[Git][security-tracker-team/security-tracker][master] Process some more NFUs

Fri, 04 Nov 2022 01:28:10 -0700 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
ca091fd2 by Salvatore Bonaccorso at 2022-11-04T09:27:34+01:00
Process some more NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1204,9 +1204,9 @@ CVE-2022-44630
 CVE-2022-44629
        RESERVED
 CVE-2022-44628 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability 
in Jump ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-44627 (Cross-Site Request Forgery (CSRF) vulnerability in David Cole 
Simple S ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-44626
        RESERVED
 CVE-2022-44625
@@ -1783,15 +1783,15 @@ CVE-2022-44457
 CVE-2022-43506
        RESERVED
 CVE-2022-43495 (OpenHarmony-v3.1.2 and prior versions had a DOS vulnerability 
in distr ...)
-       TODO: check
+       NOT-FOR-US: OpenHarmony
 CVE-2022-43457
        RESERVED
 CVE-2022-43452
        RESERVED
 CVE-2022-43451 (OpenHarmony-v3.1.2 and prior versions had an Multiple path 
traversal v ...)
-       TODO: check
+       NOT-FOR-US: OpenHarmony
 CVE-2022-43449 (OpenHarmony-v3.1.2 and prior versions had an Arbitrary file 
read vulne ...)
-       TODO: check
+       NOT-FOR-US: OpenHarmony
 CVE-2022-43447
        RESERVED
 CVE-2022-41775
@@ -5633,7 +5633,7 @@ CVE-2022-43573
 CVE-2022-43572
        RESERVED
 CVE-2022-43571 (In Splunk Enterprise versions below 8.2.9, 8.1.12, and 9.0.2, 
an authe ...)
-       TODO: check
+       NOT-FOR-US: Splunk Enterprise
 CVE-2022-43570
        RESERVED
 CVE-2022-43569
@@ -5653,7 +5653,7 @@ CVE-2022-43563
 CVE-2022-43562
        RESERVED
 CVE-2022-43561 (In Splunk Enterprise versions below 8.1.12, 8.2.9, and 9.0.2, 
a remote ...)
-       TODO: check
+       NOT-FOR-US: Splunk Enterprise
 CVE-2022-43560
        RESERVED
 CVE-2022-43559
@@ -6938,11 +6938,11 @@ CVE-2022-43065
 CVE-2022-43064
        RESERVED
 CVE-2022-43063 (Online Diagnostic Lab Management System v1.0 was discovered to 
contain ...)
-       TODO: check
+       NOT-FOR-US: Online Diagnostic Lab Management System
 CVE-2022-43062 (Online Diagnostic Lab Management System v1.0 was discovered to 
contain ...)
-       TODO: check
+       NOT-FOR-US: Online Diagnostic Lab Management System
 CVE-2022-43061 (Online Tours & Travels Management System v1.0 was 
discovered to co ...)
-       TODO: check
+       NOT-FOR-US: Online Tours & Travels Management System
 CVE-2022-43060
        RESERVED
 CVE-2022-43059
@@ -7961,17 +7961,17 @@ CVE-2022-42751 (CandidATS version 3.0.0 allows an 
external attacker to elevate p
 CVE-2022-42750 (CandidATS version 3.0.0 allows an external attacker to steal 
the cooki ...)
        NOT-FOR-US: CandidATS
 CVE-2022-42749 (CandidATS version 3.0.0 on 'page' of the 'ajax.php' resource, 
allows a ...)
-       TODO: check
+       NOT-FOR-US: CandidATS
 CVE-2022-42748 (CandidATS version 3.0.0 on 'sortDirection' of the 'ajax.php' 
resource, ...)
-       TODO: check
+       NOT-FOR-US: CandidATS
 CVE-2022-42747 (CandidATS version 3.0.0 on 'sortBy' of the 'ajax.php' 
resource, allows ...)
-       TODO: check
+       NOT-FOR-US: CandidATS
 CVE-2022-42746 (CandidATS version 3.0.0 on 'indexFile' of the 'ajax.php' 
resource, all ...)
-       TODO: check
+       NOT-FOR-US: CandidATS
 CVE-2022-42745 (CandidATS version 3.0.0 allows an external attacker to read 
arbitrary  ...)
-       TODO: check
+       NOT-FOR-US: CandidATS
 CVE-2022-42744 (CandidATS version 3.0.0 allows an external attacker to perform 
CRUD op ...)
-       TODO: check
+       NOT-FOR-US: CandidATS
 CVE-2022-42743 (deep-parse-json version 1.0.2 allows an external attacker to 
edit or a ...)
        TODO: check
 CVE-2022-42742
@@ -12958,7 +12958,7 @@ CVE-2022-40205
 CVE-2022-40193 (Unauthenticated Stored Cross-Site Scripting (XSS) 
vulnerability in Awe ...)
        NOT-FOR-US: WordPress plugin
 CVE-2022-40131 (Cross-Site Request Forgery (CSRF) vulnerability in a3rev 
Software Page ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-38974
        RESERVED
 CVE-2022-38468
@@ -12980,7 +12980,7 @@ CVE-2022-36424
 CVE-2022-36417 (Multiple Stored Cross-Site Scripting (XSS) via Cross-Site 
Request Forg ...)
        NOT-FOR-US: WordPress plugin
 CVE-2022-36404 (Auth. (subscriber+) Broken Access Control vulnerability in 
David Cole  ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-35238 (Unauthenticated Plugin Settings Change vulnerability in 
Awesome Filter ...)
        NOT-FOR-US: WordPress plugin
 CVE-2022-33978 (Reflected Cross-Site Scripting (XSS) vulnerability FontMeister 
plugin  ...)
@@ -16000,7 +16000,7 @@ CVE-2022-39384
 CVE-2022-39383
        RESERVED
 CVE-2022-39382 (Keystone is a headless CMS for Node.js — built with 
GraphQL and  ...)
-       TODO: check
+       NOT-FOR-US: Keystone CMS
 CVE-2022-39381 (Muhammara is a node module with c/cpp bindings to modify PDF 
with js f ...)
        TODO: check
 CVE-2022-39380



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ca091fd2982fd316b54d0527f7d3d8ee6874b0ed

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ca091fd2982fd316b54d0527f7d3d8ee6874b0ed
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to