[Git][security-tracker-team/security-tracker][master] Process several NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri Nov 18 08:18:52 GMT 2022 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
d892b377 by Salvatore Bonaccorso at 2022-11-18T09:18:24+01:00
Process several NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -626,7 +626,7 @@ CVE-2022-45377
 CVE-2022-45376
 	RESERVED
 CVE-2022-45375 (Auth. Stored Cross-Site Scripting (XSS) vulnerability in iFeature Slid ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-45374
 	RESERVED
 CVE-2022-45373
@@ -1382,7 +1382,7 @@ CVE-2022-45079
 CVE-2022-45078
 	RESERVED
 CVE-2022-45077 (Auth. (subscriber+) PHP Object Injection vulnerability in Betheme them ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-45076
 	RESERVED
 CVE-2022-45075
@@ -1392,19 +1392,19 @@ CVE-2022-45074
 CVE-2022-45073
 	RESERVED
 CVE-2022-45072 (Cross-Site Request Forgery (CSRF) vulnerability in WPML Multilingual C ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-45071 (Cross-Site Request Forgery (CSRF) vulnerability in WPML Multilingual C ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-45070
 	RESERVED
 CVE-2022-45069 (Auth. (contributor+) Privilege Escalation vulnerability in Crowdsignal ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-45068
 	RESERVED
 CVE-2022-45067
 	RESERVED
 CVE-2022-45066 (Auth. (subscriber+) Broken Access Control vulnerability in WooSwipe Wo ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-45065
 	RESERVED
 CVE-2022-45064
@@ -2233,7 +2233,7 @@ CVE-2022-44738
 CVE-2022-44737
 	RESERVED
 CVE-2022-44736 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Cham ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-44735
 	RESERVED
 CVE-2022-44734
@@ -2301,7 +2301,7 @@ CVE-2022-44727 (The EU Cookie Law GDPR (Banner + Blocker) module before 2.1.3 fo
 CVE-2022-44726
 	RESERVED
 CVE-2022-44725 (OPC Foundation Local Discovery Server (LDS) through 1.04.403.478 uses  ...)
-	TODO: check
+	NOT-FOR-US: OPC Foundation Local Discovery Server (LDS)
 CVE-2022-44724 (The Handy Tip macro in Stiltsoft Handy Macros for Confluence Server/Da ...)
 	NOT-FOR-US: Stiltsoft
 CVE-2022-44723
@@ -3789,7 +3789,7 @@ CVE-2022-44593
 CVE-2022-44592
 	RESERVED
 CVE-2022-44591 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Anth ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-44590 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-44589
@@ -3817,7 +3817,7 @@ CVE-2022-44579
 CVE-2022-44578
 	RESERVED
 CVE-2022-44577 (Auth. CSV Injection vulnerability in Export Users With Meta plugin &lt ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-44576 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Agen ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-44575
@@ -4131,21 +4131,21 @@ CVE-2022-44458
 CVE-2022-44457 (A vulnerability has been identified in Mendix SAML Module (Mendix 7 co ...)
 	NOT-FOR-US: Siemens
 CVE-2022-43506 (SQL Injection in HandlerTag_KID.ashx in Delta Electronics DIAEnergie v ...)
-	TODO: check
+	NOT-FOR-US: Delta Electronics
 CVE-2022-43495 (OpenHarmony-v3.1.2 and prior versions had a DOS vulnerability in distr ...)
 	NOT-FOR-US: OpenHarmony
 CVE-2022-43457 (SQL Injection in HandlerPage_KID.ashx in Delta Electronics DIAEnergie  ...)
-	TODO: check
+	NOT-FOR-US: Delta Electronics
 CVE-2022-43452 (SQL Injection in FtyInfoSetting.aspx in Delta Electronics DIAEnergie v ...)
-	TODO: check
+	NOT-FOR-US: Delta Electronics
 CVE-2022-43451 (OpenHarmony-v3.1.2 and prior versions had an Multiple path traversal v ...)
 	NOT-FOR-US: OpenHarmony
 CVE-2022-43449 (OpenHarmony-v3.1.2 and prior versions had an Arbitrary file read vulne ...)
 	NOT-FOR-US: OpenHarmony
 CVE-2022-43447 (SQL Injection in AM_EBillAnalysis.aspx in Delta Electronics DIAEnergie ...)
-	TODO: check
+	NOT-FOR-US: Delta Electronics
 CVE-2022-41775 (SQL Injection in Handler_CFG.ashx in Delta Electronics DIAEnergie vers ...)
-	TODO: check
+	NOT-FOR-US: Delta Electronics
 CVE-2022-3780 (Database connections on deleted users could stay active on MySQL data  ...)
 	NOT-FOR-US: Devolutions Remote Desktop Manager
 CVE-2022-3779
@@ -5101,7 +5101,7 @@ CVE-2022-44003 (An issue was discovered in BACKCLICK Professional 5.9.63. Due to
 CVE-2022-44002 (An issue was discovered in BACKCLICK Professional 5.9.63. Due to insuf ...)
 	NOT-FOR-US: BACKCLICK Professional
 CVE-2022-44001 (An issue was discovered in BACKCLICK Professional 5.9.63. User authent ...)
-	TODO: check
+	NOT-FOR-US: BACKCLICK Professional
 CVE-2022-44000 (An issue was discovered in BACKCLICK Professional 5.9.63. Due to an ex ...)
 	NOT-FOR-US: BACKCLICK Professional
 CVE-2022-43999 (An issue was discovered in BACKCLICK Professional 5.9.63. Due to expos ...)
@@ -8227,7 +8227,7 @@ CVE-2022-41831
 CVE-2022-41805
 	RESERVED
 CVE-2022-41791 (Auth. (subscriber+) CSV Injection vulnerability in ProfileGrid plugin  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-41790
 	RESERVED
 CVE-2022-41788
@@ -8740,7 +8740,7 @@ CVE-2022-43334
 CVE-2022-43333
 	RESERVED
 CVE-2022-43332 (A cross-site scripting (XSS) vulnerability in Wondercms v3.3.4 allows  ...)
-	TODO: check
+	NOT-FOR-US: Wondercms
 CVE-2022-43331 (Canteen Management System v1.0 was discovered to contain a SQL injecti ...)
 	NOT-FOR-US: Canteen Management System
 CVE-2022-43330 (Canteen Management System v1.0 was discovered to contain a SQL injecti ...)
@@ -8788,7 +8788,7 @@ CVE-2022-43310 (An Uncontrolled Search Path Element in Foxit Software released F
 CVE-2022-43309
 	RESERVED
 CVE-2022-43308 (INTELBRAS SG 2404 MR 20180928-rel64938 allows authenticated attackers  ...)
-	TODO: check
+	NOT-FOR-US: INTELBRAS
 CVE-2022-43307
 	RESERVED
 CVE-2022-43306 (The d8s-timer for python, as distributed on PyPI, included a potential ...)
@@ -9050,7 +9050,7 @@ CVE-2022-43194
 CVE-2022-43193
 	RESERVED
 CVE-2022-43192 (An arbitrary file upload vulnerability in the component /dede/file_man ...)
-	TODO: check
+	NOT-FOR-US: Dedecms
 CVE-2022-43191
 	RESERVED
 CVE-2022-43190
@@ -9068,7 +9068,7 @@ CVE-2022-43185 (A stored cross-site scripting (XSS) vulnerability in the Configu
 CVE-2022-43184 (D-Link DIR878 1.30B08 Hotfix_04 was discovered to contain a command in ...)
 	NOT-FOR-US: D-Link
 CVE-2022-43183 (XXL-Job before v2.3.1 contains a Server-Side Request Forgery (SSRF) vi ...)
-	TODO: check
+	NOT-FOR-US: XXL-Job
 CVE-2022-43182
 	RESERVED
 CVE-2022-43181
@@ -9076,7 +9076,7 @@ CVE-2022-43181
 CVE-2022-43180
 	RESERVED
 CVE-2022-43179 (Online Leave Management System v1.0 was discovered to contain a SQL in ...)
-	TODO: check
+	NOT-FOR-US: Online Leave Management System
 CVE-2022-43178
 	RESERVED
 CVE-2022-43177
@@ -9092,7 +9092,7 @@ CVE-2022-43173
 CVE-2022-43172
 	RESERVED
 CVE-2022-43171 (A heap buffer overflow in the LIEF::MachO::BinaryParser::parse_dyldinf ...)
-	TODO: check
+	NOT-FOR-US: LIEF
 CVE-2022-43170 (A stored cross-site scripting (XSS) vulnerability in the Dashboard Con ...)
 	NOT-FOR-US: Rukovoditel
 CVE-2022-43169 (A stored cross-site scripting (XSS) vulnerability in the Users Access  ...)
@@ -9108,9 +9108,9 @@ CVE-2022-43165 (A stored cross-site scripting (XSS) vulnerability in the Global
 CVE-2022-43164 (A stored cross-site scripting (XSS) vulnerability in the Global Lists  ...)
 	NOT-FOR-US: Rukovoditel
 CVE-2022-43163 (Online Diagnostic Lab Management System v1.0 was discovered to contain ...)
-	TODO: check
+	NOT-FOR-US: Online Diagnostic Lab Management System
 CVE-2022-43162 (Online Diagnostic Lab Management System v1.0 was discovered to contain ...)
-	TODO: check
+	NOT-FOR-US: Online Diagnostic Lab Management System
 CVE-2022-43161
 	RESERVED
 CVE-2022-43160
@@ -9245,7 +9245,7 @@ CVE-2022-43098
 CVE-2022-43097
 	RESERVED
 CVE-2022-43096 (Mediatrix 4102 before v48.5.2718 allows local attackers to gain root a ...)
-	TODO: check
+	NOT-FOR-US: Mediatrix
 CVE-2022-43095
 	RESERVED
 CVE-2022-43094
@@ -9972,7 +9972,7 @@ CVE-2022-42905 (In wolfSSL before 5.5.2, if callback functions are enabled (via
 CVE-2022-42904
 	RESERVED
 CVE-2022-42903 (Zoho ManageEngine SupportCenter Plus through 11024 allows low-privileg ...)
-	TODO: check
+	NOT-FOR-US: Zoho ManageEngine
 CVE-2022-42902 (In Linaro Automated Validation Architecture (LAVA) before 2022.10, the ...)
 	{DSA-5260-1 DLA-3192-1}
 	- lava 2022.10-1 (bug #1021737)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d892b37779dddd24456f90e9acb34051f3c2b891

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d892b37779dddd24456f90e9acb34051f3c2b891
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221118/660a6875/attachment.htm>

More information about the debian-security-tracker-commits mailing list