[Git][security-tracker-team/security-tracker][master] Process some more NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri Nov 4 08:28:02 GMT 2022 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
ca091fd2 by Salvatore Bonaccorso at 2022-11-04T09:27:34+01:00
Process some more NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1204,9 +1204,9 @@ CVE-2022-44630
 CVE-2022-44629
 	RESERVED
 CVE-2022-44628 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Jump ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-44627 (Cross-Site Request Forgery (CSRF) vulnerability in David Cole Simple S ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-44626
 	RESERVED
 CVE-2022-44625
@@ -1783,15 +1783,15 @@ CVE-2022-44457
 CVE-2022-43506
 	RESERVED
 CVE-2022-43495 (OpenHarmony-v3.1.2 and prior versions had a DOS vulnerability in distr ...)
-	TODO: check
+	NOT-FOR-US: OpenHarmony
 CVE-2022-43457
 	RESERVED
 CVE-2022-43452
 	RESERVED
 CVE-2022-43451 (OpenHarmony-v3.1.2 and prior versions had an Multiple path traversal v ...)
-	TODO: check
+	NOT-FOR-US: OpenHarmony
 CVE-2022-43449 (OpenHarmony-v3.1.2 and prior versions had an Arbitrary file read vulne ...)
-	TODO: check
+	NOT-FOR-US: OpenHarmony
 CVE-2022-43447
 	RESERVED
 CVE-2022-41775
@@ -5633,7 +5633,7 @@ CVE-2022-43573
 CVE-2022-43572
 	RESERVED
 CVE-2022-43571 (In Splunk Enterprise versions below 8.2.9, 8.1.12, and 9.0.2, an authe ...)
-	TODO: check
+	NOT-FOR-US: Splunk Enterprise
 CVE-2022-43570
 	RESERVED
 CVE-2022-43569
@@ -5653,7 +5653,7 @@ CVE-2022-43563
 CVE-2022-43562
 	RESERVED
 CVE-2022-43561 (In Splunk Enterprise versions below 8.1.12, 8.2.9, and 9.0.2, a remote ...)
-	TODO: check
+	NOT-FOR-US: Splunk Enterprise
 CVE-2022-43560
 	RESERVED
 CVE-2022-43559
@@ -6938,11 +6938,11 @@ CVE-2022-43065
 CVE-2022-43064
 	RESERVED
 CVE-2022-43063 (Online Diagnostic Lab Management System v1.0 was discovered to contain ...)
-	TODO: check
+	NOT-FOR-US: Online Diagnostic Lab Management System
 CVE-2022-43062 (Online Diagnostic Lab Management System v1.0 was discovered to contain ...)
-	TODO: check
+	NOT-FOR-US: Online Diagnostic Lab Management System
 CVE-2022-43061 (Online Tours & Travels Management System v1.0 was discovered to co ...)
-	TODO: check
+	NOT-FOR-US: Online Tours & Travels Management System
 CVE-2022-43060
 	RESERVED
 CVE-2022-43059
@@ -7961,17 +7961,17 @@ CVE-2022-42751 (CandidATS version 3.0.0 allows an external attacker to elevate p
 CVE-2022-42750 (CandidATS version 3.0.0 allows an external attacker to steal the cooki ...)
 	NOT-FOR-US: CandidATS
 CVE-2022-42749 (CandidATS version 3.0.0 on 'page' of the 'ajax.php' resource, allows a ...)
-	TODO: check
+	NOT-FOR-US: CandidATS
 CVE-2022-42748 (CandidATS version 3.0.0 on 'sortDirection' of the 'ajax.php' resource, ...)
-	TODO: check
+	NOT-FOR-US: CandidATS
 CVE-2022-42747 (CandidATS version 3.0.0 on 'sortBy' of the 'ajax.php' resource, allows ...)
-	TODO: check
+	NOT-FOR-US: CandidATS
 CVE-2022-42746 (CandidATS version 3.0.0 on 'indexFile' of the 'ajax.php' resource, all ...)
-	TODO: check
+	NOT-FOR-US: CandidATS
 CVE-2022-42745 (CandidATS version 3.0.0 allows an external attacker to read arbitrary  ...)
-	TODO: check
+	NOT-FOR-US: CandidATS
 CVE-2022-42744 (CandidATS version 3.0.0 allows an external attacker to perform CRUD op ...)
-	TODO: check
+	NOT-FOR-US: CandidATS
 CVE-2022-42743 (deep-parse-json version 1.0.2 allows an external attacker to edit or a ...)
 	TODO: check
 CVE-2022-42742
@@ -12958,7 +12958,7 @@ CVE-2022-40205
 CVE-2022-40193 (Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability in Awe ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-40131 (Cross-Site Request Forgery (CSRF) vulnerability in a3rev Software Page ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-38974
 	RESERVED
 CVE-2022-38468
@@ -12980,7 +12980,7 @@ CVE-2022-36424
 CVE-2022-36417 (Multiple Stored Cross-Site Scripting (XSS) via Cross-Site Request Forg ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-36404 (Auth. (subscriber+) Broken Access Control vulnerability in David Cole  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-35238 (Unauthenticated Plugin Settings Change vulnerability in Awesome Filter ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-33978 (Reflected Cross-Site Scripting (XSS) vulnerability FontMeister plugin  ...)
@@ -16000,7 +16000,7 @@ CVE-2022-39384
 CVE-2022-39383
 	RESERVED
 CVE-2022-39382 (Keystone is a headless CMS for Node.js — built with GraphQL and  ...)
-	TODO: check
+	NOT-FOR-US: Keystone CMS
 CVE-2022-39381 (Muhammara is a node module with c/cpp bindings to modify PDF with js f ...)
 	TODO: check
 CVE-2022-39380



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ca091fd2982fd316b54d0527f7d3d8ee6874b0ed

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ca091fd2982fd316b54d0527f7d3d8ee6874b0ed
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221104/590f606e/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list