[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Nov 18 20:20:30 GMT 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
a7223ae0 by Salvatore Bonaccorso at 2022-11-18T21:20:05+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,11 +1,11 @@
CVE-2022-45474 (drachtio-server 0.8.18 has a request-handler.cpp event_cb use-after-fr ...)
- TODO: check
+ NOT-FOR-US: drachtio-server
CVE-2022-45473 (In drachtio-server 0.8.18, /var/log/drachtio has mode 0777 and drachti ...)
- TODO: check
+ NOT-FOR-US: drachtio-server
CVE-2022-45472
RESERVED
CVE-2022-45471 (In JetBrains Hub before 2022.3.15181 Throttling was missed when sendin ...)
- TODO: check
+ NOT-FOR-US: JetBrains Hub
CVE-2022-45470
RESERVED
CVE-2022-44456
@@ -2059,7 +2059,7 @@ CVE-2022-44822
CVE-2022-44821
RESERVED
CVE-2022-44820 (Automotive Shop Management System v1.0 is vulnerable to SQL Injection ...)
- TODO: check
+ NOT-FOR-US: Automotive Shop Management System
CVE-2022-44819
RESERVED
CVE-2022-44818
@@ -4289,11 +4289,11 @@ CVE-2022-44417
CVE-2022-44416
RESERVED
CVE-2022-44415 (Automotive Shop Management System v1.0 is vulnerable to SQL Injection ...)
- TODO: check
+ NOT-FOR-US: Automotive Shop Management System
CVE-2022-44414 (Automotive Shop Management System v1.0 is vulnerable to SQL Injection ...)
- TODO: check
+ NOT-FOR-US: Automotive Shop Management System
CVE-2022-44413 (Automotive Shop Management System v1.0 is vulnerable to SQL Injection ...)
- TODO: check
+ NOT-FOR-US: Automotive Shop Management System
CVE-2022-44412
RESERVED
CVE-2022-44411
@@ -4361,9 +4361,9 @@ CVE-2022-44381
CVE-2022-44380
RESERVED
CVE-2022-44379 (Automotive Shop Management System v1.0 is vulnerable to SQL Injection ...)
- TODO: check
+ NOT-FOR-US: Automotive Shop Management System
CVE-2022-44378 (Automotive Shop Management System v1.0 is vulnerable to SQL via /asms/ ...)
- TODO: check
+ NOT-FOR-US: Automotive Shop Management System
CVE-2022-44377
RESERVED
CVE-2022-44376
@@ -4711,7 +4711,7 @@ CVE-2022-44206
CVE-2022-44205
RESERVED
CVE-2022-44204 (D-Link DIR3060 DIR3060A1_FW111B04.bin is vulnerable to Buffer Overflow ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2022-44203
RESERVED
CVE-2022-44202
@@ -8156,7 +8156,7 @@ CVE-2022-43490
CVE-2022-43488 (Cross-Site Request Forgery (CSRF) vulnerability in Advanced Dynamic Pr ...)
NOT-FOR-US: WordPress plugin
CVE-2022-43482 (Missing Authorization vulnerability in Appointment Booking Calendar pl ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-43481 (Cross-Site Request Forgery (CSRF) vulnerability in Advanced Coupons fo ...)
NOT-FOR-US: WordPress plugin
CVE-2022-43480
@@ -8172,7 +8172,7 @@ CVE-2022-43471
CVE-2022-43469
RESERVED
CVE-2022-43463 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Cust ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-43462
RESERVED
CVE-2022-43461
@@ -8222,7 +8222,7 @@ CVE-2022-42479
CVE-2022-42462
RESERVED
CVE-2022-42461 (Broken Access Control vulnerability in miniOrange's Google Authenticat ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-42460 (Broken Access Control vulnerability leading to Stored Cross-Site Scrip ...)
NOT-FOR-US: WordPress plugin
CVE-2022-42459
@@ -8242,13 +8242,13 @@ CVE-2022-41980 (Auth. (admin+) Cross-Site Scripting (XSS) vulnerability in Mante
CVE-2022-41978 (Auth. (subscriber+) Arbitrary Options Update vulnerability in Zoho CRM ...)
NOT-FOR-US: WordPress plugin
CVE-2022-41840 (Unauth. Directory Traversal vulnerability in Welcart eCommerce plugin ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-41839
RESERVED
CVE-2022-41831
RESERVED
CVE-2022-41805 (Cross-Site Request Forgery (CSRF) vulnerability in Booster for WooComm ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-41791 (Auth. (subscriber+) CSV Injection vulnerability in ProfileGrid plugin ...)
NOT-FOR-US: WordPress plugin
CVE-2022-41790
@@ -8260,17 +8260,17 @@ CVE-2022-41786
CVE-2022-41785
RESERVED
CVE-2022-41781 (Broken Access Control vulnerability in Permalink Manager Lite plugin & ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-41698
RESERVED
CVE-2022-41695
RESERVED
CVE-2022-41692 (Missing Authorization vulnerability in Appointment Hour Booking plugin ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-41685
RESERVED
CVE-2022-41652 (Bypass vulnerability in Quiz And Survey Master plugin <= 7.3.10 on ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-41619
RESERVED
CVE-2022-41554
@@ -8286,9 +8286,9 @@ CVE-2022-40695
CVE-2022-40692
RESERVED
CVE-2022-40687 (Cross-Site Request Forgery (CSRF) vulnerability in Creative Mail plugi ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-40686 (Cross-Site Request Forgery (CSRF) vulnerability in Creative Mail plugi ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-38971
RESERVED
CVE-2022-38716
@@ -8298,7 +8298,7 @@ CVE-2022-38702
CVE-2022-38356
RESERVED
CVE-2022-38075 (Cross-Site Request Forgery (CSRF) vulnerability leading to Stored Cros ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-3648
RESERVED
CVE-2022-3647 (A vulnerability, which was classified as problematic, was found in Red ...)
@@ -15449,7 +15449,7 @@ CVE-2022-40193 (Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability
CVE-2022-40131 (Cross-Site Request Forgery (CSRF) vulnerability in a3rev Software Page ...)
NOT-FOR-US: WordPress plugin
CVE-2022-38974 (Broken Access Control vulnerability in WPML Multilingual CMS premium p ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-38468
RESERVED
CVE-2022-38461 (Broken Access Control vulnerability in WPML Multilingual CMS premium p ...)
@@ -62441,9 +62441,9 @@ CVE-2022-24040 (A vulnerability has been identified in Desigo DXR2 (All versions
CVE-2022-24039 (A vulnerability has been identified in Desigo PXC4 (All versions < ...)
NOT-FOR-US: Siemens
CVE-2022-24038 (Karmasis informatics solutions Infraskope Security Event Manager produ ...)
- TODO: check
+ NOT-FOR-US: Karmasis informatics solutions
CVE-2022-24037 (Karmasis informatics solutions Infraskope Security Event Manager produ ...)
- TODO: check
+ NOT-FOR-US: Karmasis informatics solutions
CVE-2022-24036 (Karmasis informatics solutions Infraskope Security Event Manager produ ...)
NOT-FOR-US: Karmasis
CVE-2022-23921 (Exploitation of this vulnerability may result in local privilege escal ...)
@@ -63986,7 +63986,7 @@ CVE-2022-23750
CVE-2022-23749
RESERVED
CVE-2022-23748 (mDNSResponder.exe is vulnerable to DLL Sideloading attack. Executable ...)
- TODO: check
+ NOT-FOR-US: Zoom
CVE-2022-23747 (In Sony Xperia series 1, 5, and Pro, an out of bound memory access can ...)
NOT-FOR-US: Sony
CVE-2022-23746
@@ -80210,9 +80210,9 @@ CVE-2022-20949 (A vulnerability in the management web server of Cisco Firepower
CVE-2022-20948
RESERVED
CVE-2022-20947 (A vulnerability in dynamic access policies (DAP) functionality of Cisc ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2022-20946 (A vulnerability in the generic routing encapsulation (GRE) tunnel deca ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2022-20945 (A vulnerability in the 802.11 association frame validation of Cisco Ca ...)
NOT-FOR-US: Cisco
CVE-2022-20944 (A vulnerability in the software image verification functionality of Ci ...)
@@ -80222,7 +80222,7 @@ CVE-2022-20943 (Multiple vulnerabilities in the Server Message Block Version 2 (
CVE-2022-20942 (A vulnerability in the web-based management interface of Cisco Email S ...)
NOT-FOR-US: Cisco
CVE-2022-20941 (A vulnerability in the web-based management interface of Cisco Firepow ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2022-20940 (A vulnerability in the TLS handler of Cisco Firepower Threat Defense ( ...)
TODO: check
CVE-2022-20939
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a7223ae0e1a1210ebefb44ea939d06fdc4114069
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a7223ae0e1a1210ebefb44ea939d06fdc4114069
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221118/6b619071/attachment.htm>
More information about the debian-security-tracker-commits
mailing list