[Git][security-tracker-team/security-tracker][master] Re-associate some OrangeHRM CVEs with the itp/rfp bug
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Apr 8 21:37:59 BST 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
8465314f by Salvatore Bonaccorso at 2022-04-08T22:37:21+02:00
Re-associate some OrangeHRM CVEs with the itp/rfp bug
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -4778,7 +4778,7 @@ CVE-2022-27112
CVE-2022-27111
RESERVED
CVE-2022-27110 (OrangeHRM 4.10 is vulnerable to a Host header injection redirect via v ...)
- NOT-FOR-US: OrangeHRM
+ - orangehrm <itp> (bug #786622)
CVE-2022-27109 (OrangeHRM 4.10 suffers from a Referer header injection redirect vulner ...)
TODO: check
CVE-2022-27108 (OrangeHRM 4.10 is vulnerable to Insecure Direct Object Reference (IDOR ...)
@@ -69845,7 +69845,7 @@ CVE-2021-28401
CVE-2021-28400
RESERVED
CVE-2021-28399 (OrangeHRM 4.7 allows an unauthenticated user to enumerate the valid us ...)
- NOT-FOR-US: OrangeHRM
+ - orangehrm <itp> (bug #786622)
CVE-2021-28398
RESERVED
CVE-2021-28397
@@ -95588,7 +95588,7 @@ CVE-2020-29439 (Tesla Model X vehicles before 2020-11-23 have key fobs that rely
CVE-2020-29438 (Tesla Model X vehicles before 2020-11-23 have key fobs that accept fir ...)
NOT-FOR-US: Tesla Model X vehicles
CVE-2020-29437 (SQL injection in the Buzz module of OrangeHRM through 4.6 allows remot ...)
- NOT-FOR-US: OrangeHRM
+ - orangehrm <itp> (bug #786622)
CVE-2020-29436 (Sonatype Nexus Repository Manager 3.x before 3.29.0 allows a user with ...)
NOT-FOR-US: Sonatype Nexus Repository Manager
CVE-2020-29435
@@ -193418,7 +193418,7 @@ CVE-2019-12841 (Incorrect handling of user input in ZIP extraction was detected
CVE-2019-12840 (In Webmin through 1.910, any user authorized to the "Package Updates" ...)
- webmin <removed>
CVE-2019-12839 (In OrangeHRM 4.3.1 and before, there is an input validation error with ...)
- NOT-FOR-US: OrangeHRM
+ - orangehrm <itp> (bug #786622)
CVE-2013-7472 (The "Count per Day" plugin before 3.2.6 for WordPress allows XSS via t ...)
NOT-FOR-US: "Count per Day" plugin for WordPress
CVE-2019-12838 (SchedMD Slurm 17.11.x, 18.08.0 through 18.08.7, and 19.05.0 allows SQL ...)
@@ -389321,7 +389321,7 @@ CVE-2014-100023 (Multiple cross-site scripting (XSS) vulnerabilities in question
CVE-2014-100022 (SQL injection vulnerability in question.php in the mTouch Quiz before ...)
NOT-FOR-US: mTouch Quiz
CVE-2014-100021 (Cross-site scripting (XSS) vulnerability in symfony/web/index.php/pim/ ...)
- NOT-FOR-US: OrangeHRM
+ - orangehrm <itp> (bug #786622)
CVE-2014-100020 (SQL injection vulnerability in ChangeEmail.php in iTechClassifieds 3.0 ...)
NOT-FOR-US: iTechClassifieds
CVE-2014-10002 (Unspecified vulnerability in JetBrains TeamCity before 8.1 allows remo ...)
@@ -432101,9 +432101,9 @@ CVE-2011-5261 (Cross-site scripting (XSS) vulnerability in serverreport.cgi in A
CVE-2011-5260 (Cross-site scripting (XSS) vulnerability in SAP/BW/DOC/METADATA in SAP ...)
NOT-FOR-US: NetWeaver
CVE-2011-5259 (SQL injection vulnerability in lib/controllers/CentralController.php i ...)
- NOT-FOR-US: OrangehRM
+ - orangehrm <itp> (bug #786622)
CVE-2011-5258 (Multiple cross-site scripting (XSS) vulnerabilities in OrangeHRM befor ...)
- NOT-FOR-US: OrangehRM
+ - orangehrm <itp> (bug #786622)
CVE-2011-5257 (Multiple cross-site scripting (XSS) vulnerabilities in the Classipress ...)
NOT-FOR-US: WordPress theme
CVE-2011-5256 (Cross-site scripting (XSS) vulnerability in the tooltips in LimeSurvey ...)
@@ -439418,7 +439418,7 @@ CVE-2012-5369
CVE-2012-5368 (phpMyAdmin 3.5.x before 3.5.3 uses JavaScript code that is obtained th ...)
- phpmyadmin <not-affected> (Only affects 3.5.x, not packaged yet, see #691728)
CVE-2012-5367 (Multiple SQL injection vulnerabilities in OrangeHRM 2.7.1 RC 1 allow r ...)
- NOT-FOR-US: OrangeHRM
+ - orangehrm <itp> (bug #786622)
CVE-2012-5366 (The IPv6 implementation in Apple Mac OS X (unknown versions, year 2012 ...)
NOT-FOR-US: Mac OS X
CVE-2012-5365 (The IPv6 implementation in FreeBSD and NetBSD (unknown versions, year ...)
@@ -449618,9 +449618,9 @@ CVE-2012-1509 (Buffer overflow in the XPDM display driver in VMware View before
CVE-2012-1508 (The XPDM display driver in VMware ESXi 4.0, 4.1, and 5.0; VMware ESX 4 ...)
NOT-FOR-US: VMware ESXi
CVE-2012-1507 (Multiple cross-site scripting (XSS) vulnerabilities in OrangeHRM befor ...)
- NOT-FOR-US: OrangeHRM
+ - orangehrm <itp> (bug #786622)
CVE-2012-1506 (SQL injection vulnerability in the updateStatus function in lib/models ...)
- NOT-FOR-US: OrangeHRM
+ - orangehrm <itp> (bug #786622)
CVE-2012-1505
RESERVED
CVE-2012-1504
@@ -462814,7 +462814,7 @@ CVE-2010-4800 (SQL injection vulnerability in doadd.php in BaconMap 1.0 allows r
CVE-2010-4799 (Multiple SQL injection vulnerabilities in Chipmunk Pwngame 1.0, when m ...)
NOT-FOR-US: Chipmunk Pwngame
CVE-2010-4798 (Directory traversal vulnerability in index.php in OrangeHRM 2.6.0.1 al ...)
- NOT-FOR-US: OrangeHRM
+ - orangehrm <itp> (bug #786622)
CVE-2010-4797 (Multiple SQL injection vulnerabilities in the log-in form in Truworth ...)
NOT-FOR-US: Truworth Flex Timesheet
CVE-2010-4796 (Multiple SQL injection vulnerabilities in PHPYun 1.1.6 allow remote at ...)
@@ -513228,7 +513228,7 @@ CVE-2003-1537 (Directory traversal vulnerability in PostNuke 0.723 and earlier a
CVE-2007-5932 (Multiple cross-site scripting (XSS) vulnerabilities in Fatwire Content ...)
NOT-FOR-US: Fatwire Content Server
CVE-2007-5931 (The reDirect function in lib/controllers/RepViewController.php in Oran ...)
- NOT-FOR-US: OrangeHRM
+ - orangehrm <itp> (bug #786622)
CVE-2007-5930 (Cross-site scripting (XSS) vulnerability in the web interface in Cerbe ...)
NOT-FOR-US: Cerberus Ftp Server
CVE-2007-5929 (Buffer overflow in OpenBase 10.0.5 and earlier might allow remote auth ...)
@@ -525822,7 +525822,7 @@ CVE-2007-1195 (Multiple buffer overflows in XM Easy Personal FTP Server 5.3.0 al
CVE-2007-1194 (Norman SandBox Analyzer does not use the proper range for Interrupt De ...)
NOT-FOR-US: SandBox Analyzer
CVE-2007-1193 (Multiple unspecified vulnerabilities in the Login page in OrangeHRM be ...)
- NOT-FOR-US: OrangeHRM
+ - orangehrm <itp> (bug #786622)
CVE-2007-1192 (Thomas R. Pasawicz HyperBook Guestbook 1.30 stores sensitive informati ...)
NOT-FOR-US: HyperBook Guestbook
CVE-2007-1191 (The Social Bookmarks (del.icio.us) plug-in 8F in Quicksilver writes us ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8465314ffcd645418463b3cfba013ac6e7f32ab7
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8465314ffcd645418463b3cfba013ac6e7f32ab7
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220408/6bab1a02/attachment.htm>
More information about the debian-security-tracker-commits
mailing list