Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
27e3326f by Moritz Muehlenhoff at 2022-06-29T12:17:04+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -315,11 +315,11 @@ CVE-2022-2220
CVE-2022-2219
RESERVED
CVE-2022-2218 (Cross-site Scripting (XSS) - Stored in GitHub repository
ionicabizau/p ...)
- TODO: check
+ NOT-FOR-US: Node parse-url
CVE-2022-2217 (Cross-site Scripting (XSS) - Generic in GitHub repository
ionicabizau/ ...)
- TODO: check
+ NOT-FOR-US: Node parse-url
CVE-2022-2216 (Server-Side Request Forgery (SSRF) in GitHub repository
ionicabizau/pa ...)
- TODO: check
+ NOT-FOR-US: Node parse-url
CVE-2022-2215
RESERVED
CVE-2020-36553
@@ -759,7 +759,7 @@ CVE-2017-20103 (A vulnerability classified as critical has
been found in Kama Cl
CVE-2017-20102 (A vulnerability was found in Album Lock 4.0 and classified as
critical ...)
NOT-FOR-US: Album Lock
CVE-2017-20101 (A vulnerability, which was classified as problematic, was
found in Pro ...)
- TODO: check
+ NOT-FOR-US: ProjectSend
CVE-2017-20100 (A vulnerability was found in Air Transfer 1.0.14/1.2.1. It has
been ra ...)
NOT-FOR-US: Air Transfer
CVE-2017-20099 (A vulnerability was found in Analytics Stats Counter
Statistics Plugin ...)
@@ -4106,7 +4106,7 @@ CVE-2022-33118
CVE-2022-33117
RESERVED
CVE-2022-33116 (An issue in the jmpath variable in /modules/mindmap/index.php
of GUnet ...)
- TODO: check
+ NOT-FOR-US: GUnet Open eClass Platform
CVE-2022-33115
RESERVED
CVE-2022-33114 (Jfinal CMS v5.1.0 was discovered to contain a SQL injection
vulnerabil ...)
@@ -5720,7 +5720,7 @@ CVE-2022-32457
CVE-2022-32456
RESERVED
CVE-2022-30707 (Violation of secure design principles exists in the
communication of C ...)
- TODO: check
+ NOT-FOR-US: CAMS for HIS
CVE-2022-30532
RESERVED
CVE-2022-29890
@@ -6661,9 +6661,9 @@ CVE-2022-32137 (In multiple CODESYS products, a low
privileged remote attacker m
CVE-2022-32136 (In multiple CODESYS products, a low privileged remote attacker
may cra ...)
NOT-FOR-US: CODESYS
CVE-2022-30997 (Use of hard-coded credentials vulnerability exists in STARDOM
FCN Cont ...)
- TODO: check
+ NOT-FOR-US: Yokogawa Electric Corporation
CVE-2022-29519 (Cleartext transmission of sensitive information vulnerability
exists i ...)
- TODO: check
+ NOT-FOR-US: Yokogawa Electric Corporation
CVE-2022-1962
RESERVED
CVE-2022-1961 (The Google Tag Manager for WordPress (GTM4WP) plugin is
vulnerable to ...)
@@ -7171,7 +7171,7 @@ CVE-2022-31899
CVE-2022-31898
RESERVED
CVE-2022-31897 (SourceCodester Zoo Management System 1.0 is vulnerable to
Cross Site S ...)
- TODO: check
+ NOT-FOR-US: SourceCodester Zoo Management System
CVE-2022-31896
RESERVED
CVE-2022-31895
@@ -7191,15 +7191,15 @@ CVE-2022-31889
CVE-2022-31888
RESERVED
CVE-2022-31887 (Marval MSM v14.19.0.12476 has a 0-Click Account Takeover
vulnerability ...)
- TODO: check
+ NOT-FOR-US: Marval MSM
CVE-2022-31886 (Marval MSM v14.19.0.12476 is vulnerable to Cross Site Request
Forgery ...)
- TODO: check
+ NOT-FOR-US: Marval MSM
CVE-2022-31885 (Marval MSM v14.19.0.12476 is vulnerable to OS Command
Injection due to ...)
- TODO: check
+ NOT-FOR-US: Marval MSM
CVE-2022-31884 (Marval MSM v14.19.0.12476 has an Improper Access Control
vulnerability ...)
- TODO: check
+ NOT-FOR-US: Marval MSM
CVE-2022-31883 (Marval MSM v14.19.0.12476 is has an Insecure Direct Object
Reference ( ...)
- TODO: check
+ NOT-FOR-US: Marval MSM
CVE-2022-31882
RESERVED
CVE-2022-31881
@@ -9085,7 +9085,7 @@ CVE-2022-31268 (A Path Traversal vulnerability in Gitblit
1.9.3 can lead to read
CVE-2022-31267 (Gitblit 1.9.2 allows privilege escalation via the Config User
Service: ...)
NOT-FOR-US: Gitblit
CVE-2022-31266 (In ILIAS through 7.10, lack of verification when changing an
email add ...)
- TODO: check
+ NOT-FOR-US: ILIAS
CVE-2022-31265 (The replay feature in the client in Wargaming World of
Warships 0.11.4 ...)
NOT-FOR-US: client in Wargaming World of Warships
CVE-2022-31264 (Solana solana_rbpf before 0.2.29 has an addition integer
overflow via ...)
@@ -9182,9 +9182,9 @@ CVE-2022-31232
CVE-2022-31231
RESERVED
CVE-2022-31230 (Dell PowerScale OneFS, versions 8.2.x-9.2.x, contain broken or
risky c ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2022-31229 (Dell PowerScale OneFS, 8.2.x through 9.3.0.x, contain an error
message ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2022-31228
RESERVED
CVE-2022-31227
@@ -9451,11 +9451,11 @@ CVE-2022-31108 (Mermaid is a JavaScript based
diagramming and charting tool that
CVE-2022-31107
RESERVED
CVE-2022-31106 (Underscore.deep is a collection of Underscore mixins that
operate on n ...)
- TODO: check
+ NOT-FOR-US: Underscore.deep
CVE-2022-31105
RESERVED
CVE-2022-31104 (Wasmtime is a standalone runtime for WebAssembly. In affected
versions ...)
- TODO: check
+ NOT-FOR-US: wasmtime
CVE-2022-31103 (lettersanitizer is a DOM-based HTML email sanitizer for
in-browser ema ...)
TODO: check
CVE-2022-31102
@@ -9467,7 +9467,7 @@ CVE-2022-31100 (rulex is a new, portable, regular
expression language. When pars
CVE-2022-31099 (rulex is a new, portable, regular expression language. When
parsing un ...)
TODO: check
CVE-2022-31098 (Weave GitOps is a simple open source developer platform for
people who ...)
- TODO: check
+ NOT-FOR-US: Weave GitOps
CVE-2022-31097
RESERVED
CVE-2022-31096 (Discourse is an open source discussion platform. Under certain
conditi ...)
@@ -9475,9 +9475,9 @@ CVE-2022-31096 (Discourse is an open source discussion
platform. Under certain c
CVE-2022-31095 (discourse-chat is a chat plugin for the Discourse application.
Version ...)
NOT-FOR-US: discourse-chat
CVE-2022-31094 (ScratchTools is a web extension designed to make interacting
with the ...)
- TODO: check
+ NOT-FOR-US: ScratchTools
CVE-2022-31093 (NextAuth.js is a complete open source authentication solution
for Next ...)
- TODO: check
+ NOT-FOR-US: NextAuth.js
CVE-2022-31092 (Pimcore is an Open Source Data & Experience Management
Platform. P ...)
NOT-FOR-US: Pimcore
CVE-2022-31091 (Guzzle, an extensible PHP HTTP client. `Authorization` and
`Cookie` he ...)
@@ -9531,9 +9531,9 @@ CVE-2022-31079
CVE-2022-31078
RESERVED
CVE-2022-31077 (KubeEdge is built upon Kubernetes and extends native
containerized app ...)
- TODO: check
+ NOT-FOR-US: KubeEdge
CVE-2022-31076 (KubeEdge is built upon Kubernetes and extends native
containerized app ...)
- TODO: check
+ NOT-FOR-US: KubeEdge
CVE-2022-31075
RESERVED
CVE-2022-31074
@@ -11035,13 +11035,13 @@ CVE-2022-30565
CVE-2022-30564
RESERVED
CVE-2022-30563 (When an attacker uses a man-in-the-middle attack to sniff the
request ...)
- TODO: check
+ NOT-FOR-US: Dahua
CVE-2022-30562 (If the user enables the https function on the device, an
attacker can ...)
- TODO: check
+ NOT-FOR-US: Dahua
CVE-2022-30561 (When an attacker uses a man-in-the-middle attack to sniff the
request ...)
- TODO: check
+ NOT-FOR-US: Dahua
CVE-2022-30560 (When an attacker obtaining the administrative account and
password, or ...)
- TODO: check
+ NOT-FOR-US: Dahua
CVE-2022-30559
RESERVED
CVE-2022-30558
@@ -13152,7 +13152,7 @@ CVE-2022-29860
CVE-2022-29859 (component/common/network/dhcp/dhcps.c in ambiot amb1_sdk (aka
SDK for ...)
NOT-FOR-US: SDK for Ameba1
CVE-2022-29858 (Silverstripe silverstripe/assets through 1.10 allows XSS. ...)
- TODO: check
+ NOT-FOR-US: Silverstripe CMS
CVE-2022-29857
RESERVED
CVE-2022-29856 (A hardcoded cryptographic key in Automation360 22 allows an
attacker t ...)
@@ -14869,13 +14869,13 @@ CVE-2022-29274
CVE-2022-29273
RESERVED
CVE-2022-29272 (In Nagios XI through 5.8.5, an open redirect vulnerability
exists in t ...)
- TODO: check
+ NOT-FOR-US: Nagios XI
CVE-2022-29271 (In Nagios XI through 5.8.5, a read-only Nagios user (due to an
incorre ...)
- TODO: check
+ NOT-FOR-US: Nagios XI
CVE-2022-29270 (In Nagios XI through 5.8.5, it is possible for a user without
password ...)
- TODO: check
+ NOT-FOR-US: Nagios XI
CVE-2022-29269 (In Nagios XI through 5.8.5, in the schedule report function,
an authen ...)
- TODO: check
+ NOT-FOR-US: Nagios XI
CVE-2022-29268
REJECTED
CVE-2022-29267
@@ -16230,7 +16230,7 @@ CVE-2022-28805 (singlevar in lparser.c in Lua through
5.4.4 lacks a certain luaK
CVE-2022-28804
RESERVED
CVE-2022-28803 (In SilverStripe Framework through 2022-04-07, Stored XSS can
occur in ...)
- TODO: check
+ NOT-FOR-US: Silverstripe CMS
CVE-2022-28802
RESERVED
CVE-2022-28801
@@ -16799,9 +16799,9 @@ CVE-2022-28624
CVE-2022-28623
RESERVED
CVE-2022-28622 (A potential security vulnerability has been identified in HPE
StoreOnc ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2022-28621 (A remote disclosure of sensitive information vulnerability was
discove ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2022-28620 (A remote authentication bypass vulnerability was discovered in
HPE Cra ...)
NOT-FOR-US: HPE
CVE-2022-28619 (A potential security vulnerability has been identified in the
installe ...)
@@ -18224,11 +18224,11 @@ CVE-2022-28170
CVE-2022-28169
RESERVED
CVE-2022-28168 (In Brocade SANnav before Brocade SANnav v2.2.0.2 and Brocade
SANnav2.1 ...)
- TODO: check
+ NOT-FOR-US: Brocade
CVE-2022-28167 (Brocade SANnav before Brocade SANvav v. 2.2.0.2 and Brocade
SANanv v.2 ...)
- TODO: check
+ NOT-FOR-US: Brocade
CVE-2022-28166 (In Brocade SANnav version before SANN2.2.0.2 and Brocade
SANNav before ...)
- TODO: check
+ NOT-FOR-US: Brocade
CVE-2022-28165 (A vulnerability in the role-based access control (RBAC)
functionality ...)
NOT-FOR-US: Brocade SANnav
CVE-2022-28164 (Brocade SANnav before SANnav 2.2.0 application uses the
Blowfish symme ...)
@@ -22984,7 +22984,7 @@ CVE-2022-26479
CVE-2022-26478
RESERVED
CVE-2022-26477 (The Security Team noticed that the termination condition of
the for lo ...)
- TODO: check
+ NOT-FOR-US: Apache SystemDS
CVE-2022-0867 (The Pricing Table WordPress plugin before 3.6.1 fails to
properly sani ...)
NOT-FOR-US: WordPress plugin
CVE-2022-0866 (This is a concurrency issue that can result in the wrong caller
princi ...)
@@ -24729,7 +24729,7 @@ CVE-2022-21235 (The package github.com/masterminds/vcs
before 1.13.3 are vulnera
CVE-2022-21232
RESERVED
CVE-2022-21231 (All versions of package deep-get-set are vulnerable to
Prototype Pollu ...)
- TODO: check
+ NOT-FOR-US: Node deep-get-set
CVE-2022-21230 (This affects all versions of package org.nanohttpd:nanohttpd.
Whenever ...)
NOT-FOR-US: NanoHTTPD Java
CVE-2022-21227 (The package sqlite3 before 5.0.3 are vulnerable to Denial of
Service ( ...)
@@ -25283,7 +25283,7 @@ CVE-2022-0724 (Insecure Storage of Sensitive
Information in GitHub repository mi
CVE-2022-0723 (Cross-site Scripting (XSS) - Reflected in GitHub repository
microweber ...)
NOT-FOR-US: microweber
CVE-2022-0722 (Exposure of Sensitive Information to an Unauthorized Actor in
GitHub r ...)
- TODO: check
+ NOT-FOR-US: Node parse-url
CVE-2022-0721 (Insertion of Sensitive Information Into Debugging Code in
GitHub repos ...)
NOT-FOR-US: microweber
CVE-2022-0720 (The Amelia WordPress plugin before 1.0.47 does not have proper
authori ...)
@@ -26508,7 +26508,7 @@ CVE-2022-0626 (The Advanced Admin Search WordPress
plugin before 1.1.6 does not
CVE-2022-0625 (The Admin Menu Editor WordPress plugin through 1.0.4 does not
sanitize ...)
NOT-FOR-US: WordPress plugin
CVE-2022-0624 (Authorization Bypass Through User-Controlled Key in GitHub
repository ...)
- TODO: check
+ NOT-FOR-US: Node parse-path
CVE-2022-25271 (Drupal core's form API has a vulnerability where certain
contributed o ...)
{DLA-2925-1}
- drupal7 <removed>
@@ -26529,7 +26529,7 @@ CVE-2022-25240
CVE-2022-25239
RESERVED
CVE-2022-25238 (Silverstripe silverstripe/framework through 4.10.0 allows XSS,
inside ...)
- TODO: check
+ NOT-FOR-US: Silverstripe CMS
CVE-2022-25237 (Bonita Web 2021.2 is affected by a
authentication/authorization bypass ...)
NOT-FOR-US: Bonita Web
CVE-2022-25236 (xmlparse.c in Expat (aka libexpat) before 2.4.5 allows
attackers to in ...)
@@ -28908,7 +28908,7 @@ CVE-2022-24446 (An issue was discovered in Zoho
ManageEngine Key Manager Plus 6.
CVE-2022-24445
REJECTED
CVE-2022-24444 (Silverstripe silverstripe/framework through 4.10 allows
Session Fixati ...)
- TODO: check
+ NOT-FOR-US: Silverstripe CMS
CVE-2022-24443
RESERVED
CVE-2022-24442 (JetBrains YouTrack before 2021.4.40426 was vulnerable to SSTI
(Server- ...)
@@ -31026,7 +31026,7 @@ CVE-2022-23898 (MCMS v5.2.5 was discovered to contain a
SQL injection vulnerabil
CVE-2022-23897
RESERVED
CVE-2022-23896 (Admidio 4.1.2 version is affected by stored cross-site
scripting (XSS) ...)
- TODO: check
+ NOT-FOR-US: Admidio
CVE-2022-23895
RESERVED
CVE-2022-23894
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/27e3326f75315e48bfc61c1d3606972a322c1cc1
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/27e3326f75315e48bfc61c1d3606972a322c1cc1
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
