[Git][security-tracker-team/security-tracker][master] Process several NFUs

Salvatore Bonaccorso (@carnil) Mon, 31 Oct 2022 13:20:50 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
b75a1cff by Salvatore Bonaccorso at 2022-10-31T21:20:06+01:00
Process several NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -6358,9 +6358,9 @@ CVE-2022-3443
 CVE-2022-3442 (A vulnerability was found in Crealogix EBICS 7.0. It has been 
rated as ...)
        NOT-FOR-US: Crealogix EBICS
 CVE-2022-3441 (The Rock Convert WordPress plugin before 2.11.0 does not 
sanitise and  ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-3440 (The Rock Convert WordPress plugin before 2.11.0 does not 
sanitise and  ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-3439 (Allocation of Resources Without Limits or Throttling in GitHub 
reposit ...)
        - rdiffweb <itp> (bug #969974)
 CVE-2022-3438 (Open Redirect in GitHub repository ikus060/rdiffweb prior to 
2.5.0a4. ...)
@@ -6966,9 +6966,9 @@ CVE-2022-3422 (Account Takeover :: when see the info i 
can see the hash pass i c
 CVE-2022-3421 (An attacker can pre-create the `/Applications/Google\ 
Drive.app/Conten ...)
        NOT-FOR-US: Drive for Desktop MacOS
 CVE-2022-3420 (The Official Integration for Billingo WordPress plugin before 
3.4.0 do ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-3419 (The Automatic User Roles Switcher WordPress plugin before 1.1.2 
does n ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-42468 (Apache Flume versions 1.4.0 through 1.10.1 are vulnerable to a 
remote  ...)
        NOT-FOR-US: Apache Flume
 CVE-2022-42467 (When running in prototype mode, the h2 webconsole module 
(accessible f ...)
@@ -7012,7 +7012,7 @@ CVE-2022-3410
 CVE-2022-3409 (A vulnerability in bmcweb of OpenBMC Project allows user to 
cause deni ...)
        NOT-FOR-US: OpenBMC
 CVE-2022-3408 (The WP Word Count WordPress plugin through 3.2.3 does not 
sanitise and ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-3407
        RESERVED
 CVE-2022-42457 (Generex CS141 through 2.10 allows remote command execution by 
administ ...)
@@ -8321,7 +8321,7 @@ CVE-2022-36795 (In BIG-IP versions 17.0.x before 
17.0.0.1, 16.1.x before 16.1.3.
 CVE-2022-3381
        RESERVED
 CVE-2022-3380 (The Customizer Export/Import WordPress plugin before 0.9.5 
unserialize ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-3379 (Horner Automation's Cscape version 9.90 SP7 and prior does not 
properl ...)
        NOT-FOR-US: Horner Automation's Cscape
 CVE-2022-3378 (Horner Automation's Cscape version 9.90 SP 7 and prior does not 
proper ...)
@@ -8333,7 +8333,7 @@ CVE-2022-3376 (Weak Password Requirements in GitHub 
repository ikus060/rdiffweb
 CVE-2022-3375
        RESERVED
 CVE-2022-3374 (The Ocean Extra WordPress plugin before 2.0.5 unserialises the 
content ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-3373
        RESERVED
        {DSA-5245-1}
@@ -8427,7 +8427,7 @@ CVE-2022-38973
 CVE-2022-3367
        RESERVED
 CVE-2022-3366 (The PublishPress Capabilities WordPress plugin before 2.5.2, 
PublishPr ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-3365
        RESERVED
 CVE-2022-3364 (Allocation of Resources Without Limits or Throttling in GitHub 
reposit ...)
@@ -8522,7 +8522,7 @@ CVE-2022-38142 (Delta Electronics InfraSuite Device 
Master versions 00.00.01a an
 CVE-2022-3361
        RESERVED
 CVE-2022-3360 (The LearnPress WordPress plugin before 4.1.7.2 unserialises 
user input ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-3359
        RESERVED
 CVE-2022-3358 (OpenSSL supports creating a custom cipher via the legacy 
EVP_CIPHER_me ...)
@@ -8531,7 +8531,7 @@ CVE-2022-3358 (OpenSSL supports creating a custom cipher 
via the legacy EVP_CIPH
        [buster] - openssl <not-affected> (Only affects 3.x)
        NOTE: https://www.openssl.org/news/secadv/20221011.txt
 CVE-2022-3357 (The Smart Slider 3 WordPress plugin before 3.5.1.11 
unserialises the c ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-3356
        RESERVED
 CVE-2022-3355 (Cross-site Scripting (XSS) - Stored in GitHub repository 
inventree/inv ...)
@@ -9010,7 +9010,7 @@ CVE-2022-3336
 CVE-2022-3335 (The Kadence WooCommerce Email Designer WordPress plugin before 
1.5.7 u ...)
        NOT-FOR-US: WordPress plugin
 CVE-2022-3334 (The Easy WP SMTP WordPress plugin before 1.5.0 unserialises the 
conten ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-3333 (A vulnerability, which was classified as problematic, was found 
in Zep ...)
        NOT-FOR-US: WordPress plugin
 CVE-2022-3332 (A vulnerability classified as critical has been found in 
SourceCodeste ...)
@@ -9952,7 +9952,7 @@ CVE-2022-3256 (Use After Free in GitHub repository 
vim/vim prior to 9.0.0530. ..
 CVE-2022-3255 (If an attacker can control a script that is executed in the 
victim's b ...)
        NOT-FOR-US: pimcore
 CVE-2022-3254 (The WordPress Classifieds Plugin WordPress plugin before 4.3 
does not  ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-41255 (Jenkins CONS3RT Plugin 1.0.0 and earlier stores Cons3rt API 
token unen ...)
        NOT-FOR-US: Jenkins plugin
 CVE-2022-41254 (Missing permission checks in Jenkins CONS3RT Plugin 1.0.0 and 
earlier  ...)
@@ -10634,7 +10634,7 @@ CVE-2022-3238
        NOTE: NTFS3 driver not enabled in Debian
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2127927
 CVE-2022-3237 (The WP Contact Slider WordPress plugin before 2.4.8 does not 
sanitize  ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-40953
        RESERVED
 CVE-2022-40952
@@ -14747,7 +14747,7 @@ CVE-2022-3098 (The Login Block IPs WordPress plugin 
through 1.0.0 does not have
 CVE-2022-3097 (The LBStopAttack WordPress plugin through 1.1.2 does not use 
nonces wh ...)
        NOT-FOR-US: WordPress plugin
 CVE-2022-3096 (The WP Total Hacks WordPress plugin through 4.7.2 does not 
prevent low ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-3095 (The implementation of backslash parsing in the Dart URI class 
for vers ...)
        TODO: check
 CVE-2022-3094
@@ -28156,7 +28156,7 @@ CVE-2022-34349
 CVE-2022-34348 (IBM Sterling Partner Engagement Manager 6.1 is vulnerable to 
an XML Ex ...)
        NOT-FOR-US: IBM
 CVE-2022-2190 (The Gallery Plugin for WordPress plugin before 1.8.4.7 does not 
escape ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-2189 (The WP Video Lightbox WordPress plugin before 1.9.5 does not 
escape th ...)
        NOT-FOR-US: WordPress plugin
 CVE-2022-2188



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b75a1cff6b87d048e2b7f158cf796c201daccb76

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b75a1cff6b87d048e2b7f158cf796c201daccb76
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process several NFUs

Reply via email to