[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Sep 9 21:40:02 BST 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
20f29a7c by Salvatore Bonaccorso at 2022-09-09T22:39:21+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,7 +1,7 @@
CVE-2022-40318
RESERVED
CVE-2022-40317 (OpenKM 6.3.11 allows stored XSS related to the javascript: s ...)
- TODO: check
+ NOT-FOR-US: OpenKM
CVE-2022-40316
RESERVED
CVE-2022-40315
@@ -216,7 +216,7 @@ CVE-2022-40195
CVE-2022-40194
RESERVED
CVE-2022-40191 (Authenticated (subscriber+) Stored Cross-Site Scripting (XSS) vulnerab ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-40189
RESERVED
CVE-2022-40132
@@ -232,7 +232,7 @@ CVE-2022-38470
CVE-2022-38460
RESERVED
CVE-2022-38144 (Cross-Site Request Forgery (CSRF) vulnerability in gVectors Team wpFor ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-38140
RESERVED
CVE-2022-38139
@@ -260,7 +260,7 @@ CVE-2022-36790
CVE-2022-36388
RESERVED
CVE-2022-36356 (Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-36340
RESERVED
CVE-2022-36299
@@ -1028,13 +1028,13 @@ CVE-2022-39848
CVE-2022-39847
RESERVED
CVE-2022-39846 (DLL hijacking vulnerability in Smart Switch PC prior to version 4.3.22 ...)
- TODO: check
+ NOT-FOR-US: Samstung
CVE-2022-39845 (Improper validation of integrity check vulnerability in Samsung Kies p ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-39844 (Improper validation of integrity check vulnerability in Smart Switch P ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-3133 (OS Command Injection in GitHub repository jgraph/drawio prior to 20.3. ...)
- TODO: check
+ NOT-FOR-US: jgraph/drawio
CVE-2022-3132
RESERVED
CVE-2022-3131
@@ -1136,19 +1136,19 @@ CVE-2022-39812
CVE-2022-39811
RESERVED
CVE-2022-39810 (An issue was discovered in WSO2 Enterprise Integrator 6.4.0. A Reflect ...)
- TODO: check
+ NOT-FOR-US: WSO2 Enterprise Integrator
CVE-2022-39809 (An issue was discovered in WSO2 Enterprise Integrator 6.4.0. A Reflect ...)
- TODO: check
+ NOT-FOR-US: WSO2 Enterprise Integrator
CVE-2022-38701 (OpenHarmony-v3.1.2 and prior versions have a heap overflow vulnerabili ...)
- TODO: check
+ NOT-FOR-US: OpenHarmony
CVE-2022-38700 (OpenHarmony-v3.1.1 and prior versions have a permission bypass vulnera ...)
- TODO: check
+ NOT-FOR-US: OpenHarmony
CVE-2022-38081 (OpenHarmony-v3.1.2 and prior versions have a permission bypass vulnera ...)
- TODO: check
+ NOT-FOR-US: OpenHarmony
CVE-2022-38064 (OpenHarmony-v3.1.2 and prior versions have a permission bypass vulnera ...)
- TODO: check
+ NOT-FOR-US: OpenHarmony
CVE-2022-36423 (OpenHarmony-v3.1.2 and prior versions have an incorrect configuration ...)
- TODO: check
+ NOT-FOR-US: OpenHarmony
CVE-2022-3120 (A vulnerability classified as critical was found in SourceCodester Cli ...)
NOT-FOR-US: SourceCodester Clinics Patient Management System
CVE-2022-3119
@@ -4139,11 +4139,11 @@ CVE-2022-38617
CVE-2022-38616
RESERVED
CVE-2022-38615 (SmartVista SVFE2 v2.2.22 was discovered to contain multiple SQL inject ...)
- TODO: check
+ NOT-FOR-US: SmartVista
CVE-2022-38614 (An issue in the IGB Files and OutfileService features of SmartVista Ca ...)
- TODO: check
+ NOT-FOR-US: SmartVista
CVE-2022-38613 (A Path Traversal vulnerability in SmartVista Cardgen v3.28.0 allows au ...)
- TODO: check
+ NOT-FOR-US: SmartVista
CVE-2022-38612
RESERVED
CVE-2022-38611
@@ -5201,35 +5201,35 @@ CVE-2022-38288
CVE-2022-38287
RESERVED
CVE-2022-38286 (JFinal CMS 5.1.0 is vulnerable to SQL Injection via /system/role/list. ...)
- TODO: check
+ NOT-FOR-US: JFinal CMS
CVE-2022-38285 (JFinal CMS 5.1.0 is vulnerable to SQL Injection via /system/menu/list. ...)
- TODO: check
+ NOT-FOR-US: JFinal CMS
CVE-2022-38284 (JFinal CMS 5.1.0 is vulnerable to SQL Injection via /system/department ...)
- TODO: check
+ NOT-FOR-US: JFinal CMS
CVE-2022-38283 (JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/video/list. ...)
- TODO: check
+ NOT-FOR-US: JFinal CMS
CVE-2022-38282 (JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/videoalbum/ ...)
- TODO: check
+ NOT-FOR-US: JFinal CMS
CVE-2022-38281 (JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/site/list. ...)
- TODO: check
+ NOT-FOR-US: JFinal CMS
CVE-2022-38280 (JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/image/list. ...)
- TODO: check
+ NOT-FOR-US: JFinal CMS
CVE-2022-38279 (JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/imagealbum/ ...)
- TODO: check
+ NOT-FOR-US: JFinal CMS
CVE-2022-38278 (JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/friendlylin ...)
- TODO: check
+ NOT-FOR-US: JFinal CMS
CVE-2022-38277 (JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/folderrollp ...)
- TODO: check
+ NOT-FOR-US: JFinal CMS
CVE-2022-38276 (JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/foldernotic ...)
- TODO: check
+ NOT-FOR-US: JFinal CMS
CVE-2022-38275 (JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/contact/lis ...)
- TODO: check
+ NOT-FOR-US: JFinal CMS
CVE-2022-38274 (JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/comment/lis ...)
- TODO: check
+ NOT-FOR-US: JFinal CMS
CVE-2022-38273 (JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/article/lis ...)
- TODO: check
+ NOT-FOR-US: JFinal CMS
CVE-2022-38272 (JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/article/lis ...)
- TODO: check
+ NOT-FOR-US: JFinal CMS
CVE-2022-38271
RESERVED
CVE-2022-38270
@@ -5744,35 +5744,35 @@ CVE-2022-38107
CVE-2022-38106
RESERVED
CVE-2022-38093 (Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in All in O ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-38070 (Privilege Escalation (subscriber+) vulnerability in Pop-up plugin < ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-38068 (Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-38067 (Unauthenticated Event Deletion vulnerability in Totalsoft Event Calend ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-38062
RESERVED
CVE-2022-38061
RESERVED
CVE-2022-38059 (Cross-Site Request Forgery (CSRF) vulnerability in Alexey Trofimov's A ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-38058 (Authenticated (subscriber+) Plugin Setting change vulnerability in WP ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-38054 (In Apache Airflow versions 2.2.4 through 2.3.3, the `database` webserv ...)
- airflow <itp> (bug #819700)
CVE-2022-37412 (Authenticated (admin+) Reflected Cross-Site Scripting (XSS) vulnerabil ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-37411 (Cross-Site Request Forgery (CSRF) vulnerability in Vinoj Cardoza's Cap ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-37407 (Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabiliti ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-37405 (Cross-Site Request Forgery (CSRF) vulnerability in Mickey Kay's Better ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-37404 (Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-37403 (Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-37402
RESERVED
CVE-2022-37344 (Missing Access Control vulnerability in PHP Crafts Accommodation Syste ...)
@@ -5782,7 +5782,7 @@ CVE-2022-37339
CVE-2022-37338
RESERVED
CVE-2022-37335 (Authenticated (author+) Stored Cross-Site Scripting (XSS) vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-37330
RESERVED
CVE-2022-37328
@@ -5792,7 +5792,7 @@ CVE-2022-36798
CVE-2022-36796 (Cross-Site Request Forgery (CSRF) vulnerability leading to Stored Cros ...)
NOT-FOR-US: WordPress plugin
CVE-2022-36793 (Unauthenticated Plugin Settings Change & Data Deletion vulnerabili ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-36791
RESERVED
CVE-2022-36428
@@ -5802,7 +5802,7 @@ CVE-2022-36427 (Missing Access Control vulnerability in About Rentals. Inc. Abou
CVE-2022-36425 (Broken Access Control vulnerability in Beaver Builder plugin <= 2.5 ...)
NOT-FOR-US: WordPress plugin
CVE-2022-36422 (Rating increase/decrease via race condition in Lester 'GaMerZ' Chan WP ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-36405 (Authenticated (contributor+) Stored Cross-Site Scripting (XSS) vulnera ...)
NOT-FOR-US: WordPress plugin
CVE-2022-36394 (Authenticated (author+) SQL Injection (SQLi) vulnerability in Contest ...)
@@ -5814,7 +5814,7 @@ CVE-2022-36387 (Broken Access Control vulnerability in Alessio Caiazza's About M
CVE-2022-36383
RESERVED
CVE-2022-36376 (Server-Side Request Forgery (SSRF) vulnerability in Rank Math SEO plug ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-36373 (Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in Simon Wa ...)
NOT-FOR-US: WordPress plugin
CVE-2022-36365
@@ -5832,11 +5832,11 @@ CVE-2022-36345
CVE-2022-35726 (Broken Authentication vulnerability in yotuwp Video Gallery plugin < ...)
NOT-FOR-US: WordPress plugin
CVE-2022-35725 (Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-35277 (Cross-Site Request Forgery (CSRF) vulnerability in GetResponse plugin ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-35275 (Authenticated (shop manager+) Reflected Cross-Site Scripting (XSS) vul ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-35242 (Unauthenticated plugin settings change vulnerability in 59sec THE Lead ...)
NOT-FOR-US: WordPress plugin
CVE-2022-35235 (Authenticated (admin+) Arbitrary File Read vulnerability in XplodedThe ...)
@@ -7797,7 +7797,7 @@ CVE-2022-2594 (The Advanced Custom Fields WordPress plugin before 5.12.3, Advanc
CVE-2022-2593 (The Better Search Replace WordPress plugin before 1.4.1 does not prope ...)
NOT-FOR-US: WordPress plugin
CVE-2022-37299 (An issue was discovered in Shirne CMS 1.2.0. There is a Path Traversal ...)
- TODO: check
+ NOT-FOR-US: Shirne CMS
CVE-2022-37298
RESERVED
CVE-2022-37297
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/20f29a7c81ef7e7df3504e844d834cf51be7dd74
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/20f29a7c81ef7e7df3504e844d834cf51be7dd74
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220909/6bde3903/attachment.htm>
More information about the debian-security-tracker-commits
mailing list