[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Mon Apr 4 21:31:44 BST 2022



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
bd8225a3 by Salvatore Bonaccorso at 2022-04-04T22:31:29+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1107,13 +1107,13 @@ CVE-2022-1170 (In the Noo JobMonster WordPress theme before 4.5.2.9 JobMonster t
 CVE-2022-1169 (There is a XSS vulnerability in Careerfy. ...)
 	TODO: check
 CVE-2022-1168 (There is a Cross-Site Scripting vulnerability in the JobSearch WP JobS ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-1167 (There are unauthenticated reflected Cross-Site Scripting (XSS) vulnera ...)
 	TODO: check
 CVE-2022-1166 (The JobMonster Theme was vulnerable to Directory Listing in the /wp-co ...)
 	TODO: check
 CVE-2022-1165 (The Blackhole for Bad Bots WordPress plugin before 3.3.2 uses headers  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-1164 (The Wyzi Theme was affected by reflected XSS vulnerabilities in the bu ...)
 	TODO: check
 CVE-2022-28219
@@ -4003,7 +4003,7 @@ CVE-2022-0960 (Stored XSS viva .properties file upload in GitHub repository star
 CVE-2022-0959 (A malicious, but authorised and authenticated user can construct an HT ...)
 	- pgadmin4 <itp> (bug #834129)
 CVE-2022-0958 (The Mark Posts WordPress plugin before 2.0.1 does not escape new marke ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-0957 (Stored XSS via File Upload in GitHub repository star7th/showdoc prior  ...)
 	NOT-FOR-US: ShowDoc
 CVE-2022-0956 (Stored XSS via File Upload in GitHub repository star7th/showdoc prior  ...)
@@ -5194,13 +5194,13 @@ CVE-2022-0889 (The Ninja Forms - File Uploads Extension WordPress plugin is vuln
 CVE-2022-0888 (The Ninja Forms - File Uploads Extension WordPress plugin is vulnerabl ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-0887 (The Easy Social Icons WordPress plugin before 3.1.4 does not sanitize  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-0886
 	REJECTED
 CVE-2022-0885
 	RESERVED
 CVE-2022-0884 (The Profile Builder WordPress plugin before 3.6.8 does not sanitise an ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-0883
 	RESERVED
 CVE-2022-0882
@@ -5819,7 +5819,7 @@ CVE-2022-25889
 CVE-2022-21224
 	RESERVED
 CVE-2022-0864 (The UpdraftPlus WordPress Backup Plugin WordPress plugin before 1.22.9 ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-0863
 	RESERVED
 CVE-2022-0862 (A lack of password change protection vulnerability in a depreciated AP ...)
@@ -6006,7 +6006,7 @@ CVE-2022-0839 (Improper Restriction of XML External Entity Reference in GitHub r
 CVE-2022-0838 (Cross-site Scripting (XSS) - Reflected in GitHub repository hestiacp/h ...)
 	NOT-FOR-US: Hestia Control Panel
 CVE-2022-0837 (The Amelia WordPress plugin before 1.0.48 does not have proper authori ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-0836
 	RESERVED
 CVE-2022-26365
@@ -6059,7 +6059,7 @@ CVE-2022-0832 (Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/
 CVE-2022-0831 (Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimco ...)
 	NOT-FOR-US: pimcore
 CVE-2022-0830 (The FormBuilder WordPress plugin through 1.08 does not have CSRF check ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-0829 (Improper Authorization in GitHub repository webmin/webmin prior to 1.9 ...)
 	- webmin <removed>
 CVE-2022-0828
@@ -6069,7 +6069,7 @@ CVE-2022-0827
 CVE-2022-0826
 	RESERVED
 CVE-2022-0825 (The Amelia WordPress plugin before 1.0.49 does not have proper authori ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-0824 (Improper Access Control to Remote Code Execution in GitHub repository  ...)
 	- webmin <removed>
 CVE-2022-0823
@@ -8068,7 +8068,7 @@ CVE-2022-0711 (A flaw was found in the way HAProxy processed HTTP responses cont
 CVE-2022-0710 (The Header Footer Code Manager plugin <= 1.1.16 for WordPress is vu ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-0709 (The Booking Package WordPress plugin before 1.5.29 requires a token fo ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-0708 (Mattermost 6.3.0 and earlier fails to protect email addresses of the c ...)
 	- mattermost-server <itp> (bug #823556)
 	NOTE: MMSA-2022-0082
@@ -10756,7 +10756,7 @@ CVE-2022-0539 (Cross-site Scripting (XSS) - Stored in Packagist ptrofimov/beanst
 CVE-2022-0538 (Jenkins 2.333 and earlier, LTS 2.319.2 and earlier defines custom XStr ...)
 	- jenkins <removed>
 CVE-2022-0537 (The MapPress Maps for WordPress plugin before 2.73.13 allows a high pr ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-0536 (Exposure of Sensitive Information to an Unauthorized Actor in NPM foll ...)
 	- node-follow-redirects 1.14.8+~1.14.0-1
 	[bullseye] - node-follow-redirects 1.13.1-1+deb11u1
@@ -12082,7 +12082,7 @@ CVE-2022-0433 (A NULL pointer dereference flaw was found in the Linux kernel's B
 CVE-2022-0432 (Prototype Pollution in GitHub repository mastodon/mastodon prior to 3. ...)
 	NOT-FOR-US: Mastodon
 CVE-2022-0431 (The Insights from Google PageSpeed WordPress plugin before 4.0.4 does  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-0430 (Exposure of Sensitive Information to an Unauthorized Actor in GitHub r ...)
 	- httpie <unfixed>
 	[bullseye] - httpie <no-dsa> (Minor issue)
@@ -12527,9 +12527,9 @@ CVE-2022-0406 (Improper Authorization in GitHub repository janeczku/calibre-web
 CVE-2022-0405 (Improper Access Control in GitHub repository janeczku/calibre-web prio ...)
 	NOT-FOR-US: calibre-web
 CVE-2022-0404 (The Material Design for Contact Form 7 WordPress plugin through 2.6.4  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-0403 (The Library File Manager WordPress plugin before 5.2.3 is using an out ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-0402
 	RESERVED
 CVE-2022-0401 (Path Traversal in NPM w-zip prior to 1.0.12. ...)
@@ -77544,7 +77544,7 @@ CVE-2021-25115 (The WP Photo Album Plus WordPress plugin before 8.0.10 was vulne
 CVE-2021-25114 (The Paid Memberships Pro WordPress plugin before 2.6.7 does not escape ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2021-25113 (The Dropdown Menu Widget WordPress plugin through 1.9.7 does not have  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-25112 (The WHMCS Bridge WordPress plugin before 6.4b does not sanitise and es ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2021-25111
@@ -77674,7 +77674,7 @@ CVE-2021-25050 (The Remove Footer Credit WordPress plugin before 1.0.11 does pro
 CVE-2021-25049 (The Mobile Events Manager WordPress plugin before 1.4.4 does not sanit ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2021-25048 (The KingComposer WordPress plugin through 2.9.6 does not have authoris ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-25047 (The 10Web Social Photo Feed WordPress plugin before 1.4.29 was affecte ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2021-25046 (The Modern Events Calendar Lite WordPress plugin before 6.2.0 alloed a ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bd8225a3c5d665bc9e42be606fba989a4655b435

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bd8225a3c5d665bc9e42be606fba989a4655b435
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220404/904e00f9/attachment.htm>


More information about the debian-security-tracker-commits mailing list