[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Apr 8 21:36:45 BST 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
919bb996 by Salvatore Bonaccorso at 2022-04-08T22:35:15+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -548,7 +548,7 @@ CVE-2022-28652
CVE-2022-1235 (Weak secrethash can be brute-forced in GitHub repository livehelpercha ...)
NOT-FOR-US: livehelperchat
CVE-2022-1234 (XSS in livehelperchat in GitHub repository livehelperchat/livehelperch ...)
- TODO: check
+ NOT-FOR-US: livehelperchat
CVE-2022-1233 (URL Confusion When Scheme Not Supplied in GitHub repository medialize/ ...)
TODO: check
CVE-2022-1232
@@ -560,11 +560,11 @@ CVE-2022-1232
CVE-2022-28651 (In JetBrains IntelliJ IDEA before 2021.3.3 it was possible to get pass ...)
TODO: check
CVE-2022-28650 (In JetBrains YouTrack before 2022.1.43700 it was possible to inject Ja ...)
- TODO: check
+ NOT-FOR-US: JetBrains YouTrack
CVE-2022-28649 (In JetBrains YouTrack before 2022.1.43563 it was possible to include a ...)
- TODO: check
+ NOT-FOR-US: JetBrains YouTrack
CVE-2022-28648 (In JetBrains YouTrack before 2022.1.43563 HTML code from the issue des ...)
- TODO: check
+ NOT-FOR-US: JetBrains YouTrack
CVE-2022-28647
RESERVED
CVE-2022-28646
@@ -670,7 +670,7 @@ CVE-2022-1221
CVE-2022-1220
RESERVED
CVE-2022-1219 (SQL injection in RecyclebinController.php in GitHub repository pimcore ...)
- TODO: check
+ NOT-FOR-US: pimcore
CVE-2022-1218
RESERVED
CVE-2022-1217
@@ -964,9 +964,9 @@ CVE-2022-28470
CVE-2022-28469
RESERVED
CVE-2022-28468 (Payroll Management System v1.0 was discovered to contain a SQL injecti ...)
- TODO: check
+ NOT-FOR-US: Payroll Management System
CVE-2022-28467 (Online Student Admission v1.0 was discovered to contain a SQL injectio ...)
- TODO: check
+ NOT-FOR-US: Online Student Admission
CVE-2022-28466
RESERVED
CVE-2022-28465
@@ -1735,7 +1735,7 @@ CVE-2022-1165 (The Blackhole for Bad Bots WordPress plugin before 3.3.2 uses hea
CVE-2022-1164 (The Wyzi Theme was affected by reflected XSS vulnerabilities in the bu ...)
NOT-FOR-US: Wordpress theme
CVE-2022-28219 (Zoho ManageEngine ADAudit Plus before 7060 is vulnerable to an unauthe ...)
- TODO: check
+ NOT-FOR-US: Zoho ManageEngine
CVE-2022-28218
RESERVED
CVE-2022-28217
@@ -2180,9 +2180,9 @@ CVE-2022-28118
CVE-2022-28117
RESERVED
CVE-2022-28116 (Online Banking System v1.0 was discovered to contain a SQL injection v ...)
- TODO: check
+ NOT-FOR-US: Online Banking System
CVE-2022-28115 (Online Sports Complex Booking v1.0 was discovered to contain a SQL inj ...)
- TODO: check
+ NOT-FOR-US: Online Sports Complex Booking
CVE-2022-28114
RESERVED
CVE-2022-28113
@@ -2286,9 +2286,9 @@ CVE-2022-28065
CVE-2022-28064
RESERVED
CVE-2022-28063 (Simple Bakery Shop Management System v1.0 contains a file disclosure v ...)
- TODO: check
+ NOT-FOR-US: Simple Bakery Shop Management System
CVE-2022-28062 (Car Rental System v1.0 contains an arbitrary file upload vulnerability ...)
- TODO: check
+ NOT-FOR-US: Car Rental System
CVE-2022-28061
RESERVED
CVE-2022-28060
@@ -2408,11 +2408,11 @@ CVE-2022-28004
CVE-2022-28003
RESERVED
CVE-2022-28002 (Movie Seat Reservation v1 was discovered to contain an unauthenticated ...)
- TODO: check
+ NOT-FOR-US: Movie Seat Reservation
CVE-2022-28001 (Movie Seat Reservation v1 was discovered to contain a SQL injection vu ...)
- TODO: check
+ NOT-FOR-US: Movie Seat Reservation
CVE-2022-28000 (Car Rental System v1.0 was discovered to contain a SQL injection vulne ...)
- TODO: check
+ NOT-FOR-US: Car Rental System
CVE-2022-27999
RESERVED
CVE-2022-27998
@@ -2428,9 +2428,9 @@ CVE-2022-27994
CVE-2022-27993
RESERVED
CVE-2022-27992 (Zoo Management System v1.0 was discovered to contain a SQL injection v ...)
- TODO: check
+ NOT-FOR-US: Zoo Management System
CVE-2022-27991 (Online Banking System in PHP v1 was discovered to contain multiple SQL ...)
- TODO: check
+ NOT-FOR-US: Online Banking System in PHP
CVE-2022-27990
RESERVED
CVE-2022-27989
@@ -2928,9 +2928,9 @@ CVE-2022-27821
CVE-2022-27820 (OWASP Zed Attack Proxy (ZAP) through w2022-03-21 does not verify the T ...)
- zaproxy <itp> (bug #897142)
CVE-2022-27819 (SWHKD 1.1.5 allows unsafe parsing via the -c option. An information le ...)
- TODO: check
+ NOT-FOR-US: SWHKD
CVE-2022-27818 (SWHKD 1.1.5 unsafely uses the /tmp/swhkd.sock pathname. There can be a ...)
- TODO: check
+ NOT-FOR-US: SWHKD
CVE-2022-27817
RESERVED
CVE-2022-27816 (SWHKD 1.1.5 unsafely uses the /tmp/swhks.pid pathname. There can be da ...)
@@ -3721,9 +3721,9 @@ CVE-2022-27465
CVE-2022-27464
RESERVED
CVE-2022-27463 (Open redirect vulnerability in objects/login.json.php in WWBN AVideo t ...)
- TODO: check
+ NOT-FOR-US: WWBN AVideo
CVE-2022-27462 (Cross Site Scripting (XSS) vulnerability in objects/function.php in fu ...)
- TODO: check
+ NOT-FOR-US: WWBN AVideo
CVE-2022-27461
RESERVED
CVE-2022-27460
@@ -3763,9 +3763,9 @@ CVE-2022-27444
CVE-2022-27443
RESERVED
CVE-2022-27442 (TPCMS v3.2 allows attackers to access the ThinkPHP log directory and o ...)
- TODO: check
+ NOT-FOR-US: TPCMS
CVE-2022-27441 (A stored cross-site scripting (XSS) vulnerability in TPCMS v3.2 allows ...)
- TODO: check
+ NOT-FOR-US: TPCMS
CVE-2022-27440
RESERVED
CVE-2022-27439
@@ -3775,7 +3775,7 @@ CVE-2022-27438
CVE-2022-27437
RESERVED
CVE-2022-27436 (A cross-site scripting (XSS) vulnerability in /public/admin/index.php? ...)
- TODO: check
+ NOT-FOR-US: Ecommerce-Website
CVE-2022-27435 (An unrestricted file upload at /public/admin/index.php?add_product of ...)
NOT-FOR-US: ashymuzuro/Full-Ecommece-Website
CVE-2022-27434
@@ -3933,7 +3933,7 @@ CVE-2022-27359
CVE-2022-27358
RESERVED
CVE-2022-27357 (Ecommerce-Website v1 was discovered to contain an arbitrary file uploa ...)
- TODO: check
+ NOT-FOR-US: Ecommerce-Website
CVE-2022-27356
RESERVED
CVE-2022-27355
@@ -3943,19 +3943,19 @@ CVE-2022-27354
CVE-2022-27353
RESERVED
CVE-2022-27352 (Simple House Rental System v1 was discovered to contain an arbitrary f ...)
- TODO: check
+ NOT-FOR-US: Simple House Rental System
CVE-2022-27351 (Zoo Management System v1.0 was discovered to contain an arbitrary file ...)
- TODO: check
+ NOT-FOR-US: Zoo Management System
CVE-2022-27350
RESERVED
CVE-2022-27349 (Social Codia SMS v1 was discovered to contain an arbitrary file upload ...)
- TODO: check
+ NOT-FOR-US: Social Codia SMS
CVE-2022-27348 (Social Codia SMS v1 was discovered to contain a stored cross-site scri ...)
- TODO: check
+ NOT-FOR-US: Social Codia SMS
CVE-2022-27347
RESERVED
CVE-2022-27346 (Ecommece-Website v1.1.0 was discovered to contain an arbitrary file up ...)
- TODO: check
+ NOT-FOR-US: Ecommerce-Website
CVE-2022-27345
RESERVED
CVE-2022-27344
@@ -4039,7 +4039,7 @@ CVE-2022-27306
CVE-2022-27305
RESERVED
CVE-2022-27304 (Student Grading System v1.0 was discovered to contain a SQL injection ...)
- TODO: check
+ NOT-FOR-US: Student Grading System
CVE-2022-27303
RESERVED
CVE-2022-27302
@@ -4694,7 +4694,7 @@ CVE-2022-27154
CVE-2022-27153
RESERVED
CVE-2022-27152 (Roku devices running RokuOS v9.4.0 build 4200 or earlier that uses a R ...)
- TODO: check
+ NOT-FOR-US: Roku devices
CVE-2022-27151
RESERVED
CVE-2022-27150
@@ -4750,9 +4750,9 @@ CVE-2022-27126
CVE-2022-27125
RESERVED
CVE-2022-27124 (Insurance Management System 1.0 was discovered to contain a SQL inject ...)
- TODO: check
+ NOT-FOR-US: Insurance Management System
CVE-2022-27123 (Employee Performance Evaluation v1.0 was discovered to contain a SQL i ...)
- TODO: check
+ NOT-FOR-US: Employee Performance Evaluation
CVE-2022-27122
RESERVED
CVE-2022-27121
@@ -4778,7 +4778,7 @@ CVE-2022-27112
CVE-2022-27111
RESERVED
CVE-2022-27110 (OrangeHRM 4.10 is vulnerable to a Host header injection redirect via v ...)
- TODO: check
+ NOT-FOR-US: OrangeHRM
CVE-2022-27109 (OrangeHRM 4.10 suffers from a Referer header injection redirect vulner ...)
TODO: check
CVE-2022-27108 (OrangeHRM 4.10 is vulnerable to Insecure Direct Object Reference (IDOR ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/919bb99617a6c566330d2db31f1b7ae1db8b8f21
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/919bb99617a6c566330d2db31f1b7ae1db8b8f21
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220408/c66f8b51/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list