[Git][security-tracker-team/security-tracker][master] 3 commits: Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Mon Aug 8 21:26:11 BST 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
71658853 by Salvatore Bonaccorso at 2022-08-08T22:25:52+02:00
Process some NFUs
- - - - -
502a8b9e by Salvatore Bonaccorso at 2022-08-08T22:25:54+02:00
Add new zammad CVEs, itp'ed
- - - - -
be4c2264 by Salvatore Bonaccorso at 2022-08-08T22:25:55+02:00
Add CVE-2022-34293/wolfssl
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -869,25 +869,25 @@ CVE-2022-37454
CVE-2022-37453
RESERVED
CVE-2022-2708 (A vulnerability, which was classified as critical, was found in Source ...)
- TODO: check
+ NOT-FOR-US: SourceCodester Gym Management System
CVE-2022-2707 (A vulnerability classified as critical was found in SourceCodester Onl ...)
- TODO: check
+ NOT-FOR-US: SourceCodester Online Class and Exam Scheduling System
CVE-2022-2706 (A vulnerability classified as critical has been found in SourceCodeste ...)
- TODO: check
+ NOT-FOR-US: SourceCodester Online Class and Exam Scheduling System
CVE-2022-2705 (A vulnerability was found in SourceCodester Simple Student Information ...)
- TODO: check
+ NOT-FOR-US: SourceCodester Simple Student Information System
CVE-2022-2704 (A vulnerability was found in SourceCodester Simple E-Learning System. ...)
- TODO: check
+ NOT-FOR-US: SourceCodester Simple E-Learning System
CVE-2022-2703 (A vulnerability was found in SourceCodester Gym Management System. It ...)
- TODO: check
+ NOT-FOR-US: SourceCodester Gym Management System
CVE-2022-2702 (A vulnerability was found in SourceCodester Company Website CMS and cl ...)
- TODO: check
+ NOT-FOR-US: SourceCodester Company Website CMS
CVE-2022-2701 (A vulnerability classified as problematic was found in SourceCodester ...)
- TODO: check
+ NOT-FOR-US: SourceCodester Simple E-Learning System
CVE-2022-2700 (A vulnerability classified as critical has been found in SourceCodeste ...)
- TODO: check
+ NOT-FOR-US: SourceCodester Gym Management System
CVE-2022-2699 (A vulnerability was found in SourceCodester Simple E-Learning System. ...)
- TODO: check
+ NOT-FOR-US: SourceCodester Simple E-Learning System
CVE-2022-2698 (A vulnerability was found in SourceCodester Simple E-Learning System. ...)
NOT-FOR-US: SourceCodester Simple E-Learning System
CVE-2022-2697 (A vulnerability was found in SourceCodester Simple E-Learning System. ...)
@@ -4060,13 +4060,13 @@ CVE-2022-36269
CVE-2022-36268
RESERVED
CVE-2022-36267 (In Airspan AirSpot 5410 version 0.3.4.1-4 and under there exists a Una ...)
- TODO: check
+ NOT-FOR-US: Airspan AirSpot
CVE-2022-36266 (In Airspan AirSpot 5410 version 0.3.4.1-4 and under there exists a sto ...)
- TODO: check
+ NOT-FOR-US: Airspan AirSpot
CVE-2022-36265 (In Airspan AirSpot 5410 version 0.3.4.1-4 and under there exists a Hid ...)
- TODO: check
+ NOT-FOR-US: Airspan AirSpot
CVE-2022-36264 (In Airspan AirSpot 5410 version 0.3.4.1-4 and under there exists an Un ...)
- TODO: check
+ NOT-FOR-US: Airspan AirSpot
CVE-2022-36263
RESERVED
CVE-2022-36262
@@ -5843,13 +5843,13 @@ CVE-2022-35492
CVE-2022-35491
RESERVED
CVE-2022-35490 (Zammad 5.2.0 is vulnerable to privilege escalation. Zammad has a preve ...)
- TODO: check
+ - zammad <itp> (bug #841355)
CVE-2022-35489 (In Zammad 5.2.0, customers who have secondary organizations assigned w ...)
- TODO: check
+ - zammad <itp> (bug #841355)
CVE-2022-35488 (In Zammad 5.2.0, an attacker could manipulate the rate limiting in the ...)
- TODO: check
+ - zammad <itp> (bug #841355)
CVE-2022-35487 (Zammad 5.2.0 suffers from Incorrect Access Control. Zammad did not cor ...)
- TODO: check
+ - zammad <itp> (bug #841355)
CVE-2022-35486
RESERVED
CVE-2022-35485
@@ -9012,7 +9012,8 @@ CVE-2022-34295 (totd before 1.5.3 does not properly randomize mesg IDs. ...)
CVE-2022-34294
RESERVED
CVE-2022-34293 (wolfSSL before 5.4.0 allows remote attackers to cause a denial of serv ...)
- TODO: check
+ - wolfssl <unfixed>
+ NOTE: http://www.openwall.com/lists/oss-security/2022/08/08/6
CVE-2022-34292
RESERVED
CVE-2022-34291 (A vulnerability has been identified in PADS Standard/Plus Viewer (All ...)
@@ -23593,7 +23594,7 @@ CVE-2022-1325
CVE-2022-1324 (The Event Timeline WordPress plugin through 1.1.5 does not sanitize an ...)
NOT-FOR-US: WordPress plugin
CVE-2022-1323 (The Discy WordPress theme before 5.0 lacks authorization checks then p ...)
- TODO: check
+ NOT-FOR-US: WordPress theme
CVE-2022-1322
RESERVED
CVE-2022-1321 (The miniOrange's Google Authenticator WordPress plugin before 5.5.6 do ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/ffb81929b760ac7b7a70f276709b3a324351d0ec...be4c2264f2b65ae65a50dfff091934d9e7b6bbe1
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/ffb81929b760ac7b7a70f276709b3a324351d0ec...be4c2264f2b65ae65a50dfff091934d9e7b6bbe1
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220808/2caefe35/attachment.htm>
More information about the debian-security-tracker-commits
mailing list