Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 919bb996 by Salvatore Bonaccorso at 2022-04-08T22:35:15+02:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -548,7 +548,7 @@ CVE-2022-28652 CVE-2022-1235 (Weak secrethash can be brute-forced in GitHub repository livehelpercha ...) NOT-FOR-US: livehelperchat CVE-2022-1234 (XSS in livehelperchat in GitHub repository livehelperchat/livehelperch ...) - TODO: check + NOT-FOR-US: livehelperchat CVE-2022-1233 (URL Confusion When Scheme Not Supplied in GitHub repository medialize/ ...) TODO: check CVE-2022-1232 @@ -560,11 +560,11 @@ CVE-2022-1232 CVE-2022-28651 (In JetBrains IntelliJ IDEA before 2021.3.3 it was possible to get pass ...) TODO: check CVE-2022-28650 (In JetBrains YouTrack before 2022.1.43700 it was possible to inject Ja ...) - TODO: check + NOT-FOR-US: JetBrains YouTrack CVE-2022-28649 (In JetBrains YouTrack before 2022.1.43563 it was possible to include a ...) - TODO: check + NOT-FOR-US: JetBrains YouTrack CVE-2022-28648 (In JetBrains YouTrack before 2022.1.43563 HTML code from the issue des ...) - TODO: check + NOT-FOR-US: JetBrains YouTrack CVE-2022-28647 RESERVED CVE-2022-28646 @@ -670,7 +670,7 @@ CVE-2022-1221 CVE-2022-1220 RESERVED CVE-2022-1219 (SQL injection in RecyclebinController.php in GitHub repository pimcore ...) - TODO: check + NOT-FOR-US: pimcore CVE-2022-1218 RESERVED CVE-2022-1217 @@ -964,9 +964,9 @@ CVE-2022-28470 CVE-2022-28469 RESERVED CVE-2022-28468 (Payroll Management System v1.0 was discovered to contain a SQL injecti ...) - TODO: check + NOT-FOR-US: Payroll Management System CVE-2022-28467 (Online Student Admission v1.0 was discovered to contain a SQL injectio ...) - TODO: check + NOT-FOR-US: Online Student Admission CVE-2022-28466 RESERVED CVE-2022-28465 @@ -1735,7 +1735,7 @@ CVE-2022-1165 (The Blackhole for Bad Bots WordPress plugin before 3.3.2 uses hea CVE-2022-1164 (The Wyzi Theme was affected by reflected XSS vulnerabilities in the bu ...) NOT-FOR-US: Wordpress theme CVE-2022-28219 (Zoho ManageEngine ADAudit Plus before 7060 is vulnerable to an unauthe ...) - TODO: check + NOT-FOR-US: Zoho ManageEngine CVE-2022-28218 RESERVED CVE-2022-28217 @@ -2180,9 +2180,9 @@ CVE-2022-28118 CVE-2022-28117 RESERVED CVE-2022-28116 (Online Banking System v1.0 was discovered to contain a SQL injection v ...) - TODO: check + NOT-FOR-US: Online Banking System CVE-2022-28115 (Online Sports Complex Booking v1.0 was discovered to contain a SQL inj ...) - TODO: check + NOT-FOR-US: Online Sports Complex Booking CVE-2022-28114 RESERVED CVE-2022-28113 @@ -2286,9 +2286,9 @@ CVE-2022-28065 CVE-2022-28064 RESERVED CVE-2022-28063 (Simple Bakery Shop Management System v1.0 contains a file disclosure v ...) - TODO: check + NOT-FOR-US: Simple Bakery Shop Management System CVE-2022-28062 (Car Rental System v1.0 contains an arbitrary file upload vulnerability ...) - TODO: check + NOT-FOR-US: Car Rental System CVE-2022-28061 RESERVED CVE-2022-28060 @@ -2408,11 +2408,11 @@ CVE-2022-28004 CVE-2022-28003 RESERVED CVE-2022-28002 (Movie Seat Reservation v1 was discovered to contain an unauthenticated ...) - TODO: check + NOT-FOR-US: Movie Seat Reservation CVE-2022-28001 (Movie Seat Reservation v1 was discovered to contain a SQL injection vu ...) - TODO: check + NOT-FOR-US: Movie Seat Reservation CVE-2022-28000 (Car Rental System v1.0 was discovered to contain a SQL injection vulne ...) - TODO: check + NOT-FOR-US: Car Rental System CVE-2022-27999 RESERVED CVE-2022-27998 @@ -2428,9 +2428,9 @@ CVE-2022-27994 CVE-2022-27993 RESERVED CVE-2022-27992 (Zoo Management System v1.0 was discovered to contain a SQL injection v ...) - TODO: check + NOT-FOR-US: Zoo Management System CVE-2022-27991 (Online Banking System in PHP v1 was discovered to contain multiple SQL ...) - TODO: check + NOT-FOR-US: Online Banking System in PHP CVE-2022-27990 RESERVED CVE-2022-27989 @@ -2928,9 +2928,9 @@ CVE-2022-27821 CVE-2022-27820 (OWASP Zed Attack Proxy (ZAP) through w2022-03-21 does not verify the T ...) - zaproxy <itp> (bug #897142) CVE-2022-27819 (SWHKD 1.1.5 allows unsafe parsing via the -c option. An information le ...) - TODO: check + NOT-FOR-US: SWHKD CVE-2022-27818 (SWHKD 1.1.5 unsafely uses the /tmp/swhkd.sock pathname. There can be a ...) - TODO: check + NOT-FOR-US: SWHKD CVE-2022-27817 RESERVED CVE-2022-27816 (SWHKD 1.1.5 unsafely uses the /tmp/swhks.pid pathname. There can be da ...) @@ -3721,9 +3721,9 @@ CVE-2022-27465 CVE-2022-27464 RESERVED CVE-2022-27463 (Open redirect vulnerability in objects/login.json.php in WWBN AVideo t ...) - TODO: check + NOT-FOR-US: WWBN AVideo CVE-2022-27462 (Cross Site Scripting (XSS) vulnerability in objects/function.php in fu ...) - TODO: check + NOT-FOR-US: WWBN AVideo CVE-2022-27461 RESERVED CVE-2022-27460 @@ -3763,9 +3763,9 @@ CVE-2022-27444 CVE-2022-27443 RESERVED CVE-2022-27442 (TPCMS v3.2 allows attackers to access the ThinkPHP log directory and o ...) - TODO: check + NOT-FOR-US: TPCMS CVE-2022-27441 (A stored cross-site scripting (XSS) vulnerability in TPCMS v3.2 allows ...) - TODO: check + NOT-FOR-US: TPCMS CVE-2022-27440 RESERVED CVE-2022-27439 @@ -3775,7 +3775,7 @@ CVE-2022-27438 CVE-2022-27437 RESERVED CVE-2022-27436 (A cross-site scripting (XSS) vulnerability in /public/admin/index.php? ...) - TODO: check + NOT-FOR-US: Ecommerce-Website CVE-2022-27435 (An unrestricted file upload at /public/admin/index.php?add_product of ...) NOT-FOR-US: ashymuzuro/Full-Ecommece-Website CVE-2022-27434 @@ -3933,7 +3933,7 @@ CVE-2022-27359 CVE-2022-27358 RESERVED CVE-2022-27357 (Ecommerce-Website v1 was discovered to contain an arbitrary file uploa ...) - TODO: check + NOT-FOR-US: Ecommerce-Website CVE-2022-27356 RESERVED CVE-2022-27355 @@ -3943,19 +3943,19 @@ CVE-2022-27354 CVE-2022-27353 RESERVED CVE-2022-27352 (Simple House Rental System v1 was discovered to contain an arbitrary f ...) - TODO: check + NOT-FOR-US: Simple House Rental System CVE-2022-27351 (Zoo Management System v1.0 was discovered to contain an arbitrary file ...) - TODO: check + NOT-FOR-US: Zoo Management System CVE-2022-27350 RESERVED CVE-2022-27349 (Social Codia SMS v1 was discovered to contain an arbitrary file upload ...) - TODO: check + NOT-FOR-US: Social Codia SMS CVE-2022-27348 (Social Codia SMS v1 was discovered to contain a stored cross-site scri ...) - TODO: check + NOT-FOR-US: Social Codia SMS CVE-2022-27347 RESERVED CVE-2022-27346 (Ecommece-Website v1.1.0 was discovered to contain an arbitrary file up ...) - TODO: check + NOT-FOR-US: Ecommerce-Website CVE-2022-27345 RESERVED CVE-2022-27344 @@ -4039,7 +4039,7 @@ CVE-2022-27306 CVE-2022-27305 RESERVED CVE-2022-27304 (Student Grading System v1.0 was discovered to contain a SQL injection ...) - TODO: check + NOT-FOR-US: Student Grading System CVE-2022-27303 RESERVED CVE-2022-27302 @@ -4694,7 +4694,7 @@ CVE-2022-27154 CVE-2022-27153 RESERVED CVE-2022-27152 (Roku devices running RokuOS v9.4.0 build 4200 or earlier that uses a R ...) - TODO: check + NOT-FOR-US: Roku devices CVE-2022-27151 RESERVED CVE-2022-27150 @@ -4750,9 +4750,9 @@ CVE-2022-27126 CVE-2022-27125 RESERVED CVE-2022-27124 (Insurance Management System 1.0 was discovered to contain a SQL inject ...) - TODO: check + NOT-FOR-US: Insurance Management System CVE-2022-27123 (Employee Performance Evaluation v1.0 was discovered to contain a SQL i ...) - TODO: check + NOT-FOR-US: Employee Performance Evaluation CVE-2022-27122 RESERVED CVE-2022-27121 @@ -4778,7 +4778,7 @@ CVE-2022-27112 CVE-2022-27111 RESERVED CVE-2022-27110 (OrangeHRM 4.10 is vulnerable to a Host header injection redirect via v ...) - TODO: check + NOT-FOR-US: OrangeHRM CVE-2022-27109 (OrangeHRM 4.10 suffers from a Referer header injection redirect vulner ...) TODO: check CVE-2022-27108 (OrangeHRM 4.10 is vulnerable to Insecure Direct Object Reference (IDOR ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/919bb99617a6c566330d2db31f1b7ae1db8b8f21 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/919bb99617a6c566330d2db31f1b7ae1db8b8f21 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits