[Git][security-tracker-team/security-tracker][master] Re-associate some NFUs with phpipam, itp'ed

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Oct 4 21:05:49 BST 2022 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
7832c4cd by Salvatore Bonaccorso at 2022-10-04T22:04:22+02:00
Re-associate some NFUs with phpipam, itp'ed

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -54547,9 +54547,9 @@ CVE-2022-23048 (Exponent CMS 2.6.0patch2 allows an authenticated admin user to u
 CVE-2022-23047 (Exponent CMS 2.6.0patch2 allows an authenticated admin user to inject  ...)
 	NOT-FOR-US: Exponent CMS
 CVE-2022-23046 (PhpIPAM v1.4.4 allows an authenticated admin user to inject SQL senten ...)
-	NOT-FOR-US: PhpIPAM
+	- phpipam <itp> (bug #731713)
 CVE-2022-23045 (PhpIPAM v1.4.4 allows an authenticated admin user to inject persistent ...)
-	NOT-FOR-US: PhpIPAM
+	- phpipam <itp> (bug #731713)
 CVE-2022-23044
 	RESERVED
 CVE-2022-23043 (Zenario CMS 9.2 allows an authenticated admin user to bypass the file  ...)
@@ -190739,7 +190739,7 @@ CVE-2020-7990 (Adive Framework 2.0.8 has admin/user/add userName XSS. ...)
 CVE-2020-7989 (Adive Framework 2.0.8 has admin/user/add userUsername XSS. ...)
 	NOT-FOR-US: Adive Framework
 CVE-2020-7988 (An issue was discovered in tools/pass-change/result.php in phpIPAM 1.4 ...)
-	NOT-FOR-US: phpIPAM
+	- phpipam <itp> (bug #731713)
 CVE-2020-7987
 	RESERVED
 CVE-2020-7986
@@ -218917,15 +218917,15 @@ CVE-2019-16698 (The direct_mail (aka Direct Mail) extension through 5.2.2 for TY
 CVE-2019-16697
 	RESERVED
 CVE-2019-16696 (phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/edit. ...)
-	NOT-FOR-US: phpIPAM
+	- phpipam <itp> (bug #731713)
 CVE-2019-16695 (phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/filte ...)
-	NOT-FOR-US: phpIPAM
+	- phpipam <itp> (bug #731713)
 CVE-2019-16694 (phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/edit- ...)
-	NOT-FOR-US: phpIPAM
+	- phpipam <itp> (bug #731713)
 CVE-2019-16693 (phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/order ...)
-	NOT-FOR-US: phpIPAM
+	- phpipam <itp> (bug #731713)
 CVE-2019-16692 (phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/filte ...)
-	NOT-FOR-US: phpIPAM
+	- phpipam <itp> (bug #731713)
 CVE-2019-16691
 	REJECTED
 CVE-2019-16690
@@ -248239,7 +248239,7 @@ CVE-2019-1000012 (Hex package manager version 0.14.0 through 0.18.2 contains a S
 CVE-2019-1000011 (API Platform version from 2.2.0 to 2.3.5 contains an Incorrect Access  ...)
 	NOT-FOR-US: API Platform
 CVE-2019-1000010 (phpIPAM version 1.3.2 and earlier contains a Cross Site Scripting (XSS ...)
-	NOT-FOR-US: phpIPAM
+	- phpipam <itp> (bug #731713)
 CVE-2019-1000009 (Helm ChartMuseum version >=0.1.0 and < 0.8.1 contains a CWE-22:  ...)
 	NOT-FOR-US: Helm ChartMuseum
 CVE-2019-1000008 (All versions of Helm between Helm >=2.0.0 and < 2.12.2 contains  ...)
@@ -327807,7 +327807,7 @@ CVE-2017-15642 (In lsx_aiffstartread in aiff.c in Sound eXchange (SoX) 14.4.2, t
 CVE-2017-15641
 	RESERVED
 CVE-2017-15640 (app/sections/user-menu.php in phpIPAM before 1.3.1 has XSS via the ip  ...)
-	NOT-FOR-US: phpIPAM
+	- phpipam <itp> (bug #731713)
 CVE-2017-15639 (tasks/feed/readRSS.cfm in Mura CMS before 6.2 allows attackers to bypa ...)
 	NOT-FOR-US: Mura CMS
 CVE-2017-15638 (The SuSEfirewall2 package before 3.6.312-2.13.1 in SUSE Linux Enterpri ...)
@@ -355943,7 +355943,7 @@ CVE-2017-6483 (Multiple Cross-Site Scripting (XSS) issues were discovered in ATu
 CVE-2017-6482
 	REJECTED
 CVE-2017-6481 (Multiple Cross-Site Scripting (XSS) issues were discovered in phpipam  ...)
-	NOT-FOR-US: phpipam
+	- phpipam <itp> (bug #731713)
 CVE-2017-6480 (groovel/cmsgroovel before 3.3.7-beta is vulnerable to a reflected XSS  ...)
 	NOT-FOR-US: cmsgroovel
 CVE-2017-6479 (FenixHosting/fenix-open-source before 2017-03-04 is vulnerable to a re ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7832c4cd8ce639eeafa1c316252b38d35ecca117

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7832c4cd8ce639eeafa1c316252b38d35ecca117
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221004/9294289a/attachment.htm>

More information about the debian-security-tracker-commits mailing list