[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Sat May 7 08:39:33 BST 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
b8dc8922 by Salvatore Bonaccorso at 2022-05-07T09:39:10+02:00
Process NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -2279,7 +2279,7 @@ CVE-2022-29536 (In GNOME Epiphany before 41.4 and 42.x before 42.2, an HTML docu
NOTE: Introduced by: https://gitlab.gnome.org/GNOME/epiphany/-/commit/232c613472b38ff0d0d97338f366024ddb9cd228 (3.29.2)
NOTE: Fixed by: https://gitlab.gnome.org/GNOME/epiphany/-/commit/486da133569ebfc436c959a7419565ab102e8525
CVE-2022-29535 (Zoho ManageEngine OPManager through 125588 allows SQL Injection via a ...)
- TODO: check
+ NOT-FOR-US: Zoho ManageEngine
CVE-2022-29534 (An issue was discovered in MISP before 2.4.158. In UsersController.php ...)
NOT-FOR-US: MISP
CVE-2022-29533 (An issue was discovered in MISP before 2.4.158. There is XSS in app/Co ...)
@@ -2589,13 +2589,13 @@ CVE-2022-29425
CVE-2022-29424
RESERVED
CVE-2022-29423 (Pro Features Lock Bypass vulnerability in Countdown & Clock plugin ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-29422 (Multiple Authenticated (admin+) Persistent Cross-Site Scripting (XSS) ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-29421 (Reflected Cross-Site Scripting (XSS) vulnerability in Adam Skaat's Cou ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-29420 (Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-29419 (SQL Injection (SQLi) vulnerability in Don Crowther's 3xSocializer plug ...)
NOT-FOR-US: WordPress plugin
CVE-2022-29418 (Authenticated (admin user role) Persistent Cross-Site Scripting (XSS) ...)
@@ -3219,7 +3219,7 @@ CVE-2022-29173 (go-tuf is a Go implementation of The Update Framework (TUF). go-
CVE-2022-29172 (Auth0 is an authentication broker that supports both social and enterp ...)
TODO: check
CVE-2022-29171 (Sourcegraph is a fast and featureful code search and navigation engine ...)
- TODO: check
+ NOT-FOR-US: Sourcegraph
CVE-2022-29170
RESERVED
CVE-2022-29169
@@ -3233,13 +3233,13 @@ CVE-2022-29166 (matrix-appservice-irc is a Node.js IRC bridge for Matrix. The vu
CVE-2022-29165
RESERVED
CVE-2022-29164 (Argo Workflows is an open source container-native workflow engine for ...)
- TODO: check
+ NOT-FOR-US: Argo Workflows
CVE-2022-29163
RESERVED
CVE-2022-29162
RESERVED
CVE-2022-29161 (XWiki Platform is a generic wiki platform offering runtime services fo ...)
- TODO: check
+ NOT-FOR-US: XWiki
CVE-2022-29160
RESERVED
CVE-2022-29159
@@ -4925,7 +4925,7 @@ CVE-2022-28547
CVE-2022-28546
RESERVED
CVE-2022-28545 (FUDforum 3.1.1 is vulnerable to Stored XSS. ...)
- TODO: check
+ NOT-FOR-US: FUDforum
CVE-2022-28544 (Path traversal vulnerability in unzip method of InstallAgentCommonHelp ...)
NOT-FOR-US: Samsung
CVE-2022-28543 (Path traversal vulnerability in Samsung Flow prior to version 4.8.07.4 ...)
@@ -5001,7 +5001,7 @@ CVE-2022-28509
CVE-2022-28508 (An XSS issue was discovered in browser_search_plugin.php in MantisBT b ...)
- mantis <removed>
CVE-2022-28507 (Dragon Path Technologies Bharti Airtel Routers Hardware BDT-121 versio ...)
- TODO: check
+ NOT-FOR-US: Dragon Path Technologies Bharti Airtel Routers Hardware BDT-121
CVE-2022-28506 (There is a heap-buffer-overflow in GIFLIB 5.2.1 function DumpScreen2RG ...)
- giflib <unfixed>
[bullseye] - giflib <no-dsa> (Minor issue)
@@ -5719,25 +5719,25 @@ CVE-2021-46744
CVE-2022-28280
RESERVED
CVE-2022-28279 (Adobe Photoshop versions 22.5.6 (and earlier)and 23.2.2 (and earlier) ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2022-28278 (Adobe Photoshop versions 22.5.6 (and earlier) and 23.2.2 (and earlier) ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2022-28277 (Adobe Photoshop versions 22.5.6 (and earlier) and 23.2.2 (and earlier) ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2022-28276 (Adobe Photoshop versions 22.5.6 (and earlier) and 23.2.2 (and earlier) ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2022-28275 (Adobe Photoshop versions 22.5.6 (and earlier) and 23.2.2 (and earlier) ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2022-28274 (Adobe Photoshop versions 22.5.6 (and earlier) and 23.2.2 (and earlier) ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2022-28273 (Adobe Photoshop versions 22.5.6 (and earlier) and 23.2.2 (and earlier) ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2022-28272 (Adobe Photoshop versions 22.5.6 (and earlier) and 23.2.2 (and earlier) ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2022-28271 (Adobe Photoshop versions 22.5.6 (and earlier)and 23.2.2 (and earlier) ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2022-28270 (Adobe Photoshop versions 22.5.6 (and earlier) and 23.2.2 (and earlier) ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2022-28269
RESERVED
CVE-2022-28268
@@ -6598,7 +6598,7 @@ CVE-2022-28007 (Attendance and Payroll System v1.0 was discovered to contain a S
CVE-2022-28006 (Attendance and Payroll System v1.0 was discovered to contain a SQL inj ...)
NOT-FOR-US: Attendance and Payroll System
CVE-2022-28005 (An issue was discovered in the 3CX Phone System Management Console pri ...)
- TODO: check
+ NOT-FOR-US: 3CX Phone System Management Console
CVE-2022-28004
RESERVED
CVE-2022-28003
@@ -6829,7 +6829,7 @@ CVE-2022-27911
CVE-2022-27910
RESERVED
CVE-2022-27909 (In Joomla component 'jDownloads 3.9.8.2 Stable' the remote user can ch ...)
- TODO: check
+ NOT-FOR-US: Joomla component jDownloads
CVE-2022-27908 (Zoho ManageEngine OpManager before 125588 (and before 125603) is vulne ...)
NOT-FOR-US: Zoho ManageEngine
CVE-2022-27907 (Sonatype Nexus Repository Manager 3.x before 3.38.0 allows SSRF. ...)
@@ -7187,9 +7187,9 @@ CVE-2022-27786
CVE-2022-27785
RESERVED
CVE-2022-27784 (Adobe After Effects versions 22.2.1 (and earlier) and 18.4.5 (and earl ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2022-27783 (Adobe After Effects versions 22.2.1 (and earlier) and 18.4.5 (and earl ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2022-27660
RESERVED
CVE-2022-27633
@@ -17774,7 +17774,7 @@ CVE-2022-24107
CVE-2022-24106
RESERVED
CVE-2022-24105 (Adobe Photoshop versions 22.5.6 (and earlier)and 23.2.2 (and earlier) ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2022-24104
RESERVED
CVE-2022-24103
@@ -17786,9 +17786,9 @@ CVE-2022-24101
CVE-2022-24100
RESERVED
CVE-2022-24099 (Adobe Photoshop versions 22.5.6 (and earlier)and 23.2.2 (and earlier) ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2022-24098 (Adobe Photoshop versions 22.5.6 (and earlier)and 23.2.2 (and earlier) ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2022-24097 (Adobe After Effects versions 22.2 (and earlier) and 18.4.4 (and earlie ...)
NOT-FOR-US: Adobe
CVE-2022-24096 (Adobe After Effects versions 22.2 (and earlier) and 18.4.4 (and earlie ...)
@@ -19286,7 +19286,7 @@ CVE-2022-23803 (A stack-based buffer overflow vulnerability exists in the Gerber
NOTE: https://gitlab.com/kicad/code/kicad/-/commit/927afe313d1f104391814ee7d5d9cca0a520aa50 (6.0.2)
NOTE: https://gitlab.com/kicad/code/kicad/-/commit/7ed569058c516974c47b4a506daa3daea4248e05 (master)
CVE-2022-23802 (Joomla Guru extension 5.2.5 is affected by: Insecure Permissions. The ...)
- TODO: check
+ NOT-FOR-US: Joomla Guru extension
CVE-2022-23801 (An issue was discovered in Joomla! 4.0.0 through 4.1.0. Possible XSS a ...)
NOT-FOR-US: Joomla!
CVE-2022-23800 (An issue was discovered in Joomla! 4.0.0 through 4.1.0. Inadequate con ...)
@@ -21315,7 +21315,7 @@ CVE-2021-23150 (Authenticated (admin or higher user role) Stored Cross-Site Scri
CVE-2022-23206 (In Apache Traffic Control Traffic Ops prior to 6.1.0 or 5.1.6, an unpr ...)
NOT-FOR-US: Apache Traffic Control
CVE-2022-23205 (Adobe Photoshop versions 22.5.6 (and earlier)and 23.2.2 (and earlier) ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2022-23204 (Adobe Premiere Rush versions 2.0 and earlier are affected by an out-of ...)
NOT-FOR-US: Adobe
CVE-2022-23203 (Adobe Photoshop versions 22.5.4 (and earlier) and 23.1 (and earlier) a ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b8dc89227d50fab134c744b6925e026bb1110709
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b8dc89227d50fab134c744b6925e026bb1110709
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220507/c3e243c9/attachment.htm>
More information about the debian-security-tracker-commits
mailing list