[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Mon Aug 15 21:12:37 BST 2022 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
24729270 by Salvatore Bonaccorso at 2022-08-15T22:12:12+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -4643,7 +4643,7 @@ CVE-2022-2537
 CVE-2022-2536
 	RESERVED
 CVE-2022-2535 (The SearchWP Live Ajax Search WordPress plugin before 1.6.2 does not e ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-2534 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
 	- gitlab <unfixed>
 CVE-2022-2533
@@ -6741,22 +6741,22 @@ CVE-2022-35627
 CVE-2022-2385 (A security issue was discovered in aws-iam-authenticator where an allo ...)
 	NOT-FOR-US: Kubernetes aws-iam-authenticator
 CVE-2022-2384 (The Digital Publications by Supsystic WordPress plugin before 1.7.4 do ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-2383
 	RESERVED
 CVE-2022-2382
 	RESERVED
 CVE-2022-2381 (The E Unlocked - Student Result WordPress plugin through 1.0.4 is lack ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-2380 (The Linux kernel was found vulnerable out of bounds memory access in t ...)
 	- linux 5.17.3-1
 	[bullseye] - linux 5.10.113-1
 	[buster] - linux 4.19.249-1
 	NOTE: https://git.kernel.org/linus/bd771cf5c4254511cc4abb88f3dab3bd58bdf8e8 (5.18-rc1)
 CVE-2022-2379 (The Easy Student Results WordPress plugin through 2.2.8 lacks authoris ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-2378 (The Easy Student Results WordPress plugin through 2.2.8 does not sanit ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-2377
 	RESERVED
 CVE-2022-2376
@@ -7238,7 +7238,7 @@ CVE-2022-2356 (The Frontend File Manager & Sharing WordPress plugin before 1
 CVE-2022-2355 (The Easy Username Updater WordPress plugin before 1.0.5 does not imple ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-2354 (The WP-DBManager WordPress plugin before 2.80.8 does not prevent admin ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-35411 (rpc.py through 0.6.0 allows Remote Code Execution because an unpickle  ...)
 	NOT-FOR-US: rpc.py
 CVE-2022-35410 (mat2 (aka metadata anonymisation toolkit) before 0.13.0 allows ../ dir ...)
@@ -7741,7 +7741,7 @@ CVE-2022-2316 (HTML injection vulnerability in secure messages of Devolutions Se
 CVE-2022-2315
 	RESERVED
 CVE-2022-2314 (The VR Calendar WordPress plugin through 2.2.2 lets any user execute a ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-2313 (A DLL hijacking vulnerability in the MA Smart Installer for Windows pr ...)
 	NOT-FOR-US: MA Smart Installer for Windows
 CVE-2022-2312
@@ -10588,7 +10588,7 @@ CVE-2022-2153
 	NOTE: https://git.kernel.org/linus/00b5f37189d24ac3ed46cb7f11742094778c46ce (5.18-rc1)
 	NOTE: https://git.kernel.org/linus/b1e34d325397a33d97d845e312d7cf2a8b646b44 (5.18-rc1)
 CVE-2022-2152 (The Duplicate Page and Post Plugin WordPress plugin through 2.7 does n ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-2151 (The Best Contact Management Software WordPress plugin through 3.7.3 do ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-2150
@@ -11354,7 +11354,7 @@ CVE-2022-33917 (An issue was discovered in the Arm Mali GPU Kernel Driver (Valha
 CVE-2022-2117 (The GiveWP plugin for WordPress is vulnerable to Sensitive Information ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-2116 (The Contact Form DB WordPress plugin before 1.8.0 does not sanitise an ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-2115 (The Popup Anything WordPress plugin before 2.1.7 does not sanitise and ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-2114 (The Data Tables Generator by Supsystic WordPress plugin before 1.10.20 ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/247292703c8bf8507494fbaf08fe75b2d1b4127d

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/247292703c8bf8507494fbaf08fe75b2d1b4127d
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220815/bf15f84a/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list