[Git][security-tracker-team/security-tracker][master] Process several NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Mon Aug 1 21:17:33 BST 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
b985e3f7 by Salvatore Bonaccorso at 2022-08-01T22:17:06+02:00
Process several NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -4052,9 +4052,9 @@ CVE-2022-2372
CVE-2022-2371
RESERVED
CVE-2022-2370 (The YaySMTP WordPress plugin before 2.2.1 does not have capability che ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-2369 (The YaySMTP WordPress plugin before 2.2.1 does not have capability che ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-2368 (Business Logic Errors in GitHub repository microweber/microweber prior ...)
NOT-FOR-US: microweber
CVE-2022-2367
@@ -4932,7 +4932,7 @@ CVE-2022-2330
CVE-2022-2329
RESERVED
CVE-2022-2328 (The Flexi Quote Rotator WordPress plugin through 0.9.4 does not saniti ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-2327 (io_uring use work_flags to determine which identity need to grab from ...)
- linux 5.14.6-1
[bullseye] - linux 5.10.127-1
@@ -4951,7 +4951,7 @@ CVE-2022-35231
CVE-2022-33896
RESERVED
CVE-2022-2325 (The Invitation Based Registrations WordPress plugin through 2.2.84 doe ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-2324 (Improperly Implemented Security Check vulnerability in the SonicWall H ...)
NOT-FOR-US: SonicWall
CVE-2022-2323 (Improper neutralization of special elements used in a user input allow ...)
@@ -5008,7 +5008,7 @@ CVE-2022-2319 [ZDI-CAN-16062: X.Org Server ProcXkbSetGeometry Out-Of-Bounds Acce
NOTE: Required for fixes: https://github.com/freedesktop/xorg-xserver/commit/f1070c01d616c5f21f939d5ebc533738779451ac
NOTE: https://www.openwall.com/lists/oss-security/2022/07/12/1
CVE-2022-2317 (The Simple Membership WordPress plugin before 4.1.3 allows user to cha ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-2316 (HTML injection vulnerability in secure messages of Devolutions Server ...)
NOT-FOR-US: Devolutions Server
CVE-2022-2315
@@ -5646,7 +5646,7 @@ CVE-2022-34916
CVE-2022-2306 (Old session tokens can be used to authenticate to the application and ...)
NOT-FOR-US: Nakama
CVE-2022-2305 (The WordPress Popup WordPress plugin through 1.9.3.8 does not sanitise ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-2304 (Stack-based Buffer Overflow in GitHub repository vim/vim prior to 9.0. ...)
- vim <unfixed> (bug #1015984)
[bullseye] - vim <no-dsa> (Minor issue)
@@ -5809,7 +5809,7 @@ CVE-2022-2279 (NULL Pointer Dereference in GitHub repository bfabiszewski/libmob
NOTE: https://huntr.dev/bounties/68c249e2-779d-4871-b7e3-851f03aca2de/
NOTE: https://github.com/bfabiszewski/libmobi/commit/c0699c8693c47f14a2e57dec7292e862ac7adf9c (v0.11)
CVE-2022-2278 (The Featured Image from URL (FIFU) WordPress plugin before 4.0.1 does ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-2277
RESERVED
CVE-2021-4234 (OpenVPN Access Server 2.10 and prior versions are susceptible to resen ...)
@@ -5946,7 +5946,7 @@ CVE-2022-2274 (The OpenSSL 3.0.4 release introduced a serious bug in the RSA imp
NOTE: https://github.com/openssl/openssl/issues/18625
NOTE: https://www.openssl.org/news/secadv/20220705.txt
CVE-2022-2273 (The Simple Membership WordPress plugin before 4.1.3 does not properly ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-2272
RESERVED
CVE-2022-2271
@@ -5975,7 +5975,7 @@ CVE-2022-2262 (A vulnerability has been found in Online Hotel Booking System 1.0
CVE-2022-2261
RESERVED
CVE-2022-2260 (The GiveWP WordPress plugin before 2.21.3 does not have CSRF in place ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-34835 (In Das U-Boot through 2022.07-rc5, an integer signedness error and res ...)
- u-boot <unfixed> (bug #1014529)
[bullseye] - u-boot <no-dsa> (Minor issue)
@@ -6225,7 +6225,7 @@ CVE-2022-34736 (The frame scheduling module has a null pointer dereference vulne
CVE-2022-34735 (The frame scheduling module has a null pointer dereference vulnerabili ...)
NOT-FOR-US: Huawei
CVE-2022-2245 (The Counter Box WordPress plugin before 1.2.1 is lacking CSRF check wh ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-2244 (An improper authorization vulnerability in GitLab EE/CE affecting all ...)
- gitlab <unfixed>
CVE-2022-2243 (An access control vulnerability in GitLab EE/CE affecting all versions ...)
@@ -6233,7 +6233,7 @@ CVE-2022-2243 (An access control vulnerability in GitLab EE/CE affecting all ver
CVE-2022-2242
RESERVED
CVE-2022-2241 (The Featured Image from URL (FIFU) WordPress plugin before 4.0.0 does ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-2240 (The Request a Quote WordPress plugin through 2.3.7 does not validate u ...)
NOT-FOR-US: WordPress plugin
CVE-2022-2239 (The Request a Quote WordPress plugin through 2.3.7 does not sanitise a ...)
@@ -6481,7 +6481,7 @@ CVE-2022-2217 (Cross-site Scripting (XSS) - Generic in GitHub repository ionicab
CVE-2022-2216 (Server-Side Request Forgery (SSRF) in GitHub repository ionicabizau/pa ...)
NOT-FOR-US: Node parse-url
CVE-2022-2215 (The GiveWP WordPress plugin before 2.21.3 does not properly sanitise a ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2020-36553 (Cross Site Scripting (XSS) vulnerability in sourcecodester Multi Resta ...)
NOT-FOR-US: Multi Restaurant Table Reservation System
CVE-2020-36552 (Cross Site Scripting (XSS) vulnerability in sourcecodester Multi Resta ...)
@@ -7393,7 +7393,7 @@ CVE-2022-32284 (Use of insufficiently random values vulnerability exists in Vnet
CVE-2022-2185 (A critical issue has been discovered in GitLab affecting all versions ...)
- gitlab <unfixed>
CVE-2022-2184 (The CAPTCHA 4WP WordPress plugin before 7.1.0 lets user input reach a ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-2183 (Out-of-bounds Read in GitHub repository vim/vim prior to 8.2. ...)
- vim <unfixed> (unimportant)
NOTE: https://huntr.dev/bounties/d74ca3f9-380d-4c0a-b61c-11113cc98975
@@ -7405,7 +7405,7 @@ CVE-2022-2182 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to
NOTE: https://github.com/vim/vim/commit/f7c7c3fad6d2135d558f3b36d0d1a943118aeb5e (v8.2.5150)
NOTE: Crash in CLI tool, no security impact
CVE-2022-2181 (The Advanced WordPress Reset WordPress plugin before 1.6 does not esca ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-46824 (Cross Site Scripting (XSS) vulnerability in sourcecodester School File ...)
NOT-FOR-US: sourcecodester School File Management System
CVE-2022-34327
@@ -7449,7 +7449,7 @@ CVE-2022-34309
CVE-2022-34308
RESERVED
CVE-2022-34307 (IBM CICS TX 11.1 does not set the secure attribute on authorization to ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2022-34306 (IBM CICS TX Standard and Advanced 11.1 is vulnerable to HTTP header in ...)
NOT-FOR-US: IBM
CVE-2022-34305 (In Apache Tomcat 10.1.0-M1 to 10.1.0-M16, 10.0.0-M1 to 10.0.22, 9.0.30 ...)
@@ -7557,9 +7557,9 @@ CVE-2022-2173 (The Advanced Database Cleaner WordPress plugin before 3.1.1 does
CVE-2022-2172
RESERVED
CVE-2022-2171 (The Progressive License WordPress plugin through 1.1.0 is lacking any ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-2170 (The Microsoft Advertising Universal Event Tracking (UET) WordPress plu ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-2169 (The Loading Page with Loading Screen WordPress plugin before 1.0.83 do ...)
NOT-FOR-US: WordPress plugin
CVE-2022-2168 (The Download Manager WordPress plugin before 3.2.44 does not escape a ...)
@@ -7876,13 +7876,13 @@ CVE-2022-34166 (IBM CICS TX Standard and Advanced 11.1 is vulnerable to cross-si
CVE-2022-34165
RESERVED
CVE-2022-34164 (IBM CICS TX 11.1 could allow a local user to impersonate another legit ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2022-34163 (IBM CICS TX 11.1 is vulnerable to HTTP header injection, caused by imp ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2022-34162 (IBM CICS TX 11.1 could allow a remote attacker to hijack the clicking ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2022-34161 (IBM CICS TX 11.1 is vulnerable to cross-site request forgery which cou ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2022-34160 (IBM CICS TX Standard and Advanced 11.1 is vulnerable to HTML injection ...)
NOT-FOR-US: IBM
CVE-2022-34159
@@ -8407,7 +8407,7 @@ CVE-2022-33957
CVE-2022-33956
RESERVED
CVE-2022-33955 (IBM CICS TX 11.1 could allow allow an attacker with physical access to ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2022-33954
RESERVED
CVE-2022-33953 (IBM Robotic Process Automation 21.0.1 and 21.0.2 could allow a user wi ...)
@@ -13038,7 +13038,7 @@ CVE-2022-1952 (The Free Booking Plugin for Hotels, Restaurant and Car Rental Wor
CVE-2022-1951 (The core plugin for kitestudio WordPress plugin before 2.3.1 does not ...)
NOT-FOR-US: WordPress plugin
CVE-2022-1950 (The Youzify WordPress plugin before 1.2.0 does not sanitise and escape ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-1949 (An access control bypass vulnerability found in 389-ds-base. That mish ...)
- 389-ds-base <unfixed> (bug #1016446)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2091781
@@ -13992,7 +13992,7 @@ CVE-2022-1907 (Buffer Over-read in GitHub repository bfabiszewski/libmobi prior
NOTE: https://huntr.dev/bounties/4eb0fa3e-4480-4fb5-8ec0-fbcd71de6012
NOTE: https://github.com/bfabiszewski/libmobi/commit/1e0378e6f9e4ae415cedc9eb10850888897c5dba (v0.11)
CVE-2022-1906 (The Copyright Proof WordPress plugin through 4.16 does not sanitise an ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-1905 (The Events Made Easy WordPress plugin before 2.2.81 does not properly ...)
NOT-FOR-US: WordPress plugin
CVE-2022-1904 (The Pricing Tables WordPress Plugin WordPress plugin before 3.2.1 does ...)
@@ -18388,7 +18388,7 @@ CVE-2022-1602
CVE-2022-1601
RESERVED
CVE-2022-1600 (The YOP Poll WordPress plugin before 6.4.3 prioritizes getting a visit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-1599 (The Admin Management Xtended WordPress plugin before 2.4.5 does not ha ...)
NOT-FOR-US: WordPress plugin
CVE-2022-1598 (The WPQA Builder WordPress plugin before 5.4 which is a companion to t ...)
@@ -18503,7 +18503,7 @@ CVE-2022-1586 (An out-of-bounds read vulnerability was discovered in the PCRE2 l
NOTE: https://github.com/PCRE2Project/pcre2/commit/50a51cb7e67268e6ad417eb07c9de9bfea5cc55a (pcre2-10.40)
NOTE: https://github.com/PCRE2Project/pcre2/commit/d4fa336fbcc388f89095b184ba6d99422cfc676c (pcre2-10.40)
CVE-2022-1585 (The Project Source Code Download WordPress plugin through 1.0.0 does n ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-30259
RESERVED
CVE-2022-30258
@@ -21984,7 +21984,7 @@ CVE-2022-1326 (The Form - Contact Form WordPress plugin through 1.2.0 does not s
CVE-2022-1325
RESERVED
CVE-2022-1324 (The Event Timeline WordPress plugin through 1.1.5 does not sanitize an ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-1323
RESERVED
CVE-2022-1322
@@ -33354,7 +33354,7 @@ CVE-2022-0600 (The Conference Scheduler WordPress plugin before 2.4.3 does not s
CVE-2022-0599 (The Mapping Multiple URLs Redirect Same Page WordPress plugin through ...)
NOT-FOR-US: WordPress plugin
CVE-2022-0598 (The Login with phone number WordPress plugin through 1.3.7 do not sani ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-0597 (Open Redirect in Packagist microweber/microweber prior to 1.2.11. ...)
NOT-FOR-US: microweber
CVE-2022-0596 (Business Logic Errors in Packagist microweber/microweber prior to 1.2. ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b985e3f7f6937a251cb3fe8f319dad47d41930a2
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b985e3f7f6937a251cb3fe8f319dad47d41930a2
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220801/ffb11bcc/attachment.htm>
More information about the debian-security-tracker-commits
mailing list