[Git][security-tracker-team/security-tracker][master] Process NFUs

Salvatore Bonaccorso (@carnil) Mon, 12 Dec 2022 21:12:21 -0800


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
a2c3cbdc by Salvatore Bonaccorso at 2022-12-13T06:11:42+01:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -3392,9 +3392,9 @@ CVE-2022-45999
 CVE-2022-45998
        RESERVED
 CVE-2022-45997 (Tenda W20E V16.01.0.6(3392) is vulnerable to Buffer Overflow. 
...)
-       TODO: check
+       NOT-FOR-US: Tenda
 CVE-2022-45996 (Tenda W20E V16.01.0.6(3392) is vulnerable to Command injection 
via cmd ...)
-       TODO: check
+       NOT-FOR-US: Tenda
 CVE-2022-45995
        RESERVED
 CVE-2022-45994
@@ -3426,13 +3426,13 @@ CVE-2022-45982
 CVE-2022-45981
        RESERVED
 CVE-2022-45980 (Tenda AX12 V22.03.01.21_CN was discovered to contain a 
Cross-Site Requ ...)
-       TODO: check
+       NOT-FOR-US: Tenda
 CVE-2022-45979 (Tenda AX12 v22.03.01.21_CN was discovered to contain a stack 
overflow  ...)
-       TODO: check
+       NOT-FOR-US: Tenda
 CVE-2022-45978
        RESERVED
 CVE-2022-45977 (Tenda AX12 V22.03.01.21_CN was found to have a command 
injection vulne ...)
-       TODO: check
+       NOT-FOR-US: Tenda
 CVE-2022-45976
        RESERVED
 CVE-2022-45975
@@ -4584,7 +4584,7 @@ CVE-2022-4099
 CVE-2022-4098
        RESERVED
 CVE-2022-4097 (The All-In-One Security (AIOS) WordPress plugin before 5.0.8 is 
suscep ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-4096 (Server-Side Request Forgery (SSRF) in GitHub repository 
appsmithorg/ap ...)
        NOT-FOR-US: appsmith
 CVE-2022-4095
@@ -4844,7 +4844,7 @@ CVE-2022-4018 (Missing Authentication for Critical 
Function in GitHub repository
 CVE-2022-4017
        RESERVED
 CVE-2022-4016 (The Booster for WooCommerce WordPress plugin before 5.6.7, 
Booster Plu ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-4015 (A vulnerability, which was classified as critical, was found in 
Sports ...)
        NOT-FOR-US: Sports Club Management System
 CVE-2022-4014 (A vulnerability, which was classified as problematic, has been 
found i ...)
@@ -4860,7 +4860,7 @@ CVE-2022-43468 (External initialization of trusted 
variables or data stores vuln
 CVE-2022-41783 (tdpServer of TP-Link RE300 V1 improperly processes its input, 
which ma ...)
        NOT-FOR-US: TP-Link
 CVE-2022-4010 (The Image Hover Effects WordPress plugin through 5.3 does not 
sanitise ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-4009
        RESERVED
 CVE-2022-4008
@@ -4870,9 +4870,9 @@ CVE-2022-4007
 CVE-2022-4006 (A vulnerability, which was classified as problematic, has been 
found i ...)
        NOT-FOR-US: WBCE CMS
 CVE-2022-4005 (The Donation Button WordPress plugin through 4.0.0 does not 
sanitize a ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-4004 (The Donation Button WordPress plugin through 4.0.0 does not 
properly c ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2021-4241 (A vulnerability, which was classified as problematic, was found 
in php ...)
        NOT-FOR-US: phpservermon
 CVE-2021-4240 (A vulnerability, which was classified as problematic, was found 
in php ...)
@@ -4901,9 +4901,9 @@ CVE-2022-4002
 CVE-2022-4001
        RESERVED
 CVE-2022-4000 (The WooCommerce Shipping WordPress plugin through 1.2.11 does 
not sani ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-3999 (The WooCommerce Shipping WordPress plugin through 1.2.11 does 
not have ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-3998 (A vulnerability, which was classified as critical, was found in 
Monika ...)
        NOT-FOR-US: MonikaBrzica scm
 CVE-2022-3997 (A vulnerability, which was classified as critical, has been 
found in M ...)
@@ -5718,7 +5718,7 @@ CVE-2022-3991 (The Photospace Gallery plugin for 
WordPress is vulnerable to Stor
 CVE-2022-3990
        RESERVED
 CVE-2022-3989 (The Motors WordPress plugin before 1.4.4 does not properly 
validate up ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-3988 (A vulnerability was found in Frappe. It has been rated as 
problematic. ...)
        NOT-FOR-US: Frappe Framework
 CVE-2022-3987
@@ -5732,9 +5732,9 @@ CVE-2022-3984
 CVE-2022-3983
        RESERVED
 CVE-2022-3982 (The Booking calendar, Appointment Booking System WordPress 
plugin befo ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-3981 (The Icegram Express WordPress plugin before 5.5.1 does not 
properly sa ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-3980 (An XML External Entity (XEE) vulnerability allows server-side 
request  ...)
        NOT-FOR-US: Sophos
 CVE-2022-37406 (Cross-site scripting vulnerability in Aficio SP 4210N firmware 
version ...)
@@ -5944,7 +5944,7 @@ CVE-2022-3948 (A vulnerability classified as critical was 
found in eolinker goku
 CVE-2022-3947 (A vulnerability classified as critical has been found in 
eolinker goku ...)
        NOT-FOR-US: eolinker goku_lite
 CVE-2022-3946 (The Welcart e-Commerce WordPress plugin before 2.8.4 does not 
have aut ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-3945 (Improper Restriction of Excessive Authentication Attempts in 
GitHub re ...)
        NOT-FOR-US: Kavita
 CVE-2022-3944 (A vulnerability was found in jerryhanjj ERP. It has been 
declared as c ...)
@@ -5974,11 +5974,11 @@ CVE-2022-3937
 CVE-2022-3936
        RESERVED
 CVE-2022-3935 (The Welcart e-Commerce WordPress plugin before 2.8.4 does not 
sanitise ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-3934 (The Flat PM WordPress plugin through 2.661 does not sanitize 
and escap ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-3933 (The Essential Real Estate WordPress plugin before 3.9.6 does 
not sanit ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-45143
        RESERVED
 CVE-2022-45142
@@ -6007,7 +6007,7 @@ CVE-2022-3931
        RESERVED
        NOT-FOR-US: Rook
 CVE-2022-3930 (The Directorist WordPress plugin before 7.4.2.2 suffers from an 
IDOR v ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-3929
        RESERVED
 CVE-2022-3928
@@ -6017,7 +6017,7 @@ CVE-2022-3927
 CVE-2022-3926 (The WP OAuth Server (OAuth Authentication) WordPress plugin 
before 3.4 ...)
        NOT-FOR-US: WordPress plugin
 CVE-2022-3925 (The buddybadges WordPress plugin through 1.0.0 does not 
sanitise and e ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-3924
        RESERVED
 CVE-2022-3923
@@ -6155,7 +6155,7 @@ CVE-2022-45065
 CVE-2022-45064
        RESERVED
 CVE-2022-3919 (The Jetpack CRM WordPress plugin before 5.4.3 does not sanitise 
and es ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-3918
        RESERVED
 CVE-2022-3917
@@ -6164,13 +6164,13 @@ CVE-2022-3916
        RESERVED
        NOT-FOR-US: Keycloak
 CVE-2022-3915 (The Dokan WordPress plugin before 3.7.6 does not properly 
sanitise and ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-3914
        RESERVED
 CVE-2022-3913
        RESERVED
 CVE-2022-3912 (The User Registration WordPress plugin before 2.2.4.1 does not 
properl ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-3911
        RESERVED
 CVE-2022-3910 (Use After Free vulnerability in Linux Kernel allows Privilege 
Escalati ...)
@@ -6223,11 +6223,11 @@ CVE-2022-45059 (An issue was discovered in Varnish 
Cache 7.x before 7.1.2 and 7.
        NOTE: https://varnish-cache.org/security/VSV00010.html
        NOTE: 
https://github.com/varnishcache/varnish-cache/commit/fcf5722af75fdbf58dd425dd68d0beaa49bab4f4
 CVE-2022-3908 (The Helloprint WordPress plugin before 1.4.7 does not sanitise 
and esc ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-3907 (The Clerk WordPress plugin before 4.0.0 is affected by 
time-based atta ...)
        NOT-FOR-US: WordPress plugin
 CVE-2022-3906 (The Easy Form Builder WordPress plugin before 3.4.0 does not 
sanitise  ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-3905
        RESERVED
 CVE-2022-3904
@@ -6241,7 +6241,7 @@ CVE-2022-3902
 CVE-2022-3901
        RESERVED
 CVE-2022-3900 (The Cooked Pro WordPress plugin before 1.7.5.7 does not 
properly valid ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-45058
        RESERVED
 CVE-2022-45057
@@ -6317,15 +6317,15 @@ CVE-2022-3884
 CVE-2022-45044
        RESERVED
 CVE-2022-3883 (The Block Bad Bots and Stop Bad Bots Crawlers and Spiders and 
Anti Spa ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-3882 (The Memory Usage, Memory Limit, PHP and Server Memory Health 
Check and ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-3881 (The WP Tools Increase Maximum Limits, Repair, Server PHP Info, 
Javascr ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-3880 (The Disable Json API, Login Lockdown, XMLRPC, Pingback, Stop 
User Enum ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-3879 (The Car Dealer (Dealership) and Vehicle sales WordPress Plugin 
WordPre ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-3878 (A vulnerability classified as critical has been found in Maxon 
ERP. Th ...)
        NOT-FOR-US: Maxon ERP
 CVE-2022-3877
@@ -6346,7 +6346,7 @@ CVE-2022-3872 (An off-by-one read/write issue was found 
in the SDHCI device of Q
        NOTE: patch proposal 1: 
https://lists.nongnu.org/archive/html/qemu-devel/2022-11/msg01068.html
        NOTE: patch proposal 2: 
https://lists.nongnu.org/archive/html/qemu-devel/2022-11/msg01161.html
 CVE-2022-45043 (Tenda AX12 V22.03.01.16_cn is vulnerable to command injection 
via gofo ...)
-       TODO: check
+       NOT-FOR-US: Tenda
 CVE-2022-45042
        RESERVED
 CVE-2022-45041
@@ -7083,7 +7083,7 @@ CVE-2022-44716
 CVE-2022-44715
        RESERVED
 CVE-2022-3862 (The Livemesh Addons for Elementor WordPress plugin before 7.2.4 
does n ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-3861 (The Betheme theme for WordPress is vulnerable to PHP Object 
Injection  ...)
        NOT-FOR-US: Betheme theme for WordPress
 CVE-2022-3860
@@ -13173,7 +13173,7 @@ CVE-2022-3611
 CVE-2022-3610 (The Jeeng Push Notifications WordPress plugin before 2.0.4 does 
not sa ...)
        NOT-FOR-US: WordPress plugin
 CVE-2022-3609 (The GetYourGuide Ticketing WordPress plugin before 1.0.4 does 
not sani ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-3608 (Cross-site Scripting (XSS) - Stored in GitHub repository 
thorsten/phpm ...)
        NOT-FOR-US: phpmyfaq
 CVE-2022-3607 (Failure to Sanitize Special Elements into a Different Plane 
(Special E ...)
@@ -13184,7 +13184,7 @@ CVE-2022-3606 (A vulnerability was found in Linux 
Kernel. It has been classified
        NOTE: Introduced by: 
https://github.com/libbpf/libbpf/commit/a3abae5122f30b83baebd4e4dd8ba4578a87cd4b
 (v0.2)
        NOTE: Fixed by: 
https://github.com/libbpf/libbpf/commit/3a3ef0c1d09e1894740db71cdcb7be0bfd713671
 CVE-2022-3605 (The WP CSV Exporter WordPress plugin before 1.3.7 does not 
properly es ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-3604
        RESERVED
 CVE-2022-3603 (The Export customers list csv for WooCommerce, WordPress users 
csv, ex ...)
@@ -17677,7 +17677,7 @@ CVE-2022-3361 (The Ultimate Member plugin for WordPress 
is vulnerable to directo
 CVE-2022-3360 (The LearnPress WordPress plugin before 4.1.7.2 unserialises 
user input ...)
        NOT-FOR-US: WordPress plugin
 CVE-2022-3359 (The Shortcodes and extra features for Phlox WordPress plugin 
through 2 ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-3358 (OpenSSL supports creating a custom cipher via the legacy 
EVP_CIPHER_me ...)
        - openssl 3.0.7-1 (bug #1021620)
        [bullseye] - openssl <not-affected> (Only affects 3.x)
@@ -19027,7 +19027,7 @@ CVE-2022-41298
 CVE-2022-41297 (IBM Db2U 3.5, 4.0, and 4.5 is vulnerable to cross-site request 
forgery ...)
        NOT-FOR-US: IBM
 CVE-2022-41296 (IBM Db2U 3.5, 4.0, and 4.5 is vulnerable to cross-site request 
forgery ...)
-       TODO: check
+       NOT-FOR-US: IBM
 CVE-2022-41295
        RESERVED
 CVE-2022-41294 (IBM Robotic Process Automation 21.0.0, 21.0.1, 21.0.2, 21.0.3, 
and 21. ...)
@@ -45297,7 +45297,7 @@ CVE-2022-31598 (Due to insufficient input validation, 
SAP Business Objects - ver
 CVE-2022-31597 (Within SAP S/4HANA - versions S4CORE 101, 102, 103, 104, 105, 
106, SAP ...)
        NOT-FOR-US: SAP
 CVE-2022-31596 (Under certain conditions, an attacker authenticated as a CMS 
administr ...)
-       TODO: check
+       NOT-FOR-US: SAP
 CVE-2022-31595 (SAP Financial Consolidation - version 1010,&#65533;does not 
perform ne ...)
        NOT-FOR-US: SAP
 CVE-2022-31594 (A highly privileged user can exploit SUID-root program to 
escalate his ...)
@@ -98297,7 +98297,7 @@ CVE-2021-38999 (IBM MQ Appliance could allow a local 
attacker to obtain sensitiv
 CVE-2021-38998
        RESERVED
 CVE-2021-38997 (IBM API Connect V10.0.0.0 through V10.0.5.0, V10.0.1.0 through 
V10.0.1 ...)
-       TODO: check
+       NOT-FOR-US: IBM
 CVE-2021-38996 (IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a 
non-privileged local ...)
        NOT-FOR-US: IBM
 CVE-2021-38995 (IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a 
non-privileged local ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a2c3cbdced28329445fc7811ff2cf2ab1ac4465c

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a2c3cbdced28329445fc7811ff2cf2ab1ac4465c
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process NFUs

Reply via email to