Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
c1484cfd by Salvatore Bonaccorso at 2022-05-21T10:39:54+02:00
Process NFUs
- - - - -
0ee45fe1 by Salvatore Bonaccorso at 2022-05-21T10:39:55+02:00
Add two CVEs for Cilium, itp'ed
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -47,7 +47,7 @@ CVE-2022-1805
CVE-2022-1804
RESERVED
CVE-2022-1803 (Improper Restriction of Rendered UI Layers or Frames in GitHub
reposit ...)
- TODO: check
+ NOT-FOR-US: Trudesk
CVE-2022-1802
RESERVED
- firefox 100.0.2-1
@@ -653,7 +653,7 @@ CVE-2022-30974 (compile in regexp.c in Artifex MuJS through
1.2.0 results in sta
- mujs <unfixed>
NOTE: https://github.com/ccxvii/mujs/issues/162
CVE-2022-1775 (Weak Password Requirements in GitHub repository polonel/trudesk
prior ...)
- TODO: check
+ NOT-FOR-US: Trudesk
CVE-2022-1774 (Exposure of Sensitive Information to an Unauthorized Actor in
GitHub r ...)
NOT-FOR-US: jgraph/drawio
CVE-2022-1773
@@ -765,7 +765,7 @@ CVE-2022-1754 (Integer Overflow or Wraparound in GitHub
repository polonel/trude
CVE-2022-1753 (A vulnerability, which was classified as critical, was found in
WoWond ...)
NOT-FOR-US: WoWonder
CVE-2022-1752 (Unrestricted Upload of File with Dangerous Type in GitHub
repository p ...)
- TODO: check
+ NOT-FOR-US: Trudesk
CVE-2022-1751
RESERVED
CVE-2022-1750
@@ -5071,9 +5071,9 @@ CVE-2022-29450
CVE-2022-29449 (Authenticated (contributor or higher user role) Stored
Cross-Site Scri ...)
NOT-FOR-US: WordPress plugin
CVE-2022-29448 (Authenticated (admin or higher user role) Local File Inclusion
(LFI) v ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-29447 (Authenticated (administrator or higher user role) Local File
Inclusion ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-29446 (Authenticated (administrator or higher role) Local File
Inclusion (LFI ...)
NOT-FOR-US: WordPress plugin
CVE-2022-29445 (Authenticated (administrator or higher role) Local File
Inclusion (LFI ...)
@@ -5099,27 +5099,27 @@ CVE-2022-29436 (Persistent Cross-Site Scripting (XSS)
vulnerability in Alexander
CVE-2022-29435 (Cross-Site Request Forgery (CSRF) vulnerability in Alexander
Stokmann' ...)
NOT-FOR-US: WordPress plugin
CVE-2022-29434 (Insecure Direct Object References (IDOR) vulnerability in
Spiffy Plugi ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-29433 (Authenticated (contributor or higher role) Cross-Site
Scripting (XSS) ...)
NOT-FOR-US: WordPress plugin
CVE-2022-29432 (Multiple Authenticated (administrator or higher user role)
Persistent ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-29431 (Cross-Site Request Forgery (CSRF) vulnerability in KubiQ CPT
base plug ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-29430 (Cross-Site Scripting (XSS) vulnerability in KubiQ's PNG to JPG
plugin ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-29429 (Remote Code Execution (RCE) in Alexander Stokmann's Code
Snippets Exte ...)
NOT-FOR-US: WordPress plugin
CVE-2022-29428 (Cross-Site Scripting (XSS) vulnerability in Muneeb's WP Slider
Plugin ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-29427 (Cross-Site Request Forgery (CSRF) vulnerability in Aftab
Muni's Disabl ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-29426 (Authenticated (contributor or higher user role) Reflected
Cross-Site S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-29425 (Cross-Site Scripting (XSS) vulnerability in WP Wham's Checkout
Files U ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-29424 (Authenticated (admin or higher user role) Reflected Cross-Site
Scripti ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-29423 (Pro Features Lock Bypass vulnerability in Countdown &
Clock plugin ...)
NOT-FOR-US: WordPress plugin
CVE-2022-29422 (Multiple Authenticated (admin+) Persistent Cross-Site
Scripting (XSS) ...)
@@ -5743,9 +5743,9 @@ CVE-2022-29181 (Nokogiri is an open source XML and HTML
library for Ruby. Nokogi
CVE-2022-29180 (A vulnerability in which attackers could forge HTTP requests
to manipu ...)
NOT-FOR-US: charmbracelet/charm
CVE-2022-29179 (Cilium is open source software for providing and securing
network conn ...)
- TODO: check
+ - cilium <itp> (bug #858303)
CVE-2022-29178 (Cilium is open source software for providing and securing
network conn ...)
- TODO: check
+ - cilium <itp> (bug #858303)
CVE-2022-29177 (Go Ethereum is the official Golang implementation of the
Ethereum prot ...)
- golang-github-go-ethereum <itp> (bug #890541)
CVE-2022-29176 (Rubygems is a package registry used to supply software for the
Ruby la ...)
@@ -7312,7 +7312,7 @@ CVE-2022-28620
CVE-2022-28619
RESERVED
CVE-2022-28618 (A command injection security vulnerability has been identified
in HPE ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2022-28617 (A remote bypass security restrictions vulnerability was
discovered in ...)
NOT-FOR-US: HPE OneView
CVE-2022-28616 (A remote server-side request forgery (ssrf) vulnerability was
discover ...)
@@ -7531,7 +7531,7 @@ CVE-2022-28533 (Sourcecodester Medical Hub Directory Site
1.0 is vulnerable to S
CVE-2022-28532
RESERVED
CVE-2022-28531 (Sourcecodester Covid-19 Directory on Vaccination System1.0 is
vulnerab ...)
- TODO: check
+ NOT-FOR-US: Sourcecodester Covid-19 Directory on Vaccination System
CVE-2022-28530 (Sourcecodester Covid-19 Directory on Vaccination System 1.0 is
vulnera ...)
NOT-FOR-US: Sourcecodester Covid-19 Directory on Vaccination System
CVE-2022-28529
@@ -24732,9 +24732,9 @@ CVE-2022-22975 (An issue was discovered in the Pinniped
Supervisor with either L
CVE-2022-22974
RESERVED
CVE-2022-22973 (VMware Workspace ONE Access and Identity Manager contain a
privilege e ...)
- TODO: check
+ NOT-FOR-US: VMware
CVE-2022-22972 (VMware Workspace ONE Access, Identity Manager and vRealize
Automation ...)
- TODO: check
+ NOT-FOR-US: VMware
CVE-2022-22971 (In spring framework versions prior to 5.3.20+ , 5.2.22+ and
old unsupp ...)
- libspring-java <unfixed>
NOTE: https://tanzu.vmware.com/security/cve-2022-22971
@@ -56165,7 +56165,7 @@ CVE-2021-36835
CVE-2021-36834
RESERVED
CVE-2021-36833 (Authenticated (admin or higher user role) Stored Cross-Site
Scripting ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-36832 (WordPress Popups, Welcome Bar, Optins and Lead Generation
Plugin ̵ ...)
NOT-FOR-US: WordPress plugins
CVE-2021-36831
@@ -65113,7 +65113,7 @@ CVE-2021-33151
CVE-2021-33150 (Hardware allows activation of test or debug logic at runtime
for some ...)
NOT-FOR-US: Intel
CVE-2021-33149 (Observable behavioral discrepancy in some Intel(R) Processors
may allo ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2021-33148
RESERVED
CVE-2021-33147 (Improper conditions check in the Intel(R) IPP Crypto library
before ve ...)
@@ -81979,9 +81979,9 @@ CVE-2021-26633
CVE-2021-26632
RESERVED
CVE-2021-26631 (Improper input validation vulnerability in Mangboard commerce
package ...)
- TODO: check
+ NOT-FOR-US: Mangboard commerce package
CVE-2021-26630 (Improper input validation vulnerability in HANDY
Groupware’s Act ...)
- TODO: check
+ NOT-FOR-US: HANDY Groupware
CVE-2021-26629 (A path traversal vulnerability in XPLATFORM's runtime archive
function ...)
NOT-FOR-US: Tobesoft Xplatform
CVE-2021-26628 (Insufficient script validation of the admin page enables XSS,
which ca ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/b49336529ef50af25fdf2c2c4dad8f26a572a039...0ee45fe150af6d86c8860f10dcb16c4f9ac8c9b6
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/b49336529ef50af25fdf2c2c4dad8f26a572a039...0ee45fe150af6d86c8860f10dcb16c4f9ac8c9b6
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
