[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Nov 8 20:34:27 GMT 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
724450e2 by Salvatore Bonaccorso at 2022-11-08T21:33:12+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -6525,9 +6525,9 @@ CVE-2022-43548 [DNS rebinding in --inspect via invalid octal IP address]
CVE-2022-43547
RESERVED
CVE-2022-43546 (A vulnerability has been identified in POWER METER SICAM Q100 (All ver ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2022-43545 (A vulnerability has been identified in POWER METER SICAM Q100 (All ver ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2022-43542
RESERVED
CVE-2022-43541
@@ -6593,7 +6593,7 @@ CVE-2022-43499
CVE-2022-43492
RESERVED
CVE-2022-43491 (Cross-Site Request Forgery (CSRF) vulnerability in Advanced Dynamic Pr ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-43490
RESERVED
CVE-2022-43488
@@ -6601,7 +6601,7 @@ CVE-2022-43488
CVE-2022-43482
RESERVED
CVE-2022-43481 (Cross-Site Request Forgery (CSRF) vulnerability in Advanced Coupons fo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-43480
RESERVED
CVE-2022-43479
@@ -6633,7 +6633,7 @@ CVE-2022-43445
CVE-2022-43441
RESERVED
CVE-2022-43439 (A vulnerability has been identified in POWER METER SICAM Q100 (All ver ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2022-43438
RESERVED
CVE-2022-43437
@@ -6657,7 +6657,7 @@ CVE-2022-42698
CVE-2022-42497
RESERVED
CVE-2022-42494 (Server Side Request Forgery (SSRF) vulnerability in All in One SEO Pro ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-42485
RESERVED
CVE-2022-42479
@@ -6681,7 +6681,7 @@ CVE-2022-41990
CVE-2022-41987
RESERVED
CVE-2022-41980 (Auth. (admin+) Cross-Site Scripting (XSS) vulnerability in Mantenimien ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-41978
RESERVED
CVE-2022-41840
@@ -7013,9 +7013,9 @@ CVE-2022-3592 [Wide links protection broken]
CVE-2022-43399
RESERVED
CVE-2022-43398 (A vulnerability has been identified in POWER METER SICAM Q100 (All ver ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2022-43397 (A vulnerability has been identified in Parasolid V34.0 (All versions & ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2022-43396
RESERVED
CVE-2022-3591
@@ -7155,7 +7155,7 @@ CVE-2022-43361 (Senayan Library Management System v9.4.2 was discovered to conta
CVE-2022-43360
RESERVED
CVE-2022-43359 (Gifdec commit 1dcbae19363597314f6623010cc80abad4e47f7c was discovered ...)
- TODO: check
+ NOT-FOR-US: Gifdec
CVE-2022-43358
RESERVED
CVE-2022-43357
@@ -7187,7 +7187,7 @@ CVE-2022-43345
CVE-2022-43344
RESERVED
CVE-2022-43343 (N-Prolog v1.91 was discovered to contain a global buffer overflow vuln ...)
- TODO: check
+ NOT-FOR-US: N-Prolog
CVE-2022-43342
RESERVED
CVE-2022-43341
@@ -11184,7 +11184,7 @@ CVE-2022-41759
CVE-2022-41758
RESERVED
CVE-2022-41757 (An issue was discovered in the Arm Mali GPU Kernel Driver. A non-privi ...)
- TODO: check
+ NOT-FOR-US: Arm Mali GPU Kernel Driver
CVE-2022-41756
RESERVED
CVE-2022-41755
@@ -11410,15 +11410,15 @@ CVE-2022-41666 (A CWE-347: Improper Verification of Cryptographic Signature vuln
CVE-2022-41665 (A vulnerability has been identified in SICAM P850 (All versions < V ...)
NOT-FOR-US: Siemens
CVE-2022-41664 (A vulnerability has been identified in JT2Go (All versions < V14.1. ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2022-41663 (A vulnerability has been identified in JT2Go (All versions < V14.1. ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2022-41662 (A vulnerability has been identified in JT2Go (All versions < V14.1. ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2022-41661 (A vulnerability has been identified in JT2Go (All versions < V14.1. ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2022-41660 (A vulnerability has been identified in JT2Go (All versions < V14.1. ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2022-41656
RESERVED
CVE-2022-41655
@@ -11537,7 +11537,7 @@ CVE-2022-41315
CVE-2022-41155
RESERVED
CVE-2022-41136 (Cross-Site Request Forgery (CSRF) vulnerability leading to Stored Cros ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-41135
RESERVED
CVE-2022-41134
@@ -11573,7 +11573,7 @@ CVE-2022-40192
CVE-2022-40130
RESERVED
CVE-2022-40128 (Cross-Site Request Forgery (CSRF) vulnerability in Advanced Order Expo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-39044
RESERVED
CVE-2022-38467
@@ -12036,11 +12036,11 @@ CVE-2022-41436 (An issue in OXHOO TP50 OXH1.50 allows unauthenticated attackers
CVE-2022-41435 (OpenWRT LuCI version git-22.140.66206-02913be was discovered to contai ...)
NOT-FOR-US: OpenWRT LuCI
CVE-2022-41434 (EyesOfNetwork Web Interface v5.3 was discovered to contain a reflected ...)
- TODO: check
+ NOT-FOR-US: EyesOfNetwork (EON)
CVE-2022-41433 (EyesOfNetwork Web Interface v5.3 was discovered to contain a reflected ...)
- TODO: check
+ NOT-FOR-US: EyesOfNetwork (EON)
CVE-2022-41432 (EyesOfNetwork Web Interface v5.3 was discovered to contain a reflected ...)
- TODO: check
+ NOT-FOR-US: EyesOfNetwork (EON)
CVE-2022-41431 (xzs v3.8.0 was discovered to contain a cross-site scripting (XSS) vuln ...)
NOT-FOR-US: xzs
CVE-2022-41430 (Bento4 v1.6.0-639 was discovered to contain a heap overflow via the AP ...)
@@ -13822,13 +13822,13 @@ CVE-2022-40672 (Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnera
CVE-2022-40671 (Cross-Site Request Forgery (CSRF) vulnerability in Rate my Post – ...)
NOT-FOR-US: WordPress plugin
CVE-2022-40632 (Cross-Site Request Forgery (CSRF) vulnerability in gVectors Team wpFor ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-40312
RESERVED
CVE-2022-40310 (Authenticated (subscriber+) Race Condition vulnerability in Rate my Po ...)
NOT-FOR-US: WordPress plugin
CVE-2022-40223 (Nonce token leakage and missing authorization in SearchWP premium plug ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-40219 (Cross-Site Request Forgery (CSRF) vulnerability in SedLex FavIcon Swit ...)
NOT-FOR-US: WordPress plugin
CVE-2022-40217 (Authenticated (admin+) Arbitrary File Edit/Upload vulnerability in Xpl ...)
@@ -13840,9 +13840,9 @@ CVE-2022-40213 (Multiple Authenticated (contributor+) Stored Cross-Site Scriptin
CVE-2022-40211
RESERVED
CVE-2022-40206 (Insecure direct object references (IDOR) vulnerability in the wpForo F ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-40205 (Insecure direct object references (IDOR) vulnerability in the wpForo F ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-40193 (Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability in Awe ...)
NOT-FOR-US: WordPress plugin
CVE-2022-40131 (Cross-Site Request Forgery (CSRF) vulnerability in a3rev Software Page ...)
@@ -13890,7 +13890,7 @@ CVE-2022-3212 (<bytes::Bytes as axum_core::extract::FromRequest>::from_req
CVE-2022-3211 (Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimco ...)
NOT-FOR-US: pimcore
CVE-2022-30545 (Auth. Reflected Cross-Site Scripting (XSS) vulnerability in 5 Anker Co ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2020-36603 (The HoYoVerse (formerly miHoYo) Genshin Impact mhyprot2.sys 1.0.0.0 an ...)
NOT-FOR-US: HoYoVerse (formerly miHoYo) Genshin Impact
CVE-2022-40674 (libexpat before 2.4.9 has a use-after-free in the doContent function i ...)
@@ -15003,7 +15003,7 @@ CVE-2022-38140
CVE-2022-38139 (Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in RD Stati ...)
NOT-FOR-US: WordPress plugin
CVE-2022-38137 (Cross-Site Request Forgery (CSRF) vulnerability in Analytify plugin &l ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-38135 (Broken Access Control vulnerability in Dean Oakley's Photospace Galler ...)
NOT-FOR-US: WordPress plugin
CVE-2022-38134 (Authenticated (subscriber+) Broken Access Control vulnerability in Cus ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/724450e2f66d1bbbab5684275aea3427ea195b34
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/724450e2f66d1bbbab5684275aea3427ea195b34
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221108/1a215df4/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list