[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Mon Apr 11 21:41:03 BST 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
c0475ebe by Salvatore Bonaccorso at 2022-04-11T22:40:28+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -4727,7 +4727,7 @@ CVE-2022-1025
CVE-2022-1024
RESERVED
CVE-2022-1023 (The Podcast Importer SecondLine WordPress plugin before 1.3.8 does not ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-1022
RESERVED
CVE-2022-1021
@@ -4797,11 +4797,11 @@ CVE-2022-1010
CVE-2022-1009
RESERVED
CVE-2022-1008 (The One Click Demo Import WordPress plugin before 3.1.0 does not valid ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-1007 (The Advanced Booking Calendar WordPress plugin before 1.7.1 does not s ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-1006 (The Advanced Booking Calendar WordPress plugin before 1.7.1 does not s ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-1005
RESERVED
CVE-2022-1004 (Accounted time is shown in the Ticket Detail View (External Interface) ...)
@@ -4882,7 +4882,7 @@ CVE-2022-27219
CVE-2022-27194
RESERVED
CVE-2022-0989 (An unprivileged user could use the functionality of the NS WooCommerce ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-0988 (Delta Electronics DIAEnergie (Version 1.7.5 and prior) is vulnerable t ...)
NOT-FOR-US: Delta Electronics
CVE-2022-0987 [PackageKit: Information Disclosure in Transaction Interface via timing]
@@ -5131,7 +5131,7 @@ CVE-2022-25949 (The kernel mode driver kwatch3 of KINGSOFT Internet Security 9 P
CVE-2022-0970 (Cross-site Scripting (XSS) - Stored in GitHub repository getgrav/grav ...)
NOT-FOR-US: Grav CMS
CVE-2022-0969 (The Image optimization & Lazy Load by Optimole WordPress plugin be ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-0968 (The microweber application allows large characters to insert in the in ...)
NOT-FOR-US: microweber
CVE-2022-0967 (Stored XSS via File Upload in star7th/showdoc in star7th/showdoc in Gi ...)
@@ -5171,7 +5171,7 @@ CVE-2022-0951 (File Upload Restriction Bypass leading to Stored XSS Vulnerabilit
CVE-2022-0950 (Unrestricted Upload of File with Dangerous Type in GitHub repository s ...)
NOT-FOR-US: ShowDoc
CVE-2022-0949 (The Block Bad Bots and Stop Bad Bots Crawlers and Spiders and Anti Spa ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-0948
RESERVED
CVE-2022-XXXX [wordpress 5.9.2]
@@ -5912,7 +5912,7 @@ CVE-2022-0916
CVE-2022-0915
RESERVED
CVE-2022-0914 (The Export All URLs WordPress plugin before 4.3 does not have CSRF in ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-0913 (Integer Overflow or Wraparound in GitHub repository microweber/microwe ...)
NOT-FOR-US: microweber
CVE-2022-0912 (Unrestricted Upload of File with Dangerous Type in GitHub repository m ...)
@@ -6116,7 +6116,7 @@ CVE-2022-0894 (Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/
CVE-2022-0893 (Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimco ...)
NOT-FOR-US: pimcore
CVE-2022-0892 (The Export All URLs WordPress plugin before 4.2 does not sanitise and ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-46707
RESERVED
CVE-2021-46706
@@ -7154,7 +7154,7 @@ CVE-2022-0842 (A blind SQL injection vulnerability in McAfee Enterprise ePolicy
CVE-2022-0841 (OS Command Injection in GitHub repository ljharb/npm-lockfile in v2.0. ...)
NOT-FOR-US: ljharb/npm-lockfile
CVE-2022-0840 (The Easy Social Icons WordPress plugin before 3.2.1 does not properly ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-0839 (Improper Restriction of XML External Entity Reference in GitHub reposi ...)
NOT-FOR-US: liquibase
CVE-2022-0838 (Cross-site Scripting (XSS) - Reflected in GitHub repository hestiacp/h ...)
@@ -7241,7 +7241,7 @@ CVE-2022-0830 (The FormBuilder WordPress plugin through 1.08 does not have CSRF
CVE-2022-0829 (Improper Authorization in GitHub repository webmin/webmin prior to 1.9 ...)
- webmin <removed>
CVE-2022-0828 (The Download Manager WordPress plugin before 3.2.39 uses the uniqid ph ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-0827
RESERVED
CVE-2022-0826
@@ -9043,7 +9043,7 @@ CVE-2022-0729 (Use of Out-of-range Pointer Offset in GitHub repository vim/vim p
NOTE: https://huntr.dev/bounties/f3f3d992-7bd6-4ee5-a502-ae0e5f8016ea
NOTE: https://github.com/vim/vim/commit/6456fae9ba8e72c74b2c0c499eaf09974604ff30 (v8.2.4440)
CVE-2022-0728 (The Easy Smooth Scroll Links WordPress plugin before 2.23.1 does not s ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-0727 (Improper Access Control in GitHub repository chocobozzz/peertube prior ...)
- peertube <itp> (bug #950821)
CVE-2022-0726 (Improper Authorization in GitHub repository chocobozzz/peertube prior ...)
@@ -11959,7 +11959,7 @@ CVE-2022-0533 (The Ditty (formerly Ditty News Ticker) WordPress plugin before 3.
CVE-2022-0532 (An incorrect sysctls validation vulnerability was found in CRI-O 1.18 ...)
NOT-FOR-US: cri-o
CVE-2022-0531 (The Migration, Backup, Staging WordPress plugin before 0.9.70 does not ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-0530 (A flaw was found in Unzip. The vulnerability occurs during the convers ...)
- unzip <unfixed>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2051395
@@ -12969,7 +12969,7 @@ CVE-2022-22986 (Netcommunity OG410X and OG810X series (Netcommunity OG410Xa, OG4
CVE-2022-0472 (Unrestricted Upload of File with Dangerous Type in Packagist jsdecena/ ...)
NOT-FOR-US: jsdecena/laracom
CVE-2022-0471 (The Favicon by RealFaviconGenerator WordPress plugin before 1.3.23 doe ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-24294
RESERVED
CVE-2022-24293 (Certain HP Print devices may be vulnerable to potential information di ...)
@@ -13094,7 +13094,7 @@ CVE-2022-0449 (The Flexi WordPress plugin before 4.20 does not sanitise and esca
CVE-2022-0448 (The CP Blocks WordPress plugin before 1.0.15 does not sanitise and esc ...)
NOT-FOR-US: WordPress plugin
CVE-2022-0447 (The Post Grid WordPress plugin before 2.1.16 does not sanitise and esc ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-0446
RESERVED
CVE-2022-0445 (The WordPress Real Cookie Banner: GDPR (DSGVO) & ePrivacy Cookie C ...)
@@ -16067,7 +16067,7 @@ CVE-2022-23458
CVE-2022-23457
RESERVED
CVE-2022-0314 (The Nimble Page Builder WordPress plugin before 3.2.2 does not sanitis ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-0313 (The Float menu WordPress plugin before 4.3.1 does not have CSRF check ...)
NOT-FOR-US: WordPress plugin
CVE-2022-0312
@@ -16550,7 +16550,7 @@ CVE-2022-0273 (Improper Access Control in Pypi calibreweb prior to 0.6.16. ...)
CVE-2022-0272
RESERVED
CVE-2022-0271 (The LearnPress WordPress plugin before 4.1.6 does not sanitise and esc ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-0270 (Prior to v0.6.1, bored-agent failed to sanitize incoming kubernetes im ...)
NOT-FOR-US: bored-agent
CVE-2022-0269 (Cross-Site Request Forgery (CSRF) in Packagist yetiforce/yetiforce-crm ...)
@@ -16872,7 +16872,7 @@ CVE-2022-0248 (The Contact Form Submissions WordPress plugin before 1.7.3 does n
CVE-2022-0247 (An issue exists in Fuchsia where VMO data can be modified through acce ...)
NOT-FOR-US: Fuchsia
CVE-2022-0246 (The settings of the iQ Block Country WordPress plugin before 1.2.13 ca ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-23304 (The implementations of EAP-pwd in hostapd before 2.10 and wpa_supplica ...)
- wpa 2:2.10-1
[bullseye] - wpa <no-dsa> (Minor issue)
@@ -78816,7 +78816,7 @@ CVE-2021-25092 (The Link Library WordPress plugin before 7.2.8 does not have CSR
CVE-2021-25091 (The Link Library WordPress plugin before 7.2.9 does not sanitise and e ...)
NOT-FOR-US: WordPress plugin
CVE-2021-25090 (The Portfolio Gallery, Product Catalog WordPress plugin before 2.1.0 d ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-25089 (The UpdraftPlus WordPress Backup Plugin WordPress plugin before 1.16.6 ...)
NOT-FOR-US: WordPress plugin
CVE-2021-25088
@@ -79022,9 +79022,9 @@ CVE-2021-24989 (The Accept Donations with PayPal WordPress plugin before 1.3.4 d
CVE-2021-24988 (The WP RSS Aggregator WordPress plugin before 4.19.3 does not sanitise ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24987 (The Social Share, Social Login and Social Comments Plugin WordPress pl ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24986 (The Post Grid WordPress plugin before 2.1.16 does not escape the keywo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24985 (The Easy Forms for Mailchimp WordPress plugin before 6.8.6 does not sa ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24984 (The WPFront User Role Editor WordPress plugin before 3.2.1.11184 does ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c0475ebe46adeecefd9518d16bbb10f1fa07892a
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c0475ebe46adeecefd9518d16bbb10f1fa07892a
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220411/2487b523/attachment.htm>
More information about the debian-security-tracker-commits
mailing list