[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Dec 8 20:28:50 GMT 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
3e66c2bf by Salvatore Bonaccorso at 2022-12-08T21:28:21+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,9 +1,9 @@
CVE-2022-46831 (In JetBrains TeamCity between 2022.10 and 2022.10.1 connecting to AWS ...)
- TODO: check
+ NOT-FOR-US: JetBrains TeamCity
CVE-2022-46830 (In JetBrains TeamCity between 2022.10 and 2022.10.1 a custom STS endpo ...)
- TODO: check
+ NOT-FOR-US: JetBrains TeamCity
CVE-2022-46829 (In JetBrains JetBrains Gateway before 2022.3 a client could connect wi ...)
- TODO: check
+ NOT-FOR-US: JetBrains JetBrains Gateway
CVE-2022-46828 (In JetBrains IntelliJ IDEA before 2022.3 a DYLIB injection on macOS wa ...)
TODO: check
CVE-2022-46827 (In JetBrains IntelliJ IDEA before 2022.3 an XXE attack leading to SSRF ...)
@@ -101,15 +101,15 @@ CVE-2022-4356
CVE-2022-4355
RESERVED
CVE-2022-4354 (A vulnerability was found in LinZhaoguan pb-cms 2.0 and classified as ...)
- TODO: check
+ NOT-FOR-US: LinZhaoguan pb-cms
CVE-2022-4353 (A vulnerability has been found in LinZhaoguan pb-cms 2.0 and classifie ...)
- TODO: check
+ NOT-FOR-US: LinZhaoguan pb-cms
CVE-2022-4352
RESERVED
CVE-2022-4351
RESERVED
CVE-2022-4350 (A vulnerability, which was classified as problematic, was found in Min ...)
- TODO: check
+ NOT-FOR-US: Mingsoft MCMS
CVE-2022-4349 (A vulnerability classified as problematic has been found in CTF-hacker ...)
TODO: check
CVE-2022-4348 (A vulnerability was found in y_project RuoYi-Cloud. It has been rated ...)
@@ -117,9 +117,9 @@ CVE-2022-4348 (A vulnerability was found in y_project RuoYi-Cloud. It has been r
CVE-2022-4347 (A vulnerability was found in xiandafu beetl-bbs. It has been declared ...)
TODO: check
CVE-2020-36610 (A vulnerability was found in annyshow DuxCMS 2.1. It has been declared ...)
- TODO: check
+ NOT-FOR-US: DuxCMS
CVE-2020-36609 (A vulnerability was found in annyshow DuxCMS 2.1. It has been classifi ...)
- TODO: check
+ NOT-FOR-US: DuxCMS
CVE-2022-46792 (Hasura GraphQL Engine before 2.15.2 mishandles row-level authorization ...)
TODO: check
CVE-2022-46791
@@ -2682,13 +2682,13 @@ CVE-2022-45919 (An issue was discovered in the Linux kernel through 6.0.10. In d
- linux <unfixed>
NOTE: https://lore.kernel.org/linux-media/20221121063308.GA33821%40ubuntu/T/#u
CVE-2022-45918 (ILIAS before 7.16 allows External Control of File Name or Path. ...)
- TODO: check
+ NOT-FOR-US: ILIAS
CVE-2022-45917 (ILIAS before 7.16 has an Open Redirect. ...)
- TODO: check
+ NOT-FOR-US: ILIAS
CVE-2022-45916 (ILIAS before 7.16 allows XSS. ...)
- TODO: check
+ NOT-FOR-US: ILIAS
CVE-2022-45915 (ILIAS before 7.16 allows OS Command Injection. ...)
- TODO: check
+ NOT-FOR-US: ILIAS
CVE-2022-45914 (The ESL (Electronic Shelf Label) protocol, as implemented by (for exam ...)
NOT-FOR-US: ESL (Electronic Shelf Label) protocol
CVE-2022-45913
@@ -2890,7 +2890,7 @@ CVE-2022-45850
CVE-2022-45849
RESERVED
CVE-2022-45848 (Unauth. Stored Cross-Site Scripting (XSS) vulnerability in Contest Gal ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-45847
RESERVED
CVE-2022-45846
@@ -2920,7 +2920,7 @@ CVE-2022-45835
CVE-2022-45834
RESERVED
CVE-2022-45833 (Auth. Path Traversal vulnerability in Easy WP SMTP plugin <= 1.5.1 ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-45832
RESERVED
CVE-2022-45831
@@ -2928,7 +2928,7 @@ CVE-2022-45831
CVE-2022-45830
RESERVED
CVE-2022-45829 (Auth. Path Traversal vulnerability in Easy WP SMTP plugin <= 1.5.1 ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-45828
RESERVED
CVE-2022-45827
@@ -2954,7 +2954,7 @@ CVE-2022-45818
CVE-2022-45817
RESERVED
CVE-2022-45816 (Auth. Stored Cross-Site Scripting (XSS) vulnerability in GD bbPress At ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-45815
RESERVED
CVE-2022-45814
@@ -3561,7 +3561,7 @@ CVE-2022-45552
CVE-2022-45551
RESERVED
CVE-2022-45550 (AyaCMS 3.1.2 is vulnerable to Remote Code Execution (RCE). ...)
- TODO: check
+ NOT-FOR-US: AyaCMS
CVE-2022-45549
RESERVED
CVE-2022-45548 (AyaCMS v3.1.2 has an Arbitrary File Upload vulnerability. ...)
@@ -3727,7 +3727,7 @@ CVE-2022-4093 (SQL injection attacks can result in unauthorized access to sensit
CVE-2022-4092
RESERVED
CVE-2022-44608 (Uncontrolled resource consumption vulnerability in Cybozu Remote Servi ...)
- TODO: check
+ NOT-FOR-US: Cybozu
CVE-2022-4091 (A vulnerability was found in SourceCodester Canteen Management System. ...)
NOT-FOR-US: SourceCodester Canteen Management System
CVE-2022-4090 (A vulnerability was found in rickxy Stock Management System and classi ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3e66c2bf983e5bd700f998605c3e7457849ed125
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3e66c2bf983e5bd700f998605c3e7457849ed125
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221208/f98ca83a/attachment.htm>
More information about the debian-security-tracker-commits
mailing list