jquery-validation
 CVE-2022-31146 (Wasmtime is a standalone runtime for WebAssembly. There is a 
bug in th ...)
        NOT-FOR-US: wasmtime
 CVE-2022-31145 (FlyteAdmin is the control plane for Flyte responsible for 
managing ent ...)
@@ -15205,19 +15206,19 @@ CVE-2022-30628 (It was possible to download all 
receipts without authentication.
 CVE-2022-30627 (This vulnerability affects all of the company's products that 
also inc ...)
        NOT-FOR-US: Chcnav
 CVE-2022-30626 (Browsing the path: http://ip/wifi_ap_pata_get.cmd, will show 
in the na ...)
-       TODO: check
+       NOT-FOR-US: Chcnav
 CVE-2022-30625 (Directory listing is a web server function that displays the 
directory ...)
-       TODO: check
+       NOT-FOR-US: Chcnav
 CVE-2022-30624 (Browsing the admin.html page allows the user to reset the 
admin passwo ...)
-       TODO: check
+       NOT-FOR-US: Chcnav
 CVE-2022-30623 (The server checks the user's cookie in a non-standard way, and 
a value ...)
-       TODO: check
+       NOT-FOR-US: Chcnav
 CVE-2022-30622 (Disclosure of information - the system allows you to view 
usernames an ...)
-       TODO: check
+       NOT-FOR-US: Chcnav
 CVE-2022-30621 (Allows a remote user to read files on the camera's OS 
"GetFileContent. ...)
-       TODO: check
+       NOT-FOR-US: Cellinx
 CVE-2022-30620 (On Cellinx Camera with guest enabled, attacker with web access 
can ele ...)
-       TODO: check
+       NOT-FOR-US: Cellinx
 CVE-2022-30619 (Editable SQL Queries behind Base64 encoding sending from the 
Client-Si ...)
        NOT-FOR-US: Agile Point
 CVE-2022-30618 (An authenticated user with access to the Strapi admin panel 
can view p ...)
@@ -28933,7 +28934,7 @@ CVE-2022-25877
 CVE-2022-25876 (The package link-preview-js before 2.1.16 are vulnerable to 
Server-sid ...)
        NOT-FOR-US: Node link-preview-js
 CVE-2022-25875 (The package svelte before 3.49.0 are vulnerable to Cross-site 
Scriptin ...)
-       TODO: check
+       NOT-FOR-US: svelte
 CVE-2022-25874
        RESERVED
 CVE-2022-25873
@@ -29013,7 +29014,7 @@ CVE-2022-25761
 CVE-2022-25760 (All versions of package accesslog are vulnerable to Arbitrary 
Code Inj ...)
        NOT-FOR-US: accesslog Nodejs module
 CVE-2022-25759 (The package convert-svg-core before 0.6.2 are vulnerable to 
Remote Cod ...)
-       TODO: check
+       NOT-FOR-US: Node convert-svg-core
 CVE-2022-25758 (All versions of package scss-tokenizer are vulnerable to 
Regular Expre ...)
        - node-scss-tokenizer <itp> (bug #885456)
 CVE-2022-25648 (The package git before 1.11.0 are vulnerable to Command 
Injection via  ...)
@@ -29362,9 +29363,9 @@ CVE-2022-25802 (Best Practical Request Tracker (RT) 
before 4.4.6 and 5.x before
        - request-tracker5 5.0.3+dfsg-1
        - request-tracker4 4.4.6+dfsg-1
 CVE-2022-25801 (Best Practical RT for Incident Response (RTIR) before 4.0.3 
and 5.x be ...)
-       TODO: check
+       NOT-FOR-US: Best Practical RT for Incident Response
 CVE-2022-25800 (Best Practical RT for Incident Response (RTIR) before 4.0.3 
and 5.x be ...)
-       TODO: check
+       NOT-FOR-US: Best Practical RT for Incident Response
 CVE-2022-25799
        RESERVED
 CVE-2022-25798



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/69fb4ec74305f277063625fa604fac8364264f80

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/69fb4ec74305f277063625fa604fac8364264f80
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] NFUs

Reply via email to