[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Nov 25 20:24:49 GMT 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
1725b9b7 by Salvatore Bonaccorso at 2022-11-25T21:24:02+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -985,7 +985,7 @@ CVE-2022-4092
CVE-2022-44608
RESERVED
CVE-2022-4091 (A vulnerability was found in SourceCodester Canteen Management System. ...)
- TODO: check
+ NOT-FOR-US: SourceCodester Canteen Management System
CVE-2022-4090 (A vulnerability was found in rickxy Stock Management System and classi ...)
NOT-FOR-US: rickxy Stock Management System
CVE-2022-4089 (A vulnerability was found in rickxy Stock Management System. It has be ...)
@@ -1063,9 +1063,9 @@ CVE-2022-45478
CVE-2022-45477
RESERVED
CVE-2022-45476 (Tiny File Manager version 2.4.8 allows an unauthenticated remote attac ...)
- TODO: check
+ NOT-FOR-US: Tiny File Manager
CVE-2022-45475 (Tiny File Manager version 2.4.8 allows an unauthenticated remote attac ...)
- TODO: check
+ NOT-FOR-US: Tiny File Manager
CVE-2022-4063
RESERVED
CVE-2022-4062
@@ -2031,7 +2031,7 @@ CVE-2022-45220
CVE-2022-45219
RESERVED
CVE-2022-45218 (Human Resource Management System v1.0.0 was discovered to contain a cr ...)
- TODO: check
+ NOT-FOR-US: Human Resource Management System
CVE-2022-45217
RESERVED
CVE-2022-45216
@@ -2047,17 +2047,17 @@ CVE-2022-45212
CVE-2022-45211
RESERVED
CVE-2022-45210 (Jeecg-boot v3.4.3 was discovered to contain a SQL injection vulnerabil ...)
- TODO: check
+ NOT-FOR-US: Jeecg-boot
CVE-2022-45209
RESERVED
CVE-2022-45208 (Jeecg-boot v3.4.3 was discovered to contain a SQL injection vulnerabil ...)
- TODO: check
+ NOT-FOR-US: Jeecg-boot
CVE-2022-45207 (Jeecg-boot v3.4.3 was discovered to contain a SQL injection vulnerabil ...)
- TODO: check
+ NOT-FOR-US: Jeecg-boot
CVE-2022-45206 (Jeecg-boot v3.4.3 was discovered to contain a SQL injection vulnerabil ...)
- TODO: check
+ NOT-FOR-US: Jeecg-boot
CVE-2022-45205 (Jeecg-boot v3.4.3 was discovered to contain a SQL injection vulnerabil ...)
- TODO: check
+ NOT-FOR-US: Jeecg-boot
CVE-2022-45204
RESERVED
CVE-2022-45203
@@ -2699,15 +2699,15 @@ CVE-2022-45042
CVE-2022-45041
RESERVED
CVE-2022-45040 (A cross-site scripting (XSS) vulnerability in /admin/pages/sections_sa ...)
- TODO: check
+ NOT-FOR-US: WBCE CMS
CVE-2022-45039 (An arbitrary file upload vulnerability in the Server Settings module o ...)
- TODO: check
+ NOT-FOR-US: WBCE CMS
CVE-2022-45038 (A cross-site scripting (XSS) vulnerability in /admin/settings/save.php ...)
- TODO: check
+ NOT-FOR-US: WBCE CMS
CVE-2022-45037 (A cross-site scripting (XSS) vulnerability in /admin/users/index.php o ...)
- TODO: check
+ NOT-FOR-US: WBCE CMS
CVE-2022-45036 (A cross-site scripting (XSS) vulnerability in the Search Settings modu ...)
- TODO: check
+ NOT-FOR-US: WBCE CMS
CVE-2022-45035
RESERVED
CVE-2022-45034
@@ -3059,11 +3059,11 @@ CVE-2022-44862
CVE-2022-44861
RESERVED
CVE-2022-44860 (Automotive Shop Management System v1.0 was discovered to contain a SQL ...)
- TODO: check
+ NOT-FOR-US: Automotive Shop Management System
CVE-2022-44859 (Automotive Shop Management System v1.0 was discovered to contain a SQL ...)
- TODO: check
+ NOT-FOR-US: Automotive Shop Management System
CVE-2022-44858 (Automotive Shop Management System v1.0 was discovered to contain a SQL ...)
- TODO: check
+ NOT-FOR-US: Automotive Shop Management System
CVE-2022-44857
RESERVED
CVE-2022-44856
@@ -5383,7 +5383,7 @@ CVE-2022-44413 (Automotive Shop Management System v1.0 is vulnerable to SQL Inje
CVE-2022-44412
RESERVED
CVE-2022-44411 (Web Based Quiz System v1.0 transmits user passwords in plaintext durin ...)
- TODO: check
+ NOT-FOR-US: Web Based Quiz System
CVE-2022-44410
RESERVED
CVE-2022-44409
@@ -6255,9 +6255,9 @@ CVE-2022-43986
CVE-2022-43985 (In Apache Airflow versions prior to 2.4.2, there was an open redirect ...)
- airflow <itp> (bug #819700)
CVE-2022-43984 (Browsershot version 3.57.3 allows an external attacker to remotely obt ...)
- TODO: check
+ NOT-FOR-US: Browsershot
CVE-2022-43983 (Browsershot version 3.57.2 allows an external attacker to remotely obt ...)
- TODO: check
+ NOT-FOR-US: Browsershot
CVE-2022-3752
RESERVED
CVE-2022-3751
@@ -13331,7 +13331,7 @@ CVE-2022-41960
CVE-2022-41959
RESERVED
CVE-2022-41958 (super-xray is a web vulnerability scanning tool. Versions prior to 0.7 ...)
- TODO: check
+ NOT-FOR-US: super-xray
CVE-2022-41957
RESERVED
CVE-2022-41956
@@ -13991,7 +13991,7 @@ CVE-2022-41714 (fastest-json-copy version 1.0.1 allows an external attacker to e
CVE-2022-41713 (deep-object-diff version 1.1.0 allows an external attacker to edit or ...)
NOT-FOR-US: deep-object-diff Nodejs module
CVE-2022-41712 (Frappe version 14.10.0 allows an external attacker to remotely obtain ...)
- TODO: check
+ NOT-FOR-US: Frappe Framework
CVE-2022-41711 (Badaso version 2.6.0 allows an unauthenticated remote attacker to exec ...)
NOT-FOR-US: Badaso
CVE-2022-41710 (Markdownify version 1.4.1 allows an external attacker to remotely obta ...)
@@ -14003,9 +14003,9 @@ CVE-2022-41708 (Relatedcode's Messenger version 7bcd20b allows an authenticated
CVE-2022-41707 (Relatedcode's Messenger version 7bcd20b allows an authenticated extern ...)
NOT-FOR-US: Relatedcode's Messenger
CVE-2022-41706 (Browsershot version 3.57.2 allows an external attacker to remotely obt ...)
- TODO: check
+ NOT-FOR-US: Browsershot
CVE-2022-41705 (Badaso version 2.6.3 allows an unauthenticated remote attacker to exec ...)
- TODO: check
+ NOT-FOR-US: Badaso
CVE-2022-41704 (A vulnerability in Batik of Apache XML Graphics allows an attacker to ...)
{DSA-5264-1 DLA-3169-1}
- batik 1.16+dfsg-1
@@ -21149,7 +21149,7 @@ CVE-2022-38815
CVE-2022-38814 (A stored cross-site scripting (XSS) vulnerability in the auth_settings ...)
NOT-FOR-US: FiberHome
CVE-2022-38813 (PHPGurukul Blood Donor Management System 1.0 does not properly restric ...)
- TODO: check
+ NOT-FOR-US: PHPGurukul Blood Donor Management System
CVE-2022-38812 (AeroCMS 0.1.1 is vulnerable to SQL Injection via the author parameter. ...)
NOT-FOR-US: AeroCMS
CVE-2022-38811
@@ -21361,7 +21361,7 @@ CVE-2022-38769 (The mobile application in Transtek Mojodat FAM (Fixed Asset Mana
CVE-2022-38768 (The mobile application in Transtek Mojodat FAM (Fixed Asset Management ...)
NOT-FOR-US: Transtek
CVE-2022-38767 (An issue was discovered in Wind River VxWorks 6.9 and 7, that allows a ...)
- TODO: check
+ NOT-FOR-US: Wind River VxWorks
CVE-2022-38766
RESERVED
CVE-2022-38765
@@ -22732,7 +22732,7 @@ CVE-2022-38379
CVE-2022-38378
RESERVED
CVE-2022-38377 (An improper access control vulnerability [CWE-284] in FortiManager 7.2 ...)
- TODO: check
+ NOT-FOR-US: FortiGuard
CVE-2022-38376
RESERVED
CVE-2022-38375
@@ -23410,7 +23410,7 @@ CVE-2022-38168 (Broken Access Control in User Authentication in Avaya Scopia Pat
CVE-2022-38167 (The Nintex Workflow plugin 5.2.2.30 for SharePoint allows XSS. ...)
NOT-FOR-US: Nintex Workflow plugin for SharePoint
CVE-2022-38166 (In F‑Secure Endpoint Protection for Windows and macOS before cha ...)
- TODO: check
+ NOT-FOR-US: F-Secure
CVE-2022-38165 (Arbitrary file write in F-Secure Policy Manager through 2022-08-10 all ...)
NOT-FOR-US: WithSecure
CVE-2022-38164 (WithSecure through 2022-08-10 allows attackers to cause a denial of se ...)
@@ -24440,9 +24440,9 @@ CVE-2022-37723
CVE-2022-37722
RESERVED
CVE-2022-37721 (PyroCMS 3.9 is vulnerable to a stored Cross Site Scripting (XSS_ when ...)
- TODO: check
+ NOT-FOR-US: PyroCMS
CVE-2022-37720 (Orchardproject Orchard CMS 1.10.3 is vulnerable to Cross Site Scriptin ...)
- TODO: check
+ NOT-FOR-US: Orchard CMS
CVE-2022-37719
RESERVED
CVE-2022-37718
@@ -44241,7 +44241,7 @@ CVE-2022-1664 (Dpkg::Source::Archive in dpkg, the Debian package management syst
CVE-2022-1663 (The Stop Spam Comments WordPress plugin through 0.2.1.2 does not prope ...)
NOT-FOR-US: WordPress plugin
CVE-2022-30529 (File upload vulnerability in asith-eranga ISIC tour booking through ve ...)
- TODO: check
+ NOT-FOR-US: asith-eranga ISIC tour booking
CVE-2022-30528
RESERVED
CVE-2022-30527
@@ -59125,7 +59125,7 @@ CVE-2022-25373 (Zoho ManageEngine SupportCenter Plus before 11020 allows Stored
CVE-2022-25372 (Pritunl Client through 1.2.3019.52 on Windows allows local privilege e ...)
NOT-FOR-US: Pritunl Client
CVE-2022-0698 (Microweber version 1.3.1 allows an unauthenticated user to perform an ...)
- TODO: check
+ NOT-FOR-US: microweber
CVE-2022-0697 (Open Redirect in GitHub repository archivy/archivy prior to 1.7.0. ...)
NOT-FOR-US: Archivy
CVE-2022-0696 (NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.442 ...)
@@ -67485,7 +67485,7 @@ CVE-2022-23046 (PhpIPAM v1.4.4 allows an authenticated admin user to inject SQL
CVE-2022-23045 (PhpIPAM v1.4.4 allows an authenticated admin user to inject persistent ...)
- phpipam <itp> (bug #731713)
CVE-2022-23044 (Tiny File Manager version 2.4.8 allows an unauthenticated remote attac ...)
- TODO: check
+ NOT-FOR-US: Tiny File Manager
CVE-2022-23043 (Zenario CMS 9.2 allows an authenticated admin user to bypass the file ...)
NOT-FOR-US: Zenario CMS
CVE-2022-23042 (Linux PV device frontends vulnerable to attacks by backends T[his CNA ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1725b9b79836e53538dabdc6fe47be8f16e21796
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1725b9b79836e53538dabdc6fe47be8f16e21796
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221125/90745d4a/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list