[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Mon Apr 25 21:17:04 BST 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
577d7c26 by Salvatore Bonaccorso at 2022-04-25T22:16:40+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -765,7 +765,7 @@ CVE-2022-1398
CVE-2022-1397
RESERVED
CVE-2022-1396 (The Donorbox WordPress plugin before 7.1.7 does not sanitise and escap ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-1395
RESERVED
CVE-2022-1394
@@ -773,11 +773,11 @@ CVE-2022-1394
CVE-2022-1393
RESERVED
CVE-2022-1392 (The Videos sync PDF WordPress plugin through 1.7.4 does not validate t ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-1391 (The Cab fare calculator WordPress plugin through 1.0.3 does not valida ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-1390 (The Admin Word Count Column WordPress plugin through 2.2 does not vali ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-XXXX [snort privilege escalation due to insecure use of logrotate]
- snort <unfixed> (bug #1009820)
[bullseye] - snort <no-dsa> (Minor issue)
@@ -3099,7 +3099,7 @@ CVE-2022-1230
CVE-2022-1229
RESERVED
CVE-2022-1228 (The Opensea WordPress plugin before 1.0.3 does not sanitize and escape ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-1227
RESERVED
- libpod 3.4.7+ds1-1
@@ -3688,11 +3688,11 @@ CVE-2022-1210 (A vulnerability classified as problematic was found in LibTIFF 4.
[buster] - tiff <no-dsa> (Minor issue)
NOTE: https://gitlab.com/libtiff/libtiff/-/issues/402
CVE-2021-46782 (The Pricing Table by Supsystic WordPress plugin before 1.9.5 does not ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-46781 (The Coming Soon by Supsystic WordPress plugin before 1.7.6 does not sa ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-46780 (The Easy Google Maps WordPress plugin before 1.9.32 does not escape th ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-28351
RESERVED
CVE-2022-28350
@@ -3852,7 +3852,7 @@ CVE-2022-26034 (Improper authentication vulnerability in the communication proto
CVE-2022-1200
RESERVED
CVE-2021-4225 (The SP Project & Document Manager WordPress plugin before 4.24 all ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-28299
RESERVED
CVE-2022-28298
@@ -4392,7 +4392,7 @@ CVE-2022-1158
CVE-2022-1157 (Missing sanitization of logged exception messages in all versions prio ...)
- gitlab <unfixed>
CVE-2022-1156 (The Books & Papers WordPress plugin through 0.20210223 does not es ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-1155 (Old sessions are not blocked by the login enable function. in GitHub r ...)
NOT-FOR-US: snipe-it
CVE-2022-1154 (Use after free in utf_ptr2char in GitHub repository vim/vim prior to 8 ...)
@@ -4403,9 +4403,9 @@ CVE-2022-1154 (Use after free in utf_ptr2char in GitHub repository vim/vim prior
NOTE: https://huntr.dev/bounties/7f0ec6bc-ea0e-45b0-8128-caac72d23425
NOTE: https://github.com/vim/vim/commit/b55986c52d4cd88a22d0b0b0e8a79547ba13e1d5 (v8.2.4646)
CVE-2022-1153 (The LayerSlider WordPress plugin before 7.1.2 does not sanitise and es ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-1152 (The Menubar WordPress plugin before 5.8 does not sanitise and escape t ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-1151
RESERVED
CVE-2022-1150
@@ -5267,11 +5267,11 @@ CVE-2022-1096
CVE-2022-1095
RESERVED
CVE-2022-1094 (The amr users WordPress plugin before 4.59.4 does not sanitise and esc ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-1093
RESERVED
CVE-2022-1092 (The myCred WordPress plugin before 2.4.4 does not have authorisation a ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-1091 (The sanitisation step of the Safe SVG WordPress plugin before 1.9.10 c ...)
NOT-FOR-US: WordPress plugin
CVE-2022-1090 (The Good & Bad Comments WordPress plugin through 1.0.0 does not sa ...)
@@ -6538,9 +6538,9 @@ CVE-2022-27376 (MariaDB Server v10.6.5 and below was discovered to contain an us
- mariadb-10.1 <removed>
NOTE: https://jira.mariadb.org/browse/MDEV-26354
CVE-2022-27375 (Tenda AX12 V22.03.01.21_CN was discovered to contain a Cross-Site Requ ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2022-27374 (Tenda AX12 V22.03.01.21_CN was discovered to contain a Cross-Site Requ ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2022-27373
RESERVED
CVE-2022-27372
@@ -6848,7 +6848,7 @@ CVE-2022-27242
CVE-2022-27241 (A vulnerability has been identified in Mendix Applications using Mendi ...)
NOT-FOR-US: Siemens
CVE-2022-1027 (The Page Restriction WordPress (WP) WordPress plugin before 1.2.7 allo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-1026 (Kyocera multifunction printers running vulnerable versions of Net View ...)
NOT-FOR-US: Kyocera printers
CVE-2022-1025
@@ -7291,7 +7291,7 @@ CVE-2022-0955 (Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/
CVE-2022-0954 (Multiple Stored Cross-site Scripting (XSS) Vulnerabilities in Shop's O ...)
NOT-FOR-US: microweber
CVE-2022-0953 (The Anti-Malware Security and Brute-Force Firewall WordPress plugin be ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-0952
RESERVED
CVE-2022-0951 (File Upload Restriction Bypass leading to Stored XSS Vulnerability in ...)
@@ -8829,7 +8829,7 @@ CVE-2022-0878 (Electric Vehicle (EV) commonly utilises the Combined Charging Sys
CVE-2022-0877 (Cross-site Scripting (XSS) - Stored in GitHub repository bookstackapp/ ...)
NOT-FOR-US: bookstack
CVE-2022-0876 (The Social comments by WpDevArt WordPress plugin before 2.5.0 does not ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-0875
RESERVED
CVE-2022-0874
@@ -10020,7 +10020,7 @@ CVE-2022-0784 (The Title Experiments Free WordPress plugin before 9.0.1 does not
CVE-2022-0783
RESERVED
CVE-2022-0782 (The Donations WordPress plugin through 1.8 does not sanitise and escap ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-0781
RESERVED
CVE-2022-0780 (The SearchIQ WordPress plugin before 3.9 contains a flag to disable th ...)
@@ -10050,7 +10050,7 @@ CVE-2022-0771
CVE-2022-0770 (The Translate WordPress with GTranslate WordPress plugin before 2.9.9 ...)
NOT-FOR-US: WordPress plugin
CVE-2022-0769 (The Users Ultra WordPress plugin through 3.1.0 fails to properly sanit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-0768 (Server-Side Request Forgery (SSRF) in GitHub repository rudloff/alltub ...)
NOT-FOR-US: rudloff/alltube
CVE-2022-26149 (MODX Revolution through 2.8.3-pl allows remote authenticated administr ...)
@@ -11909,7 +11909,7 @@ CVE-2022-25355 (EC-CUBE 3.0.0 to 3.0.18-p3 and EC-CUBE 4.0.0 to 4.1.1 improperly
CVE-2022-0694 (The Advanced Booking Calendar WordPress plugin before 1.7.0 does not v ...)
NOT-FOR-US: WordPress plugin
CVE-2022-0693 (The Master Elements WordPress plugin through 8.0 does not validate and ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-0692 (Open Redirect on Rudloff/alltube in Packagist rudloff/alltube prior to ...)
NOT-FOR-US: alltube
CVE-2022-0691 (Authorization Bypass Through User-Controlled Key in NPM url-parse prio ...)
@@ -12201,9 +12201,9 @@ CVE-2022-0659 (The Sync QCloud COS WordPress plugin before 2.0.1 does not escape
CVE-2022-0658 (The CommonsBooking WordPress plugin before 2.6.8 does not sanitise and ...)
NOT-FOR-US: WordPress plugin
CVE-2022-0657 (The 5 Stars Rating Funnel WordPress Plugin | RRatingg WordPress plugin ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-0656 (The Web To Print Shop : uDraw WordPress plugin before 3.3.3 does not v ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-26520 (** DISPUTED ** In pgjdbc before 42.3.3, an attacker (who controls the ...)
- libpgjava 42.3.3-1
NOTE: https://github.com/pgjdbc/pgjdbc/security/advisories/GHSA-673j-qm5f-xpv8
@@ -12403,7 +12403,7 @@ CVE-2022-0635 (Versions affected: BIND 9.18.0 When a vulnerable version of named
[stretch] - bind9 <not-affected> (Vulnerable code introduced later)
NOTE: https://kb.isc.org/docs/cve-2022-0635
CVE-2022-0634 (The ThirstyAffiliates Affiliate Link Manager WordPress plugin before 3 ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-0633 (The UpdraftPlus WordPress plugin Free before 1.22.3 and Premium before ...)
NOT-FOR-US: WordPress plugin
CVE-2022-0632 (NULL Pointer Dereference in Homebrew mruby prior to 3.2. ...)
@@ -14144,7 +14144,7 @@ CVE-2022-0543 (It was discovered, that redis, a persistent key-value database, d
CVE-2022-0542
RESERVED
CVE-2022-0541 (The flo-launch WordPress plugin before 2.4.1 injects code into wp-conf ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-0540 (A vulnerability in Jira Seraph allows a remote, unauthenticated attack ...)
NOT-FOR-US: Jira Seraph
CVE-2022-0539 (Cross-site Scripting (XSS) - Stored in Packagist ptrofimov/beanstalk_c ...)
@@ -15930,7 +15930,7 @@ CVE-2022-0400 [Out of bounds read in the smc protocol stack]
CVE-2022-0399 (The Advanced Product Labels for WooCommerce WordPress plugin before 1. ...)
NOT-FOR-US: WordPress plugin
CVE-2022-0398 (The ThirstyAffiliates Affiliate Link Manager WordPress plugin before 3 ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-0397 (The WPC Smart Wishlist for WooCommerce WordPress plugin before 2.9.4 d ...)
NOT-FOR-US: WordPress plugin
CVE-2018-25030 (A vulnerability classified as problematic has been found in Mirmay Sec ...)
@@ -16676,7 +16676,7 @@ CVE-2022-0365 (The affected product is vulnerable to an authenticated OS command
CVE-2022-0364 (The Modern Events Calendar Lite WordPress plugin before 6.4.0 does not ...)
NOT-FOR-US: WordPress plugin
CVE-2022-0363 (The myCred WordPress plugin before 2.4.4 does not have any authorisati ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-0362 (SQL Injection in Packagist showdoc/showdoc prior to 2.10.3. ...)
NOT-FOR-US: ShowDoc
CVE-2022-0361 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. ...)
@@ -18471,7 +18471,7 @@ CVE-2022-0289 (Use after free in Safe browsing in Google Chrome prior to 97.0.46
CVE-2022-0288 (The Ad Inserter WordPress plugin before 2.7.10, Ad Inserter Pro WordPr ...)
NOT-FOR-US: WordPress plugin
CVE-2022-0287 (The myCred WordPress plugin before 2.4.3.1 does not have any authorisa ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-0286 (A flaw was found in the Linux kernel. A null pointer dereference in bo ...)
- linux 5.14.6-1
[bullseye] - linux 5.10.70-1
@@ -22304,7 +22304,7 @@ CVE-2022-22394 (The IBM Spectrum Protect 8.1.14.000 server could allow a remote
CVE-2022-22393
RESERVED
CVE-2022-22392 (IBM Planning Analytics Local 2.0 could allow an attacker to upload arb ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2022-22391 (IBM Aspera High-Speed Transfer 4.3.1 and earlier could allow an authen ...)
NOT-FOR-US: IBM
CVE-2022-22390
@@ -45863,7 +45863,7 @@ CVE-2021-39042
CVE-2021-39041
RESERVED
CVE-2021-39040 (IBM Planning Analytics Workspace 2.0 could be vulnerable to malicious ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2021-39039
RESERVED
CVE-2021-39038 (IBM WebSphere Application Server 9.0 and IBM WebSphere Application Ser ...)
@@ -81168,7 +81168,7 @@ CVE-2021-25113 (The Dropdown Menu Widget WordPress plugin through 1.9.7 does not
CVE-2021-25112 (The WHMCS Bridge WordPress plugin before 6.4b does not sanitise and es ...)
NOT-FOR-US: WordPress plugin
CVE-2021-25111 (The English WordPress Admin WordPress plugin before 1.5.2 does not val ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-25110 (The Futurio Extra WordPress plugin before 1.6.3 allows any logged in u ...)
NOT-FOR-US: WordPress plugin
CVE-2021-25109 (The Futurio Extra WordPress plugin before 1.6.3 is affected by a SQL I ...)
@@ -81202,7 +81202,7 @@ CVE-2021-25096 (The IP2Location Country Blocker WordPress plugin before 2.26.5 b
CVE-2021-25095 (The IP2Location Country Blocker WordPress plugin before 2.26.5 does no ...)
NOT-FOR-US: WordPress plugin
CVE-2021-25094 (The Tatsu WordPress plugin before 3.3.12 add_custom_font action can be ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-25093 (The Link Library WordPress plugin before 7.2.8 does not have authorisa ...)
NOT-FOR-US: WordPress plugin
CVE-2021-25092 (The Link Library WordPress plugin before 7.2.8 does not have CSRF chec ...)
@@ -81476,7 +81476,7 @@ CVE-2021-24959 (The WP Email Users WordPress plugin through 1.7.6 does not escap
CVE-2021-24958 (The Meks Easy Photo Feed Widget WordPress plugin before 1.2.4 does not ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24957 (The Advanced Page Visit Counter WordPress plugin through 5.0.8 does no ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24956 (The Blog2Social: Social Media Auto Post & Scheduler WordPress plug ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24955 (The User Registration, Login Form, User Profile & Membership WordP ...)
@@ -81780,7 +81780,7 @@ CVE-2021-24807 (The Support Board WordPress plugin before 3.3.5 allows Authentic
CVE-2021-24806 (The wpDiscuz WordPress plugin before 7.3.4 does check for CSRF when ad ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24805 (The DW Question & Answer Pro WordPress plugin through 1.3.4 does n ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24804 (The Simple JWT Login WordPress plugin before 3.2.1 does not have nonce ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24803 (The Core Tweaks WP Setup WordPress plugin through 4.1 allows to bulk-s ...)
@@ -81790,7 +81790,7 @@ CVE-2021-24802 (The Colorful Categories WordPress plugin before 2.0.15 does not
CVE-2021-24801 (The WP Survey Plus WordPress plugin through 1.0 does not have any auth ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24800 (The DW Question & Answer Pro WordPress plugin through 1.3.4 does n ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24799 (The Far Future Expiry Header WordPress plugin before 1.5 does not have ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24798 (The WP Header Images WordPress plugin before 2.0.1 does not sanitise a ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/577d7c26a374a2fbb5655e21d1e846e17a4a6897
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/577d7c26a374a2fbb5655e21d1e846e17a4a6897
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220425/ca189863/attachment.htm>
More information about the debian-security-tracker-commits
mailing list