[Git][security-tracker-team/security-tracker][master] 2 commits: Process NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Sat May 21 09:40:53 BST 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
c1484cfd by Salvatore Bonaccorso at 2022-05-21T10:39:54+02:00
Process NFUs
- - - - -
0ee45fe1 by Salvatore Bonaccorso at 2022-05-21T10:39:55+02:00
Add two CVEs for Cilium, itp'ed
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -47,7 +47,7 @@ CVE-2022-1805
CVE-2022-1804
RESERVED
CVE-2022-1803 (Improper Restriction of Rendered UI Layers or Frames in GitHub reposit ...)
- TODO: check
+ NOT-FOR-US: Trudesk
CVE-2022-1802
RESERVED
- firefox 100.0.2-1
@@ -653,7 +653,7 @@ CVE-2022-30974 (compile in regexp.c in Artifex MuJS through 1.2.0 results in sta
- mujs <unfixed>
NOTE: https://github.com/ccxvii/mujs/issues/162
CVE-2022-1775 (Weak Password Requirements in GitHub repository polonel/trudesk prior ...)
- TODO: check
+ NOT-FOR-US: Trudesk
CVE-2022-1774 (Exposure of Sensitive Information to an Unauthorized Actor in GitHub r ...)
NOT-FOR-US: jgraph/drawio
CVE-2022-1773
@@ -765,7 +765,7 @@ CVE-2022-1754 (Integer Overflow or Wraparound in GitHub repository polonel/trude
CVE-2022-1753 (A vulnerability, which was classified as critical, was found in WoWond ...)
NOT-FOR-US: WoWonder
CVE-2022-1752 (Unrestricted Upload of File with Dangerous Type in GitHub repository p ...)
- TODO: check
+ NOT-FOR-US: Trudesk
CVE-2022-1751
RESERVED
CVE-2022-1750
@@ -5071,9 +5071,9 @@ CVE-2022-29450
CVE-2022-29449 (Authenticated (contributor or higher user role) Stored Cross-Site Scri ...)
NOT-FOR-US: WordPress plugin
CVE-2022-29448 (Authenticated (admin or higher user role) Local File Inclusion (LFI) v ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-29447 (Authenticated (administrator or higher user role) Local File Inclusion ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-29446 (Authenticated (administrator or higher role) Local File Inclusion (LFI ...)
NOT-FOR-US: WordPress plugin
CVE-2022-29445 (Authenticated (administrator or higher role) Local File Inclusion (LFI ...)
@@ -5099,27 +5099,27 @@ CVE-2022-29436 (Persistent Cross-Site Scripting (XSS) vulnerability in Alexander
CVE-2022-29435 (Cross-Site Request Forgery (CSRF) vulnerability in Alexander Stokmann' ...)
NOT-FOR-US: WordPress plugin
CVE-2022-29434 (Insecure Direct Object References (IDOR) vulnerability in Spiffy Plugi ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-29433 (Authenticated (contributor or higher role) Cross-Site Scripting (XSS) ...)
NOT-FOR-US: WordPress plugin
CVE-2022-29432 (Multiple Authenticated (administrator or higher user role) Persistent ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-29431 (Cross-Site Request Forgery (CSRF) vulnerability in KubiQ CPT base plug ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-29430 (Cross-Site Scripting (XSS) vulnerability in KubiQ's PNG to JPG plugin ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-29429 (Remote Code Execution (RCE) in Alexander Stokmann's Code Snippets Exte ...)
NOT-FOR-US: WordPress plugin
CVE-2022-29428 (Cross-Site Scripting (XSS) vulnerability in Muneeb's WP Slider Plugin ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-29427 (Cross-Site Request Forgery (CSRF) vulnerability in Aftab Muni's Disabl ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-29426 (Authenticated (contributor or higher user role) Reflected Cross-Site S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-29425 (Cross-Site Scripting (XSS) vulnerability in WP Wham's Checkout Files U ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-29424 (Authenticated (admin or higher user role) Reflected Cross-Site Scripti ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-29423 (Pro Features Lock Bypass vulnerability in Countdown & Clock plugin ...)
NOT-FOR-US: WordPress plugin
CVE-2022-29422 (Multiple Authenticated (admin+) Persistent Cross-Site Scripting (XSS) ...)
@@ -5743,9 +5743,9 @@ CVE-2022-29181 (Nokogiri is an open source XML and HTML library for Ruby. Nokogi
CVE-2022-29180 (A vulnerability in which attackers could forge HTTP requests to manipu ...)
NOT-FOR-US: charmbracelet/charm
CVE-2022-29179 (Cilium is open source software for providing and securing network conn ...)
- TODO: check
+ - cilium <itp> (bug #858303)
CVE-2022-29178 (Cilium is open source software for providing and securing network conn ...)
- TODO: check
+ - cilium <itp> (bug #858303)
CVE-2022-29177 (Go Ethereum is the official Golang implementation of the Ethereum prot ...)
- golang-github-go-ethereum <itp> (bug #890541)
CVE-2022-29176 (Rubygems is a package registry used to supply software for the Ruby la ...)
@@ -7312,7 +7312,7 @@ CVE-2022-28620
CVE-2022-28619
RESERVED
CVE-2022-28618 (A command injection security vulnerability has been identified in HPE ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2022-28617 (A remote bypass security restrictions vulnerability was discovered in ...)
NOT-FOR-US: HPE OneView
CVE-2022-28616 (A remote server-side request forgery (ssrf) vulnerability was discover ...)
@@ -7531,7 +7531,7 @@ CVE-2022-28533 (Sourcecodester Medical Hub Directory Site 1.0 is vulnerable to S
CVE-2022-28532
RESERVED
CVE-2022-28531 (Sourcecodester Covid-19 Directory on Vaccination System1.0 is vulnerab ...)
- TODO: check
+ NOT-FOR-US: Sourcecodester Covid-19 Directory on Vaccination System
CVE-2022-28530 (Sourcecodester Covid-19 Directory on Vaccination System 1.0 is vulnera ...)
NOT-FOR-US: Sourcecodester Covid-19 Directory on Vaccination System
CVE-2022-28529
@@ -24732,9 +24732,9 @@ CVE-2022-22975 (An issue was discovered in the Pinniped Supervisor with either L
CVE-2022-22974
RESERVED
CVE-2022-22973 (VMware Workspace ONE Access and Identity Manager contain a privilege e ...)
- TODO: check
+ NOT-FOR-US: VMware
CVE-2022-22972 (VMware Workspace ONE Access, Identity Manager and vRealize Automation ...)
- TODO: check
+ NOT-FOR-US: VMware
CVE-2022-22971 (In spring framework versions prior to 5.3.20+ , 5.2.22+ and old unsupp ...)
- libspring-java <unfixed>
NOTE: https://tanzu.vmware.com/security/cve-2022-22971
@@ -56165,7 +56165,7 @@ CVE-2021-36835
CVE-2021-36834
RESERVED
CVE-2021-36833 (Authenticated (admin or higher user role) Stored Cross-Site Scripting ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-36832 (WordPress Popups, Welcome Bar, Optins and Lead Generation Plugin ̵ ...)
NOT-FOR-US: WordPress plugins
CVE-2021-36831
@@ -65113,7 +65113,7 @@ CVE-2021-33151
CVE-2021-33150 (Hardware allows activation of test or debug logic at runtime for some ...)
NOT-FOR-US: Intel
CVE-2021-33149 (Observable behavioral discrepancy in some Intel(R) Processors may allo ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2021-33148
RESERVED
CVE-2021-33147 (Improper conditions check in the Intel(R) IPP Crypto library before ve ...)
@@ -81979,9 +81979,9 @@ CVE-2021-26633
CVE-2021-26632
RESERVED
CVE-2021-26631 (Improper input validation vulnerability in Mangboard commerce package ...)
- TODO: check
+ NOT-FOR-US: Mangboard commerce package
CVE-2021-26630 (Improper input validation vulnerability in HANDY Groupware’s Act ...)
- TODO: check
+ NOT-FOR-US: HANDY Groupware
CVE-2021-26629 (A path traversal vulnerability in XPLATFORM's runtime archive function ...)
NOT-FOR-US: Tobesoft Xplatform
CVE-2021-26628 (Insufficient script validation of the admin page enables XSS, which ca ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/b49336529ef50af25fdf2c2c4dad8f26a572a039...0ee45fe150af6d86c8860f10dcb16c4f9ac8c9b6
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/b49336529ef50af25fdf2c2c4dad8f26a572a039...0ee45fe150af6d86c8860f10dcb16c4f9ac8c9b6
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220521/3a5fcfa8/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list