[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Thu Nov 24 09:05:06 GMT 2022
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
5c3e7bb3 by Moritz Muehlenhoff at 2022-11-24T10:04:43+01:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,7 +1,7 @@
CVE-2022-45873 (systemd 250 and 251 allows local users to achieve a systemd-coredump d ...)
TODO: check
CVE-2022-45872 (iTerm2 before 3.4.18 mishandles a DECRQSS response. ...)
- TODO: check
+ NOT-FOR-US: iTerm2
CVE-2022-45871
RESERVED
CVE-2022-45870
@@ -13,7 +13,7 @@ CVE-2022-45868 (The web-based admin console in H2 Database Engine through 2.1.21
CVE-2022-45867
RESERVED
CVE-2022-45866 (qpress before PierreLvx/qpress 20220819 and before version 11.3, as us ...)
- TODO: check
+ NOT-FOR-US: qpress
CVE-2022-4136
RESERVED
CVE-2022-4135
@@ -868,7 +868,7 @@ CVE-2022-45485
CVE-2022-45484
RESERVED
CVE-2022-4105 (A stored XSS in a kiwi Test Plan can run malicious javascript which co ...)
- TODO: check
+ NOT-FOR-US: kiwi Test Plan
CVE-2022-4104
RESERVED
CVE-2022-4103
@@ -992,7 +992,7 @@ CVE-2022-45474 (drachtio-server 0.8.18 has a request-handler.cpp event_cb use-af
CVE-2022-45473 (In drachtio-server 0.8.18, /var/log/drachtio has mode 0777 and drachti ...)
NOT-FOR-US: drachtio-server
CVE-2022-45472 (CAE LearningSpace Enterprise (with Intuity License) image 267r patch 6 ...)
- TODO: check
+ NOT-FOR-US: CAE LearningSpace Enterprise
CVE-2022-45471 (In JetBrains Hub before 2022.3.15181 Throttling was missed when sendin ...)
NOT-FOR-US: JetBrains Hub
CVE-2022-45470 (** UNSUPPORTED WHEN ASSIGNED ** missing input validation in Apache Ham ...)
@@ -1137,7 +1137,7 @@ CVE-2022-4021 (The Permalink Manager Lite plugin for WordPress is vulnerable to
CVE-2022-4020
RESERVED
CVE-2022-4019 (A denial-of-service vulnerability in the Mattermost Playbooks plugin a ...)
- TODO: check
+ NOT-FOR-US: Mattermost plugin
CVE-2022-4018 (Missing Authentication for Critical Function in GitHub repository ikus ...)
- rdiffweb <itp> (bug #969974)
CVE-2022-4017
@@ -1824,15 +1824,15 @@ CVE-2022-45282
CVE-2022-45281
RESERVED
CVE-2022-45280 (A cross-site scripting (XSS) vulnerability in the Url parameter in /lo ...)
- TODO: check
+ NOT-FOR-US: EyouCMS
CVE-2022-45279
RESERVED
CVE-2022-45278 (Jizhicms v2.3.3 was discovered to contain a SQL injection vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: Jizhicms
CVE-2022-45277
RESERVED
CVE-2022-45276 (An issue in the /index/user/user_edit.html component of YJCMS v1.0.9 a ...)
- TODO: check
+ NOT-FOR-US: YJCMS
CVE-2022-45275
RESERVED
CVE-2022-45274
@@ -3301,9 +3301,9 @@ CVE-2023-21405
CVE-2023-21404
RESERVED
CVE-2022-44749 (A directory traversal vulnerability in the ZIP archive extraction rout ...)
- TODO: check
+ NOT-FOR-US: KNIME
CVE-2022-44748 (A directory traversal vulnerability in the ZIP archive extraction rout ...)
- TODO: check
+ NOT-FOR-US: KNIME
CVE-2022-44731
RESERVED
CVE-2022-44730
@@ -5837,7 +5837,7 @@ CVE-2022-44142
CVE-2022-44141
RESERVED
CVE-2022-44140 (Jizhicms v2.3.3 was discovered to contain a SQL injection vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: Jizhicms
CVE-2022-44139 (Apartment Visitor Management System v1.0 is vulnerable to SQL Injectio ...)
NOT-FOR-US: Apartment Visitor Management System
CVE-2022-44138
@@ -5877,13 +5877,13 @@ CVE-2022-44122
CVE-2022-44121
RESERVED
CVE-2022-44120 (dedecmdv6 6.1.9 is vulnerable to SQL Injection. via sys_sql_query.php. ...)
- TODO: check
+ NOT-FOR-US: dedecmdv6
CVE-2022-44119
RESERVED
CVE-2022-44118 (dedecmdv6 v6.1.9 is vulnerable to Remote Code Execution (RCE) via file ...)
- TODO: check
+ NOT-FOR-US: dedecmdv6
CVE-2022-44117 (Boa 0.94.14rc21 is vulnerable to SQL Injection via username. ...)
- TODO: check
+ - boa <removed>
CVE-2022-44116
RESERVED
CVE-2022-44115
@@ -6185,7 +6185,7 @@ CVE-2022-43979
CVE-2022-43978
RESERVED
CVE-2022-3750 (The has a CSRF vulnerability that allows the deletion of a post withou ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-3749
RESERVED
CVE-2022-3748
@@ -8667,7 +8667,7 @@ CVE-2022-43687 (Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0
CVE-2022-43686 (In Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 an ...)
NOT-FOR-US: Concrete CMS
CVE-2022-43685 (CKAN through 2.9.6 account takeovers by unauthenticated users when an ...)
- TODO: check
+ NOT-FOR-US: CKAN
CVE-2022-43684
RESERVED
CVE-2022-43683
@@ -10048,7 +10048,7 @@ CVE-2022-43198
CVE-2022-43197
RESERVED
CVE-2022-43196 (dedecmdv6 v6.1.9 is vulnerable to Arbitrary file deletion via file_man ...)
- TODO: check
+ NOT-FOR-US: dedecmdv6
CVE-2022-43195
RESERVED
CVE-2022-43194
@@ -10157,7 +10157,7 @@ CVE-2022-43145
CVE-2022-43144 (A cross-site scripting (XSS) vulnerability in Canteen Management Syste ...)
NOT-FOR-US: Canteen Management System
CVE-2022-43143 (A cross-site scripting (XSS) vulnerability in Beekeeper Studio v3.6.6 ...)
- TODO: check
+ NOT-FOR-US: Beekeeper Studio
CVE-2022-43142 (A cross-site scripting (XSS) vulnerability in the add-fee.php componen ...)
NOT-FOR-US: Password Storage Application
CVE-2022-43141
@@ -13292,19 +13292,19 @@ CVE-2022-41937 (XWiki Platform is a generic wiki platform offering runtime servi
CVE-2022-41936 (XWiki Platform is a generic wiki platform offering runtime services fo ...)
NOT-FOR-US: XWiki
CVE-2022-41935 (XWiki Platform is a generic wiki platform offering runtime services fo ...)
- TODO: check
+ NOT-FOR-US: XWiki
CVE-2022-41934 (XWiki Platform is a generic wiki platform offering runtime services fo ...)
- TODO: check
+ NOT-FOR-US: XWiki
CVE-2022-41933 (XWiki Platform is a generic wiki platform offering runtime services fo ...)
- TODO: check
+ NOT-FOR-US: XWiki
CVE-2022-41932 (XWiki Platform is a generic wiki platform offering runtime services fo ...)
- TODO: check
+ NOT-FOR-US: XWiki
CVE-2022-41931 (xwiki-platform-icon-ui is vulnerable to Improper Neutralization of Dir ...)
- TODO: check
+ NOT-FOR-US: XWiki
CVE-2022-41930 (org.xwiki.platform:xwiki-platform-user-profile-ui is missing authoriza ...)
- TODO: check
+ NOT-FOR-US: XWiki
CVE-2022-41929 (org.xwiki.platform:xwiki-platform-oldcore is missing authorization in ...)
- TODO: check
+ NOT-FOR-US: XWiki
CVE-2022-41928 (XWiki Platform vulnerable to Improper Neutralization of Directives in ...)
NOT-FOR-US: XWiki
CVE-2022-41927 (XWiki Platform is vulnerable to Cross-Site Request Forgery (CSRF) that ...)
@@ -14603,9 +14603,9 @@ CVE-2022-41448
CVE-2022-41447
RESERVED
CVE-2022-41446 (An access control issue in /Admin/dashboard.php of Record Management S ...)
- TODO: check
+ NOT-FOR-US: Record Management System
CVE-2022-41445 (A cross-site scripting (XSS) vulnerability in Record Management System ...)
- TODO: check
+ NOT-FOR-US: Record Management System
CVE-2022-41444
RESERVED
CVE-2022-41443 (phpipam v1.5.0 was discovered to contain a header injection vulnerabil ...)
@@ -15997,7 +15997,7 @@ CVE-2022-40872 (An SQL injection vulnerability issue was discovered in Sourcecod
CVE-2022-40871 (Dolibarr ERP & CRM <=15.0.3 is vulnerable to Eval injection. By ...)
- dolibarr <removed>
CVE-2022-40870 (The Web Client of Parallels Remote Application Server v18.0 is vulnera ...)
- TODO: check
+ NOT-FOR-US: Parallels
CVE-2022-40869 (Tenda AC15 and AC18 routers V15.03.05.19 contain stack overflow vulner ...)
NOT-FOR-US: Tenda
CVE-2022-40868 (Tenda W20E router V15.11.0.6 (US_W20EV4.0br_V15.11.0.6(1068_1546_841)_ ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5c3e7bb386d9ad65cfa20c09aea891f06fd74c0d
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5c3e7bb386d9ad65cfa20c09aea891f06fd74c0d
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221124/7982c8bd/attachment.htm>
More information about the debian-security-tracker-commits
mailing list