[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Sat Sep 17 07:20:44 BST 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
caa1fb49 by Salvatore Bonaccorso at 2022-09-17T08:20:18+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -4496,11 +4496,11 @@ CVE-2022-38833 (School Activity Updates with SMS Notification v1.0 is vulnerable
CVE-2022-38832 (School Activity Updates with SMS Notification v1.0 is vulnerable to SQ ...)
TODO: check
CVE-2022-38831 (Tenda RX9_Pro V22.03.02.10 is vulnerable to Buffer Overflow via httpd/ ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2022-38830 (Tenda RX9_Pro V22.03.02.10 is vulnerable to Buffer Overflow via httpd/ ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2022-38829 (Tenda RX9_Pro V22.03.02.10 is vulnerable to Buffer Overflow via httpd/ ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2022-38828 (TOTOLINK T6 V4.1.5cu.709_B20210518 is vulnerable to command injection ...)
TODO: check
CVE-2022-38827 (TOTOLINK T6 V4.1.5cu.709_B20210518 is vulnerable to Buffer Overflow vi ...)
@@ -5657,9 +5657,9 @@ CVE-2022-2915 (A Heap-based Buffer Overflow vulnerability in the SonicWall SMA10
CVE-2022-2914
RESERVED
CVE-2022-2913 (The Login No Captcha reCAPTCHA WordPress plugin before 1.7 doesn't che ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-2912 (The Craw Data WordPress plugin through 1.0.0 does not implement nonce ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-2911
RESERVED
CVE-2022-2910
@@ -5886,7 +5886,7 @@ CVE-2022-2889 (Use After Free in GitHub repository vim/vim prior to 9.0.0225. ..
CVE-2022-2888
RESERVED
CVE-2022-2887 (The WP Server Health Stats WordPress plugin before 1.7.0 does not esca ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-2886 (A vulnerability, which was classified as critical, was found in Larave ...)
NOTE: Additional misreport for laravel, likely to be rejected
CVE-2022-2885 (Cross-site Scripting (XSS) - Stored in GitHub repository yetiforcecomp ...)
@@ -5914,7 +5914,7 @@ CVE-2022-2879
CVE-2022-2878
RESERVED
CVE-2022-2877 (The Titan Anti-spam & Security WordPress plugin before 7.3.1 does ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-2876 (A vulnerability, which was classified as critical, was found in Source ...)
NOT-FOR-US: SourceCodester
CVE-2022-39047 (Freeciv before 2.6.7 and before 3.0.3 is prone to a buffer overflow vu ...)
@@ -5994,7 +5994,7 @@ CVE-2022-2865
CVE-2022-2864
RESERVED
CVE-2022-2863 (The Migration, Backup, Staging WordPress plugin before 0.9.76 does not ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-2862 (Use After Free in GitHub repository vim/vim prior to 9.0.0221. ...)
- vim 2:9.0.0229-1
NOTE: https://huntr.dev/bounties/71180988-1ab6-4311-bca8-e9a879b06765
@@ -6604,9 +6604,9 @@ CVE-2022-2801 (A vulnerability, which was classified as critical, was found in S
CVE-2022-2800 (A vulnerability, which was classified as problematic, has been found i ...)
NOT-FOR-US: SourceCodester Gym Management System
CVE-2022-2799 (The Affiliates Manager WordPress plugin before 2.9.14 does not sanitis ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-2798 (The Affiliates Manager WordPress plugin before 2.9.14 does not validat ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-2797 (A vulnerability classified as critical was found in SourceCodester Stu ...)
NOT-FOR-US: SourceCodester Student Information System
CVE-2022-2796 (Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimco ...)
@@ -7000,7 +7000,7 @@ CVE-2022-2739 (The version of podman as released for Red Hat Enterprise Linux 7
CVE-2022-2738 (The version of podman as released for Red Hat Enterprise Linux 7 Extra ...)
NOT-FOR-US: Red Hat specific release error
CVE-2022-2737 (The WP STAGING WordPress plugin before 2.9.18 does not sanitise and es ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-2736 (A vulnerability was found in SourceCodester Company Website CMS. It ha ...)
NOT-FOR-US: SourceCodester Company Website CMS
CVE-2022-2735 (A vulnerability was found in the PCS project. This issue occurs due to ...)
@@ -8418,7 +8418,7 @@ CVE-2022-2671 (A vulnerability was found in SourceCodester Garage Management Sys
CVE-2022-2670
RESERVED
CVE-2022-2669 (The WP Taxonomy Import WordPress plugin through 1.0.4 does not sanitis ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-2668 (An issue was discovered in Keycloak that allows arbitrary Javascript t ...)
NOT-FOR-US: Keycloak
CVE-2022-37434 (zlib through 1.2.12 has a heap-based buffer over-read or buffer overfl ...)
@@ -8552,7 +8552,7 @@ CVE-2022-2657 (The Multivendor Marketplace Solution for WooCommerce WordPress pl
CVE-2022-2656 (A vulnerability classified as critical has been found in SourceCodeste ...)
NOT-FOR-US: SourceCodester Multi Language Hotel Management Software
CVE-2022-2655 (The Classified Listing Pro WordPress plugin before 2.0.20 does not esc ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-2654 (The Classima WordPress theme before 2.1.11 and some of its required pl ...)
TODO: check
CVE-2022-2653 (With this vulnerability an attacker can read many sensitive files like ...)
@@ -8632,7 +8632,7 @@ CVE-2022-2637
CVE-2022-2636 (Improper Input Validation in GitHub repository hestiacp/hestiacp prior ...)
NOT-FOR-US: Hestia Control Panel
CVE-2022-2635 (The Autoptimize WordPress plugin before 3.1.1 does not sanitise and es ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-37393 (Zimbra's sudo configuration permits the zimbra user to execute the zms ...)
NOT-FOR-US: Zimbra
CVE-2022-2634 (An attacker may be able to execute malicious actions due to the lack o ...)
@@ -9614,7 +9614,7 @@ CVE-2022-2577 (A vulnerability classified as critical was found in SourceCodeste
CVE-2022-2576 (In Eclipse Californium version 2.0.0 to 2.7.2 and 3.0.0-3.5.0 a DTLS r ...)
NOT-FOR-US: Eclipse Californium
CVE-2022-2575 (The WBW Currency Switcher for WooCommerce WordPress plugin before 1.6. ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-2574
RESERVED
CVE-2022-2573
@@ -13776,7 +13776,7 @@ CVE-2022-2353 (Prior to microweber/microweber v1.2.20, due to improper neutraliz
CVE-2022-2352
RESERVED
CVE-2022-2351 (The Post SMTP Mailer/Email Log WordPress plugin before 2.1.4 does not ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-2350
RESERVED
CVE-2022-2349
@@ -33718,7 +33718,7 @@ CVE-2022-1195 (A use-after-free vulnerability was found in the Linux kernel in d
[stretch] - linux 4.9.303-1
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2056381
CVE-2022-1194 (The Mobile Events Manager WordPress plugin before 1.4.8 does not prope ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-1193 (Improper access control in GitLab CE/EE versions 10.7 prior to 14.7.7, ...)
- gitlab <unfixed>
CVE-2022-1192 (The Turn off all comments WordPress plugin through 1.0 does not saniti ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/caa1fb49ebc59b8dd0e234227ee660bcf2bb408e
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/caa1fb49ebc59b8dd0e234227ee660bcf2bb408e
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220917/19ed4b24/attachment.htm>
More information about the debian-security-tracker-commits
mailing list