Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
20f29a7c by Salvatore Bonaccorso at 2022-09-09T22:39:21+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,7 +1,7 @@
CVE-2022-40318
RESERVED
CVE-2022-40317 (OpenKM 6.3.11 allows stored XSS related to the
javascript: s ...)
- TODO: check
+ NOT-FOR-US: OpenKM
CVE-2022-40316
RESERVED
CVE-2022-40315
@@ -216,7 +216,7 @@ CVE-2022-40195
CVE-2022-40194
RESERVED
CVE-2022-40191 (Authenticated (subscriber+) Stored Cross-Site Scripting (XSS)
vulnerab ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-40189
RESERVED
CVE-2022-40132
@@ -232,7 +232,7 @@ CVE-2022-38470
CVE-2022-38460
RESERVED
CVE-2022-38144 (Cross-Site Request Forgery (CSRF) vulnerability in gVectors
Team wpFor ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-38140
RESERVED
CVE-2022-38139
@@ -260,7 +260,7 @@ CVE-2022-36790
CVE-2022-36388
RESERVED
CVE-2022-36356 (Authenticated (admin+) Stored Cross-Site Scripting (XSS)
vulnerability ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-36340
RESERVED
CVE-2022-36299
@@ -1028,13 +1028,13 @@ CVE-2022-39848
CVE-2022-39847
RESERVED
CVE-2022-39846 (DLL hijacking vulnerability in Smart Switch PC prior to
version 4.3.22 ...)
- TODO: check
+ NOT-FOR-US: Samstung
CVE-2022-39845 (Improper validation of integrity check vulnerability in
Samsung Kies p ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-39844 (Improper validation of integrity check vulnerability in Smart
Switch P ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-3133 (OS Command Injection in GitHub repository jgraph/drawio prior
to 20.3. ...)
- TODO: check
+ NOT-FOR-US: jgraph/drawio
CVE-2022-3132
RESERVED
CVE-2022-3131
@@ -1136,19 +1136,19 @@ CVE-2022-39812
CVE-2022-39811
RESERVED
CVE-2022-39810 (An issue was discovered in WSO2 Enterprise Integrator 6.4.0. A
Reflect ...)
- TODO: check
+ NOT-FOR-US: WSO2 Enterprise Integrator
CVE-2022-39809 (An issue was discovered in WSO2 Enterprise Integrator 6.4.0. A
Reflect ...)
- TODO: check
+ NOT-FOR-US: WSO2 Enterprise Integrator
CVE-2022-38701 (OpenHarmony-v3.1.2 and prior versions have a heap overflow
vulnerabili ...)
- TODO: check
+ NOT-FOR-US: OpenHarmony
CVE-2022-38700 (OpenHarmony-v3.1.1 and prior versions have a permission bypass
vulnera ...)
- TODO: check
+ NOT-FOR-US: OpenHarmony
CVE-2022-38081 (OpenHarmony-v3.1.2 and prior versions have a permission bypass
vulnera ...)
- TODO: check
+ NOT-FOR-US: OpenHarmony
CVE-2022-38064 (OpenHarmony-v3.1.2 and prior versions have a permission bypass
vulnera ...)
- TODO: check
+ NOT-FOR-US: OpenHarmony
CVE-2022-36423 (OpenHarmony-v3.1.2 and prior versions have an incorrect
configuration ...)
- TODO: check
+ NOT-FOR-US: OpenHarmony
CVE-2022-3120 (A vulnerability classified as critical was found in
SourceCodester Cli ...)
NOT-FOR-US: SourceCodester Clinics Patient Management System
CVE-2022-3119
@@ -4139,11 +4139,11 @@ CVE-2022-38617
CVE-2022-38616
RESERVED
CVE-2022-38615 (SmartVista SVFE2 v2.2.22 was discovered to contain multiple
SQL inject ...)
- TODO: check
+ NOT-FOR-US: SmartVista
CVE-2022-38614 (An issue in the IGB Files and OutfileService features of
SmartVista Ca ...)
- TODO: check
+ NOT-FOR-US: SmartVista
CVE-2022-38613 (A Path Traversal vulnerability in SmartVista Cardgen v3.28.0
allows au ...)
- TODO: check
+ NOT-FOR-US: SmartVista
CVE-2022-38612
RESERVED
CVE-2022-38611
@@ -5201,35 +5201,35 @@ CVE-2022-38288
CVE-2022-38287
RESERVED
CVE-2022-38286 (JFinal CMS 5.1.0 is vulnerable to SQL Injection via
/system/role/list. ...)
- TODO: check
+ NOT-FOR-US: JFinal CMS
CVE-2022-38285 (JFinal CMS 5.1.0 is vulnerable to SQL Injection via
/system/menu/list. ...)
- TODO: check
+ NOT-FOR-US: JFinal CMS
CVE-2022-38284 (JFinal CMS 5.1.0 is vulnerable to SQL Injection via
/system/department ...)
- TODO: check
+ NOT-FOR-US: JFinal CMS
CVE-2022-38283 (JFinal CMS 5.1.0 is vulnerable to SQL Injection via
/admin/video/list. ...)
- TODO: check
+ NOT-FOR-US: JFinal CMS
CVE-2022-38282 (JFinal CMS 5.1.0 is vulnerable to SQL Injection via
/admin/videoalbum/ ...)
- TODO: check
+ NOT-FOR-US: JFinal CMS
CVE-2022-38281 (JFinal CMS 5.1.0 is vulnerable to SQL Injection via
/admin/site/list. ...)
- TODO: check
+ NOT-FOR-US: JFinal CMS
CVE-2022-38280 (JFinal CMS 5.1.0 is vulnerable to SQL Injection via
/admin/image/list. ...)
- TODO: check
+ NOT-FOR-US: JFinal CMS
CVE-2022-38279 (JFinal CMS 5.1.0 is vulnerable to SQL Injection via
/admin/imagealbum/ ...)
- TODO: check
+ NOT-FOR-US: JFinal CMS
CVE-2022-38278 (JFinal CMS 5.1.0 is vulnerable to SQL Injection via
/admin/friendlylin ...)
- TODO: check
+ NOT-FOR-US: JFinal CMS
CVE-2022-38277 (JFinal CMS 5.1.0 is vulnerable to SQL Injection via
/admin/folderrollp ...)
- TODO: check
+ NOT-FOR-US: JFinal CMS
CVE-2022-38276 (JFinal CMS 5.1.0 is vulnerable to SQL Injection via
/admin/foldernotic ...)
- TODO: check
+ NOT-FOR-US: JFinal CMS
CVE-2022-38275 (JFinal CMS 5.1.0 is vulnerable to SQL Injection via
/admin/contact/lis ...)
- TODO: check
+ NOT-FOR-US: JFinal CMS
CVE-2022-38274 (JFinal CMS 5.1.0 is vulnerable to SQL Injection via
/admin/comment/lis ...)
- TODO: check
+ NOT-FOR-US: JFinal CMS
CVE-2022-38273 (JFinal CMS 5.1.0 is vulnerable to SQL Injection via
/admin/article/lis ...)
- TODO: check
+ NOT-FOR-US: JFinal CMS
CVE-2022-38272 (JFinal CMS 5.1.0 is vulnerable to SQL Injection via
/admin/article/lis ...)
- TODO: check
+ NOT-FOR-US: JFinal CMS
CVE-2022-38271
RESERVED
CVE-2022-38270
@@ -5744,35 +5744,35 @@ CVE-2022-38107
CVE-2022-38106
RESERVED
CVE-2022-38093 (Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in
All in O ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-38070 (Privilege Escalation (subscriber+) vulnerability in Pop-up
plugin < ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-38068 (Authenticated (admin+) Stored Cross-Site Scripting (XSS)
vulnerability ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-38067 (Unauthenticated Event Deletion vulnerability in Totalsoft
Event Calend ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-38062
RESERVED
CVE-2022-38061
RESERVED
CVE-2022-38059 (Cross-Site Request Forgery (CSRF) vulnerability in Alexey
Trofimov's A ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-38058 (Authenticated (subscriber+) Plugin Setting change
vulnerability in WP ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-38054 (In Apache Airflow versions 2.2.4 through 2.3.3, the `database`
webserv ...)
- airflow <itp> (bug #819700)
CVE-2022-37412 (Authenticated (admin+) Reflected Cross-Site Scripting (XSS)
vulnerabil ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-37411 (Cross-Site Request Forgery (CSRF) vulnerability in Vinoj
Cardoza's Cap ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-37407 (Multiple Authenticated Stored Cross-Site Scripting (XSS)
vulnerabiliti ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-37405 (Cross-Site Request Forgery (CSRF) vulnerability in Mickey
Kay's Better ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-37404 (Authenticated (admin+) Stored Cross-Site Scripting (XSS)
vulnerability ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-37403 (Authenticated (admin+) Stored Cross-Site Scripting (XSS)
vulnerability ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-37402
RESERVED
CVE-2022-37344 (Missing Access Control vulnerability in PHP Crafts
Accommodation Syste ...)
@@ -5782,7 +5782,7 @@ CVE-2022-37339
CVE-2022-37338
RESERVED
CVE-2022-37335 (Authenticated (author+) Stored Cross-Site Scripting (XSS)
vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-37330
RESERVED
CVE-2022-37328
@@ -5792,7 +5792,7 @@ CVE-2022-36798
CVE-2022-36796 (Cross-Site Request Forgery (CSRF) vulnerability leading to
Stored Cros ...)
NOT-FOR-US: WordPress plugin
CVE-2022-36793 (Unauthenticated Plugin Settings Change & Data Deletion
vulnerabili ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-36791
RESERVED
CVE-2022-36428
@@ -5802,7 +5802,7 @@ CVE-2022-36427 (Missing Access Control vulnerability in
About Rentals. Inc. Abou
CVE-2022-36425 (Broken Access Control vulnerability in Beaver Builder plugin
<= 2.5 ...)
NOT-FOR-US: WordPress plugin
CVE-2022-36422 (Rating increase/decrease via race condition in Lester 'GaMerZ'
Chan WP ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-36405 (Authenticated (contributor+) Stored Cross-Site Scripting (XSS)
vulnera ...)
NOT-FOR-US: WordPress plugin
CVE-2022-36394 (Authenticated (author+) SQL Injection (SQLi) vulnerability in
Contest ...)
@@ -5814,7 +5814,7 @@ CVE-2022-36387 (Broken Access Control vulnerability in
Alessio Caiazza's About M
CVE-2022-36383
RESERVED
CVE-2022-36376 (Server-Side Request Forgery (SSRF) vulnerability in Rank Math
SEO plug ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-36373 (Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in
Simon Wa ...)
NOT-FOR-US: WordPress plugin
CVE-2022-36365
@@ -5832,11 +5832,11 @@ CVE-2022-36345
CVE-2022-35726 (Broken Authentication vulnerability in yotuwp Video Gallery
plugin < ...)
NOT-FOR-US: WordPress plugin
CVE-2022-35725 (Authenticated (admin+) Stored Cross-Site Scripting (XSS)
vulnerability ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-35277 (Cross-Site Request Forgery (CSRF) vulnerability in GetResponse
plugin ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-35275 (Authenticated (shop manager+) Reflected Cross-Site Scripting
(XSS) vul ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-35242 (Unauthenticated plugin settings change vulnerability in 59sec
THE Lead ...)
NOT-FOR-US: WordPress plugin
CVE-2022-35235 (Authenticated (admin+) Arbitrary File Read vulnerability in
XplodedThe ...)
@@ -7797,7 +7797,7 @@ CVE-2022-2594 (The Advanced Custom Fields WordPress
plugin before 5.12.3, Advanc
CVE-2022-2593 (The Better Search Replace WordPress plugin before 1.4.1 does
not prope ...)
NOT-FOR-US: WordPress plugin
CVE-2022-37299 (An issue was discovered in Shirne CMS 1.2.0. There is a Path
Traversal ...)
- TODO: check
+ NOT-FOR-US: Shirne CMS
CVE-2022-37298
RESERVED
CVE-2022-37297
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/20f29a7c81ef7e7df3504e844d834cf51be7dd74
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/20f29a7c81ef7e7df3504e844d834cf51be7dd74
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
