[Git][security-tracker-team/security-tracker][master] Process several NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Mon Aug 22 21:19:42 BST 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
82861f93 by Salvatore Bonaccorso at 2022-08-22T22:19:11+02:00
Process several NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -3655,7 +3655,7 @@ CVE-2022-37300
CVE-2022-2601
RESERVED
CVE-2022-2600 (The Auto-hyperlink URLs WordPress plugin through 5.4.1 does not set re ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-2599
RESERVED
CVE-2022-2598 (Undefined Behavior for Input to API in GitHub repository vim/vim prior ...)
@@ -3672,9 +3672,9 @@ CVE-2022-2596 (Denial of Service in GitHub repository node-fetch/node-fetch prio
CVE-2022-2595 (Improper Authorization in GitHub repository kromitgmbh/titra prior to ...)
NOT-FOR-US: Titra
CVE-2022-2594 (The Advanced Custom Fields WordPress plugin before 5.12.3, Advanced Cu ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-2593 (The Better Search Replace WordPress plugin before 1.4.1 does not prope ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-37299
RESERVED
CVE-2022-37298
@@ -4569,9 +4569,9 @@ CVE-2022-2560
CVE-2022-2559
RESERVED
CVE-2022-2558 (The Simple Job Board WordPress plugin before 2.10.0 is susceptible to ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-2557 (The Team WordPress plugin before 4.1.2 contains a file which could all ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-46830 (A path traversal vulnerability exists within GoAnywhere MFT before 6.8 ...)
NOT-FOR-US: GoAnywhere MFT
CVE-2022-36943
@@ -4619,7 +4619,7 @@ CVE-2022-36923 (Zoho ManageEngine OpManager, OpManager Plus, OpManager MSP, Netw
CVE-2022-2556
RESERVED
CVE-2022-2555 (The Yotpo Reviews for WooCommerce WordPress plugin through 2.0.4 lacks ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-2554
RESERVED
CVE-2022-2553 (The authfile directive in the booth config file is ignored, preventing ...)
@@ -4627,9 +4627,9 @@ CVE-2022-2553 (The authfile directive in the booth config file is ignored, preve
- booth 1.0-268-gdce51f9-1
NOTE: https://github.com/ClusterLabs/booth/issues/114
CVE-2022-2552 (The Duplicator WordPress plugin before 1.4.7.1 does not authenticate o ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-2551 (The Duplicator WordPress plugin before 1.4.7 discloses the url of the ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-2550 (OS Command Injection in GitHub repository hestiacp/hestiacp prior to 1 ...)
NOT-FOR-US: Hestia Control Panel
CVE-2022-2549 (NULL Pointer Dereference in GitHub repository gpac/gpac prior to v2.1. ...)
@@ -4939,7 +4939,7 @@ CVE-2022-2546
CVE-2022-2545
RESERVED
CVE-2022-2544 (The Ninja Job Board WordPress plugin before 1.3.3 does not protect the ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-2543
RESERVED
CVE-2022-2542
@@ -5624,7 +5624,7 @@ CVE-2022-2534 (An issue has been discovered in GitLab CE/EE affecting all versio
CVE-2022-2533
RESERVED
CVE-2022-2532 (The Feed Them Social WordPress plugin before 3.0.1 does not sanitise a ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-2531 (An issue has been discovered in GitLab EE affecting all versions start ...)
- gitlab <not-affected> (Specific to EE)
CVE-2022-2530
@@ -7225,7 +7225,7 @@ CVE-2022-2409 (The Rough Chart WordPress plugin through 1.0.0 does not properly
CVE-2022-2408 (The Guest account feature in Mattermost version 6.7.0 and earlier fail ...)
- mattermost-server <itp> (bug #823556)
CVE-2022-2407 (The WP phpMyAdmin WordPress plugin before 5.2.0.4 does not escape some ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-2406 (The legacy Slack import feature in Mattermost version 6.7.0 and earlie ...)
- mattermost-server <itp> (bug #823556)
CVE-2022-2405
@@ -7699,15 +7699,15 @@ CVE-2022-2393 (A flaw was found in pki-core, which could allow a user to get a c
- dogtag-pki <undetermined>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2101046
CVE-2022-2392 (The Lana Downloads Manager WordPress plugin before 1.8.0 is affected b ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-2391 (The Inspiro PRO WordPress plugin does not sanitize the portfolio slide ...)
NOT-FOR-US: WordPress plugin
CVE-2022-2390 (Apps developed with Google Play Services SDK incorrectly had the mutab ...)
NOT-FOR-US: Apps developed with Google Play Services SDK
CVE-2022-2389 (The Abandoned Cart Recovery for WooCommerce, Follow Up Emails, Newslet ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-2388 (The WP Coder WordPress plugin before 2.5.3 does not have CSRF check in ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-2387
RESERVED
CVE-2022-2386 (The Crowdsignal Dashboard WordPress plugin before 3.0.8 does not sanit ...)
@@ -7761,9 +7761,9 @@ CVE-2022-2385 (A security issue was discovered in aws-iam-authenticator where an
CVE-2022-2384 (The Digital Publications by Supsystic WordPress plugin before 1.7.4 do ...)
NOT-FOR-US: WordPress plugin
CVE-2022-2383 (The Feed Them Social WordPress plugin before 3.0.1 does not sanitise a ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-2382 (The Product Slider for WooCommerce WordPress plugin before 2.5.7 has f ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-2381 (The E Unlocked - Student Result WordPress plugin through 1.0.4 is lack ...)
NOT-FOR-US: WordPress plugin
CVE-2022-2380 (The Linux kernel was found vulnerable out of bounds memory access in t ...)
@@ -7776,11 +7776,11 @@ CVE-2022-2379 (The Easy Student Results WordPress plugin through 2.2.8 lacks aut
CVE-2022-2378 (The Easy Student Results WordPress plugin through 2.2.8 does not sanit ...)
NOT-FOR-US: WordPress plugin
CVE-2022-2377 (The Directorist WordPress plugin before 7.3.0 does not have authorisat ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-2376
RESERVED
CVE-2022-2375 (The WP Sticky Button WordPress plugin before 1.4.1 does not have autho ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-2374
RESERVED
CVE-2022-2373
@@ -8238,9 +8238,9 @@ CVE-2022-2364 (A vulnerability, which was classified as problematic, was found i
CVE-2022-2363 (A vulnerability, which was classified as problematic, has been found i ...)
NOT-FOR-US: Simple Parking Management System
CVE-2022-2362 (The Download Manager WordPress plugin before 3.2.50 prioritizes gettin ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-2361 (The WP Social Chat WordPress plugin before 6.0.5 does not sanitise and ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-35413
RESERVED
CVE-2022-35412 (Digital Guardian Agent 7.7.4.0042 allows an administrator (who ordinar ...)
@@ -8766,7 +8766,7 @@ CVE-2022-2314 (The VR Calendar WordPress plugin through 2.2.2 lets any user exec
CVE-2022-2313 (A DLL hijacking vulnerability in the MA Smart Installer for Windows pr ...)
NOT-FOR-US: MA Smart Installer for Windows
CVE-2022-2312 (The Student Result or Employee Database WordPress plugin before 1.7.5 ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-2311
RESERVED
CVE-2022-2310 (An authentication bypass vulnerability in Skyhigh SWG in main releases ...)
@@ -9711,9 +9711,9 @@ CVE-2022-26366
CVE-2022-25952
RESERVED
CVE-2022-2276 (The WP Edit Menu WordPress plugin before 1.5.0 does not have authorisa ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-2275 (The WP Edit Menu WordPress plugin before 1.5.0 does not have CSRF in a ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-2274 (The OpenSSL 3.0.4 release introduced a serious bug in the RSA implemen ...)
- openssl 3.0.4-2 (bug #1013441)
[bullseye] - openssl <not-affected> (Vulnerable code not present)
@@ -10864,7 +10864,7 @@ CVE-2022-34465 (A vulnerability has been identified in Parasolid V33.1 (All vers
CVE-2022-34464 (A vulnerability has been identified in SICAM GridEdge Essential ARM (A ...)
NOT-FOR-US: Siemens
CVE-2022-2198 (The WPQA Builder WordPress plugin before 5.7 which is a companion plug ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-2197 (By using a specific credential string, an attacker with network access ...)
NOT-FOR-US: Exemys
CVE-2022-2196
@@ -11337,7 +11337,7 @@ CVE-2022-2174 (Cross-site Scripting (XSS) - Reflected in GitHub repository micro
CVE-2022-2173 (The Advanced Database Cleaner WordPress plugin before 3.1.1 does not e ...)
NOT-FOR-US: WordPress plugin
CVE-2022-2172 (The LinkWorth WordPress plugin before 3.3.4 does not implement nonce c ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-2171 (The Progressive License WordPress plugin through 1.1.0 is lacking any ...)
NOT-FOR-US: WordPress plugin
CVE-2022-2170 (The Microsoft Advertising Universal Event Tracking (UET) WordPress plu ...)
@@ -17666,7 +17666,7 @@ CVE-2022-31794 (An issue was discovered on Fujitsu ETERNUS CentricStor CS8000 (C
CVE-2022-1933 (The CDI WordPress plugin before 5.1.9 does not sanitise and escape a p ...)
NOT-FOR-US: WordPress plugin
CVE-2022-1932 (The Rezgo Online Booking WordPress plugin before 4.1.8 does not saniti ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-31799 (Bottle before 0.12.20 mishandles errors during early request binding. ...)
{DSA-5159-1 DLA-3048-1}
- python-bottle 0.12.20-1
@@ -25908,7 +25908,7 @@ CVE-2022-1324 (The Event Timeline WordPress plugin through 1.1.5 does not saniti
CVE-2022-1323 (The Discy WordPress theme before 5.0 lacks authorization checks then p ...)
NOT-FOR-US: WordPress theme
CVE-2022-1322 (The Coming Soon - Under Construction WordPress plugin through 1.1.9 do ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-1321 (The miniOrange's Google Authenticator WordPress plugin before 5.5.6 do ...)
NOT-FOR-US: WordPress plugin
CVE-2022-1320 (The Sliderby10Web WordPress plugin before 1.2.52 does not properly san ...)
@@ -35316,11 +35316,11 @@ CVE-2019-25058 (An issue was discovered in USBGuard before 1.1.0. On systems wit
CVE-2022-25813
RESERVED
CVE-2022-25812 (The Transposh WordPress Translation WordPress plugin before 1.0.8 does ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-25811 (The Transposh WordPress Translation WordPress plugin through 1.0.8 doe ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-25810 (The Transposh WordPress Translation WordPress plugin through 1.0.8 exp ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-0742 (Memory leak in icmp6 implementation in Linux Kernel 5.13+ allows a rem ...)
- linux 5.16.14-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
@@ -40008,7 +40008,7 @@ CVE-2022-0448 (The CP Blocks WordPress plugin before 1.0.15 does not sanitise an
CVE-2022-0447 (The Post Grid WordPress plugin before 2.1.16 does not sanitise and esc ...)
NOT-FOR-US: WordPress plugin
CVE-2022-0446 (The Simple Banner WordPress plugin before 2.12.0 does not properly san ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-0445 (The WordPress Real Cookie Banner: GDPR (DSGVO) & ePrivacy Cookie C ...)
NOT-FOR-US: WordPress plugin
CVE-2022-0444 (The Backup, Restore and Migrate WordPress Sites With the XCloner Plugi ...)
@@ -107132,11 +107132,11 @@ CVE-2021-24914 (The Tawk.To Live Chat WordPress plugin before 0.6.0 does not hav
CVE-2021-24913 (The Logo Showcase with Slick Slider WordPress plugin before 2.0.1 does ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24912 (The Transposh WordPress Translation WordPress plugin before 1.0.8 does ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24911 (The Transposh WordPress Translation WordPress plugin before 1.0.8 does ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24910 (The Transposh WordPress Translation WordPress plugin before 1.0.8 does ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24909 (The ACF Photo Gallery Field WordPress plugin before 1.7.5 does not san ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24908 (The Check & Log Email WordPress plugin before 1.0.4 does not escap ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/82861f9397fe05d04f702d646f1930f3f6d64977
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/82861f9397fe05d04f702d646f1930f3f6d64977
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220822/0a139e37/attachment.htm>
More information about the debian-security-tracker-commits
mailing list