Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
99182332 by Salvatore Bonaccorso at 2022-10-17T22:21:25+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -2842,23 +2842,23 @@ CVE-2022-42173
CVE-2022-42172
RESERVED
CVE-2022-42171 (Tenda AC10 V15.03.06.23 contains a Stack overflow
vulnerability via /g ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2022-42170 (Tenda AC10 V15.03.06.23 contains a Stack overflow
vulnerability via /g ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2022-42169 (Tenda AC10 V15.03.06.23 contains a Stack overflow
vulnerability via /g ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2022-42168 (Tenda AC10 V15.03.06.23 contains a Stack overflow
vulnerability via /g ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2022-42167 (Tenda AC10 V15.03.06.23 contains a Stack overflow
vulnerability via /g ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2022-42166 (Tenda AC10 V15.03.06.23 contains a Stack overflow
vulnerability via /g ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2022-42165 (Tenda AC10 V15.03.06.23 contains a Stack overflow
vulnerability via /g ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2022-42164 (Tenda AC10 V15.03.06.23 contains a Stack overflow
vulnerability via /g ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2022-42163 (Tenda AC10 V15.03.06.23 contains a Stack overflow
vulnerability via /g ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2022-42162
RESERVED
CVE-2022-42161 (D-Link COVR 1200,1202,1203 v1.08 was discovered to contain a
command i ...)
@@ -4893,7 +4893,7 @@ CVE-2022-3284
CVE-2022-3283 (A potential DOS vulnerability was discovered in GitLab CE/EE
affecting ...)
- gitlab <unfixed>
CVE-2022-3282 (The Drag and Drop Multiple File Upload WordPress plugin before
1.3.6.5 ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-41326
RESERVED
CVE-2022-41325
@@ -5403,9 +5403,9 @@ CVE-2022-3246
CVE-2022-3245 (HTML injection attack is closely related to Cross-site
Scripting (XSS) ...)
NOT-FOR-US: microweber
CVE-2022-3244 (The Import all XML, CSV & TXT WordPress plugin before 6.5.8
does n ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-3243 (The Import all XML, CSV & TXT WordPress plugin before 6.5.8
does n ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-3242 (Code Injection in GitHub repository microweber/microweber prior
to 1.3 ...)
NOT-FOR-US: microweber
CVE-2022-3241
@@ -6570,7 +6570,7 @@ CVE-2022-3208 (The Simple File List WordPress plugin
before 4.4.12 does not impl
CVE-2022-3207 (The Simple File List WordPress plugin before 4.4.12 does not
sanitise ...)
NOT-FOR-US: WordPress plugin
CVE-2022-3206 (The Passster WordPress plugin before 3.5.5.5.2 stores the
password ins ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-3205 (An XSS exists in automation controller UI where the project
name is su ...)
NOT-FOR-US: Red Hat Ansible Automation Controller
CVE-2022-3204 (A vulnerability named 'Non-Responsive Delegation Attack'
(NRDelegation ...)
@@ -7740,11 +7740,11 @@ CVE-2022-3153 (NULL Pointer Dereference in GitHub
repository vim/vim prior to 9.
CVE-2022-3152 (Unverified Password Change in GitHub repository
phpfusion/phpfusion pr ...)
NOT-FOR-US: PHP-Fusion
CVE-2022-3151 (The WP Custom Cursors WordPress plugin before 3.0.1 does not
have CSRF ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-3150 (The WP Custom Cursors WordPress plugin through 3.0 does not
properly s ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-3149 (The WP Custom Cursors WordPress plugin before 3.0.1 does not
have CSRF ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-3148 (Cross-site Scripting (XSS) - Generic in GitHub repository
jgraph/drawi ...)
NOT-FOR-US: jgraph/drawio
CVE-2022-40144 (A vulnerability in Trend Micro Apex One and Trend Micro Apex
One as a ...)
@@ -7810,7 +7810,7 @@ CVE-2022-3140 (LibreOffice supports Office URI Schemes to
enable browser integra
- libreoffice 1:7.4.1~rc2-3
NOTE:
https://www.libreoffice.org/about-us/security/advisories/cve-2022-3140
CVE-2022-3139 (The We’re Open! WordPress plugin before 1.42 does not
sanitise a ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-3138 (Cross-site Scripting (XSS) - Generic in GitHub repository
jgraph/drawi ...)
NOT-FOR-US: jgraph/drawio
CVE-2022-3137 (The Taskbuilder WordPress plugin before 1.0.8 does not validate
and sa ...)
@@ -8411,7 +8411,7 @@ CVE-2022-3133 (OS Command Injection in GitHub repository
jgraph/drawio prior to
CVE-2022-3132 (The Goolytics WordPress plugin before 1.1.2 does not sanitise
and esca ...)
NOT-FOR-US: WordPress plugin
CVE-2022-3131 (The Search Logger WordPress plugin through 0.9 does not
properly sanit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-3130 (A vulnerability classified as critical has been found in
codeprojects ...)
NOT-FOR-US: codeprojects Online Driving School
CVE-2022-3129 (A vulnerability was found in codeprojects Online Driving
School. It ha ...)
@@ -8421,7 +8421,7 @@ CVE-2022-3128 (The Donation Thermometer WordPress plugin
before 2.1.3 does not s
CVE-2022-3127 (Cross-site Scripting (XSS) - Stored in GitHub repository
jgraph/drawio ...)
NOT-FOR-US: jgraph/drawio
CVE-2022-3126 (The Frontend File Manager Plugin WordPress plugin before 21.4
does not ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-3125 (The Frontend File Manager Plugin WordPress plugin before 21.3
allows a ...)
NOT-FOR-US: WordPress plugin
CVE-2022-3124 (The Frontend File Manager Plugin WordPress plugin before 21.3
allows a ...)
@@ -10161,7 +10161,7 @@ CVE-2022-39081
CVE-2022-39080 (In messaging service, there is a missing permission check.
This could ...)
NOT-FOR-US: Unisoc
CVE-2022-3082 (The miniOrange Discord Integration WordPress plugin before
2.1.6 does ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-3081
RESERVED
CVE-2022-3080 (By sending specific queries to the resolver, an attacker can
cause nam ...)
@@ -12527,7 +12527,7 @@ CVE-2022-2835
RESERVED
- coredns <itp> (bug #880676)
CVE-2022-2834 (The Helpful WordPress plugin before 4.5.26 puts the exported
logs and ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-2833 (Endless Infinite loop in Blender-thumnailing due to logical
bugs. ...)
- blender 3.2.2+dfsg-1 (unimportant)
NOTE:
https://developer.blender.org/rB24a2b5cb1292f769dd86e314471443976d5e9512
@@ -16047,7 +16047,7 @@ CVE-2022-2576 (In Eclipse Californium version 2.0.0 to
2.7.2 and 3.0.0-3.5.0 a D
CVE-2022-2575 (The WBW Currency Switcher for WooCommerce WordPress plugin
before 1.6. ...)
NOT-FOR-US: WordPress plugin
CVE-2022-2574 (The Meks Easy Social Share WordPress plugin before 1.2.8 does
not sani ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-2573
RESERVED
CVE-2020-36562
@@ -16121,7 +16121,7 @@ CVE-2022-2565 (The Simple Payment Donations &
Subscriptions WordPress plugin
CVE-2022-2564 (Prototype Pollution in GitHub repository automattic/mongoose
prior to ...)
NOT-FOR-US: Mongoose
CVE-2022-2563 (The Tutor LMS WordPress plugin before 2.0.10 does not escape
some cour ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-37008 (The recovery module has a vulnerability of bypassing the
verification ...)
NOT-FOR-US: Huawei
CVE-2022-37007 (The chinadrm module has an out-of-bounds read vulnerability.
Successfu ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/99182332a0a88c05f01f6633af0fb8e16234bdd5
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/99182332a0a88c05f01f6633af0fb8e16234bdd5
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
