[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue May 3 21:19:52 BST 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
38e00510 by Salvatore Bonaccorso at 2022-05-03T22:19:22+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -3069,7 +3069,7 @@ CVE-2022-29082
CVE-2022-1332 (One of the API in Mattermost version 6.4.1 and earlier fails to proper ...)
- mattermost-server <itp> (bug #823556)
CVE-2022-1331 (In four instances DMARS (All versions prior to v2.1.10.24) does not pr ...)
- TODO: check
+ NOT-FOR-US: Delta Electronics
CVE-2022-1330 (stored xss due to unsantized anchor url in GitHub repository alvarotri ...)
NOT-FOR-US: fullpage.js
CVE-2022-1329 (The Elementor Website Builder plugin for WordPress is vulnerable to un ...)
@@ -3376,7 +3376,7 @@ CVE-2022-29003
CVE-2022-29002
RESERVED
CVE-2022-29001 (In SpringBootMovie <=1.2, the uploaded file suffix parameter is not ...)
- TODO: check
+ NOT-FOR-US: SpringBootMovie
CVE-2022-29000
RESERVED
CVE-2022-28999
@@ -4429,7 +4429,7 @@ CVE-2022-28601
CVE-2022-28600
RESERVED
CVE-2022-28599 (A stored cross-site scripting (XSS) vulnerability exists in FUEL-CMS 1 ...)
- TODO: check
+ NOT-FOR-US: FUEL-CMS
CVE-2022-28598
RESERVED
CVE-2022-28597
@@ -4447,17 +4447,17 @@ CVE-2022-28592
CVE-2022-28591
RESERVED
CVE-2022-28590 (A Remote Code Execution (RCE) vulnerability exists in Pixelimity 1.0 v ...)
- TODO: check
+ NOT-FOR-US: Pixelimity
CVE-2022-28589 (A stored cross-site scripting (XSS) vulnerability in Pixelimity 1.0 al ...)
- TODO: check
+ NOT-FOR-US: Pixelimity
CVE-2022-28588 (In SpringBootMovie <=1.2 when adding movie names, malicious code ca ...)
- TODO: check
+ NOT-FOR-US: SpringBootMovie
CVE-2022-28587
RESERVED
CVE-2022-28586 (XSS in edit page of Hoosk 1.8.0 allows attacker to execute javascript ...)
NOT-FOR-US: Hoosk
CVE-2022-28585 (EmpireCMS 7.5 has a SQL injection vulnerability in AdClass.php ...)
- TODO: check
+ NOT-FOR-US: EmpireCMS
CVE-2022-28584
RESERVED
CVE-2022-28583
@@ -4621,7 +4621,7 @@ CVE-2022-28506 (There is a heap-buffer-overflow in GIFLIB 5.2.1 function DumpScr
[stretch] - giflib <no-dsa> (Minor issue)
NOTE: https://sourceforge.net/p/giflib/bugs/159/
CVE-2022-28505 (Jfinal_cms 5.1.0 is vulnerable to SQL Injection via com.jflyfox.system ...)
- TODO: check
+ NOT-FOR-US: Jfinal_cms
CVE-2022-28504
RESERVED
CVE-2022-28503
@@ -6289,7 +6289,7 @@ CVE-2022-27964 (Xmanager v7.0.0096 and below contains a binary hijack vulnerabil
CVE-2022-27963 (Xftp 7.0.0088p and below contains a binary hijack vulnerability which ...)
NOT-FOR-US: NetSarang Xftp
CVE-2022-27962 (Bluecms 1.6 has a SQL injection vulnerability at cooike. ...)
- TODO: check
+ NOT-FOR-US: BlueCMS
CVE-2022-27961 (A cross-site scripting (XSS) vulnerability at /ofcms/company-c-47 in O ...)
NOT-FOR-US: OFCMS
CVE-2022-27960 (Insecure permissions configured in the user_id parameter at SysUserCon ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/38e00510bdad100459b6a5f25d61dcec5cd6e11a
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/38e00510bdad100459b6a5f25d61dcec5cd6e11a
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220503/74572904/attachment.htm>
More information about the debian-security-tracker-commits
mailing list