[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Jan 10 09:55:50 GMT 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
1dc9a6df by Salvatore Bonaccorso at 2023-01-10T10:55:12+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -2924,9 +2924,9 @@ CVE-2023-0025
CVE-2023-0024
RESERVED
CVE-2023-0023 (In SAP Bank Account Management (Manage Banks) application, when a user ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2023-0022 (SAP BusinessObjects Business Intelligence Analysis edition for OLAP al ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2023-0021
RESERVED
CVE-2022-47926 (AyaCMS 3.1.2 is vulnerable to file deletion via /aya/module/admin/fst_ ...)
@@ -3147,9 +3147,9 @@ CVE-2023-0020
CVE-2023-0019
RESERVED
CVE-2023-0018 (Due to improper input sanitization of user-controlled input in SAP Bus ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2023-0017 (An unauthenticated attacker in SAP NetWeaver AS for Java - version 7.5 ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2022-47890
RESERVED
CVE-2022-47889
@@ -5216,15 +5216,15 @@ CVE-2022-4543 [KASLR Leakage Achievable even with KPTI through Prefetch Side-Cha
NOTE: https://www.openwall.com/lists/oss-security/2022/12/16/3
NOTE: https://www.willsroot.io/2022/12/entrybleed.html
CVE-2023-0016 (SAP BPC MS 10.0 - version 810, allows an unauthorized attacker to exec ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2023-0015 (In SAP BusinessObjects Business Intelligence Platform (Web Intelligenc ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2023-0014 (SAP NetWeaver ABAP Server and ABAP Platform - versions SAP_BASIS 700, ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2023-0013 (The ABAP Keyword Documentation of SAP NetWeaver Application Server - v ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2023-0012 (In SAP Host Agent (Windows) - versions 7.21, 7.22, an attacker who gai ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2022-4542
RESERVED
CVE-2022-4541
@@ -5567,7 +5567,7 @@ CVE-2022-4499
CVE-2022-4498
RESERVED
CVE-2022-4497 (The Jetpack CRM WordPress plugin before 5.5 does not validate and esca ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-4496
RESERVED
CVE-2022-4495 (A vulnerability, which was classified as problematic, has been found i ...)
@@ -5579,7 +5579,7 @@ CVE-2022-4493 (A vulnerability classified as critical was found in scifio. Affec
CVE-2022-4492
RESERVED
CVE-2022-4491 (The WP-Table Reloaded WordPress plugin through 1.9.4 does not validate ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-4490
RESERVED
CVE-2022-4489
@@ -5603,7 +5603,7 @@ CVE-2022-4481
CVE-2022-4480
RESERVED
CVE-2022-4479 (The Table of Contents Plus WordPress plugin before 2212 does not valid ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-4478
RESERVED
CVE-2022-4477
@@ -5763,7 +5763,7 @@ CVE-2022-4470
CVE-2022-4469
RESERVED
CVE-2022-4468 (The WP Recipe Maker WordPress plugin before 8.6.1 does not validate an ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-4467
RESERVED
CVE-2022-4466
@@ -6932,7 +6932,7 @@ CVE-2022-4427 (Improper Input Validation vulnerability in OTRS AG OTRS, OTRS AG
[buster] - otrs2 <no-dsa> (Non-free not supported)
NOTE: https://www.znuny.org/en/advisories/zsa-2022-07
CVE-2022-4426 (The Mautic Integration for WooCommerce WordPress plugin before 1.0.3 d ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-4425
RESERVED
CVE-2022-4424
@@ -7066,9 +7066,9 @@ CVE-2022-46893
CVE-2022-4395
RESERVED
CVE-2022-4394 (The iPages Flipbook For WordPress plugin through 1.4.6 does not saniti ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-4393 (The ImageLinks Interactive Image Builder for WordPress plugin through ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-4392 (The iPanorama 360 WordPress Virtual Tour Builder plugin through 1.6.29 ...)
TODO: check
CVE-2022-46892
@@ -7225,7 +7225,7 @@ CVE-2022-46839
CVE-2022-46838
RESERVED
CVE-2022-4391 (The Vision Interactive For WordPress plugin through 1.5.3 does not san ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-4390 (A network misconfiguration is present in versions prior to 1.0.9.90 of ...)
NOT-FOR-US: Netgear
CVE-2022-4389
@@ -7278,7 +7278,7 @@ CVE-2022-46832 (Use of a Broken or Risky Cryptographic Algorithm in SICK RFU62x
CVE-2022-4375 (A vulnerability was found in Mingsoft MCMS up to 5.2.9. It has been cl ...)
NOT-FOR-US: Mingsoft MCMS
CVE-2022-4374 (The Bg Bible References WordPress plugin through 3.8.14 does not sanit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-4373 (The Quote-O-Matic WordPress plugin through 1.0.5 does not properly san ...)
NOT-FOR-US: WordPress plugin
CVE-2022-4372 (The Web Invoice WordPress plugin through 2.1.3 does not properly sanit ...)
@@ -7290,7 +7290,7 @@ CVE-2022-4370 (The multimedial images WordPress plugin through 1.0b does not pro
CVE-2022-4369 (The WP-Lister Lite for Amazon WordPress plugin before 2.4.4 does not s ...)
NOT-FOR-US: WordPress plugin
CVE-2022-4368 (The WP CSV WordPress plugin through 1.8.0.0 does not sanitize and esca ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-4367
RESERVED
CVE-2022-43501
@@ -7562,7 +7562,7 @@ CVE-2022-4327
CVE-2022-4326 (Improper preservation of permissions vulnerability in Trellix Endpoint ...)
NOT-FOR-US: Trellix Endpoint Agent (xAgent)
CVE-2022-4325 (The Post Status Notifier Lite WordPress plugin before 1.10.1 does not ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-4324 (The Custom Field Template WordPress plugin before 2.5.8 unserialises t ...)
NOT-FOR-US: WordPress plugin
CVE-2022-4323
@@ -7886,7 +7886,7 @@ CVE-2022-46664 (A vulnerability has been identified in Mendix Workflow Commons (
CVE-2022-46662 (Roxio Creator LJB starts another program with an unquoted file path. S ...)
NOT-FOR-US: Roxio
CVE-2022-4310 (The Slimstat Analytics WordPress plugin before 4.9.3 does not sanitise ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-4309
RESERVED
CVE-2022-4308
@@ -7904,7 +7904,7 @@ CVE-2022-4303
CVE-2022-4302 (The White Label CMS WordPress plugin before 2.5 unserializes user inpu ...)
NOT-FOR-US: WordPress plugin
CVE-2022-4301 (The Sunshine Photo Cart WordPress plugin before 2.9.15 does not saniti ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-4300 (A vulnerability was found in FastCMS. It has been rated as critical. T ...)
NOT-FOR-US: FastCMS
CVE-2022-4299
@@ -9172,7 +9172,7 @@ CVE-2022-4198 (The WP Social Sharing WordPress plugin through 2.2 does not sanit
CVE-2022-4197 (The Sliderby10Web WordPress plugin before 1.2.53 does not sanitise and ...)
NOT-FOR-US: WordPress plugin
CVE-2022-4196 (The Multi Step Form WordPress plugin before 1.7.8 does not sanitise an ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-4195 (Insufficient policy enforcement in Safe Browsing in Google Chrome prio ...)
{DSA-5293-1}
- chromium 108.0.5359.71-1
@@ -11091,9 +11091,9 @@ CVE-2022-4105 (A stored XSS in a kiwi Test Plan can run malicious javascript whi
CVE-2022-4104 (A loop with an unreachable exit condition can be triggered by passing ...)
NOT-FOR-US: Tenable
CVE-2022-4103 (The Royal Elementor Addons WordPress plugin before 1.3.56 does not hav ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-4102 (The Royal Elementor Addons WordPress plugin before 1.3.56 does not hav ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-4101
RESERVED
CVE-2022-4100
@@ -11284,7 +11284,7 @@ CVE-2022-4045 (A denial-of-service vulnerability in the Mattermost allows an aut
CVE-2022-4044 (A denial-of-service vulnerability in Mattermost allows an authenticate ...)
- mattermost-server <itp> (bug #823556)
CVE-2022-4043 (The WP Custom Admin Interface WordPress plugin before 7.29 unserialize ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-4042 (The Paytium: Mollie payment forms & donations WordPress plugin thr ...)
NOT-FOR-US: WordPress plugin
CVE-2022-4041
@@ -12534,7 +12534,7 @@ CVE-2022-3925 (The buddybadges WordPress plugin through 1.0.0 does not sanitise
CVE-2022-3924
RESERVED
CVE-2022-3923 (The ActiveCampaign for WooCommerce WordPress plugin through 1.9.6 does ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-3922 (The Broken Link Checker WordPress plugin before 1.11.20 does not sanit ...)
NOT-FOR-US: WordPress plugin
CVE-2022-45134
@@ -14737,7 +14737,7 @@ CVE-2022-44666 (Windows Contacts Remote Code Execution Vulnerability. ...)
CVE-2022-44665
RESERVED
CVE-2022-3855 (The 404 to Start WordPress plugin through 1.6.1 does not sanitise and ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-3854 [possible DoS issue in ceph URL processing on RGW backends]
RESERVED
- ceph 16.2.10+ds-5 (bug #1027151)
@@ -19040,7 +19040,7 @@ CVE-2022-41798 (Session information easily guessable vulnerability exists in Kyo
CVE-2022-3680
RESERVED
CVE-2022-3679 (The Starter Templates by Kadence WP WordPress plugin before 1.2.17 uns ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-3678
RESERVED
CVE-2022-3677 (The Advanced Import WordPress plugin before 1.3.8 does not have CSRF c ...)
@@ -22510,9 +22510,9 @@ CVE-2022-41611 (Cross-site Scripting (XSS) vulnerability in BlueSpiceDiscovery s
CVE-2022-3418 (The Import any XML or CSV File to WordPress plugin before 3.6.9 is not ...)
NOT-FOR-US: WordPress plugin
CVE-2022-3417 (The WPtouch WordPress plugin before 4.3.45 unserialises the content of ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-3416 (The WPtouch WordPress plugin before 4.3.45 does not properly validate ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-3415 (The Chat Bubble WordPress plugin before 2.3 does not sanitise and esca ...)
NOT-FOR-US: WordPress plugin
CVE-2022-3414 (A vulnerability was found in SourceCodester Web-Based Student Clearanc ...)
@@ -24804,7 +24804,7 @@ CVE-2022-3344 (A flaw was found in the KVM's AMD nested virtualization (SVM). A
- linux 6.0.12-1
NOTE: https://lore.kernel.org/lkml/20221020093055.224317-5-mlevitsk@redhat.com/T/
CVE-2022-3343 (The WPQA Builder WordPress plugin before 5.9.3 (which is a companion p ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-3342
RESERVED
CVE-2022-3341
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1dc9a6dfc286a8d66a36ecf1fb560af0ad3df46f
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1dc9a6dfc286a8d66a36ecf1fb560af0ad3df46f
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230110/f3351082/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list