[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Mon Oct 17 21:21:56 BST 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
99182332 by Salvatore Bonaccorso at 2022-10-17T22:21:25+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -2842,23 +2842,23 @@ CVE-2022-42173
CVE-2022-42172
RESERVED
CVE-2022-42171 (Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /g ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2022-42170 (Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /g ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2022-42169 (Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /g ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2022-42168 (Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /g ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2022-42167 (Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /g ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2022-42166 (Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /g ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2022-42165 (Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /g ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2022-42164 (Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /g ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2022-42163 (Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /g ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2022-42162
RESERVED
CVE-2022-42161 (D-Link COVR 1200,1202,1203 v1.08 was discovered to contain a command i ...)
@@ -4893,7 +4893,7 @@ CVE-2022-3284
CVE-2022-3283 (A potential DOS vulnerability was discovered in GitLab CE/EE affecting ...)
- gitlab <unfixed>
CVE-2022-3282 (The Drag and Drop Multiple File Upload WordPress plugin before 1.3.6.5 ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-41326
RESERVED
CVE-2022-41325
@@ -5403,9 +5403,9 @@ CVE-2022-3246
CVE-2022-3245 (HTML injection attack is closely related to Cross-site Scripting (XSS) ...)
NOT-FOR-US: microweber
CVE-2022-3244 (The Import all XML, CSV & TXT WordPress plugin before 6.5.8 does n ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-3243 (The Import all XML, CSV & TXT WordPress plugin before 6.5.8 does n ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-3242 (Code Injection in GitHub repository microweber/microweber prior to 1.3 ...)
NOT-FOR-US: microweber
CVE-2022-3241
@@ -6570,7 +6570,7 @@ CVE-2022-3208 (The Simple File List WordPress plugin before 4.4.12 does not impl
CVE-2022-3207 (The Simple File List WordPress plugin before 4.4.12 does not sanitise ...)
NOT-FOR-US: WordPress plugin
CVE-2022-3206 (The Passster WordPress plugin before 3.5.5.5.2 stores the password ins ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-3205 (An XSS exists in automation controller UI where the project name is su ...)
NOT-FOR-US: Red Hat Ansible Automation Controller
CVE-2022-3204 (A vulnerability named 'Non-Responsive Delegation Attack' (NRDelegation ...)
@@ -7740,11 +7740,11 @@ CVE-2022-3153 (NULL Pointer Dereference in GitHub repository vim/vim prior to 9.
CVE-2022-3152 (Unverified Password Change in GitHub repository phpfusion/phpfusion pr ...)
NOT-FOR-US: PHP-Fusion
CVE-2022-3151 (The WP Custom Cursors WordPress plugin before 3.0.1 does not have CSRF ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-3150 (The WP Custom Cursors WordPress plugin through 3.0 does not properly s ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-3149 (The WP Custom Cursors WordPress plugin before 3.0.1 does not have CSRF ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-3148 (Cross-site Scripting (XSS) - Generic in GitHub repository jgraph/drawi ...)
NOT-FOR-US: jgraph/drawio
CVE-2022-40144 (A vulnerability in Trend Micro Apex One and Trend Micro Apex One as a ...)
@@ -7810,7 +7810,7 @@ CVE-2022-3140 (LibreOffice supports Office URI Schemes to enable browser integra
- libreoffice 1:7.4.1~rc2-3
NOTE: https://www.libreoffice.org/about-us/security/advisories/cve-2022-3140
CVE-2022-3139 (The We’re Open! WordPress plugin before 1.42 does not sanitise a ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-3138 (Cross-site Scripting (XSS) - Generic in GitHub repository jgraph/drawi ...)
NOT-FOR-US: jgraph/drawio
CVE-2022-3137 (The Taskbuilder WordPress plugin before 1.0.8 does not validate and sa ...)
@@ -8411,7 +8411,7 @@ CVE-2022-3133 (OS Command Injection in GitHub repository jgraph/drawio prior to
CVE-2022-3132 (The Goolytics WordPress plugin before 1.1.2 does not sanitise and esca ...)
NOT-FOR-US: WordPress plugin
CVE-2022-3131 (The Search Logger WordPress plugin through 0.9 does not properly sanit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-3130 (A vulnerability classified as critical has been found in codeprojects ...)
NOT-FOR-US: codeprojects Online Driving School
CVE-2022-3129 (A vulnerability was found in codeprojects Online Driving School. It ha ...)
@@ -8421,7 +8421,7 @@ CVE-2022-3128 (The Donation Thermometer WordPress plugin before 2.1.3 does not s
CVE-2022-3127 (Cross-site Scripting (XSS) - Stored in GitHub repository jgraph/drawio ...)
NOT-FOR-US: jgraph/drawio
CVE-2022-3126 (The Frontend File Manager Plugin WordPress plugin before 21.4 does not ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-3125 (The Frontend File Manager Plugin WordPress plugin before 21.3 allows a ...)
NOT-FOR-US: WordPress plugin
CVE-2022-3124 (The Frontend File Manager Plugin WordPress plugin before 21.3 allows a ...)
@@ -10161,7 +10161,7 @@ CVE-2022-39081
CVE-2022-39080 (In messaging service, there is a missing permission check. This could ...)
NOT-FOR-US: Unisoc
CVE-2022-3082 (The miniOrange Discord Integration WordPress plugin before 2.1.6 does ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-3081
RESERVED
CVE-2022-3080 (By sending specific queries to the resolver, an attacker can cause nam ...)
@@ -12527,7 +12527,7 @@ CVE-2022-2835
RESERVED
- coredns <itp> (bug #880676)
CVE-2022-2834 (The Helpful WordPress plugin before 4.5.26 puts the exported logs and ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-2833 (Endless Infinite loop in Blender-thumnailing due to logical bugs. ...)
- blender 3.2.2+dfsg-1 (unimportant)
NOTE: https://developer.blender.org/rB24a2b5cb1292f769dd86e314471443976d5e9512
@@ -16047,7 +16047,7 @@ CVE-2022-2576 (In Eclipse Californium version 2.0.0 to 2.7.2 and 3.0.0-3.5.0 a D
CVE-2022-2575 (The WBW Currency Switcher for WooCommerce WordPress plugin before 1.6. ...)
NOT-FOR-US: WordPress plugin
CVE-2022-2574 (The Meks Easy Social Share WordPress plugin before 1.2.8 does not sani ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-2573
RESERVED
CVE-2020-36562
@@ -16121,7 +16121,7 @@ CVE-2022-2565 (The Simple Payment Donations & Subscriptions WordPress plugin
CVE-2022-2564 (Prototype Pollution in GitHub repository automattic/mongoose prior to ...)
NOT-FOR-US: Mongoose
CVE-2022-2563 (The Tutor LMS WordPress plugin before 2.0.10 does not escape some cour ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-37008 (The recovery module has a vulnerability of bypassing the verification ...)
NOT-FOR-US: Huawei
CVE-2022-37007 (The chinadrm module has an out-of-bounds read vulnerability. Successfu ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/99182332a0a88c05f01f6633af0fb8e16234bdd5
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/99182332a0a88c05f01f6633af0fb8e16234bdd5
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221017/cfc06339/attachment.htm>
More information about the debian-security-tracker-commits
mailing list