[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Mon Feb 14 20:24:19 GMT 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
dd4f2712 by Salvatore Bonaccorso at 2022-02-14T21:23:56+01:00
Process NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -5440,7 +5440,7 @@ CVE-2022-23369
CVE-2022-23368
RESERVED
CVE-2022-23367 (Fulusso v1.1 was discovered to contain a DOM-based cross-site scriptin ...)
- TODO: check
+ NOT-FOR-US: Fulusso
CVE-2022-23366 (HMS v1.0 was discovered to contain a SQL injection vulnerability via p ...)
NOT-FOR-US: HMS (Hospital Managment System)
CVE-2022-23365 (HMS v1.0 was discovered to contain a SQL injection vulnerability via d ...)
@@ -6230,7 +6230,7 @@ CVE-2022-0216
CVE-2022-0215 (The Login/Signup Popup, Waitlist Woocommerce ( Back in stock notifier ...)
NOT-FOR-US: WordPress plugin
CVE-2022-0214 (The Popup | Custom Popup Builder WordPress plugin before 1.3.1 autoloa ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-0213 (vim is vulnerable to Heap-based Buffer Overflow ...)
- vim <unfixed>
[bullseye] - vim <no-dsa> (Minor issue)
@@ -6238,7 +6238,7 @@ CVE-2022-0213 (vim is vulnerable to Heap-based Buffer Overflow ...)
NOTE: https://huntr.dev/bounties/f3afe1a5-e6f8-4579-b68a-6e5c7e39afed
NOTE: Fixed by: https://github.com/vim/vim/commit/de05bb25733c3319e18dca44e9b59c6ee389eb26 (v8.2.4074)
CVE-2022-0212 (The SpiderCalendar WordPress plugin through 1.5.65 does not sanitise a ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-0211
RESERVED
CVE-2021-45729 (The Privilege Escalation vulnerability discovered in the WP Google Map ...)
@@ -6345,12 +6345,12 @@ CVE-2022-0210 (The Random Banner WordPress plugin is vulnerable to Stored Cross-
CVE-2022-0209
RESERVED
CVE-2022-0208 (The MapPress Maps for WordPress plugin before 2.73.4 does not sanitise ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-0207
RESERVED
- vdsm <itp> (bug #668538)
CVE-2022-0206 (The NewStatPress WordPress plugin before 1.3.6 does not properly escap ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-0205
RESERVED
CVE-2022-0204 [Heap overflow vulnerability in the implementation of the gatt protocol]
@@ -6367,9 +6367,9 @@ CVE-2022-0203 (Improper Access Control in GitHub repository crater-invoice/crate
CVE-2022-0202
RESERVED
CVE-2022-0201 (The Permalink Manager Lite WordPress plugin before 2.2.15 and Permalin ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-0200 (Themify Portfolio Post WordPress plugin before 1.1.7 does not sanitise ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-0199
RESERVED
CVE-2022-23178 (An issue was discovered on Crestron HD-MD4X2-4K-E 1.0.0.2159 devices. ...)
@@ -6558,17 +6558,17 @@ CVE-2022-21134 (A firmware update vulnerability exists in the "update&a
CVE-2022-0194
RESERVED
CVE-2022-0193 (The Complianz WordPress plugin before 6.0.0 does not escape the s para ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-0192
RESERVED
CVE-2022-0191
RESERVED
CVE-2022-0190 (The Ad Invalid Click Protector (AICP) WordPress plugin before 1.2.6 is ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-0189
RESERVED
CVE-2022-0188 (The CMP WordPress plugin before 4.0.19 allows any user, even not logge ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-0187
RESERVED
CVE-2022-0186
@@ -7169,7 +7169,7 @@ CVE-2022-22856
CVE-2022-22855
RESERVED
CVE-2022-22854 (An access control issue in hprms/admin/?page=user/list of Hospital Pat ...)
- TODO: check
+ NOT-FOR-US: Hospital Patient Record Management System
CVE-2022-22853
RESERVED
CVE-2022-22852 (A Stored Cross Site Scripting (XSS) vulnerability exists in Sourcecodt ...)
@@ -7183,7 +7183,7 @@ CVE-2022-22849
CVE-2022-22149
RESERVED
CVE-2022-0176 (The PowerPack Lite for Beaver Builder WordPress plugin before 1.2.9.3 ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-0175 [memory initialization issue in vrend_resource_alloc_buffer() can lead to info leak]
RESERVED
- virglrenderer <unfixed>
@@ -11749,9 +11749,9 @@ CVE-2021-45423
CVE-2021-45422 (Reprise License Manager 14.2 is affected by a reflected cross-site scr ...)
NOT-FOR-US: Reprise License Manager
CVE-2021-45421 (** UNSUPPORTED WHEN ASSIGNED ** Emerson Dixell XWEB-500 products are a ...)
- TODO: check
+ NOT-FOR-US: Emerson
CVE-2021-45420 (** UNSUPPORTED WHEN ASSIGNED ** Emerson Dixell XWEB-500 products are a ...)
- TODO: check
+ NOT-FOR-US: Emerson
CVE-2021-45419 (Certain Starcharge products are affected by Improper Input Validation. ...)
NOT-FOR-US: Nova 360 Cabinet
CVE-2021-45418 (Certain Starcharge products are vulnerable to Directory Traversal via ...)
@@ -11816,7 +11816,7 @@ CVE-2021-45394 (An issue was discovered in Spipu HTML2PDF before 5.2.4. Attacker
CVE-2021-45393
RESERVED
CVE-2021-45392 (A Buffer Overflow vulnerability exists in Tenda Router AX12 V22.03.01. ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2021-45391
RESERVED
CVE-2021-45390
@@ -16740,7 +16740,7 @@ CVE-2022-21661 (WordPress is a free and open-source content management system wr
NOTE: https://hackerone.com/reports/1378209
NOTE: https://www.zerodayinitiative.com/blog/2022/1/18/cve-2021-21661-exposing-database-info-via-wordpress-sql-injection
CVE-2022-21660 (Gin-vue-admin is a backstage management system based on vue and gin. I ...)
- TODO: check
+ NOT-FOR-US: Gin-vue-admin
CVE-2022-21659 (Flask-AppBuilder is an application development framework, built on top ...)
- flask-appbuilder <itp> (bug #998029)
NOTE: https://github.com/dpgaspar/Flask-AppBuilder/security/advisories/GHSA-wfjw-w6pv-8p7f
@@ -32000,9 +32000,9 @@ CVE-2021-39082
CVE-2021-39081
RESERVED
CVE-2021-39080 (Due to weak obfuscation, IBM Cognos Analytics Mobile for Android appli ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2021-39079 (IBM Cognos Analytics Mobile for Android applications prior to version ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2021-39078
RESERVED
CVE-2021-39077
@@ -67279,7 +67279,7 @@ CVE-2021-25117
CVE-2021-25116
RESERVED
CVE-2021-25115 (The WP Photo Album Plus WordPress plugin before 8.0.10 was vulnerable ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-25114 (The Paid Memberships Pro WordPress plugin before 2.6.7 does not escape ...)
NOT-FOR-US: WordPress plugin
CVE-2021-25113
@@ -67289,13 +67289,13 @@ CVE-2021-25112
CVE-2021-25111
RESERVED
CVE-2021-25110 (The Futurio Extra WordPress plugin before 1.6.3 allowed any logged in ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-25109 (The Futurio Extra WordPress plugin before 1.6.3 is affected by a SQL I ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-25108 (The IP2Location Country Blocker WordPress plugin before 2.26.6 does no ...)
NOT-FOR-US: WordPress plugin
CVE-2021-25107 (The Form Store to DB WordPress plugin before 1.1.1 does not sanitise a ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-25106 (The Privacy Policy Generator, Terms & Conditions Generator WordPre ...)
NOT-FOR-US: WordPress plugin
CVE-2021-25105 (The Ivory Search WordPress plugin before 5.4.1 does not escape some of ...)
@@ -67409,7 +67409,7 @@ CVE-2021-25052 (The Button Generator WordPress plugin before 2.3.3 within the wo
CVE-2021-25051 (The Modal Window WordPress plugin before 5.2.2 within the wow-company ...)
NOT-FOR-US: WordPress plugin
CVE-2021-25050 (The Remove Footer Credit WordPress plugin before 1.0.11 does properly ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-25049 (The Mobile Events Manager WordPress plugin before 1.4.4 does not sanit ...)
NOT-FOR-US: WordPress plugin
CVE-2021-25048
@@ -67443,7 +67443,7 @@ CVE-2021-25035 (The Backup and Staging by WP Time Capsule WordPress plugin befor
CVE-2021-25034
RESERVED
CVE-2021-25033 (The WordPress Newsletter Plugin WordPress plugin before 1.6.5 does not ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-25032 (The PublishPress Capabilities WordPress plugin before 2.3.1, PublishPr ...)
NOT-FOR-US: WordPress plugin
CVE-2021-25031 (The Image Hover Effects Ultimate (Image Gallery, Effects, Lightbox, Co ...)
@@ -67473,7 +67473,7 @@ CVE-2021-25020 (The CAOS | Host Google Analytics Locally WordPress plugin before
CVE-2021-25019
RESERVED
CVE-2021-25018 (The PPOM for WooCommerce WordPress plugin before 24.0 does not have au ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-25017 (The Tutor LMS WordPress plugin before 1.9.12 does not escape the searc ...)
NOT-FOR-US: WordPress plugin
CVE-2021-25016 (The Chaty WordPress plugin before 2.8.3 and Chaty Pro WordPress plugin ...)
@@ -67481,7 +67481,7 @@ CVE-2021-25016 (The Chaty WordPress plugin before 2.8.3 and Chaty Pro WordPress
CVE-2021-25015 (The myCred WordPress plugin before 2.4 does not sanitise and escape th ...)
NOT-FOR-US: WordPress plugin
CVE-2021-25014 (The Ibtana WordPress plugin before 1.1.4.9 does not have authorisation ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-25013 (The Qubely WordPress plugin before 1.7.8 does not have authorisation a ...)
NOT-FOR-US: WordPress plugin
CVE-2021-25012
@@ -67701,7 +67701,7 @@ CVE-2021-24906 (The Protect WP Admin WordPress plugin before 3.6.2 does not chec
CVE-2021-24905
RESERVED
CVE-2021-24904 (The Mortgage Calculators WP WordPress plugin before 1.56 does not impl ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24903
RESERVED
CVE-2021-24902 (The Typebot | Build beautiful conversational forms WordPress plugin be ...)
@@ -67761,7 +67761,7 @@ CVE-2021-24876 (The Registrations for the Events Calendar WordPress plugin befor
CVE-2021-24875 (The eCommerce Product Catalog Plugin for WordPress plugin before 3.0.3 ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24874 (The Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblu ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24873 (The Tutor LMS WordPress plugin before 1.9.11 does not sanitise and esc ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24872 (The Get Custom Field Values WordPress plugin before 4.0 allows users w ...)
@@ -68617,7 +68617,7 @@ CVE-2021-24448 (The User Registration & User Profile – Profile Builder
CVE-2021-24447 (The WP Image Zoom WordPress plugin before 1.47 did not validate its ta ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24446 (The Remove Footer Credit WordPress plugin before 1.0.6 does not have C ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24445 (The My Site Audit WordPress plugin through 1.2.4 does not sanitise or ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24444 (The TaxoPress – Create and Manage Taxonomies, Tags, Categories W ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dd4f27124cf3c8b44bc35cce648dad8807346839
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dd4f27124cf3c8b44bc35cce648dad8807346839
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220214/f91db9ea/attachment.htm>
More information about the debian-security-tracker-commits
mailing list