Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
7832c4cd by Salvatore Bonaccorso at 2022-10-04T22:04:22+02:00
Re-associate some NFUs with phpipam, itp'ed
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -54547,9 +54547,9 @@ CVE-2022-23048 (Exponent CMS 2.6.0patch2 allows an
authenticated admin user to u
CVE-2022-23047 (Exponent CMS 2.6.0patch2 allows an authenticated admin user to
inject ...)
NOT-FOR-US: Exponent CMS
CVE-2022-23046 (PhpIPAM v1.4.4 allows an authenticated admin user to inject
SQL senten ...)
- NOT-FOR-US: PhpIPAM
+ - phpipam <itp> (bug #731713)
CVE-2022-23045 (PhpIPAM v1.4.4 allows an authenticated admin user to inject
persistent ...)
- NOT-FOR-US: PhpIPAM
+ - phpipam <itp> (bug #731713)
CVE-2022-23044
RESERVED
CVE-2022-23043 (Zenario CMS 9.2 allows an authenticated admin user to bypass
the file ...)
@@ -190739,7 +190739,7 @@ CVE-2020-7990 (Adive Framework 2.0.8 has
admin/user/add userName XSS. ...)
CVE-2020-7989 (Adive Framework 2.0.8 has admin/user/add userUsername XSS. ...)
NOT-FOR-US: Adive Framework
CVE-2020-7988 (An issue was discovered in tools/pass-change/result.php in
phpIPAM 1.4 ...)
- NOT-FOR-US: phpIPAM
+ - phpipam <itp> (bug #731713)
CVE-2020-7987
RESERVED
CVE-2020-7986
@@ -218917,15 +218917,15 @@ CVE-2019-16698 (The direct_mail (aka Direct Mail)
extension through 5.2.2 for TY
CVE-2019-16697
RESERVED
CVE-2019-16696 (phpIPAM 1.4 allows SQL injection via the
app/admin/custom-fields/edit. ...)
- NOT-FOR-US: phpIPAM
+ - phpipam <itp> (bug #731713)
CVE-2019-16695 (phpIPAM 1.4 allows SQL injection via the
app/admin/custom-fields/filte ...)
- NOT-FOR-US: phpIPAM
+ - phpipam <itp> (bug #731713)
CVE-2019-16694 (phpIPAM 1.4 allows SQL injection via the
app/admin/custom-fields/edit- ...)
- NOT-FOR-US: phpIPAM
+ - phpipam <itp> (bug #731713)
CVE-2019-16693 (phpIPAM 1.4 allows SQL injection via the
app/admin/custom-fields/order ...)
- NOT-FOR-US: phpIPAM
+ - phpipam <itp> (bug #731713)
CVE-2019-16692 (phpIPAM 1.4 allows SQL injection via the
app/admin/custom-fields/filte ...)
- NOT-FOR-US: phpIPAM
+ - phpipam <itp> (bug #731713)
CVE-2019-16691
REJECTED
CVE-2019-16690
@@ -248239,7 +248239,7 @@ CVE-2019-1000012 (Hex package manager version 0.14.0
through 0.18.2 contains a S
CVE-2019-1000011 (API Platform version from 2.2.0 to 2.3.5 contains an
Incorrect Access ...)
NOT-FOR-US: API Platform
CVE-2019-1000010 (phpIPAM version 1.3.2 and earlier contains a Cross Site
Scripting (XSS ...)
- NOT-FOR-US: phpIPAM
+ - phpipam <itp> (bug #731713)
CVE-2019-1000009 (Helm ChartMuseum version >=0.1.0 and < 0.8.1 contains
a CWE-22: ...)
NOT-FOR-US: Helm ChartMuseum
CVE-2019-1000008 (All versions of Helm between Helm >=2.0.0 and < 2.12.2
contains ...)
@@ -327807,7 +327807,7 @@ CVE-2017-15642 (In lsx_aiffstartread in aiff.c in
Sound eXchange (SoX) 14.4.2, t
CVE-2017-15641
RESERVED
CVE-2017-15640 (app/sections/user-menu.php in phpIPAM before 1.3.1 has XSS via
the ip ...)
- NOT-FOR-US: phpIPAM
+ - phpipam <itp> (bug #731713)
CVE-2017-15639 (tasks/feed/readRSS.cfm in Mura CMS before 6.2 allows attackers
to bypa ...)
NOT-FOR-US: Mura CMS
CVE-2017-15638 (The SuSEfirewall2 package before 3.6.312-2.13.1 in SUSE Linux
Enterpri ...)
@@ -355943,7 +355943,7 @@ CVE-2017-6483 (Multiple Cross-Site Scripting (XSS)
issues were discovered in ATu
CVE-2017-6482
REJECTED
CVE-2017-6481 (Multiple Cross-Site Scripting (XSS) issues were discovered in
phpipam ...)
- NOT-FOR-US: phpipam
+ - phpipam <itp> (bug #731713)
CVE-2017-6480 (groovel/cmsgroovel before 3.3.7-beta is vulnerable to a
reflected XSS ...)
NOT-FOR-US: cmsgroovel
CVE-2017-6479 (FenixHosting/fenix-open-source before 2017-03-04 is vulnerable
to a re ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7832c4cd8ce639eeafa1c316252b38d35ecca117
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7832c4cd8ce639eeafa1c316252b38d35ecca117
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
