Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
64769f56 by Salvatore Bonaccorso at 2022-11-14T21:35:43+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -7973,9 +7973,9 @@ CVE-2022-3633 (A vulnerability classified as problematic
has been found in Linux
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/8c21c54a53ab21842f5050fa090f26b03c0313d6 (6.0-rc1)
CVE-2022-3632 (The OAuth Client by DigitialPixies WordPress plugin through
1.1.0 does ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-3631 (The OAuth Client by DigitialPixies WordPress plugin through
1.1.0 does ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-3630 (A vulnerability was found in Linux Kernel. It has been rated as
proble ...)
- linux 5.19.6-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
@@ -8223,7 +8223,7 @@ CVE-2022-3580 (A vulnerability, which was classified as
problematic, has been fo
CVE-2022-3579 (A vulnerability classified as critical was found in
SourceCodester Cas ...)
NOT-FOR-US: SourceCodester Cashier Queuing System
CVE-2022-3578 (The ProfileGrid WordPress plugin before 5.1.1 does not sanitise
and es ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-3577 (An out-of-bounds memory write flaw was found in the Linux
kernel’ ...)
- linux 5.18.5-1
[bullseye] - linux 5.10.127-1
@@ -8274,7 +8274,7 @@ CVE-2022-41642
CVE-2022-3575 (Frauscher Sensortechnik GmbH FDS102 for FAdC R2 and FAdCi R2
v2.8.0 to ...)
NOT-FOR-US: Frauscher Sensortechnik
CVE-2022-3574 (The WPForms Pro WordPress plugin before 1.7.7 does not validate
its fo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-3573
RESERVED
CVE-2022-3572
@@ -9218,9 +9218,9 @@ CVE-2022-3541 (A vulnerability classified as critical has
been found in Linux Ke
CVE-2022-3540 (An issue has been discovered in hunter2 affecting all versions
before ...)
NOT-FOR-US: hunter2
CVE-2022-3539 (The Testimonials WordPress plugin before 2.7,
super-testimonial-pro Wo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-3538 (The Webmaster Tools Verification WordPress plugin through 1.2
does not ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-3537 (The Role Based Pricing for WooCommerce WordPress plugin before
1.6.2 d ...)
NOT-FOR-US: WordPress plugin
CVE-2022-3536 (The Role Based Pricing for WooCommerce WordPress plugin before
1.6.3 d ...)
@@ -9592,7 +9592,7 @@ CVE-2022-3486 (An open redirect vulnerability in GitLab
EE/CE affecting all vers
CVE-2022-3485
RESERVED
CVE-2022-3484 (The WPB Show Core WordPress plugin through TODO does not
sanitise and ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-3483 (An issue has been discovered in GitLab CE/EE affecting all
versions st ...)
- gitlab <unfixed>
CVE-2022-3482
@@ -9661,7 +9661,7 @@ CVE-2022-42890 (A vulnerability in Batik of Apache XML
Graphics allows an attack
NOTE: https://issues.apache.org/jira/browse/BATIK-1345
NOTE: http://svn.apache.org/viewvc?view=revision&revision=1904549
CVE-2022-3477 (The tagDiv Composer WordPress plugin before 3.5, required by
the Newsp ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-3476
RESERVED
CVE-2022-3475
@@ -9677,7 +9677,7 @@ CVE-2022-3471 (A vulnerability was found in
SourceCodester Human Resource Manage
CVE-2022-3470 (A vulnerability was found in SourceCodester Human Resource
Management ...)
NOT-FOR-US: SourceCodester
CVE-2022-3469 (The WP Attachments WordPress plugin before 5.0.5 does not
sanitize and ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-3468
RESERVED
CVE-2022-3467 (A vulnerability classified as critical was found in Jiusi OA.
Affected ...)
@@ -10720,7 +10720,7 @@ CVE-2022-3417
CVE-2022-3416
RESERVED
CVE-2022-3415 (The Chat Bubble WordPress plugin before 2.3 does not sanitise
and esca ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-3414 (A vulnerability was found in SourceCodester Web-Based Student
Clearanc ...)
NOT-FOR-US: SourceCodester Web-Based Student Clearance System
CVE-2022-3413 (Incorrect authorization during display of Audit Events in
GitLab EE af ...)
@@ -20062,7 +20062,7 @@ CVE-2022-38707
CVE-2022-38706
RESERVED
CVE-2022-38705 (IBM CICS TX 11.1 Standard and Advanced could allow a remote
attacker t ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2022-38458
RESERVED
CVE-2022-38394 (Use of hard-coded credentials for the telnet server of
CentreCOM AR260 ...)
@@ -27116,9 +27116,9 @@ CVE-2022-2451
CVE-2022-36126 (An issue was discovered in Inductive Automation Ignition
before 7.9.20 ...)
NOT-FOR-US: Inductive Automation Ignition
CVE-2022-2450 (The reSmush.it : the only free Image Optimizer & compress
plugin W ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-2449 (The reSmush.it : the only free Image Optimizer & compress
plugin W ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-2448 (The reSmush.it WordPress plugin before 0.4.6 does not sanitise
and esc ...)
NOT-FOR-US: WordPress plugin
CVE-2022-2447 (A flaw was found in Keystone. There is a time lag (up to one
hour in a ...)
@@ -28109,7 +28109,7 @@ CVE-2022-35721 (IBM Jazz for Service Management 1.1.3
is vulnerable to stored cr
CVE-2022-35720
RESERVED
CVE-2022-35719 (IBM MQ Internet Pass-Thru 2.1, 9.2 LTS and 9.2 CD stores
potentially s ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2022-35718
RESERVED
CVE-2022-35717 ("IBM InfoSphere Information Server 11.7 could allow a locally
authenti ...)
@@ -32076,7 +32076,7 @@ CVE-2022-34331 (After performing a sequence of Power
FW950, FW1010 maintenance o
CVE-2022-34330
RESERVED
CVE-2022-34329 (IBM CICS TX 11.7 could allow an attacker to obtain sensitive
informati ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2022-34328 (PMB 7.3.10 allows reflected XSS via the id parameter in an
lvl=author_ ...)
NOT-FOR-US: PMB
CVE-2022-32284 (Use of insufficiently random values vulnerability exists in
Vnet/IP co ...)
@@ -32116,21 +32116,21 @@ CVE-2022-34321
CVE-2022-34320
RESERVED
CVE-2022-34319 (IBM CICS TX 11.7 uses weaker than expected cryptographic
algorithms th ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2022-34318 (IBM CICS TX 11.1 could allow a remote attacker to hijack the
clicking ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2022-34317
RESERVED
CVE-2022-34316 (IBM CICS TX 11.1 does not neutralize or incorrectly
neutralizes web sc ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2022-34315 (IBM CICS TX 11.1 is vulnerable to cross-site scripting. This
vulnerabi ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2022-34314 (IBM CICS TX 11.1 could disclose sensitive information to a
local user ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2022-34313 (IBM CICS TX 11.1 does not set the secure attribute on
authorization to ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2022-34312 (IBM CICS TX 11.1 allows web pages to be stored locally which
can be re ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2022-34311
RESERVED
CVE-2022-34310
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/64769f56c3021d9c9a189f45a75a5732967734b9
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/64769f56c3021d9c9a189f45a75a5732967734b9
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
