[Git][security-tracker-team/security-tracker][master] Process more NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Sep 6 21:30:43 BST 2022 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
c9eff6a5 by Salvatore Bonaccorso at 2022-09-06T22:30:02+02:00
Process more NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -53,13 +53,13 @@ CVE-2022-40114
 CVE-2022-40113
 	RESERVED
 CVE-2022-40112 (TOTOLINK A3002R TOTOLINK-A3002R-He-V1.1.1-B20200824.0128 is vulnerable ...)
-	TODO: check
+	NOT-FOR-US: TOTOLINK
 CVE-2022-40111 (In TOTOLINK A3002R TOTOLINK-A3002R-He-V1.1.1-B20200824.0128 in the sha ...)
-	TODO: check
+	NOT-FOR-US: TOTOLINK
 CVE-2022-40110 (TOTOLINK A3002R TOTOLINK-A3002R-He-V1.1.1-B20200824.0128 is vulnerable ...)
-	TODO: check
+	NOT-FOR-US: TOTOLINK
 CVE-2022-40109 (TOTOLINK A3002R TOTOLINK-A3002R-He-V1.1.1-B20200824.0128 is vulnerable ...)
-	TODO: check
+	NOT-FOR-US: TOTOLINK
 CVE-2022-40108
 	RESERVED
 CVE-2022-40107
@@ -3604,7 +3604,7 @@ CVE-2022-2936 (The Image Hover Effects Ultimate plugin for WordPress is vulnerab
 CVE-2022-2935 (The Image Hover Effects Ultimate plugin for WordPress is vulnerable to ...)
 	NOT-FOR-US: Image Hover Effects Ultimate plugin for WordPress
 CVE-2022-2934 (The Beaver Builder – WordPress Page Builder for WordPress is vul ...)
-	TODO: check
+	NOT-FOR-US: WordPress Page Builder
 CVE-2022-2933
 	RESERVED
 CVE-2022-2932 (Cross-site Scripting (XSS) - Reflected in GitHub repository bustle/mob ...)
@@ -5337,7 +5337,7 @@ CVE-2022-36428
 CVE-2022-36427
 	RESERVED
 CVE-2022-36425 (Broken Access Control vulnerability in Beaver Builder plugin <= 2.5 ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-36422
 	RESERVED
 CVE-2022-36405 (Authenticated (contributor+) Stored Cross-Site Scripting (XSS) vulnera ...)
@@ -5828,7 +5828,7 @@ CVE-2022-2718 (The JoomSport – for Sports: Team & League, Football, Ho
 CVE-2022-2717 (The JoomSport – for Sports: Team & League, Football, Hockey  ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-2716 (The Beaver Builder – WordPress Page Builder for WordPress is vul ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-2715 (A vulnerability has been found in SourceCodester Employee Management S ...)
 	NOT-FOR-US: SourceCodester Employee Management System
 CVE-2022-2714 (Improper Handling of Length Parameter Inconsistency in GitHub reposito ...)
@@ -5884,15 +5884,15 @@ CVE-2022-37845
 CVE-2022-37844
 	RESERVED
 CVE-2022-37843 (In TOTOLINK A860R V4.1.2cu.5182_B20201027 in cstecgi.cgi, the acquired ...)
-	TODO: check
+	NOT-FOR-US: TOTOLINK
 CVE-2022-37842 (In TOTOLINK A860R V4.1.2cu.5182_B20201027, the parameters in infostat. ...)
-	TODO: check
+	NOT-FOR-US: TOTOLINK
 CVE-2022-37841 (In TOTOLINK A860R V4.1.2cu.5182_B20201027 there is a hard coded passwo ...)
-	TODO: check
+	NOT-FOR-US: TOTOLINK
 CVE-2022-37840 (In TOTOLINK A860R V4.1.2cu.5182_B20201027, the main function in downlo ...)
-	TODO: check
+	NOT-FOR-US: TOTOLINK
 CVE-2022-37839 (TOTOLINK A860R V4.1.2cu.5182_B20201027 is vulnerable to Buffer Overflo ...)
-	TODO: check
+	NOT-FOR-US: TOTOLINK
 CVE-2022-37838
 	RESERVED
 CVE-2022-37837
@@ -6704,7 +6704,7 @@ CVE-2022-2697 (A vulnerability was found in SourceCodester Simple E-Learning Sys
 CVE-2022-2696
 	RESERVED
 CVE-2022-2695 (The Beaver Builder – WordPress Page Builder for WordPress is vul ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-2694 (A vulnerability was found in SourceCodester Company Website CMS and cl ...)
 	NOT-FOR-US: SourceCodester Company Website CMS
 CVE-2022-2693 (A vulnerability has been found in SourceCodester Electronic Medical Re ...)
@@ -9446,7 +9446,7 @@ CVE-2022-2519 (There is a double free or corruption in rotateImage() at tiffcrop
 CVE-2022-2518 (The Stockists Manager for Woocommerce plugin for WordPress is vulnerab ...)
 	NOT-FOR-US: Stockists Manager for Woocommerce plugin for WordPress
 CVE-2022-2517 (The Beaver Builder – WordPress Page Builder for WordPress is vul ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-2516 (The Visual Composer Website Builder plugin for WordPress is vulnerable ...)
 	NOT-FOR-US: Visual Composer Website Builder plugin for WordPress
 CVE-2018-25045 (Django REST framework (aka django-rest-framework) before 3.9.1 allows  ...)
@@ -9494,13 +9494,13 @@ CVE-2022-35882 (Authenticated (author or higher user role) Stored Cross-Site Scr
 CVE-2022-34868 (Authenticated Arbitrary Settings Update vulnerability in YooMoney &#10 ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-34867 (Unauthenticated Sensitive Information Disclosure vulnerability in WP L ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-34857 (Reflected Cross-Site Scripting (XSS) vulnerability in smartypants SP P ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-34658 (Multiple Authenticated (contributor+) Persistent Cross-Site Scripting  ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-34656 (Authenticated (admin+) Cross-Site Scripting (XSS) vulnerability in wpd ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-34648 (Authenticated (author+) Stored Cross-Site Scripting (XSS) vulnerabilit ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-34344
@@ -13456,9 +13456,9 @@ CVE-2022-34885
 CVE-2022-34884
 	RESERVED
 CVE-2022-34883 (OS Command Injection vulnerability in Hitachi RAID Manager Storage Rep ...)
-	TODO: check
+	NOT-FOR-US: Hitachi
 CVE-2022-34882 (Information Exposure Through an Error Message vulnerability in Hitachi ...)
-	TODO: check
+	NOT-FOR-US: Hitachi
 CVE-2022-34881
 	RESERVED
 CVE-2022-34880
@@ -13534,7 +13534,7 @@ CVE-2022-33198 (Unauthenticated WordPress Options Change vulnerability in Biplob
 CVE-2022-33191 (Authenticated (contributor or higher user role) Stored Cross-Site Scri ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-33177 (Cross-Site Request Forgery (CSRF) vulnerability in WPdevelop/Oplugins  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-32970
 	RESERVED
 CVE-2022-32776



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c9eff6a511717842ec88d891e8f697ae658729ab

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c9eff6a511717842ec88d891e8f697ae658729ab
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220906/ebdf7e82/attachment.htm>

More information about the debian-security-tracker-commits mailing list