Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
032b6154 by Salvatore Bonaccorso at 2022-06-02T10:19:11+02:00
Process NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -568,29 +568,29 @@ CVE-2022-31986
CVE-2022-31985
RESERVED
CVE-2022-31984 (Online Fire Reporting System v1.0 is vulnerable to SQL
Injection via / ...)
- TODO: check
+ NOT-FOR-US: Online Fire Reporting System
CVE-2022-31983 (Online Fire Reporting System v1.0 is vulnerable to SQL
Injection via / ...)
- TODO: check
+ NOT-FOR-US: Online Fire Reporting System
CVE-2022-31982 (Online Fire Reporting System v1.0 is vulnerable to SQL
Injection via / ...)
- TODO: check
+ NOT-FOR-US: Online Fire Reporting System
CVE-2022-31981 (Online Fire Reporting System v1.0 is vulnerable to SQL
Injection via / ...)
- TODO: check
+ NOT-FOR-US: Online Fire Reporting System
CVE-2022-31980 (Online Fire Reporting System v1.0 is vulnerable to SQL
Injection via / ...)
- TODO: check
+ NOT-FOR-US: Online Fire Reporting System
CVE-2022-31979
RESERVED
CVE-2022-31978 (Online Fire Reporting System v1.0 is vulnerable to SQL
Injection via / ...)
- TODO: check
+ NOT-FOR-US: Online Fire Reporting System
CVE-2022-31977 (Online Fire Reporting System v1.0 is vulnerable to SQL
Injection via / ...)
- TODO: check
+ NOT-FOR-US: Online Fire Reporting System
CVE-2022-31976 (Online Fire Reporting System v1.0 is vulnerable to SQL
Injection via / ...)
- TODO: check
+ NOT-FOR-US: Online Fire Reporting System
CVE-2022-31975 (Online Fire Reporting System v1.0 is vulnerable to SQL
Injection via / ...)
- TODO: check
+ NOT-FOR-US: Online Fire Reporting System
CVE-2022-31974 (Online Fire Reporting System v1.0 is vulnerable to SQL
Injection via / ...)
- TODO: check
+ NOT-FOR-US: Online Fire Reporting System
CVE-2022-31973 (Online Fire Reporting System v1.0 is vulnerable to Delete any
file via ...)
- TODO: check
+ NOT-FOR-US: Online Fire Reporting System
CVE-2022-31972
RESERVED
CVE-2022-31971 (ChatBot App with Suggestion v1.0 is vulnerable to SQL
Injection via /s ...)
@@ -3191,7 +3191,7 @@ CVE-2022-31001 (Sofia-SIP is an open-source Session
Initiation Protocol (SIP) Us
NOTE:
https://github.com/freeswitch/sofia-sip/security/advisories/GHSA-79jq-hh82-cv9g
NOTE:
https://github.com/freeswitch/sofia-sip/commit/a99804b336d0e16d26ab7119d56184d2d7110a36
(v1.13.8)
CVE-2022-31000 (solidus_backend is the admin interface for the Solidus
e-commerce fram ...)
- TODO: check
+ NOT-FOR-US: Solidus e-commerce framework
CVE-2022-30999 (FriendsofFlarum (FoF) Upload is an extension that handles file
uploads ...)
TODO: check
CVE-2022-30996
@@ -5590,7 +5590,7 @@ CVE-2022-30192
CVE-2022-30191
RESERVED
CVE-2022-30190 (Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code
Execution ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-30189
RESERVED
CVE-2022-30188
@@ -5714,9 +5714,9 @@ CVE-2022-30130 (.NET Framework Denial of Service
Vulnerability. ...)
CVE-2022-30129 (Visual Studio Code Remote Code Execution Vulnerability. ...)
NOT-FOR-US: Microsoft
CVE-2022-30128 (Microsoft Edge (Chromium-based) Elevation of Privilege
Vulnerability. ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-30127 (Microsoft Edge (Chromium-based) Elevation of Privilege
Vulnerability. ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-1567 (The WP-JS plugin for WordPress contains a script called
wp-js.php with ...)
NOT-FOR-US: WP-JS plugin for WordPress
CVE-2022-1566 (The Quotes llama WordPress plugin through 0.7 does not sanitise
and es ...)
@@ -6913,9 +6913,9 @@ CVE-2022-29779 (Nginx NJS v0.7.2 was discovered to
contain a segmentation violat
CVE-2022-29778
RESERVED
CVE-2022-29777 (Onlyoffice Document Server v6.0.0 and below and Core 6.1.0.26
and belo ...)
- TODO: check
+ NOT-FOR-US: Onlyoffice Document Server
CVE-2022-29776 (Onlyoffice Document Server v6.0.0 and below and Core 6.1.0.26
and belo ...)
- TODO: check
+ NOT-FOR-US: Onlyoffice Document Server
CVE-2022-29775
RESERVED
CVE-2022-29774
@@ -7017,7 +7017,7 @@ CVE-2022-29727 (Survey Sparrow Enterprise Survey Software
2022 has a Stored cros
CVE-2022-29726
RESERVED
CVE-2022-29725 (An arbitrary file upload in the image upload component of
wityCMS v0.6 ...)
- TODO: check
+ NOT-FOR-US: wityCMS
CVE-2022-29724
RESERVED
CVE-2022-29723
@@ -7043,9 +7043,9 @@ CVE-2022-29714
CVE-2022-29713
RESERVED
CVE-2022-29712 (LibreNMS v22.3.0 was discovered to contain multiple command
injection ...)
- TODO: check
+ NOT-FOR-US: LibreNMS
CVE-2022-29711 (LibreNMS v22.3.0 was discovered to contain a cross-site
scripting (XSS ...)
- TODO: check
+ NOT-FOR-US: LibreNMS
CVE-2022-29710 (A cross-site scripting (XSS) vulnerability in
uploadConfirm.php of Lim ...)
- limesurvey <itp> (bug #472802)
CVE-2022-29709
@@ -7149,7 +7149,7 @@ CVE-2022-29661 (CSCMS Music Portal System v4.2 was
discovered to contain a blind
CVE-2022-29660 (CSCMS Music Portal System v4.2 was discovered to contain a SQL
injecti ...)
NOT-FOR-US: CSCMS Music Portal System
CVE-2022-29659 (Responsive Online Blog v1.0 was discovered to contain a SQL
injection ...)
- TODO: check
+ NOT-FOR-US: Responsive Online Blog
CVE-2022-29658
RESERVED
CVE-2022-29657
@@ -7161,7 +7161,7 @@ CVE-2022-29655 (An arbitrary file upload vulnerability in
the Upload Photos modu
CVE-2022-29654
RESERVED
CVE-2022-29653 (OFCMS v1.1.4 was discovered to contain a cross-site scripting
(XSS) vu ...)
- TODO: check
+ NOT-FOR-US: OFCMS
CVE-2022-29652 (Online Sports Complex Booking System 1.0 is vulnerable to SQL
Injectio ...)
NOT-FOR-US: Sourcecodester Online Sports Complex Booking System
CVE-2022-29651 (An arbitrary file upload vulnerability in the Select Image
function of ...)
@@ -7171,9 +7171,9 @@ CVE-2022-29650 (Online Food Ordering System v1.0 was
discovered to contain a SQL
CVE-2022-29649
RESERVED
CVE-2022-29648 (A cross-site scripting (XSS) vulnerability in Jfinal CMS
v5.1.0 allows ...)
- TODO: check
+ NOT-FOR-US: Jfinal CMS
CVE-2022-29647 (An issue was discovered in MCMS 5.2.7. There is a CSRF
vulnerability t ...)
- TODO: check
+ NOT-FOR-US: MCMS
CVE-2022-29646 (An access control issue in TOTOLINK A3100R
V4.1.2cu.5050_B20200504 and ...)
NOT-FOR-US: TOTOLINK
CVE-2022-29645 (TOTOLINK A3100R V4.1.2cu.5050_B20200504 and
V4.1.2cu.5247_B20211129 we ...)
@@ -7211,15 +7211,15 @@ CVE-2022-29630
CVE-2022-29629
RESERVED
CVE-2022-29628 (A cross-site scripting (XSS) vulnerability in /omps/seller of
Online M ...)
- TODO: check
+ NOT-FOR-US: Online Market Place Site
CVE-2022-29627 (An insecure direct object reference (IDOR) in Online Market
Place Site ...)
- TODO: check
+ NOT-FOR-US: Online Market Place Site
CVE-2022-29626
RESERVED
CVE-2022-29625
RESERVED
CVE-2022-29624 (An arbitrary file upload vulnerability in the Add File
function of TPC ...)
- TODO: check
+ NOT-FOR-US: TPCMS
CVE-2022-29623 (An arbitrary file upload vulnerability in the file upload
module of Co ...)
NOT-FOR-US: expressjs/connect-multiparty
CVE-2022-29622 (An arbitrary file upload vulnerability in formidable v3.1.4
allows att ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/032b6154cc006f3217e00b0bd8aa99fa8d442490
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/032b6154cc006f3217e00b0bd8aa99fa8d442490
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
