[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) Thu, 08 Sep 2022 13:24:34 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
ab0f605b by Salvatore Bonaccorso at 2022-09-08T22:23:42+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -216,7 +216,7 @@ CVE-2022-3150
 CVE-2022-3149
        RESERVED
 CVE-2022-3148 (Cross-site Scripting (XSS) - Generic in GitHub repository 
jgraph/drawi ...)
-       TODO: check
+       NOT-FOR-US: jgraph/drawio
 CVE-2022-40144
        RESERVED
 CVE-2022-40143
@@ -272,7 +272,7 @@ CVE-2022-3140
 CVE-2022-3139
        RESERVED
 CVE-2022-3138 (Cross-site Scripting (XSS) - Generic in GitHub repository 
jgraph/drawi ...)
-       TODO: check
+       NOT-FOR-US: jgraph/drawio
 CVE-2022-3137
        RESERVED
 CVE-2022-3136
@@ -2711,9 +2711,9 @@ CVE-2022-39017
 CVE-2022-39016
        RESERVED
 CVE-2022-38400 (Mailform Pro CGI 4.3.1 and earlier allow a remote 
unauthenticated atta ...)
-       TODO: check
+       NOT-FOR-US: Mailform Pro CGI
 CVE-2022-33941 (PowerCMS XMLRPC API provided by Alfasado Inc. contains a 
command injec ...)
-       TODO: check
+       NOT-FOR-US: PowerCMS
 CVE-2022-3060
        RESERVED
 CVE-2022-3059
@@ -3268,7 +3268,7 @@ CVE-2022-38796
 CVE-2022-38453
        RESERVED
 CVE-2022-38399 (Missing protection mechanism for alternate hardware interface 
in SmaCa ...)
-       TODO: check
+       NOT-FOR-US: SmaCam
 CVE-2022-38138
        RESERVED
 CVE-2022-38100
@@ -3655,17 +3655,17 @@ CVE-2022-38705
 CVE-2022-38458
        RESERVED
 CVE-2022-38394 (Use of hard-coded credentials for the telnet server of 
CentreCOM AR260 ...)
-       TODO: check
+       NOT-FOR-US: CentreCOM AR260S
 CVE-2022-38094 (OS command injection vulnerability in the telnet function of 
CentreCOM ...)
-       TODO: check
+       NOT-FOR-US: CentreCOM AR260S
 CVE-2022-37337
        RESERVED
 CVE-2022-36429
        RESERVED
 CVE-2022-35273 (OS command injection vulnerability in GUI setting page of 
CentreCOM AR ...)
-       TODO: check
+       NOT-FOR-US: CentreCOM AR260S
 CVE-2022-34869 (Undocumented hidden command that can be executed from the 
telnet funct ...)
-       TODO: check
+       NOT-FOR-US: CentreCOM AR260S
 CVE-2022-2973
        RESERVED
 CVE-2022-2972
@@ -4962,7 +4962,7 @@ CVE-2022-38307
 CVE-2022-38306
        RESERVED
 CVE-2022-36403 (Untrusted search path vulnerability in the installer of Device 
Softwar ...)
-       TODO: check
+       NOT-FOR-US: Ricoh
 CVE-2022-2825
        RESERVED
 CVE-2022-2824 (Improper Access Control in GitHub repository openemr/openemr 
prior to  ...)
@@ -5072,17 +5072,17 @@ CVE-2022-38262
 CVE-2022-38261
        RESERVED
 CVE-2022-38260 (Interview Management System v1.0 was discovered to contain a 
SQL injec ...)
-       TODO: check
+       NOT-FOR-US: Interview Management System
 CVE-2022-38259
        RESERVED
 CVE-2022-38258 (A local file inclusion (LFI) vulnerability in D-Link DIR 819 
v1.06 all ...)
-       TODO: check
+       NOT-FOR-US: D-Link
 CVE-2022-38257
        RESERVED
 CVE-2022-38256 (TastyIgniter v3.5.0 was discovered to contain a cross-site 
scripting ( ...)
        TODO: check
 CVE-2022-38255 (Interview Management System v1.0 was discovered to contain a 
SQL injec ...)
-       TODO: check
+       NOT-FOR-US: Interview Management System
 CVE-2022-38254 (Nagios XI before v5.8.7 was discovered to contain a cross-site 
scripti ...)
        NOT-FOR-US: Nagios XI
 CVE-2022-38253
@@ -7886,7 +7886,7 @@ CVE-2022-37165
 CVE-2022-37164 (Inoda OnTrack v3.4 employs a weak password policy which allows 
attacke ...)
        TODO: check
 CVE-2022-37163 (Bminusl IHateToBudget v1.5.7 employs a weak password policy 
which allo ...)
-       TODO: check
+       NOT-FOR-US: Bminusl IHateToBudget
 CVE-2022-37162 (Claroline 13.5.7 and prior is vulnerable to Cross Site 
Scripting (XSS) ...)
        NOT-FOR-US: Claroline
 CVE-2022-37161 (Claroline 13.5.7 and prior is vulnerable to Cross Site 
Scripting (XSS) ...)
@@ -10651,13 +10651,13 @@ CVE-2022-36095
 CVE-2022-36094
        RESERVED
 CVE-2022-36093 (XWiki Platform Web Templates are templates for XWiki Platform, 
a gener ...)
-       TODO: check
+       NOT-FOR-US: XWiki
 CVE-2022-36092 (XWiki Platform Old Core is a core package for XWiki Platform, 
a generi ...)
-       TODO: check
+       NOT-FOR-US: XWiki
 CVE-2022-36091 (XWiki Platform Web Templates are templates for XWiki Platform, 
a gener ...)
-       TODO: check
+       NOT-FOR-US: XWiki
 CVE-2022-36090 (XWiki Platform Old Core is a core package for XWiki Platform, 
a generi ...)
-       TODO: check
+       NOT-FOR-US: XWiki
 CVE-2022-36089 (KubeVela is an application delivery platform Users using 
KubeVela's Ve ...)
        NOT-FOR-US: KubeVela
 CVE-2022-36088 (GoCD is a continuous delivery server. Windows installations 
via either ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ab0f605b1bc37f898663e2c987be4b984bf7f403

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ab0f605b1bc37f898663e2c987be4b984bf7f403
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process some NFUs

Reply via email to