[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) Wed, 16 Nov 2022 07:09:59 -0800


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
426e7541 by Salvatore Bonaccorso at 2022-11-16T16:09:22+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -817,7 +817,7 @@ CVE-2022-45201
 CVE-2022-45200
        RESERVED
 CVE-2022-3993 (Authentication Bypass by Primary Weakness in GitHub repository 
kareadi ...)
-       TODO: check
+       NOT-FOR-US: Kavita
 CVE-2022-3992 (A vulnerability classified as problematic was found in 
SourceCodester  ...)
        NOT-FOR-US: SourceCodester Sanitization Management System
 CVE-2022-3991
@@ -8645,7 +8645,7 @@ CVE-2022-43296
 CVE-2022-43295 (XPDF v4.04 was discovered to contain a stack overflow via the 
function ...)
        TODO: check
 CVE-2022-43294 (Tasmota before commit 066878da4d4762a9b6cb169fdf353e804d735cfd 
was dis ...)
-       TODO: check
+       NOT-FOR-US: Tasmota
 CVE-2022-43293
        RESERVED
 CVE-2022-43292 (Canteen Management System v1.0 was discovered to contain a SQL 
injecti ...)
@@ -8711,7 +8711,7 @@ CVE-2022-43267
 CVE-2022-43266
        RESERVED
 CVE-2022-43265 (An arbitrary file upload vulnerability in the component 
/pages/save_us ...)
-       TODO: check
+       NOT-FOR-US: Canteen Management System
 CVE-2022-43264
        RESERVED
 CVE-2022-43263
@@ -18287,7 +18287,7 @@ CVE-2022-39387 (XWiki OIDC has various tools to 
manipulate OpenID Connect protoc
 CVE-2022-39386 (@fastify/websocket provides WebSocket support for Fastify. Any 
applica ...)
        NOT-FOR-US: @fastify/websocket
 CVE-2022-39385 (Discourse is the an open source discussion platform. In some 
rare case ...)
-       TODO: check
+       NOT-FOR-US: Discourse
 CVE-2022-39384 (OpenZeppelin Contracts is a library for secure smart contract 
developm ...)
        NOT-FOR-US: OpenZeppelin
 CVE-2022-39383
@@ -20436,7 +20436,7 @@ CVE-2022-2948
 CVE-2022-2947
        RESERVED
 CVE-2022-38666 (Jenkins NS-ND Integration Performance Publisher Plugin 
4.8.0.146 and e ...)
-       TODO: check
+       NOT-FOR-US: Jenkins plugin
 CVE-2022-38665 (Jenkins CollabNet Plugins Plugin 2.0.8 and earlier stores a 
RabbitMQ p ...)
        NOT-FOR-US: Jenkins CollabNet Plugins Plugin
 CVE-2022-38664 (Jenkins Job Configuration History Plugin 1165.v8cc9fd1f4597 
and earlie ...)
@@ -21897,7 +21897,7 @@ CVE-2022-38203
 CVE-2022-38202
        RESERVED
 CVE-2022-38201 (An unvalidated redirect vulnerability exists in Esri Portal 
for ArcGIS ...)
-       TODO: check
+       NOT-FOR-US: Esri Portal for ArcGIS Quick Capture Web Designer
 CVE-2022-38200 (A cross site scripting vulnerability exists in some map 
service config ...)
        NOT-FOR-US: ArcGIS Server
 CVE-2022-38199 (A remote file download issue can occur in some capabilities of 
Esri Ar ...)
@@ -22087,7 +22087,7 @@ CVE-2022-38169
 CVE-2022-38168 (Broken Access Control in User Authentication in Avaya Scopia 
Pathfinde ...)
        NOT-FOR-US: Avaya Scopia Pathfinder
 CVE-2022-38167 (The Nintex Workflow plugin 5.2.2.30 for SharePoint allows XSS. 
...)
-       TODO: check
+       NOT-FOR-US: Nintex Workflow plugin for SharePoint
 CVE-2022-38166
        RESERVED
 CVE-2022-38165
@@ -24765,7 +24765,7 @@ CVE-2022-37111 (BlueCMS 1.6 has SQL injection in line 
132 of admin/article.php .
 CVE-2022-37110
        RESERVED
 CVE-2022-37109 (patrickfuller camp up to and including commit 
bbd53a256ed70e79bd875808 ...)
-       TODO: check
+       NOT-FOR-US: patrickfuller camp
 CVE-2022-37108 (An injection vulnerability in the syslog-ng configuration 
wizard in Se ...)
        NOT-FOR-US: Securonix Snypr
 CVE-2022-37107
@@ -35061,17 +35061,17 @@ CVE-2022-33241
 CVE-2022-33240
        RESERVED
 CVE-2022-33239 (Transient DOS due to loop with unreachable exit condition in 
WLAN firm ...)
-       TODO: check
+       NOT-FOR-US: Snapdragon
 CVE-2022-33238
        RESERVED
 CVE-2022-33237 (Transient DOS due to buffer over-read in WLAN firmware while 
processin ...)
-       TODO: check
+       NOT-FOR-US: Snapdragon
 CVE-2022-33236 (Transient DOS due to buffer over-read in WLAN firmware while 
parsing c ...)
-       TODO: check
+       NOT-FOR-US: Snapdragon
 CVE-2022-33235
        RESERVED
 CVE-2022-33234 (Memory corruption in video due to configuration weakness. in 
Snapdrago ...)
-       TODO: check
+       NOT-FOR-US: Snapdragon
 CVE-2022-33233
        RESERVED
 CVE-2022-33232



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/426e75410028b9b15cf84fd60fff8de0229e5f47

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/426e75410028b9b15cf84fd60fff8de0229e5f47
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process some NFUs

Reply via email to