[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) Tue, 16 Aug 2022 13:20:23 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
b849cf6c by Salvatore Bonaccorso at 2022-08-16T22:19:49+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -464,17 +464,17 @@ CVE-2022-38196
 CVE-2022-38195
        RESERVED
 CVE-2022-38194 (In Esri Portal for ArcGIS versions 10.8.1, a system property 
is not pr ...)
-       TODO: check
+       NOT-FOR-US: Esri Portal for ArcGIS
 CVE-2022-38193 (There is a code injection vulnerability in Esri Portal for 
ArcGIS vers ...)
-       TODO: check
+       NOT-FOR-US: Esri Portal for ArcGIS
 CVE-2022-38192 (A stored Cross Site Scripting (XSS) vulnerability in Esri 
Portal for A ...)
-       TODO: check
+       NOT-FOR-US: Esri Portal for ArcGIS
 CVE-2022-38191 (There is an HTML injection issue in Esri Portal for ArcGIS 
versions 10 ...)
        NOT-FOR-US: Esri Portal for ArcGIS
 CVE-2022-38190 (A stored Cross Site Scripting (XSS) vulnerability in Esri 
Portal for A ...)
        NOT-FOR-US: Esri Portal for ArcGIS
 CVE-2022-38189 (A stored Cross Site Scripting (XSS) vulnerability in Esri 
Portal for A ...)
-       TODO: check
+       NOT-FOR-US: Esri Portal for ArcGIS
 CVE-2022-38188 (There is a reflected XSS vulnerability in Esri Portal for 
ArcGIS versi ...)
        NOT-FOR-US: Esri Portal for ArcGIS
 CVE-2022-38187 (Prior to version 10.9.0, the 
sharing/rest/content/features/analyze end ...)
@@ -484,7 +484,7 @@ CVE-2022-38186 (There is a reflected XSS vulnerability in 
Esri Portal for ArcGIS
 CVE-2022-38185
        RESERVED
 CVE-2022-38184 (There is an improper access control vulnerability in Portal 
for ArcGIS ...)
-       TODO: check
+       NOT-FOR-US: Esri Portal for ArcGIS
 CVE-2022-38183 (In Gitea before 1.16.9, it was possible for users to add 
existing issu ...)
        - gitea <removed>
 CVE-2022-38182
@@ -4420,7 +4420,7 @@ CVE-2022-36601
 CVE-2022-36600
        RESERVED
 CVE-2022-36599 (Mingsoft MCMS 5.2.8 was discovered to contain a SQL injection 
vulnerab ...)
-       TODO: check
+       NOT-FOR-US: Mingsoft MCMS
 CVE-2022-36598
        RESERVED
 CVE-2022-36597
@@ -4826,9 +4826,9 @@ CVE-2022-2523 (Cross-site Scripting (XSS) - Reflected in 
GitHub repository beanc
        NOTE: https://huntr.dev/bounties/2a1802d8-1c2e-4919-96a7-d4dcf7ffcf8f
        NOTE: 
https://github.com/beancount/fava/commit/dccfb6a2f4567f35ce2e9a78e24f92ebf946bc9b
 (v1.22.2)
 CVE-2022-36381 (OS command injection vulnerability in Nintendo Wi-Fi Network 
Adaptor W ...)
-       TODO: check
+       NOT-FOR-US: Nintendo Wi-Fi Network Adaptor WAP-001
 CVE-2022-36293 (Buffer overflow vulnerability in Nintendo Wi-Fi Network 
Adaptor WAP-00 ...)
-       TODO: check
+       NOT-FOR-US: Nintendo Wi-Fi Network Adaptor WAP-001
 CVE-2022-35734 ('Hulu / &#12501;&#12540;&#12523;&#12540;' App for Android from 
version ...)
        TODO: check
 CVE-2022-34156 ('Hulu / &#12501;&#12540;&#12523;&#12540;' App for iOS versions 
prior t ...)
@@ -5014,7 +5014,7 @@ CVE-2022-36361
 CVE-2022-36360
        RESERVED
 CVE-2022-35239 (The image file management page of SolarView Compact 
SV-CPT-MC310 Ver.7 ...)
-       TODO: check
+       NOT-FOR-US: SolarView Compact SV-CPT-MC310
 CVE-2022-2505
        RESERVED
        - firefox 103.0-1
@@ -5358,9 +5358,9 @@ CVE-2022-36275
 CVE-2022-36274
        RESERVED
 CVE-2022-36273 (Tenda AC9 V15.03.2.21_cn is vulnerable to command injection 
via goform ...)
-       TODO: check
+       NOT-FOR-US: Tenda
 CVE-2022-36272 (Mingsoft MCMS 5.2.8 was discovered to contain a SQL injection 
vulnerab ...)
-       TODO: check
+       NOT-FOR-US: Mingsoft MCMS
 CVE-2022-36271
        RESERVED
 CVE-2022-36270 (Clinic's Patient Management System v1.0 has arbitrary code 
execution v ...)
@@ -5420,7 +5420,7 @@ CVE-2022-36244
 CVE-2022-36243
        RESERVED
 CVE-2022-36242 (Clinic's Patient Management System v1.0 is vulnerable to SQL 
Injection ...)
-       TODO: check
+       NOT-FOR-US: Clinic's Patient Management System
 CVE-2022-36241
        RESERVED
 CVE-2022-36240
@@ -21430,7 +21430,7 @@ CVE-2022-30266
 CVE-2022-30265
        RESERVED
 CVE-2022-30264 (The Emerson ROC and FloBoss RTU product lines through 
2022-05-02 perfo ...)
-       TODO: check
+       NOT-FOR-US: Emerson
 CVE-2022-30263
        RESERVED
 CVE-2022-30262
@@ -22253,7 +22253,7 @@ CVE-2022-29961
 CVE-2022-29960 (Emerson OpenBSI through 2022-04-29 uses weak cryptography. It 
is an en ...)
        NOT-FOR-US: Emerson
 CVE-2022-29959 (Emerson OpenBSI through 2022-04-29 mishandles credential 
storage. It i ...)
-       TODO: check
+       NOT-FOR-US: Emerson
 CVE-2022-29958 (JTEKT TOYOPUC PLCs through 2022-04-29 do not ensure data 
integrity. Th ...)
        NOT-FOR-US: JTEKT TOYOPUC PLCs
 CVE-2022-29957 (The Emerson DeltaV Distributed Control System (DCS) through 
2022-04-29 ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b849cf6c767a994cf5c3028ea9bcdb380ef91799

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b849cf6c767a994cf5c3028ea9bcdb380ef91799
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process some NFUs

Reply via email to