[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) jmm at debian.org
Thu Nov 17 15:20:54 GMT 2022 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
6dd286d5 by Moritz Muehlenhoff at 2022-11-17T16:20:28+01:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -8908,7 +8908,7 @@ CVE-2022-43235 (Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow
 	- libde265 <unfixed>
 	NOTE: https://github.com/strukturag/libde265/issues/337
 CVE-2022-43234 (An arbitrary file upload vulnerability in the /attachments component o ...)
-	TODO: check
+	NOT-FOR-US: Hoosk CMS
 CVE-2022-43233 (Canteen Management System v1.0 was discovered to contain a SQL injecti ...)
 	NOT-FOR-US: Canteen Management System
 CVE-2022-43232 (Canteen Management System v1.0 was discovered to contain a SQL injecti ...)
@@ -9109,7 +9109,7 @@ CVE-2022-43137
 CVE-2022-43136
 	RESERVED
 CVE-2022-43135 (Online Diagnostic Lab Management System v1.0 was discovered to contain ...)
-	TODO: check
+	NOT-FOR-US: Online Diagnostic Lab Management System
 CVE-2022-43134
 	RESERVED
 CVE-2022-43133
@@ -9527,13 +9527,13 @@ CVE-2022-3536 (The Role Based Pricing for WooCommerce WordPress plugin before 1.
 CVE-2022-42986
 	RESERVED
 CVE-2022-42985 (The ScratchLogin extension through 1.1 for MediaWiki does not escape v ...)
-	TODO: check
+	NOT-FOR-US: MediaWiki extension ScratchLogin
 CVE-2022-42984 (WoWonder Social Network Platform 4.1.4 was discovered to contain a SQL ...)
 	NOT-FOR-US: WoWonder Social Network Platform
 CVE-2022-42983 (anji-plus AJ-Report 0.9.8.6 allows remote attackers to bypass login au ...)
 	NOT-FOR-US: anji-plus AJ-Report
 CVE-2022-42982 (BKG Professional NtripCaster 2.0.39 allows querying information over t ...)
-	TODO: check
+	NOT-FOR-US: BKG Professional NtripCaster
 CVE-2022-42981
 	RESERVED
 CVE-2022-42980 (go-admin (aka GO Admin) 2.0.12 uses the string go-admin as a productio ...)
@@ -9640,7 +9640,7 @@ CVE-2022-42961 (An issue was discovered in wolfSSL before 5.5.0. A fault injecti
 	- wolfssl 5.5.3-1 (bug #1023574)
 	NOTE: https://github.com/wolfSSL/wolfssl/releases/tag/v5.5.0-stable
 CVE-2022-42960 (EqualWeb Accessibility Widget 2.0.0, 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.1.1 ...)
-	TODO: check
+	NOT-FOR-US: EqualWeb Accessibility Widget
 CVE-2022-42959
 	RESERVED
 CVE-2022-42958
@@ -9652,7 +9652,7 @@ CVE-2022-42956 (The PassWork extension 5.0.9 for Chrome and other browsers allow
 CVE-2022-42955 (The PassWork extension 5.0.9 for Chrome and other browsers allows an a ...)
 	NOT-FOR-US: PassWork extension for Chrome
 CVE-2022-42954 (Keyfactor EJBCA before 7.10.0 allows XSS. ...)
-	TODO: check
+	NOT-FOR-US: Keyfactor EJBCA
 CVE-2022-42953
 	RESERVED
 CVE-2022-42952
@@ -11573,9 +11573,9 @@ CVE-2022-42248
 CVE-2022-42247 (pfSense v2.5.2 was discovered to contain a cross-site scripting (XSS)  ...)
 	NOT-FOR-US: pfSense
 CVE-2022-42246 (Doufox 0.0.4 contains a CSRF vulnerability that can add system adminis ...)
-	TODO: check
+	NOT-FOR-US: Doufox
 CVE-2022-42245 (Dreamer CMS 4.0.01 is vulnerable to SQL Injection. ...)
-	TODO: check
+	NOT-FOR-US: Dreamer CMS
 CVE-2022-42244
 	RESERVED
 CVE-2022-42243 (Simple Cold Storage Management System v1.0 is vulnerable to SQL inject ...)
@@ -11691,7 +11691,7 @@ CVE-2022-42189 (Emlog Pro 1.6.0 plugins upload suffers from a remote code execut
 CVE-2022-42188 (In Lavalite 9.0.0, the XSRF-TOKEN cookie is vulnerable to path travers ...)
 	NOT-FOR-US: Lavalite CMS
 CVE-2022-42187 (Hustoj 22.09.22 has a XSS Vulnerability in /admin/problem_judge.php. ...)
-	TODO: check
+	NOT-FOR-US: Hustoj
 CVE-2022-42186
 	RESERVED
 CVE-2022-42185
@@ -12262,7 +12262,7 @@ CVE-2022-41916 (Heimdal is an implementation of ASN.1/DER, PKIX, and Kerberos. V
 CVE-2022-41915
 	RESERVED
 CVE-2022-41914 (Zulip is an open-source team collaboration tool. For organizations wit ...)
-	TODO: check
+	NOT-FOR-US: Zulip
 CVE-2022-41913 (Discourse-calendar is a plugin for the Discourse messaging platform wh ...)
 	NOT-FOR-US: Discourse plugin
 CVE-2022-41912
@@ -14900,7 +14900,7 @@ CVE-2022-40883
 CVE-2022-40882
 	RESERVED
 CVE-2022-40881 (SolarView Compact 6.00 was discovered to contain a command injection v ...)
-	TODO: check
+	NOT-FOR-US: SolarView Compact
 CVE-2022-40880
 	RESERVED
 CVE-2022-40879 (kkFileView v4.1.0 is vulnerable to Cross Site Scripting (XSS) via the  ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6dd286d5103bcf709d01a5268aaa8847848251ee

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6dd286d5103bcf709d01a5268aaa8847848251ee
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221117/fd7eecf9/attachment.htm>

More information about the debian-security-tracker-commits mailing list