[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Mon Apr 4 21:31:44 BST 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
bd8225a3 by Salvatore Bonaccorso at 2022-04-04T22:31:29+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1107,13 +1107,13 @@ CVE-2022-1170 (In the Noo JobMonster WordPress theme before 4.5.2.9 JobMonster t
CVE-2022-1169 (There is a XSS vulnerability in Careerfy. ...)
TODO: check
CVE-2022-1168 (There is a Cross-Site Scripting vulnerability in the JobSearch WP JobS ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-1167 (There are unauthenticated reflected Cross-Site Scripting (XSS) vulnera ...)
TODO: check
CVE-2022-1166 (The JobMonster Theme was vulnerable to Directory Listing in the /wp-co ...)
TODO: check
CVE-2022-1165 (The Blackhole for Bad Bots WordPress plugin before 3.3.2 uses headers ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-1164 (The Wyzi Theme was affected by reflected XSS vulnerabilities in the bu ...)
TODO: check
CVE-2022-28219
@@ -4003,7 +4003,7 @@ CVE-2022-0960 (Stored XSS viva .properties file upload in GitHub repository star
CVE-2022-0959 (A malicious, but authorised and authenticated user can construct an HT ...)
- pgadmin4 <itp> (bug #834129)
CVE-2022-0958 (The Mark Posts WordPress plugin before 2.0.1 does not escape new marke ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-0957 (Stored XSS via File Upload in GitHub repository star7th/showdoc prior ...)
NOT-FOR-US: ShowDoc
CVE-2022-0956 (Stored XSS via File Upload in GitHub repository star7th/showdoc prior ...)
@@ -5194,13 +5194,13 @@ CVE-2022-0889 (The Ninja Forms - File Uploads Extension WordPress plugin is vuln
CVE-2022-0888 (The Ninja Forms - File Uploads Extension WordPress plugin is vulnerabl ...)
NOT-FOR-US: WordPress plugin
CVE-2022-0887 (The Easy Social Icons WordPress plugin before 3.1.4 does not sanitize ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-0886
REJECTED
CVE-2022-0885
RESERVED
CVE-2022-0884 (The Profile Builder WordPress plugin before 3.6.8 does not sanitise an ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-0883
RESERVED
CVE-2022-0882
@@ -5819,7 +5819,7 @@ CVE-2022-25889
CVE-2022-21224
RESERVED
CVE-2022-0864 (The UpdraftPlus WordPress Backup Plugin WordPress plugin before 1.22.9 ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-0863
RESERVED
CVE-2022-0862 (A lack of password change protection vulnerability in a depreciated AP ...)
@@ -6006,7 +6006,7 @@ CVE-2022-0839 (Improper Restriction of XML External Entity Reference in GitHub r
CVE-2022-0838 (Cross-site Scripting (XSS) - Reflected in GitHub repository hestiacp/h ...)
NOT-FOR-US: Hestia Control Panel
CVE-2022-0837 (The Amelia WordPress plugin before 1.0.48 does not have proper authori ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-0836
RESERVED
CVE-2022-26365
@@ -6059,7 +6059,7 @@ CVE-2022-0832 (Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/
CVE-2022-0831 (Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimco ...)
NOT-FOR-US: pimcore
CVE-2022-0830 (The FormBuilder WordPress plugin through 1.08 does not have CSRF check ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-0829 (Improper Authorization in GitHub repository webmin/webmin prior to 1.9 ...)
- webmin <removed>
CVE-2022-0828
@@ -6069,7 +6069,7 @@ CVE-2022-0827
CVE-2022-0826
RESERVED
CVE-2022-0825 (The Amelia WordPress plugin before 1.0.49 does not have proper authori ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-0824 (Improper Access Control to Remote Code Execution in GitHub repository ...)
- webmin <removed>
CVE-2022-0823
@@ -8068,7 +8068,7 @@ CVE-2022-0711 (A flaw was found in the way HAProxy processed HTTP responses cont
CVE-2022-0710 (The Header Footer Code Manager plugin <= 1.1.16 for WordPress is vu ...)
NOT-FOR-US: WordPress plugin
CVE-2022-0709 (The Booking Package WordPress plugin before 1.5.29 requires a token fo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-0708 (Mattermost 6.3.0 and earlier fails to protect email addresses of the c ...)
- mattermost-server <itp> (bug #823556)
NOTE: MMSA-2022-0082
@@ -10756,7 +10756,7 @@ CVE-2022-0539 (Cross-site Scripting (XSS) - Stored in Packagist ptrofimov/beanst
CVE-2022-0538 (Jenkins 2.333 and earlier, LTS 2.319.2 and earlier defines custom XStr ...)
- jenkins <removed>
CVE-2022-0537 (The MapPress Maps for WordPress plugin before 2.73.13 allows a high pr ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-0536 (Exposure of Sensitive Information to an Unauthorized Actor in NPM foll ...)
- node-follow-redirects 1.14.8+~1.14.0-1
[bullseye] - node-follow-redirects 1.13.1-1+deb11u1
@@ -12082,7 +12082,7 @@ CVE-2022-0433 (A NULL pointer dereference flaw was found in the Linux kernel's B
CVE-2022-0432 (Prototype Pollution in GitHub repository mastodon/mastodon prior to 3. ...)
NOT-FOR-US: Mastodon
CVE-2022-0431 (The Insights from Google PageSpeed WordPress plugin before 4.0.4 does ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-0430 (Exposure of Sensitive Information to an Unauthorized Actor in GitHub r ...)
- httpie <unfixed>
[bullseye] - httpie <no-dsa> (Minor issue)
@@ -12527,9 +12527,9 @@ CVE-2022-0406 (Improper Authorization in GitHub repository janeczku/calibre-web
CVE-2022-0405 (Improper Access Control in GitHub repository janeczku/calibre-web prio ...)
NOT-FOR-US: calibre-web
CVE-2022-0404 (The Material Design for Contact Form 7 WordPress plugin through 2.6.4 ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-0403 (The Library File Manager WordPress plugin before 5.2.3 is using an out ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-0402
RESERVED
CVE-2022-0401 (Path Traversal in NPM w-zip prior to 1.0.12. ...)
@@ -77544,7 +77544,7 @@ CVE-2021-25115 (The WP Photo Album Plus WordPress plugin before 8.0.10 was vulne
CVE-2021-25114 (The Paid Memberships Pro WordPress plugin before 2.6.7 does not escape ...)
NOT-FOR-US: WordPress plugin
CVE-2021-25113 (The Dropdown Menu Widget WordPress plugin through 1.9.7 does not have ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-25112 (The WHMCS Bridge WordPress plugin before 6.4b does not sanitise and es ...)
NOT-FOR-US: WordPress plugin
CVE-2021-25111
@@ -77674,7 +77674,7 @@ CVE-2021-25050 (The Remove Footer Credit WordPress plugin before 1.0.11 does pro
CVE-2021-25049 (The Mobile Events Manager WordPress plugin before 1.4.4 does not sanit ...)
NOT-FOR-US: WordPress plugin
CVE-2021-25048 (The KingComposer WordPress plugin through 2.9.6 does not have authoris ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-25047 (The 10Web Social Photo Feed WordPress plugin before 1.4.29 was affecte ...)
NOT-FOR-US: WordPress plugin
CVE-2021-25046 (The Modern Events Calendar Lite WordPress plugin before 6.2.0 alloed a ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bd8225a3c5d665bc9e42be606fba989a4655b435
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bd8225a3c5d665bc9e42be606fba989a4655b435
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220404/904e00f9/attachment.htm>
More information about the debian-security-tracker-commits
mailing list