[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) Fri, 08 Apr 2022 13:36:54 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
919bb996 by Salvatore Bonaccorso at 2022-04-08T22:35:15+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -548,7 +548,7 @@ CVE-2022-28652
 CVE-2022-1235 (Weak secrethash can be brute-forced in GitHub repository 
livehelpercha ...)
        NOT-FOR-US: livehelperchat
 CVE-2022-1234 (XSS in livehelperchat in GitHub repository 
livehelperchat/livehelperch ...)
-       TODO: check
+       NOT-FOR-US: livehelperchat
 CVE-2022-1233 (URL Confusion When Scheme Not Supplied in GitHub repository 
medialize/ ...)
        TODO: check
 CVE-2022-1232
@@ -560,11 +560,11 @@ CVE-2022-1232
 CVE-2022-28651 (In JetBrains IntelliJ IDEA before 2021.3.3 it was possible to 
get pass ...)
        TODO: check
 CVE-2022-28650 (In JetBrains YouTrack before 2022.1.43700 it was possible to 
inject Ja ...)
-       TODO: check
+       NOT-FOR-US: JetBrains YouTrack
 CVE-2022-28649 (In JetBrains YouTrack before 2022.1.43563 it was possible to 
include a ...)
-       TODO: check
+       NOT-FOR-US: JetBrains YouTrack
 CVE-2022-28648 (In JetBrains YouTrack before 2022.1.43563 HTML code from the 
issue des ...)
-       TODO: check
+       NOT-FOR-US: JetBrains YouTrack
 CVE-2022-28647
        RESERVED
 CVE-2022-28646
@@ -670,7 +670,7 @@ CVE-2022-1221
 CVE-2022-1220
        RESERVED
 CVE-2022-1219 (SQL injection in RecyclebinController.php in GitHub repository 
pimcore ...)
-       TODO: check
+       NOT-FOR-US: pimcore
 CVE-2022-1218
        RESERVED
 CVE-2022-1217
@@ -964,9 +964,9 @@ CVE-2022-28470
 CVE-2022-28469
        RESERVED
 CVE-2022-28468 (Payroll Management System v1.0 was discovered to contain a SQL 
injecti ...)
-       TODO: check
+       NOT-FOR-US: Payroll Management System
 CVE-2022-28467 (Online Student Admission v1.0 was discovered to contain a SQL 
injectio ...)
-       TODO: check
+       NOT-FOR-US: Online Student Admission
 CVE-2022-28466
        RESERVED
 CVE-2022-28465
@@ -1735,7 +1735,7 @@ CVE-2022-1165 (The Blackhole for Bad Bots WordPress 
plugin before 3.3.2 uses hea
 CVE-2022-1164 (The Wyzi Theme was affected by reflected XSS vulnerabilities in 
the bu ...)
        NOT-FOR-US: Wordpress theme
 CVE-2022-28219 (Zoho ManageEngine ADAudit Plus before 7060 is vulnerable to an 
unauthe ...)
-       TODO: check
+       NOT-FOR-US: Zoho ManageEngine
 CVE-2022-28218
        RESERVED
 CVE-2022-28217
@@ -2180,9 +2180,9 @@ CVE-2022-28118
 CVE-2022-28117
        RESERVED
 CVE-2022-28116 (Online Banking System v1.0 was discovered to contain a SQL 
injection v ...)
-       TODO: check
+       NOT-FOR-US: Online Banking System
 CVE-2022-28115 (Online Sports Complex Booking v1.0 was discovered to contain a 
SQL inj ...)
-       TODO: check
+       NOT-FOR-US: Online Sports Complex Booking
 CVE-2022-28114
        RESERVED
 CVE-2022-28113
@@ -2286,9 +2286,9 @@ CVE-2022-28065
 CVE-2022-28064
        RESERVED
 CVE-2022-28063 (Simple Bakery Shop Management System v1.0 contains a file 
disclosure v ...)
-       TODO: check
+       NOT-FOR-US: Simple Bakery Shop Management System
 CVE-2022-28062 (Car Rental System v1.0 contains an arbitrary file upload 
vulnerability ...)
-       TODO: check
+       NOT-FOR-US: Car Rental System
 CVE-2022-28061
        RESERVED
 CVE-2022-28060
@@ -2408,11 +2408,11 @@ CVE-2022-28004
 CVE-2022-28003
        RESERVED
 CVE-2022-28002 (Movie Seat Reservation v1 was discovered to contain an 
unauthenticated ...)
-       TODO: check
+       NOT-FOR-US: Movie Seat Reservation
 CVE-2022-28001 (Movie Seat Reservation v1 was discovered to contain a SQL 
injection vu ...)
-       TODO: check
+       NOT-FOR-US: Movie Seat Reservation
 CVE-2022-28000 (Car Rental System v1.0 was discovered to contain a SQL 
injection vulne ...)
-       TODO: check
+       NOT-FOR-US: Car Rental System
 CVE-2022-27999
        RESERVED
 CVE-2022-27998
@@ -2428,9 +2428,9 @@ CVE-2022-27994
 CVE-2022-27993
        RESERVED
 CVE-2022-27992 (Zoo Management System v1.0 was discovered to contain a SQL 
injection v ...)
-       TODO: check
+       NOT-FOR-US: Zoo Management System
 CVE-2022-27991 (Online Banking System in PHP v1 was discovered to contain 
multiple SQL ...)
-       TODO: check
+       NOT-FOR-US: Online Banking System in PHP
 CVE-2022-27990
        RESERVED
 CVE-2022-27989
@@ -2928,9 +2928,9 @@ CVE-2022-27821
 CVE-2022-27820 (OWASP Zed Attack Proxy (ZAP) through w2022-03-21 does not 
verify the T ...)
        - zaproxy <itp> (bug #897142)
 CVE-2022-27819 (SWHKD 1.1.5 allows unsafe parsing via the -c option. An 
information le ...)
-       TODO: check
+       NOT-FOR-US: SWHKD
 CVE-2022-27818 (SWHKD 1.1.5 unsafely uses the /tmp/swhkd.sock pathname. There 
can be a ...)
-       TODO: check
+       NOT-FOR-US: SWHKD
 CVE-2022-27817
        RESERVED
 CVE-2022-27816 (SWHKD 1.1.5 unsafely uses the /tmp/swhks.pid pathname. There 
can be da ...)
@@ -3721,9 +3721,9 @@ CVE-2022-27465
 CVE-2022-27464
        RESERVED
 CVE-2022-27463 (Open redirect vulnerability in objects/login.json.php in WWBN 
AVideo t ...)
-       TODO: check
+       NOT-FOR-US: WWBN AVideo
 CVE-2022-27462 (Cross Site Scripting (XSS) vulnerability in 
objects/function.php in fu ...)
-       TODO: check
+       NOT-FOR-US: WWBN AVideo
 CVE-2022-27461
        RESERVED
 CVE-2022-27460
@@ -3763,9 +3763,9 @@ CVE-2022-27444
 CVE-2022-27443
        RESERVED
 CVE-2022-27442 (TPCMS v3.2 allows attackers to access the ThinkPHP log 
directory and o ...)
-       TODO: check
+       NOT-FOR-US: TPCMS
 CVE-2022-27441 (A stored cross-site scripting (XSS) vulnerability in TPCMS 
v3.2 allows ...)
-       TODO: check
+       NOT-FOR-US: TPCMS
 CVE-2022-27440
        RESERVED
 CVE-2022-27439
@@ -3775,7 +3775,7 @@ CVE-2022-27438
 CVE-2022-27437
        RESERVED
 CVE-2022-27436 (A cross-site scripting (XSS) vulnerability in 
/public/admin/index.php? ...)
-       TODO: check
+       NOT-FOR-US: Ecommerce-Website
 CVE-2022-27435 (An unrestricted file upload at 
/public/admin/index.php?add_product of  ...)
        NOT-FOR-US: ashymuzuro/Full-Ecommece-Website
 CVE-2022-27434
@@ -3933,7 +3933,7 @@ CVE-2022-27359
 CVE-2022-27358
        RESERVED
 CVE-2022-27357 (Ecommerce-Website v1 was discovered to contain an arbitrary 
file uploa ...)
-       TODO: check
+       NOT-FOR-US: Ecommerce-Website
 CVE-2022-27356
        RESERVED
 CVE-2022-27355
@@ -3943,19 +3943,19 @@ CVE-2022-27354
 CVE-2022-27353
        RESERVED
 CVE-2022-27352 (Simple House Rental System v1 was discovered to contain an 
arbitrary f ...)
-       TODO: check
+       NOT-FOR-US: Simple House Rental System
 CVE-2022-27351 (Zoo Management System v1.0 was discovered to contain an 
arbitrary file ...)
-       TODO: check
+       NOT-FOR-US: Zoo Management System
 CVE-2022-27350
        RESERVED
 CVE-2022-27349 (Social Codia SMS v1 was discovered to contain an arbitrary 
file upload ...)
-       TODO: check
+       NOT-FOR-US: Social Codia SMS
 CVE-2022-27348 (Social Codia SMS v1 was discovered to contain a stored 
cross-site scri ...)
-       TODO: check
+       NOT-FOR-US: Social Codia SMS
 CVE-2022-27347
        RESERVED
 CVE-2022-27346 (Ecommece-Website v1.1.0 was discovered to contain an arbitrary 
file up ...)
-       TODO: check
+       NOT-FOR-US: Ecommerce-Website
 CVE-2022-27345
        RESERVED
 CVE-2022-27344
@@ -4039,7 +4039,7 @@ CVE-2022-27306
 CVE-2022-27305
        RESERVED
 CVE-2022-27304 (Student Grading System v1.0 was discovered to contain a SQL 
injection  ...)
-       TODO: check
+       NOT-FOR-US: Student Grading System
 CVE-2022-27303
        RESERVED
 CVE-2022-27302
@@ -4694,7 +4694,7 @@ CVE-2022-27154
 CVE-2022-27153
        RESERVED
 CVE-2022-27152 (Roku devices running RokuOS v9.4.0 build 4200 or earlier that 
uses a R ...)
-       TODO: check
+       NOT-FOR-US: Roku devices
 CVE-2022-27151
        RESERVED
 CVE-2022-27150
@@ -4750,9 +4750,9 @@ CVE-2022-27126
 CVE-2022-27125
        RESERVED
 CVE-2022-27124 (Insurance Management System 1.0 was discovered to contain a 
SQL inject ...)
-       TODO: check
+       NOT-FOR-US: Insurance Management System
 CVE-2022-27123 (Employee Performance Evaluation v1.0 was discovered to contain 
a SQL i ...)
-       TODO: check
+       NOT-FOR-US: Employee Performance Evaluation
 CVE-2022-27122
        RESERVED
 CVE-2022-27121
@@ -4778,7 +4778,7 @@ CVE-2022-27112
 CVE-2022-27111
        RESERVED
 CVE-2022-27110 (OrangeHRM 4.10 is vulnerable to a Host header injection 
redirect via v ...)
-       TODO: check
+       NOT-FOR-US: OrangeHRM
 CVE-2022-27109 (OrangeHRM 4.10 suffers from a Referer header injection 
redirect vulner ...)
        TODO: check
 CVE-2022-27108 (OrangeHRM 4.10 is vulnerable to Insecure Direct Object 
Reference (IDOR ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/919bb99617a6c566330d2db31f1b7ae1db8b8f21

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/919bb99617a6c566330d2db31f1b7ae1db8b8f21
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process some NFUs

Reply via email to