Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: b8dc8922 by Salvatore Bonaccorso at 2022-05-07T09:39:10+02:00 Process NFUs - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -2279,7 +2279,7 @@ CVE-2022-29536 (In GNOME Epiphany before 41.4 and 42.x before 42.2, an HTML docu NOTE: Introduced by: https://gitlab.gnome.org/GNOME/epiphany/-/commit/232c613472b38ff0d0d97338f366024ddb9cd228 (3.29.2) NOTE: Fixed by: https://gitlab.gnome.org/GNOME/epiphany/-/commit/486da133569ebfc436c959a7419565ab102e8525 CVE-2022-29535 (Zoho ManageEngine OPManager through 125588 allows SQL Injection via a ...) - TODO: check + NOT-FOR-US: Zoho ManageEngine CVE-2022-29534 (An issue was discovered in MISP before 2.4.158. In UsersController.php ...) NOT-FOR-US: MISP CVE-2022-29533 (An issue was discovered in MISP before 2.4.158. There is XSS in app/Co ...) @@ -2589,13 +2589,13 @@ CVE-2022-29425 CVE-2022-29424 RESERVED CVE-2022-29423 (Pro Features Lock Bypass vulnerability in Countdown & Clock plugin ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-29422 (Multiple Authenticated (admin+) Persistent Cross-Site Scripting (XSS) ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-29421 (Reflected Cross-Site Scripting (XSS) vulnerability in Adam Skaat's Cou ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-29420 (Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-29419 (SQL Injection (SQLi) vulnerability in Don Crowther's 3xSocializer plug ...) NOT-FOR-US: WordPress plugin CVE-2022-29418 (Authenticated (admin user role) Persistent Cross-Site Scripting (XSS) ...) @@ -3219,7 +3219,7 @@ CVE-2022-29173 (go-tuf is a Go implementation of The Update Framework (TUF). go- CVE-2022-29172 (Auth0 is an authentication broker that supports both social and enterp ...) TODO: check CVE-2022-29171 (Sourcegraph is a fast and featureful code search and navigation engine ...) - TODO: check + NOT-FOR-US: Sourcegraph CVE-2022-29170 RESERVED CVE-2022-29169 @@ -3233,13 +3233,13 @@ CVE-2022-29166 (matrix-appservice-irc is a Node.js IRC bridge for Matrix. The vu CVE-2022-29165 RESERVED CVE-2022-29164 (Argo Workflows is an open source container-native workflow engine for ...) - TODO: check + NOT-FOR-US: Argo Workflows CVE-2022-29163 RESERVED CVE-2022-29162 RESERVED CVE-2022-29161 (XWiki Platform is a generic wiki platform offering runtime services fo ...) - TODO: check + NOT-FOR-US: XWiki CVE-2022-29160 RESERVED CVE-2022-29159 @@ -4925,7 +4925,7 @@ CVE-2022-28547 CVE-2022-28546 RESERVED CVE-2022-28545 (FUDforum 3.1.1 is vulnerable to Stored XSS. ...) - TODO: check + NOT-FOR-US: FUDforum CVE-2022-28544 (Path traversal vulnerability in unzip method of InstallAgentCommonHelp ...) NOT-FOR-US: Samsung CVE-2022-28543 (Path traversal vulnerability in Samsung Flow prior to version 4.8.07.4 ...) @@ -5001,7 +5001,7 @@ CVE-2022-28509 CVE-2022-28508 (An XSS issue was discovered in browser_search_plugin.php in MantisBT b ...) - mantis <removed> CVE-2022-28507 (Dragon Path Technologies Bharti Airtel Routers Hardware BDT-121 versio ...) - TODO: check + NOT-FOR-US: Dragon Path Technologies Bharti Airtel Routers Hardware BDT-121 CVE-2022-28506 (There is a heap-buffer-overflow in GIFLIB 5.2.1 function DumpScreen2RG ...) - giflib <unfixed> [bullseye] - giflib <no-dsa> (Minor issue) @@ -5719,25 +5719,25 @@ CVE-2021-46744 CVE-2022-28280 RESERVED CVE-2022-28279 (Adobe Photoshop versions 22.5.6 (and earlier)and 23.2.2 (and earlier) ...) - TODO: check + NOT-FOR-US: Adobe CVE-2022-28278 (Adobe Photoshop versions 22.5.6 (and earlier) and 23.2.2 (and earlier) ...) - TODO: check + NOT-FOR-US: Adobe CVE-2022-28277 (Adobe Photoshop versions 22.5.6 (and earlier) and 23.2.2 (and earlier) ...) - TODO: check + NOT-FOR-US: Adobe CVE-2022-28276 (Adobe Photoshop versions 22.5.6 (and earlier) and 23.2.2 (and earlier) ...) - TODO: check + NOT-FOR-US: Adobe CVE-2022-28275 (Adobe Photoshop versions 22.5.6 (and earlier) and 23.2.2 (and earlier) ...) - TODO: check + NOT-FOR-US: Adobe CVE-2022-28274 (Adobe Photoshop versions 22.5.6 (and earlier) and 23.2.2 (and earlier) ...) - TODO: check + NOT-FOR-US: Adobe CVE-2022-28273 (Adobe Photoshop versions 22.5.6 (and earlier) and 23.2.2 (and earlier) ...) - TODO: check + NOT-FOR-US: Adobe CVE-2022-28272 (Adobe Photoshop versions 22.5.6 (and earlier) and 23.2.2 (and earlier) ...) - TODO: check + NOT-FOR-US: Adobe CVE-2022-28271 (Adobe Photoshop versions 22.5.6 (and earlier)and 23.2.2 (and earlier) ...) - TODO: check + NOT-FOR-US: Adobe CVE-2022-28270 (Adobe Photoshop versions 22.5.6 (and earlier) and 23.2.2 (and earlier) ...) - TODO: check + NOT-FOR-US: Adobe CVE-2022-28269 RESERVED CVE-2022-28268 @@ -6598,7 +6598,7 @@ CVE-2022-28007 (Attendance and Payroll System v1.0 was discovered to contain a S CVE-2022-28006 (Attendance and Payroll System v1.0 was discovered to contain a SQL inj ...) NOT-FOR-US: Attendance and Payroll System CVE-2022-28005 (An issue was discovered in the 3CX Phone System Management Console pri ...) - TODO: check + NOT-FOR-US: 3CX Phone System Management Console CVE-2022-28004 RESERVED CVE-2022-28003 @@ -6829,7 +6829,7 @@ CVE-2022-27911 CVE-2022-27910 RESERVED CVE-2022-27909 (In Joomla component 'jDownloads 3.9.8.2 Stable' the remote user can ch ...) - TODO: check + NOT-FOR-US: Joomla component jDownloads CVE-2022-27908 (Zoho ManageEngine OpManager before 125588 (and before 125603) is vulne ...) NOT-FOR-US: Zoho ManageEngine CVE-2022-27907 (Sonatype Nexus Repository Manager 3.x before 3.38.0 allows SSRF. ...) @@ -7187,9 +7187,9 @@ CVE-2022-27786 CVE-2022-27785 RESERVED CVE-2022-27784 (Adobe After Effects versions 22.2.1 (and earlier) and 18.4.5 (and earl ...) - TODO: check + NOT-FOR-US: Adobe CVE-2022-27783 (Adobe After Effects versions 22.2.1 (and earlier) and 18.4.5 (and earl ...) - TODO: check + NOT-FOR-US: Adobe CVE-2022-27660 RESERVED CVE-2022-27633 @@ -17774,7 +17774,7 @@ CVE-2022-24107 CVE-2022-24106 RESERVED CVE-2022-24105 (Adobe Photoshop versions 22.5.6 (and earlier)and 23.2.2 (and earlier) ...) - TODO: check + NOT-FOR-US: Adobe CVE-2022-24104 RESERVED CVE-2022-24103 @@ -17786,9 +17786,9 @@ CVE-2022-24101 CVE-2022-24100 RESERVED CVE-2022-24099 (Adobe Photoshop versions 22.5.6 (and earlier)and 23.2.2 (and earlier) ...) - TODO: check + NOT-FOR-US: Adobe CVE-2022-24098 (Adobe Photoshop versions 22.5.6 (and earlier)and 23.2.2 (and earlier) ...) - TODO: check + NOT-FOR-US: Adobe CVE-2022-24097 (Adobe After Effects versions 22.2 (and earlier) and 18.4.4 (and earlie ...) NOT-FOR-US: Adobe CVE-2022-24096 (Adobe After Effects versions 22.2 (and earlier) and 18.4.4 (and earlie ...) @@ -19286,7 +19286,7 @@ CVE-2022-23803 (A stack-based buffer overflow vulnerability exists in the Gerber NOTE: https://gitlab.com/kicad/code/kicad/-/commit/927afe313d1f104391814ee7d5d9cca0a520aa50 (6.0.2) NOTE: https://gitlab.com/kicad/code/kicad/-/commit/7ed569058c516974c47b4a506daa3daea4248e05 (master) CVE-2022-23802 (Joomla Guru extension 5.2.5 is affected by: Insecure Permissions. The ...) - TODO: check + NOT-FOR-US: Joomla Guru extension CVE-2022-23801 (An issue was discovered in Joomla! 4.0.0 through 4.1.0. Possible XSS a ...) NOT-FOR-US: Joomla! CVE-2022-23800 (An issue was discovered in Joomla! 4.0.0 through 4.1.0. Inadequate con ...) @@ -21315,7 +21315,7 @@ CVE-2021-23150 (Authenticated (admin or higher user role) Stored Cross-Site Scri CVE-2022-23206 (In Apache Traffic Control Traffic Ops prior to 6.1.0 or 5.1.6, an unpr ...) NOT-FOR-US: Apache Traffic Control CVE-2022-23205 (Adobe Photoshop versions 22.5.6 (and earlier)and 23.2.2 (and earlier) ...) - TODO: check + NOT-FOR-US: Adobe CVE-2022-23204 (Adobe Premiere Rush versions 2.0 and earlier are affected by an out-of ...) NOT-FOR-US: Adobe CVE-2022-23203 (Adobe Photoshop versions 22.5.4 (and earlier) and 23.1 (and earlier) a ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b8dc89227d50fab134c744b6925e026bb1110709 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b8dc89227d50fab134c744b6925e026bb1110709 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits