Neil Williams pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
43dfae96 by Neil Williams at 2022-05-25T15:54:43+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1594,7 +1594,7 @@ CVE-2022-1784 (Server-Side Request Forgery (SSRF) in
GitHub repository jgraph/dr
CVE-2022-1783
RESERVED
CVE-2022-1782 (Cross-site Scripting (XSS) - Generic in GitHub repository
erudika/para ...)
- TODO: check
+ NOT-FOR-US: erudika/para
CVE-2022-1781
RESERVED
CVE-2022-1780
@@ -5078,7 +5078,7 @@ CVE-2022-29802
CVE-2022-1468 (On all versions of 17.0.x, 16.1.x, 15.1.x, 14.1.x, 13.1.x,
12.1.x, and ...)
NOT-FOR-US: F5 BIG-IP
CVE-2022-1467 (Windows OS can be configured to overlay a “language
bar” o ...)
- TODO: check
+ NOT-FOR-US: AVEVA
CVE-2022-1466 (Due to improper authorization, Red Hat Single Sign-On is
vulnerable to ...)
NOT-FOR-US: Red Hat Single Sign-On / Keycloak
CVE-2022-29801 (A vulnerability has been identified in Teamcenter V12.4 (All
versions ...)
@@ -13640,7 +13640,7 @@ CVE-2022-25915 (Improper access control vulnerability
in ELECOM LAN routers (WRC
CVE-2022-25905
RESERVED
CVE-2022-0910 (A downgrade from two-factor authentication to one-factor
authenticatio ...)
- TODO: check
+ NOT-FOR-US: Zyxel
CVE-2022-0909 (Divide By Zero error in tiffcrop in libtiff 4.3.0 allows
attackers to ...)
{DSA-5108-1}
- tiff 4.3.0-6
@@ -13679,7 +13679,7 @@ CVE-2022-0902
CVE-2022-0901 (The Ad Inserter Free and Pro WordPress plugins before 2.7.12 do
not sa ...)
NOT-FOR-US: WordPress plugins
CVE-2022-0900 (A Stored Cross-Site Scripting (XSS) vulnerability in
DivvyDrive's "aci ...)
- TODO: check
+ NOT-FOR-US: DivvyDrive
CVE-2022-0899
RESERVED
CVE-2022-0898 (The IgniteUp WordPress plugin through 3.4.1 does not sanitise
and esca ...)
@@ -28991,9 +28991,9 @@ CVE-2021-45917 (The server-request receiver function of
Shockwall system has an
CVE-2021-45916 (The programming function of Shockwall system has an improper
input val ...)
NOT-FOR-US: Shockwall system
CVE-2021-45915 (In LuxSoft LuxCal Web Calendar before 5.2.0, an
unauthenticated attack ...)
- TODO: check
+ NOT-FOR-US: LuxSoft LuxCal
CVE-2021-45914 (In LuxSoft LuxCal Web Calendar before 5.2.0, an
unauthenticated attack ...)
- TODO: check
+ NOT-FOR-US: LuxSoft LuxCal
CVE-2021-4188 (mruby is vulnerable to NULL Pointer Dereference ...)
- mruby <not-affected> (Vulnerable code introduced later)
NOTE: https://huntr.dev/bounties/78533fb9-f3e0-47c2-86dc-d1f96d5bea28
@@ -41344,11 +41344,11 @@ CVE-2021-42658
CVE-2021-42657
RESERVED
CVE-2021-42656 (SiteServer CMS V6.15.51 is affected by a Cross Site Scripting
(XSS) vu ...)
- TODO: check
+ NOT-FOR-US: SiteServer CMS
CVE-2021-42655 (SiteServer CMS V6.15.51 is affected by a SQL injection
vulnerability. ...)
- TODO: check
+ NOT-FOR-US: SiteServer CMS
CVE-2021-42654 (SiteServer CMS < V5.1 is affected by an unrestricted upload
of a fi ...)
- TODO: check
+ NOT-FOR-US: SiteServer CMS
CVE-2021-42653
RESERVED
CVE-2021-42652
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/43dfae96fe5ed6704331994d00187e4584d47e73
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/43dfae96fe5ed6704331994d00187e4584d47e73
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
