[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Wed Nov 16 13:08:05 GMT 2022
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
1604946b by Moritz Muehlenhoff at 2022-11-16T14:07:33+01:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -8682,7 +8682,7 @@ CVE-2022-43280 (wasm-interp v1.0.29 was discovered to contain an out-of-bounds r
NOTE: https://github.com/WebAssembly/wabt/issues/1982
NOTE: Crash in CLI tool, no security impact
CVE-2022-43279 (LimeSurvey v5.4.4 was discovered to contain a SQL injection vulnerabil ...)
- TODO: check
+ - limesurvey <itp> (bug #472802)
CVE-2022-43278 (Canteen Management System v1.0 was discovered to contain a SQL injecti ...)
NOT-FOR-US: Canteen Management System
CVE-2022-43277 (Canteen Management System v1.0 was discovered to contain an arbitrary ...)
@@ -9415,7 +9415,7 @@ CVE-2022-42986
CVE-2022-42985
RESERVED
CVE-2022-42984 (WoWonder Social Network Platform 4.1.4 was discovered to contain a SQL ...)
- TODO: check
+ NOT-FOR-US: WoWonder Social Network Platform
CVE-2022-42983 (anji-plus AJ-Report 0.9.8.6 allows remote attackers to bypass login au ...)
NOT-FOR-US: anji-plus AJ-Report
CVE-2022-42982
@@ -9427,9 +9427,9 @@ CVE-2022-42980 (go-admin (aka GO Admin) 2.0.12 uses the string go-admin as a pro
CVE-2022-42979
RESERVED
CVE-2022-42978 (In the Netic User Export add-on before 1.3.5 for Atlassian Confluence, ...)
- TODO: check
+ NOT-FOR-US: Atlassian Confluence addon
CVE-2022-42977 (The Netic User Export add-on before 1.3.5 for Atlassian Confluence has ...)
- TODO: check
+ NOT-FOR-US: Atlassian Confluence addon
CVE-2022-42976
RESERVED
CVE-2022-42975 (socket/transport.ex in Phoenix before 1.6.14 mishandles check_origin w ...)
@@ -9785,7 +9785,7 @@ CVE-2022-3482
CVE-2022-3481 (The WooCommerce Dropshipping WordPress plugin before 4.4 does not prop ...)
NOT-FOR-US: WordPress plugin
CVE-2022-3480 (A remote, unauthenticated attacker could cause a denial-of-service of ...)
- TODO: check
+ NOT-FOR-US: PHOENIX
CVE-2022-3479 (A vulnerability found in nss. By this security vulnerability, nss clie ...)
- nss <unfixed> (bug #1021786)
[bullseye] - nss <no-dsa> (Minor issue)
@@ -9934,7 +9934,7 @@ CVE-2022-41687
CVE-2022-40221
RESERVED
CVE-2022-3461 (In PHOENIX CONTACT Automationworx Software Suite up to version 1.89 ma ...)
- TODO: check
+ NOT-FOR-US: PHOENIX
CVE-2022-3460
RESERVED
CVE-2022-3459
@@ -10115,7 +10115,7 @@ CVE-2022-42787 (Multiple W&T products of the Comserver Series use a small nu
CVE-2022-42786 (Multiple W&T Products of the ComServer Series are prone to an XSS ...)
NOT-FOR-US: Wiesemann & Theis GmbH products
CVE-2022-42785 (Multiple W&T products of the ComServer Series are prone to an auth ...)
- TODO: check
+ NOT-FOR-US: Wiesemann & Theis GmbH products
CVE-2022-42784
RESERVED
CVE-2022-3457 (Origin Validation Error in GitHub repository ikus060/rdiffweb prior to ...)
@@ -10905,19 +10905,19 @@ CVE-2022-42466 (Prior to 2.0.0-M9, it was possible for an end-user to set the va
CVE-2022-42458
RESERVED
CVE-2022-42001 (Cross-site Scripting (XSS) vulnerability in BlueSpiceBookshelf extensi ...)
- TODO: check
+ NOT-FOR-US: Bluespice extension
CVE-2022-42000 (Cross-site Scripting (XSS) vulnerability in BlueSpiceSocialProfile ext ...)
- TODO: check
+ NOT-FOR-US: Bluespice extension
CVE-2022-41986 (Information disclosure vulnerability in Android App 'IIJ SmartKey' ver ...)
NOT-FOR-US: Android App 'IIJ SmartKey'
CVE-2022-41814 (Cross-site Scripting (XSS) vulnerability in BlueSpiceFoundation extens ...)
- TODO: check
+ NOT-FOR-US: Bluespice extension
CVE-2022-41796 (Untrusted search path vulnerability in the installer of Content Transf ...)
NOT-FOR-US: installer of Content Transfer (for Windows)
CVE-2022-41789 (Cross-site Scripting (XSS) vulnerability in BlueSpiceDiscovery skin of ...)
- TODO: check
+ NOT-FOR-US: Bluespice skin
CVE-2022-41611 (Cross-site Scripting (XSS) vulnerability in BlueSpiceDiscovery skin of ...)
- TODO: check
+ NOT-FOR-US: Bluespice skin
CVE-2022-3418 (The Import any XML or CSV File to WordPress plugin before 3.6.9 is not ...)
NOT-FOR-US: WordPress plugin
CVE-2022-3417
@@ -11686,35 +11686,35 @@ CVE-2022-42134
CVE-2022-42133
RESERVED
CVE-2022-42132 (The Test LDAP Users functionality in Liferay Portal 7.0.0 through 7.4. ...)
- TODO: check
+ NOT-FOR-US: Liferay
CVE-2022-42131 (Certain Liferay products are affected by: Missing SSL Certificate Vali ...)
- TODO: check
+ NOT-FOR-US: Liferay
CVE-2022-42130 (The Dynamic Data Mapping module in Liferay Portal 7.1.0 through 7.4.3. ...)
- TODO: check
+ NOT-FOR-US: Liferay
CVE-2022-42129 (An Insecure direct object reference (IDOR) vulnerability in the Dynami ...)
- TODO: check
+ NOT-FOR-US: Liferay
CVE-2022-42128 (The Hypermedia REST APIs module in Liferay Portal 7.4.1 through 7.4.3. ...)
- TODO: check
+ NOT-FOR-US: Liferay
CVE-2022-42127 (The Friendly Url module in Liferay Portal 7.4.3.5 through 7.4.3.36, an ...)
- TODO: check
+ NOT-FOR-US: Liferay
CVE-2022-42126 (The Asset Libraries module in Liferay Portal 7.3.5 through 7.4.3.28, a ...)
- TODO: check
+ NOT-FOR-US: Liferay
CVE-2022-42125 (Zip slip vulnerability in FileUtil.unzip in Liferay Portal 7.4.3.5 thr ...)
- TODO: check
+ NOT-FOR-US: Liferay
CVE-2022-42124 (ReDoS vulnerability in LayoutPageTemplateEntryUpgradeProcess in Lifera ...)
- TODO: check
+ NOT-FOR-US: Liferay
CVE-2022-42123 (A Zip slip vulnerability in the Elasticsearch Connector in Liferay Por ...)
- TODO: check
+ NOT-FOR-US: Liferay
CVE-2022-42122 (A SQL injection vulnerability in the Friendly Url module in Liferay Po ...)
- TODO: check
+ NOT-FOR-US: Liferay
CVE-2022-42121 (A SQL injection vulnerability in the Layout module in Liferay Portal 7 ...)
- TODO: check
+ NOT-FOR-US: Liferay
CVE-2022-42120 (A SQL injection vulnerability in the Fragment module in Liferay Portal ...)
- TODO: check
+ NOT-FOR-US: Liferay
CVE-2022-42119 (Certain Liferay products are vulnerable to Cross Site Scripting (XSS) ...)
- TODO: check
+ NOT-FOR-US: Liferay
CVE-2022-42118 (A Cross-site scripting (XSS) vulnerability in the Portal Search module ...)
- TODO: check
+ NOT-FOR-US: Liferay
CVE-2022-42117 (A Cross-site scripting (XSS) vulnerability in the Frontend Taglib modu ...)
NOT-FOR-US: Frontend Taglib module in Liferay
CVE-2022-42116 (A Cross-site scripting (XSS) vulnerability in the Frontend Editor modu ...)
@@ -11728,9 +11728,9 @@ CVE-2022-42113 (A Cross-site scripting (XSS) vulnerability in Document Library m
CVE-2022-42112 (A Cross-site scripting (XSS) vulnerability in the Portal Search module ...)
NOT-FOR-US: module in Liferay
CVE-2022-42111 (A Cross-site scripting (XSS) vulnerability in the Sharing module's use ...)
- TODO: check
+ NOT-FOR-US: Liferay
CVE-2022-42110 (A Cross-site scripting (XSS) vulnerability in the Announcements module ...)
- TODO: check
+ NOT-FOR-US: Liferay
CVE-2022-42109
RESERVED
CVE-2022-42108
@@ -12149,7 +12149,7 @@ CVE-2022-41915
CVE-2022-41914
RESERVED
CVE-2022-41913 (Discourse-calendar is a plugin for the Discourse messaging platform wh ...)
- TODO: check
+ NOT-FOR-US: Discourse plugin
CVE-2022-41912
RESERVED
CVE-2022-41911
@@ -12326,7 +12326,7 @@ CVE-2022-3379 (Horner Automation's Cscape version 9.90 SP7 and prior does not pr
CVE-2022-3378 (Horner Automation's Cscape version 9.90 SP 7 and prior does not proper ...)
NOT-FOR-US: Horner Automation's Cscape
CVE-2022-3377 (Horner Automation's Cscape version 9.90 SP 6 and prior does not proper ...)
- TODO: check
+ NOT-FOR-US: Horner Automation's Cscape
CVE-2022-3376 (Weak Password Requirements in GitHub repository ikus060/rdiffweb prior ...)
- rdiffweb <itp> (bug #969974)
CVE-2022-3375
@@ -12432,7 +12432,7 @@ CVE-2022-3364 (Allocation of Resources Without Limits or Throttling in GitHub re
CVE-2022-3363 (Business Logic Errors in GitHub repository ikus060/rdiffweb prior to 2 ...)
- rdiffweb <itp> (bug #969974)
CVE-2022-3362 (Insufficient Session Expiration in GitHub repository ikus060/rdiffweb ...)
- TODO: check
+ - rdiffweb <itp> (bug #969974)
CVE-2022-41850 (roccat_report_event in drivers/hid/hid-roccat.c in the Linux kernel th ...)
- linux 6.0.3-1
NOTE: https://lore.kernel.org/all/20220904193115.GA28134@ubuntu/t/#u
@@ -13063,7 +13063,7 @@ CVE-2022-41560
CVE-2022-41559
RESERVED
CVE-2022-41558 (The Visualizations component of TIBCO Software Inc.'s TIBCO Spotfire A ...)
- TODO: check
+ NOT-FOR-US: TIBCO
CVE-2022-41342
RESERVED
CVE-2022-41314
@@ -14735,7 +14735,7 @@ CVE-2022-40905
CVE-2022-40904
RESERVED
CVE-2022-40903 (Aiphone GT-DMB-N 3-in-1 Video Entrance Station with NFC Reader 1.0.3 d ...)
- TODO: check
+ NOT-FOR-US: Aiphone
CVE-2022-40902
RESERVED
CVE-2022-40901
@@ -15952,7 +15952,7 @@ CVE-2022-40407 (A zip slip vulnerability in the file upload function of Chamilo
CVE-2022-40406
RESERVED
CVE-2022-40405 (WoWonder Social Network Platform v4.1.2 was discovered to contain a SQ ...)
- TODO: check
+ NOT-FOR-US: WoWonder Social Network Platform
CVE-2022-40404 (Wedding Planner v1.0 was discovered to contain a SQL injection vulnera ...)
NOT-FOR-US: Wedding Planner
CVE-2022-40403 (Wedding Planner v1.0 was discovered to contain a SQL injection vulnera ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1604946b8d56795fda2205a1eb8d90aa6a87b7fb
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1604946b8d56795fda2205a1eb8d90aa6a87b7fb
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221116/d93fdbcb/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list