[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Mon Jun 13 19:56:57 BST 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
a4f0eb9a by Salvatore Bonaccorso at 2022-06-13T20:56:21+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -6271,11 +6271,11 @@ CVE-2022-30618 (An authenticated user with access to the Strapi admin panel can
CVE-2022-30617 (An authenticated user with access to the Strapi admin panel can view p ...)
NOT-FOR-US: Strapi
CVE-2022-29525 (Rakuten Casa version AP_F_V1_4_1 or AP_F_V2_0_0 uses a hard-coded cred ...)
- TODO: check
+ NOT-FOR-US: Rakuten Casa
CVE-2022-28704 (Improper access control vulnerability in Rakuten Casa version AP_F_V1_ ...)
- TODO: check
+ NOT-FOR-US: Rakuten Casa
CVE-2022-26834 (Improper access control vulnerability in Rakuten Casa version AP_F_V1_ ...)
- TODO: check
+ NOT-FOR-US: Rakuten Casa
CVE-2022-1705
RESERVED
CVE-2022-1704
@@ -6319,7 +6319,7 @@ CVE-2022-29522
CVE-2022-29482
RESERVED
CVE-2022-27231 (Cross-site scripting vulnerability exists in WP Statistics versions pr ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-26302
RESERVED
CVE-2022-1699 (Uncontrolled Resource Consumption in GitHub repository causefx/organiz ...)
@@ -6403,9 +6403,9 @@ CVE-2022-30589
CVE-2022-30588
RESERVED
CVE-2022-30587 (Gradle Enterprise through 2022.2.2 has Incorrect Access Control that l ...)
- TODO: check
+ NOT-FOR-US: Gradle Enterprise
CVE-2022-30586 (Gradle Enterprise through 2022.2.2 has Incorrect Access Control that l ...)
- TODO: check
+ NOT-FOR-US: Gradle Enterprise
CVE-2022-30585 (The REST API in Archer Platform 6.x before 6.11 (6.11.0.0) contains an ...)
NOT-FOR-US: Archer
CVE-2022-30584 (Archer Platform 6.3 before 6.11 (6.11.0.0) contains an Improper Access ...)
@@ -6807,7 +6807,7 @@ CVE-2022-30498
CVE-2022-30497
RESERVED
CVE-2022-30496 (SQL injection in Logon Page of IDCE MV's application, version 1.0, all ...)
- TODO: check
+ NOT-FOR-US: IDCE MV's application
CVE-2022-30495 (In oretnom23 Automotive Shop Management System v1.0, the name id param ...)
NOT-FOR-US: oretnom23 Automotive Shop Management System
CVE-2022-30494 (In oretnom23 Automotive Shop Management System v1.0, the first and las ...)
@@ -7125,7 +7125,7 @@ CVE-2022-30336
CVE-2022-30335 (Bonanza Wealth Management System (BWM) 7.3.2 allows SQL injection via ...)
NOT-FOR-US: Bonanza Wealth Management System
CVE-2022-26041 (Directory traversal vulnerability in RCCMD 4.26 and earlier allows a r ...)
- TODO: check
+ NOT-FOR-US: RCCMD
CVE-2022-1623 (LibTIFF master branch has an out-of-bounds read in LZWDecode in libtif ...)
- tiff <unfixed>
[bullseye] - tiff <no-dsa> (Minor issue)
@@ -7315,7 +7315,7 @@ CVE-2022-30293 (In WebKitGTK through 2.36.0 (and WPE WebKit), there is a heap-ba
[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
- wpewebkit 2.36.1-1
CVE-2022-29894 (Strapi v3.x.x versions and earlier contain a stored cross-site scripti ...)
- TODO: check
+ NOT-FOR-US: Strapi
CVE-2022-1602
RESERVED
CVE-2022-1601
@@ -9309,7 +9309,7 @@ CVE-2022-29619
CVE-2022-29618
RESERVED
CVE-2022-29617 (Due to improper error handling an authenticated user can crash CLA ass ...)
- TODO: check
+ NOT-FOR-US: CLA assistant
CVE-2022-29616 (SAP Host Agent, SAP NetWeaver and ABAP Platform allow an attacker to l ...)
NOT-FOR-US: SAP
CVE-2022-29615
@@ -14042,7 +14042,7 @@ CVE-2022-28053 (Typemill v1.5.3 was discovered to contain an arbitrary file uplo
CVE-2022-28052 (Directory Traversal vulnerability in file cn/roothub/store/FileSystemS ...)
NOT-FOR-US: Roothub
CVE-2022-28051 (The "Add category" functionality inside the "Global Keywords" menu in ...)
- TODO: check
+ NOT-FOR-US: SeedDMS
CVE-2022-28050
RESERVED
CVE-2022-28049 (NGINX NJS 0.7.2 was discovered to contain a NULL pointer dereference v ...)
@@ -15425,7 +15425,7 @@ CVE-2022-27504
CVE-2022-27503 (Cross-site Scripting (XSS) vulnerability in Citrix StoreFront affects ...)
NOT-FOR-US: Citrix
CVE-2022-27502 (RealVNC VNC Server 6.9.0 through 5.1.0 for Windows allows local privil ...)
- TODO: check
+ NOT-FOR-US: RealVNC VNC Server
CVE-2022-27501
RESERVED
CVE-2022-27500
@@ -15621,7 +15621,7 @@ CVE-2022-27440
CVE-2022-27439
RESERVED
CVE-2022-27438 (Caphyon Ltd Advanced Installer 19.2 was discovered to contain a remote ...)
- TODO: check
+ NOT-FOR-US: Caphyon Ltd Advanced Installer
CVE-2022-27437
RESERVED
CVE-2022-27436 (A cross-site scripting (XSS) vulnerability in /public/admin/index.php? ...)
@@ -18798,7 +18798,7 @@ CVE-2022-0825 (The Amelia WordPress plugin before 1.0.49 does not have proper au
CVE-2022-0824 (Improper Access Control to Remote Code Execution in GitHub repository ...)
- webmin <removed>
CVE-2022-0823 (An improper control of interaction frequency vulnerability in Zyxel GS ...)
- TODO: check
+ NOT-FOR-US: Zyxel
CVE-2022-26352
RESERVED
CVE-2022-26351
@@ -21381,7 +21381,7 @@ CVE-2022-25363 (WatchGuard Firebox and XTM appliances allow an authenticated rem
CVE-2022-25362
RESERVED
CVE-2022-25361 (WatchGuard Firebox and XTM appliances allow an unauthenticated remote ...)
- TODO: check
+ NOT-FOR-US: WatchGuard
CVE-2022-25360 (WatchGuard Firebox and XTM appliances allow an authenticated remote at ...)
NOT-FOR-US: WatchGuard
CVE-2022-25359 (On ICL ScadaFlex II SCADA Controller SC-1 and SC-2 1.03.07 devices, un ...)
@@ -22105,11 +22105,11 @@ CVE-2022-25155 (Use of Password Hash Instead of Password for Authentication vuln
CVE-2022-25154 (A DLL hijacking vulnerability in Samsung portable SSD T5 PC software b ...)
NOT-FOR-US: Samsung portable SSD T5
CVE-2022-25153 (The ITarian Endpoint Manage Communication Client, prior to version 6.4 ...)
- TODO: check
+ NOT-FOR-US: ITarian Endpoint Manage Communication Client
CVE-2022-25152 (The ITarian platform (SAAS / on-premise) offers the possibility to run ...)
- TODO: check
+ NOT-FOR-US: ITarian platform
CVE-2022-25151 (Within the Service Desk module of the ITarian platform (SAAS and on-pr ...)
- TODO: check
+ NOT-FOR-US: ITarian platform
CVE-2022-25150 (In Malwarebytes Binisoft Windows Firewall Control before 6.8.1.0, prog ...)
NOT-FOR-US: Malwarebytes Binisoft Windows Firewall Control
CVE-2022-25149 (The WP Statistics WordPress plugin is vulnerable to SQL Injection due ...)
@@ -22682,7 +22682,7 @@ CVE-2022-24971 (This vulnerability allows remote attackers to execute arbitrary
CVE-2022-24970
RESERVED
CVE-2022-24969 (bypass CVE-2021-25640 > In Apache Dubbo prior to 2.6.12 and 2.7.15, ...)
- TODO: check
+ NOT-FOR-US: Apache Dubbo
CVE-2022-24968 (In Mellium mellium.im/xmpp through 0.21.0, an attacker capable of spoo ...)
NOT-FOR-US: Mellium
CVE-2022-24967 (Black Rainbow NIMBUS before 3.7.0 allows stored Cross-site Scripting ( ...)
@@ -22870,7 +22870,7 @@ CVE-2022-24898 (org.xwiki.commons:xwiki-commons-xml is a common module used by o
CVE-2022-24897 (APIs to evaluate content with Velocity is a package for APIs to evalua ...)
NOT-FOR-US: Xwiki
CVE-2022-24896 (Tuleap is a Free & Open Source Suite to manage software developmen ...)
- TODO: check
+ NOT-FOR-US: Tuleap
CVE-2022-24895
RESERVED
CVE-2022-24894
@@ -29246,7 +29246,7 @@ CVE-2022-23140
CVE-2022-23139 (ZTE's ZXMP M721 product has a permission and access control vulnerabil ...)
NOT-FOR-US: ZTE ZXMP M721
CVE-2022-23138 (ZTE's MF297D product has cryptographic issues vulnerability. Due to th ...)
- TODO: check
+ NOT-FOR-US: ZTE
CVE-2022-23137 (ZTE's ZXCDN product has a reflective XSS vulnerability. The attacker c ...)
NOT-FOR-US: ZXCDN
CVE-2022-23136 (There is a stored XSS vulnerability in ZTE home gateway product. An at ...)
@@ -37605,7 +37605,7 @@ CVE-2021-44584 (Cross-site scripting (XSS) vulnerability in index.php in emlog v
CVE-2021-44583
RESERVED
CVE-2021-44582 (A Privilege Escalation vulnerability exists in Sourcecodester Money Tr ...)
- TODO: check
+ NOT-FOR-US: Sourcecodester Money Transfer Management System
CVE-2021-44581 (An SQL Injection vulnerabilty exists in Kreado Kreasfero 1.5 via the i ...)
NOT-FOR-US: Kreado Kreasfero CMS
CVE-2021-44580
@@ -39207,7 +39207,7 @@ CVE-2021-44118 (SPIP 4.0.0 is affected by a Cross Site Scripting (XSS) vulnerabi
NOTE: https://git.spip.net/spip/spip/commit/4ccf90a6912d7fab97e1bd5619770c9236cc7357
NOTE: https://blog.spip.net/SPIP-4-0-1_SPIP-3-1-12.html
CVE-2021-44117 (A Cross Site Request Forgery (CSRF) vulnerability exists in TheDayLigh ...)
- TODO: check
+ NOT-FOR-US: TheDayLightStudio Fuel CMS
CVE-2021-44116 (Cross Site Scripting (XSS) vulnerability exits in Anchor CMS <=0.12 ...)
NOT-FOR-US: Anchor CMS
CVE-2021-44115
@@ -44944,7 +44944,7 @@ CVE-2021-3896
CVE-2021-42812
RESERVED
CVE-2021-42811 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
- TODO: check
+ NOT-FOR-US: SafeNet KeySecure
CVE-2021-42810 (A flaw in the previous versions of the product may allow an authentica ...)
NOT-FOR-US: Thales SafeNet Agent
CVE-2021-42809 (Improper Access Control of Dynamically-Managed Code Resources (DLL) in ...)
@@ -48476,7 +48476,7 @@ CVE-2021-41934
CVE-2021-41933
RESERVED
CVE-2021-41932 (A blind SQL injection vulnerability in search form in TeamMate+ Audit ...)
- TODO: check
+ NOT-FOR-US: TeamMate+ Audit
CVE-2021-41931 (The Company's Recruitment Management System in id=2 of the parameter f ...)
NOT-FOR-US: Company's Recruitment Management System
CVE-2021-41930 (Cross site scripting (XSS) vulnerability in Sourcecodester Online Covi ...)
@@ -48990,9 +48990,9 @@ CVE-2021-41751 (Buffer overflow vulnerability in file ecma-builtin-array-prototy
NOTE: https://github.com/jerryscript-project/jerryscript/pull/4797
NOTE: https://github.com/jerryscript-project/jerryscript/commit/4912e3b739f4d00e51a46d883b020d2208be28a2
CVE-2021-41750 (A cross-site scripting (XSS) vulnerability in the SEOmatic plugin 3.4. ...)
- TODO: check
+ NOT-FOR-US: SEOmatic plugin for Craft CMS
CVE-2021-41749 (In the SEOmatic plugin up to 3.4.11 for Craft CMS 3, it is possible fo ...)
- TODO: check
+ NOT-FOR-US: SEOmatic plugin for Craft CMS
CVE-2021-41748
REJECTED
CVE-2021-41747 (Cross-Site Scripting (XSS) vulnerability exists in Csdn APP 4.10.0, wh ...)
@@ -49560,7 +49560,7 @@ CVE-2021-41504 (** UNSUPPORTED WHEN ASSIGNED ** An Elevated Privileges issue exi
CVE-2021-41503 (** UNSUPPORTED WHEN ASSIGNED ** DCS-5000L v1.05 and DCS-932L v2.17 and ...)
NOT-FOR-US: D-Link
CVE-2021-41502 (An issue was discovered in Subrion CMS v4.2.1 There is a stored cross- ...)
- TODO: check
+ NOT-FOR-US: Subrion CMS
CVE-2021-41501
RESERVED
CVE-2021-41500 (Incomplete string comparison vulnerability exits in cvxopt.org cvxop & ...)
@@ -50940,7 +50940,7 @@ CVE-2021-40963
CVE-2021-40962
RESERVED
CVE-2021-40961 (CMS Made Simple <=2.2.15 is affected by SQL injection in modules/Ne ...)
- TODO: check
+ NOT-FOR-US: CMS Made Simple
CVE-2021-40960 (Galera WebTemplate 1.0 is affected by a directory traversal vulnerabil ...)
NOT-FOR-US: Galera WebTemplate
CVE-2021-40959
@@ -51782,7 +51782,7 @@ CVE-2021-40612 (An issue was discovered in Opmantek Open-AudIT after 3.5.0. With
CVE-2021-40611
RESERVED
CVE-2021-40610 (Emlog Pro v 1.0.4 cross-site scripting (XSS) in Emlog Pro background m ...)
- TODO: check
+ NOT-FOR-US: emlog
CVE-2021-40609
RESERVED
CVE-2021-40608
@@ -61696,7 +61696,7 @@ CVE-2021-36712
CVE-2021-36711
RESERVED
CVE-2021-36710 (ToaruOS 1.99.2 is affected by incorrect access control via the kernel. ...)
- TODO: check
+ NOT-FOR-US: ToaruOS
CVE-2021-36709
RESERVED
CVE-2021-36708 (In ProLink PRC2402M V1.0.18 and older, the set_sys_init function in th ...)
@@ -84146,7 +84146,7 @@ CVE-2021-27916
CVE-2021-27915
RESERVED
CVE-2021-27914 (A cross-site scripting (XSS) vulnerability in the installer component ...)
- TODO: check
+ NOT-FOR-US: installer component of Mautic
CVE-2021-27913 (The function mt_rand is used to generate session tokens, this function ...)
NOT-FOR-US: Mautic
CVE-2021-27912 (Mautic versions before 3.3.4/4.0.0 are vulnerable to an inline JS XSS ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a4f0eb9a2215868a6918f5dc3930dfa742563f79
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a4f0eb9a2215868a6918f5dc3930dfa742563f79
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220613/ae4defaf/attachment.htm>
More information about the debian-security-tracker-commits
mailing list