[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Oct 4 21:00:46 BST 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
4da1e1de by Salvatore Bonaccorso at 2022-10-04T21:59:54+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -6063,7 +6063,7 @@ CVE-2022-39844 (Improper validation of integrity check vulnerability in Smart Sw
CVE-2022-3133 (OS Command Injection in GitHub repository jgraph/drawio prior to 20.3. ...)
NOT-FOR-US: jgraph/drawio
CVE-2022-3132 (The Goolytics WordPress plugin before 1.1.2 does not sanitise and esca ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-3131
RESERVED
CVE-2022-3130 (A vulnerability classified as critical has been found in codeprojects ...)
@@ -6071,15 +6071,15 @@ CVE-2022-3130 (A vulnerability classified as critical has been found in codeproj
CVE-2022-3129 (A vulnerability was found in codeprojects Online Driving School. It ha ...)
NOT-FOR-US: codeprojects Online Driving School
CVE-2022-3128 (The Donation Thermometer WordPress plugin before 2.1.3 does not saniti ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-3127 (Cross-site Scripting (XSS) - Stored in GitHub repository jgraph/drawio ...)
NOT-FOR-US: jgraph/drawio
CVE-2022-3126
RESERVED
CVE-2022-3125 (The Frontend File Manager Plugin WordPress plugin before 21.3 allows a ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-3124 (The Frontend File Manager Plugin WordPress plugin before 21.3 allows a ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-3123 (Cross-site Scripting (XSS) - Reflected in GitHub repository splitbrain ...)
- dokuwiki <not-affected> (Vulnerable code introduced later)
NOTE: https://huntr.dev/bounties/d72a979b-57db-4201-9500-66b49a5c1345/
@@ -10110,7 +10110,7 @@ CVE-2022-2841 (A vulnerability was found in CrowdStrike Falcon 6.31.14505.0/6.42
CVE-2022-2840 (The Zephyr Project Manager WordPress plugin before 3.2.5 does not sani ...)
NOT-FOR-US: WordPress plugin
CVE-2022-2839 (The Zephyr Project Manager WordPress plugin before 3.2.55 does not hav ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-2838 (In Eclipse Sphinx™ before version 0.13.1, Apache Xerces XML Pars ...)
NOT-FOR-US: Eclipse Sphinx
CVE-2022-2837
@@ -10708,7 +10708,7 @@ CVE-2022-2764 (A flaw was found in Undertow. Denial of service can be achieved a
- undertow <unfixed>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2117506
CVE-2022-2763 (The WP Socializer WordPress plugin before 7.3 does not sanitise and es ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-2762
RESERVED
CVE-2022-2761
@@ -12755,7 +12755,7 @@ CVE-2022-2630
CVE-2022-2629
RESERVED
CVE-2022-2628 (The DSGVO All in one for WP WordPress plugin before 4.2 does not sanit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-2627
RESERVED
CVE-2022-2626 (Incorrect Privilege Assignment in GitHub repository hestiacp/hestiacp ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4da1e1de68b02e127dd6b2b5a90e50bf3c26933a
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4da1e1de68b02e127dd6b2b5a90e50bf3c26933a
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221004/bc131932/attachment.htm>
More information about the debian-security-tracker-commits
mailing list