[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Mon Nov 14 20:36:43 GMT 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
64769f56 by Salvatore Bonaccorso at 2022-11-14T21:35:43+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -7973,9 +7973,9 @@ CVE-2022-3633 (A vulnerability classified as problematic has been found in Linux
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/8c21c54a53ab21842f5050fa090f26b03c0313d6 (6.0-rc1)
CVE-2022-3632 (The OAuth Client by DigitialPixies WordPress plugin through 1.1.0 does ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-3631 (The OAuth Client by DigitialPixies WordPress plugin through 1.1.0 does ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-3630 (A vulnerability was found in Linux Kernel. It has been rated as proble ...)
- linux 5.19.6-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
@@ -8223,7 +8223,7 @@ CVE-2022-3580 (A vulnerability, which was classified as problematic, has been fo
CVE-2022-3579 (A vulnerability classified as critical was found in SourceCodester Cas ...)
NOT-FOR-US: SourceCodester Cashier Queuing System
CVE-2022-3578 (The ProfileGrid WordPress plugin before 5.1.1 does not sanitise and es ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-3577 (An out-of-bounds memory write flaw was found in the Linux kernel’ ...)
- linux 5.18.5-1
[bullseye] - linux 5.10.127-1
@@ -8274,7 +8274,7 @@ CVE-2022-41642
CVE-2022-3575 (Frauscher Sensortechnik GmbH FDS102 for FAdC R2 and FAdCi R2 v2.8.0 to ...)
NOT-FOR-US: Frauscher Sensortechnik
CVE-2022-3574 (The WPForms Pro WordPress plugin before 1.7.7 does not validate its fo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-3573
RESERVED
CVE-2022-3572
@@ -9218,9 +9218,9 @@ CVE-2022-3541 (A vulnerability classified as critical has been found in Linux Ke
CVE-2022-3540 (An issue has been discovered in hunter2 affecting all versions before ...)
NOT-FOR-US: hunter2
CVE-2022-3539 (The Testimonials WordPress plugin before 2.7, super-testimonial-pro Wo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-3538 (The Webmaster Tools Verification WordPress plugin through 1.2 does not ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-3537 (The Role Based Pricing for WooCommerce WordPress plugin before 1.6.2 d ...)
NOT-FOR-US: WordPress plugin
CVE-2022-3536 (The Role Based Pricing for WooCommerce WordPress plugin before 1.6.3 d ...)
@@ -9592,7 +9592,7 @@ CVE-2022-3486 (An open redirect vulnerability in GitLab EE/CE affecting all vers
CVE-2022-3485
RESERVED
CVE-2022-3484 (The WPB Show Core WordPress plugin through TODO does not sanitise and ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-3483 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
- gitlab <unfixed>
CVE-2022-3482
@@ -9661,7 +9661,7 @@ CVE-2022-42890 (A vulnerability in Batik of Apache XML Graphics allows an attack
NOTE: https://issues.apache.org/jira/browse/BATIK-1345
NOTE: http://svn.apache.org/viewvc?view=revision&revision=1904549
CVE-2022-3477 (The tagDiv Composer WordPress plugin before 3.5, required by the Newsp ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-3476
RESERVED
CVE-2022-3475
@@ -9677,7 +9677,7 @@ CVE-2022-3471 (A vulnerability was found in SourceCodester Human Resource Manage
CVE-2022-3470 (A vulnerability was found in SourceCodester Human Resource Management ...)
NOT-FOR-US: SourceCodester
CVE-2022-3469 (The WP Attachments WordPress plugin before 5.0.5 does not sanitize and ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-3468
RESERVED
CVE-2022-3467 (A vulnerability classified as critical was found in Jiusi OA. Affected ...)
@@ -10720,7 +10720,7 @@ CVE-2022-3417
CVE-2022-3416
RESERVED
CVE-2022-3415 (The Chat Bubble WordPress plugin before 2.3 does not sanitise and esca ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-3414 (A vulnerability was found in SourceCodester Web-Based Student Clearanc ...)
NOT-FOR-US: SourceCodester Web-Based Student Clearance System
CVE-2022-3413 (Incorrect authorization during display of Audit Events in GitLab EE af ...)
@@ -20062,7 +20062,7 @@ CVE-2022-38707
CVE-2022-38706
RESERVED
CVE-2022-38705 (IBM CICS TX 11.1 Standard and Advanced could allow a remote attacker t ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2022-38458
RESERVED
CVE-2022-38394 (Use of hard-coded credentials for the telnet server of CentreCOM AR260 ...)
@@ -27116,9 +27116,9 @@ CVE-2022-2451
CVE-2022-36126 (An issue was discovered in Inductive Automation Ignition before 7.9.20 ...)
NOT-FOR-US: Inductive Automation Ignition
CVE-2022-2450 (The reSmush.it : the only free Image Optimizer & compress plugin W ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-2449 (The reSmush.it : the only free Image Optimizer & compress plugin W ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-2448 (The reSmush.it WordPress plugin before 0.4.6 does not sanitise and esc ...)
NOT-FOR-US: WordPress plugin
CVE-2022-2447 (A flaw was found in Keystone. There is a time lag (up to one hour in a ...)
@@ -28109,7 +28109,7 @@ CVE-2022-35721 (IBM Jazz for Service Management 1.1.3 is vulnerable to stored cr
CVE-2022-35720
RESERVED
CVE-2022-35719 (IBM MQ Internet Pass-Thru 2.1, 9.2 LTS and 9.2 CD stores potentially s ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2022-35718
RESERVED
CVE-2022-35717 ("IBM InfoSphere Information Server 11.7 could allow a locally authenti ...)
@@ -32076,7 +32076,7 @@ CVE-2022-34331 (After performing a sequence of Power FW950, FW1010 maintenance o
CVE-2022-34330
RESERVED
CVE-2022-34329 (IBM CICS TX 11.7 could allow an attacker to obtain sensitive informati ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2022-34328 (PMB 7.3.10 allows reflected XSS via the id parameter in an lvl=author_ ...)
NOT-FOR-US: PMB
CVE-2022-32284 (Use of insufficiently random values vulnerability exists in Vnet/IP co ...)
@@ -32116,21 +32116,21 @@ CVE-2022-34321
CVE-2022-34320
RESERVED
CVE-2022-34319 (IBM CICS TX 11.7 uses weaker than expected cryptographic algorithms th ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2022-34318 (IBM CICS TX 11.1 could allow a remote attacker to hijack the clicking ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2022-34317
RESERVED
CVE-2022-34316 (IBM CICS TX 11.1 does not neutralize or incorrectly neutralizes web sc ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2022-34315 (IBM CICS TX 11.1 is vulnerable to cross-site scripting. This vulnerabi ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2022-34314 (IBM CICS TX 11.1 could disclose sensitive information to a local user ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2022-34313 (IBM CICS TX 11.1 does not set the secure attribute on authorization to ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2022-34312 (IBM CICS TX 11.1 allows web pages to be stored locally which can be re ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2022-34311
RESERVED
CVE-2022-34310
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/64769f56c3021d9c9a189f45a75a5732967734b9
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/64769f56c3021d9c9a189f45a75a5732967734b9
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221114/aa406ebb/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list