[Git][security-tracker-team/security-tracker][master] 2 commits: Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Sat May 14 07:56:09 BST 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
23e16439 by Salvatore Bonaccorso at 2022-05-14T08:45:01+02:00
Process some NFUs
- - - - -
677b57b5 by Salvatore Bonaccorso at 2022-05-14T08:48:58+02:00
Add CVE-2022-1714/radare2
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -29,9 +29,11 @@ CVE-2022-28689
CVE-2022-26023
RESERVED
CVE-2022-1715 (Account Takeover in GitHub repository neorazorx/facturascripts prior t ...)
- TODO: check
+ NOT-FOR-US: neorazorx/facturascripts
CVE-2022-1714 (Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prio ...)
- TODO: check
+ - radare2 <unfixed>
+ NOTE: https://huntr.dev/bounties/1c22055b-b015-47a8-a57b-4982978751d0
+ NOTE: https://github.com/radareorg/radare2/commit/3ecdbf8e21186a9c5a4d3cfa3b1e9fd27045340e
CVE-2022-1713
RESERVED
CVE-2022-1712
@@ -555,7 +557,7 @@ CVE-2022-1647
CVE-2022-30526
RESERVED
CVE-2022-30525 (A OS command injection vulnerability in the CGI program of Zyxel USG F ...)
- TODO: check
+ NOT-FOR-US: Zyxel
CVE-2022-1646
RESERVED
CVE-2022-1645
@@ -713,7 +715,7 @@ CVE-2022-30491
CVE-2022-30490
RESERVED
CVE-2022-30489 (WAVLINK WN535 G3 was discovered to contain a cross-site scripting (XSS ...)
- TODO: check
+ NOT-FOR-US: WAVLINK
CVE-2022-30488
RESERVED
CVE-2022-30487
@@ -857,59 +859,59 @@ CVE-2022-30419
CVE-2022-30418
RESERVED
CVE-2022-30417 (Covid-19 Travel Pass Management System v1.0 is vulnerable to SQL Injec ...)
- TODO: check
+ NOT-FOR-US: Covid-19 Travel Pass Management System
CVE-2022-30416
RESERVED
CVE-2022-30415 (Covid-19 Travel Pass Management System v1.0 is vulnerable to SQL Injec ...)
- TODO: check
+ NOT-FOR-US: Covid-19 Travel Pass Management System
CVE-2022-30414 (Covid-19 Travel Pass Management System v1.0 is vulnerable to SQL Injec ...)
- TODO: check
+ NOT-FOR-US: Covid-19 Travel Pass Management System
CVE-2022-30413 (Covid-19 Travel Pass Management System v1.0 is vulnerable to SQL Injec ...)
- TODO: check
+ NOT-FOR-US: Covid-19 Travel Pass Management System
CVE-2022-30412 (Covid-19 Travel Pass Management System v1.0 is vulnerable to SQL Injec ...)
- TODO: check
+ NOT-FOR-US: Covid-19 Travel Pass Management System
CVE-2022-30411 (Covid-19 Travel Pass Management System v1.0 is vulnerable to SQL Injec ...)
- TODO: check
+ NOT-FOR-US: Covid-19 Travel Pass Management System
CVE-2022-30410
RESERVED
CVE-2022-30409
RESERVED
CVE-2022-30408 (Covid-19 Travel Pass Management System v1.0 is vulnerable to file dele ...)
- TODO: check
+ NOT-FOR-US: Covid-19 Travel Pass Management System
CVE-2022-30407 (Pharmacy Sales And Inventory System v1.0 is vulnerable to SQL Injectio ...)
- TODO: check
+ NOT-FOR-US: Pharmacy Sales And Inventory System
CVE-2022-30406
RESERVED
CVE-2022-30405
RESERVED
CVE-2022-30404 (College Management System v1.0 is vulnerable to SQL Injection via /Col ...)
- TODO: check
+ NOT-FOR-US: College Management System
CVE-2022-30403 (Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vlog ...)
- TODO: check
+ NOT-FOR-US: Merchandise Online Store
CVE-2022-30402 (Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vlog ...)
- TODO: check
+ NOT-FOR-US: Merchandise Online Store
CVE-2022-30401 (Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vlog ...)
- TODO: check
+ NOT-FOR-US: Merchandise Online Store
CVE-2022-30400 (Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vlog ...)
- TODO: check
+ NOT-FOR-US: Merchandise Online Store
CVE-2022-30399 (Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vlog ...)
- TODO: check
+ NOT-FOR-US: Merchandise Online Store
CVE-2022-30398 (Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vlog ...)
- TODO: check
+ NOT-FOR-US: Merchandise Online Store
CVE-2022-30397
RESERVED
CVE-2022-30396 (Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vlog ...)
- TODO: check
+ NOT-FOR-US: Merchandise Online Store
CVE-2022-30395 (Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vlog ...)
- TODO: check
+ NOT-FOR-US: Merchandise Online Store
CVE-2022-30394
RESERVED
CVE-2022-30393 (Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vlog ...)
- TODO: check
+ NOT-FOR-US: Merchandise Online Store
CVE-2022-30392 (Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vlog ...)
- TODO: check
+ NOT-FOR-US: Merchandise Online Store
CVE-2022-30391 (Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vlog ...)
- TODO: check
+ NOT-FOR-US: Merchandise Online Store
CVE-2022-30390
RESERVED
CVE-2022-30389
@@ -917,47 +919,47 @@ CVE-2022-30389
CVE-2022-30388
RESERVED
CVE-2022-30387 (Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vlog ...)
- TODO: check
+ NOT-FOR-US: Merchandise Online Store
CVE-2022-30386 (Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vlog ...)
- TODO: check
+ NOT-FOR-US: Merchandise Online Store
CVE-2022-30385 (Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vlog ...)
- TODO: check
+ NOT-FOR-US: Merchandise Online Store
CVE-2022-30384 (Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vlog ...)
- TODO: check
+ NOT-FOR-US: Merchandise Online Store
CVE-2022-30383
RESERVED
CVE-2022-30382
RESERVED
CVE-2022-30381 (Merchandise Online Store v1.0 is vulnerable to file deletion via /vlog ...)
- TODO: check
+ NOT-FOR-US: Merchandise Online Store
CVE-2022-30380
RESERVED
CVE-2022-30379 (Sourcecodester Simple Social Networking Site v1.0 is vulnerable to SQL ...)
- TODO: check
+ NOT-FOR-US: Sourcecodester Simple Social Networking Site
CVE-2022-30378 (Sourcecodester Simple Social Networking Site v1.0 is vulnerable to SQL ...)
- TODO: check
+ NOT-FOR-US: Sourcecodester Simple Social Networking Site
CVE-2022-30377
RESERVED
CVE-2022-30376 (Sourcecodester Simple Social Networking Site v1.0 is vulnerable to SQL ...)
- TODO: check
+ NOT-FOR-US: Sourcecodester Simple Social Networking Site
CVE-2022-30375 (Sourcecodester Simple Social Networking Site v1.0 is vulnerable to fil ...)
- TODO: check
+ NOT-FOR-US: Sourcecodester Simple Social Networking Site
CVE-2022-30374 (Air Cargo Management System 1.0 is vulnerable to SQL Injection via /ac ...)
- TODO: check
+ NOT-FOR-US: Air Cargo Management System
CVE-2022-30373 (Air Cargo Management System 1.0 is vulnerable to SQL Injection via /ac ...)
- TODO: check
+ NOT-FOR-US: Air Cargo Management System
CVE-2022-30372 (Air Cargo Management System 1.0 is vulnerable to SQL Injection via /ac ...)
- TODO: check
+ NOT-FOR-US: Air Cargo Management System
CVE-2022-30371 (Air Cargo Management System 1.0 is vulnerable to SQL Injection via /ac ...)
- TODO: check
+ NOT-FOR-US: Air Cargo Management System
CVE-2022-30370 (Air Cargo Management System 1.0 is vulnerable to SQL Injection via /ac ...)
- TODO: check
+ NOT-FOR-US: Air Cargo Management System
CVE-2022-30369
RESERVED
CVE-2022-30368
RESERVED
CVE-2022-30367 (Air Cargo Management System v1.0 is vulnerable to file deletion via /a ...)
- TODO: check
+ NOT-FOR-US: Air Cargo Management System
CVE-2022-30366
RESERVED
CVE-2022-30365
@@ -1246,7 +1248,7 @@ CVE-2022-30281
CVE-2022-30280
RESERVED
CVE-2022-30279 (An issue was discovered in Stormshield Network Security (SNS) 4.3.x be ...)
- TODO: check
+ NOT-FOR-US: Stormshield Network Security (SNS)
CVE-2022-30278 (A vulnerability in Black Duck Hub’s embedded MadCap Flare docume ...)
NOT-FOR-US: Black Duck Hub
CVE-2022-30277
@@ -2117,13 +2119,13 @@ CVE-2022-29932 (The HTTP Server in PRIMEUR SPAZIO 2.5.1.954 (File Transfer) allo
CVE-2022-29931
RESERVED
CVE-2022-29930 (SHA1 implementation in JetBrains Ktor Native before 2.0.1 was returnin ...)
- TODO: check
+ NOT-FOR-US: JetBrains Ktor
CVE-2022-29929 (In JetBrains TeamCity before 2022.04 potential XSS via Referrer header ...)
- TODO: check
+ NOT-FOR-US: JetBrains TeamCity
CVE-2022-29928 (In JetBrains TeamCity before 2022.04 leak of secrets in TeamCity agent ...)
- TODO: check
+ NOT-FOR-US: JetBrains TeamCity
CVE-2022-29927 (In JetBrains TeamCity before 2022.04 reflected XSS on the Build Chain ...)
- TODO: check
+ NOT-FOR-US: JetBrains TeamCity
CVE-2022-29922
RESERVED
CVE-2022-29918
@@ -2403,7 +2405,7 @@ CVE-2022-29856 (A hardcoded cryptographic key in Automation360 22 allows an atta
CVE-2022-29855 (Mitel 6800 and 6900 Series SIP phone devices through 2022-04-27 have " ...)
NOT-FOR-US: Mitel
CVE-2022-29854 (A vulnerability in Mitel 6900 Series IP (MiNet) phones excluding 6970, ...)
- TODO: check
+ NOT-FOR-US: Mitel
CVE-2022-29853
RESERVED
CVE-2022-29852
@@ -2738,21 +2740,21 @@ CVE-2022-29798
CVE-2022-29797
RESERVED
CVE-2022-29796 (The HiAIserver has a vulnerability in verifying the validity of the we ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2022-29795 (The frame scheduling module has a null pointer dereference vulnerabili ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2022-29794 (The frame scheduling module has a Use After Free (UAF) vulnerability.S ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2022-29793 (There is a configuration defect in the activation lock of mobile phone ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2022-29792 (The chip component has a vulnerability of disclosing CPU SNs.Successfu ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2022-29791 (The HiAIserver has a vulnerability in verifying the validity of the we ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2022-29790 (The graphics acceleration service has a vulnerability in multi-thread ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2022-29789 (The HiAIserver has a vulnerability in verifying the validity of the pr ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2022-27174
RESERVED
CVE-2022-1465
@@ -2776,15 +2778,15 @@ CVE-2022-1457 (Store XSS in title parameter executing at EditUser Page & Edi
CVE-2022-1456
RESERVED
CVE-2021-46789 (Configuration defects in the secure OS module.Successful exploitation ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2021-46788 (Third-party pop-up window coverage vulnerability in the iConnect modul ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2021-46787 (The AMS module has a vulnerability of improper permission control.Succ ...)
TODO: check
CVE-2021-46786 (The audio module has a vulnerability in verifying the parameters passe ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2021-46785 (The Property module has a vulnerability in permission control.This vul ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2022-29788
RESERVED
CVE-2022-29787
@@ -3710,7 +3712,7 @@ CVE-2022-29435
CVE-2022-29434
RESERVED
CVE-2022-29433 (Authenticated (contributor or higher role) Cross-Site Scripting (XSS) ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-29432
RESERVED
CVE-2022-29431
@@ -3836,7 +3838,7 @@ CVE-2022-29385
CVE-2022-29384
RESERVED
CVE-2022-29383 (NETGEAR ProSafe SSL VPN firmware FVS336Gv2 and FVS336Gv3 was discovere ...)
- TODO: check
+ NOT-FOR-US: Netgear
CVE-2022-29382
RESERVED
CVE-2022-29381
@@ -3864,7 +3866,7 @@ CVE-2022-29371
CVE-2022-29370
RESERVED
CVE-2022-29369 (Nginx NJS v0.7.2 was discovered to contain a segmentation violation vi ...)
- TODO: check
+ NOT-FOR-US: njs
CVE-2022-29368 (Moddable commit before 135aa9a4a6a9b49b60aa730ebc3bcc6247d75c45 was di ...)
TODO: check
CVE-2022-29367
@@ -3974,7 +3976,7 @@ CVE-2022-29320
CVE-2022-29319
RESERVED
CVE-2022-29318 (An arbitrary file upload vulnerability in the New Entry module of Car ...)
- TODO: check
+ NOT-FOR-US: Car Rental Management System
CVE-2022-29317 (Simple Bus Ticket Booking System v1.0 was discovered to contain multip ...)
NOT-FOR-US: Simple Bus Ticket Booking System
CVE-2022-29316 (Complete Online Job Search System v1.0 was discovered to contain a SQL ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/85fbe9dfe74c23e169a59cba8c2aeefd4d26867a...677b57b5cec865eeb8aec2d19fefc5d0138e3e83
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/85fbe9dfe74c23e169a59cba8c2aeefd4d26867a...677b57b5cec865eeb8aec2d19fefc5d0138e3e83
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220514/d222ec5d/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list