[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) Thu, 17 Nov 2022 07:21:05 -0800


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
6dd286d5 by Moritz Muehlenhoff at 2022-11-17T16:20:28+01:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -8908,7 +8908,7 @@ CVE-2022-43235 (Libde265 v1.0.8 was discovered to contain 
a heap-buffer-overflow
        - libde265 <unfixed>
        NOTE: https://github.com/strukturag/libde265/issues/337
 CVE-2022-43234 (An arbitrary file upload vulnerability in the /attachments 
component o ...)
-       TODO: check
+       NOT-FOR-US: Hoosk CMS
 CVE-2022-43233 (Canteen Management System v1.0 was discovered to contain a SQL 
injecti ...)
        NOT-FOR-US: Canteen Management System
 CVE-2022-43232 (Canteen Management System v1.0 was discovered to contain a SQL 
injecti ...)
@@ -9109,7 +9109,7 @@ CVE-2022-43137
 CVE-2022-43136
        RESERVED
 CVE-2022-43135 (Online Diagnostic Lab Management System v1.0 was discovered to 
contain ...)
-       TODO: check
+       NOT-FOR-US: Online Diagnostic Lab Management System
 CVE-2022-43134
        RESERVED
 CVE-2022-43133
@@ -9527,13 +9527,13 @@ CVE-2022-3536 (The Role Based Pricing for WooCommerce 
WordPress plugin before 1.
 CVE-2022-42986
        RESERVED
 CVE-2022-42985 (The ScratchLogin extension through 1.1 for MediaWiki does not 
escape v ...)
-       TODO: check
+       NOT-FOR-US: MediaWiki extension ScratchLogin
 CVE-2022-42984 (WoWonder Social Network Platform 4.1.4 was discovered to 
contain a SQL ...)
        NOT-FOR-US: WoWonder Social Network Platform
 CVE-2022-42983 (anji-plus AJ-Report 0.9.8.6 allows remote attackers to bypass 
login au ...)
        NOT-FOR-US: anji-plus AJ-Report
 CVE-2022-42982 (BKG Professional NtripCaster 2.0.39 allows querying 
information over t ...)
-       TODO: check
+       NOT-FOR-US: BKG Professional NtripCaster
 CVE-2022-42981
        RESERVED
 CVE-2022-42980 (go-admin (aka GO Admin) 2.0.12 uses the string go-admin as a 
productio ...)
@@ -9640,7 +9640,7 @@ CVE-2022-42961 (An issue was discovered in wolfSSL before 
5.5.0. A fault injecti
        - wolfssl 5.5.3-1 (bug #1023574)
        NOTE: https://github.com/wolfSSL/wolfssl/releases/tag/v5.5.0-stable
 CVE-2022-42960 (EqualWeb Accessibility Widget 2.0.0, 2.0.1, 2.0.2, 2.0.3, 
2.0.4, 2.1.1 ...)
-       TODO: check
+       NOT-FOR-US: EqualWeb Accessibility Widget
 CVE-2022-42959
        RESERVED
 CVE-2022-42958
@@ -9652,7 +9652,7 @@ CVE-2022-42956 (The PassWork extension 5.0.9 for Chrome 
and other browsers allow
 CVE-2022-42955 (The PassWork extension 5.0.9 for Chrome and other browsers 
allows an a ...)
        NOT-FOR-US: PassWork extension for Chrome
 CVE-2022-42954 (Keyfactor EJBCA before 7.10.0 allows XSS. ...)
-       TODO: check
+       NOT-FOR-US: Keyfactor EJBCA
 CVE-2022-42953
        RESERVED
 CVE-2022-42952
@@ -11573,9 +11573,9 @@ CVE-2022-42248
 CVE-2022-42247 (pfSense v2.5.2 was discovered to contain a cross-site 
scripting (XSS)  ...)
        NOT-FOR-US: pfSense
 CVE-2022-42246 (Doufox 0.0.4 contains a CSRF vulnerability that can add system 
adminis ...)
-       TODO: check
+       NOT-FOR-US: Doufox
 CVE-2022-42245 (Dreamer CMS 4.0.01 is vulnerable to SQL Injection. ...)
-       TODO: check
+       NOT-FOR-US: Dreamer CMS
 CVE-2022-42244
        RESERVED
 CVE-2022-42243 (Simple Cold Storage Management System v1.0 is vulnerable to 
SQL inject ...)
@@ -11691,7 +11691,7 @@ CVE-2022-42189 (Emlog Pro 1.6.0 plugins upload suffers 
from a remote code execut
 CVE-2022-42188 (In Lavalite 9.0.0, the XSRF-TOKEN cookie is vulnerable to path 
travers ...)
        NOT-FOR-US: Lavalite CMS
 CVE-2022-42187 (Hustoj 22.09.22 has a XSS Vulnerability in 
/admin/problem_judge.php. ...)
-       TODO: check
+       NOT-FOR-US: Hustoj
 CVE-2022-42186
        RESERVED
 CVE-2022-42185
@@ -12262,7 +12262,7 @@ CVE-2022-41916 (Heimdal is an implementation of 
ASN.1/DER, PKIX, and Kerberos. V
 CVE-2022-41915
        RESERVED
 CVE-2022-41914 (Zulip is an open-source team collaboration tool. For 
organizations wit ...)
-       TODO: check
+       NOT-FOR-US: Zulip
 CVE-2022-41913 (Discourse-calendar is a plugin for the Discourse messaging 
platform wh ...)
        NOT-FOR-US: Discourse plugin
 CVE-2022-41912
@@ -14900,7 +14900,7 @@ CVE-2022-40883
 CVE-2022-40882
        RESERVED
 CVE-2022-40881 (SolarView Compact 6.00 was discovered to contain a command 
injection v ...)
-       TODO: check
+       NOT-FOR-US: SolarView Compact
 CVE-2022-40880
        RESERVED
 CVE-2022-40879 (kkFileView v4.1.0 is vulnerable to Cross Site Scripting (XSS) 
via the  ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6dd286d5103bcf709d01a5268aaa8847848251ee

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6dd286d5103bcf709d01a5268aaa8847848251ee
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] NFUs

Reply via email to