[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Dec 13 05:12:11 GMT 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
a2c3cbdc by Salvatore Bonaccorso at 2022-12-13T06:11:42+01:00
Process NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -3392,9 +3392,9 @@ CVE-2022-45999
CVE-2022-45998
RESERVED
CVE-2022-45997 (Tenda W20E V16.01.0.6(3392) is vulnerable to Buffer Overflow. ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2022-45996 (Tenda W20E V16.01.0.6(3392) is vulnerable to Command injection via cmd ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2022-45995
RESERVED
CVE-2022-45994
@@ -3426,13 +3426,13 @@ CVE-2022-45982
CVE-2022-45981
RESERVED
CVE-2022-45980 (Tenda AX12 V22.03.01.21_CN was discovered to contain a Cross-Site Requ ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2022-45979 (Tenda AX12 v22.03.01.21_CN was discovered to contain a stack overflow ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2022-45978
RESERVED
CVE-2022-45977 (Tenda AX12 V22.03.01.21_CN was found to have a command injection vulne ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2022-45976
RESERVED
CVE-2022-45975
@@ -4584,7 +4584,7 @@ CVE-2022-4099
CVE-2022-4098
RESERVED
CVE-2022-4097 (The All-In-One Security (AIOS) WordPress plugin before 5.0.8 is suscep ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-4096 (Server-Side Request Forgery (SSRF) in GitHub repository appsmithorg/ap ...)
NOT-FOR-US: appsmith
CVE-2022-4095
@@ -4844,7 +4844,7 @@ CVE-2022-4018 (Missing Authentication for Critical Function in GitHub repository
CVE-2022-4017
RESERVED
CVE-2022-4016 (The Booster for WooCommerce WordPress plugin before 5.6.7, Booster Plu ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-4015 (A vulnerability, which was classified as critical, was found in Sports ...)
NOT-FOR-US: Sports Club Management System
CVE-2022-4014 (A vulnerability, which was classified as problematic, has been found i ...)
@@ -4860,7 +4860,7 @@ CVE-2022-43468 (External initialization of trusted variables or data stores vuln
CVE-2022-41783 (tdpServer of TP-Link RE300 V1 improperly processes its input, which ma ...)
NOT-FOR-US: TP-Link
CVE-2022-4010 (The Image Hover Effects WordPress plugin through 5.3 does not sanitise ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-4009
RESERVED
CVE-2022-4008
@@ -4870,9 +4870,9 @@ CVE-2022-4007
CVE-2022-4006 (A vulnerability, which was classified as problematic, has been found i ...)
NOT-FOR-US: WBCE CMS
CVE-2022-4005 (The Donation Button WordPress plugin through 4.0.0 does not sanitize a ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-4004 (The Donation Button WordPress plugin through 4.0.0 does not properly c ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-4241 (A vulnerability, which was classified as problematic, was found in php ...)
NOT-FOR-US: phpservermon
CVE-2021-4240 (A vulnerability, which was classified as problematic, was found in php ...)
@@ -4901,9 +4901,9 @@ CVE-2022-4002
CVE-2022-4001
RESERVED
CVE-2022-4000 (The WooCommerce Shipping WordPress plugin through 1.2.11 does not sani ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-3999 (The WooCommerce Shipping WordPress plugin through 1.2.11 does not have ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-3998 (A vulnerability, which was classified as critical, was found in Monika ...)
NOT-FOR-US: MonikaBrzica scm
CVE-2022-3997 (A vulnerability, which was classified as critical, has been found in M ...)
@@ -5718,7 +5718,7 @@ CVE-2022-3991 (The Photospace Gallery plugin for WordPress is vulnerable to Stor
CVE-2022-3990
RESERVED
CVE-2022-3989 (The Motors WordPress plugin before 1.4.4 does not properly validate up ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-3988 (A vulnerability was found in Frappe. It has been rated as problematic. ...)
NOT-FOR-US: Frappe Framework
CVE-2022-3987
@@ -5732,9 +5732,9 @@ CVE-2022-3984
CVE-2022-3983
RESERVED
CVE-2022-3982 (The Booking calendar, Appointment Booking System WordPress plugin befo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-3981 (The Icegram Express WordPress plugin before 5.5.1 does not properly sa ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-3980 (An XML External Entity (XEE) vulnerability allows server-side request ...)
NOT-FOR-US: Sophos
CVE-2022-37406 (Cross-site scripting vulnerability in Aficio SP 4210N firmware version ...)
@@ -5944,7 +5944,7 @@ CVE-2022-3948 (A vulnerability classified as critical was found in eolinker goku
CVE-2022-3947 (A vulnerability classified as critical has been found in eolinker goku ...)
NOT-FOR-US: eolinker goku_lite
CVE-2022-3946 (The Welcart e-Commerce WordPress plugin before 2.8.4 does not have aut ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-3945 (Improper Restriction of Excessive Authentication Attempts in GitHub re ...)
NOT-FOR-US: Kavita
CVE-2022-3944 (A vulnerability was found in jerryhanjj ERP. It has been declared as c ...)
@@ -5974,11 +5974,11 @@ CVE-2022-3937
CVE-2022-3936
RESERVED
CVE-2022-3935 (The Welcart e-Commerce WordPress plugin before 2.8.4 does not sanitise ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-3934 (The Flat PM WordPress plugin through 2.661 does not sanitize and escap ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-3933 (The Essential Real Estate WordPress plugin before 3.9.6 does not sanit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-45143
RESERVED
CVE-2022-45142
@@ -6007,7 +6007,7 @@ CVE-2022-3931
RESERVED
NOT-FOR-US: Rook
CVE-2022-3930 (The Directorist WordPress plugin before 7.4.2.2 suffers from an IDOR v ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-3929
RESERVED
CVE-2022-3928
@@ -6017,7 +6017,7 @@ CVE-2022-3927
CVE-2022-3926 (The WP OAuth Server (OAuth Authentication) WordPress plugin before 3.4 ...)
NOT-FOR-US: WordPress plugin
CVE-2022-3925 (The buddybadges WordPress plugin through 1.0.0 does not sanitise and e ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-3924
RESERVED
CVE-2022-3923
@@ -6155,7 +6155,7 @@ CVE-2022-45065
CVE-2022-45064
RESERVED
CVE-2022-3919 (The Jetpack CRM WordPress plugin before 5.4.3 does not sanitise and es ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-3918
RESERVED
CVE-2022-3917
@@ -6164,13 +6164,13 @@ CVE-2022-3916
RESERVED
NOT-FOR-US: Keycloak
CVE-2022-3915 (The Dokan WordPress plugin before 3.7.6 does not properly sanitise and ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-3914
RESERVED
CVE-2022-3913
RESERVED
CVE-2022-3912 (The User Registration WordPress plugin before 2.2.4.1 does not properl ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-3911
RESERVED
CVE-2022-3910 (Use After Free vulnerability in Linux Kernel allows Privilege Escalati ...)
@@ -6223,11 +6223,11 @@ CVE-2022-45059 (An issue was discovered in Varnish Cache 7.x before 7.1.2 and 7.
NOTE: https://varnish-cache.org/security/VSV00010.html
NOTE: https://github.com/varnishcache/varnish-cache/commit/fcf5722af75fdbf58dd425dd68d0beaa49bab4f4
CVE-2022-3908 (The Helloprint WordPress plugin before 1.4.7 does not sanitise and esc ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-3907 (The Clerk WordPress plugin before 4.0.0 is affected by time-based atta ...)
NOT-FOR-US: WordPress plugin
CVE-2022-3906 (The Easy Form Builder WordPress plugin before 3.4.0 does not sanitise ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-3905
RESERVED
CVE-2022-3904
@@ -6241,7 +6241,7 @@ CVE-2022-3902
CVE-2022-3901
RESERVED
CVE-2022-3900 (The Cooked Pro WordPress plugin before 1.7.5.7 does not properly valid ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-45058
RESERVED
CVE-2022-45057
@@ -6317,15 +6317,15 @@ CVE-2022-3884
CVE-2022-45044
RESERVED
CVE-2022-3883 (The Block Bad Bots and Stop Bad Bots Crawlers and Spiders and Anti Spa ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-3882 (The Memory Usage, Memory Limit, PHP and Server Memory Health Check and ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-3881 (The WP Tools Increase Maximum Limits, Repair, Server PHP Info, Javascr ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-3880 (The Disable Json API, Login Lockdown, XMLRPC, Pingback, Stop User Enum ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-3879 (The Car Dealer (Dealership) and Vehicle sales WordPress Plugin WordPre ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-3878 (A vulnerability classified as critical has been found in Maxon ERP. Th ...)
NOT-FOR-US: Maxon ERP
CVE-2022-3877
@@ -6346,7 +6346,7 @@ CVE-2022-3872 (An off-by-one read/write issue was found in the SDHCI device of Q
NOTE: patch proposal 1: https://lists.nongnu.org/archive/html/qemu-devel/2022-11/msg01068.html
NOTE: patch proposal 2: https://lists.nongnu.org/archive/html/qemu-devel/2022-11/msg01161.html
CVE-2022-45043 (Tenda AX12 V22.03.01.16_cn is vulnerable to command injection via gofo ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2022-45042
RESERVED
CVE-2022-45041
@@ -7083,7 +7083,7 @@ CVE-2022-44716
CVE-2022-44715
RESERVED
CVE-2022-3862 (The Livemesh Addons for Elementor WordPress plugin before 7.2.4 does n ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-3861 (The Betheme theme for WordPress is vulnerable to PHP Object Injection ...)
NOT-FOR-US: Betheme theme for WordPress
CVE-2022-3860
@@ -13173,7 +13173,7 @@ CVE-2022-3611
CVE-2022-3610 (The Jeeng Push Notifications WordPress plugin before 2.0.4 does not sa ...)
NOT-FOR-US: WordPress plugin
CVE-2022-3609 (The GetYourGuide Ticketing WordPress plugin before 1.0.4 does not sani ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-3608 (Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpm ...)
NOT-FOR-US: phpmyfaq
CVE-2022-3607 (Failure to Sanitize Special Elements into a Different Plane (Special E ...)
@@ -13184,7 +13184,7 @@ CVE-2022-3606 (A vulnerability was found in Linux Kernel. It has been classified
NOTE: Introduced by: https://github.com/libbpf/libbpf/commit/a3abae5122f30b83baebd4e4dd8ba4578a87cd4b (v0.2)
NOTE: Fixed by: https://github.com/libbpf/libbpf/commit/3a3ef0c1d09e1894740db71cdcb7be0bfd713671
CVE-2022-3605 (The WP CSV Exporter WordPress plugin before 1.3.7 does not properly es ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-3604
RESERVED
CVE-2022-3603 (The Export customers list csv for WooCommerce, WordPress users csv, ex ...)
@@ -17677,7 +17677,7 @@ CVE-2022-3361 (The Ultimate Member plugin for WordPress is vulnerable to directo
CVE-2022-3360 (The LearnPress WordPress plugin before 4.1.7.2 unserialises user input ...)
NOT-FOR-US: WordPress plugin
CVE-2022-3359 (The Shortcodes and extra features for Phlox WordPress plugin through 2 ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-3358 (OpenSSL supports creating a custom cipher via the legacy EVP_CIPHER_me ...)
- openssl 3.0.7-1 (bug #1021620)
[bullseye] - openssl <not-affected> (Only affects 3.x)
@@ -19027,7 +19027,7 @@ CVE-2022-41298
CVE-2022-41297 (IBM Db2U 3.5, 4.0, and 4.5 is vulnerable to cross-site request forgery ...)
NOT-FOR-US: IBM
CVE-2022-41296 (IBM Db2U 3.5, 4.0, and 4.5 is vulnerable to cross-site request forgery ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2022-41295
RESERVED
CVE-2022-41294 (IBM Robotic Process Automation 21.0.0, 21.0.1, 21.0.2, 21.0.3, and 21. ...)
@@ -45297,7 +45297,7 @@ CVE-2022-31598 (Due to insufficient input validation, SAP Business Objects - ver
CVE-2022-31597 (Within SAP S/4HANA - versions S4CORE 101, 102, 103, 104, 105, 106, SAP ...)
NOT-FOR-US: SAP
CVE-2022-31596 (Under certain conditions, an attacker authenticated as a CMS administr ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2022-31595 (SAP Financial Consolidation - version 1010,�does not perform ne ...)
NOT-FOR-US: SAP
CVE-2022-31594 (A highly privileged user can exploit SUID-root program to escalate his ...)
@@ -98297,7 +98297,7 @@ CVE-2021-38999 (IBM MQ Appliance could allow a local attacker to obtain sensitiv
CVE-2021-38998
RESERVED
CVE-2021-38997 (IBM API Connect V10.0.0.0 through V10.0.5.0, V10.0.1.0 through V10.0.1 ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2021-38996 (IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local ...)
NOT-FOR-US: IBM
CVE-2021-38995 (IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a2c3cbdced28329445fc7811ff2cf2ab1ac4465c
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a2c3cbdced28329445fc7811ff2cf2ab1ac4465c
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221213/37ae704c/attachment.htm>
More information about the debian-security-tracker-commits
mailing list