[Git][security-tracker-team/security-tracker][master] Process some more NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Apr 8 21:54:45 BST 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
68e25148 by Salvatore Bonaccorso at 2022-04-08T22:54:19+02:00
Process some more NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -4870,13 +4870,13 @@ CVE-2022-27066
CVE-2022-27065
RESERVED
CVE-2022-27064 (Musical World v1 was discovered to contain an arbitrary file upload vu ...)
- TODO: check
+ NOT-FOR-US: Musical World
CVE-2022-27063 (AeroCMS v0.0.1 was discovered to contain a stored cross-site scripting ...)
- TODO: check
+ NOT-FOR-US: AeroCMS
CVE-2022-27062 (AeroCMS v0.0.1 was discovered to contain a stored cross-site scripting ...)
- TODO: check
+ NOT-FOR-US: AeroCMS
CVE-2022-27061 (AeroCMS v0.0.1 was discovered to contain an arbitrary file upload vuln ...)
- TODO: check
+ NOT-FOR-US: AeroCMS
CVE-2022-27060
RESERVED
CVE-2022-27059
@@ -4904,7 +4904,7 @@ CVE-2022-27049 (Raidrive before v2021.12.35 allows attackers to arbitrarily move
CVE-2022-27048
RESERVED
CVE-2022-27047 (mogu_blog_cms 5.2 suffers from upload arbitrary files without any limi ...)
- TODO: check
+ NOT-FOR-US: mogu_blog_cms
CVE-2022-27046 (libsixel 1.8.6 suffers from a Heap Use After Free vulnerability in in ...)
TODO: check
CVE-2022-27045
@@ -5026,7 +5026,7 @@ CVE-2022-26988
CVE-2022-26987
RESERVED
CVE-2022-26986 (SQL Injection in ImpressCMS 1.4.3 and earlier allows remote attackers ...)
- TODO: check
+ NOT-FOR-US: ImpressCMS
CVE-2022-26985
RESERVED
CVE-2022-26984
@@ -5034,7 +5034,7 @@ CVE-2022-26984
CVE-2022-26983
RESERVED
CVE-2022-26982 (SimpleMachinesForum 2.1.1 and earlier allows remote authenticated admi ...)
- TODO: check
+ NOT-FOR-US: Simple Machines Forum (SMF)
CVE-2022-0947
RESERVED
CVE-2022-0946 (Stored XSS viva cshtm file upload in GitHub repository star7th/showdoc ...)
@@ -5133,9 +5133,9 @@ CVE-2022-0937 (Stored xss in showdoc through file upload in GitHub repository st
CVE-2022-26954
RESERVED
CVE-2022-26953 (Digi Passport Firmware through 1.5.1,1 is affected by a buffer overflo ...)
- TODO: check
+ NOT-FOR-US: Digi Passport Firmware
CVE-2022-26952 (Digi Passport Firmware through 1.5.1,1 is affected by a buffer overflo ...)
- TODO: check
+ NOT-FOR-US: Digi Passport Firmware
CVE-2022-26951 (Archer 6.x through 6.10 (6.10.0.0) contains a reflected XSS vulnerabil ...)
NOT-FOR-US: Archer
CVE-2022-26950 (Archer 6.x through 6.9 P2 (6.9.0.2) is affected by an open redirect vu ...)
@@ -5217,15 +5217,15 @@ CVE-2022-26914
CVE-2022-26913
RESERVED
CVE-2022-26912 (Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-26911
RESERVED
CVE-2022-26910
RESERVED
CVE-2022-26909 (Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-26908 (Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-26907
RESERVED
CVE-2022-26906
@@ -5241,7 +5241,7 @@ CVE-2022-26902
CVE-2022-26901
RESERVED
CVE-2022-26900 (Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-26899
RESERVED
CVE-2022-26898
@@ -5251,15 +5251,15 @@ CVE-2022-26897
CVE-2022-26896
RESERVED
CVE-2022-26895 (Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-26894 (Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-26893
RESERVED
CVE-2022-26892
RESERVED
CVE-2022-26891 (Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-26061
RESERVED
CVE-2022-25972
@@ -5267,7 +5267,7 @@ CVE-2022-25972
CVE-2022-25942
RESERVED
CVE-2022-0935 (Host Header injection in password Reset in GitHub repository livehelpe ...)
- TODO: check
+ NOT-FOR-US: livehelperchat
CVE-2022-26886
RESERVED
CVE-2022-26885
@@ -5583,7 +5583,7 @@ CVE-2022-0903 (A call stack overflow bug in the SAML login feature in Mattermost
CVE-2022-0902
RESERVED
CVE-2022-0901 (The Ad Inserter Free and Pro WordPress plugins before 2.7.12 do not sa ...)
- TODO: check
+ NOT-FOR-US: WordPress plugins
CVE-2022-0900
RESERVED
CVE-2022-0899
@@ -5857,9 +5857,9 @@ CVE-2022-26846 (SPIP before 3.2.14 and 4.x before 4.0.5 allows remote authentica
NOTE: https://git.spip.net/spip/medias/commit/3014b845da2dd8ad15ff04b50fd9dbba388a9ca2
NOTE: https://blog.spip.net/Mise-a-jour-critique-de-securite-sorties-de-SPIP-4-0-5-et-SPIP-3-2-14.html
CVE-2022-26676 (aEnrich a+HRD has inadequate privilege restrictions, an unauthenticate ...)
- TODO: check
+ NOT-FOR-US: aEnrich a+HRD
CVE-2022-26675 (aEnrich a+HRD has inadequate filtering for special characters in URLs. ...)
- TODO: check
+ NOT-FOR-US: aEnrich a+HRD
CVE-2022-26674
RESERVED
CVE-2022-26673
@@ -5867,9 +5867,9 @@ CVE-2022-26673
CVE-2022-26672
RESERVED
CVE-2022-26671 (Taiwan Secom Dr.ID Access Control system’s login page has a hard ...)
- TODO: check
+ NOT-FOR-US: Taiwan Secom Dr.ID Access Control system
CVE-2022-26670 (D-Link DIR-878 has inadequate filtering for special characters in the ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2022-26669
RESERVED
CVE-2022-26668
@@ -5957,13 +5957,13 @@ CVE-2022-26632
CVE-2022-26631
RESERVED
CVE-2022-26630 (Jellycms v3.8.1 and below was discovered to contain an arbitrary file ...)
- TODO: check
+ NOT-FOR-US: Jellycms
CVE-2022-26629 (An Access Control vulnerability exists in SoroushPlus+ Messenger 1.0.3 ...)
NOT-FOR-US: SoroushPlus+ Messenger
CVE-2022-26628 (Matrimony v1.0 was discovered to contain a SQL injection vulnerability ...)
- TODO: check
+ NOT-FOR-US: Matrimony
CVE-2022-26627 (Online Project Time Management System v1.0 was discovered to contain a ...)
- TODO: check
+ NOT-FOR-US: Online Project Time Management System
CVE-2022-26626
RESERVED
CVE-2022-26625
@@ -5985,13 +5985,13 @@ CVE-2022-26618
CVE-2022-26617
RESERVED
CVE-2022-26616 (PKP Vendor Open Journal System v2.4.8 to v3.3.8 allows attackers to pe ...)
- TODO: check
+ NOT-FOR-US: PKP Vendor Open Journal System
CVE-2022-26615 (A cross-site scripting (XSS) vulnerability in College Website Content ...)
NOT-FOR-US: SourceCodester Simple College Website
CVE-2022-26614
RESERVED
CVE-2022-26613 (PHP-CMS v1.0 was discovered to contain a SQL injection vulnerability v ...)
- TODO: check
+ NOT-FOR-US: PHP-CMS
CVE-2022-26612 (In Apache Hadoop, The unTar function uses unTarUsingJava function on W ...)
- hadoop <itp> (bug #793644)
CVE-2022-26611
@@ -6003,11 +6003,11 @@ CVE-2022-26609
CVE-2022-26608
RESERVED
CVE-2022-26607 (A remote code execution (RCE) vulnerability in baigo CMS v3.0-alpha-2 ...)
- TODO: check
+ NOT-FOR-US: baigo CMS
CVE-2022-26606
RESERVED
CVE-2022-26605 (eZiosuite v2.0.7 contains an authenticated arbitrary file upload via t ...)
- TODO: check
+ NOT-FOR-US: eZiosuite
CVE-2022-26604
RESERVED
CVE-2022-26603
@@ -6035,7 +6035,7 @@ CVE-2022-26593
CVE-2022-26592
RESERVED
CVE-2022-26591 (FANTEC GmbH MWiD25-DS Firmware v2.000.030 allows unauthenticated attac ...)
- TODO: check
+ NOT-FOR-US: FANTEC GmbH MWiD25-DS Firmware
CVE-2022-26590
RESERVED
CVE-2022-26589
@@ -6047,7 +6047,7 @@ CVE-2022-26587
CVE-2022-26586
RESERVED
CVE-2022-26585 (Mingsoft MCMS v5.2.7 was discovered to contain a SQL injection vulnera ...)
- TODO: check
+ NOT-FOR-US: Mingsoft MCMS
CVE-2022-26584
RESERVED
CVE-2022-26583
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/68e251486f786aa47cd2c3f9d633cb52b041e379
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/68e251486f786aa47cd2c3f9d633cb52b041e379
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220408/7749450a/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list