diff options
| author | Salvatore Bonaccorso <carnil@debian.org> | 2022-05-17 22:30:57 +0200 |
|---|---|---|
| committer | Salvatore Bonaccorso <carnil@debian.org> | 2022-05-17 22:30:57 +0200 |
| commit | fa6c14eb1be4374db99f26a925c9189a3802ad2c (patch) | |
| tree | 139af966ba2d631c475a099e875de4bc08382746 | |
| parent | af10afad4d3c92d0f8a249acf3ab781fada26d3a (diff) | |
Process NFUs
| -rw-r--r-- | data/CVE/list | 26 |
1 files changed, 13 insertions, 13 deletions
diff --git a/data/CVE/list b/data/CVE/list index 2a366518d2..3c917a5fb0 100644 --- a/data/CVE/list +++ b/data/CVE/list @@ -297,7 +297,7 @@ CVE-2022-1725 (NULL Pointer Dereference in GitHub repository vim/vim prior to 8. CVE-2022-1724 RESERVED CVE-2022-1723 (Server-Side Request Forgery (SSRF) in GitHub repository jgraph/drawio ...) - TODO: check + NOT-FOR-US: jgraph/drawio CVE-2022-1722 (SSRF in editor's proxy via IPv6 link-local address in GitHub repositor ...) NOT-FOR-US: jgraph/drawio CVE-2022-1721 (Path Traversal in WellKnownServlet in GitHub repository jgraph/drawio ...) @@ -719,7 +719,7 @@ CVE-2022-1713 (SSRF on /proxy in GitHub repository jgraph/drawio prior to 18.0.4 CVE-2022-1712 RESERVED CVE-2022-1711 (Server-Side Request Forgery (SSRF) in GitHub repository jgraph/drawio ...) - TODO: check + NOT-FOR-US: jgraph/drawio CVE-2022-1710 RESERVED CVE-2022-1709 @@ -745,7 +745,7 @@ CVE-2021-44467 CVE-2021-4228 RESERVED CVE-2022-30689 (HashiCorp Vault and Vault Enterprise from 1.10.0 to 1.10.2 did not cor ...) - TODO: check + NOT-FOR-US: HashiCorp CVE-2022-30688 (needrestart 0.8 through 3.5 before 3.6 is prone to local privilege esc ...) {DSA-5137-1} - needrestart 3.6-1 (bug #1011154) @@ -2369,7 +2369,7 @@ CVE-2022-30126 (In Apache Tika, a regular expression in our StandardsText class, - tika <unfixed> NOTE: https://www.openwall.com/lists/oss-security/2022/05/16/3 CVE-2022-1553 (Leaking password protected articles content due to improper access con ...) - TODO: check + NOT-FOR-US: Publify CVE-2022-1552 RESERVED {DSA-5136-1 DSA-5135-1} @@ -2507,9 +2507,9 @@ CVE-2022-30075 CVE-2022-30074 RESERVED CVE-2022-30073 (WBCE CMS 1.5.2 is vulnerable to Cross Site Scripting (XSS) via /admin/ ...) - TODO: check + NOT-FOR-US: WBCE CMS CVE-2022-30072 (WBCE CMS 1.5.2 is vulnerable to Cross Site Scripting (XSS) via \admin\ ...) - TODO: check + NOT-FOR-US: WBCE CMS CVE-2022-30071 RESERVED CVE-2022-30070 @@ -2642,7 +2642,7 @@ CVE-2022-30009 CVE-2022-30008 RESERVED CVE-2022-30007 (GXCMS V1.5 has a file upload vulnerability in the background. The vuln ...) - TODO: check + NOT-FOR-US: GXCMS CVE-2022-30006 RESERVED CVE-2022-30005 @@ -4657,7 +4657,7 @@ CVE-2022-29334 CVE-2022-29333 RESERVED CVE-2022-29332 (D-LINK DIR-825 AC1200 R2 is vulnerable to Directory Traversal. An atta ...) - TODO: check + NOT-FOR-US: D-LINK CVE-2022-29331 RESERVED CVE-2022-29330 @@ -5595,7 +5595,7 @@ CVE-2022-29019 CVE-2022-29018 RESERVED CVE-2022-29017 (Bento4 v1.6.0.0 was discovered to contain a segmentation fault via the ...) - TODO: check + NOT-FOR-US: Bento4 CVE-2022-29016 RESERVED CVE-2022-29015 @@ -14448,7 +14448,7 @@ CVE-2022-21192 CVE-2022-21191 RESERVED CVE-2022-21190 (This affects the package convict before 6.2.3. This is a bypass of [CV ...) - TODO: check + NOT-FOR-US: Node convict CVE-2022-21189 (The package dexie before 3.2.2, from 4.0.0-alpha.1 and before 4.0.0-al ...) NOT-FOR-US: dexie CVE-2022-21187 (The package libvcs before 0.11.1 are vulnerable to Command Injection v ...) @@ -16957,7 +16957,7 @@ CVE-2022-24977 (ImpressCMS before 1.4.2 allows unauthenticated remote code execu CVE-2022-0579 (Improper Privilege Management in Packagist snipe/snipe-it prior to 5.3 ...) - snipe-it <itp> (bug #1005172) CVE-2022-0578 (Code Injection in GitHub repository publify/publify prior to 9.2.8. ...) - TODO: check + NOT-FOR-US: Publify CVE-2022-24976 (Atheme IRC Services before 7.2.12, when used in conjunction with InspI ...) - atheme-services 7.2.12-1 [bullseye] - atheme-services <no-dsa> (Minor issue; can be fixed via point release) @@ -16976,9 +16976,9 @@ CVE-2022-0576 (Cross-site Scripting (XSS) - Generic in Packagist librenms/libren CVE-2022-0575 (Cross-site Scripting (XSS) - Stored in Packagist librenms/librenms pri ...) NOT-FOR-US: LibreNMS CVE-2022-0574 (Improper Access Control in GitHub repository publify/publify prior to ...) - TODO: check + NOT-FOR-US: Publify CVE-2022-0573 (JFrog Artifactory before 7.36.1 and 6.23.41, is vulnerable to Insecure ...) - TODO: check + NOT-FOR-US: JFrog Artifactory CVE-2022-0572 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. ...) {DLA-3011-1} - vim 2:8.2.4659-1 |