[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Apr 28 21:32:39 BST 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
ae5104cc by Salvatore Bonaccorso at 2022-04-28T22:32:15+02:00
Process NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -91,13 +91,13 @@ CVE-2022-1516
CVE-2022-1515
RESERVED
CVE-2022-1514 (Stored XSS via upload plugin functionality in zip format in GitHub rep ...)
- TODO: check
+ NOT-FOR-US: facturascripts
CVE-2022-1513
RESERVED
CVE-2022-1512
RESERVED
CVE-2022-1511 (Improper Access Control in GitHub repository snipe/snipe-it prior to 5 ...)
- TODO: check
+ NOT-FOR-US: snipe-it
CVE-2022-1510
RESERVED
CVE-2022-1509 (Sed Injection Vulnerability in GitHub repository hestiacp/hestiacp pri ...)
@@ -121,7 +121,7 @@ CVE-2022-29861
CVE-2022-29860
RESERVED
CVE-2022-29859 (component/common/network/dhcp/dhcps.c in ambiot amb1_sdk (aka SDK for ...)
- TODO: check
+ NOT-FOR-US: SDK for Ameba1
CVE-2022-29858
RESERVED
CVE-2022-29857
@@ -199,9 +199,9 @@ CVE-2022-29823
CVE-2022-29822
RESERVED
CVE-2022-29821 (In JetBrains Rider before 2022.1 local code execution via links in ReS ...)
- TODO: check
+ NOT-FOR-US: JetBrains Rider
CVE-2022-29820 (In JetBrains PyCharm before 2022.1 exposure of the debugger port to th ...)
- TODO: check
+ NOT-FOR-US: JetBrains
CVE-2022-29819 (In JetBrains IntelliJ IDEA before 2022.1 local code execution via link ...)
TODO: check
CVE-2022-29818 (In JetBrains IntelliJ IDEA before 2022.1 origin checks in the internal ...)
@@ -219,7 +219,7 @@ CVE-2022-29813 (In JetBrains IntelliJ IDEA before 2022.1 local code execution vi
CVE-2022-29812 (In JetBrains IntelliJ IDEA before 2022.1 notification mechanisms about ...)
TODO: check
CVE-2022-29811 (In JetBrains Hub before 2022.1.14638 stored XSS via project icon was p ...)
- TODO: check
+ NOT-FOR-US: JetBrains Hub
CVE-2022-1508
RESERVED
- linux 5.15.3-1
@@ -1435,17 +1435,17 @@ CVE-2022-29417 (Plugin Settings Update vulnerability in ShortPixel's ShortPixel
CVE-2022-29416
RESERVED
CVE-2022-29415 (Unauthenticated Reflected Cross-Site Scripting (XSS) vulnerability in ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-29414
RESERVED
CVE-2022-29413 (Cross-Site Request Forgery (CSRF) leading to Stored Cross-Site Scripti ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-29412 (Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in Hermit & ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-29411 (SQL Injection (SQLi) vulnerability in Mufeng's Hermit 音乐 ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-29410 (Authenticated SQL Injection (SQLi) vulnerability in Mufeng's Hermit &# ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-29409
RESERVED
CVE-2022-29408
@@ -1842,7 +1842,7 @@ CVE-2022-1351 (Stored XSS in Tooltip in GitHub repository pimcore/pimcore prior
CVE-2022-29264 (An issue was discovered in coreboot 4.13 through 4.16. On APs, arbitra ...)
- coreboot <itp> (bug #381727)
CVE-2022-28719 (Missing authentication for critical function in AssetView prior to Ver ...)
- TODO: check
+ NOT-FOR-US: AssetView
CVE-2022-1350 (A vulnerability classified as problematic was found in GhostPCL 9.55.0 ...)
- ghostscript <unfixed> (unimportant)
NOTE: https://vuldb.com/?id.197290
@@ -2126,7 +2126,7 @@ CVE-2022-29153 (HashiCorp Consul and Consul Enterprise through 2022-04-12 allow
- consul <unfixed>
NOTE: https://discuss.hashicorp.com/t/hcsec-2022-10-consul-s-http-health-check-may-allow-server-side-request-forgery/38393
CVE-2022-29152 (The Ericom PowerTerm WebConnect 6.0 login portal can unsafely write an ...)
- TODO: check
+ NOT-FOR-US: Ericom
CVE-2022-29151
RESERVED
CVE-2022-29150
@@ -5145,13 +5145,13 @@ CVE-2022-28119
CVE-2022-28118
RESERVED
CVE-2022-28117 (A Server-Side Request Forgery (SSRF) in feed_parser class of Navigate ...)
- TODO: check
+ NOT-FOR-US: Navigate CMS
CVE-2022-28116 (Online Banking System v1.0 was discovered to contain a SQL injection v ...)
NOT-FOR-US: Online Banking System
CVE-2022-28115 (Online Sports Complex Booking v1.0 was discovered to contain a SQL inj ...)
NOT-FOR-US: Online Sports Complex Booking
CVE-2022-28114 (DSCMS v3.0 was discovered to contain an arbitrary file deletion vulner ...)
- TODO: check
+ NOT-FOR-US: DSCMS
CVE-2022-28113 (An issue in upload.csp of FANTEC GmbH MWiD25-DS Firmware v2.000.030 al ...)
NOT-FOR-US: FANTEC GmbH MWiD25-DS Firmware
CVE-2022-28112
@@ -5175,9 +5175,9 @@ CVE-2022-28104
CVE-2022-28103
RESERVED
CVE-2022-28102 (A cross-site scripting (XSS) vulnerability in PHP MySQL Admin Panel Ge ...)
- TODO: check
+ NOT-FOR-US: PHP MySQL Admin Panel Generator
CVE-2022-28101 (Turtlapp Turtle Note v0.7.2.6 does not filter the <meta> tag dur ...)
- TODO: check
+ NOT-FOR-US: Turtlapp Turtle Note
CVE-2022-28100
RESERVED
CVE-2022-28099
@@ -5806,7 +5806,7 @@ CVE-2022-27862 (Arbitrary File Upload leading to RCE in E4J s.r.l. VikBooking Ho
CVE-2022-27861
RESERVED
CVE-2022-27860 (Cross-Site Request Forgery (CSRF) leading to Cross-Site Scripting (XSS ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-27859
RESERVED
CVE-2022-27858
@@ -13845,7 +13845,7 @@ CVE-2022-24937
CVE-2022-24936
RESERVED
CVE-2022-24935 (Lexmark products through 2022-02-10 have Incorrect Access Control. ...)
- TODO: check
+ NOT-FOR-US: Lexmark
CVE-2022-24934 (wpsupdater.exe in Kingsoft WPS Office through 11.2.0.10382 allows remo ...)
NOT-FOR-US: Kingsoft WPS Office
CVE-2022-24933
@@ -13942,7 +13942,7 @@ CVE-2022-24894
CVE-2022-24893
RESERVED
CVE-2022-24892 (Shopware is an open source e-commerce software platform. Starting with ...)
- TODO: check
+ NOT-FOR-US: Shopware
CVE-2022-24891 (ESAPI (The OWASP Enterprise Security API) is a free, open source, web ...)
TODO: check
CVE-2022-24890
@@ -13976,7 +13976,7 @@ CVE-2022-24881 (Ballcat Codegen provides the function of online editing code to
CVE-2022-24880 (flask-session-captcha is a package which allows users to extend Flask ...)
NOT-FOR-US: flask-session-captcha
CVE-2022-24879 (Shopware is an open source e-commerce software platform. Versions prio ...)
- TODO: check
+ NOT-FOR-US: Shopware
CVE-2022-24878
RESERVED
CVE-2022-24877
@@ -13988,7 +13988,7 @@ CVE-2022-24875 (The CVEProject/cve-services is an open source project used to op
CVE-2022-24874
REJECTED
CVE-2022-24873 (Shopware is an open source e-commerce software platform. Prior to vers ...)
- TODO: check
+ NOT-FOR-US: Shopware
CVE-2022-24872 (Shopware is an open commerce platform based on Symfony Framework and V ...)
NOT-FOR-US: Shopware
CVE-2022-24871 (Shopware is an open commerce platform based on Symfony Framework and V ...)
@@ -21520,11 +21520,11 @@ CVE-2022-22785
CVE-2022-22784
RESERVED
CVE-2022-22783 (A vulnerability in Zoom On-Premise Meeting Connector Controller versio ...)
- TODO: check
+ NOT-FOR-US: Zoom
CVE-2022-22782 (The Zoom Client for Meetings for Windows prior to version 5.9.7, Zoom ...)
- TODO: check
+ NOT-FOR-US: Zoom
CVE-2022-22781 (The Zoom Client for Meetings for MacOS (Standard and for IT Admin) pri ...)
- TODO: check
+ NOT-FOR-US: Zoom
CVE-2022-22780 (The Zoom Client for Meetings chat functionality was susceptible to Zip ...)
NOT-FOR-US: Zoom
CVE-2022-22779 (The Keybase Clients for macOS and Windows before version 5.9.0 fails t ...)
@@ -30945,7 +30945,7 @@ CVE-2021-43941 (Affected versions of Atlassian Jira Server and Data Center allow
CVE-2021-43940 (Affected versions of Atlassian Confluence Server and Data Center allow ...)
NOT-FOR-US: Atlassian Confluence
CVE-2021-43939 (Elcomplus SmartPTT is vulnerable when a low-authenticated user can acc ...)
- TODO: check
+ NOT-FOR-US: Elcomplus SmartPTT
CVE-2021-43938
RESERVED
CVE-2021-43937
@@ -30955,15 +30955,15 @@ CVE-2021-43936 (The software allows the attacker to upload or transfer files of
CVE-2021-43935 (The impacted products, when configured to use SSO, are affected by an ...)
NOT-FOR-US: Hillrom
CVE-2021-43934 (Elcomplus SmartPTT is vulnerable as the backup and restore system does ...)
- TODO: check
+ NOT-FOR-US: Elcomplus SmartPTT
CVE-2021-43933 (The affected product is vulnerable to a network-based attack by threat ...)
NOT-FOR-US: FANUC Roboguide
CVE-2021-43932 (Elcomplus SmartPTT is vulnerable when an attacker injects JavaScript c ...)
- TODO: check
+ NOT-FOR-US: Elcomplus SmartPTT
CVE-2021-43931 (The authentication algorithm of the WebHMI portal is sound, but the im ...)
NOT-FOR-US: Distributed Data Systems
CVE-2021-43930 (Elcomplus SmartPTT is vulnerable as the backup and restore system does ...)
- TODO: check
+ NOT-FOR-US: Elcomplus SmartPTT
CVE-2021-43929 (Improper neutralization of special elements in output used by a downst ...)
NOT-FOR-US: Synology
CVE-2021-43928 (Improper neutralization of special elements used in an OS command ('OS ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ae5104ccec329888f99310a2c1e98b205df56d64
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ae5104ccec329888f99310a2c1e98b205df56d64
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220428/e9edff29/attachment.htm>
More information about the debian-security-tracker-commits
mailing list