[Git][security-tracker-team/security-tracker][master] Process some NFUs
Neil Williams (@codehelp)
codehelp at debian.org
Thu Aug 18 09:32:26 BST 2022
Neil Williams pushed to branch master at Debian Security Tracker / security-tracker
Commits:
202bf3e2 by Neil Williams at 2022-08-18T09:32:02+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -23888,7 +23888,7 @@ CVE-2022-1412 (The Log WP_Mail WordPress plugin through 0.1 saves sent email in
CVE-2022-1411 (Unrestructed file upload in GitHub repository yetiforcecompany/yetifor ...)
NOT-FOR-US: yetiforcecrm
CVE-2022-1410 (OS Command Injection vulnerability in the db_optimize component of Dev ...)
- TODO: check
+ NOT-FOR-US: Device42 Asset Management Appliance
CVE-2022-1409 (The VikBooking Hotel Booking Engine & PMS WordPress plugin before ...)
NOT-FOR-US: WordPress plugin
CVE-2022-1408 (The VikBooking Hotel Booking Engine & PMS WordPress plugin before ...)
@@ -23932,11 +23932,11 @@ CVE-2022-1403 (ASDA-Soft: Version 5.4.1.0 and prior does not properly sanitize i
CVE-2022-1402 (ASDA-Soft: Version 5.4.1.0 and prior does not properly sanitize input ...)
NOT-FOR-US: ASDA-Soft
CVE-2022-1401 (Improper Access Control vulnerability in the /Exago/WrImageResource.ad ...)
- TODO: check
+ NOT-FOR-US: Device42 Asset Management Appliance
CVE-2022-1400 (Use of Hard-coded Cryptographic Key vulnerability in the WebReportsApi ...)
- TODO: check
+ NOT-FOR-US: Device42 Asset Management Appliance
CVE-2022-1399 (An Argument Injection or Modification vulnerability in the "Change Sec ...)
- TODO: check
+ NOT-FOR-US: Device42 CMDB
CVE-2022-1398 (The External Media without Import WordPress plugin through 1.1.2 does ...)
NOT-FOR-US: WordPress plugin
CVE-2022-1397 (API Privilege Escalation in GitHub repository alextselegidis/easyappoi ...)
@@ -49109,7 +49109,7 @@ CVE-2021-45456 (Apache kylin checks the legitimacy of the project before executi
CVE-2021-45455
RESERVED
CVE-2021-45454 (Ampere Altra before SRP 1.08b and Altra Max before SRP 2.05 all ...)
- TODO: check
+ NOT-FOR-US: Ampere Altra
CVE-2021-45453
RESERVED
CVE-2021-45452 (Storage.save in Django 2.2 before 2.2.26, 3.2 before 3.2.11, and 4.0 b ...)
@@ -62710,7 +62710,7 @@ CVE-2021-42054 (ACCEL-PPP 1.12.0 has an out-of-bounds read in triton_context_sch
CVE-2021-42053 (The Unicorn framework through 0.35.3 for Django allows XSS via compone ...)
NOT-FOR-US: Django Unicorn, different from src:unicorn
CVE-2021-42052 (IPESA e-Flow 3.3.6 allows path traversal for reading any file within t ...)
- TODO: check
+ NOT-FOR-US: IPESA e-Flow
CVE-2021-42051 (An issue was discovered in AbanteCart before 1.3.2. Any low-privileged ...)
NOT-FOR-US: AbanteCart
CVE-2021-42050 (An issue was discovered in AbanteCart before 1.3.2. It allows DOM Base ...)
@@ -92208,7 +92208,7 @@ CVE-2021-30492
CVE-2021-30491
RESERVED
CVE-2021-30490 (upsMonitor in ViewPower (aka ViewPowerHTML) 1.04-21012 through 1.04-21 ...)
- TODO: check
+ NOT-FOR-US: ViewPowerHTML
CVE-2021-30489
RESERVED
CVE-2021-30488
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/202bf3e273952161099a240077c514945d5645e3
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/202bf3e273952161099a240077c514945d5645e3
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220818/262463b1/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list