Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
3e66c2bf by Salvatore Bonaccorso at 2022-12-08T21:28:21+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,9 +1,9 @@
CVE-2022-46831 (In JetBrains TeamCity between 2022.10 and 2022.10.1 connecting
to AWS ...)
- TODO: check
+ NOT-FOR-US: JetBrains TeamCity
CVE-2022-46830 (In JetBrains TeamCity between 2022.10 and 2022.10.1 a custom
STS endpo ...)
- TODO: check
+ NOT-FOR-US: JetBrains TeamCity
CVE-2022-46829 (In JetBrains JetBrains Gateway before 2022.3 a client could
connect wi ...)
- TODO: check
+ NOT-FOR-US: JetBrains JetBrains Gateway
CVE-2022-46828 (In JetBrains IntelliJ IDEA before 2022.3 a DYLIB injection on
macOS wa ...)
TODO: check
CVE-2022-46827 (In JetBrains IntelliJ IDEA before 2022.3 an XXE attack leading
to SSRF ...)
@@ -101,15 +101,15 @@ CVE-2022-4356
CVE-2022-4355
RESERVED
CVE-2022-4354 (A vulnerability was found in LinZhaoguan pb-cms 2.0 and
classified as ...)
- TODO: check
+ NOT-FOR-US: LinZhaoguan pb-cms
CVE-2022-4353 (A vulnerability has been found in LinZhaoguan pb-cms 2.0 and
classifie ...)
- TODO: check
+ NOT-FOR-US: LinZhaoguan pb-cms
CVE-2022-4352
RESERVED
CVE-2022-4351
RESERVED
CVE-2022-4350 (A vulnerability, which was classified as problematic, was found
in Min ...)
- TODO: check
+ NOT-FOR-US: Mingsoft MCMS
CVE-2022-4349 (A vulnerability classified as problematic has been found in
CTF-hacker ...)
TODO: check
CVE-2022-4348 (A vulnerability was found in y_project RuoYi-Cloud. It has been
rated ...)
@@ -117,9 +117,9 @@ CVE-2022-4348 (A vulnerability was found in y_project
RuoYi-Cloud. It has been r
CVE-2022-4347 (A vulnerability was found in xiandafu beetl-bbs. It has been
declared ...)
TODO: check
CVE-2020-36610 (A vulnerability was found in annyshow DuxCMS 2.1. It has been
declared ...)
- TODO: check
+ NOT-FOR-US: DuxCMS
CVE-2020-36609 (A vulnerability was found in annyshow DuxCMS 2.1. It has been
classifi ...)
- TODO: check
+ NOT-FOR-US: DuxCMS
CVE-2022-46792 (Hasura GraphQL Engine before 2.15.2 mishandles row-level
authorization ...)
TODO: check
CVE-2022-46791
@@ -2682,13 +2682,13 @@ CVE-2022-45919 (An issue was discovered in the Linux
kernel through 6.0.10. In d
- linux <unfixed>
NOTE:
https://lore.kernel.org/linux-media/20221121063308.GA33821%40ubuntu/T/#u
CVE-2022-45918 (ILIAS before 7.16 allows External Control of File Name or
Path. ...)
- TODO: check
+ NOT-FOR-US: ILIAS
CVE-2022-45917 (ILIAS before 7.16 has an Open Redirect. ...)
- TODO: check
+ NOT-FOR-US: ILIAS
CVE-2022-45916 (ILIAS before 7.16 allows XSS. ...)
- TODO: check
+ NOT-FOR-US: ILIAS
CVE-2022-45915 (ILIAS before 7.16 allows OS Command Injection. ...)
- TODO: check
+ NOT-FOR-US: ILIAS
CVE-2022-45914 (The ESL (Electronic Shelf Label) protocol, as implemented by
(for exam ...)
NOT-FOR-US: ESL (Electronic Shelf Label) protocol
CVE-2022-45913
@@ -2890,7 +2890,7 @@ CVE-2022-45850
CVE-2022-45849
RESERVED
CVE-2022-45848 (Unauth. Stored Cross-Site Scripting (XSS) vulnerability in
Contest Gal ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-45847
RESERVED
CVE-2022-45846
@@ -2920,7 +2920,7 @@ CVE-2022-45835
CVE-2022-45834
RESERVED
CVE-2022-45833 (Auth. Path Traversal vulnerability in Easy WP SMTP plugin
<= 1.5.1 ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-45832
RESERVED
CVE-2022-45831
@@ -2928,7 +2928,7 @@ CVE-2022-45831
CVE-2022-45830
RESERVED
CVE-2022-45829 (Auth. Path Traversal vulnerability in Easy WP SMTP plugin
<= 1.5.1 ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-45828
RESERVED
CVE-2022-45827
@@ -2954,7 +2954,7 @@ CVE-2022-45818
CVE-2022-45817
RESERVED
CVE-2022-45816 (Auth. Stored Cross-Site Scripting (XSS) vulnerability in GD
bbPress At ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-45815
RESERVED
CVE-2022-45814
@@ -3561,7 +3561,7 @@ CVE-2022-45552
CVE-2022-45551
RESERVED
CVE-2022-45550 (AyaCMS 3.1.2 is vulnerable to Remote Code Execution (RCE). ...)
- TODO: check
+ NOT-FOR-US: AyaCMS
CVE-2022-45549
RESERVED
CVE-2022-45548 (AyaCMS v3.1.2 has an Arbitrary File Upload vulnerability. ...)
@@ -3727,7 +3727,7 @@ CVE-2022-4093 (SQL injection attacks can result in
unauthorized access to sensit
CVE-2022-4092
RESERVED
CVE-2022-44608 (Uncontrolled resource consumption vulnerability in Cybozu
Remote Servi ...)
- TODO: check
+ NOT-FOR-US: Cybozu
CVE-2022-4091 (A vulnerability was found in SourceCodester Canteen Management
System. ...)
NOT-FOR-US: SourceCodester Canteen Management System
CVE-2022-4090 (A vulnerability was found in rickxy Stock Management System and
classi ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3e66c2bf983e5bd700f998605c3e7457849ed125
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3e66c2bf983e5bd700f998605c3e7457849ed125
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
