[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Mon Dec 5 20:39:29 GMT 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
f14d319e by Salvatore Bonaccorso at 2022-12-05T21:38:38+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -4509,7 +4509,7 @@ CVE-2022-3928
CVE-2022-3927
RESERVED
CVE-2022-3926 (The WP OAuth Server (OAuth Authentication) WordPress plugin before 3.4 ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-3925
RESERVED
CVE-2022-3924
@@ -4673,7 +4673,7 @@ CVE-2022-3910 (Use After Free vulnerability in Linux Kernel allows Privilege Esc
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/fc7222c3a9f56271fba02aabbfbae999042f1679 (6.0-rc6)
CVE-2022-3909 (The Add Comments WordPress plugin through 1.0.1 does not sanitise and ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-45063 (xterm before 375 allows code execution via font ops, e.g., because an ...)
- xterm 375-1
[bullseye] - xterm <no-dsa> (Minor issue; mitigated by default in Debian)
@@ -4718,7 +4718,7 @@ CVE-2022-45059 (An issue was discovered in Varnish Cache 7.x before 7.1.2 and 7.
CVE-2022-3908
RESERVED
CVE-2022-3907 (The Clerk WordPress plugin before 4.0.0 is affected by time-based atta ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-3906
RESERVED
CVE-2022-3905
@@ -4776,7 +4776,7 @@ CVE-2022-3894
CVE-2022-3893 (Cross-site Scripting (XSS) vulnerability in BlueSpiceCustomMenu extens ...)
NOT-FOR-US: BlueSpice
CVE-2022-3892 (The WP OAuth Server (OAuth Authentication) WordPress plugin before 4.2 ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-3891
RESERVED
CVE-2022-45045 (Multiple Xiongmai NVR devices, including MBD6304T V4.02.R11.00000117.1 ...)
@@ -5584,14 +5584,14 @@ CVE-2022-3860
CVE-2022-3859 (An uncontrolled search path vulnerability exists in Trellix Agent (TA) ...)
NOT-FOR-US: Trellix
CVE-2022-3858 (The Floating Chat Widget: Contact Chat Icons, Telegram Chat, Line, WeC ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-3857 [Null pointer dereference leads to segmentation fault]
RESERVED
- libpng1.6 <undetermined>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2142600
NOTE: https://sourceforge.net/p/libpng/bugs/300/
CVE-2022-3856 (The Comic Book Management System WordPress plugin before 2.2.0 does no ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-21403
RESERVED
CVE-2023-21402
@@ -6855,9 +6855,9 @@ CVE-2022-3840
CVE-2022-3839 (The Analytics for WP WordPress plugin through 1.5.1 does not sanitise ...)
NOT-FOR-US: WordPress plugin
CVE-2022-3838 (The WPUpper Share Buttons WordPress plugin through 3.42 does not sanit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-3837 (The Uji Countdown WordPress plugin through 2.2 does not sanitise and e ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-3836
RESERVED
CVE-2022-3835
@@ -6871,7 +6871,7 @@ CVE-2022-3832
CVE-2022-3831 (The reCAPTCHA WordPress plugin through 1.6 does not sanitise and escap ...)
NOT-FOR-US: WordPress plugin
CVE-2022-3830 (The WP Page Builder WordPress plugin through 1.2.8 does not sanitise a ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-3829
RESERVED
CVE-2022-3828 (The Video Thumbnails WordPress plugin through 2.12.3 does not sanitise ...)
@@ -10714,7 +10714,7 @@ CVE-2022-3696 (A post-auth code injection vulnerability allows admins to execute
CVE-2022-3695
RESERVED
CVE-2022-3694 (The Syncee WordPress plugin before 1.0.10 leaks the administrator toke ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-3693
RESERVED
CVE-2022-3692
@@ -10980,7 +10980,7 @@ CVE-2022-3679
CVE-2022-3678
RESERVED
CVE-2022-3677 (The Advanced Import WordPress plugin before 1.3.8 does not have CSRF c ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-3676 (In Eclipse Openj9 before version 0.35.0, interface calls can be inline ...)
NOT-FOR-US: Eclipse Openj9
CVE-2022-3675 (Fedora CoreOS supports setting a GRUB bootloader password using a Buta ...)
@@ -14319,7 +14319,7 @@ CVE-2022-3428
CVE-2022-3427
RESERVED
CVE-2022-3426 (The Advanced WP Columns WordPress plugin through 2.0.6 does not saniti ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-3425
RESERVED
CVE-2022-3424 [misc: sgi-gru: fix use-after-free error in gru_set_context_option, gru_fault and gru_handle_user_call_os]
@@ -17839,7 +17839,7 @@ CVE-2022-3251 (Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in G
CVE-2022-3250 (Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub ...)
- rdiffweb <itp> (bug #969974)
CVE-2022-3249 (The WP CSV Exporter WordPress plugin before 1.3.7 does not properly sa ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-3248
RESERVED
CVE-2022-3247 (The Blog2Social: Social Media Auto Post & Scheduler WordPress plug ...)
@@ -48512,7 +48512,7 @@ CVE-2022-1542 (The HPB Dashboard WordPress plugin through 1.3.1 does not sanitis
CVE-2022-1541 (The Video Slider WordPress plugin before 1.4.8 does not sanitize or es ...)
NOT-FOR-US: WordPress plugin
CVE-2022-1540 (The PostmagThemes Demo Import WordPress plugin through 1.0.7 does not ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-1539 (The Exports and Reports WordPress plugin before 0.9.2 does not sanitiz ...)
NOT-FOR-US: WordPress plugin
CVE-2022-1538
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f14d319e401ea3471c94a2a1a100abe2d979b3fa
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f14d319e401ea3471c94a2a1a100abe2d979b3fa
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221205/c4d7d739/attachment.htm>
More information about the debian-security-tracker-commits
mailing list