Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
68e25148 by Salvatore Bonaccorso at 2022-04-08T22:54:19+02:00
Process some more NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -4870,13 +4870,13 @@ CVE-2022-27066
CVE-2022-27065
RESERVED
CVE-2022-27064 (Musical World v1 was discovered to contain an arbitrary file
upload vu ...)
- TODO: check
+ NOT-FOR-US: Musical World
CVE-2022-27063 (AeroCMS v0.0.1 was discovered to contain a stored cross-site
scripting ...)
- TODO: check
+ NOT-FOR-US: AeroCMS
CVE-2022-27062 (AeroCMS v0.0.1 was discovered to contain a stored cross-site
scripting ...)
- TODO: check
+ NOT-FOR-US: AeroCMS
CVE-2022-27061 (AeroCMS v0.0.1 was discovered to contain an arbitrary file
upload vuln ...)
- TODO: check
+ NOT-FOR-US: AeroCMS
CVE-2022-27060
RESERVED
CVE-2022-27059
@@ -4904,7 +4904,7 @@ CVE-2022-27049 (Raidrive before v2021.12.35 allows
attackers to arbitrarily move
CVE-2022-27048
RESERVED
CVE-2022-27047 (mogu_blog_cms 5.2 suffers from upload arbitrary files without
any limi ...)
- TODO: check
+ NOT-FOR-US: mogu_blog_cms
CVE-2022-27046 (libsixel 1.8.6 suffers from a Heap Use After Free
vulnerability in in ...)
TODO: check
CVE-2022-27045
@@ -5026,7 +5026,7 @@ CVE-2022-26988
CVE-2022-26987
RESERVED
CVE-2022-26986 (SQL Injection in ImpressCMS 1.4.3 and earlier allows remote
attackers ...)
- TODO: check
+ NOT-FOR-US: ImpressCMS
CVE-2022-26985
RESERVED
CVE-2022-26984
@@ -5034,7 +5034,7 @@ CVE-2022-26984
CVE-2022-26983
RESERVED
CVE-2022-26982 (SimpleMachinesForum 2.1.1 and earlier allows remote
authenticated admi ...)
- TODO: check
+ NOT-FOR-US: Simple Machines Forum (SMF)
CVE-2022-0947
RESERVED
CVE-2022-0946 (Stored XSS viva cshtm file upload in GitHub repository
star7th/showdoc ...)
@@ -5133,9 +5133,9 @@ CVE-2022-0937 (Stored xss in showdoc through file upload
in GitHub repository st
CVE-2022-26954
RESERVED
CVE-2022-26953 (Digi Passport Firmware through 1.5.1,1 is affected by a buffer
overflo ...)
- TODO: check
+ NOT-FOR-US: Digi Passport Firmware
CVE-2022-26952 (Digi Passport Firmware through 1.5.1,1 is affected by a buffer
overflo ...)
- TODO: check
+ NOT-FOR-US: Digi Passport Firmware
CVE-2022-26951 (Archer 6.x through 6.10 (6.10.0.0) contains a reflected XSS
vulnerabil ...)
NOT-FOR-US: Archer
CVE-2022-26950 (Archer 6.x through 6.9 P2 (6.9.0.2) is affected by an open
redirect vu ...)
@@ -5217,15 +5217,15 @@ CVE-2022-26914
CVE-2022-26913
RESERVED
CVE-2022-26912 (Microsoft Edge (Chromium-based) Elevation of Privilege
Vulnerability. ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-26911
RESERVED
CVE-2022-26910
RESERVED
CVE-2022-26909 (Microsoft Edge (Chromium-based) Elevation of Privilege
Vulnerability. ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-26908 (Microsoft Edge (Chromium-based) Elevation of Privilege
Vulnerability. ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-26907
RESERVED
CVE-2022-26906
@@ -5241,7 +5241,7 @@ CVE-2022-26902
CVE-2022-26901
RESERVED
CVE-2022-26900 (Microsoft Edge (Chromium-based) Elevation of Privilege
Vulnerability. ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-26899
RESERVED
CVE-2022-26898
@@ -5251,15 +5251,15 @@ CVE-2022-26897
CVE-2022-26896
RESERVED
CVE-2022-26895 (Microsoft Edge (Chromium-based) Elevation of Privilege
Vulnerability. ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-26894 (Microsoft Edge (Chromium-based) Elevation of Privilege
Vulnerability. ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-26893
RESERVED
CVE-2022-26892
RESERVED
CVE-2022-26891 (Microsoft Edge (Chromium-based) Elevation of Privilege
Vulnerability. ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-26061
RESERVED
CVE-2022-25972
@@ -5267,7 +5267,7 @@ CVE-2022-25972
CVE-2022-25942
RESERVED
CVE-2022-0935 (Host Header injection in password Reset in GitHub repository
livehelpe ...)
- TODO: check
+ NOT-FOR-US: livehelperchat
CVE-2022-26886
RESERVED
CVE-2022-26885
@@ -5583,7 +5583,7 @@ CVE-2022-0903 (A call stack overflow bug in the SAML
login feature in Mattermost
CVE-2022-0902
RESERVED
CVE-2022-0901 (The Ad Inserter Free and Pro WordPress plugins before 2.7.12 do
not sa ...)
- TODO: check
+ NOT-FOR-US: WordPress plugins
CVE-2022-0900
RESERVED
CVE-2022-0899
@@ -5857,9 +5857,9 @@ CVE-2022-26846 (SPIP before 3.2.14 and 4.x before 4.0.5
allows remote authentica
NOTE:
https://git.spip.net/spip/medias/commit/3014b845da2dd8ad15ff04b50fd9dbba388a9ca2
NOTE:
https://blog.spip.net/Mise-a-jour-critique-de-securite-sorties-de-SPIP-4-0-5-et-SPIP-3-2-14.html
CVE-2022-26676 (aEnrich a+HRD has inadequate privilege restrictions, an
unauthenticate ...)
- TODO: check
+ NOT-FOR-US: aEnrich a+HRD
CVE-2022-26675 (aEnrich a+HRD has inadequate filtering for special characters
in URLs. ...)
- TODO: check
+ NOT-FOR-US: aEnrich a+HRD
CVE-2022-26674
RESERVED
CVE-2022-26673
@@ -5867,9 +5867,9 @@ CVE-2022-26673
CVE-2022-26672
RESERVED
CVE-2022-26671 (Taiwan Secom Dr.ID Access Control system’s login page
has a hard ...)
- TODO: check
+ NOT-FOR-US: Taiwan Secom Dr.ID Access Control system
CVE-2022-26670 (D-Link DIR-878 has inadequate filtering for special characters
in the ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2022-26669
RESERVED
CVE-2022-26668
@@ -5957,13 +5957,13 @@ CVE-2022-26632
CVE-2022-26631
RESERVED
CVE-2022-26630 (Jellycms v3.8.1 and below was discovered to contain an
arbitrary file ...)
- TODO: check
+ NOT-FOR-US: Jellycms
CVE-2022-26629 (An Access Control vulnerability exists in SoroushPlus+
Messenger 1.0.3 ...)
NOT-FOR-US: SoroushPlus+ Messenger
CVE-2022-26628 (Matrimony v1.0 was discovered to contain a SQL injection
vulnerability ...)
- TODO: check
+ NOT-FOR-US: Matrimony
CVE-2022-26627 (Online Project Time Management System v1.0 was discovered to
contain a ...)
- TODO: check
+ NOT-FOR-US: Online Project Time Management System
CVE-2022-26626
RESERVED
CVE-2022-26625
@@ -5985,13 +5985,13 @@ CVE-2022-26618
CVE-2022-26617
RESERVED
CVE-2022-26616 (PKP Vendor Open Journal System v2.4.8 to v3.3.8 allows
attackers to pe ...)
- TODO: check
+ NOT-FOR-US: PKP Vendor Open Journal System
CVE-2022-26615 (A cross-site scripting (XSS) vulnerability in College Website
Content ...)
NOT-FOR-US: SourceCodester Simple College Website
CVE-2022-26614
RESERVED
CVE-2022-26613 (PHP-CMS v1.0 was discovered to contain a SQL injection
vulnerability v ...)
- TODO: check
+ NOT-FOR-US: PHP-CMS
CVE-2022-26612 (In Apache Hadoop, The unTar function uses unTarUsingJava
function on W ...)
- hadoop <itp> (bug #793644)
CVE-2022-26611
@@ -6003,11 +6003,11 @@ CVE-2022-26609
CVE-2022-26608
RESERVED
CVE-2022-26607 (A remote code execution (RCE) vulnerability in baigo CMS
v3.0-alpha-2 ...)
- TODO: check
+ NOT-FOR-US: baigo CMS
CVE-2022-26606
RESERVED
CVE-2022-26605 (eZiosuite v2.0.7 contains an authenticated arbitrary file
upload via t ...)
- TODO: check
+ NOT-FOR-US: eZiosuite
CVE-2022-26604
RESERVED
CVE-2022-26603
@@ -6035,7 +6035,7 @@ CVE-2022-26593
CVE-2022-26592
RESERVED
CVE-2022-26591 (FANTEC GmbH MWiD25-DS Firmware v2.000.030 allows
unauthenticated attac ...)
- TODO: check
+ NOT-FOR-US: FANTEC GmbH MWiD25-DS Firmware
CVE-2022-26590
RESERVED
CVE-2022-26589
@@ -6047,7 +6047,7 @@ CVE-2022-26587
CVE-2022-26586
RESERVED
CVE-2022-26585 (Mingsoft MCMS v5.2.7 was discovered to contain a SQL injection
vulnera ...)
- TODO: check
+ NOT-FOR-US: Mingsoft MCMS
CVE-2022-26584
RESERVED
CVE-2022-26583
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/68e251486f786aa47cd2c3f9d633cb52b041e379
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/68e251486f786aa47cd2c3f9d633cb52b041e379
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
