Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: f131fcf3 by Salvatore Bonaccorso at 2022-08-30T22:39:50+02:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1185,7 +1185,7 @@ CVE-2022-38627 CVE-2022-38626 RESERVED CVE-2022-38625 (Patlite NH-FB v1.46 and below was discovered to contain insufficient f ...) - TODO: check + NOT-FOR-US: Patlite NH-FB CVE-2022-38624 RESERVED CVE-2022-38623 @@ -2685,7 +2685,7 @@ CVE-2022-38120 CVE-2022-38119 RESERVED CVE-2022-38118 (OAKlouds Portal website’s Meeting Room has insufficient validati ...) - TODO: check + NOT-FOR-US: OAKlouds CVE-2022-38117 RESERVED CVE-2022-38116 (Le-yan Personnel and Salary Management System has hard-coded database ...) @@ -4942,7 +4942,7 @@ CVE-2022-37239 (MDaemon Technologies SecurityGateway for Email Servers 8.5.2 is CVE-2022-37238 (MDaemon Technologies SecurityGateway for Email Servers 8.5.2 is vulner ...) NOT-FOR-US: MDaemon CVE-2022-37237 (An attacker can send malicious RTMP requests to make the ZLMediaKit se ...) - TODO: check + NOT-FOR-US: ZLMediaKit CVE-2022-37236 RESERVED CVE-2022-37235 @@ -5118,7 +5118,7 @@ CVE-2022-37151 (There is an unauthorized access vulnerability in Online Diagnost CVE-2022-37150 (An issue was discovered in Online Diagnostic Lab Management System 1.0 ...) NOT-FOR-US: Online Diagnostic Lab Management System CVE-2022-37149 (WAVLINK WL-WN575A3 RPT75A3.V4300.201217 was discovered to contain a co ...) - TODO: check + NOT-FOR-US: WAVLINK CVE-2022-37148 RESERVED CVE-2022-37147 @@ -7930,7 +7930,7 @@ CVE-2022-36039 CVE-2022-36038 RESERVED CVE-2022-36037 (kirby is a content management system (CMS) that adapts to many differe ...) - TODO: check + NOT-FOR-US: Kirby CMS CVE-2022-36036 (mdx-mermaid provides plug and play access to Mermaid in MDX. There is ...) TODO: check CVE-2022-36035 @@ -9927,7 +9927,7 @@ CVE-2022-32765 CVE-2022-2331 RESERVED CVE-2022-2330 (Improper Restriction of XML External Entity Reference vulnerability in ...) - TODO: check + NOT-FOR-US: DLP Endpoint for Windows CVE-2022-2329 RESERVED CVE-2022-2328 (The Flexi Quote Rotator WordPress plugin through 0.9.4 does not saniti ...) @@ -15706,7 +15706,7 @@ CVE-2022-32995 (Halo CMS v1.5.3 was discovered to contain a Server-Side Request CVE-2022-32994 (Halo CMS v1.5.3 was discovered to contain an arbitrary file upload vul ...) NOT-FOR-US: Halo CMS CVE-2022-32993 (TOTOLINK A7000R V4.1cu.4134 was discovered to contain an access contro ...) - TODO: check + NOT-FOR-US: TOTOLINK CVE-2022-32992 (Online Tours And Travels Management System v1.0 was discovered to cont ...) NOT-FOR-US: Online Tours And Travels Management System CVE-2022-32991 (Web Based Quiz System v1.0 was discovered to contain a SQL injection v ...) @@ -16825,7 +16825,7 @@ CVE-2022-2025 CVE-2017-20051 (A vulnerability was found in InnoSetup Installer. It has been declared ...) NOT-FOR-US: InnoSetup CVE-2022-32548 (An issue was discovered on certain DrayTek Vigor routers before July 2 ...) - TODO: check + NOT-FOR-US: DrayTek Vigor router CVE-2022-32547 (In ImageMagick, there is load of misaligned address for type 'double', ...) - imagemagick <unfixed> (bug #1016442) [bullseye] - imagemagick <ignored> (Minor issue) @@ -31648,7 +31648,7 @@ CVE-2022-27560 CVE-2022-27559 RESERVED CVE-2022-27558 (HCL iNotes is susceptible to a Broken Password Strength Checks vulnera ...) - TODO: check + NOT-FOR-US: HCL CVE-2022-27557 RESERVED CVE-2022-27556 @@ -31670,9 +31670,9 @@ CVE-2022-27549 (HCL Launch may store certain data for recurring activities in a CVE-2022-27548 (HCL Launch stores user credentials in plain clear text which can be re ...) NOT-FOR-US: HCL CVE-2022-27547 (HCL iNotes is susceptible to a link to non-existent domain vulnerabili ...) - TODO: check + NOT-FOR-US: HCL CVE-2022-27546 (HCL iNotes is susceptible to a Reflected Cross-site Scripting (XSS) vu ...) - TODO: check + NOT-FOR-US: HCL CVE-2022-27545 (BigFix Web Reports authorized users may perform HTML injection for the ...) NOT-FOR-US: BigFix Web Reports CVE-2022-27544 (BigFix Web Reports authorized users may see SMTP credentials in clear ...) @@ -37045,7 +37045,7 @@ CVE-2022-25643 (seatd-launch in seatd 0.6.x before 0.6.4 allows removing files w CVE-2022-25642 (Obyte (formerly Byteball) Wallet before 3.4.1 allows XSS. A crafted ch ...) NOT-FOR-US: Obyte (formerly Byteball) Wallet CVE-2022-25641 (Foxit PDF Reader before 11.2.2 and PDF Editor before 11.2.2, and Phant ...) - TODO: check + NOT-FOR-US: Foxit PDF Reader CVE-2022-25640 (In wolfSSL before 5.2.0, a TLS 1.3 server cannot properly enforce a re ...) - wolfssl 5.2.0-1 [bullseye] - wolfssl 4.6.0+p1-0+deb11u1 @@ -46410,7 +46410,7 @@ CVE-2022-22899 (Core FTP / SFTP Server v2 Build 725 was discovered to allow unau CVE-2022-22898 RESERVED CVE-2022-22897 (A SQL injection vulnerability in the product_all_one_img and image_pro ...) - TODO: check + NOT-FOR-US: ApolloTheme AP PageBuilder CVE-2022-22896 RESERVED CVE-2022-22895 (Jerryscript 3.0.0 was discovered to contain a heap-buffer-overflow via ...) @@ -69271,7 +69271,7 @@ CVE-2021-40328 CVE-2021-40327 (Trusted Firmware-M (TF-M) 1.4.0, when Profile Small is used, has incor ...) NOT-FOR-US: Trusted Firmware-M (TF-M) CVE-2021-40326 (Foxit PDF Reader before 11.1 and PDF Editor before 11.1, and PhantomPD ...) - TODO: check + NOT-FOR-US: Foxit PDF Reader CVE-2021-40325 (Cobbler before 3.3.0 allows authorization bypass for modification of s ...) - cobbler <removed> CVE-2021-40324 (Cobbler before 3.3.0 allows arbitrary file write operations via upload ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f131fcf39b9b9a54d7c8ee2fd090ca8914571115 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f131fcf39b9b9a54d7c8ee2fd090ca8914571115 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits