[Git][security-tracker-team/security-tracker][master] Process several NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Mon Feb 7 20:30:42 GMT 2022 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
1a07659d by Salvatore Bonaccorso at 2022-02-07T21:30:03+01:00
Process several NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -2077,7 +2077,7 @@ CVE-2022-23982
 CVE-2022-23981
 	RESERVED
 CVE-2022-23980 (Cross-Site Scripting (XSS) vulnerability discovered in Yasr – Ye ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-23979 (Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-23978
@@ -2099,9 +2099,9 @@ CVE-2022-0382 [net ticp:fix a kernel-infoleak in __tipc_sendmsg()]
 	- linux 5.15.15-1
 	NOTE: Fixed by: https://git.kernel.org/linus/d6d86830705f173fca6087a3e67ceaf68db80523
 CVE-2022-0381 (The Embed Swagger WordPress plugin is vulnerable to Reflected Cross-Si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-0380 (The Fotobook WordPress plugin is vulnerable to Reflected Cross-Site Sc ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-0379 (Cross-site Scripting (XSS) - Stored in Packagist microweber/microweber ...)
 	NOT-FOR-US: microweber
 CVE-2022-0378 (Cross-site Scripting (XSS) - Reflected in Packagist microweber/microwe ...)
@@ -2961,7 +2961,7 @@ CVE-2022-23807 (An issue was discovered in phpMyAdmin 4.9 before 4.9.8 and 5.1 b
 CVE-2022-23806
 	RESERVED
 CVE-2022-23805 (A security out-of-bounds read information disclosure vulnerability in  ...)
-	TODO: check
+	NOT-FOR-US: Trend Micro
 CVE-2022-23804
 	RESERVED
 CVE-2022-23803
@@ -4848,7 +4848,7 @@ CVE-2022-0220 (The check_privacy_settings AJAX action of the WordPress GDPR Word
 CVE-2022-0219 (Improper Restriction of XML External Entity Reference in GitHub reposi ...)
 	NOT-FOR-US: jadx
 CVE-2022-0218 (The WP HTML Mail WordPress plugin is vulnerable to unauthorized access ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-0216
 	RESERVED
 CVE-2022-0215 (The Login/Signup Popup, Waitlist Woocommerce ( Back in stock notifier  ...)
@@ -4868,7 +4868,7 @@ CVE-2022-0211
 CVE-2021-45729 (The Privilege Escalation vulnerability discovered in the WP Google Map ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2021-44779 (Unauthenticated SQL Injection (SQLi) vulnerability discovered in [GWA] ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-44777 (Cross-Site Request Forgery (CSRF) vulnerabilities leading to single or ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2021-44760
@@ -6521,9 +6521,9 @@ CVE-2022-0151 (An issue has been discovered in GitLab affecting all versions sta
 CVE-2022-0150
 	RESERVED
 CVE-2022-0149 (The WooCommerce WordPress plugin before 2.7.1 was affected by a Reflec ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-0148 (The All-in-one Floating Contact Form, Call, Chat, and 50+ Social Icon  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-0147
 	RESERVED
 CVE-2022-0146
@@ -30620,7 +30620,7 @@ CVE-2021-39023
 CVE-2021-39022
 	RESERVED
 CVE-2021-39021 (IBM Guardium Data Encryption (GDE) 5.0.0.2 behaves differently or send ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2021-39020
 	RESERVED
 CVE-2021-39019
@@ -30742,7 +30742,7 @@ CVE-2021-38962
 CVE-2021-38961 (IBM OPENBMC OP910 is vulnerable to cross-site scripting. This vulnerab ...)
 	NOT-FOR-US: IBM
 CVE-2021-38960 (IBM OPENBMC OP920, OP930, and OP940 could allow an unauthenticated use ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2021-38959 (IBM SPSS Statistics for Windows 24.0, 25.0, 26.0, 27.0, 27.0.1, and 28 ...)
 	NOT-FOR-US: IBM
 CVE-2021-38958 (IBM MQ Appliance 9.2 CD and 9.2 LTS is affected by a denial of service ...)
@@ -32853,7 +32853,7 @@ CVE-2021-38132
 CVE-2021-38131
 	RESERVED
 CVE-2021-38130 (A potential Information leakage vulnerability has been identified in v ...)
-	TODO: check
+	NOT-FOR-US: Micro Focus
 CVE-2021-38129 (Escalation of privileges vulnerability in Micro Focus in Micro Focus O ...)
 	NOT-FOR-US: Micro Focus
 CVE-2021-38128
@@ -65760,7 +65760,7 @@ CVE-2021-25116
 CVE-2021-25115
 	RESERVED
 CVE-2021-25114 (The Paid Memberships Pro WordPress plugin before 2.6.7 does not escape ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-25113
 	RESERVED
 CVE-2021-25112
@@ -65772,17 +65772,17 @@ CVE-2021-25110
 CVE-2021-25109
 	RESERVED
 CVE-2021-25108 (The IP2Location Country Blocker WordPress plugin before 2.26.6 does no ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-25107
 	RESERVED
 CVE-2021-25106 (The Privacy Policy Generator, Terms & Conditions Generator WordPre ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-25105 (The Ivory Search WordPress plugin before 5.4.1 does not escape some of ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-25104
 	RESERVED
 CVE-2021-25103 (The Translate WordPress with GTranslate WordPress plugin before 2.9.7  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-25102
 	RESERVED
 CVE-2021-25101
@@ -65796,9 +65796,9 @@ CVE-2021-25098
 CVE-2021-25097 (The LabTools WordPress plugin through 1.0 does not have proper authori ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2021-25096 (The IP2Location Country Blocker WordPress plugin before 2.26.5 bans ca ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-25095 (The IP2Location Country Blocker WordPress plugin before 2.26.5 does no ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-25094
 	RESERVED
 CVE-2021-25093 (The Link Library WordPress plugin before 7.2.8 does not have authorisa ...)
@@ -65820,7 +65820,7 @@ CVE-2021-25086
 CVE-2021-25085 (The WOOF WordPress plugin before 1.2.6.3 does not sanitise and escape  ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2021-25084 (The Advanced Cron Manager WordPress plugin before 2.4.2, advanced-cron ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-25083 (The Registrations for the Events Calendar WordPress plugin before 2.7. ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2021-25082
@@ -65834,7 +65834,7 @@ CVE-2021-25079 (The Contact Form Entries WordPress plugin before 1.2.4 does not
 CVE-2021-25078 (The Affiliates Manager WordPress plugin before 2.9.0 does not validate ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2021-25077 (The Store Toolkit for WooCommerce WordPress plugin before 2.3.2 does n ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-25076 (The WP User Frontend WordPress plugin before 3.5.26 does not validate  ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2021-25075
@@ -65930,7 +65930,7 @@ CVE-2021-25031 (The Image Hover Effects Ultimate (Image Gallery, Effects, Lightb
 CVE-2021-25030 (The Events Made Easy WordPress plugin before 2.2.36 does not sanitise  ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2021-25029 (The CLUEVO LMS, E-Learning Platform WordPress plugin before 1.8.1 does ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-25028 (The Event Tickets WordPress plugin before 5.2.2 does not validate the  ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2021-25027 (The PowerPack Addons for Elementor WordPress plugin before 2.6.2 does  ...)
@@ -65980,7 +65980,7 @@ CVE-2021-25006
 CVE-2021-25005 (The SEUR Oficial WordPress plugin before 1.7.0 does not sanitize and e ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2021-25004 (The SEUR Oficial WordPress plugin before 1.7.2 creates a PHP file with ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-25003
 	RESERVED
 CVE-2021-25002
@@ -66002,7 +66002,7 @@ CVE-2021-24995
 CVE-2021-24994
 	RESERVED
 CVE-2021-24993 (The Ultimate Product Catalog WordPress plugin before 5.0.26 does not h ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-24992 (The Smart Floating / Sticky Buttons WordPress plugin before 2.5.5 does ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2021-24991 (The WooCommerce PDF Invoices & Packing Slips WordPress plugin befo ...)
@@ -66094,7 +66094,7 @@ CVE-2021-24949 (The "WP Search Filters" widget of The Plus Addons for Elementor
 CVE-2021-24948 (The Plus Addons for Elementor - Pro WordPress plugin before 5.0.7 does ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2021-24947 (The RVM WordPress plugin before 6.4.2 does not have proper authorisati ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-24946 (The Modern Events Calendar Lite WordPress plugin before 6.1.5 does not ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2021-24945 (The Like Button Rating ♥ LikeBtn WordPress plugin before 2.6.38  ...)
@@ -66132,7 +66132,7 @@ CVE-2021-24930 (The WordPress Online Booking and Scheduling Plugin WordPress plu
 CVE-2021-24929
 	RESERVED
 CVE-2021-24928 (The Rearrange Woocommerce Products WordPress plugin before 3.0.8 does  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-24927 (The My Calendar WordPress plugin before 3.2.18 does not sanitise and e ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2021-24926 (The Domain Check WordPress plugin before 1.0.17 does not sanitise and  ...)
@@ -66228,11 +66228,11 @@ CVE-2021-24882 (The Slideshow Gallery WordPress plugin before 1.7.4 does not san
 CVE-2021-24881
 	RESERVED
 CVE-2021-24880 (The SupportCandy WordPress plugin before 2.2.7 does not validate and e ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-24879 (The SupportCandy WordPress plugin before 2.2.7 does not have CSRF chec ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-24878 (The SupportCandy WordPress plugin before 2.2.7 does not sanitise and e ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-24877 (The MainWP Child WordPress plugin before 4.1.8 does not validate the o ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2021-24876 (The Registrations for the Events Calendar WordPress plugin before 2.7. ...)
@@ -66302,7 +66302,7 @@ CVE-2021-24845 (The Improved Include Page WordPress plugin through 1.2 allows pa
 CVE-2021-24844 (The Affiliates Manager WordPress plugin before 2.8.7 does not validate ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2021-24843 (The SupportCandy WordPress plugin before 2.2.7 does not have CRSF chec ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-24842 (The Bulk Datetime Change WordPress plugin before 1.12 does not enforce ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2021-24841 (The Helpful WordPress plugin before 4.4.59 does not sanitise and escap ...)
@@ -66310,7 +66310,7 @@ CVE-2021-24841 (The Helpful WordPress plugin before 4.4.59 does not sanitise and
 CVE-2021-24840 (The Squaretype WordPress theme before 3.0.4 allows unauthenticated use ...)
 	NOT-FOR-US: WordPress theme
 CVE-2021-24839 (The SupportCandy WordPress plugin before 2.2.5 does not have authorisa ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-24838 (The AnyComment WordPress plugin through 0.2.17 has an API endpoint whi ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2021-24837



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1a07659d9cffe506210b2363aefd8d8c2003c1ba

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1a07659d9cffe506210b2363aefd8d8c2003c1ba
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220207/96507613/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list