[Git][security-tracker-team/security-tracker][master] Process NFUs

Salvatore Bonaccorso (@carnil) Sat, 07 May 2022 01:04:04 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
b8dc8922 by Salvatore Bonaccorso at 2022-05-07T09:39:10+02:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -2279,7 +2279,7 @@ CVE-2022-29536 (In GNOME Epiphany before 41.4 and 42.x 
before 42.2, an HTML docu
        NOTE: Introduced by: 
https://gitlab.gnome.org/GNOME/epiphany/-/commit/232c613472b38ff0d0d97338f366024ddb9cd228
 (3.29.2)
        NOTE: Fixed by: 
https://gitlab.gnome.org/GNOME/epiphany/-/commit/486da133569ebfc436c959a7419565ab102e8525
 CVE-2022-29535 (Zoho ManageEngine OPManager through 125588 allows SQL 
Injection via a  ...)
-       TODO: check
+       NOT-FOR-US: Zoho ManageEngine
 CVE-2022-29534 (An issue was discovered in MISP before 2.4.158. In 
UsersController.php ...)
        NOT-FOR-US: MISP
 CVE-2022-29533 (An issue was discovered in MISP before 2.4.158. There is XSS 
in app/Co ...)
@@ -2589,13 +2589,13 @@ CVE-2022-29425
 CVE-2022-29424
        RESERVED
 CVE-2022-29423 (Pro Features Lock Bypass vulnerability in Countdown &amp; 
Clock plugin ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-29422 (Multiple Authenticated (admin+) Persistent Cross-Site 
Scripting (XSS)  ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-29421 (Reflected Cross-Site Scripting (XSS) vulnerability in Adam 
Skaat's Cou ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-29420 (Authenticated (admin+) Stored Cross-Site Scripting (XSS) 
vulnerability ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-29419 (SQL Injection (SQLi) vulnerability in Don Crowther's 
3xSocializer plug ...)
        NOT-FOR-US: WordPress plugin
 CVE-2022-29418 (Authenticated (admin user role) Persistent Cross-Site 
Scripting (XSS)  ...)
@@ -3219,7 +3219,7 @@ CVE-2022-29173 (go-tuf is a Go implementation of The 
Update Framework (TUF). go-
 CVE-2022-29172 (Auth0 is an authentication broker that supports both social 
and enterp ...)
        TODO: check
 CVE-2022-29171 (Sourcegraph is a fast and featureful code search and 
navigation engine ...)
-       TODO: check
+       NOT-FOR-US: Sourcegraph
 CVE-2022-29170
        RESERVED
 CVE-2022-29169
@@ -3233,13 +3233,13 @@ CVE-2022-29166 (matrix-appservice-irc is a Node.js IRC 
bridge for Matrix. The vu
 CVE-2022-29165
        RESERVED
 CVE-2022-29164 (Argo Workflows is an open source container-native workflow 
engine for  ...)
-       TODO: check
+       NOT-FOR-US: Argo Workflows
 CVE-2022-29163
        RESERVED
 CVE-2022-29162
        RESERVED
 CVE-2022-29161 (XWiki Platform is a generic wiki platform offering runtime 
services fo ...)
-       TODO: check
+       NOT-FOR-US: XWiki
 CVE-2022-29160
        RESERVED
 CVE-2022-29159
@@ -4925,7 +4925,7 @@ CVE-2022-28547
 CVE-2022-28546
        RESERVED
 CVE-2022-28545 (FUDforum 3.1.1 is vulnerable to Stored XSS. ...)
-       TODO: check
+       NOT-FOR-US: FUDforum
 CVE-2022-28544 (Path traversal vulnerability in unzip method of 
InstallAgentCommonHelp ...)
        NOT-FOR-US: Samsung
 CVE-2022-28543 (Path traversal vulnerability in Samsung Flow prior to version 
4.8.07.4 ...)
@@ -5001,7 +5001,7 @@ CVE-2022-28509
 CVE-2022-28508 (An XSS issue was discovered in browser_search_plugin.php in 
MantisBT b ...)
        - mantis <removed>
 CVE-2022-28507 (Dragon Path Technologies Bharti Airtel Routers Hardware 
BDT-121 versio ...)
-       TODO: check
+       NOT-FOR-US: Dragon Path Technologies Bharti Airtel Routers Hardware 
BDT-121
 CVE-2022-28506 (There is a heap-buffer-overflow in GIFLIB 5.2.1 function 
DumpScreen2RG ...)
        - giflib <unfixed>
        [bullseye] - giflib <no-dsa> (Minor issue)
@@ -5719,25 +5719,25 @@ CVE-2021-46744
 CVE-2022-28280
        RESERVED
 CVE-2022-28279 (Adobe Photoshop versions 22.5.6 (and earlier)and 23.2.2 (and 
earlier)  ...)
-       TODO: check
+       NOT-FOR-US: Adobe
 CVE-2022-28278 (Adobe Photoshop versions 22.5.6 (and earlier) and 23.2.2 (and 
earlier) ...)
-       TODO: check
+       NOT-FOR-US: Adobe
 CVE-2022-28277 (Adobe Photoshop versions 22.5.6 (and earlier) and 23.2.2 (and 
earlier) ...)
-       TODO: check
+       NOT-FOR-US: Adobe
 CVE-2022-28276 (Adobe Photoshop versions 22.5.6 (and earlier) and 23.2.2 (and 
earlier) ...)
-       TODO: check
+       NOT-FOR-US: Adobe
 CVE-2022-28275 (Adobe Photoshop versions 22.5.6 (and earlier) and 23.2.2 (and 
earlier) ...)
-       TODO: check
+       NOT-FOR-US: Adobe
 CVE-2022-28274 (Adobe Photoshop versions 22.5.6 (and earlier) and 23.2.2 (and 
earlier) ...)
-       TODO: check
+       NOT-FOR-US: Adobe
 CVE-2022-28273 (Adobe Photoshop versions 22.5.6 (and earlier) and 23.2.2 (and 
earlier) ...)
-       TODO: check
+       NOT-FOR-US: Adobe
 CVE-2022-28272 (Adobe Photoshop versions 22.5.6 (and earlier) and 23.2.2 (and 
earlier) ...)
-       TODO: check
+       NOT-FOR-US: Adobe
 CVE-2022-28271 (Adobe Photoshop versions 22.5.6 (and earlier)and 23.2.2 (and 
earlier)  ...)
-       TODO: check
+       NOT-FOR-US: Adobe
 CVE-2022-28270 (Adobe Photoshop versions 22.5.6 (and earlier) and 23.2.2 (and 
earlier) ...)
-       TODO: check
+       NOT-FOR-US: Adobe
 CVE-2022-28269
        RESERVED
 CVE-2022-28268
@@ -6598,7 +6598,7 @@ CVE-2022-28007 (Attendance and Payroll System v1.0 was 
discovered to contain a S
 CVE-2022-28006 (Attendance and Payroll System v1.0 was discovered to contain a 
SQL inj ...)
        NOT-FOR-US: Attendance and Payroll System
 CVE-2022-28005 (An issue was discovered in the 3CX Phone System Management 
Console pri ...)
-       TODO: check
+       NOT-FOR-US: 3CX Phone System Management Console
 CVE-2022-28004
        RESERVED
 CVE-2022-28003
@@ -6829,7 +6829,7 @@ CVE-2022-27911
 CVE-2022-27910
        RESERVED
 CVE-2022-27909 (In Joomla component 'jDownloads 3.9.8.2 Stable' the remote 
user can ch ...)
-       TODO: check
+       NOT-FOR-US: Joomla component jDownloads
 CVE-2022-27908 (Zoho ManageEngine OpManager before 125588 (and before 125603) 
is vulne ...)
        NOT-FOR-US: Zoho ManageEngine
 CVE-2022-27907 (Sonatype Nexus Repository Manager 3.x before 3.38.0 allows 
SSRF. ...)
@@ -7187,9 +7187,9 @@ CVE-2022-27786
 CVE-2022-27785
        RESERVED
 CVE-2022-27784 (Adobe After Effects versions 22.2.1 (and earlier) and 18.4.5 
(and earl ...)
-       TODO: check
+       NOT-FOR-US: Adobe
 CVE-2022-27783 (Adobe After Effects versions 22.2.1 (and earlier) and 18.4.5 
(and earl ...)
-       TODO: check
+       NOT-FOR-US: Adobe
 CVE-2022-27660
        RESERVED
 CVE-2022-27633
@@ -17774,7 +17774,7 @@ CVE-2022-24107
 CVE-2022-24106
        RESERVED
 CVE-2022-24105 (Adobe Photoshop versions 22.5.6 (and earlier)and 23.2.2 (and 
earlier)  ...)
-       TODO: check
+       NOT-FOR-US: Adobe
 CVE-2022-24104
        RESERVED
 CVE-2022-24103
@@ -17786,9 +17786,9 @@ CVE-2022-24101
 CVE-2022-24100
        RESERVED
 CVE-2022-24099 (Adobe Photoshop versions 22.5.6 (and earlier)and 23.2.2 (and 
earlier)  ...)
-       TODO: check
+       NOT-FOR-US: Adobe
 CVE-2022-24098 (Adobe Photoshop versions 22.5.6 (and earlier)and 23.2.2 (and 
earlier)  ...)
-       TODO: check
+       NOT-FOR-US: Adobe
 CVE-2022-24097 (Adobe After Effects versions 22.2 (and earlier) and 18.4.4 
(and earlie ...)
        NOT-FOR-US: Adobe
 CVE-2022-24096 (Adobe After Effects versions 22.2 (and earlier) and 18.4.4 
(and earlie ...)
@@ -19286,7 +19286,7 @@ CVE-2022-23803 (A stack-based buffer overflow 
vulnerability exists in the Gerber
        NOTE: 
https://gitlab.com/kicad/code/kicad/-/commit/927afe313d1f104391814ee7d5d9cca0a520aa50
 (6.0.2)
        NOTE: 
https://gitlab.com/kicad/code/kicad/-/commit/7ed569058c516974c47b4a506daa3daea4248e05
 (master)
 CVE-2022-23802 (Joomla Guru extension 5.2.5 is affected by: Insecure 
Permissions. The  ...)
-       TODO: check
+       NOT-FOR-US: Joomla Guru extension
 CVE-2022-23801 (An issue was discovered in Joomla! 4.0.0 through 4.1.0. 
Possible XSS a ...)
        NOT-FOR-US: Joomla!
 CVE-2022-23800 (An issue was discovered in Joomla! 4.0.0 through 4.1.0. 
Inadequate con ...)
@@ -21315,7 +21315,7 @@ CVE-2021-23150 (Authenticated (admin or higher user 
role) Stored Cross-Site Scri
 CVE-2022-23206 (In Apache Traffic Control Traffic Ops prior to 6.1.0 or 5.1.6, 
an unpr ...)
        NOT-FOR-US: Apache Traffic Control
 CVE-2022-23205 (Adobe Photoshop versions 22.5.6 (and earlier)and 23.2.2 (and 
earlier)  ...)
-       TODO: check
+       NOT-FOR-US: Adobe
 CVE-2022-23204 (Adobe Premiere Rush versions 2.0 and earlier are affected by 
an out-of ...)
        NOT-FOR-US: Adobe
 CVE-2022-23203 (Adobe Photoshop versions 22.5.4 (and earlier) and 23.1 (and 
earlier) a ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b8dc89227d50fab134c744b6925e026bb1110709

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b8dc89227d50fab134c744b6925e026bb1110709
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process NFUs

Reply via email to