[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) Mon, 22 Aug 2022 13:28:23 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
f55ebfc9 by Salvatore Bonaccorso at 2022-08-22T22:25:58+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -75,7 +75,7 @@ CVE-2022-2929
 CVE-2022-2928
        RESERVED
 CVE-2022-2927 (Weak Password Requirements in GitHub repository 
notrinos/notrinoserp p ...)
-       TODO: check
+       NOT-FOR-US: NotrinosERP
 CVE-2022-2926
        RESERVED
 CVE-2022-38647
@@ -675,7 +675,7 @@ CVE-2022-38397
 CVE-2022-2891
        RESERVED
 CVE-2022-2890 (Cross-site Scripting (XSS) - Stored in GitHub repository 
yetiforcecomp ...)
-       TODO: check
+       NOT-FOR-US: yetiforcecrm
 CVE-2022-2889 (Use After Free in GitHub repository vim/vim prior to 9.0.0225. 
...)
        - vim 2:9.0.0229-1
        NOTE: https://huntr.dev/bounties/d1ac9817-825d-49ce-b514-1d5b12b6bdaa
@@ -894,7 +894,7 @@ CVE-2022-2843 (A vulnerability was found in MotoPress 
Timetable and Event Schedu
 CVE-2022-2842
        RESERVED
 CVE-2022-2841 (A vulnerability was found in CrowdStrike Falcon 
6.31.14505.0/6.42.1561 ...)
-       TODO: check
+       NOT-FOR-US: CrowdStrike Falcon
 CVE-2022-2840
        RESERVED
 CVE-2022-2839
@@ -4006,9 +4006,9 @@ CVE-2022-37136
 CVE-2022-37135
        RESERVED
 CVE-2022-37134 (D-link DIR-816 A2_v1.10CNB04.img is vulnerable to Buffer 
Overflow via  ...)
-       TODO: check
+       NOT-FOR-US: D-link
 CVE-2022-37133 (D-link DIR-816 A2_v1.10CNB04.img reboots the router without 
authentica ...)
-       TODO: check
+       NOT-FOR-US: D-link
 CVE-2022-37132
        RESERVED
 CVE-2022-37131
@@ -5785,7 +5785,7 @@ CVE-2022-36371
 CVE-2022-36357
        RESERVED
 CVE-2022-36346 (Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in 
Max Foun ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-36344 (An unquoted search path vulnerability exists in 'JustSystems 
JUST Onli ...)
        NOT-FOR-US: JustSystems
 CVE-2022-36343 (Authenticated (author or higher user role) Stored Cross-Site 
Scripting ...)
@@ -5811,7 +5811,7 @@ CVE-2022-34868
 CVE-2022-34867
        RESERVED
 CVE-2022-34857 (Reflected Cross-Site Scripting (XSS) vulnerability in 
smartypants SP P ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-34658
        RESERVED
 CVE-2022-34656
@@ -7672,11 +7672,11 @@ CVE-2022-35658
 CVE-2022-35657
        RESERVED
 CVE-2022-35656 (Pega Platform from 8.3 to 8.7.3 vulnerability may allow 
authenticated  ...)
-       TODO: check
+       NOT-FOR-US: Pega Platform
 CVE-2022-35655 (Pega Platform from 7.3 to 8.7.3 is affected by an XSS issue 
due to a m ...)
-       TODO: check
+       NOT-FOR-US: Pega Platform
 CVE-2022-35654 (Pega Platform from 8.5.4 to 8.7.3 is affected by an XSS issue 
with an  ...)
-       TODO: check
+       NOT-FOR-US: Pega Platform
 CVE-2022-35653 (A reflected XSS issue was identified in the LTI module of 
Moodle. The  ...)
        - moodle <removed>
 CVE-2022-35652 (An open redirect issue was found in Moodle due to improper 
sanitizatio ...)
@@ -8920,7 +8920,7 @@ CVE-2022-35152
 CVE-2022-35151 (kkFileView v4.1.0 was discovered to contain multiple 
cross-site script ...)
        NOT-FOR-US: kkFileview
 CVE-2022-35150 (Baijicms v4 was discovered to contain an arbitrary file upload 
vulnera ...)
-       TODO: check
+       NOT-FOR-US: Baijicms
 CVE-2022-35149
        RESERVED
 CVE-2022-35148 (maccms10 v2021.1000.1081 to v2022.1000.3031 was discovered to 
contain  ...)
@@ -9645,7 +9645,7 @@ CVE-2022-34871 (This vulnerability allows remote 
attackers to escalate privilege
 CVE-2022-34870
        RESERVED
 CVE-2022-34858 (Authentication Bypass vulnerability in miniOrange OAuth 2.0 
client for ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-34853 (Multiple Authenticated (contributor or higher user role) 
Persistent Cr ...)
        NOT-FOR-US: WordPress plugin
 CVE-2022-34847
@@ -9665,11 +9665,11 @@ CVE-2022-34650 (Multiple Authenticated (contributor or 
higher user role) Stored
 CVE-2022-34487 (Unauthenticated Arbitrary Option Update vulnerability in 
biplob018's S ...)
        NOT-FOR-US: WordPress plugin
 CVE-2022-34347 (Cross-Site Request Forgery (CSRF) vulnerability in W3 Eden 
Download Ma ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-34155
        RESERVED
 CVE-2022-34149 (Authentication Bypass vulnerability in miniOrange WP OAuth 
Server plug ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-34148
        RESERVED
 CVE-2022-33974
@@ -9683,7 +9683,7 @@ CVE-2022-33960 (Multiple Authenticated (subscriber or 
higher user role) SQL Inje
 CVE-2022-33901 (Unauthenticated Arbitrary File Read vulnerability in 
MultiSafepay plug ...)
        NOT-FOR-US: WordPress plugin
 CVE-2022-33900 (PHP Object Injection vulnerability in Easy Digital Downloads 
plugin &l ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-33198 (Unauthenticated WordPress Options Change vulnerability in 
Biplob Adhik ...)
        NOT-FOR-US: WordPress plugin
 CVE-2022-33191 (Authenticated (contributor or higher user role) Stored 
Cross-Site Scri ...)
@@ -12372,7 +12372,7 @@ CVE-2022-33934
 CVE-2022-33933
        RESERVED
 CVE-2022-33932 (Dell PowerScale OneFS, versions 9.0.0 up to and including 
9.1.0.19, 9. ...)
-       TODO: check
+       NOT-FOR-US: Dell
 CVE-2022-33931 (Dell Wyse Management Suite 3.6.1 and below contains an 
Improper Access ...)
        NOT-FOR-US: Dell Wyse Management Suite
 CVE-2022-33930 (Dell Wyse Management Suite 3.6.1 and below contains 
Information Disclo ...)
@@ -15767,7 +15767,7 @@ CVE-2022-32482
 CVE-2022-32481 (Dell PowerProtect Cyber Recovery, versions prior to 19.11, 
contain a p ...)
        NOT-FOR-US: Dell
 CVE-2022-32480 (Dell PowerScale OneFS, versions 9.0.0, up to and including 
9.1.0.19, 9 ...)
-       TODO: check
+       NOT-FOR-US: Dell
 CVE-2022-32479
        RESERVED
 CVE-2022-32478
@@ -19440,9 +19440,9 @@ CVE-2020-36522
 CVE-2022-31239
        RESERVED
 CVE-2022-31238 (Dell PowerScale OneFS, versions 9.0.0 up to and including 
9.1.0.19, 9. ...)
-       TODO: check
+       NOT-FOR-US: Dell
 CVE-2022-31237 (Dell PowerScale OneFS, versions 9.2.0 up to and including 
9.2.1.12 and ...)
-       TODO: check
+       NOT-FOR-US: Dell
 CVE-2022-31236
        RESERVED
 CVE-2022-31235
@@ -25679,7 +25679,7 @@ CVE-2022-1341 (An issue was discovered in in bwm-ng 
v0.6.2. An arbitrary null wr
        NOTE: 
https://github.com/vgropp/bwm-ng/commit/9774f23bf78a6e6d3ae4cfe3d73bad34f2fdcd17
        NOTE: No security impact
 CVE-2022-1340 (Cross-site Scripting (XSS) - Stored in GitHub repository 
yetiforcecomp ...)
-       TODO: check
+       NOT-FOR-US: yetiforcecrm
 CVE-2022-1339 (SQL injection in ElementController.php in GitHub repository 
pimcore/pi ...)
        NOT-FOR-US: pimcore
 CVE-2022-1338 (The Easily Generate Rest API Url WordPress plugin through 1.0.0 
does n ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f55ebfc9d9f2923049207a1e7e1d9119b3dcd9fc

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f55ebfc9d9f2923049207a1e7e1d9119b3dcd9fc
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process some NFUs

Reply via email to