[Git][security-tracker-team/security-tracker][master] Process some NFUs

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
f6440abe by Salvatore Bonaccorso at 2022-11-20T12:17:29+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,11 +1,11 @@
 CVE-2022-4070 (Insufficient Session Expiration in GitHub repository librenms/librenms ...)
-	TODO: check
+	NOT-FOR-US: LibreNMS
 CVE-2022-4069 (Cross-site Scripting (XSS) - Generic in GitHub repository librenms/lib ...)
-	TODO: check
+	NOT-FOR-US: LibreNMS
 CVE-2022-4068 (A user is able to enable their own account if it was disabled by an ad ...)
-	TODO: check
+	NOT-FOR-US: LibreNMS
 CVE-2022-4067 (Cross-site Scripting (XSS) - Stored in GitHub repository librenms/libr ...)
-	TODO: check
+	NOT-FOR-US: LibreNMS
 CVE-2022-4066 (A vulnerability was found in davidmoreno onion. It has been rated as p ...)
 	TODO: check
 CVE-2022-4065 (A vulnerability was found in cbeust testng. It has been declared as cr ...)
@@ -9577,9 +9577,9 @@ CVE-2022-3563 (A vulnerability classified as problematic has been found in Linux
 	NOTE: Fixed by: https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=e3c92f1f786f0b55440bd908b55894d0c792cf0e (5.65)
 	NOTE: Introduced by: https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=bc3a76f01f461db19381f1922cdaeac222dfd374 (5.56)
 CVE-2022-3562 (Cross-site Scripting (XSS) - Stored in GitHub repository librenms/libr ...)
-	TODO: check
+	NOT-FOR-US: LibreNMS
 CVE-2022-3561 (Cross-site Scripting (XSS) - Generic in GitHub repository librenms/lib ...)
-	TODO: check
+	NOT-FOR-US: LibreNMS
 CVE-2022-3560
 	RESERVED
 CVE-2022-3559 (A vulnerability was found in Exim and classified as problematic. This  ...)
@@ -9720,7 +9720,7 @@ CVE-2022-3526 (A vulnerability classified as problematic was found in Linux Kern
 	[buster] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/e16b859872b87650bb55b12cca5a5fcdc49c1442
 CVE-2022-3525 (Deserialization of Untrusted Data in GitHub repository librenms/libren ...)
-	TODO: check
+	NOT-FOR-US: LibreNMS
 CVE-2022-3524 (A vulnerability was found in Linux Kernel. It has been declared as pro ...)
 	- linux 6.0.7-1
 	NOTE: https://git.kernel.org/linus/3c52c6bb831f6335c176a0fc7214e26f43adbd11
@@ -9899,7 +9899,7 @@ CVE-2022-3517 (A vulnerability was found in the minimatch package. This flaw all
 	NOTE: https://github.com/grafana/grafana-image-renderer/issues/329
 	NOTE: https://github.com/isaacs/minimatch/commit/a8763f4388e51956be62dc6025cec1126beeb5e6 (v3.0.5)
 CVE-2022-3516 (Cross-site Scripting (XSS) - Stored in GitHub repository librenms/libr ...)
-	TODO: check
+	NOT-FOR-US: LibreNMS
 CVE-2022-3515
 	RESERVED
 	{DSA-5255-1 DLA-3153-1}
@@ -13084,7 +13084,7 @@ CVE-2022-41638 (Auth. Stored Cross-Site Scripting (XSS) in Pop-Up Chop Chop plug
 CVE-2022-41635
 	RESERVED
 CVE-2022-41634 (Cross-Site Request Forgery (CSRF) vulnerability in Media Library Folde ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-41633
 	RESERVED
 CVE-2022-41623 (Sensitive Data Exposure in Villatheme ALD - AliExpress Dropshipping an ...)
@@ -13092,15 +13092,15 @@ CVE-2022-41623 (Sensitive Data Exposure in Villatheme ALD - AliExpress Dropshipp
 CVE-2022-41620
 	RESERVED
 CVE-2022-41618 (Unauthenticated Error Log Disclosure vulnerability in Media Library As ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-41616
 	RESERVED
 CVE-2022-41615 (Cross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF) vulne ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-41612
 	RESERVED
 CVE-2022-41609 (Auth. (subscriber+) Server-Side Request Forgery (SSRF) vulnerability i ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-41608
 	RESERVED
 CVE-2022-41606 (HashiCorp Nomad and Nomad Enterprise 1.0.2 up to 1.2.12, and 1.3.5 job ...)
@@ -13183,11 +13183,11 @@ CVE-2022-41569
 CVE-2022-41315 (Auth. Stored Cross-Site Scripting (XSS) vulnerability in Ezoic plugin  ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-41155 (Block BYPASS vulnerability in iQ Block Country plugin <= 1.2.18 on  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-41136 (Cross-Site Request Forgery (CSRF) vulnerability leading to Stored Cros ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-41135 (Unauth. Plugin Settings Change vulnerability in Modula plugin <= 2. ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-41134
 	RESERVED
 CVE-2022-41132 (Unauthenticated Plugin Settings Change Leading To Stored XSS Vulnerabi ...)
@@ -13211,7 +13211,7 @@ CVE-2022-40311 (Auth. (admin+) Stored Cross-Site Scripting (XSS) in Fatcat Apps
 CVE-2022-40218
 	RESERVED
 CVE-2022-40216 (Auth. (subscriber+) Messaging Block Bypass vulnerability in Better Mes ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-40209
 	RESERVED
 CVE-2022-40203
@@ -13219,7 +13219,7 @@ CVE-2022-40203
 CVE-2022-40192 (Cross-Site Request Forgery (CSRF) vulnerability in wpForo Forum plugin ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-40130 (Auth. (subscriber+) Race Condition vulnerability in WP-Polls plugin &l ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-40128 (Cross-Site Request Forgery (CSRF) vulnerability in Advanced Order Expo ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-39044



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f6440abecd4113b0ba2928d63f37d9a2e3c02992

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f6440abecd4113b0ba2928d63f37d9a2e3c02992
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221120/6d28206f/attachment-0001.htm>