[Git][security-tracker-team/security-tracker][master] Process some new NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Jan 26 19:42:30 GMT 2023 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
5718e4d0 by Salvatore Bonaccorso at 2023-01-26T20:41:53+01:00
Process some new NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -11349,9 +11349,9 @@ CVE-2022-47001
 CVE-2022-47000
 	RESERVED
 CVE-2022-46999 (Tuzicms v2.0.6 was discovered to contain a SQL injection vulnerability ...)
-	TODO: check
+	NOT-FOR-US: TuziCMS
 CVE-2022-46998 (An issue in the website background of taocms v3.0.2 allows attackers t ...)
-	TODO: check
+	NOT-FOR-US: Taocms
 CVE-2022-46997 (Passhunt commit 54eb987d30ead2b8ebbf1f0b880aa14249323867 was discovere ...)
 	NOT-FOR-US: Passhunt
 CVE-2022-46996 (vSphere_selfuse commit 2a9fe074a64f6a0dd8ac02f21e2f10d66cac5749 was di ...)
@@ -11429,11 +11429,11 @@ CVE-2022-46961
 CVE-2022-46960
 	RESERVED
 CVE-2022-46959 (An issue in the component /admin/backups/work-dir of Sonic v1.0.4 allo ...)
-	TODO: check
+	NOT-FOR-US: Sonic
 CVE-2022-46958
 	RESERVED
 CVE-2022-46957 (Sourcecodester.com Online Graduate Tracer System V 1.0.0 is vulnerable ...)
-	TODO: check
+	NOT-FOR-US: Sourcecodester.com Online Graduate Tracer System V
 CVE-2022-46956 (Dynamic Transaction Queuing System v1.0 was discovered to contain a SQ ...)
 	NOT-FOR-US: Dynamic Transaction Queuing System
 CVE-2022-46955 (Dynamic Transaction Queuing System v1.0 was discovered to contain a SQ ...)
@@ -12570,7 +12570,7 @@ CVE-2022-46641 (D-Link DIR-846 A1_FW100A43 was discovered to contain a command i
 CVE-2022-46640
 	RESERVED
 CVE-2022-46639 (A vulnerability in the descarga_etiqueta.php component of Correos Pres ...)
-	TODO: check
+	NOT-FOR-US: Prestashop
 CVE-2022-46638
 	RESERVED
 CVE-2022-46637
@@ -12600,7 +12600,7 @@ CVE-2022-46626
 CVE-2022-46625
 	RESERVED
 CVE-2022-46624 (A cross-site scripting (XSS) vulnerability in Online Graduate Tracer S ...)
-	TODO: check
+	NOT-FOR-US: Online Graduate Tracer System
 CVE-2022-46623 (Judging Management System v1.0.0 was discovered to contain a SQL injec ...)
 	NOT-FOR-US: Judging Management System
 CVE-2022-46622 (A cross-site scripting (XSS) vulnerability in Judging Management Syste ...)
@@ -14261,7 +14261,7 @@ CVE-2022-46130
 CVE-2022-46129
 	RESERVED
 CVE-2022-46128 (phpgurukul Doctor Appointment Management System V 1.0.0 is vulnerable  ...)
-	TODO: check
+	NOT-FOR-US: phpgurukul Doctor Appointment Management System V
 CVE-2022-46127 (Helmet Store Showroom Site v1.0 is vulnerable to SQL Injection via /hs ...)
 	NOT-FOR-US: Helmet Store Showroom Site
 CVE-2022-46126 (Helmet Store Showroom Site v1.0 is vulnerable to SQL Injection via /hs ...)
@@ -14683,7 +14683,7 @@ CVE-2022-45922 (An issue was discovered in OpenText Content Suite Platform 22.1
 CVE-2022-45921 (FusionAuth before 1.41.3 allows a file outside of the application root ...)
 	NOT-FOR-US: FusionAuth
 CVE-2022-45920 (In Softing uaToolkit Embedded before 1.41, a malformed CreateMonitored ...)
-	TODO: check
+	NOT-FOR-US: Softing uaToolkit Embedded
 CVE-2022-45919 (An issue was discovered in the Linux kernel through 6.0.10. In drivers ...)
 	- linux <unfixed>
 	NOTE: https://lore.kernel.org/linux-media/20221121063308.GA33821%40ubuntu/T/#u
@@ -14955,7 +14955,7 @@ CVE-2022-45822 (Unauth. SQL Injection (SQLi) vulnerability in Advanced Booking C
 CVE-2022-45821
 	RESERVED
 CVE-2022-45820 (SQL Injection (SQLi) vulnerability in LearnPress – WordPress LMS ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-45819
 	RESERVED
 CVE-2022-45818
@@ -14979,7 +14979,7 @@ CVE-2022-45810
 CVE-2022-45809
 	RESERVED
 CVE-2022-45808 (SQL Injection vulnerability in LearnPress – WordPress LMS Plugin ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-45807
 	RESERVED
 CVE-2022-45806
@@ -15213,7 +15213,7 @@ CVE-2022-45732
 CVE-2022-45731
 	RESERVED
 CVE-2022-45730 (A cross-site scripting (XSS) vulnerability in Doctor Appointment Manag ...)
-	TODO: check
+	NOT-FOR-US: Doctor Appointment Management System
 CVE-2022-45729 (A cross-site scripting (XSS) vulnerability in Doctor Appointment Manag ...)
 	NOT-FOR-US: Doctor Appointment Management System
 CVE-2022-45728 (Doctor Appointment Management System v1.0.0 was discovered to contain  ...)
@@ -15561,9 +15561,9 @@ CVE-2022-45560
 CVE-2022-45559
 	RESERVED
 CVE-2022-45558 (Cross site scripting (XSS) vulnerability in Hundredrabbits Left 7.1.5  ...)
-	TODO: check
+	NOT-FOR-US: Hundredrabbits Left
 CVE-2022-45557 (Cross site scripting (XSS) vulnerability in Hundredrabbits Left 7.1.5  ...)
-	TODO: check
+	NOT-FOR-US: Hundredrabbits Left
 CVE-2022-45556
 	RESERVED
 CVE-2022-45555
@@ -15593,17 +15593,17 @@ CVE-2022-45544
 CVE-2022-45543
 	RESERVED
 CVE-2022-45542 (EyouCMS <= 1.6.0 was discovered a reflected-XSS in the FileManager  ...)
-	TODO: check
+	NOT-FOR-US: EyouCMS
 CVE-2022-45541 (EyouCMS <= 1.6.0 was discovered a reflected-XSS in the article attr ...)
-	TODO: check
+	NOT-FOR-US: EyouCMS
 CVE-2022-45540 (EyouCMS <= 1.6.0 was discovered a reflected-XSS in article type edi ...)
-	TODO: check
+	NOT-FOR-US: EyouCMS
 CVE-2022-45539 (EyouCMS <= 1.6.0 was discovered a reflected-XSS in FileManager comp ...)
-	TODO: check
+	NOT-FOR-US: EyouCMS
 CVE-2022-45538 (EyouCMS <= 1.6.0 was discovered a reflected-XSS in the article publ ...)
-	TODO: check
+	NOT-FOR-US: EyouCMS
 CVE-2022-45537 (EyouCMS <= 1.6.0 was discovered a reflected-XSS in the article publ ...)
-	TODO: check
+	NOT-FOR-US: EyouCMS
 CVE-2022-45536 (AeroCMS v0.0.1 was discovered to contain a SQL Injection vulnerability ...)
 	NOT-FOR-US: AeroCMS
 CVE-2022-45535 (AeroCMS v0.0.1 was discovered to contain a SQL Injection vulnerability ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5718e4d036ea23971ff2866e54a8132785e5bba3

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5718e4d036ea23971ff2866e54a8132785e5bba3
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230126/bf1477bb/attachment.htm>

More information about the debian-security-tracker-commits mailing list