Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
b127d95c by Salvatore Bonaccorso at 2022-08-23T22:31:48+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -49,7 +49,7 @@ CVE-2022-2967
CVE-2022-2966
RESERVED
CVE-2022-2965 (Improper Restriction of Rendered UI Layers or Frames in GitHub
reposit ...)
- TODO: check
+ NOT-FOR-US: NotrinosERP
CVE-2022-2964
RESERVED
CVE-2022-2963
@@ -67,7 +67,7 @@ CVE-2022-2958
CVE-2022-2957
RESERVED
CVE-2022-2956 (A vulnerability classified as problematic has been found in
ConsoleTVs ...)
- TODO: check
+ NOT-FOR-US: Noxen
CVE-2022-2955
RESERVED
CVE-2022-2954
@@ -155,11 +155,11 @@ CVE-2022-2947
CVE-2022-38666
RESERVED
CVE-2022-38665 (Jenkins CollabNet Plugins Plugin 2.0.8 and earlier stores a
RabbitMQ p ...)
- TODO: check
+ NOT-FOR-US: Jenkins CollabNet Plugins Plugin
CVE-2022-38664 (Jenkins Job Configuration History Plugin 1165.v8cc9fd1f4597
and earlie ...)
- TODO: check
+ NOT-FOR-US: Jenkins Job Configuration History Plugin
CVE-2022-38663 (Jenkins Git Plugin 4.11.4 and earlier does not properly mask
(i.e., re ...)
- TODO: check
+ NOT-FOR-US: Jenkins Git Plugin
CVE-2022-38662
RESERVED
CVE-2022-38661
@@ -1551,7 +1551,7 @@ CVE-2022-2798
CVE-2022-2797 (A vulnerability classified as critical was found in
SourceCodester Stu ...)
NOT-FOR-US: SourceCodester Student Information System
CVE-2022-2796 (Cross-site Scripting (XSS) - Stored in GitHub repository
pimcore/pimco ...)
- TODO: check
+ NOT-FOR-US: pimcore
CVE-2022-2795
RESERVED
CVE-2022-38176
@@ -1563,7 +1563,7 @@ CVE-2022-38174
CVE-2022-38173
RESERVED
CVE-2022-38172 (ServiceNow through San Diego Patch 3 allows XSS via the name
field dur ...)
- TODO: check
+ NOT-FOR-US: ServiceNow
CVE-2022-38171 (Xpdf prior to version 4.04 contains an integer overflow in the
JBIG2 d ...)
TODO: check, https://bugzilla.redhat.com/show_bug.cgi?id=2120439, might
be N/A for us as using poppler
CVE-2022-2794
@@ -1870,9 +1870,9 @@ CVE-2022-36425
CVE-2022-36422
RESERVED
CVE-2022-36405 (Authenticated (contributor+) Stored Cross-Site Scripting (XSS)
vulnera ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-36394 (Authenticated (author+) SQL Injection (SQLi) vulnerability in
Contest ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-36390
RESERVED
CVE-2022-36387
@@ -1892,11 +1892,11 @@ CVE-2022-36355
CVE-2022-36352
RESERVED
CVE-2022-36347 (Authenticated (admin+) Stored Cross-Site Scripting (XSS)
vulnerability ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-36345
RESERVED
CVE-2022-35726 (Broken Authentication vulnerability in yotuwp Video Gallery
plugin < ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-35725
RESERVED
CVE-2022-35277
@@ -1904,9 +1904,9 @@ CVE-2022-35277
CVE-2022-35275
RESERVED
CVE-2022-35242 (Unauthenticated plugin settings change vulnerability in 59sec
THE Lead ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-35235 (Authenticated (admin+) Arbitrary File Read vulnerability in
XplodedThe ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-31474
RESERVED
CVE-2022-29476 (Unauthenticated Stored Cross-Site Scripting (XSS)
vulnerability in 8 D ...)
@@ -3383,7 +3383,7 @@ CVE-2022-37399
CVE-2022-37398 (A stack-based buffer overflow vulnerability was found inside
ADM when ...)
NOT-FOR-US: ASUSTOR Data Master (ADM)
CVE-2022-36350 (Stored cross-site scripting vulnerability in PukiWiki versions
1.3.1 t ...)
- TODO: check
+ NOT-FOR-US: PukiWiki
CVE-2022-2667 (A vulnerability was found in SourceCodester Loan Management
System and ...)
NOT-FOR-US: SourceCodester
CVE-2022-2666
@@ -3995,7 +3995,7 @@ CVE-2022-37225
CVE-2022-37224
RESERVED
CVE-2022-37223 (JFinal CMS 5.1.0 is vulnerable to SQL Injection via
/jfinal_cms/system ...)
- TODO: check
+ NOT-FOR-US: JFinal CMS
CVE-2022-37222
RESERVED
CVE-2022-37221
@@ -4043,7 +4043,7 @@ CVE-2022-37201
CVE-2022-37200
RESERVED
CVE-2022-37199 (JFinal CMS 5.1.0 is vulnerable to SQL Injection via
/jfinal_cms/system ...)
- TODO: check
+ NOT-FOR-US: JFinal CMS
CVE-2022-37198
RESERVED
CVE-2022-37197
@@ -4215,11 +4215,11 @@ CVE-2022-37115
CVE-2022-37114
RESERVED
CVE-2022-37113 (Bluecms 1.6 has SQL injection in line 132 of admin/area.php
...)
- TODO: check
+ NOT-FOR-US: Bluecms
CVE-2022-37112 (BlueCMS 1.6 has SQL injection in line 55 of admin/model.php
...)
- TODO: check
+ NOT-FOR-US: Bluecms
CVE-2022-37111 (BlueCMS 1.6 has SQL injection in line 132 of admin/article.php
...)
- TODO: check
+ NOT-FOR-US: Bluecms
CVE-2022-37110
RESERVED
CVE-2022-37109
@@ -5938,11 +5938,11 @@ CVE-2018-25045 (Django REST framework (aka
django-rest-framework) before 3.9.1 a
CVE-2022-36407
RESERVED
CVE-2022-36389 (Cross-Site Request Forgery (CSRF) vulnerability in WordPlus
Better Mes ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-36386
RESERVED
CVE-2022-36379 (Cross-Site Request Forgery (CSRF) leading to plugin settings
update in ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-36378 (Authenticated (author or higher user role) Stored Cross-Site
Scripting ...)
NOT-FOR-US: WordPress plugin
CVE-2022-36375 (Authenticated (high role user) WordPress Options Change
vulnerability ...)
@@ -5958,33 +5958,33 @@ CVE-2022-36344 (An unquoted search path vulnerability
exists in 'JustSystems JUS
CVE-2022-36343 (Authenticated (author or higher user role) Stored Cross-Site
Scripting ...)
NOT-FOR-US: WordPress plugin
CVE-2022-36341 (Authenticated (subscriber+) plugin settings change leading to
Stored C ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-36296 (Broken Authentication vulnerability in JumpDEMAND Inc.
ActiveDEMAND pl ...)
NOT-FOR-US: JumpDEMAND
CVE-2022-36292 (Cross-Site Request Forgery (CSRF) vulnerabilities in WPChill
Gallery P ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-36288 (Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in
W3 Eden ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-36285 (Authenticated Arbitrary File Upload vulnerability in
dmitrylitvinov Up ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-36284 (Authenticated IDOR vulnerability in StoreApps Affiliate For
WooCommerc ...)
NOT-FOR-US: WooCommerce addon
CVE-2022-36282 (Authenticated (editor+) Stored Cross-Site Scripting (XSS)
vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-35882 (Authenticated (author or higher user role) Stored Cross-Site
Scripting ...)
NOT-FOR-US: WordPress plugin
CVE-2022-34868 (Authenticated Arbitrary Settings Update vulnerability in
YooMoney 
 ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-34867
RESERVED
CVE-2022-34857 (Reflected Cross-Site Scripting (XSS) vulnerability in
smartypants SP P ...)
NOT-FOR-US: WordPress plugin
CVE-2022-34658 (Multiple Authenticated (contributor+) Persistent Cross-Site
Scripting ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-34656
RESERVED
CVE-2022-34648 (Authenticated (author+) Stored Cross-Site Scripting (XSS)
vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-34344
RESERVED
CVE-2022-34154 (Authenticated (author or higher user role) Arbitrary File
Upload vulne ...)
@@ -5998,7 +5998,7 @@ CVE-2022-33943 (Authenticated (contributor or higher user
role) Cross-Site Scrip
CVE-2022-33201 (Cross-Site Request Forgery (CSRF) vulnerability in MailerLite
– ...)
NOT-FOR-US: MailerLite
CVE-2022-33142 (Authenticated (subscriber+) Denial Of Service (DoS)
vulnerability in W ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-2515
RESERVED
CVE-2022-2514 (The time and filter parameters in Fava prior to v1.22 are
vulnerable t ...)
@@ -6430,7 +6430,7 @@ CVE-2022-36263 (StreamLabs Desktop Application 1.9.0 is
vulnerable to Incorrect
CVE-2022-36262 (An issue was discovered in taocms 3.0.2. in the website
settings that ...)
NOT-FOR-US: taocms
CVE-2022-36261 (An arbitrary file deletion vulnerability was discovered in
taocms 3.0. ...)
- TODO: check
+ NOT-FOR-US: taocms
CVE-2022-36260
RESERVED
CVE-2022-36259
@@ -8981,7 +8981,7 @@ CVE-2022-35205
CVE-2022-35204 (Vitejs Vite before v2.9.13 was discovered to allow attackers
to perfor ...)
NOT-FOR-US: Vitejs Vite
CVE-2022-35203 (An access control issue in TrendNet TV-IP572PI v1.0 allows
unauthentic ...)
- TODO: check
+ NOT-FOR-US: TrendNet TV-IP572PI
CVE-2022-35202
RESERVED
CVE-2022-35201 (Tenda-AC18 V15.03.05.05 was discovered to contain a remote
command exe ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b127d95c2948c56a71ebc05674b8cdc5934b4472
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b127d95c2948c56a71ebc05674b8cdc5934b4472
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
