Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
87dd0dc4 by Salvatore Bonaccorso at 2022-09-24T10:22:48+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -251,7 +251,7 @@ CVE-2022-41221
CVE-2022-40224
RESERVED
CVE-2022-3263 (The security descriptor of Measuresoft ScadaPro Server version
6.7 has ...)
- TODO: check
+ NOT-FOR-US: Measuresoft ScadaPro Server
CVE-2022-3262
RESERVED
NOT-FOR-US: OpenShift
@@ -1329,7 +1329,7 @@ CVE-2022-40765
CVE-2022-40764
RESERVED
CVE-2022-3236 (A code injection vulnerability in the User Portal and Webadmin
allows ...)
- TODO: check
+ NOT-FOR-US: Sophos
CVE-2022-40763
RESERVED
CVE-2022-3235 (Use After Free in GitHub repository vim/vim prior to 9.0.0490.
...)
@@ -1523,15 +1523,15 @@ CVE-2022-40676
CVE-2022-40675
RESERVED
CVE-2022-40672 (Authenticated (admin+) Stored Cross-Site Scripting (XSS)
vulnerability ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-40671 (Cross-Site Request Forgery (CSRF) vulnerability in Rate my
Post – ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-40632
RESERVED
CVE-2022-40312
RESERVED
CVE-2022-40310 (Authenticated (subscriber+) Race Condition vulnerability in
Rate my Po ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-40223
RESERVED
CVE-2022-40219 (Cross-Site Request Forgery (CSRF) vulnerability in SedLex
FavIcon Swit ...)
@@ -1539,9 +1539,9 @@ CVE-2022-40219 (Cross-Site Request Forgery (CSRF)
vulnerability in SedLex FavIco
CVE-2022-40217 (Authenticated (admin+) Arbitrary File Edit/Upload
vulnerability in Xpl ...)
NOT-FOR-US: WordPress plugin
CVE-2022-40215 (Multiple Authenticated Stored Cross-Site Scripting (XSS)
vulnerabiliti ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-40213 (Multiple Authenticated (contributor+) Stored Cross-Site
Scripting (XSS ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-40211
RESERVED
CVE-2022-40206
@@ -1549,7 +1549,7 @@ CVE-2022-40206
CVE-2022-40205
RESERVED
CVE-2022-40193 (Unauthenticated Stored Cross-Site Scripting (XSS)
vulnerability in Awe ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-40131
RESERVED
CVE-2022-38974
@@ -1559,11 +1559,11 @@ CVE-2022-38468
CVE-2022-38461
RESERVED
CVE-2022-38454 (Cross-Site Request Forgery (CSRF) vulnerability in Kraken.io
Image Opt ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-38104
RESERVED
CVE-2022-38079 (Cross-Site Request Forgery (CSRF) vulnerability Backup
Scheduler plugi ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-38074
RESERVED
CVE-2022-38073 (Multiple Authenticated (custom specific plugin role)
Persistent Cross- ...)
@@ -1571,11 +1571,11 @@ CVE-2022-38073 (Multiple Authenticated (custom specific
plugin role) Persistent
CVE-2022-36424
RESERVED
CVE-2022-36417 (Multiple Stored Cross-Site Scripting (XSS) via Cross-Site
Request Forg ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-36404
RESERVED
CVE-2022-35238 (Unauthenticated Plugin Settings Change vulnerability in
Awesome Filter ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-33978
RESERVED
CVE-2022-3216 (A vulnerability has been found in Nintendo Game Boy Color and
classifi ...)
@@ -2668,25 +2668,25 @@ CVE-2022-40198
CVE-2022-40197
RESERVED
CVE-2022-40195 (Authenticated (admin+) Stored Cross-Site Scripting (XSS)
vulnerability ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-40194 (Unauthenticated Sensitive Information Disclosure vulnerability
in Cust ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-40191 (Authenticated (subscriber+) Stored Cross-Site Scripting (XSS)
vulnerab ...)
NOT-FOR-US: WordPress plugin
CVE-2022-40189
RESERVED
CVE-2022-40132 (Cross-Site Request Forgery (CSRF) vulnerability in Seriously
Simple Po ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-38976
RESERVED
CVE-2022-38704 (Cross-Site Request Forgery (CSRF) vulnerability in SEO
Redirection plu ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-38703 (Authenticated (admin+) Stored Cross-Site Scripting (XSS)
vulnerability ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-38470 (Cross-Site Request Forgery (CSRF) vulnerability in Customer
Reviews fo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-38460 (Authenticated (contributor+) Stored Cross-Site Scripting (XSS)
vulnera ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-38144 (Cross-Site Request Forgery (CSRF) vulnerability in gVectors
Team wpFor ...)
NOT-FOR-US: WordPress plugin
CVE-2022-38140
@@ -2698,27 +2698,27 @@ CVE-2022-38137
CVE-2022-38135 (Broken Access Control vulnerability in Dean Oakley's
Photospace Galler ...)
NOT-FOR-US: WordPress plugin
CVE-2022-38134 (Authenticated (subscriber+) Broken Access Control
vulnerability in Cus ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-38098
RESERVED
CVE-2022-38095 (Cross-Site Request Forgery (CSRF) vulnerability in AlgolPlus
Advanced ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-38086
RESERVED
CVE-2022-38085 (Cross-Site Request Forgery (CSRF) vulnerability in Read more
By Adam p ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-38077
RESERVED
CVE-2022-37342 (Authenticated (admin+) Stored Cross-Site Scripting (XSS)
vulnerability ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-36790
RESERVED
CVE-2022-36388 (Cross-Site Request Forgery (CSRF) vulnerability in YDS Support
Ticket ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-36356 (Authenticated (admin+) Stored Cross-Site Scripting (XSS)
vulnerability ...)
NOT-FOR-US: WordPress plugin
CVE-2022-36340 (Unauthenticated Optin Campaign Cache Deletion vulnerability in
MailOpt ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-36299
RESERVED
CVE-2022-36295
@@ -2944,25 +2944,25 @@ CVE-2022-40124
CVE-2022-40123
RESERVED
CVE-2022-40122 (Online Banking System v1.0 was discovered to contain a SQL
injection v ...)
- TODO: check
+ NOT-FOR-US: Online Banking System
CVE-2022-40121 (Online Banking System v1.0 was discovered to contain a SQL
injection v ...)
- TODO: check
+ NOT-FOR-US: Online Banking System
CVE-2022-40120 (Online Banking System v1.0 was discovered to contain a SQL
injection v ...)
- TODO: check
+ NOT-FOR-US: Online Banking System
CVE-2022-40119 (Online Banking System v1.0 was discovered to contain a SQL
injection v ...)
- TODO: check
+ NOT-FOR-US: Online Banking System
CVE-2022-40118 (Online Banking System v1.0 was discovered to contain a SQL
injection v ...)
- TODO: check
+ NOT-FOR-US: Online Banking System
CVE-2022-40117 (Online Banking System v1.0 was discovered to contain a SQL
injection v ...)
- TODO: check
+ NOT-FOR-US: Online Banking System
CVE-2022-40116 (Online Banking System v1.0 was discovered to contain a SQL
injection v ...)
- TODO: check
+ NOT-FOR-US: Online Banking System
CVE-2022-40115 (Online Banking System v1.0 was discovered to contain a SQL
injection v ...)
- TODO: check
+ NOT-FOR-US: Online Banking System
CVE-2022-40114 (Online Banking System v1.0 was discovered to contain a SQL
injection v ...)
- TODO: check
+ NOT-FOR-US: Online Banking System
CVE-2022-40113 (Online Banking System v1.0 was discovered to contain a SQL
injection v ...)
- TODO: check
+ NOT-FOR-US: Online Banking System
CVE-2022-40112 (TOTOLINK A3002R TOTOLINK-A3002R-He-V1.1.1-B20200824.0128 is
vulnerable ...)
NOT-FOR-US: TOTOLINK
CVE-2022-40111 (In TOTOLINK A3002R TOTOLINK-A3002R-He-V1.1.1-B20200824.0128 in
the sha ...)
@@ -3002,11 +3002,11 @@ CVE-2022-40095
CVE-2022-40094
RESERVED
CVE-2022-40093 (Online Tours & Travels Management System v1.0 was
discovered to co ...)
- TODO: check
+ NOT-FOR-US: Online Tours & Travels Management System
CVE-2022-40092 (Online Tours & Travels Management System v1.0 was
discovered to co ...)
- TODO: check
+ NOT-FOR-US: Online Tours & Travels Management System
CVE-2022-40091 (Online Tours & Travels Management System v1.0 was
discovered to co ...)
- TODO: check
+ NOT-FOR-US: Online Tours & Travels Management System
CVE-2022-40090
RESERVED
CVE-2022-40089 (A remote file inclusion (RFI) vulnerability in Simple College
Website ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/87dd0dc4d8b00f5c97ddf3465f85dae7a6a52ec6
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/87dd0dc4d8b00f5c97ddf3465f85dae7a6a52ec6
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
