[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Sat May 21 08:10:29 BST 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
4a4db468 by Salvatore Bonaccorso at 2022-05-21T09:10:04+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -23,11 +23,11 @@ CVE-2022-31247
CVE-2022-1807
RESERVED
CVE-2022-1806 (Cross-site Scripting (XSS) - Reflected in GitHub repository rtxteam/rt ...)
- TODO: check
+ NOT-FOR-US: RTX
CVE-2022-31246
RESERVED
CVE-2022-31245 (mailcow before 2022-05d allows a remote authenticated user to inject O ...)
- TODO: check
+ NOT-FOR-US: mailcow
CVE-2022-31244
RESERVED
CVE-2022-31243
@@ -109,7 +109,7 @@ CVE-2022-1799
CVE-2022-1798
RESERVED
CVE-2022-31215 (In certain Goverlan products, the Windows Firewall is temporarily turn ...)
- TODO: check
+ NOT-FOR-US: Goverlan
CVE-2022-31214
RESERVED
CVE-2022-31213
@@ -620,7 +620,7 @@ CVE-2022-1785 (Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.497
NOTE: https://huntr.dev/bounties/8c969cba-eef2-4943-b44a-4e3089599109
NOTE: https://github.com/vim/vim/commit/e2bd8600b873d2cd1f9d667c28cba8b1dba18839 (v8.2.4977)
CVE-2022-1784 (Server-Side Request Forgery (SSRF) in GitHub repository jgraph/drawio ...)
- TODO: check
+ NOT-FOR-US: jgraph/drawio
CVE-2022-1783
RESERVED
CVE-2022-1782 (Cross-site Scripting (XSS) - Generic in GitHub repository erudika/para ...)
@@ -666,7 +666,7 @@ CVE-2019-25061 (The random_password_generator (aka RandomPasswordGenerator) gem
CVE-2022-30973
RESERVED
CVE-2022-1770 (Improper Privilege Management in GitHub repository polonel/trudesk pri ...)
- TODO: check
+ NOT-FOR-US: Trudesk
CVE-2022-1769 (Buffer Over-read in GitHub repository vim/vim prior to 8.2.4974. ...)
- vim <unfixed> (unimportant)
NOTE: https://huntr.dev/bounties/522076b2-96cb-4df6-a504-e6e2f64c171c
@@ -757,7 +757,7 @@ CVE-2022-30946 (A cross-site request forgery (CSRF) vulnerability in Jenkins Scr
CVE-2022-30945 (Jenkins Pipeline: Groovy Plugin 2689.v434009a_31b_f1 and earlier allow ...)
NOT-FOR-US: Jenkins plugin
CVE-2022-1754 (Integer Overflow or Wraparound in GitHub repository polonel/trudesk pr ...)
- TODO: check
+ NOT-FOR-US: Trudesk
CVE-2022-1753 (A vulnerability, which was classified as critical, was found in WoWond ...)
NOT-FOR-US: WoWonder
CVE-2022-1752
@@ -1073,9 +1073,9 @@ CVE-2022-30889
CVE-2022-30888
RESERVED
CVE-2022-30887 (Pharmacy Management System v1.0 was discovered to contain a remote cod ...)
- TODO: check
+ NOT-FOR-US: Pharmacy Management System
CVE-2022-30886 (School Dormitory Management System v1.0 was discovered to contain a SQ ...)
- TODO: check
+ NOT-FOR-US: School Dormitory Management System
CVE-2022-30885
RESERVED
CVE-2022-30884
@@ -5360,7 +5360,7 @@ CVE-2022-29322 (D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a stack o
CVE-2022-29321 (D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a stack overflo ...)
NOT-FOR-US: D-Link
CVE-2022-29320 (MiniTool Partition Wizard v12.0 contains an unquoted service path whic ...)
- TODO: check
+ NOT-FOR-US: MiniTool Partition Wizard
CVE-2022-29319
RESERVED
CVE-2022-29318 (An arbitrary file upload vulnerability in the New Entry module of Car ...)
@@ -5785,7 +5785,7 @@ CVE-2022-29161 (XWiki Platform is a generic wiki platform offering runtime servi
CVE-2022-29160 (Nextcloud Android is the Android client for Nextcloud, a self-hosted p ...)
TODO: check
CVE-2022-29159 (Nextcloud Deck is a Kanban-style project & personal management too ...)
- TODO: check
+ NOT-FOR-US: Nextcloud Deck
CVE-2022-29158
RESERVED
CVE-2022-1344 (Stored XSS due to no sanitization in the filename in GitHub repository ...)
@@ -6325,13 +6325,13 @@ CVE-2022-28995
CVE-2022-28994 (Small HTTP Server version 3.06 suffers from a remote buffer overflow v ...)
NOT-FOR-US: Small HTTP Server
CVE-2022-28993 (Multi Store Inventory Management System v1.0 allows attackers to perfo ...)
- TODO: check
+ NOT-FOR-US: Multi Store Inventory Management System
CVE-2022-28992 (A Cross-Site Request Forgery (CSRF) in Online Banquet Booking System v ...)
- TODO: check
+ NOT-FOR-US: Online Banquet Booking System
CVE-2022-28991 (Multi Store Inventory Management System v1.0 was discovered to contain ...)
- TODO: check
+ NOT-FOR-US: Multi Store Inventory Management System
CVE-2022-28990 (WASM3 v0.5.0 was discovered to contain a heap overflow via the compone ...)
- TODO: check
+ NOT-FOR-US: wasm3
CVE-2022-28989
RESERVED
CVE-2022-28988
@@ -9024,11 +9024,11 @@ CVE-2022-28108 (Selenium Server (Grid) before 4 allows CSRF because it permits n
CVE-2022-28107
RESERVED
CVE-2022-28106 (Online Sports Complex Booking System v1.0 was discovered to allow atta ...)
- TODO: check
+ NOT-FOR-US: Online Sports Complex Booking System
CVE-2022-28105 (Online Sports Complex Booking System v1.0 was discovered to contain a ...)
- TODO: check
+ NOT-FOR-US: Online Sports Complex Booking System
CVE-2022-28104 (Foxit PDF Editor v11.3.1 was discovered to contain an arbitrary file u ...)
- TODO: check
+ NOT-FOR-US: Foxit PDF Editor
CVE-2022-28103
RESERVED
CVE-2022-28102 (A cross-site scripting (XSS) vulnerability in PHP MySQL Admin Panel Ge ...)
@@ -11874,13 +11874,13 @@ CVE-2022-27097
CVE-2022-27096
RESERVED
CVE-2022-27095 (BattlEye v0.9 contains an unquoted service path which allows attackers ...)
- TODO: check
+ NOT-FOR-US: BattlEye
CVE-2022-27094 (Sony PlayMemories Home v6.0 contains an unquoted service path which al ...)
- TODO: check
+ NOT-FOR-US: Sony PlayMemories Home
CVE-2022-27093
RESERVED
CVE-2022-27092 (Private Internet Access v3.3 contains an unquoted service path which a ...)
- TODO: check
+ NOT-FOR-US: Private Internet Access
CVE-2022-27091
RESERVED
CVE-2022-27090 (Cscms Music Portal System v4.2 was discovered to contain a redirection ...)
@@ -13038,11 +13038,11 @@ CVE-2022-26635 (PHP-Memcached v2.2.0 and below contains an improper NULL termina
[stretch] - php-memcached <no-dsa> (Minor issue)
NOTE: https://xhzeem.me/posts/Php5-memcached-Injection-Bypass/read/
CVE-2022-26634 (HMA VPN v5.3.5913.0 contains an unquoted service path which allows att ...)
- TODO: check
+ NOT-FOR-US: HMA VPN
CVE-2022-26633 (Simple Student Quarterly Result/Grade System v1.0 was discovered to co ...)
- TODO: check
+ NOT-FOR-US: Simple Student Quarterly Result/Grade System
CVE-2022-26632 (Multi-Vendor Online Groceries Management System v1.0 was discovered to ...)
- TODO: check
+ NOT-FOR-US: Multi-Vendor Online Groceries Management System
CVE-2022-26631 (Automatic Question Paper Generator v1.0 contains a Time-Based Blind SQ ...)
NOT-FOR-US: Automatic Question Paper Generator
CVE-2022-26630 (Jellycms v3.8.1 and below was discovered to contain an arbitrary file ...)
@@ -16942,11 +16942,11 @@ CVE-2022-25235 (xmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain
NOTE: https://github.com/libexpat/libexpat/commit/c85a3025e7a1be086dc34e7559fbc543914d047f
NOTE: https://github.com/libexpat/libexpat/commit/6a5510bc6b7efe743356296724e0b38300f05379
CVE-2022-25229 (Popcorn Time 0.4.7 has a Stored XSS in the 'Movies API Server(s)'' fie ...)
- TODO: check
+ NOT-FOR-US: Popcorn Time
CVE-2022-25228
RESERVED
CVE-2022-25227 (Thinfinity VNC v4.0.0.1 contains a Cross-Origin Resource Sharing (CORS ...)
- TODO: check
+ NOT-FOR-US: Thinfinity VNC
CVE-2022-25226 (ThinVNC version 1.0b1 allows an unauthenticated user to bypass the aut ...)
NOT-FOR-US: ThinVNC
CVE-2022-25225 (Network Olympus version 1.8.0 allows an authenticated admin user to in ...)
@@ -17246,7 +17246,7 @@ CVE-2021-46687
CVE-2021-46270 (JFrog Artifactory before 7.31.10, is vulnerable to Broken Access Contr ...)
NOT-FOR-US: JFrog Artifactory
CVE-2021-45730 (JFrog Artifactory prior to 7.31.10, is vulnerable to Broken Access Con ...)
- TODO: check
+ NOT-FOR-US: JFrog Artifactory
CVE-2021-45721
RESERVED
CVE-2021-45074 (JFrog Artifactory before 7.29.3 and 6.23.38, is vulnerable to Broken A ...)
@@ -17878,9 +17878,9 @@ CVE-2022-24908
CVE-2022-24907
RESERVED
CVE-2022-24906 (Nextcloud Deck is a Kanban-style project & personal management too ...)
- TODO: check
+ NOT-FOR-US: Nextcloud Deck
CVE-2022-24905 (Argo CD is a declarative, GitOps continuous delivery tool for Kubernet ...)
- TODO: check
+ NOT-FOR-US: Argo CD
CVE-2022-24904 (Argo CD is a declarative, GitOps continuous delivery tool for Kubernet ...)
NOT-FOR-US: Argo CD
CVE-2022-24903 (Rsyslog is a rocket-fast system for log processing. Modules for TCP sy ...)
@@ -35739,7 +35739,7 @@ CVE-2022-21502
CVE-2022-21501
RESERVED
CVE-2022-21500 (Vulnerability in Oracle E-Business Suite (component: Manage Proxies). ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2022-21499
RESERVED
CVE-2022-21498 (Vulnerability in the Java VM component of Oracle Database Server. Supp ...)
@@ -36449,9 +36449,9 @@ CVE-2021-43731
CVE-2021-43730
RESERVED
CVE-2021-43729 (Pix-Link MiNi Router 28K.MiniRouter.20190211 was discovered to contain ...)
- TODO: check
+ NOT-FOR-US: Pix-Link MiNi Router
CVE-2021-43728 (Pix-Link MiNi Router 28K.MiniRouter.20190211 was discovered to contain ...)
- TODO: check
+ NOT-FOR-US: Pix-Link MiNi Router
CVE-2021-43727
RESERVED
CVE-2021-43726
@@ -43314,7 +43314,7 @@ CVE-2021-41948 (A cross-site scripting (XSS) vulnerability exists in the "contac
CVE-2021-41947 (A SQL injection vulnerability exists in Subrion CMS v4.2.1 in the visu ...)
NOT-FOR-US: Subrion CMS
CVE-2021-41946 (In FiberHome VDSL2 Modem HG150-Ub_V3.0, a stored cross-site scripting ...)
- TODO: check
+ NOT-FOR-US: FiberHome VDSL2 Modem
CVE-2021-41945 (Encode OSS httpx <=1.0.0.beta0 is affected by improper input valida ...)
- httpx <unfixed> (bug #1010336)
NOTE: https://gist.github.com/lebr0nli/4edb76bbd3b5ff993cf44f2fbce5e571
@@ -43335,7 +43335,7 @@ CVE-2021-41940
CVE-2021-41939
RESERVED
CVE-2021-41938 (An issue was discovered in ShopXO CMS 2.2.0. After entering the manage ...)
- TODO: check
+ NOT-FOR-US: ShopXO CMS
CVE-2021-41937
RESERVED
CVE-2021-41936
@@ -73497,7 +73497,7 @@ CVE-2021-30030 (Cross Site Scripting (XSS) in Remote Clinic v2.0 via the Full Na
CVE-2021-30029
RESERVED
CVE-2021-30028 (SOOTEWAY Wi-Fi Range Extender v1.5 was discovered to use default crede ...)
- TODO: check
+ NOT-FOR-US: SOOTEWAY Wi-Fi Range Extender
CVE-2021-30027 (md_analyze_line in md4c.c in md4c 0.4.7 allows attackers to trigger us ...)
- md4c 0.4.7-2 (bug #987799)
NOTE: https://github.com/mity/md4c/issues/155
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4a4db468307b921622ea49ccb36437f431887d5e
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4a4db468307b921622ea49ccb36437f431887d5e
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220521/b57fb918/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list