Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
c14e2786 by Salvatore Bonaccorso at 2022-11-30T20:55:33+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -2969,19 +2969,19 @@ CVE-2022-45309
CVE-2022-45308
RESERVED
CVE-2022-45307 (Insecure permissions in Chocolatey PHP package v8.1.12 and
below grant ...)
- TODO: check
+ NOT-FOR-US: Chocolatey PHP package
CVE-2022-45306 (Insecure permissions in Chocolatey Azure-Pipelines-Agent
package v2.21 ...)
- TODO: check
+ NOT-FOR-US: Chocolatey Azure-Pipelines-Agent package
CVE-2022-45305 (Insecure permissions in Chocolatey Python3 package v3.11.0 and
below g ...)
- TODO: check
+ NOT-FOR-US: Chocolatey Python3 package
CVE-2022-45304 (Insecure permissions in Chocolatey Cmder package v1.3.20 and
below gra ...)
- TODO: check
+ NOT-FOR-US: Chocolatey Cmder package
CVE-2022-45303
RESERVED
CVE-2022-45302
RESERVED
CVE-2022-45301 (Insecure permissions in Chocolatey Ruby package v3.1.2.1 and
below gra ...)
- TODO: check
+ NOT-FOR-US: Chocolatey Ruby package
CVE-2022-45300
RESERVED
CVE-2022-45299
@@ -4027,7 +4027,7 @@ CVE-2022-44939
CVE-2022-44938
RESERVED
CVE-2022-44937 (Bosscms v2.0.0 was discovered to contain a Cross-Site Request
Forgery ...)
- TODO: check
+ NOT-FOR-US: BossCMS
CVE-2022-44936
RESERVED
CVE-2022-44935
@@ -6618,11 +6618,11 @@ CVE-2022-44358
CVE-2022-44357
RESERVED
CVE-2022-44356 (WAVLINK Quantum D4G (WL-WN531G3) running firmware versions
M31G3.V5030 ...)
- TODO: check
+ NOT-FOR-US: WAVLINK
CVE-2022-44355 (SolarView Compact 7.0 is vulnerable to Cross-site Scripting
(XSS) via ...)
- TODO: check
+ NOT-FOR-US: SolarView Compact
CVE-2022-44354 (SolarView Compact 4.0 and 5.0 is vulnerable to Unrestricted
File Uploa ...)
- TODO: check
+ NOT-FOR-US: SolarView Compact
CVE-2022-44353
RESERVED
CVE-2022-44352
@@ -6772,7 +6772,7 @@ CVE-2022-44281
CVE-2022-44280 (Automotive Shop Management System v1.0 is vulnerable to Delete
any fil ...)
NOT-FOR-US: Automotive Shop Management System
CVE-2022-44279 (Garage Management System v1.0 is vulnerable to Cross Site
Scripting (X ...)
- TODO: check
+ NOT-FOR-US: Garage Management System
CVE-2022-44278 (Sanitization Management System v1.0 is vulnerable to SQL
Injection via ...)
NOT-FOR-US: Sanitization Management System
CVE-2022-44277
@@ -7136,9 +7136,9 @@ CVE-2022-44099
CVE-2022-44098
RESERVED
CVE-2022-44097 (Book Store Management System v1.0 was discovered to contain
hardcoded ...)
- TODO: check
+ NOT-FOR-US: Book Store Management System
CVE-2022-44096 (Sanitization Management System v1.0 was discovered to contain
hardcode ...)
- TODO: check
+ NOT-FOR-US: Sanitization Management System
CVE-2022-44095
RESERVED
CVE-2022-44094
@@ -7254,7 +7254,7 @@ CVE-2022-44040
CVE-2022-44039
RESERVED
CVE-2022-44038 (Russound XSourcePlayer 777D v06.08.03 was discovered to
contain a remo ...)
- TODO: check
+ NOT-FOR-US: Russound XSourcePlayer 777D
CVE-2022-44037 (An access control issue in APsystems ENERGY COMMUNICATION UNIT
(ECU-C) ...)
TODO: check
CVE-2022-44036
@@ -14134,7 +14134,7 @@ CVE-2022-42111 (A Cross-site scripting (XSS)
vulnerability in the Sharing module
CVE-2022-42110 (A Cross-site scripting (XSS) vulnerability in the
Announcements module ...)
NOT-FOR-US: Liferay
CVE-2022-42109 (Online-shopping-system-advanced 1.0 was discovered to contain
a SQL in ...)
- TODO: check
+ NOT-FOR-US: Online-shopping-system-advanced
CVE-2022-42108
RESERVED
CVE-2022-42107
@@ -14152,9 +14152,9 @@ CVE-2022-42102
CVE-2022-42101
RESERVED
CVE-2022-42100 (KLiK SocialMediaWebsite Version 1.0.1 has XSS vulnerabilities
that all ...)
- TODO: check
+ NOT-FOR-US: KLiK SocialMediaWebsit
CVE-2022-42099 (KLiK SocialMediaWebsite Version 1.0.1 has XSS vulnerabilities
that all ...)
- TODO: check
+ NOT-FOR-US: KLiK SocialMediaWebsit
CVE-2022-42098 (KLiK SocialMediaWebsite version v1.0.1 is vulnerable to SQL
Injection ...)
NOT-FOR-US: KLiK SocialMediaWebsite
CVE-2022-42097 (Backdrop CMS version 1.23.0 was discovered to contain a stored
cross-s ...)
@@ -14447,7 +14447,7 @@ CVE-2022-41967
CVE-2022-41966
RESERVED
CVE-2022-41965 (Opencast is a free, open-source platform to support the
management of ...)
- TODO: check
+ NOT-FOR-US: Opencast
CVE-2022-41964
RESERVED
CVE-2022-41963
@@ -14463,7 +14463,7 @@ CVE-2022-41959
CVE-2022-41958 (super-xray is a web vulnerability scanning tool. Versions
prior to 0.7 ...)
NOT-FOR-US: super-xray
CVE-2022-41957 (Muhammara is a node module with c/cpp bindings to modify PDF
with Java ...)
- TODO: check
+ NOT-FOR-US: Muhammara Nodejs module
CVE-2022-41956
RESERVED
CVE-2022-41955
@@ -15464,7 +15464,7 @@ CVE-2021-46839 (The HW_KEYMASTER module has a
vulnerability of missing bounds ch
CVE-2020-36605 (Incorrect Default Permissions vulnerability in Hitachi
Infrastructure ...)
NOT-FOR-US: Hitachi
CVE-2022-41568 (LINE client for iOS before 12.17.0 might be crashed by sharing
an inva ...)
- TODO: check
+ NOT-FOR-US: LINE client for iOS
CVE-2022-41567
RESERVED
CVE-2022-41566
@@ -15897,9 +15897,9 @@ CVE-2022-41415 (Acer Altos W2000h-W570h F4 R01.03.0018
was discovered to contain
CVE-2022-41414 (An insecure default in the component auth.login.prompt.enabled
of Life ...)
NOT-FOR-US: Liferay
CVE-2022-41413 (perfSONAR v4.x <= v4.4.5 was discovered to contain a
Cross-Site Req ...)
- TODO: check
+ NOT-FOR-US: perfSONAR
CVE-2022-41412 (An issue in the graphData.cgi component of perfSONAR v4.4.5
and prior ...)
- TODO: check
+ NOT-FOR-US: perfSONAR
CVE-2022-41411
RESERVED
CVE-2022-41410
@@ -17368,7 +17368,7 @@ CVE-2022-40801
CVE-2022-40800
RESERVED
CVE-2022-40799 (Data Integrity Failure in 'Backup Config' in D-Link DNR-322L
<= 2.6 ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2022-40798 (OcoMon 4.0RC1 is vulnerable to Incorrect Access Control.
Through a req ...)
NOT-FOR-US: OcoMon
CVE-2022-40797 (Roxy Fileman 1.4.6 allows Remote Code Execution via a .phar
upload, be ...)
@@ -18696,7 +18696,7 @@ CVE-2022-40267
CVE-2022-40266 (Improper Input Validation vulnerability in Mitsubishi Electric
GOT2000 ...)
NOT-FOR-US: Mitsubishi
CVE-2022-40265 (Improper Input Validation vulnerability in Mitsubishi Electric
Corpora ...)
- TODO: check
+ NOT-FOR-US: Mitsubishi
CVE-2022-40264
RESERVED
CVE-2022-40263 (BD Totalys MultiProcessor, versions 1.70 and earlier, contain
hardcode ...)
@@ -18825,7 +18825,7 @@ CVE-2022-38460 (Authenticated (contributor+) Stored
Cross-Site Scripting (XSS) v
CVE-2022-38144 (Cross-Site Request Forgery (CSRF) vulnerability in gVectors
Team wpFor ...)
NOT-FOR-US: WordPress plugin
CVE-2022-38140 (Auth. (contributor+) Arbitrary File Upload in SEO Plugin by
Squirrly S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-38139 (Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in
RD Stati ...)
NOT-FOR-US: WordPress plugin
CVE-2022-38137 (Cross-Site Request Forgery (CSRF) vulnerability in Analytify
plugin &l ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c14e2786836afa003d82ec48278c635961f27c2e
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c14e2786836afa003d82ec48278c635961f27c2e
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
