[Git][security-tracker-team/security-tracker][master] Process several NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Jan 18 20:41:30 GMT 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
09f67b1a by Salvatore Bonaccorso at 2022-01-18T21:41:13+01:00
Process several NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -403,9 +403,9 @@ CVE-2022-23306
CVE-2022-23305 (By design, the JDBCAppender in Log4j 1.2.x accepts an SQL statement as ...)
TODO: check
CVE-2022-0263 (Unrestricted Upload of File with Dangerous Type in Packagist pimcore/p ...)
- TODO: check
+ NOT-FOR-US: pimcore
CVE-2022-0262 (Cross-site Scripting (XSS) - Stored in Packagist pimcore/pimcore prior ...)
- TODO: check
+ NOT-FOR-US: pimcore
CVE-2022-0261 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. ...)
TODO: check
CVE-2022-0260 (Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimco ...)
@@ -640,7 +640,7 @@ CVE-2022-23220
CVE-2022-0237
RESERVED
CVE-2022-0236 (The WP Import Export WordPress plugin (both free and premium versions) ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-0235 (node-fetch is vulnerable to Exposure of Sensitive Information to an Un ...)
- node-fetch <unfixed>
NOTE: https://huntr.dev/bounties/d26ab655-38d6-48b3-be15-f9ad6b6ae6f7/
@@ -648,9 +648,9 @@ CVE-2022-0235 (node-fetch is vulnerable to Exposure of Sensitive Information to
CVE-2022-0234
RESERVED
CVE-2022-0233 (The ProfileGrid – User Profiles, Memberships, Groups and Communi ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-0232 (The User Registration, Login & Landing Pages WordPress plugin is v ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-0231 (livehelperchat is vulnerable to Cross-Site Request Forgery (CSRF) ...)
NOT-FOR-US: livehelperchat
CVE-2022-0230
@@ -762,7 +762,7 @@ CVE-2022-0218
CVE-2022-0216
RESERVED
CVE-2022-0215 (The Login/Signup Popup, Waitlist Woocommerce ( Back in stock notifier ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-0214
RESERVED
CVE-2022-0213 (vim is vulnerable to Heap-based Buffer Overflow ...)
@@ -864,7 +864,7 @@ CVE-2022-0217 [Unauthenticated Remote Denial of Service Attack in the WebSocket
NOTE: https://hg.prosody.im/0.11/raw-rev/783056b4e448
NOTE: https://www.openwall.com/lists/oss-security/2022/01/13/3
CVE-2022-0210 (The Random Banner WordPress plugin is vulnerable to Stored Cross-Site ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-0209
RESERVED
CVE-2022-0208
@@ -2459,7 +2459,7 @@ CVE-2022-22692
CVE-2022-22691 (The password reset component deployed within Umbraco uses the hostname ...)
TODO: check
CVE-2022-22690 (Within the Umbraco CMS, a configuration element named "UmbracoApplicat ...)
- TODO: check
+ NOT-FOR-US: Umbraco CMS
CVE-2022-22689
RESERVED
CVE-2022-22688
@@ -3800,7 +3800,7 @@ CVE-2021-46015
CVE-2021-46014
RESERVED
CVE-2021-46013 (An unrestricted file upload vulnerability exists in Sourcecodester Fre ...)
- TODO: check
+ NOT-FOR-US: Sourcecodester
CVE-2021-46012
REJECTED
CVE-2021-46011
@@ -3816,7 +3816,7 @@ CVE-2021-46007
CVE-2021-46006
RESERVED
CVE-2021-46005 (Sourcecodester Car Rental Management System 1.0 is vulnerable to Cross ...)
- TODO: check
+ NOT-FOR-US: Sourcecodester
CVE-2021-46004
RESERVED
CVE-2021-46003
@@ -7957,11 +7957,11 @@ CVE-2021-44842
CVE-2021-44841
RESERVED
CVE-2021-44840 (An issue was discovered in Delta RM 1.2. Using an privileged account, ...)
- TODO: check
+ NOT-FOR-US: Delta RM
CVE-2021-44839
RESERVED
CVE-2021-44838 (An issue was discovered in Delta RM 1.2. Using the /risque/risque/ajax ...)
- TODO: check
+ NOT-FOR-US: Delta RM
CVE-2021-44837
RESERVED
CVE-2021-44836
@@ -8301,7 +8301,7 @@ CVE-2021-4081 (pimcore is vulnerable to Improper Neutralization of Input During
CVE-2021-44758
RESERVED
CVE-2021-44757 (Zoho ManageEngine Desktop Central before 10.1.2137.9 and Desktop Centr ...)
- TODO: check
+ NOT-FOR-US: Zoho ManageEngine
CVE-2021-44756
RESERVED
CVE-2021-44755
@@ -8548,7 +8548,7 @@ CVE-2021-44675 (Zoho ManageEngine ServiceDesk Plus MSP before 10.5 Build 10534 i
CVE-2021-4075 (snipe-it is vulnerable to Server-Side Request Forgery (SSRF) ...)
NOT-FOR-US: snipe-it
CVE-2021-4074 (The WHMCS Bridge WordPress plugin is vulnerable to Stored Cross-Site S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-4073 (The RegistrationMagic WordPress plugin made it possible for unauthenti ...)
NOT-FOR-US: WordPress plugin
CVE-2021-4072 (elgg is vulnerable to Improper Neutralization of Input During Web Page ...)
@@ -8936,7 +8936,7 @@ CVE-2021-44540 (A vulnerability was found in Privoxy which was fixed in get_url_
NOTE: https://www.openwall.com/lists/oss-security/2021/12/09/1
NOTE: https://www.privoxy.org/gitweb/?p=privoxy.git;a=commit;h=652b4b7cb07592c0912cf938a50fcd009fa29a0a (v_3_0_33)
CVE-2021-43353 (The Crisp Live Chat WordPress plugin is vulnerable to Cross-Site Reque ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-41836 (The Fathom Analytics WordPress plugin is vulnerable to Stored Cross-Si ...)
NOT-FOR-US: WordPress plugin
CVE-2021-4050 (livehelperchat is vulnerable to Improper Neutralization of Input Durin ...)
@@ -9902,7 +9902,7 @@ CVE-2021-44219 (Gin-Vue-Admin before 2.4.6 mishandles a SQL database. ...)
CVE-2021-44218
RESERVED
CVE-2021-44217 (In Ericsson CodeChecker through 6.18.0, a Stored Cross-site scripting ...)
- TODO: check
+ NOT-FOR-US: Ericsson
CVE-2021-44216
RESERVED
CVE-2021-44215
@@ -19193,11 +19193,11 @@ CVE-2021-41811
CVE-2021-41810
RESERVED
CVE-2021-41809 (SSRF vulnerability in M-Files Server products with versions before 22. ...)
- TODO: check
+ NOT-FOR-US: M-Files Server
CVE-2021-41808 (In M-Files Server product with versions before 21.11.10775.0, enabling ...)
- TODO: check
+ NOT-FOR-US: M-Files Server
CVE-2021-41807 (Lack of rate limiting in M-Files Server and M-Files Web products with ...)
- TODO: check
+ NOT-FOR-US: M-Files Server
CVE-2021-41806
RESERVED
CVE-2021-41805 (HashiCorp Consul Enterprise before 1.8.17, 1.9.x before 1.9.11, and 1. ...)
@@ -38160,9 +38160,9 @@ CVE-2021-33967
CVE-2021-33966
RESERVED
CVE-2021-33965 (China Mobile An Lianbao WF-1 V1.0.1 router provides a web interface /a ...)
- TODO: check
+ NOT-FOR-US: China Mobile An Lianbao WF-1 router
CVE-2021-33964 (China Mobile An Lianbao WF-1 V1.0.1 router provides a web interface /a ...)
- TODO: check
+ NOT-FOR-US: China Mobile An Lianbao WF-1 router
CVE-2021-33963 (China Mobile An Lianbao WF-1 v1.0.1 router web interface through /api/ ...)
NOT-FOR-US: China Mobile An Lianbao WF-1 router web interface
CVE-2021-33962 (China Mobile An Lianbao WF-1 router v1.0.1 is affected by an OS comman ...)
@@ -61177,11 +61177,11 @@ CVE-2021-25069
CVE-2021-25068
RESERVED
CVE-2021-25067 (The Landing Page Builder WordPress plugin before 1.4.9.6 was affected ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-25066
RESERVED
CVE-2021-25065 (The Smash Balloon Social Post Feed WordPress plugin before 4.1.1 was a ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-25064
RESERVED
CVE-2021-25063
@@ -61189,7 +61189,7 @@ CVE-2021-25063
CVE-2021-25062
RESERVED
CVE-2021-25061 (The WP Booking System WordPress plugin before 2.0.15 was affected by a ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-25060
RESERVED
CVE-2021-25059
@@ -61219,7 +61219,7 @@ CVE-2021-25048
CVE-2021-25047 (The 10Web Social Photo Feed WordPress plugin before 1.4.29 was affecte ...)
NOT-FOR-US: WordPress plugin
CVE-2021-25046 (The Modern Events Calendar Lite WordPress plugin before 6.2.0 alloed a ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-25045
RESERVED
CVE-2021-25044
@@ -61237,9 +61237,9 @@ CVE-2021-25039
CVE-2021-25038
RESERVED
CVE-2021-25037 (The All in One SEO WordPress plugin before 4.1.5.3 is affected by an a ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-25036 (The All in One SEO WordPress plugin before 4.1.5.3 is affected by a Pr ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-25035
RESERVED
CVE-2021-25034
@@ -61261,9 +61261,9 @@ CVE-2021-25027 (The PowerPack Addons for Elementor WordPress plugin before 2.6.2
CVE-2021-25026
RESERVED
CVE-2021-25025 (The EventCalendar WordPress plugin before 1.1.51 does not have proper ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-25024 (The EventCalendar WordPress plugin before 1.1.51 does not escape some ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-25023 (The Speed Booster Pack ⚡ PageSpeed Optimization Suite WordPress ...)
NOT-FOR-US: WordPress plugin
CVE-2021-25022 (The UpdraftPlus WordPress Backup Plugin WordPress plugin before 1.16.6 ...)
@@ -61301,7 +61301,7 @@ CVE-2021-25007
CVE-2021-25006
RESERVED
CVE-2021-25005 (The SEUR Oficial WordPress plugin before 1.7.0 does not sanitize and e ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-25004
RESERVED
CVE-2021-25003
@@ -61493,7 +61493,7 @@ CVE-2021-24911
CVE-2021-24910
RESERVED
CVE-2021-24909 (The ACF Photo Gallery Field WordPress plugin before 1.7.5 does not san ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24908 (The Check & Log Email WordPress plugin before 1.0.4 does not escap ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24907 (The Contact Form, Drag and Drop Form Builder for WordPress plugin befo ...)
@@ -61635,7 +61635,7 @@ CVE-2021-24840 (The Squaretype WordPress theme before 3.0.4 allows unauthenticat
CVE-2021-24839
RESERVED
CVE-2021-24838 (The AnyComment WordPress plugin through 0.2.17 has an API endpoint whi ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24837
RESERVED
CVE-2021-24836 (The Temporary Login Without Password WordPress plugin before 1.7.1 doe ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/09f67b1a19e0564238ff9a22207bab60446cf383
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/09f67b1a19e0564238ff9a22207bab60446cf383
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220118/5e97cf64/attachment.htm>
More information about the debian-security-tracker-commits
mailing list