[Git][security-tracker-team/security-tracker][master] Process several NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Mon Oct 31 20:20:40 GMT 2022 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
b75a1cff by Salvatore Bonaccorso at 2022-10-31T21:20:06+01:00
Process several NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -6358,9 +6358,9 @@ CVE-2022-3443
 CVE-2022-3442 (A vulnerability was found in Crealogix EBICS 7.0. It has been rated as ...)
 	NOT-FOR-US: Crealogix EBICS
 CVE-2022-3441 (The Rock Convert WordPress plugin before 2.11.0 does not sanitise and  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-3440 (The Rock Convert WordPress plugin before 2.11.0 does not sanitise and  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-3439 (Allocation of Resources Without Limits or Throttling in GitHub reposit ...)
 	- rdiffweb <itp> (bug #969974)
 CVE-2022-3438 (Open Redirect in GitHub repository ikus060/rdiffweb prior to 2.5.0a4. ...)
@@ -6966,9 +6966,9 @@ CVE-2022-3422 (Account Takeover :: when see the info i can see the hash pass i c
 CVE-2022-3421 (An attacker can pre-create the `/Applications/Google\ Drive.app/Conten ...)
 	NOT-FOR-US: Drive for Desktop MacOS
 CVE-2022-3420 (The Official Integration for Billingo WordPress plugin before 3.4.0 do ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-3419 (The Automatic User Roles Switcher WordPress plugin before 1.1.2 does n ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-42468 (Apache Flume versions 1.4.0 through 1.10.1 are vulnerable to a remote  ...)
 	NOT-FOR-US: Apache Flume
 CVE-2022-42467 (When running in prototype mode, the h2 webconsole module (accessible f ...)
@@ -7012,7 +7012,7 @@ CVE-2022-3410
 CVE-2022-3409 (A vulnerability in bmcweb of OpenBMC Project allows user to cause deni ...)
 	NOT-FOR-US: OpenBMC
 CVE-2022-3408 (The WP Word Count WordPress plugin through 3.2.3 does not sanitise and ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-3407
 	RESERVED
 CVE-2022-42457 (Generex CS141 through 2.10 allows remote command execution by administ ...)
@@ -8321,7 +8321,7 @@ CVE-2022-36795 (In BIG-IP versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.
 CVE-2022-3381
 	RESERVED
 CVE-2022-3380 (The Customizer Export/Import WordPress plugin before 0.9.5 unserialize ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-3379 (Horner Automation's Cscape version 9.90 SP7 and prior does not properl ...)
 	NOT-FOR-US: Horner Automation's Cscape
 CVE-2022-3378 (Horner Automation's Cscape version 9.90 SP 7 and prior does not proper ...)
@@ -8333,7 +8333,7 @@ CVE-2022-3376 (Weak Password Requirements in GitHub repository ikus060/rdiffweb
 CVE-2022-3375
 	RESERVED
 CVE-2022-3374 (The Ocean Extra WordPress plugin before 2.0.5 unserialises the content ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-3373
 	RESERVED
 	{DSA-5245-1}
@@ -8427,7 +8427,7 @@ CVE-2022-38973
 CVE-2022-3367
 	RESERVED
 CVE-2022-3366 (The PublishPress Capabilities WordPress plugin before 2.5.2, PublishPr ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-3365
 	RESERVED
 CVE-2022-3364 (Allocation of Resources Without Limits or Throttling in GitHub reposit ...)
@@ -8522,7 +8522,7 @@ CVE-2022-38142 (Delta Electronics InfraSuite Device Master versions 00.00.01a an
 CVE-2022-3361
 	RESERVED
 CVE-2022-3360 (The LearnPress WordPress plugin before 4.1.7.2 unserialises user input ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-3359
 	RESERVED
 CVE-2022-3358 (OpenSSL supports creating a custom cipher via the legacy EVP_CIPHER_me ...)
@@ -8531,7 +8531,7 @@ CVE-2022-3358 (OpenSSL supports creating a custom cipher via the legacy EVP_CIPH
 	[buster] - openssl <not-affected> (Only affects 3.x)
 	NOTE: https://www.openssl.org/news/secadv/20221011.txt
 CVE-2022-3357 (The Smart Slider 3 WordPress plugin before 3.5.1.11 unserialises the c ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-3356
 	RESERVED
 CVE-2022-3355 (Cross-site Scripting (XSS) - Stored in GitHub repository inventree/inv ...)
@@ -9010,7 +9010,7 @@ CVE-2022-3336
 CVE-2022-3335 (The Kadence WooCommerce Email Designer WordPress plugin before 1.5.7 u ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-3334 (The Easy WP SMTP WordPress plugin before 1.5.0 unserialises the conten ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-3333 (A vulnerability, which was classified as problematic, was found in Zep ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-3332 (A vulnerability classified as critical has been found in SourceCodeste ...)
@@ -9952,7 +9952,7 @@ CVE-2022-3256 (Use After Free in GitHub repository vim/vim prior to 9.0.0530. ..
 CVE-2022-3255 (If an attacker can control a script that is executed in the victim's b ...)
 	NOT-FOR-US: pimcore
 CVE-2022-3254 (The WordPress Classifieds Plugin WordPress plugin before 4.3 does not  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-41255 (Jenkins CONS3RT Plugin 1.0.0 and earlier stores Cons3rt API token unen ...)
 	NOT-FOR-US: Jenkins plugin
 CVE-2022-41254 (Missing permission checks in Jenkins CONS3RT Plugin 1.0.0 and earlier  ...)
@@ -10634,7 +10634,7 @@ CVE-2022-3238
 	NOTE: NTFS3 driver not enabled in Debian
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2127927
 CVE-2022-3237 (The WP Contact Slider WordPress plugin before 2.4.8 does not sanitize  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-40953
 	RESERVED
 CVE-2022-40952
@@ -14747,7 +14747,7 @@ CVE-2022-3098 (The Login Block IPs WordPress plugin through 1.0.0 does not have
 CVE-2022-3097 (The LBStopAttack WordPress plugin through 1.1.2 does not use nonces wh ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-3096 (The WP Total Hacks WordPress plugin through 4.7.2 does not prevent low ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-3095 (The implementation of backslash parsing in the Dart URI class for vers ...)
 	TODO: check
 CVE-2022-3094
@@ -28156,7 +28156,7 @@ CVE-2022-34349
 CVE-2022-34348 (IBM Sterling Partner Engagement Manager 6.1 is vulnerable to an XML Ex ...)
 	NOT-FOR-US: IBM
 CVE-2022-2190 (The Gallery Plugin for WordPress plugin before 1.8.4.7 does not escape ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-2189 (The WP Video Lightbox WordPress plugin before 1.9.5 does not escape th ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-2188



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b75a1cff6b87d048e2b7f158cf796c201daccb76

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b75a1cff6b87d048e2b7f158cf796c201daccb76
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221031/5eccf4b8/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list