[Git][security-tracker-team/security-tracker][master] 2 commits: Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Jan 28 20:26:28 GMT 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
f7a8379d by Salvatore Bonaccorso at 2022-01-28T21:25:18+01:00
Process some NFUs
- - - - -
ce5976c7 by Salvatore Bonaccorso at 2022-01-28T21:25:58+01:00
Add CVE-2022-217{19,20}/glpi
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -129,7 +129,7 @@ CVE-2022-24073
CVE-2022-24072
RESERVED
CVE-2022-24071 (A Built-in extension in Whale browser before 3.12.129.46 allows attack ...)
- TODO: check
+ NOT-FOR-US: Whale browser
CVE-2022-24070
RESERVED
CVE-2022-0396
@@ -137,7 +137,7 @@ CVE-2022-0396
CVE-2022-0395
RESERVED
CVE-2022-0394 (Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat ...)
- TODO: check
+ NOT-FOR-US: livehelperchat
CVE-2022-0393
RESERVED
CVE-2022-24069
@@ -1212,7 +1212,7 @@ CVE-2021-46404
CVE-2022-23864
RESERVED
CVE-2022-23863 (Zoho ManageEngine Desktop Central before 10.1.2137.10 allows an authen ...)
- TODO: check
+ NOT-FOR-US: Zoho ManageEngine
CVE-2022-23862
RESERVED
CVE-2022-23861
@@ -4124,7 +4124,7 @@ CVE-2022-22870
CVE-2022-22869
RESERVED
CVE-2022-22868 (Gibbon CMS v22.0.01 was discovered to contain a cross-site scripting ( ...)
- TODO: check
+ NOT-FOR-US: Gibbon CMS
CVE-2022-22867
RESERVED
CVE-2022-22866
@@ -6067,7 +6067,7 @@ CVE-2022-22296 (Sourcecodester Hospital's Patient Records Management System 1.0
CVE-2022-22295
RESERVED
CVE-2022-22294 (A SQL injection vulnerability exists in ZFAKA<=1.43 which an attack ...)
- TODO: check
+ NOT-FOR-US: zfaka
CVE-2022-0086 (uppy is vulnerable to Server-Side Request Forgery (SSRF) ...)
NOT-FOR-US: Node uppy
CVE-2022-0085
@@ -6959,11 +6959,11 @@ CVE-2021-45901
CVE-2021-45900
RESERVED
CVE-2021-45899 (SuiteCRM before 7.12.3 and 8.x before 8.0.2 allows PHAR deserializatio ...)
- TODO: check
+ NOT-FOR-US: SuiteCRM
CVE-2021-45898 (SuiteCRM before 7.12.3 and 8.x before 8.0.2 allows local file inclusio ...)
- TODO: check
+ NOT-FOR-US: SuiteCRM
CVE-2021-45897 (SuiteCRM before 7.12.3 and 8.x before 8.0.2 allows remote code executi ...)
- TODO: check
+ NOT-FOR-US: SuiteCRM
CVE-2021-45896 (Nokia FastMile 3TG00118ABAD52 devices allow privilege escalation by an ...)
NOT-FOR-US: Nokia FastMile 3TG00118ABAD52 devices
CVE-2021-45895 (Netgen Tags Bundle 3.4.x before 3.4.11 and 4.0.x before 4.0.15 allows ...)
@@ -8585,7 +8585,7 @@ CVE-2021-45437
CVE-2021-45436
RESERVED
CVE-2021-45435 (An SQL Injection vulnerability exists in Sourcecodester Simple Cold St ...)
- TODO: check
+ NOT-FOR-US: Sourcecodester
CVE-2021-45434
RESERVED
CVE-2021-45433
@@ -10233,7 +10233,7 @@ CVE-2021-44973
CVE-2021-44972
RESERVED
CVE-2021-44971 (Multiple Tenda devices are affected by authentication bypass, such as ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2021-44970
RESERVED
CVE-2021-44969
@@ -12273,7 +12273,7 @@ CVE-2021-44251
CVE-2021-44250
RESERVED
CVE-2021-44249 (Online Motorcycle (Bike) Rental System 1.0 is vulnerable to a Blind Ti ...)
- TODO: check
+ NOT-FOR-US: Online Motorcycle (Bike) Rental System
CVE-2021-44248
RESERVED
CVE-2021-44247
@@ -13330,9 +13330,11 @@ CVE-2022-21722 (PJSIP is a free and open source multimedia communication library
CVE-2022-21721
RESERVED
CVE-2022-21720 (GLPI is a free asset and IT management software package. Prior to vers ...)
- TODO: check
+ - glpi <removed> (unimportant)
+ NOTE: Only supported behind an authenticated HTTP zone
CVE-2022-21719 (GLPI is a free asset and IT management software package. All GLPI vers ...)
- TODO: check
+ - glpi <removed> (unimportant)
+ NOTE: Only supported behind an authenticated HTTP zone
CVE-2022-21718
RESERVED
CVE-2022-21717
@@ -22409,9 +22411,9 @@ CVE-2021-3829 (openwhyd is vulnerable to URL Redirection to Untrusted Site ...)
CVE-2021-41610
REJECTED
CVE-2021-41609 (SQL injection in the ID parameter of the UploadedImageDisplay.aspx end ...)
- TODO: check
+ NOT-FOR-US: SelectSurvey.NET
CVE-2021-41608 (A file disclosure vulnerability in the UploadedImageDisplay.aspx endpo ...)
- TODO: check
+ NOT-FOR-US: SelectSurvey.NET
CVE-2021-41607
RESERVED
CVE-2021-41606
@@ -40738,7 +40740,7 @@ CVE-2021-34075 (In Artica Pandora FMS <=754 in the File Manager component, th
CVE-2021-34074 (PandoraFMS <=7.54 allows arbitrary file upload, it leading to remot ...)
NOT-FOR-US: PandoraFMS
CVE-2021-34073 (A Cross Site Scripting (XSS) vulnerabilty exists in Sourcecodester Gad ...)
- TODO: check
+ NOT-FOR-US: Sourcecodester
CVE-2021-34072
RESERVED
CVE-2021-34071 (Heap based buffer overflow in tsMuxer 2.6.16 allows attackers to cause ...)
@@ -82563,9 +82565,9 @@ CVE-2020-28887
CVE-2020-28886
RESERVED
CVE-2020-28885 (Liferay Portal Server tested on 7.3.5 GA6, 7.2.0 GA1 is affected by OS ...)
- TODO: check
+ NOT-FOR-US: Liferay
CVE-2020-28884 (Liferay Portal Server tested on 7.3.5 GA6, 7.2.0 GA1 is affected by OS ...)
- TODO: check
+ NOT-FOR-US: Liferay
CVE-2020-28883
RESERVED
CVE-2020-28882
@@ -93088,7 +93090,7 @@ CVE-2020-25907
CVE-2020-25906
RESERVED
CVE-2020-25905 (An SQL Injection vulnerabilty exists in Sourcecodester Mobile Shop Sys ...)
- TODO: check
+ NOT-FOR-US: Sourcecodester
CVE-2020-25904
RESERVED
CVE-2020-25903
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/d831bb2617e83d5cc7421bd6e0d98e4cae3df2ce...ce5976c75cd463378e94c52c3c7c7c4b3cdddea6
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/d831bb2617e83d5cc7421bd6e0d98e4cae3df2ce...ce5976c75cd463378e94c52c3c7c7c4b3cdddea6
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220128/9b1c7f3b/attachment.htm>
More information about the debian-security-tracker-commits
mailing list