Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
1604946b by Moritz Muehlenhoff at 2022-11-16T14:07:33+01:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -8682,7 +8682,7 @@ CVE-2022-43280 (wasm-interp v1.0.29 was discovered to
contain an out-of-bounds r
NOTE: https://github.com/WebAssembly/wabt/issues/1982
NOTE: Crash in CLI tool, no security impact
CVE-2022-43279 (LimeSurvey v5.4.4 was discovered to contain a SQL injection
vulnerabil ...)
- TODO: check
+ - limesurvey <itp> (bug #472802)
CVE-2022-43278 (Canteen Management System v1.0 was discovered to contain a SQL
injecti ...)
NOT-FOR-US: Canteen Management System
CVE-2022-43277 (Canteen Management System v1.0 was discovered to contain an
arbitrary ...)
@@ -9415,7 +9415,7 @@ CVE-2022-42986
CVE-2022-42985
RESERVED
CVE-2022-42984 (WoWonder Social Network Platform 4.1.4 was discovered to
contain a SQL ...)
- TODO: check
+ NOT-FOR-US: WoWonder Social Network Platform
CVE-2022-42983 (anji-plus AJ-Report 0.9.8.6 allows remote attackers to bypass
login au ...)
NOT-FOR-US: anji-plus AJ-Report
CVE-2022-42982
@@ -9427,9 +9427,9 @@ CVE-2022-42980 (go-admin (aka GO Admin) 2.0.12 uses the
string go-admin as a pro
CVE-2022-42979
RESERVED
CVE-2022-42978 (In the Netic User Export add-on before 1.3.5 for Atlassian
Confluence, ...)
- TODO: check
+ NOT-FOR-US: Atlassian Confluence addon
CVE-2022-42977 (The Netic User Export add-on before 1.3.5 for Atlassian
Confluence has ...)
- TODO: check
+ NOT-FOR-US: Atlassian Confluence addon
CVE-2022-42976
RESERVED
CVE-2022-42975 (socket/transport.ex in Phoenix before 1.6.14 mishandles
check_origin w ...)
@@ -9785,7 +9785,7 @@ CVE-2022-3482
CVE-2022-3481 (The WooCommerce Dropshipping WordPress plugin before 4.4 does
not prop ...)
NOT-FOR-US: WordPress plugin
CVE-2022-3480 (A remote, unauthenticated attacker could cause a
denial-of-service of ...)
- TODO: check
+ NOT-FOR-US: PHOENIX
CVE-2022-3479 (A vulnerability found in nss. By this security vulnerability,
nss clie ...)
- nss <unfixed> (bug #1021786)
[bullseye] - nss <no-dsa> (Minor issue)
@@ -9934,7 +9934,7 @@ CVE-2022-41687
CVE-2022-40221
RESERVED
CVE-2022-3461 (In PHOENIX CONTACT Automationworx Software Suite up to version
1.89 ma ...)
- TODO: check
+ NOT-FOR-US: PHOENIX
CVE-2022-3460
RESERVED
CVE-2022-3459
@@ -10115,7 +10115,7 @@ CVE-2022-42787 (Multiple W&T products of the
Comserver Series use a small nu
CVE-2022-42786 (Multiple W&T Products of the ComServer Series are prone to
an XSS ...)
NOT-FOR-US: Wiesemann & Theis GmbH products
CVE-2022-42785 (Multiple W&T products of the ComServer Series are prone to
an auth ...)
- TODO: check
+ NOT-FOR-US: Wiesemann & Theis GmbH products
CVE-2022-42784
RESERVED
CVE-2022-3457 (Origin Validation Error in GitHub repository ikus060/rdiffweb
prior to ...)
@@ -10905,19 +10905,19 @@ CVE-2022-42466 (Prior to 2.0.0-M9, it was possible
for an end-user to set the va
CVE-2022-42458
RESERVED
CVE-2022-42001 (Cross-site Scripting (XSS) vulnerability in BlueSpiceBookshelf
extensi ...)
- TODO: check
+ NOT-FOR-US: Bluespice extension
CVE-2022-42000 (Cross-site Scripting (XSS) vulnerability in
BlueSpiceSocialProfile ext ...)
- TODO: check
+ NOT-FOR-US: Bluespice extension
CVE-2022-41986 (Information disclosure vulnerability in Android App 'IIJ
SmartKey' ver ...)
NOT-FOR-US: Android App 'IIJ SmartKey'
CVE-2022-41814 (Cross-site Scripting (XSS) vulnerability in
BlueSpiceFoundation extens ...)
- TODO: check
+ NOT-FOR-US: Bluespice extension
CVE-2022-41796 (Untrusted search path vulnerability in the installer of
Content Transf ...)
NOT-FOR-US: installer of Content Transfer (for Windows)
CVE-2022-41789 (Cross-site Scripting (XSS) vulnerability in BlueSpiceDiscovery
skin of ...)
- TODO: check
+ NOT-FOR-US: Bluespice skin
CVE-2022-41611 (Cross-site Scripting (XSS) vulnerability in BlueSpiceDiscovery
skin of ...)
- TODO: check
+ NOT-FOR-US: Bluespice skin
CVE-2022-3418 (The Import any XML or CSV File to WordPress plugin before 3.6.9
is not ...)
NOT-FOR-US: WordPress plugin
CVE-2022-3417
@@ -11686,35 +11686,35 @@ CVE-2022-42134
CVE-2022-42133
RESERVED
CVE-2022-42132 (The Test LDAP Users functionality in Liferay Portal 7.0.0
through 7.4. ...)
- TODO: check
+ NOT-FOR-US: Liferay
CVE-2022-42131 (Certain Liferay products are affected by: Missing SSL
Certificate Vali ...)
- TODO: check
+ NOT-FOR-US: Liferay
CVE-2022-42130 (The Dynamic Data Mapping module in Liferay Portal 7.1.0
through 7.4.3. ...)
- TODO: check
+ NOT-FOR-US: Liferay
CVE-2022-42129 (An Insecure direct object reference (IDOR) vulnerability in
the Dynami ...)
- TODO: check
+ NOT-FOR-US: Liferay
CVE-2022-42128 (The Hypermedia REST APIs module in Liferay Portal 7.4.1
through 7.4.3. ...)
- TODO: check
+ NOT-FOR-US: Liferay
CVE-2022-42127 (The Friendly Url module in Liferay Portal 7.4.3.5 through
7.4.3.36, an ...)
- TODO: check
+ NOT-FOR-US: Liferay
CVE-2022-42126 (The Asset Libraries module in Liferay Portal 7.3.5 through
7.4.3.28, a ...)
- TODO: check
+ NOT-FOR-US: Liferay
CVE-2022-42125 (Zip slip vulnerability in FileUtil.unzip in Liferay Portal
7.4.3.5 thr ...)
- TODO: check
+ NOT-FOR-US: Liferay
CVE-2022-42124 (ReDoS vulnerability in LayoutPageTemplateEntryUpgradeProcess
in Lifera ...)
- TODO: check
+ NOT-FOR-US: Liferay
CVE-2022-42123 (A Zip slip vulnerability in the Elasticsearch Connector in
Liferay Por ...)
- TODO: check
+ NOT-FOR-US: Liferay
CVE-2022-42122 (A SQL injection vulnerability in the Friendly Url module in
Liferay Po ...)
- TODO: check
+ NOT-FOR-US: Liferay
CVE-2022-42121 (A SQL injection vulnerability in the Layout module in Liferay
Portal 7 ...)
- TODO: check
+ NOT-FOR-US: Liferay
CVE-2022-42120 (A SQL injection vulnerability in the Fragment module in
Liferay Portal ...)
- TODO: check
+ NOT-FOR-US: Liferay
CVE-2022-42119 (Certain Liferay products are vulnerable to Cross Site
Scripting (XSS) ...)
- TODO: check
+ NOT-FOR-US: Liferay
CVE-2022-42118 (A Cross-site scripting (XSS) vulnerability in the Portal
Search module ...)
- TODO: check
+ NOT-FOR-US: Liferay
CVE-2022-42117 (A Cross-site scripting (XSS) vulnerability in the Frontend
Taglib modu ...)
NOT-FOR-US: Frontend Taglib module in Liferay
CVE-2022-42116 (A Cross-site scripting (XSS) vulnerability in the Frontend
Editor modu ...)
@@ -11728,9 +11728,9 @@ CVE-2022-42113 (A Cross-site scripting (XSS)
vulnerability in Document Library m
CVE-2022-42112 (A Cross-site scripting (XSS) vulnerability in the Portal
Search module ...)
NOT-FOR-US: module in Liferay
CVE-2022-42111 (A Cross-site scripting (XSS) vulnerability in the Sharing
module's use ...)
- TODO: check
+ NOT-FOR-US: Liferay
CVE-2022-42110 (A Cross-site scripting (XSS) vulnerability in the
Announcements module ...)
- TODO: check
+ NOT-FOR-US: Liferay
CVE-2022-42109
RESERVED
CVE-2022-42108
@@ -12149,7 +12149,7 @@ CVE-2022-41915
CVE-2022-41914
RESERVED
CVE-2022-41913 (Discourse-calendar is a plugin for the Discourse messaging
platform wh ...)
- TODO: check
+ NOT-FOR-US: Discourse plugin
CVE-2022-41912
RESERVED
CVE-2022-41911
@@ -12326,7 +12326,7 @@ CVE-2022-3379 (Horner Automation's Cscape version 9.90
SP7 and prior does not pr
CVE-2022-3378 (Horner Automation's Cscape version 9.90 SP 7 and prior does not
proper ...)
NOT-FOR-US: Horner Automation's Cscape
CVE-2022-3377 (Horner Automation's Cscape version 9.90 SP 6 and prior does not
proper ...)
- TODO: check
+ NOT-FOR-US: Horner Automation's Cscape
CVE-2022-3376 (Weak Password Requirements in GitHub repository
ikus060/rdiffweb prior ...)
- rdiffweb <itp> (bug #969974)
CVE-2022-3375
@@ -12432,7 +12432,7 @@ CVE-2022-3364 (Allocation of Resources Without Limits
or Throttling in GitHub re
CVE-2022-3363 (Business Logic Errors in GitHub repository ikus060/rdiffweb
prior to 2 ...)
- rdiffweb <itp> (bug #969974)
CVE-2022-3362 (Insufficient Session Expiration in GitHub repository
ikus060/rdiffweb ...)
- TODO: check
+ - rdiffweb <itp> (bug #969974)
CVE-2022-41850 (roccat_report_event in drivers/hid/hid-roccat.c in the Linux
kernel th ...)
- linux 6.0.3-1
NOTE: https://lore.kernel.org/all/20220904193115.GA28134@ubuntu/t/#u
@@ -13063,7 +13063,7 @@ CVE-2022-41560
CVE-2022-41559
RESERVED
CVE-2022-41558 (The Visualizations component of TIBCO Software Inc.'s TIBCO
Spotfire A ...)
- TODO: check
+ NOT-FOR-US: TIBCO
CVE-2022-41342
RESERVED
CVE-2022-41314
@@ -14735,7 +14735,7 @@ CVE-2022-40905
CVE-2022-40904
RESERVED
CVE-2022-40903 (Aiphone GT-DMB-N 3-in-1 Video Entrance Station with NFC Reader
1.0.3 d ...)
- TODO: check
+ NOT-FOR-US: Aiphone
CVE-2022-40902
RESERVED
CVE-2022-40901
@@ -15952,7 +15952,7 @@ CVE-2022-40407 (A zip slip vulnerability in the file
upload function of Chamilo
CVE-2022-40406
RESERVED
CVE-2022-40405 (WoWonder Social Network Platform v4.1.2 was discovered to
contain a SQ ...)
- TODO: check
+ NOT-FOR-US: WoWonder Social Network Platform
CVE-2022-40404 (Wedding Planner v1.0 was discovered to contain a SQL injection
vulnera ...)
NOT-FOR-US: Wedding Planner
CVE-2022-40403 (Wedding Planner v1.0 was discovered to contain a SQL injection
vulnera ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1604946b8d56795fda2205a1eb8d90aa6a87b7fb
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1604946b8d56795fda2205a1eb8d90aa6a87b7fb
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
