[Git][security-tracker-team/security-tracker][master] Process several NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Feb 1 20:28:14 GMT 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
44259065 by Salvatore Bonaccorso at 2022-02-01T21:27:46+01:00
Process several NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -2103,7 +2103,7 @@ CVE-2022-0322 [DoS in sctp_addto_chunk in net/sctp/sm_make_chunk.c]
CVE-2022-0321
RESERVED
CVE-2022-0320 (The Essential Addons for Elementor WordPress plugin before 5.0.5 does ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-0319 (Out-of-bounds Read in vim/vim prior to 8.2. ...)
- vim <unfixed>
[bullseye] - vim <no-dsa> (Minor issue)
@@ -3887,7 +3887,7 @@ CVE-2022-0222
CVE-2022-0221
RESERVED
CVE-2022-0220 (The check_privacy_settings AJAX action of the WordPress GDPR WordPress ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-0219 (Improper Restriction of XML External Entity Reference in GitHub reposi ...)
NOT-FOR-US: jadx
CVE-2022-0218
@@ -64683,7 +64683,7 @@ CVE-2021-25099
CVE-2021-25098
RESERVED
CVE-2021-25097 (The LabTools WordPress plugin through 1.0 does not have proper authori ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-25096
RESERVED
CVE-2021-25095
@@ -64691,15 +64691,15 @@ CVE-2021-25095
CVE-2021-25094
RESERVED
CVE-2021-25093 (The Link Library WordPress plugin before 7.2.8 does not have authorisa ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-25092 (The Link Library WordPress plugin before 7.2.8 does not have CSRF chec ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-25091 (The Link Library WordPress plugin before 7.2.9 does not sanitise and e ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-25090
RESERVED
CVE-2021-25089 (The UpdraftPlus WordPress Backup Plugin WordPress plugin before 1.16.6 ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-25088
RESERVED
CVE-2021-25087
@@ -64707,7 +64707,7 @@ CVE-2021-25087
CVE-2021-25086
RESERVED
CVE-2021-25085 (The WOOF WordPress plugin before 1.2.6.3 does not sanitise and escape ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-25084
RESERVED
CVE-2021-25083 (The Registrations for the Events Calendar WordPress plugin before 2.7. ...)
@@ -64733,7 +64733,7 @@ CVE-2021-25074 (The WebP Converter for Media WordPress plugin before 4.0.3 conta
CVE-2021-25073 (The WP125 WordPress plugin before 1.5.5 does not have CSRF checks in v ...)
NOT-FOR-US: WordPress plugin
CVE-2021-25072 (The NextScripts: Social Networks Auto-Poster WordPress plugin before 4 ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-25071
RESERVED
CVE-2021-25070
@@ -64751,7 +64751,7 @@ CVE-2021-25065 (The Smash Balloon Social Post Feed WordPress plugin before 4.1.1
CVE-2021-25064
RESERVED
CVE-2021-25063 (The Contact Form 7 Skins WordPress plugin through 2.5.0 does not sanit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-25062 (The Orders Tracking for WooCommerce WordPress plugin before 1.1.10 doe ...)
NOT-FOR-US: WordPress plugin
CVE-2021-25061 (The WP Booking System WordPress plugin before 2.0.15 was affected by a ...)
@@ -64911,7 +64911,7 @@ CVE-2021-24985 (The Easy Forms for Mailchimp WordPress plugin before 6.8.6 does
CVE-2021-24984 (The WPFront User Role Editor WordPress plugin before 3.2.1.11184 does ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24983 (The Asset CleanUp: Page Speed Booster WordPress plugin before 1.3.8.5 ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24982
RESERVED
CVE-2021-24981 (The Directorist WordPress plugin before 7.0.6.2 was vulnerable to Cros ...)
@@ -64927,7 +64927,7 @@ CVE-2021-24977
CVE-2021-24976 (The Smart SEO Tool WordPress plugin before 3.0.6 does not sanitise and ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24975 (The NextScripts: Social Networks Auto-Poster WordPress plugin before 4 ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24974 (The Product Feed PRO for WooCommerce WordPress plugin before 11.0.7 do ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24973 (The Site Reviews WordPress plugin before 5.17.3 does not sanitise and ...)
@@ -64989,7 +64989,7 @@ CVE-2021-24946 (The Modern Events Calendar Lite WordPress plugin before 6.1.5 do
CVE-2021-24945 (The Like Button Rating ♥ LikeBtn WordPress plugin before 2.6.38 ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24944 (The Custom Dashboard & Login Page WordPress plugin before 7.0 does ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24943 (The Registrations for the Events Calendar WordPress plugin before 2.7. ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24942
@@ -65003,13 +65003,13 @@ CVE-2021-24939 (The LoginWP (Formerly Peter's Login Redirect) WordPress plugin b
CVE-2021-24938 (The WOOCS WordPress plugin before 1.3.7.1 does not sanitise and escape ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24937 (The Asset CleanUp: Page Speed Booster WordPress plugin before 1.3.8.5 ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24936 (The WP Extra File Types WordPress plugin before 0.5.1 does not have CS ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24935 (The WP Google Fonts WordPress plugin before 3.1.5 does not escape the ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24934 (The Visual CSS Style Editor WordPress plugin before 7.5.4 does not san ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24933
RESERVED
CVE-2021-24932 (The Auto Featured Image (Auto Post Thumbnail) WordPress plugin before ...)
@@ -65025,7 +65025,7 @@ CVE-2021-24928
CVE-2021-24927 (The My Calendar WordPress plugin before 3.2.18 does not sanitise and e ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24926 (The Domain Check WordPress plugin before 1.0.17 does not sanitise and ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24925 (The Modern Events Calendar Lite WordPress plugin before 6.1.5 does not ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24924 (The Email Log WordPress plugin before 2.4.8 does not escape the d para ...)
@@ -65039,7 +65039,7 @@ CVE-2021-24921
CVE-2021-24920
RESERVED
CVE-2021-24919 (The Wicked Folders WordPress plugin before 2.8.10 does not sanitise an ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24918 (The Smash Balloon Social Post Feed WordPress plugin before 4.0.1 did n ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24917 (The WPS Hide Login WordPress plugin before 1.9.1 has a bug which allow ...)
@@ -65077,7 +65077,7 @@ CVE-2021-24902 (The Typebot | Build beautiful conversational forms WordPress plu
CVE-2021-24901
RESERVED
CVE-2021-24900 (The Ninja Tables WordPress plugin before 4.1.8 does not sanitise and e ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24899 (The Media-Tags WordPress plugin through 3.2.0.2 does not sanitise and ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24898
@@ -65141,7 +65141,7 @@ CVE-2021-24870
CVE-2021-24869
RESERVED
CVE-2021-24868 (The Document Embedder WordPress plugin before 1.7.9 contains a AJAX ac ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24867
RESERVED
CVE-2021-24866 (The WP Data Access WordPress plugin before 5.0.0 does not properly san ...)
@@ -65249,7 +65249,7 @@ CVE-2021-24816 (The Phoenix Media Rename WordPress plugin before 3.4.4 does not
CVE-2021-24815 (The Accept Donations with PayPal WordPress plugin before 1.3.2 does no ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24814 (The check_privacy_settings AJAX action of the WordPress GDPR WordPress ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24813 (The Events Made Easy WordPress plugin before 2.2.24 does not sanitise ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24812 (The BetterLinks WordPress plugin before 1.2.6 does not sanitise and es ...)
@@ -65327,7 +65327,7 @@ CVE-2021-24777
CVE-2021-24776 (The WP Performance Score Booster WordPress plugin before 2.1 does not ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24775 (The Document Embedder WordPress plugin before 1.7.5 contains a REST en ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24774 (The Check & Log Email WordPress plugin before 1.0.3 does not valid ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24773 (The WordPress Download Manager WordPress plugin before 3.2.16 does not ...)
@@ -65347,15 +65347,15 @@ CVE-2021-24767 (The Redirect 404 Error Page to Homepage or Custom Page with Logs
CVE-2021-24766 (The 404 to 301 – Redirect, Log and Notify 404 Errors WordPress p ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24765 (The Perfect Survey WordPress plugin through 1.5.2 does not validate an ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24764 (The Perfect Survey WordPress plugin before 1.5.2 does not sanitise and ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24763 (The Perfect Survey WordPress plugin before 1.5.2 does not have proper ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24762 (The Perfect Survey WordPress plugin before 1.5.2 does not validate and ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24761 (The Error Log Viewer WordPress plugin through 1.1.1 does not perform n ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24760 (The Gutenberg PDF Viewer Block WordPress plugin before 1.0.1 does not ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24759 (The PDF.js Viewer WordPress plugin before 2.0.2 does not escape some o ...)
@@ -65463,7 +65463,7 @@ CVE-2021-24709 (The Weather Effect WordPress plugin before 1.3.6 does not proper
CVE-2021-24708 (The Export any WordPress data to XML/CSV WordPress plugin before 1.3.1 ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24707 (The Learning Courses WordPress plugin before 5.0 does not sanitise and ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24706 (The Qwizcards – online quizzes and flashcards WordPress plugin b ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24705 (The NEX-Forms WordPress plugin through 7.9.4 does not escape some of i ...)
@@ -65505,7 +65505,7 @@ CVE-2021-24688
CVE-2021-24687 (The Modern Events Calendar Lite WordPress plugin before 5.22.2 does no ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24686 (The SVG Support WordPress plugin before 2.3.20 does not escape the "CS ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24685 (The Flat Preloader WordPress plugin before 1.5.4 does not enforce nonc ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24684 (The WordPress PDF Light Viewer Plugin WordPress plugin before 1.4.12 a ...)
@@ -65581,7 +65581,7 @@ CVE-2021-24650
CVE-2021-24649
RESERVED
CVE-2021-24648 (The RegistrationMagic WordPress plugin before 5.0.1.9 does not sanitis ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24647 (The Registration Forms – User profile, Content Restriction, Spam ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24646 (The Booking.com Banner Creator WordPress plugin before 1.4.3 does not ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/44259065e71cfb3a14d487c70400b6143a020d6c
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/44259065e71cfb3a14d487c70400b6143a020d6c
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220201/49af187c/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list