[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) Fri, 22 Apr 2022 01:54:41 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
d0647558 by Salvatore Bonaccorso at 2022-04-22T10:53:59+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -3076,7 +3076,7 @@ CVE-2022-28368 (Dompdf 1.2.1 allows remote code execution 
via a .php file in the
        NOTE: https://github.com/dompdf/dompdf/pull/2808
        NOTE: 
https://github.com/dompdf/dompdf/commit/4c70e1025bcd9b7694b95dd552499bd83cd6141d
 (v1.2.1)
 CVE-2022-28367 (OWASP AntiSamy before 1.6.6 allows XSS via HTML tag smuggling 
on STYLE ...)
-       TODO: check
+       NOT-FOR-US: OWASP AntiSamy
 CVE-2022-28366 (Certain Neko-related HTML parsers allow a denial of service 
via crafte ...)
        TODO: check
 CVE-2022-28365 (Reprise License Manager 14.2 is affected by an Information 
Disclosure  ...)
@@ -4285,55 +4285,55 @@ CVE-2022-28032 (AtomCMS 2.0 is vulnerable to SQL 
Injection via Atom.CMS_admin_aj
 CVE-2022-28031
        RESERVED
 CVE-2022-28030 (Simple Real Estate Portal System v1.0 was discovered to 
contain a SQL  ...)
-       TODO: check
+       NOT-FOR-US: Simple Real Estate Portal System
 CVE-2022-28029 (Simple Real Estate Portal System v1.0 was discovered to 
contain a SQL  ...)
-       TODO: check
+       NOT-FOR-US: Simple Real Estate Portal System
 CVE-2022-28028 (Simple Real Estate Portal System v1.0 was discovered to 
contain a SQL  ...)
-       TODO: check
+       NOT-FOR-US: Simple Real Estate Portal System
 CVE-2022-28027
        RESERVED
 CVE-2022-28026 (Student Grading System v1.0 was discovered to contain a SQL 
injection  ...)
-       TODO: check
+       NOT-FOR-US: Student Grading System
 CVE-2022-28025 (Student Grading System v1.0 was discovered to contain a SQL 
injection  ...)
-       TODO: check
+       NOT-FOR-US: Student Grading System
 CVE-2022-28024 (Student Grading System v1.0 was discovered to contain a SQL 
injection  ...)
-       TODO: check
+       NOT-FOR-US: Student Grading System
 CVE-2022-28023 (Purchase Order Management System v1.0 was discovered to 
contain a SQL  ...)
-       TODO: check
+       NOT-FOR-US: Purchase Order Management System
 CVE-2022-28022 (Purchase Order Management System v1.0 was discovered to 
contain a SQL  ...)
-       TODO: check
+       NOT-FOR-US: Purchase Order Management System
 CVE-2022-28021 (Purchase Order Management System v1.0 was discovered to 
contain a remo ...)
-       TODO: check
+       NOT-FOR-US: Purchase Order Management System
 CVE-2022-28020 (Attendance and Payroll System v1.0 was discovered to contain a 
SQL inj ...)
-       TODO: check
+       NOT-FOR-US: Attendance and Payroll System
 CVE-2022-28019 (Attendance and Payroll System v1.0 was discovered to contain a 
SQL inj ...)
-       TODO: check
+       NOT-FOR-US: Attendance and Payroll System
 CVE-2022-28018 (Attendance and Payroll System v1.0 was discovered to contain a 
SQL inj ...)
-       TODO: check
+       NOT-FOR-US: Attendance and Payroll System
 CVE-2022-28017 (Attendance and Payroll System v1.0 was discovered to contain a 
SQL inj ...)
-       TODO: check
+       NOT-FOR-US: Attendance and Payroll System
 CVE-2022-28016 (Attendance and Payroll System v1.0 was discovered to contain a 
SQL inj ...)
-       TODO: check
+       NOT-FOR-US: Attendance and Payroll System
 CVE-2022-28015 (Attendance and Payroll System v1.0 was discovered to contain a 
SQL inj ...)
-       TODO: check
+       NOT-FOR-US: Attendance and Payroll System
 CVE-2022-28014 (Attendance and Payroll System v1.0 was discovered to contain a 
SQL inj ...)
-       TODO: check
+       NOT-FOR-US: Attendance and Payroll System
 CVE-2022-28013 (Attendance and Payroll System v1.0 was discovered to contain a 
SQL inj ...)
-       TODO: check
+       NOT-FOR-US: Attendance and Payroll System
 CVE-2022-28012 (Attendance and Payroll System v1.0 was discovered to contain a 
SQL inj ...)
-       TODO: check
+       NOT-FOR-US: Attendance and Payroll System
 CVE-2022-28011 (Attendance and Payroll System v1.0 was discovered to contain a 
SQL inj ...)
-       TODO: check
+       NOT-FOR-US: Attendance and Payroll System
 CVE-2022-28010 (Attendance and Payroll System v1.0 was discovered to contain a 
SQL inj ...)
-       TODO: check
+       NOT-FOR-US: Attendance and Payroll System
 CVE-2022-28009 (Attendance and Payroll System v1.0 was discovered to contain a 
SQL inj ...)
-       TODO: check
+       NOT-FOR-US: Attendance and Payroll System
 CVE-2022-28008 (Attendance and Payroll System v1.0 was discovered to contain a 
SQL inj ...)
-       TODO: check
+       NOT-FOR-US: Attendance and Payroll System
 CVE-2022-28007 (Attendance and Payroll System v1.0 was discovered to contain a 
SQL inj ...)
-       TODO: check
+       NOT-FOR-US: Attendance and Payroll System
 CVE-2022-28006 (Attendance and Payroll System v1.0 was discovered to contain a 
SQL inj ...)
-       TODO: check
+       NOT-FOR-US: Attendance and Payroll System
 CVE-2022-28005
        RESERVED
 CVE-2022-28004
@@ -6260,7 +6260,7 @@ CVE-2022-1024
 CVE-2022-1023 (The Podcast Importer SecondLine WordPress plugin before 1.3.8 
does not ...)
        NOT-FOR-US: WordPress plugin
 CVE-2022-1022 (Cross-site Scripting (XSS) - Stored in GitHub repository 
chatwoot/chat ...)
-       TODO: check
+       NOT-FOR-US: chatwoot
 CVE-2022-1021
        RESERVED
 CVE-2022-1020 (The Product Table for WooCommerce (wooproducttable) WordPress 
plugin b ...)
@@ -7922,11 +7922,11 @@ CVE-2022-26676 (aEnrich a+HRD has inadequate privilege 
restrictions, an unauthen
 CVE-2022-26675 (aEnrich a+HRD has inadequate filtering for special characters 
in URLs. ...)
        NOT-FOR-US: aEnrich a+HRD
 CVE-2022-26674 (ASUS RT-AX88U has a Format String vulnerability, which allows 
an unaut ...)
-       TODO: check
+       NOT-FOR-US: ASUS
 CVE-2022-26673 (ASUS RT-AX88U has insufficient filtering for special 
characters in the ...)
-       TODO: check
+       NOT-FOR-US: ASUS
 CVE-2022-26672 (ASUS WebStorage has a hardcoded API Token in the APP source 
code. An u ...)
-       TODO: check
+       NOT-FOR-US: ASUS
 CVE-2022-26671 (Taiwan Secom Dr.ID Access Control system&#8217;s login page 
has a hard ...)
        NOT-FOR-US: Taiwan Secom Dr.ID Access Control system
 CVE-2022-26670 (D-Link DIR-878 has inadequate filtering for special characters 
in the  ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d064755879084ef61429193a24362ab6cd0beb72

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d064755879084ef61429193a24362ab6cd0beb72
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process some NFUs

Reply via email to