[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) Tue, 10 Jan 2023 01:55:58 -0800


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
1dc9a6df by Salvatore Bonaccorso at 2023-01-10T10:55:12+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -2924,9 +2924,9 @@ CVE-2023-0025
 CVE-2023-0024
        RESERVED
 CVE-2023-0023 (In SAP Bank Account Management (Manage Banks) application, when 
a user ...)
-       TODO: check
+       NOT-FOR-US: SAP
 CVE-2023-0022 (SAP BusinessObjects Business Intelligence Analysis edition for 
OLAP al ...)
-       TODO: check
+       NOT-FOR-US: SAP
 CVE-2023-0021
        RESERVED
 CVE-2022-47926 (AyaCMS 3.1.2 is vulnerable to file deletion via 
/aya/module/admin/fst_ ...)
@@ -3147,9 +3147,9 @@ CVE-2023-0020
 CVE-2023-0019
        RESERVED
 CVE-2023-0018 (Due to improper input sanitization of user-controlled input in 
SAP Bus ...)
-       TODO: check
+       NOT-FOR-US: SAP
 CVE-2023-0017 (An unauthenticated attacker in SAP NetWeaver AS for Java - 
version 7.5 ...)
-       TODO: check
+       NOT-FOR-US: SAP
 CVE-2022-47890
        RESERVED
 CVE-2022-47889
@@ -5216,15 +5216,15 @@ CVE-2022-4543 [KASLR Leakage Achievable even with KPTI 
through Prefetch Side-Cha
        NOTE: https://www.openwall.com/lists/oss-security/2022/12/16/3
        NOTE: https://www.willsroot.io/2022/12/entrybleed.html
 CVE-2023-0016 (SAP BPC MS 10.0 - version 810, allows an unauthorized attacker 
to exec ...)
-       TODO: check
+       NOT-FOR-US: SAP
 CVE-2023-0015 (In SAP BusinessObjects Business Intelligence Platform (Web 
Intelligenc ...)
-       TODO: check
+       NOT-FOR-US: SAP
 CVE-2023-0014 (SAP NetWeaver ABAP Server and ABAP Platform - versions 
SAP_BASIS 700,  ...)
-       TODO: check
+       NOT-FOR-US: SAP
 CVE-2023-0013 (The ABAP Keyword Documentation of SAP NetWeaver Application 
Server - v ...)
-       TODO: check
+       NOT-FOR-US: SAP
 CVE-2023-0012 (In SAP Host Agent (Windows) - versions 7.21, 7.22, an attacker 
who gai ...)
-       TODO: check
+       NOT-FOR-US: SAP
 CVE-2022-4542
        RESERVED
 CVE-2022-4541
@@ -5567,7 +5567,7 @@ CVE-2022-4499
 CVE-2022-4498
        RESERVED
 CVE-2022-4497 (The Jetpack CRM WordPress plugin before 5.5 does not validate 
and esca ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-4496
        RESERVED
 CVE-2022-4495 (A vulnerability, which was classified as problematic, has been 
found i ...)
@@ -5579,7 +5579,7 @@ CVE-2022-4493 (A vulnerability classified as critical was 
found in scifio. Affec
 CVE-2022-4492
        RESERVED
 CVE-2022-4491 (The WP-Table Reloaded WordPress plugin through 1.9.4 does not 
validate ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-4490
        RESERVED
 CVE-2022-4489
@@ -5603,7 +5603,7 @@ CVE-2022-4481
 CVE-2022-4480
        RESERVED
 CVE-2022-4479 (The Table of Contents Plus WordPress plugin before 2212 does 
not valid ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-4478
        RESERVED
 CVE-2022-4477
@@ -5763,7 +5763,7 @@ CVE-2022-4470
 CVE-2022-4469
        RESERVED
 CVE-2022-4468 (The WP Recipe Maker WordPress plugin before 8.6.1 does not 
validate an ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-4467
        RESERVED
 CVE-2022-4466
@@ -6932,7 +6932,7 @@ CVE-2022-4427 (Improper Input Validation vulnerability in 
OTRS AG OTRS, OTRS AG
        [buster] - otrs2 <no-dsa> (Non-free not supported)
        NOTE: https://www.znuny.org/en/advisories/zsa-2022-07
 CVE-2022-4426 (The Mautic Integration for WooCommerce WordPress plugin before 
1.0.3 d ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-4425
        RESERVED
 CVE-2022-4424
@@ -7066,9 +7066,9 @@ CVE-2022-46893
 CVE-2022-4395
        RESERVED
 CVE-2022-4394 (The iPages Flipbook For WordPress plugin through 1.4.6 does not 
saniti ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-4393 (The ImageLinks Interactive Image Builder for WordPress plugin 
through  ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-4392 (The iPanorama 360 WordPress Virtual Tour Builder plugin through 
1.6.29 ...)
        TODO: check
 CVE-2022-46892
@@ -7225,7 +7225,7 @@ CVE-2022-46839
 CVE-2022-46838
        RESERVED
 CVE-2022-4391 (The Vision Interactive For WordPress plugin through 1.5.3 does 
not san ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-4390 (A network misconfiguration is present in versions prior to 
1.0.9.90 of ...)
        NOT-FOR-US: Netgear
 CVE-2022-4389
@@ -7278,7 +7278,7 @@ CVE-2022-46832 (Use of a Broken or Risky Cryptographic 
Algorithm in SICK RFU62x
 CVE-2022-4375 (A vulnerability was found in Mingsoft MCMS up to 5.2.9. It has 
been cl ...)
        NOT-FOR-US: Mingsoft MCMS
 CVE-2022-4374 (The Bg Bible References WordPress plugin through 3.8.14 does 
not sanit ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-4373 (The Quote-O-Matic WordPress plugin through 1.0.5 does not 
properly san ...)
        NOT-FOR-US: WordPress plugin
 CVE-2022-4372 (The Web Invoice WordPress plugin through 2.1.3 does not 
properly sanit ...)
@@ -7290,7 +7290,7 @@ CVE-2022-4370 (The multimedial images WordPress plugin 
through 1.0b does not pro
 CVE-2022-4369 (The WP-Lister Lite for Amazon WordPress plugin before 2.4.4 
does not s ...)
        NOT-FOR-US: WordPress plugin
 CVE-2022-4368 (The WP CSV WordPress plugin through 1.8.0.0 does not sanitize 
and esca ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-4367
        RESERVED
 CVE-2022-43501
@@ -7562,7 +7562,7 @@ CVE-2022-4327
 CVE-2022-4326 (Improper preservation of permissions vulnerability in Trellix 
Endpoint ...)
        NOT-FOR-US: Trellix Endpoint Agent (xAgent)
 CVE-2022-4325 (The Post Status Notifier Lite WordPress plugin before 1.10.1 
does not  ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-4324 (The Custom Field Template WordPress plugin before 2.5.8 
unserialises t ...)
        NOT-FOR-US: WordPress plugin
 CVE-2022-4323
@@ -7886,7 +7886,7 @@ CVE-2022-46664 (A vulnerability has been identified in 
Mendix Workflow Commons (
 CVE-2022-46662 (Roxio Creator LJB starts another program with an unquoted file 
path. S ...)
        NOT-FOR-US: Roxio
 CVE-2022-4310 (The Slimstat Analytics WordPress plugin before 4.9.3 does not 
sanitise ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-4309
        RESERVED
 CVE-2022-4308
@@ -7904,7 +7904,7 @@ CVE-2022-4303
 CVE-2022-4302 (The White Label CMS WordPress plugin before 2.5 unserializes 
user inpu ...)
        NOT-FOR-US: WordPress plugin
 CVE-2022-4301 (The Sunshine Photo Cart WordPress plugin before 2.9.15 does not 
saniti ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-4300 (A vulnerability was found in FastCMS. It has been rated as 
critical. T ...)
        NOT-FOR-US: FastCMS
 CVE-2022-4299
@@ -9172,7 +9172,7 @@ CVE-2022-4198 (The WP Social Sharing WordPress plugin 
through 2.2 does not sanit
 CVE-2022-4197 (The Sliderby10Web WordPress plugin before 1.2.53 does not 
sanitise and ...)
        NOT-FOR-US: WordPress plugin
 CVE-2022-4196 (The Multi Step Form WordPress plugin before 1.7.8 does not 
sanitise an ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-4195 (Insufficient policy enforcement in Safe Browsing in Google 
Chrome prio ...)
        {DSA-5293-1}
        - chromium 108.0.5359.71-1
@@ -11091,9 +11091,9 @@ CVE-2022-4105 (A stored XSS in a kiwi Test Plan can run 
malicious javascript whi
 CVE-2022-4104 (A loop with an unreachable exit condition can be triggered by 
passing  ...)
        NOT-FOR-US: Tenable
 CVE-2022-4103 (The Royal Elementor Addons WordPress plugin before 1.3.56 does 
not hav ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-4102 (The Royal Elementor Addons WordPress plugin before 1.3.56 does 
not hav ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-4101
        RESERVED
 CVE-2022-4100
@@ -11284,7 +11284,7 @@ CVE-2022-4045 (A denial-of-service vulnerability in the 
Mattermost allows an aut
 CVE-2022-4044 (A denial-of-service vulnerability in Mattermost allows an 
authenticate ...)
        - mattermost-server <itp> (bug #823556)
 CVE-2022-4043 (The WP Custom Admin Interface WordPress plugin before 7.29 
unserialize ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-4042 (The Paytium: Mollie payment forms &amp; donations WordPress 
plugin thr ...)
        NOT-FOR-US: WordPress plugin
 CVE-2022-4041
@@ -12534,7 +12534,7 @@ CVE-2022-3925 (The buddybadges WordPress plugin through 
1.0.0 does not sanitise
 CVE-2022-3924
        RESERVED
 CVE-2022-3923 (The ActiveCampaign for WooCommerce WordPress plugin through 
1.9.6 does ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-3922 (The Broken Link Checker WordPress plugin before 1.11.20 does 
not sanit ...)
        NOT-FOR-US: WordPress plugin
 CVE-2022-45134
@@ -14737,7 +14737,7 @@ CVE-2022-44666 (Windows Contacts Remote Code Execution 
Vulnerability. ...)
 CVE-2022-44665
        RESERVED
 CVE-2022-3855 (The 404 to Start WordPress plugin through 1.6.1 does not 
sanitise and  ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-3854 [possible DoS issue in ceph URL processing on RGW backends]
        RESERVED
        - ceph 16.2.10+ds-5 (bug #1027151)
@@ -19040,7 +19040,7 @@ CVE-2022-41798 (Session information easily guessable 
vulnerability exists in Kyo
 CVE-2022-3680
        RESERVED
 CVE-2022-3679 (The Starter Templates by Kadence WP WordPress plugin before 
1.2.17 uns ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-3678
        RESERVED
 CVE-2022-3677 (The Advanced Import WordPress plugin before 1.3.8 does not have 
CSRF c ...)
@@ -22510,9 +22510,9 @@ CVE-2022-41611 (Cross-site Scripting (XSS) 
vulnerability in BlueSpiceDiscovery s
 CVE-2022-3418 (The Import any XML or CSV File to WordPress plugin before 3.6.9 
is not ...)
        NOT-FOR-US: WordPress plugin
 CVE-2022-3417 (The WPtouch WordPress plugin before 4.3.45 unserialises the 
content of ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-3416 (The WPtouch WordPress plugin before 4.3.45 does not properly 
validate  ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-3415 (The Chat Bubble WordPress plugin before 2.3 does not sanitise 
and esca ...)
        NOT-FOR-US: WordPress plugin
 CVE-2022-3414 (A vulnerability was found in SourceCodester Web-Based Student 
Clearanc ...)
@@ -24804,7 +24804,7 @@ CVE-2022-3344 (A flaw was found in the KVM's AMD nested 
virtualization (SVM). A
        - linux 6.0.12-1
        NOTE: 
https://lore.kernel.org/lkml/[email protected]/T/
 CVE-2022-3343 (The WPQA Builder WordPress plugin before 5.9.3 (which is a 
companion p ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-3342
        RESERVED
 CVE-2022-3341



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1dc9a6dfc286a8d66a36ecf1fb560af0ad3df46f

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1dc9a6dfc286a8d66a36ecf1fb560af0ad3df46f
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process some NFUs

Reply via email to