[Git][security-tracker-team/security-tracker][master] Process NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Mon Aug 29 21:18:16 BST 2022 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
ba13bfcd by Salvatore Bonaccorso at 2022-08-29T22:17:50+02:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -4370,7 +4370,7 @@ CVE-2022-2639
 	[buster] - linux 4.19.249-1
 	NOTE: https://git.kernel.org/linus/cefa91b2332d7009bc0be5d951d6cbbf349f90f8 (5.18-rc4)
 CVE-2022-2638 (The Export All URLs WordPress plugin before 4.4 does not validate the  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-2637
 	RESERVED
 CVE-2022-2636 (Improper Input Validation in GitHub repository hestiacp/hestiacp prior ...)
@@ -4667,7 +4667,7 @@ CVE-2022-2601
 CVE-2022-2600 (The Auto-hyperlink URLs WordPress plugin through 5.4.1 does not set re ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-2599 (The Anti-Malware Security and Brute-Force Firewall WordPress plugin be ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-2598 (Undefined Behavior for Input to API in GitHub repository vim/vim prior ...)
 	- vim 2:9.0.0135-1
 	NOTE: https://huntr.dev/bounties/2f08363a-47a2-422d-a7de-ce96a89ad08e/
@@ -5577,7 +5577,7 @@ CVE-2022-2561
 CVE-2022-2560
 	RESERVED
 CVE-2022-2559 (The Fluent Support WordPress plugin before 1.5.8 does not properly san ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-2558 (The Simple Job Board WordPress plugin before 2.10.0 is susceptible to  ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-2557 (The Team WordPress plugin before 4.1.2 contains a file which could all ...)
@@ -5627,7 +5627,7 @@ CVE-2022-36924
 CVE-2022-36923 (Zoho ManageEngine OpManager, OpManager Plus, OpManager MSP, Network Co ...)
 	NOT-FOR-US: Zoho ManageEngine
 CVE-2022-2556 (The Mailchimp for WooCommerce WordPress plugin before 2.7.2 has an AJA ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-2555 (The Yotpo Reviews for WooCommerce WordPress plugin through 2.0.4 lacks ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-2554
@@ -5961,7 +5961,7 @@ CVE-2022-2540
 CVE-2022-2539 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
 	- gitlab <unfixed>
 CVE-2022-2538 (The WP Hide & Security Enhancer WordPress plugin before 1.8 does n ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-XXXX [spip: security issues from 4.1.5 release]
 	- spip 4.1.5+dfsg-1
 	[bullseye] - spip 3.2.11-3+deb11u5
@@ -6625,7 +6625,7 @@ CVE-2022-36441
 CVE-2022-36440
 	RESERVED
 CVE-2022-2537 (The WooCommerce PDF Invoices & Packing Slips WordPress plugin befo ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-2536
 	RESERVED
 CVE-2022-2535 (The SearchWP Live Ajax Search WordPress plugin before 1.6.2 does not e ...)
@@ -8795,9 +8795,9 @@ CVE-2022-2376
 CVE-2022-2375 (The WP Sticky Button WordPress plugin before 1.4.1 does not have autho ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-2374 (The Simply Schedule Appointments WordPress plugin before 1.5.7.7 does  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-2373 (The Simply Schedule Appointments WordPress plugin before 1.5.7.7 is mi ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-2372 (The YaySMTP WordPress plugin before 2.2.2 does not sanitise and escape ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-2371 (The YaySMTP WordPress plugin before 2.2.1 does not have proper authori ...)
@@ -10857,7 +10857,7 @@ CVE-2022-2269 (The Website File Changes Monitor WordPress plugin before 1.8.3 do
 CVE-2022-2268 (The Import any XML or CSV File to WordPress plugin before 3.6.8 accept ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-2267 (The Mailchimp for WooCommerce WordPress plugin before 2.7.1 has an AJA ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-2266
 	RESERVED
 CVE-2022-2265
@@ -10872,7 +10872,7 @@ CVE-2022-2263 (A vulnerability was found in Online Hotel Booking System 1.0 and
 CVE-2022-2262 (A vulnerability has been found in Online Hotel Booking System 1.0 and  ...)
 	NOT-FOR-US: Online Hotel Booking System
 CVE-2022-2261 (The WPIDE WordPress plugin before 3.0 does not sanitize and validate t ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-2260 (The GiveWP WordPress plugin before 2.21.3 does not have CSRF in place  ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-34835 (In Das U-Boot through 2022.07-rc5, an integer signedness error and res ...)
@@ -15094,7 +15094,7 @@ CVE-2022-2082
 CVE-2022-2081
 	RESERVED
 CVE-2022-2080 (The Sensei LMS WordPress plugin before 4.5.2 does not ensure that the  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-2079 (Cross-site Scripting (XSS) - Stored in GitHub repository nocodb/nocodb ...)
 	NOT-FOR-US: nocodb
 CVE-2022-2078 (A vulnerability was found in the Linux kernel's nft_set_desc_concat_pa ...)
@@ -16646,7 +16646,7 @@ CVE-2022-25649 (Multiple Improper Access Control vulnerabilities in StoreApps Af
 CVE-2022-2035 (A reflected cross-site scripting (XSS) vulnerability exists in the pla ...)
 	NOT-FOR-US: SCORM Engine
 CVE-2022-2034 (The Sensei LMS WordPress plugin before 4.5.0 does not have proper perm ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-2033
 	RESERVED
 CVE-2022-2032 (In Pandora FMS v7.0NG.761 and below, in the file manager section, the  ...)
@@ -22724,7 +22724,7 @@ CVE-2022-1664 (Dpkg::Source::Archive in dpkg, the Debian package management syst
 	NOTE: https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=1f23dddc17f69c9598477098c7fb9936e15fa495 (1.19.8)
 	NOTE: https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=faa4c92debe45412bfcf8a44f26e827800bb24be (1.18.26)
 CVE-2022-1663 (The Stop Spam Comments WordPress plugin through 0.2.1.2 does not prope ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-30529
 	RESERVED
 CVE-2022-30528
@@ -30009,7 +30009,7 @@ CVE-2022-1125 (Use after free in Portals in Google Chrome prior to 100.0.4896.60
 CVE-2022-1124 (An improper authorization issue has been discovered in GitLab CE/EE af ...)
 	- gitlab <unfixed>
 CVE-2022-1123 (The Leaflet Maps Marker (Google Maps, OpenStreetMap, Bing Maps) WordPr ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-46743 (In Firebase PHP-JWT before 6.0.0, an algorithm-confusion issue (e.g.,  ...)
 	NOT-FOR-US: Firebase PHP-JWT
 CVE-2020-36521



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ba13bfcd92b7e23005e7163e2379f40832aecc57

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ba13bfcd92b7e23005e7163e2379f40832aecc57
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220829/938e28b1/attachment.htm>

More information about the debian-security-tracker-commits mailing list