[Git][security-tracker-team/security-tracker][master] Re-associate some OrangeHRM CVEs with the itp/rfp bug

Fri, 08 Apr 2022 13:38:06 -0700 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
8465314f by Salvatore Bonaccorso at 2022-04-08T22:37:21+02:00
Re-associate some OrangeHRM CVEs with the itp/rfp bug

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -4778,7 +4778,7 @@ CVE-2022-27112
 CVE-2022-27111
        RESERVED
 CVE-2022-27110 (OrangeHRM 4.10 is vulnerable to a Host header injection 
redirect via v ...)
-       NOT-FOR-US: OrangeHRM
+       - orangehrm <itp> (bug #786622)
 CVE-2022-27109 (OrangeHRM 4.10 suffers from a Referer header injection 
redirect vulner ...)
        TODO: check
 CVE-2022-27108 (OrangeHRM 4.10 is vulnerable to Insecure Direct Object 
Reference (IDOR ...)
@@ -69845,7 +69845,7 @@ CVE-2021-28401
 CVE-2021-28400
        RESERVED
 CVE-2021-28399 (OrangeHRM 4.7 allows an unauthenticated user to enumerate the 
valid us ...)
-       NOT-FOR-US: OrangeHRM
+       - orangehrm <itp> (bug #786622)
 CVE-2021-28398
        RESERVED
 CVE-2021-28397
@@ -95588,7 +95588,7 @@ CVE-2020-29439 (Tesla Model X vehicles before 
2020-11-23 have key fobs that rely
 CVE-2020-29438 (Tesla Model X vehicles before 2020-11-23 have key fobs that 
accept fir ...)
        NOT-FOR-US: Tesla Model X vehicles
 CVE-2020-29437 (SQL injection in the Buzz module of OrangeHRM through 4.6 
allows remot ...)
-       NOT-FOR-US: OrangeHRM
+       - orangehrm <itp> (bug #786622)
 CVE-2020-29436 (Sonatype Nexus Repository Manager 3.x before 3.29.0 allows a 
user with ...)
        NOT-FOR-US: Sonatype Nexus Repository Manager
 CVE-2020-29435
@@ -193418,7 +193418,7 @@ CVE-2019-12841 (Incorrect handling of user input in 
ZIP extraction was detected
 CVE-2019-12840 (In Webmin through 1.910, any user authorized to the "Package 
Updates"  ...)
        - webmin <removed>
 CVE-2019-12839 (In OrangeHRM 4.3.1 and before, there is an input validation 
error with ...)
-       NOT-FOR-US: OrangeHRM
+       - orangehrm <itp> (bug #786622)
 CVE-2013-7472 (The "Count per Day" plugin before 3.2.6 for WordPress allows 
XSS via t ...)
        NOT-FOR-US: "Count per Day" plugin for WordPress
 CVE-2019-12838 (SchedMD Slurm 17.11.x, 18.08.0 through 18.08.7, and 19.05.0 
allows SQL ...)
@@ -389321,7 +389321,7 @@ CVE-2014-100023 (Multiple cross-site scripting (XSS) 
vulnerabilities in question
 CVE-2014-100022 (SQL injection vulnerability in question.php in the mTouch 
Quiz before  ...)
        NOT-FOR-US: mTouch Quiz
 CVE-2014-100021 (Cross-site scripting (XSS) vulnerability in 
symfony/web/index.php/pim/ ...)
-       NOT-FOR-US: OrangeHRM
+       - orangehrm <itp> (bug #786622)
 CVE-2014-100020 (SQL injection vulnerability in ChangeEmail.php in 
iTechClassifieds 3.0 ...)
        NOT-FOR-US: iTechClassifieds
 CVE-2014-10002 (Unspecified vulnerability in JetBrains TeamCity before 8.1 
allows remo ...)
@@ -432101,9 +432101,9 @@ CVE-2011-5261 (Cross-site scripting (XSS) 
vulnerability in serverreport.cgi in A
 CVE-2011-5260 (Cross-site scripting (XSS) vulnerability in SAP/BW/DOC/METADATA 
in SAP ...)
        NOT-FOR-US: NetWeaver
 CVE-2011-5259 (SQL injection vulnerability in 
lib/controllers/CentralController.php i ...)
-       NOT-FOR-US: OrangehRM
+       - orangehrm <itp> (bug #786622)
 CVE-2011-5258 (Multiple cross-site scripting (XSS) vulnerabilities in 
OrangeHRM befor ...)
-       NOT-FOR-US: OrangehRM
+       - orangehrm <itp> (bug #786622)
 CVE-2011-5257 (Multiple cross-site scripting (XSS) vulnerabilities in the 
Classipress ...)
        NOT-FOR-US: WordPress theme
 CVE-2011-5256 (Cross-site scripting (XSS) vulnerability in the tooltips in 
LimeSurvey ...)
@@ -439418,7 +439418,7 @@ CVE-2012-5369
 CVE-2012-5368 (phpMyAdmin 3.5.x before 3.5.3 uses JavaScript code that is 
obtained th ...)
        - phpmyadmin <not-affected> (Only affects 3.5.x, not packaged yet, see 
#691728)
 CVE-2012-5367 (Multiple SQL injection vulnerabilities in OrangeHRM 2.7.1 RC 1 
allow r ...)
-       NOT-FOR-US: OrangeHRM
+       - orangehrm <itp> (bug #786622)
 CVE-2012-5366 (The IPv6 implementation in Apple Mac OS X (unknown versions, 
year 2012 ...)
        NOT-FOR-US: Mac OS X
 CVE-2012-5365 (The IPv6 implementation in FreeBSD and NetBSD (unknown 
versions, year  ...)
@@ -449618,9 +449618,9 @@ CVE-2012-1509 (Buffer overflow in the XPDM display 
driver in VMware View before
 CVE-2012-1508 (The XPDM display driver in VMware ESXi 4.0, 4.1, and 5.0; 
VMware ESX 4 ...)
        NOT-FOR-US: VMware ESXi
 CVE-2012-1507 (Multiple cross-site scripting (XSS) vulnerabilities in 
OrangeHRM befor ...)
-       NOT-FOR-US: OrangeHRM
+       - orangehrm <itp> (bug #786622)
 CVE-2012-1506 (SQL injection vulnerability in the updateStatus function in 
lib/models ...)
-       NOT-FOR-US: OrangeHRM
+       - orangehrm <itp> (bug #786622)
 CVE-2012-1505
        RESERVED
 CVE-2012-1504
@@ -462814,7 +462814,7 @@ CVE-2010-4800 (SQL injection vulnerability in 
doadd.php in BaconMap 1.0 allows r
 CVE-2010-4799 (Multiple SQL injection vulnerabilities in Chipmunk Pwngame 1.0, 
when m ...)
        NOT-FOR-US: Chipmunk Pwngame
 CVE-2010-4798 (Directory traversal vulnerability in index.php in OrangeHRM 
2.6.0.1 al ...)
-       NOT-FOR-US: OrangeHRM
+       - orangehrm <itp> (bug #786622)
 CVE-2010-4797 (Multiple SQL injection vulnerabilities in the log-in form in 
Truworth  ...)
        NOT-FOR-US: Truworth Flex Timesheet
 CVE-2010-4796 (Multiple SQL injection vulnerabilities in PHPYun 1.1.6 allow 
remote at ...)
@@ -513228,7 +513228,7 @@ CVE-2003-1537 (Directory traversal vulnerability in 
PostNuke 0.723 and earlier a
 CVE-2007-5932 (Multiple cross-site scripting (XSS) vulnerabilities in Fatwire 
Content ...)
        NOT-FOR-US: Fatwire Content Server
 CVE-2007-5931 (The reDirect function in lib/controllers/RepViewController.php 
in Oran ...)
-       NOT-FOR-US: OrangeHRM
+       - orangehrm <itp> (bug #786622)
 CVE-2007-5930 (Cross-site scripting (XSS) vulnerability in the web interface 
in Cerbe ...)
        NOT-FOR-US: Cerberus Ftp Server
 CVE-2007-5929 (Buffer overflow in OpenBase 10.0.5 and earlier might allow 
remote auth ...)
@@ -525822,7 +525822,7 @@ CVE-2007-1195 (Multiple buffer overflows in XM Easy 
Personal FTP Server 5.3.0 al
 CVE-2007-1194 (Norman SandBox Analyzer does not use the proper range for 
Interrupt De ...)
        NOT-FOR-US: SandBox Analyzer
 CVE-2007-1193 (Multiple unspecified vulnerabilities in the Login page in 
OrangeHRM be ...)
-       NOT-FOR-US: OrangeHRM
+       - orangehrm <itp> (bug #786622)
 CVE-2007-1192 (Thomas R. Pasawicz HyperBook Guestbook 1.30 stores sensitive 
informati ...)
        NOT-FOR-US: HyperBook Guestbook
 CVE-2007-1191 (The Social Bookmarks (del.icio.us) plug-in 8F in Quicksilver 
writes us ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8465314ffcd645418463b3cfba013ac6e7f32ab7

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8465314ffcd645418463b3cfba013ac6e7f32ab7
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to