Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 68e25148 by Salvatore Bonaccorso at 2022-04-08T22:54:19+02:00 Process some more NFUs - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -4870,13 +4870,13 @@ CVE-2022-27066 CVE-2022-27065 RESERVED CVE-2022-27064 (Musical World v1 was discovered to contain an arbitrary file upload vu ...) - TODO: check + NOT-FOR-US: Musical World CVE-2022-27063 (AeroCMS v0.0.1 was discovered to contain a stored cross-site scripting ...) - TODO: check + NOT-FOR-US: AeroCMS CVE-2022-27062 (AeroCMS v0.0.1 was discovered to contain a stored cross-site scripting ...) - TODO: check + NOT-FOR-US: AeroCMS CVE-2022-27061 (AeroCMS v0.0.1 was discovered to contain an arbitrary file upload vuln ...) - TODO: check + NOT-FOR-US: AeroCMS CVE-2022-27060 RESERVED CVE-2022-27059 @@ -4904,7 +4904,7 @@ CVE-2022-27049 (Raidrive before v2021.12.35 allows attackers to arbitrarily move CVE-2022-27048 RESERVED CVE-2022-27047 (mogu_blog_cms 5.2 suffers from upload arbitrary files without any limi ...) - TODO: check + NOT-FOR-US: mogu_blog_cms CVE-2022-27046 (libsixel 1.8.6 suffers from a Heap Use After Free vulnerability in in ...) TODO: check CVE-2022-27045 @@ -5026,7 +5026,7 @@ CVE-2022-26988 CVE-2022-26987 RESERVED CVE-2022-26986 (SQL Injection in ImpressCMS 1.4.3 and earlier allows remote attackers ...) - TODO: check + NOT-FOR-US: ImpressCMS CVE-2022-26985 RESERVED CVE-2022-26984 @@ -5034,7 +5034,7 @@ CVE-2022-26984 CVE-2022-26983 RESERVED CVE-2022-26982 (SimpleMachinesForum 2.1.1 and earlier allows remote authenticated admi ...) - TODO: check + NOT-FOR-US: Simple Machines Forum (SMF) CVE-2022-0947 RESERVED CVE-2022-0946 (Stored XSS viva cshtm file upload in GitHub repository star7th/showdoc ...) @@ -5133,9 +5133,9 @@ CVE-2022-0937 (Stored xss in showdoc through file upload in GitHub repository st CVE-2022-26954 RESERVED CVE-2022-26953 (Digi Passport Firmware through 1.5.1,1 is affected by a buffer overflo ...) - TODO: check + NOT-FOR-US: Digi Passport Firmware CVE-2022-26952 (Digi Passport Firmware through 1.5.1,1 is affected by a buffer overflo ...) - TODO: check + NOT-FOR-US: Digi Passport Firmware CVE-2022-26951 (Archer 6.x through 6.10 (6.10.0.0) contains a reflected XSS vulnerabil ...) NOT-FOR-US: Archer CVE-2022-26950 (Archer 6.x through 6.9 P2 (6.9.0.2) is affected by an open redirect vu ...) @@ -5217,15 +5217,15 @@ CVE-2022-26914 CVE-2022-26913 RESERVED CVE-2022-26912 (Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2022-26911 RESERVED CVE-2022-26910 RESERVED CVE-2022-26909 (Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2022-26908 (Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2022-26907 RESERVED CVE-2022-26906 @@ -5241,7 +5241,7 @@ CVE-2022-26902 CVE-2022-26901 RESERVED CVE-2022-26900 (Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2022-26899 RESERVED CVE-2022-26898 @@ -5251,15 +5251,15 @@ CVE-2022-26897 CVE-2022-26896 RESERVED CVE-2022-26895 (Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2022-26894 (Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2022-26893 RESERVED CVE-2022-26892 RESERVED CVE-2022-26891 (Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2022-26061 RESERVED CVE-2022-25972 @@ -5267,7 +5267,7 @@ CVE-2022-25972 CVE-2022-25942 RESERVED CVE-2022-0935 (Host Header injection in password Reset in GitHub repository livehelpe ...) - TODO: check + NOT-FOR-US: livehelperchat CVE-2022-26886 RESERVED CVE-2022-26885 @@ -5583,7 +5583,7 @@ CVE-2022-0903 (A call stack overflow bug in the SAML login feature in Mattermost CVE-2022-0902 RESERVED CVE-2022-0901 (The Ad Inserter Free and Pro WordPress plugins before 2.7.12 do not sa ...) - TODO: check + NOT-FOR-US: WordPress plugins CVE-2022-0900 RESERVED CVE-2022-0899 @@ -5857,9 +5857,9 @@ CVE-2022-26846 (SPIP before 3.2.14 and 4.x before 4.0.5 allows remote authentica NOTE: https://git.spip.net/spip/medias/commit/3014b845da2dd8ad15ff04b50fd9dbba388a9ca2 NOTE: https://blog.spip.net/Mise-a-jour-critique-de-securite-sorties-de-SPIP-4-0-5-et-SPIP-3-2-14.html CVE-2022-26676 (aEnrich a+HRD has inadequate privilege restrictions, an unauthenticate ...) - TODO: check + NOT-FOR-US: aEnrich a+HRD CVE-2022-26675 (aEnrich a+HRD has inadequate filtering for special characters in URLs. ...) - TODO: check + NOT-FOR-US: aEnrich a+HRD CVE-2022-26674 RESERVED CVE-2022-26673 @@ -5867,9 +5867,9 @@ CVE-2022-26673 CVE-2022-26672 RESERVED CVE-2022-26671 (Taiwan Secom Dr.ID Access Control system’s login page has a hard ...) - TODO: check + NOT-FOR-US: Taiwan Secom Dr.ID Access Control system CVE-2022-26670 (D-Link DIR-878 has inadequate filtering for special characters in the ...) - TODO: check + NOT-FOR-US: D-Link CVE-2022-26669 RESERVED CVE-2022-26668 @@ -5957,13 +5957,13 @@ CVE-2022-26632 CVE-2022-26631 RESERVED CVE-2022-26630 (Jellycms v3.8.1 and below was discovered to contain an arbitrary file ...) - TODO: check + NOT-FOR-US: Jellycms CVE-2022-26629 (An Access Control vulnerability exists in SoroushPlus+ Messenger 1.0.3 ...) NOT-FOR-US: SoroushPlus+ Messenger CVE-2022-26628 (Matrimony v1.0 was discovered to contain a SQL injection vulnerability ...) - TODO: check + NOT-FOR-US: Matrimony CVE-2022-26627 (Online Project Time Management System v1.0 was discovered to contain a ...) - TODO: check + NOT-FOR-US: Online Project Time Management System CVE-2022-26626 RESERVED CVE-2022-26625 @@ -5985,13 +5985,13 @@ CVE-2022-26618 CVE-2022-26617 RESERVED CVE-2022-26616 (PKP Vendor Open Journal System v2.4.8 to v3.3.8 allows attackers to pe ...) - TODO: check + NOT-FOR-US: PKP Vendor Open Journal System CVE-2022-26615 (A cross-site scripting (XSS) vulnerability in College Website Content ...) NOT-FOR-US: SourceCodester Simple College Website CVE-2022-26614 RESERVED CVE-2022-26613 (PHP-CMS v1.0 was discovered to contain a SQL injection vulnerability v ...) - TODO: check + NOT-FOR-US: PHP-CMS CVE-2022-26612 (In Apache Hadoop, The unTar function uses unTarUsingJava function on W ...) - hadoop <itp> (bug #793644) CVE-2022-26611 @@ -6003,11 +6003,11 @@ CVE-2022-26609 CVE-2022-26608 RESERVED CVE-2022-26607 (A remote code execution (RCE) vulnerability in baigo CMS v3.0-alpha-2 ...) - TODO: check + NOT-FOR-US: baigo CMS CVE-2022-26606 RESERVED CVE-2022-26605 (eZiosuite v2.0.7 contains an authenticated arbitrary file upload via t ...) - TODO: check + NOT-FOR-US: eZiosuite CVE-2022-26604 RESERVED CVE-2022-26603 @@ -6035,7 +6035,7 @@ CVE-2022-26593 CVE-2022-26592 RESERVED CVE-2022-26591 (FANTEC GmbH MWiD25-DS Firmware v2.000.030 allows unauthenticated attac ...) - TODO: check + NOT-FOR-US: FANTEC GmbH MWiD25-DS Firmware CVE-2022-26590 RESERVED CVE-2022-26589 @@ -6047,7 +6047,7 @@ CVE-2022-26587 CVE-2022-26586 RESERVED CVE-2022-26585 (Mingsoft MCMS v5.2.7 was discovered to contain a SQL injection vulnera ...) - TODO: check + NOT-FOR-US: Mingsoft MCMS CVE-2022-26584 RESERVED CVE-2022-26583 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/68e251486f786aa47cd2c3f9d633cb52b041e379 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/68e251486f786aa47cd2c3f9d633cb52b041e379 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits