[Git][security-tracker-team/security-tracker][master] Process NFUs

Sat, 19 Nov 2022 01:16:21 -0800 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
d8b761b9 by Salvatore Bonaccorso at 2022-11-19T10:15:50+01:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -683,7 +683,7 @@ CVE-2022-45371
 CVE-2022-45370
        RESERVED
 CVE-2022-45369 (Auth. (subscriber+) Broken Access Control vulnerability in 
Plugin for  ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-45368
        RESERVED
 CVE-2022-45367
@@ -1182,7 +1182,7 @@ CVE-2022-45165
 CVE-2022-45164
        RESERVED
 CVE-2022-45163 (An information-disclosure vulnerability exists on select NXP 
devices w ...)
-       TODO: check
+       NOT-FOR-US: NXP devices
 CVE-2022-45162
        RESERVED
 CVE-2022-45161
@@ -1417,7 +1417,7 @@ CVE-2022-45084
 CVE-2022-45083
        RESERVED
 CVE-2022-45082 (Multiple Auth. (admin+) Stored Cross-Site Scripting (XSS) 
vulnerabilit ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-45081
        RESERVED
 CVE-2022-45080
@@ -1435,7 +1435,7 @@ CVE-2022-45075
 CVE-2022-45074
        RESERVED
 CVE-2022-45073 (Cross-Site Request Forgery (CSRF) vulnerability in REST API 
Authentica ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-45072 (Cross-Site Request Forgery (CSRF) vulnerability in WPML 
Multilingual C ...)
        NOT-FOR-US: WordPress plugin
 CVE-2022-45071 (Cross-Site Request Forgery (CSRF) vulnerability in WPML 
Multilingual C ...)
@@ -2270,7 +2270,7 @@ CVE-2022-44742
 CVE-2022-44741 (Cross-Site Request Forgery (CSRF) vulnerability leading to 
Cross-Site  ...)
        NOT-FOR-US: WordPress plugin
 CVE-2022-44740 (Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in 
Creative ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-44739
        RESERVED
 CVE-2022-44738
@@ -3584,7 +3584,7 @@ CVE-2021-46853 (Alpine before 2.25 allows remote 
attackers to cause a denial of
 CVE-2022-44635
        RESERVED
 CVE-2022-44634 (Auth. (admin+) Arbitrary File Read vulnerability in S2W 
– Import ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-44633
        RESERVED
 CVE-2022-44632
@@ -3848,9 +3848,9 @@ CVE-2022-44586 (Auth. (admin+) Stored Cross-Site 
Scripting (XSS) in Ayoub Media
 CVE-2022-44585
        RESERVED
 CVE-2022-44584 (Unauth. Arbitrary File Deletion vulnerability in WatchTowerHQ 
plugin & ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-44583 (Unauth. Arbitrary File Download vulnerability in WatchTowerHQ 
plugin & ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-44582
        RESERVED
 CVE-2022-44581
@@ -7735,7 +7735,7 @@ CVE-2022-43675
 CVE-2022-43674
        RESERVED
 CVE-2022-43673 (Wire through 3.22.3993 on Windows advertises deletion of sent 
messages ...)
-       TODO: check
+       NOT-FOR-US: Wire
 CVE-2022-43672 (Zoho ManageEngine Password Manager Pro before 12122, PAM360 
before 571 ...)
        NOT-FOR-US: Zoho ManageEngine
 CVE-2022-43671 (Zoho ManageEngine Password Manager Pro before 12122, PAM360 
before 571 ...)
@@ -8171,7 +8171,7 @@ CVE-2022-43513
 CVE-2022-43499
        RESERVED
 CVE-2022-43492 (Auth. (subscriber+) Insecure Direct Object References (IDOR) 
vulnerabi ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-43491 (Cross-Site Request Forgery (CSRF) vulnerability in Advanced 
Dynamic Pr ...)
        NOT-FOR-US: WordPress plugin
 CVE-2022-43490
@@ -8225,7 +8225,7 @@ CVE-2022-42888
 CVE-2022-42884
        RESERVED
 CVE-2022-42883 (Sensitive Information Disclosure vulnerability discovered by 
Quiz And  ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-42882
        RESERVED
 CVE-2022-42880
@@ -8233,9 +8233,9 @@ CVE-2022-42880
 CVE-2022-42699
        RESERVED
 CVE-2022-42698 (Unauth. Arbitrary File Upload vulnerability in WordPress 
Api2Cart Brid ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-42497 (Arbitrary Code Execution vulnerability in Api2Cart Bridge 
Connector pl ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-42494 (Server Side Request Forgery (SSRF) vulnerability in All in One 
SEO Pro ...)
        NOT-FOR-US: WordPress plugin
 CVE-2022-42485
@@ -8249,7 +8249,7 @@ CVE-2022-42461 (Broken Access Control vulnerability in 
miniOrange's Google Authe
 CVE-2022-42460 (Broken Access Control vulnerability leading to Stored 
Cross-Site Scrip ...)
        NOT-FOR-US: WordPress plugin
 CVE-2022-42459 (Auth. WordPress Options Change vulnerability in Image Hover 
Effects Ul ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-41996 (Cross-Site Request Forgery (CSRF) vulnerability in ThemeFusion 
Avada p ...)
        NOT-FOR-US: WordPress theme
 CVE-2022-41995
@@ -8267,7 +8267,7 @@ CVE-2022-41978 (Auth. (subscriber+) Arbitrary Options 
Update vulnerability in Zo
 CVE-2022-41840 (Unauth. Directory Traversal vulnerability in Welcart eCommerce 
plugin  ...)
        NOT-FOR-US: WordPress plugin
 CVE-2022-41839 (Broken Access Control vulnerability in WordPress LoginPress 
plugin &lt ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-41831
        RESERVED
 CVE-2022-41805 (Cross-Site Request Forgery (CSRF) vulnerability in Booster for 
WooComm ...)
@@ -8277,7 +8277,7 @@ CVE-2022-41791 (Auth. (subscriber+) CSV Injection 
vulnerability in ProfileGrid p
 CVE-2022-41790
        RESERVED
 CVE-2022-41788 (Auth. (subscriber+) Cross-Site Scripting (XSS) vulnerability 
in Soleda ...)
-       TODO: check
+       NOT-FOR-US: WordPress theme
 CVE-2022-41786
        RESERVED
 CVE-2022-41785
@@ -8291,7 +8291,7 @@ CVE-2022-41695
 CVE-2022-41692 (Missing Authorization vulnerability in Appointment Hour 
Booking plugin ...)
        NOT-FOR-US: WordPress plugin
 CVE-2022-41685 (Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in 
Viszt P& ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-41652 (Bypass vulnerability in Quiz And Survey Master plugin <= 
7.3.10 on  ...)
        NOT-FOR-US: WordPress plugin
 CVE-2022-41619
@@ -8301,11 +8301,11 @@ CVE-2022-41554
 CVE-2022-40968
        RESERVED
 CVE-2022-40963 (Multiple Auth. (author+) Stored Cross-Site Scripting (XSS) 
vulnerabili ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-40698 (Auth. (subscriber+) Cross-Site Scripting (XSS) vulnerability 
in Quiz A ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-40695 (Multiple Cross-Site Scripting (CSRF) vulnerabilities in SEO 
Redirectio ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-40692
        RESERVED
 CVE-2022-40687 (Cross-Site Request Forgery (CSRF) vulnerability in Creative 
Mail plugi ...)
@@ -10015,7 +10015,7 @@ CVE-2022-42905 (In wolfSSL before 5.5.2, if callback 
functions are enabled (via
        - wolfssl 5.5.3-1
        NOTE: Fixed in 5.5.2 
(https://www.wolfssl.com/docs/security-vulnerabilities/)
 CVE-2022-42904 (Zoho ManageEngine ADManager Plus through 7151 allows 
authenticated adm ...)
-       TODO: check
+       NOT-FOR-US: Zoho ManageEngine
 CVE-2022-42903 (Zoho ManageEngine SupportCenter Plus through 11024 allows 
low-privileg ...)
        NOT-FOR-US: Zoho ManageEngine
 CVE-2022-42902 (In Linaro Automated Validation Architecture (LAVA) before 
2022.10, the ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d8b761b94122b93d232aa6824ff63e6ab55118e0

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d8b761b94122b93d232aa6824ff63e6ab55118e0
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to