Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
f6440abe by Salvatore Bonaccorso at 2022-11-20T12:17:29+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,11 +1,11 @@
CVE-2022-4070 (Insufficient Session Expiration in GitHub repository
librenms/librenms ...)
- TODO: check
+ NOT-FOR-US: LibreNMS
CVE-2022-4069 (Cross-site Scripting (XSS) - Generic in GitHub repository
librenms/lib ...)
- TODO: check
+ NOT-FOR-US: LibreNMS
CVE-2022-4068 (A user is able to enable their own account if it was disabled
by an ad ...)
- TODO: check
+ NOT-FOR-US: LibreNMS
CVE-2022-4067 (Cross-site Scripting (XSS) - Stored in GitHub repository
librenms/libr ...)
- TODO: check
+ NOT-FOR-US: LibreNMS
CVE-2022-4066 (A vulnerability was found in davidmoreno onion. It has been
rated as p ...)
TODO: check
CVE-2022-4065 (A vulnerability was found in cbeust testng. It has been
declared as cr ...)
@@ -9577,9 +9577,9 @@ CVE-2022-3563 (A vulnerability classified as problematic
has been found in Linux
NOTE: Fixed by:
https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=e3c92f1f786f0b55440bd908b55894d0c792cf0e
(5.65)
NOTE: Introduced by:
https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=bc3a76f01f461db19381f1922cdaeac222dfd374
(5.56)
CVE-2022-3562 (Cross-site Scripting (XSS) - Stored in GitHub repository
librenms/libr ...)
- TODO: check
+ NOT-FOR-US: LibreNMS
CVE-2022-3561 (Cross-site Scripting (XSS) - Generic in GitHub repository
librenms/lib ...)
- TODO: check
+ NOT-FOR-US: LibreNMS
CVE-2022-3560
RESERVED
CVE-2022-3559 (A vulnerability was found in Exim and classified as
problematic. This ...)
@@ -9720,7 +9720,7 @@ CVE-2022-3526 (A vulnerability classified as problematic
was found in Linux Kern
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/e16b859872b87650bb55b12cca5a5fcdc49c1442
CVE-2022-3525 (Deserialization of Untrusted Data in GitHub repository
librenms/libren ...)
- TODO: check
+ NOT-FOR-US: LibreNMS
CVE-2022-3524 (A vulnerability was found in Linux Kernel. It has been declared
as pro ...)
- linux 6.0.7-1
NOTE:
https://git.kernel.org/linus/3c52c6bb831f6335c176a0fc7214e26f43adbd11
@@ -9899,7 +9899,7 @@ CVE-2022-3517 (A vulnerability was found in the minimatch
package. This flaw all
NOTE: https://github.com/grafana/grafana-image-renderer/issues/329
NOTE:
https://github.com/isaacs/minimatch/commit/a8763f4388e51956be62dc6025cec1126beeb5e6
(v3.0.5)
CVE-2022-3516 (Cross-site Scripting (XSS) - Stored in GitHub repository
librenms/libr ...)
- TODO: check
+ NOT-FOR-US: LibreNMS
CVE-2022-3515
RESERVED
{DSA-5255-1 DLA-3153-1}
@@ -13084,7 +13084,7 @@ CVE-2022-41638 (Auth. Stored Cross-Site Scripting (XSS)
in Pop-Up Chop Chop plug
CVE-2022-41635
RESERVED
CVE-2022-41634 (Cross-Site Request Forgery (CSRF) vulnerability in Media
Library Folde ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-41633
RESERVED
CVE-2022-41623 (Sensitive Data Exposure in Villatheme ALD - AliExpress
Dropshipping an ...)
@@ -13092,15 +13092,15 @@ CVE-2022-41623 (Sensitive Data Exposure in Villatheme
ALD - AliExpress Dropshipp
CVE-2022-41620
RESERVED
CVE-2022-41618 (Unauthenticated Error Log Disclosure vulnerability in Media
Library As ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-41616
RESERVED
CVE-2022-41615 (Cross-Site Scripting (XSS) via Cross-Site Request Forgery
(CSRF) vulne ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-41612
RESERVED
CVE-2022-41609 (Auth. (subscriber+) Server-Side Request Forgery (SSRF)
vulnerability i ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-41608
RESERVED
CVE-2022-41606 (HashiCorp Nomad and Nomad Enterprise 1.0.2 up to 1.2.12, and
1.3.5 job ...)
@@ -13183,11 +13183,11 @@ CVE-2022-41569
CVE-2022-41315 (Auth. Stored Cross-Site Scripting (XSS) vulnerability in Ezoic
plugin ...)
NOT-FOR-US: WordPress plugin
CVE-2022-41155 (Block BYPASS vulnerability in iQ Block Country plugin <=
1.2.18 on ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-41136 (Cross-Site Request Forgery (CSRF) vulnerability leading to
Stored Cros ...)
NOT-FOR-US: WordPress plugin
CVE-2022-41135 (Unauth. Plugin Settings Change vulnerability in Modula plugin
<= 2. ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-41134
RESERVED
CVE-2022-41132 (Unauthenticated Plugin Settings Change Leading To Stored XSS
Vulnerabi ...)
@@ -13211,7 +13211,7 @@ CVE-2022-40311 (Auth. (admin+) Stored Cross-Site
Scripting (XSS) in Fatcat Apps
CVE-2022-40218
RESERVED
CVE-2022-40216 (Auth. (subscriber+) Messaging Block Bypass vulnerability in
Better Mes ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-40209
RESERVED
CVE-2022-40203
@@ -13219,7 +13219,7 @@ CVE-2022-40203
CVE-2022-40192 (Cross-Site Request Forgery (CSRF) vulnerability in wpForo
Forum plugin ...)
NOT-FOR-US: WordPress plugin
CVE-2022-40130 (Auth. (subscriber+) Race Condition vulnerability in WP-Polls
plugin &l ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-40128 (Cross-Site Request Forgery (CSRF) vulnerability in Advanced
Order Expo ...)
NOT-FOR-US: WordPress plugin
CVE-2022-39044
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f6440abecd4113b0ba2928d63f37d9a2e3c02992
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f6440abecd4113b0ba2928d63f37d9a2e3c02992
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
