[Git][security-tracker-team/security-tracker][master] Process several NFUs

Salvatore Bonaccorso (@carnil) Mon, 21 Nov 2022 12:15:19 -0800


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
6792b8e6 by Salvatore Bonaccorso at 2022-11-21T21:14:42+01:00
Process several NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -3065,7 +3065,7 @@ CVE-2022-44715
 CVE-2022-3862
        RESERVED
 CVE-2022-3861 (The Betheme theme for WordPress is vulnerable to PHP Object 
Injection  ...)
-       TODO: check
+       NOT-FOR-US: Betheme theme for WordPress
 CVE-2022-3860
        RESERVED
 CVE-2022-3859
@@ -4207,21 +4207,21 @@ CVE-2022-44656
 CVE-2022-44655
        RESERVED
 CVE-2022-44654 (Affected builds of Trend Micro Apex One and Apex One as a 
Service cont ...)
-       TODO: check
+       NOT-FOR-US: Trend Micro
 CVE-2022-44653 (A security agent directory traversal vulnerability in Trend 
Micro Apex ...)
-       TODO: check
+       NOT-FOR-US: Trend Micro
 CVE-2022-44652 (An improper handling of exceptional conditions vulnerability 
in Trend  ...)
-       TODO: check
+       NOT-FOR-US: Trend Micro
 CVE-2022-44651 (A Time-of-Check Time-Of-Use vulnerability in the Trend Micro 
Apex One  ...)
-       TODO: check
+       NOT-FOR-US: Trend Micro
 CVE-2022-44650 (A memory corruption vulnerability in the Unauthorized Change 
Preventio ...)
-       TODO: check
+       NOT-FOR-US: Trend Micro
 CVE-2022-44649 (An out-of-bounds access vulnerability in the Unauthorized 
Change Preve ...)
-       TODO: check
+       NOT-FOR-US: Trend Micro
 CVE-2022-44648 (An Out-of-bounds read vulnerability in Trend Micro Apex One 
and Apex O ...)
-       TODO: check
+       NOT-FOR-US: Trend Micro
 CVE-2022-44647 (An Out-of-bounds read vulnerability in Trend Micro Apex One 
and Apex O ...)
-       TODO: check
+       NOT-FOR-US: Trend Micro
 CVE-2022-44646 (In JetBrains TeamCity version before 2022.10, no audit items 
were adde ...)
        NOT-FOR-US: JetBrains TeamCity
 CVE-2022-44645
@@ -4928,9 +4928,9 @@ CVE-2022-3765 (Cross-site Scripting (XSS) - Stored in 
GitHub repository thorsten
 CVE-2022-3764
        RESERVED
 CVE-2022-3763 (The Booster for WooCommerce WordPress plugin before 5.6.7, 
Booster Plu ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-3762 (The Booster for WooCommerce WordPress plugin before 5.6.7, 
Booster Plu ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-3761
        RESERVED
 CVE-2023-20853
@@ -5474,39 +5474,39 @@ CVE-2022-44185
 CVE-2022-44184
        RESERVED
 CVE-2022-44183 (Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via 
function  ...)
-       TODO: check
+       NOT-FOR-US: Tenda
 CVE-2022-44182
        RESERVED
 CVE-2022-44181
        RESERVED
 CVE-2022-44180 (Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via 
function  ...)
-       TODO: check
+       NOT-FOR-US: Tenda
 CVE-2022-44179
        RESERVED
 CVE-2022-44178 (Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow. via 
function ...)
-       TODO: check
+       NOT-FOR-US: Tenda
 CVE-2022-44177 (Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via 
function  ...)
-       TODO: check
+       NOT-FOR-US: Tenda
 CVE-2022-44176 (Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via 
function  ...)
-       TODO: check
+       NOT-FOR-US: Tenda
 CVE-2022-44175 (Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via 
function  ...)
-       TODO: check
+       NOT-FOR-US: Tenda
 CVE-2022-44174 (Tenda AC18 V15.03.05.05 is vulnerable to Buffer Overflow via 
function  ...)
-       TODO: check
+       NOT-FOR-US: Tenda
 CVE-2022-44173
        RESERVED
 CVE-2022-44172 (Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via 
function  ...)
-       TODO: check
+       NOT-FOR-US: Tenda
 CVE-2022-44171 (Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via 
function  ...)
-       TODO: check
+       NOT-FOR-US: Tenda
 CVE-2022-44170
        RESERVED
 CVE-2022-44169 (Tenda AC15 V15.03.05.18 is vulnerable to Buffer Overflow via 
function  ...)
-       TODO: check
+       NOT-FOR-US: Tenda
 CVE-2022-44168 (Tenda AC15 V15.03.05.18 is vulnerable to Buffer Overflow via 
function  ...)
-       TODO: check
+       NOT-FOR-US: Tenda
 CVE-2022-44167 (Tenda AC15 V15.03.05.18 is avulnerable to Buffer Overflow via 
function ...)
-       TODO: check
+       NOT-FOR-US: Tenda
 CVE-2022-44166
        RESERVED
 CVE-2022-44165
@@ -5514,7 +5514,7 @@ CVE-2022-44165
 CVE-2022-44164
        RESERVED
 CVE-2022-44163 (Tenda AC21 V16.03.08.15 is vulnerable to Buffer Overflow via 
function  ...)
-       TODO: check
+       NOT-FOR-US: Tenda
 CVE-2022-44162
        RESERVED
 CVE-2022-44161
@@ -5524,11 +5524,11 @@ CVE-2022-44160
 CVE-2022-44159
        RESERVED
 CVE-2022-44158 (Tenda AC21 V16.03.08.15 is vulnerable to Buffer Overflow via 
function  ...)
-       TODO: check
+       NOT-FOR-US: Tenda
 CVE-2022-44157
        RESERVED
 CVE-2022-44156 (Tenda AC15 V15.03.05.19 is vulnerable to Buffer Overflow via 
function  ...)
-       TODO: check
+       NOT-FOR-US: Tenda
 CVE-2022-44155
        RESERVED
 CVE-2022-44154
@@ -5871,7 +5871,7 @@ CVE-2022-3755
 CVE-2022-3754 (Weak Password Requirements in GitHub repository 
thorsten/phpmyfaq prio ...)
        NOT-FOR-US: phpmyfaq
 CVE-2022-3753 (The Evaluate WordPress plugin through 1.0 does not sanitize and 
escape ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-43997
        RESERVED
 CVE-2022-43996
@@ -7771,7 +7771,7 @@ CVE-2022-3722
 CVE-2022-3721 (Code Injection in GitHub repository froxlor/froxlor prior to 
0.10.39. ...)
        - froxlor <itp> (bug #581792)
 CVE-2022-3720 (The Event Monster WordPress plugin before 1.2.0 does not 
validate and  ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-3719
        REJECTED
        - exiv2 <not-affected> (Vulnerable code not present)
@@ -8224,13 +8224,13 @@ CVE-2022-3693
 CVE-2022-3692
        RESERVED
 CVE-2022-3691 (The DeepL Pro API translation plugin WordPress plugin before 
1.7.5 dis ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-3690 (The Popup Maker WordPress plugin before 1.16.11 does not 
sanitise and  ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-3689
        RESERVED
 CVE-2022-3688 (The WPQA Builder WordPress plugin before 5.9 does not have CSRF 
check  ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-43760
        RESERVED
 CVE-2022-43759
@@ -9074,7 +9074,7 @@ CVE-2022-3635 (A vulnerability, which was classified as 
critical, has been found
        [buster] - linux 4.19.260-1
        NOTE: 
https://git.kernel.org/linus/3f4093e2bf4673f218c0bf17d8362337c400e77b (6.0-rc1)
 CVE-2022-3634 (The Contact Form 7 Database Addon WordPress plugin before 
1.2.6.5 does ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-3633 (A vulnerability classified as problematic has been found in 
Linux Kern ...)
        {DLA-3173-1}
        - linux 5.19.6-1
@@ -9140,7 +9140,7 @@ CVE-2022-3619 (A vulnerability has been found in Linux 
Kernel and classified as
        [buster] - linux <not-affected> (Vulnerable code not present)
        NOTE: 
https://git.kernel.org/linus/7c9524d929648935bac2bbb4c20437df8f9c3f42
 CVE-2022-3618 (The Spacer WordPress plugin before 3.0.7 does not sanitize and 
escapes ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-3617
        RESERVED
 CVE-2022-3616 (Attackers can create long chains of CAs that would lead to 
OctoRPKI ex ...)
@@ -9185,7 +9185,7 @@ CVE-2022-3602 (A buffer overrun can be triggered in X.509 
certificate verificati
 CVE-2022-3601
        RESERVED
 CVE-2022-3600 (The Easy Digital Downloads WordPress plugin before 3.1.0.2 does 
not va ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-3599 (LibTIFF 4.4.0 has an out-of-bounds read in writeSingleSection 
in tools ...)
        - tiff 4.4.0-5 (bug #1022555)
        NOTE: 
https://gitlab.com/libtiff/libtiff/-/commit/e813112545942107551433d61afd16ac094ff246
@@ -13957,7 +13957,7 @@ CVE-2022-3338 (An External XML entity (XXE) 
vulnerability in ePO prior to 5.10 U
 CVE-2022-3337 (It was possible for a user to delete a VPN profile from WARP 
mobile cl ...)
        NOT-FOR-US: Cloudflare
 CVE-2022-3336 (The Event Monster WordPress plugin before 1.2.0 does not have 
CSRF che ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-3335 (The Kadence WooCommerce Email Designer WordPress plugin before 
1.5.7 u ...)
        NOT-FOR-US: WordPress plugin
 CVE-2022-3334 (The Easy WP SMTP WordPress plugin before 1.5.0 unserialises the 
conten ...)
@@ -16006,7 +16006,7 @@ CVE-2022-40748 (IBM InfoSphere Information Server 11.7 
is vulnerable to cross-si
 CVE-2022-40747 ("IBM InfoSphere Information Server 11.7 is vulnerable to an 
XML Extern ...)
        NOT-FOR-US: IBM
 CVE-2022-40746 (IBM i Access Family 1.1.2 through 1.1.4 and 1.1.4.3 through 
1.1.9.0 co ...)
-       TODO: check
+       NOT-FOR-US: IBM
 CVE-2022-40745
        RESERVED
 CVE-2022-40744
@@ -21037,7 +21037,7 @@ CVE-2022-38757
 CVE-2022-38756
        RESERVED
 CVE-2022-38755 (A vulnerability has been identified in Micro Focus Filr in 
versions pr ...)
-       TODO: check
+       NOT-FOR-US: Micro Focus
 CVE-2022-38754
        RESERVED
 CVE-2022-38753
@@ -44796,13 +44796,13 @@ CVE-2022-1583 (The External Links in New Window / New 
Tab WordPress plugin befor
 CVE-2022-1582 (The External Links in New Window / New Tab WordPress plugin 
before 1.4 ...)
        NOT-FOR-US: WordPress plugin
 CVE-2022-1581 (The WP-Polls WordPress plugin before 2.76.0 prioritizes getting 
a visi ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-1580 (The Site Offline Or Coming Soon Or Maintenance Mode WordPress 
plugin b ...)
        NOT-FOR-US: WordPress plugin
 CVE-2022-1579 (The function check_is_login_page() uses headers for the IP 
check, whic ...)
        TODO: check
 CVE-2022-1578 (The My wpdb WordPress plugin before 2.5 is missing CSRF check 
when run ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-1577 (The Database Backup for WordPress plugin before 2.5.2 does not 
have CS ...)
        NOT-FOR-US: WordPress plugin
 CVE-2022-1576 (The WP Maintenance Mode &amp; Coming Soon WordPress plugin 
before 2.4. ...)
@@ -62577,7 +62577,7 @@ CVE-2022-0423 (The 3D FlipBook WordPress plugin before 
1.12.1 does not have auth
 CVE-2022-0422 (The White Label CMS WordPress plugin before 2.2.9 does not 
sanitise an ...)
        NOT-FOR-US: WordPress plugin
 CVE-2022-0421 (The Five Star Restaurant Reservations WordPress plugin before 
2.4.12 d ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-0420 (The RegistrationMagic WordPress plugin before 5.0.2.2 does not 
sanitis ...)
        NOT-FOR-US: WordPress plugin
 CVE-2022-24271
@@ -130251,7 +130251,7 @@ CVE-2021-24651 (The Poll Maker WordPress plugin 
before 3.4.2 allows unauthentica
 CVE-2021-24650
        RESERVED
 CVE-2021-24649 (The WP User Frontend WordPress plugin before 3.5.29 uses a 
user suppli ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2021-24648 (The RegistrationMagic WordPress plugin before 5.0.1.9 does not 
sanitis ...)
        NOT-FOR-US: WordPress plugin
 CVE-2021-24647 (The Registration Forms &#8211; User profile, Content 
Restriction, Spam ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6792b8e6db1f36a218068634a5acae97989353a2

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6792b8e6db1f36a218068634a5acae97989353a2
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process several NFUs

Reply via email to