Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
d6ff5521 by Salvatore Bonaccorso at 2022-05-06T06:20:32+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -15,11 +15,11 @@ CVE-2022-1594
CVE-2022-1593
RESERVED
CVE-2022-1592 (Server-Side Request Forgery in scout in GitHub repository
clinical-gen ...)
- TODO: check
+ NOT-FOR-US: clinical-genomics/scout
CVE-2022-1591
RESERVED
CVE-2022-1590 (A vulnerability was found in Bludit 3.13.1. It has been
declared as pr ...)
- TODO: check
+ NOT-FOR-US: Bludit
CVE-2022-1589
RESERVED
CVE-2022-30292 (thread_call in sqbaselib.cpp in SQUIRREL 3.2 lacks a certain
sq_reserv ...)
@@ -32,7 +32,7 @@ CVE-2022-30290
CVE-2022-30289
RESERVED
CVE-2022-30288 (Agoo through 2.14.2 does not reject GraphQL fragment spreads
that form ...)
- TODO: check
+ NOT-FOR-US: Ruby gem agoo
CVE-2022-30287
RESERVED
CVE-2022-30286
@@ -185,7 +185,7 @@ CVE-2022-1577
CVE-2022-1576
RESERVED
CVE-2022-1575 (Arbitrary Code Execution through Sanitizer Bypass in GitHub
repository ...)
- TODO: check
+ NOT-FOR-US: jgraph/drawio
CVE-2022-1574
RESERVED
CVE-2022-1573
@@ -469,7 +469,7 @@ CVE-2022-1556
CVE-2022-1555 (DOM XSS in microweber ver 1.2.15 in GitHub repository
microweber/micro ...)
NOT-FOR-US: microweber
CVE-2022-1554 (Path Traversal due to `send_file` call in GitHub repository
clinical-g ...)
- TODO: check
+ NOT-FOR-US: clinical-genomics/scout
CVE-2022-30126
RESERVED
CVE-2022-1553
@@ -806,7 +806,7 @@ CVE-2022-29970 (Sinatra before 2.2.0 does not validate that
the expanded path ma
NOTE:
https://github.com/sinatra/sinatra/commit/462c3ca1db53ed3cfc394cf5948e9c948ad1c10e
(v2.2.0)
TODO: check where issue is introduced
CVE-2022-29969 (The RSS extension before 2022-04-29 for MediaWiki allows XSS
via an rs ...)
- TODO: check
+ NOT-FOR-US: RSS extension for MediaWiki
CVE-2022-29968 (An issue was discovered in the Linux kernel through 5.17.5.
io_rw_init ...)
- linux <unfixed>
[bullseye] - linux <not-affected> (Vulnerable code introduced later)
@@ -878,11 +878,11 @@ CVE-2022-29942 (Talend Administration Center has a
vulnerability that allows an
CVE-2022-29941
RESERVED
CVE-2022-29940 (In LibreHealth EHR 2.0.0, lack of sanitization of the GET
parameters f ...)
- TODO: check
+ NOT-FOR-US: LibreHealth EHR
CVE-2022-29939 (In LibreHealth EHR 2.0.0, lack of sanitization of the GET
parameters d ...)
- TODO: check
+ NOT-FOR-US: LibreHealth EHR
CVE-2022-29938 (In LibreHealth EHR 2.0.0, lack of sanitization of the GET
parameter pa ...)
- TODO: check
+ NOT-FOR-US: LibreHealth EHR
CVE-2022-29937 (USU Oracle Optimization before 5.17.5 allows authenticated
DataCollect ...)
NOT-FOR-US: USU Oracle Optimization
CVE-2022-29936 (USU Oracle Optimization before 5.17 allows authenticated
quantum users ...)
@@ -1532,7 +1532,7 @@ CVE-2022-27174
CVE-2022-1465
RESERVED
CVE-2022-1464 (Stored xss bug in GitHub repository gogs/gogs prior to 0.12.7.
As the ...)
- TODO: check
+ NOT-FOR-US: Go Git Service
CVE-2022-1463
RESERVED
CVE-2022-1462
@@ -2221,7 +2221,7 @@ CVE-2022-1413
CVE-2022-1412
RESERVED
CVE-2022-1411 (Unrestructed file upload in GitHub repository
yetiforcecompany/yetifor ...)
- TODO: check
+ NOT-FOR-US: yetiforcecrm
CVE-2022-1410
RESERVED
CVE-2022-1409
@@ -2374,15 +2374,15 @@ CVE-2022-28695 (On F5 BIG-IP AFM 16.1.x versions prior
to 16.1.2.2, 15.1.x versi
CVE-2022-28691 (On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x
versions prior ...)
NOT-FOR-US: F5 BIG-IP
CVE-2022-27880 (On F5 Traffix SDC 5.2.x versions prior to 5.2.2 and 5.1.x
versions pri ...)
- TODO: check
+ NOT-FOR-US: F5 BIG-IP
CVE-2022-27878 (On all versions of 16.1.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and
11.6.x ...)
NOT-FOR-US: F5 BIG-IP
CVE-2022-27875 (On F5 Access for Android 3.x versions prior to 3.0.8, a Task
Hijacking ...)
- TODO: check
+ NOT-FOR-US: F5 BIG-IP
CVE-2022-27806 (On all versions of 16.1.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and
11.6.x ...)
NOT-FOR-US: F5 BIG-IP
CVE-2022-27662 (On F5 Traffix SDC 5.2.x versions prior to 5.2.2 and 5.1.x
versions pri ...)
- TODO: check
+ NOT-FOR-US: F5 BIG-IP
CVE-2022-27659 (On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x
versions prior ...)
NOT-FOR-US: F5 BIG-IP
CVE-2022-27636 (On F5 BIG-IP APM 16.1.x versions prior to 16.1.2.2, 15.1.x
versions pr ...)
@@ -2390,7 +2390,7 @@ CVE-2022-27636 (On F5 BIG-IP APM 16.1.x versions prior to
16.1.2.2, 15.1.x versi
CVE-2022-27634 (On 16.1.x versions prior to 16.1.2.2 and 15.1.x versions prior
to 15.1 ...)
NOT-FOR-US: F5 BIG-IP
CVE-2022-27495 (On all versions 1.3.x (fixed in 1.4.0) NGINX Service Mesh
control plan ...)
- TODO: check
+ NOT-FOR-US: F5 BIG-IP
CVE-2022-27230 (On all versions of 16.1.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and
11.6.x ...)
NOT-FOR-US: F5 BIG-IP
CVE-2022-27189 (On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x
versions prior ...)
@@ -2418,7 +2418,7 @@ CVE-2022-26130 (On F5 BIG-IP 16.1.x versions prior to
16.1.2.2, 15.1.x versions
CVE-2022-26071 (On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x
versions prior ...)
NOT-FOR-US: F5 BIG-IP
CVE-2022-25990 (On 1.0.x versions prior to 1.0.1, systems running F5OS-A
software may ...)
- TODO: check
+ NOT-FOR-US: F5 BIG-IP
CVE-2022-25946 (On all versions of 16.1.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and
11.6.x ...)
NOT-FOR-US: F5 BIG-IP
CVE-2022-1389 (On all versions of 16.1.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and
11.6.x ...)
@@ -4698,7 +4698,7 @@ CVE-2022-28608
CVE-2022-28607
RESERVED
CVE-2022-28606 (An arbitrary file upload vulnerability exists in Wenzhou
Huoyin Inform ...)
- TODO: check
+ NOT-FOR-US: BossCMS
CVE-2022-28605
RESERVED
CVE-2022-28604
@@ -4742,25 +4742,25 @@ CVE-2022-28586 (XSS in edit page of Hoosk 1.8.0 allows
attacker to execute javas
CVE-2022-28585 (EmpireCMS 7.5 has a SQL injection vulnerability in AdClass.php
...)
NOT-FOR-US: EmpireCMS
CVE-2022-28584 (It is found that there is a command injection vulnerability in
the set ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2022-28583 (It is found that there is a command injection vulnerability in
the set ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2022-28582 (It is found that there is a command injection vulnerability in
the set ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2022-28581 (It is found that there is a command injection vulnerability in
the set ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2022-28580 (It is found that there is a command injection vulnerability in
the set ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2022-28579 (It is found that there is a command injection vulnerability in
the set ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2022-28578 (It is found that there is a command injection vulnerability in
the set ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2022-28577 (It is found that there is a command injection vulnerability in
the del ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2022-28576
RESERVED
CVE-2022-28575 (It is found that there is a command injection vulnerability in
the set ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2022-28574
RESERVED
CVE-2022-28573 (D-Link DIR-823-Pro v1.0.2 was discovered to contain a command
injectio ...)
@@ -4774,7 +4774,7 @@ CVE-2022-28570
CVE-2022-28569
RESERVED
CVE-2022-28568 (Sourcecodester Doctor's Appointment System 1.0 is vulnerable
to File U ...)
- TODO: check
+ NOT-FOR-US: Sourcecodester Doctor's Appointment System
CVE-2022-28567
RESERVED
CVE-2022-28566
@@ -4806,7 +4806,7 @@ CVE-2022-28554
CVE-2022-28553
RESERVED
CVE-2022-28552 (Cscms 4.1 is vulnerable to SQL Injection. Log into the
background, ope ...)
- TODO: check
+ NOT-FOR-US: Cscms
CVE-2022-28551
RESERVED
CVE-2022-28550
@@ -4844,13 +4844,13 @@ CVE-2022-28535
CVE-2022-28534
RESERVED
CVE-2022-28533 (Sourcecodester Medical Hub Directory Site 1.0 is vulnerable to
SQL Inj ...)
- TODO: check
+ NOT-FOR-US: Sourcecodester Medical Hub Directory Site
CVE-2022-28532
RESERVED
CVE-2022-28531
RESERVED
CVE-2022-28530 (Sourcecodester Covid-19 Directory on Vaccination System 1.0 is
vulnera ...)
- TODO: check
+ NOT-FOR-US: Sourcecodester Covid-19 Directory on Vaccination System
CVE-2022-28529
RESERVED
CVE-2022-28528 (bloofoxCMS v0.5.2.1 was discovered to contain an arbitrary
file upload ...)
@@ -4886,7 +4886,7 @@ CVE-2022-28514
CVE-2022-28513
RESERVED
CVE-2022-28512 (A SQL injection vulnerability exists in Sourcecodester
Fantastic Blog ...)
- TODO: check
+ NOT-FOR-US: Sourcecodester Fantastic Blog CMS
CVE-2022-28511
RESERVED
CVE-2022-28510
@@ -4995,7 +4995,7 @@ CVE-2022-28463
CVE-2022-28462 (novel-plus 3.6.0 suffers from an Arbitrary file reading
vulnerability. ...)
TODO: check
CVE-2022-28461 (mingyuefusu Library Management System all versions as of
03-27-2022 is ...)
- TODO: check
+ NOT-FOR-US: mingyuefusu Library Management System
CVE-2022-28460
RESERVED
CVE-2022-28459
@@ -6261,7 +6261,7 @@ CVE-2022-28113 (An issue in upload.csp of FANTEC GmbH
MWiD25-DS Firmware v2.000.
CVE-2022-28112
RESERVED
CVE-2022-28111 (MyBatis PageHelper v1.x.x-v5.x.x was discovered to contain a
time-blin ...)
- TODO: check
+ NOT-FOR-US: MyBatis PageHelper
CVE-2022-28110
RESERVED
CVE-2022-28109 (Selenium Selenium Grid (formerly Selenium Standalone Server)
Fixed in ...)
@@ -6285,13 +6285,13 @@ CVE-2022-28101 (Turtlapp Turtle Note v0.7.2.6 does not
filter the <meta> t
CVE-2022-28100
RESERVED
CVE-2022-28099 (Poultry Farm Management System v1.0 was discovered to contain
a SQL in ...)
- TODO: check
+ NOT-FOR-US: Poultry Farm Management System
CVE-2022-28098
RESERVED
CVE-2022-28097
RESERVED
CVE-2022-28096 (Skycaiji v2.4 was discovered to contain a remote code
execution (RCE) ...)
- TODO: check
+ NOT-FOR-US: Skycaiji
CVE-2022-28095
RESERVED
CVE-2022-28094 (SCBS Online Sports Venue Reservation System v1.0 was
discovered to con ...)
@@ -6303,7 +6303,7 @@ CVE-2022-28092
CVE-2022-28091
RESERVED
CVE-2022-28090 (Jspxcms v10.2.0 allows attackers to execute a Server-Side
Request Forg ...)
- TODO: check
+ NOT-FOR-US: Jspxcms
CVE-2022-28089
RESERVED
CVE-2022-28088
@@ -6326,15 +6326,15 @@ CVE-2022-28082 (Tenda AX12 v22.03.01.21_CN was
discovered to contain a stack ove
CVE-2022-28081 (A reflected cross-site scripting (XSS) vulnerability in the
component ...)
TODO: check
CVE-2022-28080 (Royal Event Management System v1.0 was discovered to contain a
SQL inj ...)
- TODO: check
+ NOT-FOR-US: Royal Event Management System
CVE-2022-28079 (College Management System v1.0 was discovered to contain a SQL
injecti ...)
- TODO: check
+ NOT-FOR-US: College Management System
CVE-2022-28078
RESERVED
CVE-2022-28077
RESERVED
CVE-2022-28076 (Seacms v11.6 was discovered to contain a remote command
execution (RCE ...)
- TODO: check
+ NOT-FOR-US: Seacms
CVE-2022-28075
RESERVED
CVE-2022-28074 (Halo-1.5.0 was discovered to contain a stored cross-site
scripting (XS ...)
@@ -6352,7 +6352,7 @@ CVE-2022-28069
CVE-2022-28068
RESERVED
CVE-2022-28067 (An incorrect access control issue in Sandboxie Classic
v5.55.13 allows ...)
- TODO: check
+ NOT-FOR-US: Sandboxie Classic
CVE-2022-28066 (Libarchive v3.6.0 was discovered to contain a read memory
access vulne ...)
TODO: check
CVE-2022-28065
@@ -6376,7 +6376,7 @@ CVE-2022-28057
CVE-2022-28056 (ShopXO v2.2.5 and below was discovered to contain a system
re-install ...)
NOT-FOR-US: ShopXO
CVE-2022-28055 (Fusionpbx v4.4 and below contains a command injection
vulnerability vi ...)
- TODO: check
+ NOT-FOR-US: Fusionpbx
CVE-2022-28054 (Improper sanitization of trigger action scripts in VanDyke
Software VS ...)
NOT-FOR-US: VanDyke Software VShell
CVE-2022-28053 (Typemill v1.5.3 was discovered to contain an arbitrary file
upload vul ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d6ff55217b0f34b8f18cfd86d8ce14adcbfa2900
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d6ff55217b0f34b8f18cfd86d8ce14adcbfa2900
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
