Neil Williams pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
7b84c280 by Neil Williams at 2022-05-20T12:23:27+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -4397,7 +4397,7 @@ CVE-2022-29654
CVE-2022-29653
RESERVED
CVE-2022-29652 (Online Sports Complex Booking System 1.0 is vulnerable to SQL
Injectio ...)
- TODO: check
+ NOT-FOR-US: Sourcecodester Online Sports Complex Booking System
CVE-2022-29651
RESERVED
CVE-2022-29650
@@ -4455,7 +4455,7 @@ CVE-2022-29625
CVE-2022-29624
RESERVED
CVE-2022-29623 (An arbitrary file upload vulnerability in the file upload
module of Co ...)
- TODO: check
+ NOT-FOR-US: expressjs/connect-multiparty
CVE-2022-29622 (An arbitrary file upload vulnerability in formidable v3.1.4
allows att ...)
TODO: check
CVE-2022-29621
@@ -5347,7 +5347,7 @@ CVE-2022-29306 (IonizeCMS v1.0.8.1 was discovered to
contain a SQL injection vul
CVE-2022-29305
RESERVED
CVE-2022-29304 (Online Sports Complex Booking System 1.0 is vulnerable to SQL
Injectio ...)
- TODO: check
+ NOT-FOR-US: Sourcecodester Online Sports Complex Booking System
CVE-2022-29303 (SolarView Compact ver.6.00 was discovered to contain a command
injecti ...)
NOT-FOR-US: SolarView Compact
CVE-2022-29302 (SolarView Compact ver.6.00 was discovered to contain a local
file disc ...)
@@ -6293,11 +6293,12 @@ CVE-2022-28989
CVE-2022-28988
RESERVED
CVE-2022-28987 (ManageEngine ADSelfService Plus v6.1 allows attackers to
perform usern ...)
- TODO: check
+ NOT-FOR-US: ZOHO ManageEngine
CVE-2022-28986 (LMS Doctor Simple 2 Factor Authentication Plugin For Moodle
Affected: ...)
NOT-FOR-US: LMS Doctor Simple 2 Factor Authentication Plugin For Moodle
CVE-2022-28985 (A stored cross-site scripting (XSS) vulnerability in the
addNewPost co ...)
- TODO: check
+ - orangehrm <itp> (bug #786622)
+ NOTE: https://github.com/orangehrm/orangehrm/issues/1217
CVE-2022-28984
RESERVED
CVE-2022-28983
@@ -6337,13 +6338,13 @@ CVE-2022-28967
CVE-2022-28966 (Wasm3 0.5.0 has a heap-based buffer overflow in NewCodePage in
m3_code ...)
NOT-FOR-US: wasm3
CVE-2022-28965 (Multiple DLL hijacking vulnerabilities via the components
instup.exe a ...)
- TODO: check
+ NOT-FOR-US: avast AV
CVE-2022-28964 (An arbitrary file write vulnerability in Avast Premium
Security before ...)
- TODO: check
+ NOT-FOR-US: avast AV
CVE-2022-28963
RESERVED
CVE-2022-28962 (Online Sports Complex Booking System 1.0 is vulnerable to SQL
Injectio ...)
- TODO: check
+ NOT-FOR-US: Sourcecodester Online Sports Complex Booking System
CVE-2022-28961 (Spip Web Framework v3.1.13 and below was discovered to contain
multipl ...)
{DSA-4798-1}
- spip 3.2.8-1
@@ -6357,7 +6358,7 @@ CVE-2022-28960 (A PHP injection vulnerability in Spip
before v3.2.8 allows attac
NOTE:
https://github.com/spip/SPIP/commit/0394b44774555ae8331b6e65e35065dfa0bb41e4
NOTE:
https://github.com/spip/SPIP/commit/6c1650713fc948318852ace759aab8f1a84791cf
CVE-2022-28959 (Multiple cross-site scripting (XSS) vulnerabilities in the
component / ...)
- TODO: check
+ NOT-FOR-US: spip/SPIP
CVE-2022-28958 (D-Link DIR816L_FW206b01 was discovered to contain a remote
code execut ...)
NOT-FOR-US: D-Link
CVE-2022-28957
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7b84c2802489c1ab6700f4f90ad93e9ec388310f
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7b84c2802489c1ab6700f4f90ad93e9ec388310f
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
