[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Mon Aug 8 21:21:50 BST 2022 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
50b28d26 by Salvatore Bonaccorso at 2022-08-08T22:21:26+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -4034,7 +4034,7 @@ CVE-2022-36277
 CVE-2022-36276
 	RESERVED
 CVE-2022-2460 (The WPDating WordPress plugin through 7.1.9 does not properly escape u ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-2459 (An issue has been discovered in GitLab EE affecting all versions befor ...)
 	- gitlab <not-affected> (Specific to EE)
 CVE-2022-2458
@@ -4932,13 +4932,13 @@ CVE-2022-2428
 CVE-2022-2427
 	RESERVED
 CVE-2022-2426 (The Thinkific Uploader WordPress plugin through 1.0.0 does not sanitis ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-2425 (The WP DS Blog Map WordPress plugin through 3.1.3 does not sanitise an ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-2424 (The Google Maps Anywhere WordPress plugin through 1.2.6.3 does not san ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-2423 (The DW Promobar WordPress plugin through 1.0.4 does not sanitise and e ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-2422
 	RESERVED
 CVE-2022-2421
@@ -4985,13 +4985,13 @@ CVE-2022-2414 (Access to external entities when parsing XML documents can lead t
 CVE-2022-2413
 	RESERVED
 CVE-2022-2412 (The Better Tag Cloud WordPress plugin through 0.99.5 does not sanitise ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-2411 (The Auto More Tag WordPress plugin through 4.0.0 does not sanitise and ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-2410 (The mTouch Quiz WordPress plugin through 3.1.3 does not sanitise and e ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-2409 (The Rough Chart WordPress plugin through 1.0.0 does not properly escap ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-2408 (The Guest account feature in Mattermost version 6.7.0 and earlier fail ...)
 	- mattermost-server <itp> (bug #823556)
 CVE-2022-2407
@@ -5264,7 +5264,7 @@ CVE-2022-2399 (Use after free in WebGPU in Google Chrome prior to 100.0.4896.88
 CVE-2022-35741 (Apache CloudStack version 4.5.0 and later has a SAML 2.0 authenticatio ...)
 	NOT-FOR-US: Apache CloudStack
 CVE-2022-2398 (The WordPress Comments Fields WordPress plugin before 4.1 does not esc ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-2397
 	RESERVED
 CVE-2022-2396 (A vulnerability classified as problematic was found in SourceCodester  ...)
@@ -5322,7 +5322,7 @@ CVE-2022-29870
 CVE-2022-27170
 	RESERVED
 CVE-2022-2395 (The weForms WordPress plugin before 1.6.14 does not sanitise and escap ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-2394 (Puppet Bolt prior to version 3.24.0 will print sensitive parameters wh ...)
 	NOT-FOR-US: Puppet Bolt
 CVE-2021-46827 (An issue was discovered in Oxygen XML WebHelp before 22.1 build 202108 ...)
@@ -5471,7 +5471,7 @@ CVE-2022-2393 (A flaw was found in pki-core, which could allow a user to get a c
 CVE-2022-2392
 	RESERVED
 CVE-2022-2391 (The Inspiro PRO WordPress plugin does not sanitize the portfolio slide ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-2390
 	RESERVED
 CVE-2022-2389
@@ -5481,7 +5481,7 @@ CVE-2022-2388
 CVE-2022-2387
 	RESERVED
 CVE-2022-2386 (The Crowdsignal Dashboard WordPress plugin before 3.0.8 does not sanit ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-35648 (Nautilus treadmills T616 S/N 100672PRO21140001 through 100672PRO211719 ...)
 	NOT-FOR-US: Nautilus treadmills
 CVE-2022-35647
@@ -5556,9 +5556,9 @@ CVE-2022-2374
 CVE-2022-2373
 	RESERVED
 CVE-2022-2372 (The YaySMTP WordPress plugin before 2.2.2 does not sanitise and escape ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-2371 (The YaySMTP WordPress plugin before 2.2.1 does not have proper authori ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-2370 (The YaySMTP WordPress plugin before 2.2.1 does not have capability che ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-2369 (The YaySMTP WordPress plugin before 2.2.1 does not have capability che ...)
@@ -5566,7 +5566,7 @@ CVE-2022-2369 (The YaySMTP WordPress plugin before 2.2.1 does not have capabilit
 CVE-2022-2368 (Business Logic Errors in GitHub repository microweber/microweber prior ...)
 	NOT-FOR-US: microweber
 CVE-2022-2367 (The WSM Downloader WordPress plugin through 1.4.0 allows only specific ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-35626
 	RESERVED
 CVE-2022-35625
@@ -6019,11 +6019,11 @@ CVE-2022-2359
 CVE-2022-2358
 	RESERVED
 CVE-2022-2357 (The WSM Downloader WordPress plugin through 1.4.0 allows any visitor t ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-2356 (The Frontend File Manager & Sharing WordPress plugin before 1.1.3  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-2355 (The Easy Username Updater WordPress plugin before 1.0.5 does not imple ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-2354
 	RESERVED
 CVE-2022-35411 (rpc.py through 0.6.0 allows Remote Code Execution because an unpickle  ...)
@@ -7472,7 +7472,7 @@ CVE-2022-2271
 CVE-2022-2270 (An issue has been discovered in GitLab affecting all versions starting ...)
 	- gitlab <unfixed>
 CVE-2022-2269 (The Website File Changes Monitor WordPress plugin before 1.8.3 does no ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-2268 (The Import any XML or CSV File to WordPress plugin before 3.6.8 accept ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-2267
@@ -12739,7 +12739,7 @@ CVE-2022-2047 (In Eclipse Jetty versions 9.4.0 thru 9.4.46, and 10.0.0 thru 10.0
 	NOTE: https://github.com/eclipse/jetty.project/security/advisories/GHSA-cj7v-27pg-wf7q
 	NOTE: https://github.com/eclipse/jetty.project/pull/8146
 CVE-2022-2046 (The Directorist WordPress plugin before 7.2.3 allows administrators to ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-2045
 	RESERVED
 CVE-2022-2044



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/50b28d263145aec5e5dc73facd9ceac8cb367388

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/50b28d263145aec5e5dc73facd9ceac8cb367388
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220808/fb3d2d25/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list