[Git][security-tracker-team/security-tracker][master] Process NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Sat Nov 19 09:16:13 GMT 2022 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
d8b761b9 by Salvatore Bonaccorso at 2022-11-19T10:15:50+01:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -683,7 +683,7 @@ CVE-2022-45371
 CVE-2022-45370
 	RESERVED
 CVE-2022-45369 (Auth. (subscriber+) Broken Access Control vulnerability in Plugin for  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-45368
 	RESERVED
 CVE-2022-45367
@@ -1182,7 +1182,7 @@ CVE-2022-45165
 CVE-2022-45164
 	RESERVED
 CVE-2022-45163 (An information-disclosure vulnerability exists on select NXP devices w ...)
-	TODO: check
+	NOT-FOR-US: NXP devices
 CVE-2022-45162
 	RESERVED
 CVE-2022-45161
@@ -1417,7 +1417,7 @@ CVE-2022-45084
 CVE-2022-45083
 	RESERVED
 CVE-2022-45082 (Multiple Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerabilit ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-45081
 	RESERVED
 CVE-2022-45080
@@ -1435,7 +1435,7 @@ CVE-2022-45075
 CVE-2022-45074
 	RESERVED
 CVE-2022-45073 (Cross-Site Request Forgery (CSRF) vulnerability in REST API Authentica ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-45072 (Cross-Site Request Forgery (CSRF) vulnerability in WPML Multilingual C ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-45071 (Cross-Site Request Forgery (CSRF) vulnerability in WPML Multilingual C ...)
@@ -2270,7 +2270,7 @@ CVE-2022-44742
 CVE-2022-44741 (Cross-Site Request Forgery (CSRF) vulnerability leading to Cross-Site  ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-44740 (Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in Creative ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-44739
 	RESERVED
 CVE-2022-44738
@@ -3584,7 +3584,7 @@ CVE-2021-46853 (Alpine before 2.25 allows remote attackers to cause a denial of
 CVE-2022-44635
 	RESERVED
 CVE-2022-44634 (Auth. (admin+) Arbitrary File Read vulnerability in S2W – Import ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-44633
 	RESERVED
 CVE-2022-44632
@@ -3848,9 +3848,9 @@ CVE-2022-44586 (Auth. (admin+) Stored Cross-Site Scripting (XSS) in Ayoub Media
 CVE-2022-44585
 	RESERVED
 CVE-2022-44584 (Unauth. Arbitrary File Deletion vulnerability in WatchTowerHQ plugin & ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-44583 (Unauth. Arbitrary File Download vulnerability in WatchTowerHQ plugin & ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-44582
 	RESERVED
 CVE-2022-44581
@@ -7735,7 +7735,7 @@ CVE-2022-43675
 CVE-2022-43674
 	RESERVED
 CVE-2022-43673 (Wire through 3.22.3993 on Windows advertises deletion of sent messages ...)
-	TODO: check
+	NOT-FOR-US: Wire
 CVE-2022-43672 (Zoho ManageEngine Password Manager Pro before 12122, PAM360 before 571 ...)
 	NOT-FOR-US: Zoho ManageEngine
 CVE-2022-43671 (Zoho ManageEngine Password Manager Pro before 12122, PAM360 before 571 ...)
@@ -8171,7 +8171,7 @@ CVE-2022-43513
 CVE-2022-43499
 	RESERVED
 CVE-2022-43492 (Auth. (subscriber+) Insecure Direct Object References (IDOR) vulnerabi ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-43491 (Cross-Site Request Forgery (CSRF) vulnerability in Advanced Dynamic Pr ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-43490
@@ -8225,7 +8225,7 @@ CVE-2022-42888
 CVE-2022-42884
 	RESERVED
 CVE-2022-42883 (Sensitive Information Disclosure vulnerability discovered by Quiz And  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-42882
 	RESERVED
 CVE-2022-42880
@@ -8233,9 +8233,9 @@ CVE-2022-42880
 CVE-2022-42699
 	RESERVED
 CVE-2022-42698 (Unauth. Arbitrary File Upload vulnerability in WordPress Api2Cart Brid ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-42497 (Arbitrary Code Execution vulnerability in Api2Cart Bridge Connector pl ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-42494 (Server Side Request Forgery (SSRF) vulnerability in All in One SEO Pro ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-42485
@@ -8249,7 +8249,7 @@ CVE-2022-42461 (Broken Access Control vulnerability in miniOrange's Google Authe
 CVE-2022-42460 (Broken Access Control vulnerability leading to Stored Cross-Site Scrip ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-42459 (Auth. WordPress Options Change vulnerability in Image Hover Effects Ul ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-41996 (Cross-Site Request Forgery (CSRF) vulnerability in ThemeFusion Avada p ...)
 	NOT-FOR-US: WordPress theme
 CVE-2022-41995
@@ -8267,7 +8267,7 @@ CVE-2022-41978 (Auth. (subscriber+) Arbitrary Options Update vulnerability in Zo
 CVE-2022-41840 (Unauth. Directory Traversal vulnerability in Welcart eCommerce plugin  ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-41839 (Broken Access Control vulnerability in WordPress LoginPress plugin &lt ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-41831
 	RESERVED
 CVE-2022-41805 (Cross-Site Request Forgery (CSRF) vulnerability in Booster for WooComm ...)
@@ -8277,7 +8277,7 @@ CVE-2022-41791 (Auth. (subscriber+) CSV Injection vulnerability in ProfileGrid p
 CVE-2022-41790
 	RESERVED
 CVE-2022-41788 (Auth. (subscriber+) Cross-Site Scripting (XSS) vulnerability in Soleda ...)
-	TODO: check
+	NOT-FOR-US: WordPress theme
 CVE-2022-41786
 	RESERVED
 CVE-2022-41785
@@ -8291,7 +8291,7 @@ CVE-2022-41695
 CVE-2022-41692 (Missing Authorization vulnerability in Appointment Hour Booking plugin ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-41685 (Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in Viszt P& ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-41652 (Bypass vulnerability in Quiz And Survey Master plugin <= 7.3.10 on  ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-41619
@@ -8301,11 +8301,11 @@ CVE-2022-41554
 CVE-2022-40968
 	RESERVED
 CVE-2022-40963 (Multiple Auth. (author+) Stored Cross-Site Scripting (XSS) vulnerabili ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-40698 (Auth. (subscriber+) Cross-Site Scripting (XSS) vulnerability in Quiz A ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-40695 (Multiple Cross-Site Scripting (CSRF) vulnerabilities in SEO Redirectio ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-40692
 	RESERVED
 CVE-2022-40687 (Cross-Site Request Forgery (CSRF) vulnerability in Creative Mail plugi ...)
@@ -10015,7 +10015,7 @@ CVE-2022-42905 (In wolfSSL before 5.5.2, if callback functions are enabled (via
 	- wolfssl 5.5.3-1
 	NOTE: Fixed in 5.5.2 (https://www.wolfssl.com/docs/security-vulnerabilities/)
 CVE-2022-42904 (Zoho ManageEngine ADManager Plus through 7151 allows authenticated adm ...)
-	TODO: check
+	NOT-FOR-US: Zoho ManageEngine
 CVE-2022-42903 (Zoho ManageEngine SupportCenter Plus through 11024 allows low-privileg ...)
 	NOT-FOR-US: Zoho ManageEngine
 CVE-2022-42902 (In Linaro Automated Validation Architecture (LAVA) before 2022.10, the ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d8b761b94122b93d232aa6824ff63e6ab55118e0

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d8b761b94122b93d232aa6824ff63e6ab55118e0
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221119/75bebc8c/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list