[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Apr 19 05:51:47 BST 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
7fe81b1e by Salvatore Bonaccorso at 2022-04-19T06:51:12+02:00
Process NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -3690,7 +3690,7 @@ CVE-2022-1114
CVE-2022-1113
RESERVED
CVE-2022-1112 (The Autolinks WordPress plugin through 1.0.1 does not have CSRF check ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-1111 (A business logic error in Project Import in GitLab CE/EE versions 14.9 ...)
- gitlab <unfixed>
CVE-2020-36520
@@ -4296,13 +4296,13 @@ CVE-2022-1093
CVE-2022-1092
RESERVED
CVE-2022-1091 (The sanitisation step of the Safe SVG WordPress plugin before 1.9.10 c ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-1090 (The Good & Bad Comments WordPress plugin through 1.0.0 does not sa ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-1089
RESERVED
CVE-2022-1088 (The Page Security & Membership WordPress plugin through 1.5.15 doe ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-1087 (A vulnerability, which was classified as problematic, has been found i ...)
NOT-FOR-US: htmly
CVE-2022-1086 (A vulnerability was found in DolphinPHP up to 1.5.0 and classified as ...)
@@ -4373,7 +4373,7 @@ CVE-2022-27855
CVE-2022-27854
RESERVED
CVE-2022-27853 (Authenticated (author or higher role) Stored Cross-Site Scripting (XSS ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-27852 (Multiple Unauthenticated Stored Cross-Site Scripting (XSS) vulnerabili ...)
NOT-FOR-US: WordPress plugin
CVE-2022-27851 (Cross-Site Request Forgery (CSRF) in Use Any Font (WordPress plugin) & ...)
@@ -4399,7 +4399,7 @@ CVE-2022-1065
CVE-2022-1064 (SQL injection through marking blog comments on bulk as spam in GitHub ...)
NOT-FOR-US: forkcms
CVE-2022-1063 (The Thank Me Later WordPress plugin through 3.3.4 does not sanitise an ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-1062
RESERVED
CVE-2022-1061 (Heap Buffer Overflow in parseDragons in GitHub repository radareorg/ra ...)
@@ -4867,7 +4867,7 @@ CVE-2022-1055 (A use-after-free exists in the Linux Kernel in tc_new_tfilter tha
[stretch] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/04c2a47ffb13c29778e2a14e414ad4cb5a5db4b5 (5.17-rc3)
CVE-2022-1054 (The RSVP and Event Management Plugin WordPress plugin before 2.7.8 doe ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-1053
RESERVED
CVE-2022-1052 (Heap Buffer Overflow in iterate_chained_fixups in GitHub repository ra ...)
@@ -5793,7 +5793,7 @@ CVE-2022-26022 (Omron CX-Position (versions 2.5.3 and prior) is vulnerable to an
CVE-2022-25959 (Omron CX-Position (versions 2.5.3 and prior) is vulnerable to memory c ...)
NOT-FOR-US: Omron CX-Position
CVE-2022-1037 (The EXMAGE WordPress plugin before 1.0.7 does to ensure that images ad ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-1036 (Able to create an account with long password leads to memory corruptio ...)
NOT-FOR-US: microweber
CVE-2022-1035 (Segmentation Fault caused by MP4Box -lsr in GitHub repository gpac/gpa ...)
@@ -5868,7 +5868,7 @@ CVE-2022-1022
CVE-2022-1021
RESERVED
CVE-2022-1020 (The Product Table for WooCommerce (wooproducttable) WordPress plugin b ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-27240 (scheme/webauthn.c in Glewlwyd SSO server 2.x before 2.6.2 has a buffer ...)
- glewlwyd 2.6.1-2
[bullseye] - glewlwyd 2.5.2-2+deb11u3
@@ -5947,7 +5947,7 @@ CVE-2022-1003 (One of the API in Mattermost version 6.3.0 and earlier fails to p
CVE-2022-1002 (Mattermost 6.3.0 and earlier fails to properly sanitize the HTML conte ...)
- mattermost-server <itp> (bug #823556)
CVE-2022-1001 (The WP Downgrade WordPress plugin before 1.2.3 only perform client sid ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-1000 (Path Traversal in GitHub repository prasathmani/tinyfilemanager prior ...)
NOT-FOR-US: prasathmani/tinyfilemanager
CVE-2022-27228 (In the vote (aka "Polls, Votes") module before 21.0.100 of Bitrix Site ...)
@@ -5984,7 +5984,7 @@ CVE-2022-0995 (An out-of-bounds (OOB) memory write flaw was found in the Linux k
[stretch] - linux <not-affected> (Vulnerable code not present)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2063786
CVE-2022-0994 (The Hummingbird WordPress plugin before 3.3.2 does not sanitise and es ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-27225 (Gradle Enterprise before 2021.4.3 relies on cleartext data transmissio ...)
NOT-FOR-US: Gradle Enterprise
CVE-2022-27224
@@ -7812,7 +7812,7 @@ CVE-2022-26533 (Alist v2.1.0 and below was discovered to contain a cross-site sc
CVE-2022-25960
RESERVED
CVE-2022-0879 (The Caldera Forms WordPress plugin before 1.9.7 does not validate and ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-0878 (Electric Vehicle (EV) commonly utilises the Combined Charging System ( ...)
NOT-FOR-US: Combined Charging System
CVE-2022-0877 (Cross-site Scripting (XSS) - Stored in GitHub repository bookstackapp/ ...)
@@ -8998,7 +8998,7 @@ CVE-2022-0787 (The Limit Login Attempts (Spam Protection) WordPress plugin befor
CVE-2022-0786
RESERVED
CVE-2022-0785 (The Daily Prayer Time WordPress plugin before 2022.03.01 does not sani ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-0784 (The Title Experiments Free WordPress plugin before 9.0.1 does not sani ...)
NOT-FOR-US: WordPress plugin
CVE-2022-0783
@@ -9008,7 +9008,7 @@ CVE-2022-0782
CVE-2022-0781
RESERVED
CVE-2022-0780 (The SearchIQ WordPress plugin before 3.9 contains a flag to disable th ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-0779
RESERVED
CVE-2022-0778 (The BN_mod_sqrt() function, which computes a modular square root, cont ...)
@@ -9138,7 +9138,7 @@ CVE-2022-26002
CVE-2022-25995
RESERVED
CVE-2022-0765 (The Loco Translate WordPress plugin before 2.6.1 does not properly rem ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-0764 (Arbitrary Command Injection in GitHub repository strapi/strapi prior t ...)
NOT-FOR-US: strapi
CVE-2022-0763 (Cross-site Scripting (XSS) - Stored in GitHub repository microweber/mi ...)
@@ -9829,7 +9829,7 @@ CVE-2022-0738 (An issue has been discovered in GitLab affecting all versions sta
- gitlab <not-affected> (Vulnerable code introduced later)
NOTE: https://about.gitlab.com/releases/2022/02/25/critical-security-release-gitlab-14-8-2-released/
CVE-2022-0737 (The Text Hover WordPress plugin before 4.2 does not sanitize and escap ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-0736 (Insecure Temporary File in GitHub repository mlflow/mlflow prior to 1. ...)
NOT-FOR-US: mlflow
CVE-2022-0735 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
@@ -10376,9 +10376,9 @@ CVE-2022-0708 (Mattermost 6.3.0 and earlier fails to protect email addresses of
NOTE: MMSA-2022-0082
NOTE: https://mattermost.com/security-updates/
CVE-2022-0707 (The Easy Digital Downloads WordPress plugin before 2.11.6 does not hav ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-0706 (The Easy Digital Downloads WordPress plugin before 2.11.6 does not san ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-0705 (Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimco ...)
NOT-FOR-US: pimcore
CVE-2022-0704 (Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimco ...)
@@ -11168,7 +11168,7 @@ CVE-2022-0663
CVE-2022-0662
RESERVED
CVE-2022-0661 (The Ad Injection WordPress plugin through 1.2.0.19 does not properly s ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-0660 (Generation of Error Message Containing Sensitive Information in Packag ...)
NOT-FOR-US: microweber
CVE-2022-0659 (The Sync QCloud COS WordPress plugin before 2.0.1 does not escape some ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7fe81b1e5562c57e72f024cf75b2b4d13d99de5d
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7fe81b1e5562c57e72f024cf75b2b4d13d99de5d
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220419/f1ed9121/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list