[Git][security-tracker-team/security-tracker][master] Process several NFUs

Salvatore Bonaccorso (@carnil) Fri, 18 Nov 2022 00:19:04 -0800


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
d892b377 by Salvatore Bonaccorso at 2022-11-18T09:18:24+01:00
Process several NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -626,7 +626,7 @@ CVE-2022-45377
 CVE-2022-45376
        RESERVED
 CVE-2022-45375 (Auth. Stored Cross-Site Scripting (XSS) vulnerability in 
iFeature Slid ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-45374
        RESERVED
 CVE-2022-45373
@@ -1382,7 +1382,7 @@ CVE-2022-45079
 CVE-2022-45078
        RESERVED
 CVE-2022-45077 (Auth. (subscriber+) PHP Object Injection vulnerability in 
Betheme them ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-45076
        RESERVED
 CVE-2022-45075
@@ -1392,19 +1392,19 @@ CVE-2022-45074
 CVE-2022-45073
        RESERVED
 CVE-2022-45072 (Cross-Site Request Forgery (CSRF) vulnerability in WPML 
Multilingual C ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-45071 (Cross-Site Request Forgery (CSRF) vulnerability in WPML 
Multilingual C ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-45070
        RESERVED
 CVE-2022-45069 (Auth. (contributor+) Privilege Escalation vulnerability in 
Crowdsignal ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-45068
        RESERVED
 CVE-2022-45067
        RESERVED
 CVE-2022-45066 (Auth. (subscriber+) Broken Access Control vulnerability in 
WooSwipe Wo ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-45065
        RESERVED
 CVE-2022-45064
@@ -2233,7 +2233,7 @@ CVE-2022-44738
 CVE-2022-44737
        RESERVED
 CVE-2022-44736 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability 
in Cham ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-44735
        RESERVED
 CVE-2022-44734
@@ -2301,7 +2301,7 @@ CVE-2022-44727 (The EU Cookie Law GDPR (Banner + Blocker) 
module before 2.1.3 fo
 CVE-2022-44726
        RESERVED
 CVE-2022-44725 (OPC Foundation Local Discovery Server (LDS) through 
1.04.403.478 uses  ...)
-       TODO: check
+       NOT-FOR-US: OPC Foundation Local Discovery Server (LDS)
 CVE-2022-44724 (The Handy Tip macro in Stiltsoft Handy Macros for Confluence 
Server/Da ...)
        NOT-FOR-US: Stiltsoft
 CVE-2022-44723
@@ -3789,7 +3789,7 @@ CVE-2022-44593
 CVE-2022-44592
        RESERVED
 CVE-2022-44591 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability 
in Anth ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-44590 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) 
vulnerability i ...)
        NOT-FOR-US: WordPress plugin
 CVE-2022-44589
@@ -3817,7 +3817,7 @@ CVE-2022-44579
 CVE-2022-44578
        RESERVED
 CVE-2022-44577 (Auth. CSV Injection vulnerability in Export Users With Meta 
plugin &lt ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-44576 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability 
in Agen ...)
        NOT-FOR-US: WordPress plugin
 CVE-2022-44575
@@ -4131,21 +4131,21 @@ CVE-2022-44458
 CVE-2022-44457 (A vulnerability has been identified in Mendix SAML Module 
(Mendix 7 co ...)
        NOT-FOR-US: Siemens
 CVE-2022-43506 (SQL Injection in HandlerTag_KID.ashx in Delta Electronics 
DIAEnergie v ...)
-       TODO: check
+       NOT-FOR-US: Delta Electronics
 CVE-2022-43495 (OpenHarmony-v3.1.2 and prior versions had a DOS vulnerability 
in distr ...)
        NOT-FOR-US: OpenHarmony
 CVE-2022-43457 (SQL Injection in HandlerPage_KID.ashx in Delta Electronics 
DIAEnergie  ...)
-       TODO: check
+       NOT-FOR-US: Delta Electronics
 CVE-2022-43452 (SQL Injection in FtyInfoSetting.aspx in Delta Electronics 
DIAEnergie v ...)
-       TODO: check
+       NOT-FOR-US: Delta Electronics
 CVE-2022-43451 (OpenHarmony-v3.1.2 and prior versions had an Multiple path 
traversal v ...)
        NOT-FOR-US: OpenHarmony
 CVE-2022-43449 (OpenHarmony-v3.1.2 and prior versions had an Arbitrary file 
read vulne ...)
        NOT-FOR-US: OpenHarmony
 CVE-2022-43447 (SQL Injection in AM_EBillAnalysis.aspx in Delta Electronics 
DIAEnergie ...)
-       TODO: check
+       NOT-FOR-US: Delta Electronics
 CVE-2022-41775 (SQL Injection in Handler_CFG.ashx in Delta Electronics 
DIAEnergie vers ...)
-       TODO: check
+       NOT-FOR-US: Delta Electronics
 CVE-2022-3780 (Database connections on deleted users could stay active on 
MySQL data  ...)
        NOT-FOR-US: Devolutions Remote Desktop Manager
 CVE-2022-3779
@@ -5101,7 +5101,7 @@ CVE-2022-44003 (An issue was discovered in BACKCLICK 
Professional 5.9.63. Due to
 CVE-2022-44002 (An issue was discovered in BACKCLICK Professional 5.9.63. Due 
to insuf ...)
        NOT-FOR-US: BACKCLICK Professional
 CVE-2022-44001 (An issue was discovered in BACKCLICK Professional 5.9.63. User 
authent ...)
-       TODO: check
+       NOT-FOR-US: BACKCLICK Professional
 CVE-2022-44000 (An issue was discovered in BACKCLICK Professional 5.9.63. Due 
to an ex ...)
        NOT-FOR-US: BACKCLICK Professional
 CVE-2022-43999 (An issue was discovered in BACKCLICK Professional 5.9.63. Due 
to expos ...)
@@ -8227,7 +8227,7 @@ CVE-2022-41831
 CVE-2022-41805
        RESERVED
 CVE-2022-41791 (Auth. (subscriber+) CSV Injection vulnerability in ProfileGrid 
plugin  ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-41790
        RESERVED
 CVE-2022-41788
@@ -8740,7 +8740,7 @@ CVE-2022-43334
 CVE-2022-43333
        RESERVED
 CVE-2022-43332 (A cross-site scripting (XSS) vulnerability in Wondercms v3.3.4 
allows  ...)
-       TODO: check
+       NOT-FOR-US: Wondercms
 CVE-2022-43331 (Canteen Management System v1.0 was discovered to contain a SQL 
injecti ...)
        NOT-FOR-US: Canteen Management System
 CVE-2022-43330 (Canteen Management System v1.0 was discovered to contain a SQL 
injecti ...)
@@ -8788,7 +8788,7 @@ CVE-2022-43310 (An Uncontrolled Search Path Element in 
Foxit Software released F
 CVE-2022-43309
        RESERVED
 CVE-2022-43308 (INTELBRAS SG 2404 MR 20180928-rel64938 allows authenticated 
attackers  ...)
-       TODO: check
+       NOT-FOR-US: INTELBRAS
 CVE-2022-43307
        RESERVED
 CVE-2022-43306 (The d8s-timer for python, as distributed on PyPI, included a 
potential ...)
@@ -9050,7 +9050,7 @@ CVE-2022-43194
 CVE-2022-43193
        RESERVED
 CVE-2022-43192 (An arbitrary file upload vulnerability in the component 
/dede/file_man ...)
-       TODO: check
+       NOT-FOR-US: Dedecms
 CVE-2022-43191
        RESERVED
 CVE-2022-43190
@@ -9068,7 +9068,7 @@ CVE-2022-43185 (A stored cross-site scripting (XSS) 
vulnerability in the Configu
 CVE-2022-43184 (D-Link DIR878 1.30B08 Hotfix_04 was discovered to contain a 
command in ...)
        NOT-FOR-US: D-Link
 CVE-2022-43183 (XXL-Job before v2.3.1 contains a Server-Side Request Forgery 
(SSRF) vi ...)
-       TODO: check
+       NOT-FOR-US: XXL-Job
 CVE-2022-43182
        RESERVED
 CVE-2022-43181
@@ -9076,7 +9076,7 @@ CVE-2022-43181
 CVE-2022-43180
        RESERVED
 CVE-2022-43179 (Online Leave Management System v1.0 was discovered to contain 
a SQL in ...)
-       TODO: check
+       NOT-FOR-US: Online Leave Management System
 CVE-2022-43178
        RESERVED
 CVE-2022-43177
@@ -9092,7 +9092,7 @@ CVE-2022-43173
 CVE-2022-43172
        RESERVED
 CVE-2022-43171 (A heap buffer overflow in the 
LIEF::MachO::BinaryParser::parse_dyldinf ...)
-       TODO: check
+       NOT-FOR-US: LIEF
 CVE-2022-43170 (A stored cross-site scripting (XSS) vulnerability in the 
Dashboard Con ...)
        NOT-FOR-US: Rukovoditel
 CVE-2022-43169 (A stored cross-site scripting (XSS) vulnerability in the Users 
Access  ...)
@@ -9108,9 +9108,9 @@ CVE-2022-43165 (A stored cross-site scripting (XSS) 
vulnerability in the Global
 CVE-2022-43164 (A stored cross-site scripting (XSS) vulnerability in the 
Global Lists  ...)
        NOT-FOR-US: Rukovoditel
 CVE-2022-43163 (Online Diagnostic Lab Management System v1.0 was discovered to 
contain ...)
-       TODO: check
+       NOT-FOR-US: Online Diagnostic Lab Management System
 CVE-2022-43162 (Online Diagnostic Lab Management System v1.0 was discovered to 
contain ...)
-       TODO: check
+       NOT-FOR-US: Online Diagnostic Lab Management System
 CVE-2022-43161
        RESERVED
 CVE-2022-43160
@@ -9245,7 +9245,7 @@ CVE-2022-43098
 CVE-2022-43097
        RESERVED
 CVE-2022-43096 (Mediatrix 4102 before v48.5.2718 allows local attackers to 
gain root a ...)
-       TODO: check
+       NOT-FOR-US: Mediatrix
 CVE-2022-43095
        RESERVED
 CVE-2022-43094
@@ -9972,7 +9972,7 @@ CVE-2022-42905 (In wolfSSL before 5.5.2, if callback 
functions are enabled (via
 CVE-2022-42904
        RESERVED
 CVE-2022-42903 (Zoho ManageEngine SupportCenter Plus through 11024 allows 
low-privileg ...)
-       TODO: check
+       NOT-FOR-US: Zoho ManageEngine
 CVE-2022-42902 (In Linaro Automated Validation Architecture (LAVA) before 
2022.10, the ...)
        {DSA-5260-1 DLA-3192-1}
        - lava 2022.10-1 (bug #1021737)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d892b37779dddd24456f90e9acb34051f3c2b891

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d892b37779dddd24456f90e9acb34051f3c2b891
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process several NFUs

Reply via email to